January 21, 1999 12:30 PM PST
USIA site hacked again by crafty cracker
Computer consultant James McGregor said he expected to have the site online later today, although some of its advanced features will not be available until much later. The site has been down since January 13, when an unknown intruder broke into the system and diverted visitors to a different server. The break-in was the second in six months for the U.S. Information Agency, which administers the "Voice of America" radio network and other foreign news services. A similar attack was executed early last week on the Toronto Star's site.
In all the attacks, pages had been altered to read: "Hack by Zyklon. Crystal, I love you," and its author claimed to have breached the security of other high-profile Web sites. A query on the HotBot search engine suggested that some dozen other sites have been similarly breached. The Federal Bureau of Investigation and private security agents for the individual Web sites are investigating the matter.
The USIA maintains one of the busier government Web sites. Foreign citizens and diplomats all over the world use it to get information about U.S. affairs, including official speeches and transcripts of hearings.
"We do an enormous amount of updating every day," said McGregor, who added that the work involved in rebuilding the site was considerable. "Our automated systems are going to have to be examined and updated." In the meantime, he added, updates are "torturously manual."
By noon PT, the USIA site was still down. McGregor said he hoped to have the site back up later today, but added that features such FTP and Telnet access would be suspended until security could be shored up.
The intruder, known in the hacker community as a "cracker" because of the strong-armed tactics used, appears to be the same person who attacked the USIA's site six months ago, McGregor said. During that episode, the cracker destroyed much of the data on the Web site and replaced it with his own. During last week's attack, the individual took a different tack, tampering with the site's domain name server so that visitors were redirected to a different, fraudulent server.
Still, USIA lost all its data as a result of the attack, because operators had to completely reformat their hard drive to insure that no Trojan horse programs had been left behind.
According to another USIA computer consultant, the cracker claimed to have recently broken into the Web sites maintained by the Toronto Star and Bell Atlantic. But other than bragging about those attacks, the intruder left few other footprints, the consultant said.
Dean Reeds, general manager of the company that maintains the Toronto Star's Web site, confirmed that a cracker with the moniker Zyklon broke into the site early last week, and said the matter is under investigation.
A spokesman for Bell Atlantic would neither confirm nor deny that the company's network had been attacked. However, John Vranesevich, founder of AntiOnline.com, a site that tracks Internet security breaches, said the Bell Atlantic attack was well-known in the hacker community.