February 10, 2003 5:50 PM PST
Vandals deface ex-hacker Mitnick's site
Twice in the past two weeks, online vandals--like the ones who tagged many Web sites with "Free Kevin!" graffiti during Mitnick's time in prison--broke into the Web server of the former hacker's security start-up, Defensive Thinking.
"The consequence of the attack was insignificant to us, but could have been worse if the person had real malicious intent," Mitnick, now an independent security consultant, said in a forum on his Web site. "I did, however, install all the latest patches to prevent the same exploit from working in the future. I suppose it was kind of a wake-up call."
The incidents are the latest form of attention that the Internet underground has bestowed on Mitnick. The former hacker's volunteers have to stave off attacks on his Web site regularly. In addition, Mitnick has received a great deal of e-mail asking for hacking advice or jobs.
The hacks have ratcheted up the interest from the online world, however.
On Jan. 30, an online vandal using the handle BugBear bypassed the security on Mitnick's Web server. The server ran on Microsoft's popular Internet Information Server, but didn't have all the patches applied, the security consultant readily acknowledges.
The vandal was considerate, Mitnick said. He didn't replace any files or damage any data, but added only a single Web page. Bugbear's message: "welcome back to freedom mr.kevin ;)."
A second attack succeeded in using the same flaw to gain access to the Web server on Sunday night, Mitnick said.
Mitnick seemed more amused, rather than threatened, by the entire event. "Now I'm in the process of securing the box and not depending on our volunteers," he said in an interview Monday.He also added that he follows the recommended practice of placing the Web server outside his company's internal network. Such a configuration is called a demilitarized zone--a term borrowed from the military for a no-man's land--and minimizes damage when an attacker breaks into a computer that has to be relatively open to the public, such as a Web server. Instead of gaining access to the entire network, an attacker only gets into a relatively untrusted computer.
Now in the middle of patching the server, Mitnick said the only hitch was with Microsoft's IIS Lockdown tool, which seems to have thrown a wrench into the works.
"Something that should have taken me a few minutes is now more like a couple of hours," he said.
Microsoft seemed surprised that the former hacker was having trouble with the tool. "That's not a tool that we have had complaints about," a company representative said.