SANS defacement by Fluffi Bunni may have been 'self-inflicted' ?

posted onJuly 17, 2001
by hitbsecnews

Procedural mistakes, and not some new security bug, were likely the cause of the defacement last week of the Web site of the SANS Institute, according to sources close to the organization. The computer security research and education group restored its Web site Sunday evening, after its home page was replaced Friday by an attacker using the name "Fluffi Bunni."

The defaced page included a photo of a pink stuffed rabbit in front of a computer. On the screen of the monitor read a message, "Would you really trust these guys to teach you security?"

Sources close to SANS told Newsbytes that the forensic analysis of the defacement is focused on custom CGI scripts or other code at the site that provides special features. Such scripts have caused security lapses in the past at the site, according to one insider. All of the scripts, including one that drives the site's search engine, have been disabled as a precaution....

Lapse At SANS May Have Been Self-Inflicted

By Brian McWilliams, Newsbytes
BETHESDA, MARYLAND, U.S.A.,
16 Jul 2001, 11:40 AM CST

"This was probably a procedural failure, where somebody left something exposed. I
don't think this was the result of a zero-day exploit," said a source close to the
organization. Zero-day exploits are closely guarded vulnerabilities discovered by
attackers in popular software but not published widely.

In an e-mail interview Sunday with Newsbytes, someone calling himself Fluffy Bunny
refused to explain how he penetrated the site's security, citing his belief in a
philosophy known as "anti-disclosure."

"That is why you won't find any information here as to how the hack was done and
other sites and so on," said the e-mail.

The anti-disclosure movement, also known as "anti-security," was founded by a
formidable hacking group known as ADM. According to their Web site, members of the
movement believe that hackers should not publish software vulnerabilities they discover,
because the exploits can then be used by less skillful hackers or "script
kiddies."

Last year, ADM took credit for defacing the Web site of Defcon.org, the annual hacker
convention in Las Vegas. The SANS.org site was defaced on the first day of this year's
Defcon gathering.

Allan Paller, director of research for SANS, said the organization is still performing
forensic analysis of the attack and declined to provide a preliminary assessment of the
vulnerability exploited by the attacker.

"Let's just say, we've could have done a better job, and we will as a result of
this incident," said Paller, who added, "We're not trying to hide anything. But
we don't want to prematurely scare anybody or get into the blame game."

SANS expects to provide full details of the attack in time for the organization's
conference on computer forensics in two weeks, according to Paller.

The two-day outage of SANS.org resulted in part from moving the site from its previous
hosting firm, Digital Island Inc., to its new location at managed security provider
AlteNet Solutions, said Paller.

Paller said the SANS.org site is managed by a team of seven staff members. While the
organization previously did not hire external third parties to test the security of the
site, its faculty members informally perform such tests all the time, he said.

Officials from Neohapsis Inc., a security consulting firm, confirmed that they
performed penetration tests on the restored site prior to its return online.

Like the previous site, SANS.org is running the Apache Web server on the BSD operating
system.

Previous defacements by Fluffy Bunny included the Sourceforge open-source software site
and a site operated by hosting firm Exodus Communications, Security.exodus.net.

In the e-mail, Fluffy Bunny said the variation in his spelling of his nickname
"depends what mood I'm in, or the time of the month."

Paller said he has no ideas about the motives or identity of the attackers.

"Some of the most active hackers have full-time jobs as computer security people.
So it's very difficult to know what the motivations are," said Paller.

A mirror of the SANS defacement is here: http://www.safemode.org/mirror/2001/07/13/www.sans.org
.

The Anti-Security Web site is at http://anti.security.is
.

Reported by Newsbytes, http://www.newsbytes.com
.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs