'Crime Boy's' go on hack spree

A hacker group known as "Crime Boy's" launched cyberattacks over the past

two weeks against World Wide Web pages maintained by the Interior Department

and the Army, and several times tried to hack into a NASA system.

The hackers, believed to work from Brazil, last week defaced the main

Web pages maintained by the Bureau of Land Management's National Training

Center and the Army's Reserve Officer Training Corps Command. The group

also attempted a third series of attacks against NASA's Jet Propulsion Laboratory,

forcing the agency to block all Internet traffic from Brazil.

Reports also surfaced last week that the National Postal Mail Handlers

Union site, which is accessible through the U.S. Postal Service's intranet,

had been attacked, but it was unclear who tried to carry out the attack.

The Crime Boy's broke into the National Training Center site, which

is part of the BLM, at 8 p.m. March 12, and replaced the agency's Web page

with a page protesting what the group called a "corrupt" Brazilian government.

The message they left was jumbled: "Hello, Crime Boys [sic] entered

in your server for two reasons, for him to be badly configured, or better,

very badly configured, and to protest against the Brazilian government,

a corrupt government, that nothing does for Brazil to improve."

The hackers launched a second attack March 16, replacing the page a

second time. "We went in to make some corrections, and they came in right

on our heels," a BLM spokesman said.

Although the spokesman said the damage was limited to two Web pages,

BLM officials said they are working with federal authorities on patches

to "inherent vulnerabilities" in Microsoft Corp.'s Internet Information

Server Version 4.0.

Security officials at NASA's JPL detected a "fairly substantial number

of attacks" that originated in Brazil, said Frank O'Donnell, spokesman at

the Pasadena, Calif.-based laboratory. The agency restricted almost the

entire country of Brazil from viewing the agency's Web sites and also installed

security patches, O'Donnell said. JPL removed the block at noon EST on March

17.

Philip Loranger, chief of the Command and Control Protect Division at

the Army's Information Assurance Office, announced March 14 that the Crime

Boy's had threatened to take down the main Army home page. However, sources

say that page was too difficult to crack because it is based on StarNine Technologies, Inc.'s WebStar server software running on an Apple

Computer Inc. Macintosh.

"The main [Army] site was switched to a server that was practically

un- hackable," said Alex McCombie, co-founder of New World Media Inc. and

one of more than 30 witnesses to the attack on the ROTC site.

A hacker known as "-artech" and who claims to have hacked into the Army's

deputy chief of staff for training Web page, said the Crime Boy's are a

new group that use unsophisticated attack methods, including exploiting

vulnerabilities in Microsoft Corp.'s FrontPage and Active Perl. "If they

do hack a site, it will just be a small FrontPage hack, which isn't a problem

to stop," the hacker said.

Steven Aftergood, an intelligence specialist with the Federation of American

Scientists, said although the attacks do not mean federal systems are helplessly

vulnerable, "this suggests that even the most elementary of security protections

were not in place."

As of late Friday, agencies had yet to file a report on the incidents,

said Dave Jarrell, program manger for the Federal Computer Incident Response

Capability. "I have noticed some unusual traffic patterns and have been

wondering if something is going on, but I have not heard from any federal

agencies," Jarrell said.

Contributing: Paula Shaki Trimble, Natasha Haubold and Diane Frank.