Even Security Pros Get Owned

On Thursday we awoke to a good old-fashioned web site defacement and the public release of emails and other personal information of some of the most prominent names in the information security field.  A group hacked into the servers of Dan Kaminsky, Julien Tinnes, and Kevin Mitnick to name just a few.  The information they obtained and disclosed includes email correspondence, phone numbers, userids and passwords of many of the world’s most notable whitehat security researchers.  Some of this information is very personal and quite embarrassing to have publicly disclosed to the entire Internet.  Moreover, it is likely that this disclosure will lead to a great deal of spam and nuisance phone calls for the people who’s information was disclosed, as well as possible attacks on other systems.

These days it is unusual for hackers to deface web sites and publicly embarrass others.  Most are more concerned with making money and thus try to work silently without being noticed.  The defacement of Kaminsky’s web site is reminicent of the old school gamesmanship in which hackers would try to publicly humiliate others by defacing their web sites.  This attack has prompted Kaminsky take his site (http://www.doxpara.com) offline, although you can still see the defaced version in Google’s cache.  I have also included it below.


It is not known how the hackers were able to crack the servers, but it goes to show that a determined attacker can probably find an exploitable vulnerability in any system if given enough time and resources.  There is no such thing as a completely secure system, except one that is turned off.  It is the job of the security professional to reduce risk to an acceptable level given the value of the asset that is being protected.  While none of the information disclosed could be considered valuable in a monetary sense, having it disclosed so publicly is certainly embarrasing and could damage their reputations and their businesses.  No system is safe and we should all take heed to the threats that are out there.

Comments are closed.