Much of the press assumed it was just the work of a random malicious hacker, a particularly daring bit of sabotage for the amusement and/or approval of his or her peers. If so, it didn't workthe hacker community seems unimpressed.
This I discovered more or less by accident.
On Feb. 13, I was busy watching another hack in progress, at the Web site of Bedford, Mass.-based RSA Security Inc., the self-proclaimed "Most Trusted Name in e-Security." I was marveling at how unsecure RSA's own site seemed to be; it was changing every few hours. At one point it came up as a page of text, reading in part, "Wat up whats up to all my nigs ya know who ya are . . ." Another time the hacker had defaced the actual home page. (This version has been catalogued by the Web site of the hacker magazine 2600: www.2600.com/hacked_pages/2000/02/www.rsa.com/") Still another version appeared for text-only browsers. All the bastardizations included the signifier OWNED BY COOLIO.
Clearly, one of the most trusted Internet-security firms was being vandalizedand a mere two days after the White House announced an Net-security summit to be held this week. Another day in cyberspace.
To get some information on this hack in progress, I drifted to an Internet Relay Chat channel, #desperado, a den usually filled with security consultants, hackers, hacker wannabes, and others interested in network security for one reason or another. There were about 12 people hanging out.
"Did anyone see RSA hack?" I asked to no one in particular. The response was a virtual collective yawn.
"A lame trick," one wrote.
"NOT A HACK," piped up another voice from the depths of anonymous cyberspace.
This sort of Web-page defacement may tantalize us press people, but it didn't even register with this bunch. One pointed out that the RSA site itself wasn't hacked; the vandal was merely redirecting anyone requesting to see www.rsa.com to other addresses, where the phony RSA pages lay in wait. Somebody pointed me to an article in the e-zine United Phone Losers on how this sort of thing is accomplished ("Security AlertSecure Your Domain NOW!" :www.phonelosers.net/issues/upl016.html ).
In short, these #desperadoes were not easily impressed. So I asked about the massive Web attack everyone was talking about. This had to be the greatest hack of all time, I figured. Even the president had spoken out against it.
Again with the collective yawn.
"Really uninventive," typed one chatter.
"Pfft," wrote another.
"What's to be impressed about?! It's hardly the hardest thing to do, anyone with half a brain could do it," asserted someone going by the handle Narcosis. "[This kind of hack] happens all the time, it's just because high-profile sites were hit that the media and the FBI have taken it this far."
The kind of attack that took down all those sites is called a distributed denial of service. It's an automated process whereby multiple computers can crash a Web server by flooding it with massive numbers of requests to open connections for phony return addresses. And while it takes a lot of time to do itsurreptitiously setting up many computers to perform the appointed taskevidently it doesn't take a genius to do it. The tools to do it can be found on the Web.
Did anyone at #desperado have any idea why it was done? PC_Chick suggested that it may have been inspired by 2600's Feb. 4 call to hackers to protest the Motion Picture Association of America, which is suing to shut down Web sites posting programs that can unencrypt DVD discs ("Hacker magazine calls for movie-business protest": www.cnn.com/2000/TECH/computing/02/04/hacker.protest.idg/index.html). But Chick acknowledged that such a protest would have likely targeted movie-industry sites rather than e-commerce.
"Anyway," Narcosis added, "if this was in protest, they would have released a statement by now saying that's why they did it, it wouldn't be left this long if they were trying to make a point."
Everyone was left wondering about the why. But what really left me wondering was that the largest hack known to the general public is, in the eyes of hackers and security specialists themselves, not all that. In this forum, evidently, size doesn't matter.
Research assistance: David Cassel. Always crashing in the same car: email@example.com.