TechWeb

Hackers 'On A Mission'

Apr 24, 2002 (08:04 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=6501882


Two hackers dubbing themselves "The Deceptive Duo" are defacing airline and government Web sites in an effort, they say, to point out security problems. The hackers started their spree by jacking Cameroon Airlines' site, displaying information that they claim they stole from Midwest Express Airlines and Union Bank computers. The Cameroon site was altered to display data allegedly from Midwest corporate and employee-account information.

Midwest and Union Bank could not be reached Thursday for comment.

The hackers say they only want to reveal just how lax information security remains. In an E-mail interview with InformationWeek, the duo wrote that they chose targets that illustrate critical vulnerabilities. It was "so easy that it forced us to risk our futures by forming The Deceptive Duo. We feel that our infrastructure is extremely vulnerable. We'd rather act on it, than speak on it," they wrote.

"You can never really tell what their real intent was," says Michael Erbschloe, a VP with research firm Computer Economics. "Hacking is hacking, unless you are under contract, and then it is called intrusion testing."

On Wednesday, the Duo defaced Web sites belonging to NASA and the FAA. Database screenshots show the hackers gained access to the internal NASA Ames Research Center employees database. (You can see mirrors for these defacements at here.)

FAA spokesman Paul Takemoto says the FAA is aware of the actions of the hackers and informed the FBI. "We've asked the FBI to prosecute if and when they find them," he said. Says Takemoto, the data accessed by the Deceptive Duo was from a year 2000 database of airport screeners that was used for a congressional report -- and was all public information.--George Hulme

What mission would you like to send this duo on? Let us know in the Listening Post: informationweek.com/forum/informationweek.