[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] falsche "cyberwarfare" .gov-Website offline genommen

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] falsche "cyberwarfare" .gov-Website offline genommen
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Wed, 05 Feb 2003 19:57:52 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

Ein Mirror der Seite ist hier: <http://www.politechbot.com/docs/aonn>
Mehr Info: <http://www.politechbot.com/p-04414.html>
RB

http://news.com.com/2100-1023-983384.html

Feds pull suspicious .gov site 

By Declan McCullagh  Staff Writer, CNET News.com February 5, 2003, 4:00
AM PT

WASHINGTON--In a move that raises questions about the security of
governmental domains, the Bush administration has pulled the plug on a
.gov Web site pending an investigation into the authenticity of the
organization that controlled it. 

Until recently, visitors to the AONN.gov Web site were treated to a
smorgasbord of information about an agency calling itself the Access One
Network Northwest (AONN), a self-described cyberwarfare unit claiming to
employ more than 2,000 people and had the support of the U.S. Department
of Defense. 

No federal agency called AONN appears to exist, and no agency with that
name is on the official list of organizations maintained by the U.S.
National Institute of Standards and Technology. 

The General Services Administration (GSA), which runs the .gov registry,
pulled the domain on Jan. 24, after a query from CNET News.com. 

"There are questions about the authenticity of the Web site that
includes the AONN name," the agency said in an e-mail reply. "Until the
situation is resolved, we have eliminated the URL from the .gov
directory name server." 

The action could point to the first case of a .gov domain name
hijacking. 

The GSA investigation raises questions about the integrity of federal
Web sites at a time when the Bush administration is touting electronic
government initiatives. President Bush signed the E-Government Act of
2002 in December, and the IRS in January began a program to encourage
Americans to file their taxes electronically. 

Cybersquatting, or registering a domain to which you may not be
entitled, is hardly uncommon among the multitude of .com and .net
domains. In 1999, President Bill Clinton signed an anticybersquatting
law, and an alternate process through which domain names can be
challenged has resulted in more than 11,000 domain names being
transferred away from the parties who had registered them. 

But there are no known cybersquatting incidents involving a governmental
domain, according to the GSA. "I'm not aware of any incident" in the
past when an unapproved individual has gained control of a .gov domain
name, an agency representative said. 

Chris Casey, who in 1995 helped to create Congress' first Web sites and
now runs a Web design company called Casey.com, says he was surprised to
hear that AONN had apparently secured a .gov name, and said a
misappropriated .gov domain could create confusion among Web users. 

"I'm not aware of it ever happening before," Casey said. ".gov, .edu and
.mil carry a feeling of trustworthiness...People have learned to place
more faith in them." 

AONN's background Claiming credit for the deleted .gov site is a man who
calls himself Robert L. Taylor III, whose name and contact information
appeared in documents on the AONN.gov site. 

Taylor, who appears to reside near Everett, Wash., declined to explain
how, exactly, he secured a .gov domain for the group, calling AONN's
operations "classified." 

"We have exploited a security hole in the bureaucracy," Taylor said in a
telephone interview. "There are loopholes, there are security holes,
there are holes in the system." 

On its now-deleted site, AONN contended its "U.S. Defense Security
Intelligence Network" (DSIN) was launched at Harvard University's John
F. Kennedy School of Government last year, but Doug Gavel, the Kennedy
School's communications director, says he's not aware of any such
program. Similarly, AONN said its champion in Congress is Rep. Jay
Inslee, D-Wash., whose office categorically denies it. A Senate Budget
Committee representative said he had never heard of AONN. 

A Pentagon representative also said that AONN has no affiliation with
the U.S. military and he had no knowledge of the organization. 

It's unclear when the site was first registered or how Taylor may have
taken control of a .gov domain. According to the official .gov
registration rules, only organizations that appear in an official list
of government agencies qualify for a .gov domain--and AONN is not on it.
If AONN were a legitimate Defense Department agency, it would have to
register a .mil--rather than a .gov--domain name. 

One loophole exists for city and state governments, which were allowed
to register .gov domains before the current rules took effect in May
1997. Such registrations are no longer permitted. But local and state
governments with existing sites, such as the state of California's
ca.gov, were allowed to keep them. 

Registering a .gov domain name involves writing an authorization
letter--two samples are provided on the GSA Web site--printing it out,
and then sending it to the ".GOV Domain Manager" in Reston, Va. The GSA
would not comment on what security measures were in place, and what
changes, if any, have been made. 

The GSA's safeguards don't provide foolproof security, says Adrian Lamo,
a hacker and social engineer who claims to have penetrated computer
systems run by The New York Times and a string of other corporations. 

"The process isn't intended to stop anyone who isn't going to be stopped
by the need to go to Kinko's, print out some letterhead and then send an
honest-to-God postal letter," Lamo said. "It'll stop the people that are
willing to break any rule, as long as they can fill out a Web form to do
it. And that eliminates 95 percent of pranks." 

If someone expressed interest in AONN, Taylor would send them a 122-page
PDF file containing buzzwords such as "computer intrusion teams, "beyond
state-of-the-art super computing... next level broad-range security
systems, cyber warfighting, highly advanced satellite technologies and
nano-technologies." It described AONN as a "joint-counterstrike force
(that) possesses such a culmination of some of the world's brightest and
most brilliant intellect, intelligentsia, academicians and minds, it can
quite easily be said that the AONN DSI concept by itself is worth
multibillions." 

A notice on AONN.gov offered to "split payment on contract
disbursements" with its fund-raisers. Taylor also offered this deal to
potential buyers: "You come up with fifty million dollars and we'll sign
contracts as well as deliver both human assets and the DSIN program." 

Taylor would not say if he had collected any money from corporations and
individuals as a result of these offers. 

Besides claiming to be a military intelligence agency, AONN also said it
has an "emerging and expensive clothing line" and an urban and R&B
record label that has signed "certified platinum artists." In November
2000, a company named AONN Records released a CD called November 12
Projekt that a local newspaper described as a collaboration of "two
ambitious young rappers." 

Taylor said that that AONN.gov and AONN Records are the same. 

No company named AONN Records or Access One Network Northwest is listed
with directory assistance, and the Washington state government has no
record of a company with either name being incorporated. 

AONN Records' CD release appears to have been distributed by The
Orchard, which provides a vehicle for independent musicians to sell to
online stores such as Amazon.com and CDNow.com. The Orchard could not
locate AONN Records or Robert Taylor in its files. A representative said
that would be the case if The Orchard no longer carried the November 12
Projekt CD. 

One document Taylor distributed from his Hotmail account this week,
called a "Special Projects Dossier," lists excerpts from job
applications apparently sent to him by intelligence officers seeking
employment. 

"Some have suggested it is a spoof by a rock group who has misused the
aonn.com and aonn.gov registrations," a representative for the
Association of Former Intelligence Officers said this week. "How they
obtained the (top-level domain) of .gov is baffling and shows a flaw in
the registration system that could create greater mischief in other
hands."

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.
Prev by Date: [infowar.de] SummerCon 2003: Hacker-Konferenz in Pittsburgh, 6.-8. Juni
Next by Date: Stratfor Weekly: The Region After Iraq
Previous by thread: [infowar.de] SummerCon 2003: Hacker-Konferenz in Pittsburgh, 6.-8. Juni
Next by thread: Stratfor Weekly: The Region After Iraq
Index(es):
- Date
- Thread