Independent attackers, who want to get a message across, have started defacing web sites in the run-up to, and also after, the start of the war against Iraq last week.

Three categories of attackers have been noticed by the anti-virus firm F-Secure:

• Patriotic Americans, who want to join the war but have no others means to do so except by attacking the virtual enemy. This may take the form of launching a distributed denial-of-service attack against the email server of the Iraqi embassy or websites of Iraqi companies.
• Islamic extremist groups from around the world who are trying to fight back against the perceived enemy by launching attacks against US sites and especially .mil websites.
• Peace activists who are just against the war. Several computer viruses have been released which carry an anti-war message or are trying to use the situation otherwise for their own advantage.

Political messages posted to NASA Web pages
By Paul Roberts

Making a tragic day even worse, several servers at NASA's Jet Propulsion Laboratory (JPL) were broken into on Saturday by a group of hackers protesting U.S. policy in the Middle East.

Web pages hosted on those servers were replaced with pages displaying a political message critical of U.S. policy in Iraq , according to a report by UK security company mi2g and confirmed by a National Aeronautics and Space Administration (NASA) spokesman.

Hacking tools used by employees within organizations may be the biggest security threat to emerge this year, leading to increased vulnerabilities, lost data, and wasted time and resources, reports Websense Inc.

Websense, the worldwide leader of employee Internet management (EIM) solutions, reports that the number of hacking Web sites has increased 45 percent in the last 12 months, now totaling approximately 6,000 Web sites, encompassing more than one million pages of content. The dramatic spike may signal an increasing internal security risk for organizations worldwide.

Nearly 90 percent of U.S. businesses and government agencies suffered hacker attacks in the last year, according to Newsbytes, while 80 percent of network security managers claim their biggest security threat comes from their own employees, according to a survey conducted at this year's Gartner Information Security Conference.

Internet pornography took over the online edition of a local newspaper last Friday, thanks to the handiwork of an unidentified hacker, the newspaper said.

The hacker, who communicated with The Daily News Journal in Murfreesboro via e-mail, said he would give control of the paper's Internet site back and remove the pornography for $10,000, publisher Tom Larimer said.

''We don't actually know his name or even where he is,'' Larimer said. ''This is the first time we've had to deal with this.''

Attacks on company networks endanger business processes, and the number of "denial of service" (DoS) attacks is growing. The first part of this article sketches the goals and effects of DoS attacks and covers some types of attacks. The second half will appear in the next issue. In that article, the author treats additional types of attacks and what should be done to counter these attacks from the Internet.

Two weeks ago the Recording Industry Association of America website was defaced.Twice. Even more embarrassing, the crackers installed pirate music files on the site for download. But how? zone-h.org, a security site-based in Estonia, has uncovered the elementary mistake in RIAA's robot.txt files which gave the crackers their back door. This is our first exposure to Estonian humour. And we like it. The Register is publishing zone-h's entertaining treatment by permission.

Second attack in two months

The nemesis of the MP3-sharing community, the Record Industry Association of America (RIAA), last week found its website under attack for the second time in two months.

But this time it was more than just a denial of service. Hackers managed not only to get into the server and tinker with the text on the front pages, but also to leave a stash of illegal MP3s for download from the site.

The hackers are thought to have broken into riaa.org on Thursday night and replaced article links on the front page with comedy alternatives such as "Piracy can be beneficial to the music industry," and "Where can I find information on giant monkeys?"

An online service designed to quickly alert IT managers if their websites crash or are defaced by hackers or viruses has been launched by Auckland start-up Virtual Industries Group.

Customers can sign up over the Net to have their sites monitored without the need to install hardware
or software.

Called Page Patrol, the monitoring service is designed to pick up the failure of an Internet connection and detect cyber-vandalism.

Copies of OpenSSH packages on popular download sites have been trojaned, developers have warned.

Overnight it was realised that the tarball for OpenSSH 3.4p1 on the main openBSD (ftp.openbsd.org) mirror was compromised, after developers noticed that the checksum of the package had changed. Other mirror sites might also be affected.

An attacker defaced a page on the U.S. Army Research Laboratory's Web site Friday with a message criticizing the military organization for supplying weapons to Israel.

The attacker, going by the handle Rivver, posted a long, profanity-laced tirade against the Unites States government and its stance in the Middle East, the military and India. The same attacker defaced another U.S. Army Web site last fall.