[Nettime-bold] Re: Sudan Bank Hacked, Bin Laden Info Found

Chris Wysopal on Sat, 29 Sep 2001 17:46:15 +0200 (CEST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Nettime-bold] Re: Sudan Bank Hacked, Bin Laden Info Found

To: "R. A. Hettinga" <rah@shipwright.com>
Subject: [Nettime-bold] Re: Sudan Bank Hacked, Bin Laden Info Found
From: Chris Wysopal <cwysopal@skywriting.com>
Date: Sat, 29 Sep 2001 12:23:47 -0500 (EST)
Cc: Digital Bearer Settlement List <dbs@philodox.com>,dcsb@ai.mit.edu, cryptography@wasabisystems.com,nettime <NETTIME-L@bbs.thing.net>
In-Reply-To: <p05100306b7db72725221@[10.0.1.21]>
List-Id: the uncut, unmoderated version of nettime-l <nettime-bold.nettime.org>
Reply-To: nettime-bold@nettime.org
Sender: nettime-bold-admin@nettime.org



This story has some major problems.  Shamalbank.com is hosted in Norway
and doesn't seem to have any connection back to Sudan.  It is a
brochureware site.  It seems highly unlikely that hacking the nameserver
has anything to do with bank opeations as it is run by the ISP, ActiveISP
in Norway.  Kim Schmitz does not have $10 million to pay as a reward as
his businesses are reportedly on the verge of bankrupcy.  I can't see an
Islamic bank using Checkpoint-1, an Israeli product.

-Chris

On Sat, 29 Sep 2001, R. A. Hettinga wrote:

> 
> --- begin forwarded text
> 
> 
> Status:  U
> Date: Sat, 29 Sep 2001 01:50:45 -0700
> To: "The Eristocracy" <Eristocracy@merrymeet.com>
> From: Jon Callas <jon@callas.org>
> Subject: Sudan Bank Hacked, Bin Laden Info Found
> Sender: <Eristocracy@merrymeet.com>
> List-Subscribe:
>  <mailto:majordomo@merrymeet.com?subject=subscribe%20Eristocracy>
> 
> http://www.newsbytes.com/news/01/170588.html
> 
> Sudan Bank Hacked, Bin Laden Info Found - Hacker
> 
> E-Mail This Article
> Printer-Friendly Version
> By Ned Stafford, Newsbytes
> MUNICH, GERMANY,
> 27 Sep 2001, 2:46 PM CST
>  A group of U.K.-based hackers has cracked computers at the AlShamal
> Islamic Bank in Sudan and collected data on the accounts of the Al Qaeda
> terrorist organization and its leader Osama bin Laden, Kim Schmitz, a
> flamboyant German hacker/businessman, has claimed.
> 
> Schmitz, who has offered a $10 million reward for the capture of bin Laden,
> told Newsbytes that the information has been turned over to the FBI. Bin
> Laden, a millionaire Saudi exile whose base is now Afghanistan, is
> suspected of being the driving force behind the deadly Sept. 11 attacks on
> the World Trade Center and the Pentagon with hijacked planes.
> 
> Newsbytes could not confirm Schmitz's claim. An FBI spokesman in Washington
> declined to confirm or deny the story, saying that the agency's policy is
> not to comment on information and leads it is receiving.
> 
> "We have received a lot of information on this case," he told Newsbytes.
> "Of course we appreciate the leads we are receiving from the public, but we
> cannot confirm what specific information has been provided to us or by
> whom."
> 
> Schmitz, 27, a former teen hacking prodigy who spent time behind bars
> before starting a successful data security business, has been accused of
> being press hungry. He says his recent strong anti-terrorism pronouncements
> are not a PR prank, but stem from his strong desire to wipe out terrorism.
> He says he has received death threats from the Middle East.
> 
> The bank Schmitz claimed was hacked was mentioned Wednesday by Sen. Carl
> Levin, D-Mich. during a Senate Banking Committee hearing. According to CNN,
> Levin referred to a 1996 State Department report that said bin Laden had
> provided the AlShamal Islamic Bank with $50 million in start-up capital.
> 
> Schmitz told Newsbytes that he could not provide details about what hackers
> found in AlShamal Islamic Bank's computers or about the hackers themselves.
> 
> Nonetheless, he provided Newsbytes with the following outline of what he
> says happened.
> 
> Last week, Schmitz, who lives in Munich, posted letters on his Web site
> rallying politicians to the cause of fighting terrorism and offering his
> hacking expertise.
> 
> "I received plenty of e-mails from hackers around the world offering their
> services," he said.
> 
> Schmitz founded a group that numbers around 23 hackers called "Young
> Intelligent Hackers Against Terror." He calls the group YIHAT, which is
> similar to the word Jihad, which is Arabic for Holy War.
> 
> Schmitz said that last Friday, a Sudanese banker sent the group an e-mail
> after reading about the $10 million reward, informing the group that Al
> Qaeda and bin Laden have accounts at AlShamal Islamic Bank.
> 
> A team of U.K.-based hackers sprang into action, and hacked the nameserver
> of AlShamal Islamic Bank, he said. They were able to gain access to the
> bank's intranet by exploiting a "checkpoint firewall 1 vulnerability," he
> explained.
> 
> After bypassing the firewall, the hackers achieved "superuser" status on
> the server, and "sniffed" eight valid user IDs, and then were able to
> collect information on accounts of Al Qaeda and bin Laden.
> 
> "This information was sent to the authorities in the USA," Schmitz said.
> 
> Schmitz sent the following e-mail to the Webmaster at the AlShamal Islamic
> Bank:
> 
> "dear webmaster of sudans shamalbank,
> 
> "your bank has been hacked. information regarding Al Qaeda's and bin Ladens
> accounts have been captured. all information reached the US authorities.
> thanks for using products from checkpoint (firewall1).
> 
> "have a nice day, Kim "Kimble" Schmitz, Founder of "Young Intelligent
> Hackers Against Terror" YIHAT"
> 
> When asked which authorities received the information from the hackers,
> Schmitz said: "FBI."
> 
> He said that authorities had not given the hackers a "green light" to
> undertake the hacking, that the group had done so on its own initiative.
> 
> Schmitz said the U.K.-based hackers wish to remain anonymous.
> 
> "I am the spokesperson of the group," he said. "They don't want to be
> involved with the press. What they do is illegal, unless we find a
> government that legalizes our activities."
> 
> And somewhat mysteriously, he added: "If I would deliver details about the
> hacks, I could get arrested. I am not hacking myself, because that is
> illegal. I must keep myself out of the details to make sure that I am still
> able to offer them the communication platform they need to fight as united
> hackers of the world against terror."
> 
> AlShamal Islamic Bank Home Page: http://www.shamalbank.com/
> 
> Kim Schmitz's Personal Web Site: http://www.kimble.org/
> 
> Schmitz Letter to governments around the world:
> http://www.kimble.org/urgent.htm
> 
> Schmitz Reward For Osama Bin Laden: http://www.kimble.org./mostwanted.htm
> 
> Reported by Newsbytes.com, http://www.newsbytes.com .
> 
> 14:46 CST
> Reposted 15:03 CST
> 
> (20010927/WIRES TOP, ONLINE, LEGAL, BUSINESS/)
> 
> © 2001 The Washington Post Company
> 
> --- end forwarded text
> 
> 
> -- 
> -----------------
> R. A. Hettinga <mailto: rah@ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
> 
> For help on using this list (especially unsubscribing), send a message to
> "dcsb-request@reservoir.com" with one line of text: "help".
> 


_______________________________________________
Nettime-bold mailing list
Nettime-bold@nettime.org
http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-bold

References:
- [Nettime-bold] Sudan Bank Hacked, Bin Laden Info Found
  - From: "R. A. Hettinga" <rah@shipwright.com>

Prev by Date: [Nettime-bold] [ot] [!nt] \n2+0\
Next by Date: [Nettime-bold] URGENT ASSISTANCE
Prev by thread: [Nettime-bold] Sudan Bank Hacked, Bin Laden Info Found
Next by thread: [Nettime-bold] History returns
Index(es):
- Date
- Thread