Wired - Saturday, September 19, 1998
Religious sites targetted by Internet pranksters
SAN FRANCISCO -- Two unidentified women set up ISP accounts that were used
in a three-day automated attack this week on religious Usenet computer
bulletin board newsgroups. The attackers used familiar newsgroup member
names in sending thousands of off-subject, often vulgar, posts to a number
of alt.religion groups on the Internet.
Netroplex Internet Services, a small Los Angeles-based Internet service
provider, disconnected the two accounts on this week after determining they
were used to launch the attacks. The posts were likely generated by an
automated program that collected posts from other newsgroups and sent them,
en masse, to the alt.religion newsgroups. Generally, the posts weren't
relevant to the newsgroup subjects, and many were laced with vulgarities
and pornography.
Chris Caputo, president of Altopia Corp. -- the company that provides
Netroplex with its newsfeed -- said more than 10,000 forged posts were
sent from Netroplex accounts beginning late Sunday.
The forged notes continued at the rate of 8 to 20 posts a minute until early
Wednesday, when Netroplex policy manager Laurent Kim disconnected the second
of two accounts used to launch the attack.
"We found out who the users were," said Kim. "It was two different people who
walked into our office, and paid cash for their accounts." Kim said that the
individuals-both women-had given phony contact information. The first woman
signed up with the ISP on 8 September and started sending forged articles on
Sunday; the second obtained an account on Tuesday, and was disconnected a day
later.
While the company is not looking into legal action, Kim said it will hand over
Caller ID data from the dialup lines to any court of law that requests it. He
stressed that his company is also a victim of the attack, because it has had to
deal with the thousands of messages received from people around the world who
are upset about the forgeries.
Since one or two people couldn't manually post all of the messages, Caputo
suspects that the perpetrators wrote a program to do it. The forged articles
had valid names and email addresses, and subject lines that looked appropriate
for each group. But the body of each message contained an old news posting,
often with pornographic content.
The spam attack prevented actual conversation on many newsgroups, since it was
difficult to distinguish which of the messages were real. The forgeries could
also come back to haunt the people whose identities were used on the postings.
DejaNews, which provides a way to read and post to approximately 15,000 Usenet
newsgroups, has a popular tool called "Author Profile" that displays a list of
all articles that a user has posted, and may include some of the forged posts.
Most of the forged posts never made it to DejaNews' archives, according to
David Wilson, the company's vice president of marketing. "We have several
layers of spam filtering, and we caught several thousand of those
things-actually, a few thousand at a time, from what I'm told," Wilson said.
According to Wilson, the company used a combination of technologies to rid
their archive of spam. "I can't tell you how the filters work, because if I
did, then whoever posted the forgeries would be able to find a workaround,"
Wilson said. "It's a cat-and-mouse game."
As for the inevitable remaining forgeries in the archive, Wilson said, "A user
always has the ability to delete a message from the archive that was posted
under their identity. And so if this forger posted something under someone
else's identity, they can come to our site and nuke that article."
[Note: The URL for "nuking" spam at Deja News is:
<snip>
Copyright 1998, The Detroit News
http://www.dejanews.com/forms/nuke.shtml ]
Click here for some additional truth about the Scientology crime syndicate:
XENU.NET