Internet security firm RSA's Web site hacked

We feel safer already

RSA Security has suffered the embarrassment of having its home page "defaced" by an intruder. The original defaced page can be found http://www.2600.com/hacked_pages/2000/02/www.rsa.com Now it get's complicated: there is a second defaced RSA home page, in which the company's site appears to be "owned" by the an intruder. This is a plain white page bearing a simple message. However, the IP address of RSA.com (205.181.76.22) and the IP address of the second "hacked" page (200.24.19.252) -- are not the same. The hacked page, a computer security firm employee writes, is on a "computer in the University of Antigua - (http://bachue.udea.edu.co). So what happened? One theory put forward by a very knowledgeable reader is that "the nameserver was hacked and the www.rsa.com IP forwarded to another hacked box which was used to host the defaced page. This box must have been hacked again, by someone else and a new page put up". The Register found the following text on the new defaced page (we've deleted part of the phone number for obvious reasons), "Wat up whats up to all my nigs ya know who ya are n #2600 and whats up all my #sesame nigs and call rigger if ya come here bc he is the gayest fuck ;) 718-815-**** all chans are on a irc server lol -tek pBK > * also irc.segments.org ;)" For those not fluent in h4x0r dialect, the gentleman or lady who hacked the RSA page wishes to offer warm salutations to all of his or her colleagues from the IRC channels #2600 and #sesame, and further invites all concerned to place nuisance phone calls to a gentleman or lady known as rigger ( a notorious hacker, apparently) , either as a friendly prank, or for malicious purposes. The overall tone suggests the former is intended. Additionally, we note that "nigs" should not be construed to express any racist sentiments, but is best understood as a term of fraternal affection along lines expressed by the familiar "homies". In the interests of investigative journalism we visited the #2600 and #sesame channels on irc.segments.org, following the message's reference to that network, but found ourselves alone with a bot which advised us, "Welcome to #2600 sit down and shuddup or fear a nice /kill or /kline." A subsequent visit to the same two channels on the more h4x0r-friendly efnet.org yielded the expected result, two rooms chock full of quiet, paranoid hackers and eager, chatty wannabes. No one volunteered any information which The Register felt was up to its impeccable standards of journalistic dependability, so we must refrain from passing along speculation proffered by anonymous strangers. The hack follows closely on the heels of RSA's boastful announcement last week that it was developing some new magic bullet to thwart DDoS attacks. The idea behind it is clever, we must allow: a cryptographic technique using so-called "client puzzles" which would accompany connection requests. "During an attack, legitimate clients would experience only a small degradation in connection time, while the attacking party would require vast computational resources to sustain an interruption of service. As a result, the subsequent burden of numerous requests placed back on the attacking party would severely limit its ability to continue the attack," RSA says. Of course the selection of RSA's home page for a graffiti attack could be a mere coincidence, or it could be a reply from the hacking underground meant to remind the company, and the rest of us by extension, that, all boasting aside, if you are connected to the Internet, you can be hacked, one way or another. A worthwhile reminder for all of us, we must add. ®

Sponsored: Today’s most dangerous security threats