Security News > 2003 > February > Re: Terrorist group claims responsibility for Slammer

Re: Terrorist group claims responsibility for Slammer
2003-02-10 08:33

Forwarded from: Dan Verton Folks, Here's the story of how I got screwed. I was duped, I was had -- call it what you will. Despite calls to the FBI and security firms and other journalists around the world, I didn't turn up the hidden ownership of the domain in question. I let myself get burned. Dan http://www.computerworld.com/printthis/2003/0,4814,78238,00.html By DAN VERTON FEBRUARY 06, 2003 Editor's note: An online story yesterday by Computerworld reporting on terrorist claims of responsibility for having authored the Slammer worm was based on a hoax. The security reporter who wrote the story, Dan Verton, explains in this first-person account how he and others were misled by a U.S. journalist who pretended to be someone named "Abdul Mujahid." The original story has been removed from Computerworld's Web site. There's an old Italian proverb that says, "Those who sleep with dogs will rise with fleas." That's the situation in which I now find myself. While catching a few fleas isn't unusual in the murky, dog-eat-dog world of reporting on hackers and terrorists, this hoax is different. Had it been a simple scam, I might be embarrassed. But in this case, the scammer is Brian McWilliams, a former reporter for Newsbytes.com, which is now owned by The Washington Post Co. For the past 11 months, McWilliams has operated a Web site, www.harkatulmujahideen.org, which once belonged to a real terrorist organization based in Pakistan. It was during legitimate research into pro-terrorist Web sites that I first came across the Harkat-ul-Mujahideen site and McWilliams. In an elaborate scheme to dupe security companies and journalists, McWilliams acknowledged last night that he purchased the domain name last March and registered it under the name of "Abu-Mujahid of Karachi." He also left a legitimate mirror site in place on a server in Pakistan and by his own admission has been receiving e-mails from people looking to join the actual terrorist group. He then posed as Abu Mujahid in his communications with people and the news media. McWilliams' hoax, which he described as an effort to surreptitiously obtain information that he might be able to turn into a good news story, came to my attention after I reported being contacted by Abu Mujahid. In a series of e-mails spanning several weeks, McWilliams, a.k.a. "Mujahid," claimed responsibility for the Slammer Internet worm late last month. Although my story noted that claims of responsibility for Slammer couldn't be verified, I, along with journalists in India, several computer security firms and even law enforcement experts, didn't see through McWilliams' hoax. "I worked hard to make the illusion look real," he said in an e-mail to me last night, after the hoax had been exposed. McWilliams also expressed regret for having allowed the hoax to go so far. "But the Internet gives those who want to spread misinformation a big advantage. It's so easy to conceal ... the ownership of a domain." McWilliams' efforts misled journalists in a foreign country now living with the real-world threat from a very real group, Harkat-ul-Mujahideen (HUM), a group linked not only to Osama bin Laden, but also to the abductors and murderers of Wall Street Journal reporter Daniel Pearl. The Web site still in place in Pakistan, www.ummah.net.pk/harkat/, refers to a radical Islamic group on the State Department's list of designated terrorist groups. Once known as Harkat-ul-Ansar, the group changed its name to Harkat-ul-Mujahideen in an effort to avoid problems stemming from the U.S. terrorist designation. Contact information on that site goes to harkatulmujahideen.org, which is McWilliams' domain. "I've been secretly receiving lots of interesting e-mails apparently intended for HUM," said McWilliams. "I was hoping I might get a story out of some of the stuff that came in to the site. Most of the messages have been from people in the Middle East who wanted to join jihad. I've forwarded some to the FBI." As part of this scam, McWilliams contacted a journalist in India and then defaced his own phony Web site, posting one of my earlier e-mails as part of the defacement by a bogus hacker group. That "hacking" was one reason that at least one security vendor, Mi2g.com, initially considered the Web site to be genuine. That authenticity unraveled late yesterday, after my story had been posted, when members of an e-mail list that focuses on security topics contacted Computerworld and informed me that McWilliams had been bragging about the success of his hoax and how simple it would have been to uncover. He did not, however, acknowledge then that he had registered the domain using a fictitious name. After the hoax was revealed, the story was removed from Computerworld's Web site. By then it had been picked up by other Web sites. This isn't the first time McWilliams has relied on questionable reporting procedures to obtain information for a story, according to government intelligence and industry sources, who requested anonymity. These sources confirmed that in September 2001, at the height of the Nimda worm, McWilliams obtained the telephone number for conference calls held by the National Security Council, the National Security Agency and private companies, and listened in surreptitiously to the conversations. He then used the information from the conference calls in news reports he filed. "Just as that group was hitting its stride, the trust relationship was fractured," said a source who took part in the conference calls. "Since we couldn't know which participant compromised the trust, [McWilliams'] efforts actually damaged the effectiveness of the defensive action." McWilliams confirmed today that he did listen in to the conference call. Although the hoax this week taught me a valuable lesson about the nature of information on the Internet, it's less clear that McWilliams' scheme has done anything to advance the understanding of cyberterrorism -- one of his stated reasons for conducting the hoax in the first place. The fact is that real terrorist organizations around the world do run Web sites. The Palestinian terrorist group Hamas is a prime example of a terrorist group on the Web. There are many others, including, until last March, Harkat-ul-Mujahideen. This experience has been a particularly difficult one for me. I feel like I've been had, and that's never an easy thing to swallow. I got burned. So, I'm left here scratching fleas as the price you sometimes pay for sleeping with dogs. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.


News URL

http://www.computerworld.com/printthis/2003/0,4814,78238,00.html