Hackers hit USA Today's Web site - article claimed President Bush had named a propaganda minister

Associated Press ^ | July 13, 2002 | Associated Press Staff

[MeekOneGOP]

Hackers hit USA Today's Web site

07/13/2002

Associated Press

NEW YORK - Hackers broke into USA Today's Web site and replaced legitimate news stories with phony articles, lampooning newsmakers and claiming Israel was under missile attack.

The bogus pages were viewable on USAToday.com for about 15 minutes before they were discovered about 11 p.m. Thursday and taken offline, company spokesman Steve Anderson said.

Mr. Anderson said the site was shut down for three hours to upgrade security. The hackers appeared to have penetrated the Web server computers from outside company firewalls, he said.

All the bogus stories, on seven pages including the site's home page, were falsely identified as having been written by The Associated Press.

The sham missile attack report, linked from the home page, said "unconfirmed reports" from Israel cited "missiles exploding above the city" and speculation Iraq was responsible.

The other fake stories were obvious hoaxes. One claimed President Bush had named a propaganda minister.

There was no claim of responsibility.

USA Today said it reported the incident to police in Fairfax County, Va., where the company's offices are located.

An FBI spokeswoman in Washington, D.C., Deborah Weierman, said the bureau was "assessing the situation."

---

Online at: http://www.dallasnews.com/latestnews/stories/071302dnnatusatoday.794c8.html

[Jeff Chandler]

Naughty boys.

[mykej]

Gosh, somebody hacked a site running IIS. What a surprise.

[MeekOneGOP]

IIS? What is that?

[mykej]

Internet Information Server. Microsoft's sad attempt at writing a web server.

A few months ago I read about an insurance company that was offering "hacking insurance", ie, if your site got defaced they would cover expenses and lost business. They charge a higher rate if you run IIS, simply because it's so much easier to hack.

It's not considered easier to hack simply because more people target it. In the anti-virus world there's always someone who will say that MS's vulnerability to viruses is because more people use it, therefore it's a better target, not because of any inherent weakness.

In the server world, this argument doesn't stand up. IIS is a distant number 2, with less than 30% of the web servers on the internet. The problem is twofold: 1) Microsoft is lousy at writing secure software and 2) lazy IIS sysadmins don't apply the few patches MS does release.

In this day and age, it is irresponsible to put a Windows box on the internet.