Intel suffers second hack attack

A hacking group has again defaced part of Intel's website and has forced the New York Times to take part of its site offline.

The new attack on Intel seems to have been made after the group, which calls itself Sm0ked Crew, took exception to a comment in this vnunet.com story.

This time the group posted the message: "Intel, you called us script kiddies in www.evnunet.com(sic)/News/1117695. Well, these script kiddies just owned you again. We suggest you be a bit nicer to us proper hackers."

In an email sent to vnunet.com the group threatened to attack Intel again if any more disparaging remarks were made about its hacking talents. "Next time he talks s**t we are just gonna own them again, he needs to learn to keep his mouth shut," the email said.

However, the expert who labelled the group "script kiddies", Chris McNab, a network security analyst with MIS Corporate Defence Solutions (and not Intel), is still unimpressed by the hackers' efforts.

"My gut feeling is they are still using the same exploit, probably the Unicode exploit as it only allows one line of code, such as has been used in the Intel attack," he said.

"If they were more focused they wouldn't simply deface the first machine they come across in the network but use it to try and gain access to an area where they could attack the Intel home page. This sub-domain isn't much of a trophy," he added.

Yesterday, the hackers also forced a subsection of the New York Times to take the business tools part of its website offline.

Although the newspaper largely runs a combination of Netscape software on Solaris, the hackers found a sub-domain on the website running IIS 4.0, the Microsoft software often targeted by hackers due to the number of simple exploit scripts available to use against it.

Experts said corporates often try out different software on their networks without always tying them into their central information security policy.

Similar methods may have been responsible for Sm0ked Crew's other defacements this month, which include sub-domains belonging to websites owned by Compaq, AltaVista, Hewlett Packard, Lycos, Nasa and the Californian Republican Party.

"[Sm0ked Crew] probably use quite a sophisticated scanner and are certainly methodical in the way they scan through the sub-domains of the networks they target. But they're still script kiddies," insisted McNab.