Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Tinkering With Yahoo Stories

Posted by ryuzaki0 on from the thats-pretty-scary-stuff dept.

Lifter writes "A hacker named Adrian Lamo had access for three weeks to the web-based content control system for Yahoo!'s news section, according to a story at SecurityFocus. He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope." He also added a quote by John Ashcroft,"They shall not overcome. Whoever told them that the truth shall set them free was obviously and grossly unfamiliar with federal law." Funny stuff in itself, but the SecurityFocus story explores the harm that could come from a trusted news site being easily hacked in these times."

20 of 387 comments (clear)

  1. URGENT NATIONAL SECURITY BULLETIN by Anonymous Coward · · Score: 5, Funny
    10 ways to tell if you or someone you know may be a potential terrorist:
    1. They are shy or antisocial;
    2. They spend a large percentage of their free time on a computer;
    3. They are quick to criticize the government or corporations, often complaining about their "rights online";
    4. They are obsessed with privacy;
    5. They have a tendency to play violent computer games;
    6. They frequently illegally copy music, movies, or software;
    7. They listen to aggressive, "alternative" music;
    8. They have an aversion to going outside;
    9. They like to reverse-engineer, or "hack", anything they can for no substantive reason;
    10. They use software such as Linux, which is designed by and for hackers.
    For the sake of national security, please report all potential terrorists to the NSA.
    1. Re:URGENT NATIONAL SECURITY BULLETIN by canning · · Score: 3, Funny
      In other news 87% of Slashdot readers were taken into custody and questioned. It seems that they all fit the profile of terrorists. Who knew?

      --
      I love the smell of Karma in the morning
  2. How do we know? by ichimunki · · Score: 5, Funny

    How do we know the Security Focus story wasn't actually the hacker-planted story, and that anything happened over at Yahoo at all?

    --
    I do not have a signature
    1. Re:How do we know? by fobbman · · Score: 5, Funny

      Hell, this /. submission by CmdrTaco was suspiciously missing any added comments that are usually riddled with misspellings and cheap shots at Microsoft. Has anyone checked the back doors at Andover?

    2. Re:How do we know? by sharkey · · Score: 3, Funny

      According to rumor, Andover doesn't have any backdoors. They needed to sell them for their metal content, to stay solvent enough to keep /. up and, well, not really running, but limping along enthusiastically.

      --

      --
      "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
  3. We need more people like this by Daniel+Dvorkin · · Score: 3, Insightful

    I'm honestly not too concerned about this kind of hacking. I tend to take _anything_ I hear about any major incident like the Sept. 11 attacks with a grain of salt for a day or two. And I would hope to God that the people making important, irrevocable decisions -- e.g. the U.S. government -- aren't relying on Yahoo! News for information.

    Consider it freedom of speech, and of the press, and of petition for redress of grievances, updated for the modern age ...

    --
    The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    1. Re:We need more people like this by ScuzzMonkey · · Score: 3, Interesting

      Heh. Yeah, I'm not sure that intentionally introduced errors in news stories are much worse than the un-intentional ones that are routinely there anyway. I've been personally close to enough stories that make the paper to realize how horrible the quality of most daily reporting truly is in this country (and don't even get me started on the amateur outfits like indymedia).

      I have to see something several different places (which are not obviously merely copying one another) before I'll start to seriously give it much consideration as fact--and even then, realize that large parts of the story will be missing or incorrect for other reasons.

      One of the best things about last week, though, was that in the middle of all the chaos and speculation, there were a lot of private individuals who just took some time out and posted up pictures they had taken or things they had seen with their own eyes. Put enough of those things together, and you have a far more accurate story than what a single reporter can do in the same amount of time.

      --
      No relation to Happy Monkey
  4. Security? by x-empt · · Score: 5, Insightful

    The problem with security today is the lack of it. Generally security on the Internet today is the same as how secure businesses are physically. Many businesses leave filing cabinet doors unlocked, rooms open, and papers unshredded.

    Now in the company where you work, how hard would it be for a person in the general public to walk-in and act like a new client or staff member and gain access to sensitive information?

    The problem with computing security in general is that it is more often exploited than flaws in physical security. IT departments don't know how to read www.microsoft.com/security and RedHat's update/errata page. They find security too difficult and do not place it high on their priority lists.

    - x-empt

    --
    Ever need an online dictionary?
  5. Flight announcement by Anonymous Coward · · Score: 3, Funny

    Pre Flight Announcement, 2002

    "Good Afternoon, Ladies and Gentlemen, welcome to Northwest Flight 571,
    service to Los Angeles continuing on to San
    Diego. Before we take off, we'd like to acquaint you with some of the safety
    features of this Boeing 767. You know
    about the emergency exits, oxygen masks, floating seat cushions, and so on,
    so we will not waste time with those. Consult the cards in your seat pocket
    for information on all features of our aircraft.

    "Please do pay attention to the new security features.

    "In the event of midair terrorism, a panel will open alongside the window
    seat, containing two lightweight automatic handguns. They are fully loaded,
    and extra clips are available in velcro straps. As the flight attendants are
    now demonstrating, to operate the pistol, simply draw back the slide and let
    it fall forward, then aim by lining up the slot in the rear site with the
    front site, centered on the middle of your targets torso. Depress the
    trigger repeatedly to fire. The pistol holds 10 rounds; after the last the
    slide will lock back. Depress the clip release button located above the grip
    on the left side, remove the clip and slide a new one into place. Please be
    careful of your field of fire, and continue firing until your target goes
    down.

    "Your seats backs are equipped with kevlar armor, stay well down and aim
    over the top or around the side.

    "Your flight attendants are all armed with compact submachine guns; please
    follow their lead in directing fire.

    "If you feel you are unable to perform these duties, or are a conscientious
    objector, please let our attentants know so
    we can reseat you in the 'cowards rows' at the rear of the plane and not
    bring you drinks or peanuts.

    "For your safety, the aisles are equipped with electrified strips and
    computer controlled antipersonnel mines. For this
    reason, please remain in your seats until the captain has signalled all clear.

    "Note that the area around the cockpit is cleared of seats and marked with
    contrasting carpet. Under no circumstances
    should you cross this barrier during flight, various automatic devices will
    be activated to protect the cockpit.

    "The hatch in the floor at the back of the cabin is similarly marked and
    should be avoided during flight.

    "Anyone creating a disturbance, caught tampering with the pistol cases or smoke detectors in the lavatories will be apprehended and ejected via the rear floor hatch.

    "Thank you, and have a pleasant flight. We know you have a choice when you fly, and we thank you for choosing Northwest..."

    1. Re:Flight announcement by alen · · Score: 5, Funny

      Don't forget about parachutes. Once you exit the aircraft you have the rest of your life to open it.

    2. Re:Flight announcement by Chris+Y+Taylor · · Score: 3, Insightful

      Ditch the semi-autos and give the passengers revolvers. Revolvers are simpler to operate, so the safety brief could be much shorter. They are mechanically simpler, so less preventive maintenance would have to be done on them (i.e. cheaper for the airlines = lower ticket prices). The immediate action drills for revolvers are much simpler as well. The passengers wouldn't have to worry about failure to feed (a problem not uncommon with inexperienced shooters who might "limp wrist" the gun) or failure to extract. Failures to fire are corrected simply by pulling the trigger again, which is probably going to be the passenger's natural response. Semi-Autos are sexy and great for serious shooters, but for inexperienced shooters (or anyone who doesn't like to do preventive maintenance) revolvers are a better choice for self-defense.

      I also think the safety briefing should include a warning to only use the airline-approved frangible ammunition for the guns; otherwise some idiot with a few FMJ rounds in his pocket is likely to stick them in the gun and decompress the plane during the firefight. Other than that, I think that is a good briefing.

  6. MD5/PGP Signing could prevent this. by Rope_a_Dope · · Score: 5, Insightful

    Is there any reason that the major news organizations don't PGP or MD5 sign their stories as posted on the web, to verify they are posted and mirrored correctly? It could easily be ascertained that the site was being changed if Yahoo News were to include a signature at the bottom to check the veracity of the article. Obviously this guy was making minor changes to the stories early on, just to see if he could get away with it. A simple spider/crawler that checks the signature could be run by Yahoo against any and all of their posted stories, and if they don't match the copy editor's , then a flag can be raised! The AP could do this as well for any stories that go across the newswire, and are posted across the Internet.

    1. Re:MD5/PGP Signing could prevent this. by Nater · · Score: 3, Informative

      "Signing" content with MD5 would be pointless. If I were going to modify the content, I'd update the MD5 sum, too. You can't do that with PGP unless you've got the private key.

      --

      I like to play children's songs in minor keys.
      "We're all sons of bitches now." --J. Robert Oppenheimer

  7. I dunno... by jd · · Score: 3, Insightful
    Sounds like the sort of quality of reporting you might expect from a bankrupt portal.


    Seriously, though, disinformation and "information terrorism" may not be as lethal as 110 floors of concrete dropping on you, but for precicely that reason, it's much more insidious, with an impact that no amount of bulldozing can ever clear away.


    It's also much more common. AFAIK, only two buildings of that size have ever been felled through malice. On the other hand, virtually every political and commercial organization has at least one "spin-doctor" - the popular name for info-terrorists.


    If the US is serious about its war on terrorism, it should first prove itself, by eliminating all spin-doctors from the Government, and demanding rigorous honesty and accountability within all sectors not directly tied to national security.


    Yes, NS has to be an exception. Otherwise you get into some, ummm, interesting situations:


    Passport Control Officer: Are you a foreign spy?


    Foreign Spy: Yes. I'm here to learn all your secrets.


    Passport Control Officer (into microphone): Psychiatric Unit to Gate 4, please.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  8. Wit by ajs · · Score: 4, Insightful

    He tinkered with a couple of stories without anyone noticing, then edited an August Reuters story about Dmitry Sklyarov, so that it said that Dmitry's program raised "the haunting specter of inner-city minorities with unrestricted access to literature, and through literature, hope."

    My jaw is left gaping.... Oh, I wish all crackers were this smart! Thank you for restoring my faith in human sarcasm ;-)

  9. And for your daily flamebait.. by Outland+Traveller · · Score: 4, Insightful

    Heh, the only thing unusual about this story is that a *hacker* changed the meaning of a story to suit an agenda. It's not as if the news wasn't biased already!

    One of the things that worries me greatly when I am brave enough to think about it at length, is how fantastically biased and non-independent our (USA) official news sources are. Almost every traditional media segment (TV, newspapers, radio) are as we speak undergoing a tremendous reorganization, where the vast majority of the markets are controlled by a few private companies whose major line of business isn't journalism.

    For an shock for those who haven't done it already, find an international issue and compare how it is covered in the US with how it is covered by far-foreign or minority news sources. You may find the experience similar to discovering Slashdot and Kuroshin after years of Ziff Davis, especially if you read coverage that goes on for a few pages instead of paragraphs. You might not discover the truth but you'll have much better questions.

    The bias is subtle to detect without a comparison, because the bias is often in what is *not* reported, or arguments that are *not* published. If you don't mind being being stoned by a flag-waving mob you can even try this experiment with last week's horrible tragedy.

    So, as much as I support punishing this hacker for his illegal actions, a part of me also commends him for increasing the average distrust of mainstream news.

    1. Re:And for your daily flamebait.. by John+Murdoch · · Score: 3, Interesting

      Hi!

      Yeah, but...

      Ten years ago you were considered to be unusually well-informed if you subscribed to two newspapers--even if those newspapers mostly regurgitated national content from the Associated Press wire. Nowadays it is a trivial exercise to cross-reference stories in "new media" news sites (CNet, ZDNet) with traditional American print media (N.Y. Times, Wall St. Journal, Washington Post) as well as sites from overseas.

      Lightbulb!

      Here's a thought: how about a website, like SlashDot or Kuro5hin, that provides links to a variety of different angles on a given story. Pick a story or two per day and provide links (with a modicum of commentary) to coverage from a variety of sources.

      Hmmm... A splendid idea to contemplate, and thus a good reason to procrastinate.

  10. I have met this fine man on several occations. by ConsumedByTV · · Score: 4, Interesting

    You can learn more about some of his other hacks here: http://www.terrorists.net/
    Hes an amazingly brilliant guy. I have spent a few 2600 meetings in SF with him. I hope that nothing comes of this type of "cracking" satire. However I would like to say that Adrian is a true hacker. One conversation with him and you will come to this understanding. True hacking can transend computers and into social aspects like Adrian has aparently done.

    Hes cute too :)

    --


    "Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
  11. A Hacker's social responsibility. by Fantastic+Lad · · Score: 4, Insightful

    This is hilarious!

    The whole problem is that people DO in fact trust the web as a source of accurate news. Dumb. The web is by it's very nature unreliable. Period. Anybody who gets upset about a little news hacking is a whiner.

    It is YOUR RESPONSIBILITY to double, triple and quadruple check and cross reference any information you find on-line. That's the power of the web; for the first time in history, it is actually possible to get something approaching the whole story. But you can't be lazy. I think hackers who send chills of 'insecure feelings' down the spines of the Norms in Suburbia are doing humanity a service by repeatedly demonstrating just how unreliable the web is. By showing that you CANNOT rely on single sources of information. Such repeated hacks might even raise the awareness of people to the point where they take some personal responsibility for the information which they allow into their heads.

    But what is the response? (What will be the response?)

    An almost unified cry of "Kill the Hackers".

    Last week, 95% of the people on this very site were pissed off when Mafia Boy, (a junior highschool kid. i.e., a CHILD!), got a wrist slap rather than capital punishment.

    Shocking! -Especially since most Slashdotters fit the hacker profile to a 'T'. It is utterly dumbfounding that people were so embittered towards a 15 year old who didn't do anything more than perpetrate but a little DOD attack and make life interesting for a bunch of tech support monkeys who get paid hourly anyway.

    I was even modded down for the mere suggestion that a crime which doesn't hurt anybody, hasn't damaged or removed any property, and hasn't infringed on anybody's civil rights, should rightly be considered a mis-demeanor on the same level as graffiti or vandalism. But people want blood these days.

    All I have to say is, "Be careful what you wish for."

    -Fantastic Lad

  12. Re: Flight announcement - Explosive Decompression by Chris+Y+Taylor · · Score: 4, Informative

    No, the Comet jetliners did NOT explode due to explosive decompression. That doesn't even make sense; it is sort of like saying a match burns because it combusts.

    What happened with the Comet was a result of crack propagation and stress concentration.

    Stress concentration (for those who don't already know) is a phenomenon that occurs when you have a discontinuity in a load bearing structure. Imagine a plate with a hole in it which is under load. The area of the plate away from the hole has a fairly constant stress that can be calculated with your "ideal" equations. As you get near the hole, however, the stress in the material increases; it is as if the hole literally concentrates the stress into that area, hence the name "stress concentration." The smaller the radius of the hole, the greater the stress concentration. In order to keep the stress in the material low, engineers will design things so that they have as large a radius as possible anywhere the geometry changes. Square corners are avoided, because at a perfectly sharp corner you have an infinitely small radius and therefore an infinite stress concentration. Take a look at the rounded corners and stress reliefs on some items around your home or office. The material around a sharp corner will fail under almost any load. At the point of cracks or tears you also have one of these "near infinite" stress concentrations. That is how the little sharp cut at the "tear here" location of potato chip bags and ketchup packets works.

    Well, the engineers who made the Comet put in square windows, with those wonderful stress concentrators in the corners. As the aircraft was pressurized and depressurized it stressed the material and in the area around the corners of the window the stress was highly concentrated and the material failed... it cracked. And the crack is also as stress concentrator, so the crack grew with every cycle of pressurization and depressurization until the structural integrity of the airplane was compromised and the force caused by the pressure difference between the inside and outside of the aircraft "unzipped" it like someone opening a bag of chips. Cracks in aircraft structures still cause problems, but it doesn't cause the airplane to "explode" like something out of the movies. One or two sections of the skin may be peeled off, and the airplane decompresses "suddenly" (which is why it is called explosive) but the airplane doesn't just detonate. Some of you may remember back in the 1980s this happened at the intersection of a structural support and skin to a 737 headed to Hawaii and it lost 18 ft. of skin (and a flight attendant).

    Could a bullet hole cause similar rapid crack propagation and sudden decompression? Not a clean one, the radius is too big. I suppose little star cracks could exist around the hole that could propagate, in theory; but I doubt the damage would ever be worse than that experienced by the aforementioned 737. I am familiar with aircraft conceptual design, but am not an expert on aircraft survivability so IANAEOAS, however I have never heard of any survivability enhancement programs that focus on preventing structural failure from projectile or fragmentation damage to the skin of pressurized aircraft. Structural failure is one of the rarest causes of military aircraft loss(fuel and propulsion systems are the big problems), and is not usually a high priority on increasing aircraft damage tolerance. Civilian aircraft structures are not sufficiently different to negate the usefulness of this historical data. Of the 34 modern airliners that were subjected to in-flight bombings, 56% survived; of those only 10 crashed because of structural failure. If anyone is interested in the effects of aircraft pressurization on enhancing damage can take a look at http://www.dtic.mil/ndia/aircraft/21.pdf. It is significant, but not what I suspect most people would imagine. My best guess, is that any shot which punctures the skin will cause pressure loss. It would take a lucky shot in an older aircraft to unzip a portion of the skin, even then aircraft would likely not be lost. A modern airliner with multiple load paths would be even harder to "unzip," maybe impossible without multiple penetrations. As I said, though IANAEOAS, so if anyone does have specialized knowledge to the contrary I'd certainly like to see it. If no one does have any data or specilized knowledge in this area that contradicts this, then lets please stop rehashing this "bullets vs. aircraft" debate. Of course the smart thing would just be to use frangible bullets that won't penetrate.