Mitnick becomes hacker target

Ex-hacker Kevin Mitnick has become a target for hackers. Twice in the past two weeks, online vandals - like the ones who tagged many websites with 'Free Kevin!' graffiti during Mitnick's time in prison - have broken into the web server of the former hacker's security start-up, Defensive Thinking.

"The consequence of the attack was insignificant to us but could have been worse if the person had real malicious intent," Mitnick, now an independent security consultant, said in a forum on his website. "I did, however, install all the latest patches to prevent the same exploit from working in the future. I suppose it was kind of a wake-up call."

The incidents are the latest form of attention that the internet underground has bestowed on Mitnick. The former hacker's volunteers have to stave off attacks on his website regularly. In addition, Mitnick has received a great deal of email asking for hacking advice or jobs.

The hacks have ratcheted up the interest from the online world, however.

On 30 January an online vandal using the handle BugBear bypassed the security on Mitnick's web server. The server ran on Microsoft's popular Internet Information Server but didn't have all the patches applied, the security consultant readily acknowledges.

The vandal was considerate, Mitnick said. He didn't replace any files or damage any data, but added only a single web page. Bugbear's message: "welcome back to freedom mr.kevin ;)."

A second attack succeeded in using the same flaw to gain access to the web server on Sunday night, Mitnick said.

Mitnick seemed more amused, rather than threatened, by the entire event. "Now I'm in the process of securing the box and not depending on our volunteers," he said in an interview on Monday.

He also added that he follows the recommended practice of placing the web server outside his company's internal network. Such a configuration is called a demilitarized zone - a term borrowed from the military for a no-man's land - and minimises damage when an attacker breaks into a computer that has to be relatively open to the public, such as a web server. Instead of gaining access to the entire network, an attacker only gets into a relatively untrusted computer.

Now in the middle of patching the server, Mitnick said the only hitch was with Microsoft's IIS Lockdown tool, which seems to have thrown a wrench into the works.

"Something that should have taken me a few minutes is now more like a couple of hours," he said.

Microsoft seemed surprised that the former hacker was having troubles with the tool. "That's not a tool that we have had complaints about," a company representative said.