Internet service to aid bomb threat probe
Share with others:
An Internet hosting service through which at least three University of Pittsburgh bomb threats passed said Monday that one of its servers was "hijacked" and it is cooperating with the FBI.
Agents investigating a rash of threats to campus buildings subpoenaed Internet host, May First/People Link, last week after discovering that emailed threats were relayed through one of its servers used by ECN, an Internet provider in Italy that allows its users to send anonymous emails.
May First/People Link believes someone illegally hacked into ECN's system, which requires members to log in, and emailed the bomb threats, said Alfredo Lopez, co-director of May First/People Link.
"The problem is, somehow this joker got in, and we don't believe they had an authentic login. We think they did some kind of shenanigan to get in there," Mr. Lopez said.
The organization issued a statement over the weekend saying it would not cooperate with any investigation, citing a desire to protect "free and unfettered communications" on the Internet. May First/People Link describes itself as a co-op that caters to progressive organizations and labor unions.
But on Monday, Mr. Lopez said that his organization was answering the FBI's subpoena. He would not furnish a copy of the subpoena but said it sought the name of the client that controls the server used by ECN.
The client gave its permission for May First/People Link to provide its name and information to the FBI but not to the media, Mr. Lopez said. May First/People Link gave agents information about its services. But, he added, it could not provide the logs because they don't exist.
"When a server is anonymous, no logs are maintained," Mr. Lopez said.
Agents met with Jamie McClelland, co-director of May First/People Link, at the organization's Brooklyn office and showed him copies of the emailed threats. He almost immediately suspected "a hijacking of some sort" and told the agents he would look into it, Mr. Lopez said. In a subsequent phone call, Mr. McClelland told agents what he believed had happened.
"We spoke to the members involved in this server, and we were able to clearly ascertain that this was not being done by one of our members and that someone else outside the organization was doing it," Mr. Lopez said. "Someone was illicitly and illegally using ECN's resources to send these emails. ... It's not known how they got onto the server. That's something all of us are examining very carefully, including our brothers and sisters at ECN."
U.S. Attorney David J. Hickton has said investigators are focused on potential suspects in the scores of bomb threats that have rattled the campus and its 29,000 students since mid-February. His office has declined to elaborate.
Chris Cook, a certified information systems security professional with Security Awareness Inc. in Tampa, Fla., said there are several ways someone could try to find a password to hack into a protected system.
One method, called a "dictionary attack," runs every word in the dictionary through the system and the real "computer nerds" might experiment with other languages, such as the Klingon language from the fictional "Star Trek" series, Mr. Cook said. Those attacks can be completed "in a matter of seconds," he said.
Another method, called a "brute force attack," tries "every combination of characters possible" and can take minutes or up to a month, depending upon the length of the password and the system's defenses, such as measures that lock someone out after they unsuccessfully try three incorrect passwords in a row.
Still, some people will bypass the "attack" methods and obtain passwords by posing as information technology specialists and asking people for their information.
Information about many of those techniques can easily be found online and "the really good hackers have stuff beyond what you can find there," Mr. Cook said.
Mr. Cook said he suspected that the person or people making the threats is "probably very tech savvy," based upon the amount of time that has passed without an arrest. But he added, "I don't think I've have heard of many [cases] where they didn't catch them."
First Published April 17, 2012 11:36 am