Brasseagle.com got hacked

[Nitroduck]

Uh oh, yet again some hacker has attacked a companies website. This is the second that I can think of (Smartparts.com was the first).

The hacker went into the public releases and changed info and sent everyone on the BE Email list info like "We are selling JT and VL to WDP" and "We sugguest other companies dont sell crappy products like ours" .

Tom.......You might want to make sure airgun.com is secured so a stupid hacker can't turn the site into a site featuring blenders and slicers & dicers instead of Automags...

[shartley]

Sorry, that is not being hacked. Exploiting a hole in security or walking in through an open port is not "Hacking".

Hackers do not attack company's Web Sites. They get into a mainframe and actual company system and do things (not going to get into it).

We have already been through this type of thing here on AO. Any "script kiddy" can get into the average Web Server and do what you stated with little effort. But they are NOT "Hackers".

Could you please not feed the flames of ignorance (no pun intended)? This is not a FLAME, just pointing out facts.

And this being the case, can you delete this thread? If there was a REAL security issue, posting it on an open forum would not be the best thing to do anyway. E-mailing Tom directly (or his staff) or calling them would be best.

Thanks.

------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[FeelTheRT]

hrmm, he/she/it got past Proxy Server, and Firewall o my. Better do some backing up.

[Nitroduck]

I am just telling you what Brass Eagle said. They termed as the following.

The Brasseagle.com website has been vandalized by a computer HACKER. We
have reported this action to the FBI so that appropriate action can be
taken. The hacker sent out approximately 15,000 emails, purportedly from
Brass Eagle Inc., that contain information which is completely erroneous
and without merit. For the financial condition of the company, please
review our financial statements and press releases, which are available to
the public.

The individual concerned also altered certain product and press release
information on this site, which is now being returned to its original
form. Brass Eagle is taking legal action against the responsible
individuals. We apologize for any inconvenience this may have caused you.

I am just trying to let people know someone screwed with thier site, OK?

[shartley]

And TOM said the same thing when his site went down. But it had NOTHING to do with Hackers.

Even if BE put out false information out of ignorance, we as educated people should NOT feed the fire.

Look at even the major media... "Hacker cracked mainframe and stole millions of credit card numbers...." And it was neither Hackers, or Crackers that did it, but actual Employees with all the proper passwords.

Same thing is done when sites are defaced. Everyone cries "HACKERS!" when that is NOT what happened or who did it. Being defaced is NOT being hacked.

And what happened to BE was ALSO not a hacking incident. I could very easily do the same thing to half a dozen companies.. and it involves NO hacking. In fact I could send YOU an e-mail and all indicators would point to the conclusion that YOU sent it to YOURSELF.

I was trying to be nice with my last post. But I am sure you can clearly see that BE was wrong in their information, and you simply passed this WRONG information on.

Remember... Tom did the SAME type of thing. It happens. But we can at least learn from it.

Oh.. and "Just letting people know that someone screwed with their site..." is EXACTLY what these "Script Kiddies" WANT. It tags them as "hackers" which they are far from being, and it boosts their egos.

------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[This message has been edited by shartley (edited 08-23-2001).]

[Nitroduck]

I know about sending using anonymous mailers and such to fake emails and I do not consider it hacking either. However, if I got the password and such to thier site then sent out 15k Emails using Brasseagle.coms mailing server by stealing the password I would consider it hacking...

[shartley]

YOU may consider it Hacking.. but YOU would be wrong. Sorry.

Think about it like Paintball... what if you heard some Newbie spouting off a bunch of silly terms that were not accurate.. wouldn't you get annoyed and correct them? And it would not mean they are bad people, just misinformed. And it really would not matter what THEY considered to be the terms.. they would be wrong.

This is the case here.

[Paintballer86]

Here is a cut and paste of the e-mail:
[Editor's Note: We received this important email from Brass Eagle and thought it merited special distribution to readers of APG Ezine. We know that most of our readers understand the ENORMOUS harm that can be caused by such online vandalism, harm for which the offender -- and, if the offender is a minor, his/her parents-- will be held liable.]

The Brasseagle.com website has been vandalized by a computer hacker. We
have reported this action to the FBI so that appropriate action can be
taken. The hacker sent out approximately 15,000 emails, purportedly from
Brass Eagle Inc., that contain information which is completely erroneous
and without merit. For the financial condition of the company, please
review our financial statements and press releases, which are available to
the public.

The individual concerned also altered certain product and press release
information on this site, which is now being returned to its original
form. Brass Eagle is taking legal action against the responsible
individuals. We apologize for any inconvenience this may have caused you.

Thank you for your patience.

------------------
If you run, you will only be marked tired

[jas142]

Either someone has a huuuuuge grudge against brass eagle and got through firewalls and secuirty measures, or brass eagle needs to invest in a firewall for their server.

[Muzikman]

Being an IT professional (although I am a network Analyst not a security expert) Any unauthorized access to a system is a hack. That is the definition.

hack·er1 (hkr)
n. Informal
1.One who is proficient at using or programming a computer; a computer buff.
2.One who uses programming skills to gain illegal access to a computer network or file.
3.One who enthusiastically pursues a game or sport: a weekend tennis hacker.

I think they fit under #2. And ok, I can see the argument that just anyone can download a program to do the hacking for them, but they still need an understanding of the program itself. These so called" Script Kiddies" are still hacking into systems, just because they have tools that make it easier for them to do doesn’t make them any less of a hacker. Anybody gaining unauthorized access to a system in any form can and will get punished the same. Being an idiot and disgruntled worker and using your power (password) to cause mischief is not hacking, but at the same time…that is not unauthorized access…that is unauthorized use.

Look at it this way. If a car thief uses a slim jim to gain access to the car and a master key to start it and drive away. Is he not a car thief?

Annoying I tell ya…


------------------
Jason "Muzikman" Beam

• 68 Automag
  68 Automag (Pumpmag) w/ 6-Pak+
  Automag RT
  Sydarm

http://www.pittsburgh-music.com/paintball

[This message has been edited by Muzikman (edited 08-23-2001).]

[cphilip]

Of interest in this semantic debate is the fact that this is Jargon and lingo. Not Websters stuff. Here is some stuff on it

Hacker
A computer enthusiast who enjoys learning everything about a computer system and, through clever programming, pushes the system to it's highest possible level of performance. Also known as crackers, these computer hobbyists are skilled programmers with the reputation of having a mischievous bent who break into secured computer systems.

A hacker is simply one who programs enthusiastically and enjoys programming rather than just theorizing about programming. In 1989, the New York Times published an article headlined "Invasion of the Data Snatchers" culminating in a ridiculous series of Secret Service raids in which federal agents confiscated the computer systems of these "dangerous" individuals.

The term hacker tends to connote membership in the global community defined by the net and it implies that the person described is seen to subscribe to some version of the hacker ethic. Note: It is better to be described as a hacker by others than to describe oneself that way. Most hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome.


Ref: NetLingo Classification: Hacker Jargon

Also (and if I understand then this means we have a cracker not a hacker here? Maybe? I read through it prety fast...)

Cracker:
One who breaks security on a system, this term was coined circa 1985 by hackers in defense against journalistic misuse of the word hacker.

While it is expected that "any real hacker will have done some playful cracking and knows many of the basic techniques," most hackers are expected to have outgrown the desire to do so except for immediate, practical reasons (for example, if it’s necessary to get around some security in order to get some work done). Thus, "there is far less overlap between hackerdom and crackerdom than the reader misled by sensationalistic journalism might expect."

Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the hacker culture in general. Though crackers often like to describe *themselves* as hackers, most true hackers consider crackers to be "a separate and lower form of life." Ethical considerations aside, hackers figure that "anyone who can’t imagine a more interesting way to play with their computers than breaking into someone else’s has to be pretty lame."

See Also: hacker , hacker ethic .

Ref: NetLingo Classification: Hacker Jargon


So this site has been cracked not hacked right? Awww who cares!




[This message has been edited by cphilip (edited 08-23-2001).]

[Muzikman]

Hmm...could be...

I got my definition of "Hacker" from www.websters.com I think it fits pretty close to what you seen/hear happend to Brass Eagle. I always looked at crackers as people who write programs to get around copy write and security, but not accually cause any harm. I figure once harm is caused, no matter how minor, it is a hack.

And yes, if you ask a real "Hacker" if what happend was a hack, he would probably say no, because he didn't write the program that did the damage. You know, them there hackers have such big heads



------------------
Jason "Muzikman" Beam

• 68 Automag
  68 Automag (Pumpmag) w/ 6-Pak+
  Automag RT
  Sydarm

http://www.pittsburgh-music.com/paintball

[cphilip]

Well...it seems to me that "Hackers" want to establish this kind of security breaching as another term. And "Cracking" is what they prefer we use. Seems pretty much established though. I don't think we necessarily have to allow them to. Just seems it's been settled on for the time being.

[shartley]

Thank you. I was going to provide a HUGE list of resources and definitions used BY hackers, but it seems that I don't need to now.

I guess what I am trying to say is, who provides a better definition of things?

Paintball Players or the Media?

Actual Hackers or the rest of the world?

The site was NOT hacked. If you attribute the action TO Hackers, you have to then use THEIR definitions as well.

The site was not hacked. But it SOUNDS better. So scary!



------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[cphilip]

Now let's get back to these girls kissing each other...

[Webmaster]

Just to clearify...

When the automags.org went down - our HOST company told us it was probably hackers. That is when the announcment was made. It was only after I investigated and saw how throughly deleted the site was that I concluded it wasnt an outside person wreaking havoc, but an incompetent hosting company who delelted EVERYTHING - including symbolic links to the site.

BTW- I am still urked about that - everyone avoid using cihost.com

OBVIOUSLY - if someone changed items on the site and sent out mass false emails - that security was compromised - weither you call it a hacker/cracker/script kiddie or what ever that fact it is that someone got in - professional or goofball - and caused damage. I hope they catch him...

------------------
Webmaster - AutoMags.Org
webmaster@automags.org
----------------------
"Good...bad...I'm the guy with the gun." - Ash, Army of Darkness

[cphilip]

Originally posted by Webmaster:
wether you call it a hacker/cracker/script kiddie or what ever that fact it is that someone got in - professional or goofball - and caused damage. I hope they catch him...

I heard that!

[shartley]

I also agree... my only complaint is that it is a proven fact that part of the reason these things continue to happen is because they get "recognition" as being "hackers". If you start calling them "script kiddies" (which is what they are) it takes the wind out of their sails.

No one in the Hacking Community takes these fools seriously, and in fact laugh at them. This type of stuff is beneath a real Hacker. Only the misinformed pump these jerks up to be things that they are FAR from being.

The actual damage done is another story. Now THAT is serious. And a few of us know how easy it is to trap these guys.
But it is like some kid spray painting your car.... the damage is quite bad, but did the spray painter deserve to be lifted to the level of a master criminal? Not likely.

LOL As you can tell, this is a touchy spot for me. I hate HYPE, and I believe in calling it like it IS.

Oh.. and CIHOST... LOLROF There are so many bad reports about them that I am surprised that they are still in business. I am glad you no longer use them (as I am sure you are too.... LOL).

------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[SuperG]

My last term paper was on hacking and cracking...10 whole pages.

The FBI term for hacking is "illegal intruding on others virtual space with intent to destroy, alter, or steal." Sounds kinda cheesey, but that was in TIME magazine. So, if you go by FBI lingo, the brass eagle website was HACKED by a HACKER.

[SuperG]

My last term paper was on hacking and cracking...10 whole pages.

The FBI term for hacking is "illegal intruding on others virtual space with intent to destroy, alter, or steal." Sounds kinda cheesey, but that was in TIME magazine. So, if you go by FBI lingo, the brass eagle website was HACKED by a HACKER.

[Webmaster]

Shartley - it doesnt matter if we recognize them or not. Teenagers have been damaging property from the beginning of time. It used to be graffti, mailboxes, tombstons, and toilet paper in trees. Kids get kicks out of flexing thier freedom and wreaking some havoc. So it will be on the web. Hell - I know some script kiddies who know they are script kiddies - but they just do it for fun.

They use the same excuse of any kid - why did you steal the car? Well, they left it unlocked with the keys easy to find - they deserved it. Why did you hack the site? They were using Win NT with no security updates, they deserved it.

------------------
Webmaster - AutoMags.Org
webmaster@automags.org
----------------------
"Good...bad...I'm the guy with the gun." - Ash, Army of Darkness

[Restola]

what makes me mad is when someone fights tooth and nail to defend some special definition and in doing so convienently makes it look like they know everything. yes everyone knows what a script kiddie is, and everyone is sick of everyone thinking they are hackers. but whose going to post "someone walked through an open port on be's site today". its not something 99% of internet moms and kids can do and it looks hard, so its hacking.

so leave the kid alone shartley

[shartley]

Good points there SuperG. And we all KNOW how reliable the FBI has become over the last 20 years.

I wouldn't advise looking to the FBI for much now days. That definition is only there to allow them to aggressively pursue many types of things under one legal definition. This is often the case with Law Enforcement, it is usually a "what is the easiest way we can word things so we can use them to our best advantage" thing. And THAT I can tell you is a FACT will all certainty.

Look to Australia and their "definitions" and "classifications" for Paintball Markers. This is also a good example of not using the definitions that the Government uses.

Again, I digress back to the Paintball Industry...... if the news and Law Enforcement started calling paintballs "bullets", would you start calling them that? Technically that IS what they ARE.. but we all know different.

Same thing in this case.

And you want to know what the FBI is going to do about this? What is between my brackets? { } You got it.. NOTHING.

The actual damage caused is not great enough, and the Paintball Industry is not "front news" enough. They will make a token effort (if that) and then suggest taking this to Civil Court.

And how do I know this? I have seen them do the EXACT same thing with more serious cases.

And THAT is the cold hard truth about this. We can argue all we want about WHAT we should call what happened, but in the end, it is better to just do damage control and move on. After all, it is the 3 Ring Circus that follows these "attacks", that the kiddies are really after, not so much the actual event.

Webby: I agree.

Restola:
you said:

what makes me mad is when someone fights tooth and nail to defend some special definition and in doing so convienently makes it look like they know everything.

I did not flame anyone, and before you even attempt to flame me, I think you should rethink it. This is NOT a road you want to go down. When I am right, I am right, and when I am WRONG, I admit it. If you want to insinuate that I don't know what I am talking about, send me an e-mail and I will schedule an appointment to talk to you personally about the matter.

You even said the SAME thing I said, but you put this twist to it:

yes everyone knows what a script kiddie is, and everyone is sick of everyone thinking they are hackers.

But if that was the case, BE would not have called them HACKERS. And neither would the FBI. So evidently EVERYONE does NOT know the difference.

You need to rethink your own arguments a bit better before wanting to come down as "the savior" of some poor attacked "kid". I was only attempting to correct a common misuse of terms.

Want to compare brain pans? And who wants to "look like they know everything"? Go play.

(sorry, he just went hunting bear with a BB Gun and the bear got pissed)
------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[This message has been edited by shartley (edited 08-23-2001).]

[Puckz]

Honestly your entire arguement isn't worth our time.

In fact If I read this at home instead of at work where it would have been my time wasted, I'd have been pissed.

------------------
Mikey Smith
About Paintball Dude
http://paintball.about.com
paintball.guide@about.com

[Webmaster]

You know - while I appriciate you championing the english language... "hacker" is a common, generic term. If this was in an industry magazine, I could see your dismay at its use. But really, its a bulletin board. Language is VERY casual and generic terms are abound. Heck - half of the means of communication here doesnt even involve words (IIRC, LOL, ROFLMAO, BRB, BBIAB, ) etc, etc. While I appriciate there IS a difference - its not worth the fuss to point it out in such a casual setting...

I mean - I constantly use "gun" here - but ALWAYS use "marker" in my writing for APG.

------------------
Webmaster - AutoMags.Org
webmaster@automags.org
----------------------
"Good...bad...I'm the guy with the gun." - Ash, Army of Darkness

[woody 2]

Hey shartley, uhhhh... your a major ******* . and you need to seriously lighten up. Sorry if he didn't the correct term of the vandalizers actions. Dude chill the hell out you are one weird *** mofo... get a life

[shartley]

I agree with BOTH of you.

But I think you are all missing the point that I made ONE post with simple language and it was not in agitation or aggression.

From THAT post, it went crazy. And when all was said and done, MOST agreed that the terms used were a bit off.

Now I am the "bad guy" for making this thing go like it did? I am the one to be upset at for sticking to my guns? I wasted all your time and it was in fact not WORTH your time?

So misinformation IS worth your time? And misuse of terms IS worth your time? Or is it the fact that someone was not bowing to public ignorance for the sake of not upsetting someone, or keeping a thread short?

And if you were to get upset at reading this at home, you should be upset at YOURSELF, I, and no one else forced you to read it.

Both my wife and I have gone over some of your (posters in general) comments and it baffles us as to what was so darn difficult in saying.. "Yes, the terms used were wrong." and leaving it at that. But I guess it it better to say I am making a big deal out of things... when the last time I looked, I was FAR from being the only one posting in this thread.

(Oh, and now we have people calling me names. For sticking to my guns.. hmmm I am an ******* ? I think some moderators need to get to work. And people need to remember my FIRST post in this thread...

Sorry, that is not being hacked. Exploiting a hole in security or walking in through an open port is not "Hacking".
Hackers do not attack company's Web Sites. They get into a mainframe and actual company system and do things (not going to get into it).

We have already been through this type of thing here on AO. Any "script kiddy" can get into the average Web Server and do what you stated with little effort. But they are NOT "Hackers".

Could you please not feed the flames of ignorance (no pun intended)? This is not a FLAME, just pointing out facts.

And this being the case, can you delete this thread? If there was a REAL security issue, posting it on an open forum would not be the best thing to do anyway. E-mailing Tom directly (or his staff) or calling them would be best.

Thanks.

That is FAR from being someone who is strange and has no life. But I suppose if any one of you felt strongly about anything other than paintball and did the same thing, it would indicate some sort of mental problem? Get real. And you have all seriously disappointed me as people.)

------------------
“The richest man is not the one who has the most, but the one who needs the least.”

[This message has been edited by shartley (edited 08-23-2001).]

[woody 2]

i was just tryin to make you feel bad, the way you did to all those othe rpeople you tried to make seem like they were stupid idiots... and oh yeah now your "tattling" on me to the moderators lol... Chill!

[rt_81]

Originally posted by cphilip:
Now let's get back to these girls kissing each other...

HEAR HEAR!!!!!!!!!!

let it go guys, really.

RT

[dansim]

well mister smarty pants from england says it was a hacker so i belive him