Re: Counterspy

[Dave Dittrich <dittrich () CAC WASHINGTON EDU>]

On Wed, 24 Jan 2001, InfoSec News wrote:

> http://www.forbes.com/forbes/2001/0205/130.html
>
> Srikumar S. Rao
> Forbes Magazine
> 02.05.01
>
> Michael Lyle has no problem stooping to the hacker's level in the
> information war. During one of his frequent 3 a.m. prowls on Internet
> Relay Chat, the 21-year-old chief technology officer of Recourse
> Technologies came across a braggart who claimed to have shut down a
> site. The hacker spoke of a tool called Mstream that bombards servers
> with junk data from many different sources. Posing as a hacker named
> Icee, Lyle swapped some code for a copy of Mstream. Within a week he
> had reverse-engineered it, and sent out a warning to his colleagues in
> the security community.

I have to stop right there.  There is definately some stooping and
bragging going on, but I don't think Mr. Rao portrays that acurately.

I'm starting to get a little tired of people claiming the work of
other people to make a buck.  Ethics seems to be sorely lacking
these days.

> From the bugtraq archives:

        Subject: Source code to mstream, a DDoS tool
        Date: Sat Apr 29 2000 20:48:41
        Author: Anonymous User < nobody () lobeda jena thur de >
        Message-ID: <200004291748.TAA13203 () lobeda jena thur de>


        Subject: Re: Source code to mstream, a DDoS tool
        Date: Mon May 01 2000 15:08:15
        Author: Dave Dittrich < dittrich () cac washington edu >
        Message-ID: <Pine.GUL.4.21.0005011351460.11047-100000 () red7 cac washington edu>
        In-Reply-To: <200004291748.TAA13203 () lobeda jena thur de>

I don't see any post by Mr. Lyle.  (Perhaps Mr. Lyle is "anon" who
posted the mstream source code - posting source is far from reverse
engineering and publishing an analysis.)  Read the following analysis
(published on May 1, 2000, with copyright statement included) and you
can see the results of reverse engineering mstream, captured from live
systems on which it was installed (not bartered on IRC):

        http://staff.washington.edu/dittrich/misc/mstream.analysis.txt

That analysis *is* the result of close to two weeks of effort (unpaid)
by those involved (including Andrew Korty and others at Indiana
University).  If Mr. Lyle was part of the IU group, he is still not
entitled to lay sole claim to this.

CNN published an article at the time:

        http://www.cnn.com/2000/TECH/computing/05/02/new.ddos.tool/index.html

I don't see Mr. Lyle's name mentioned in this article, either.

Try a Google search:

        http://www.google.com/search?q=Lyle+mstream&hl=en&lr=&safe=off

Promotion should not pass for journalism, and claims should not
pass for.  I would hope that a magazine like Forbes would at least do
some fact checking before running articles like this.

(P.S.  I tried to find an email address for Mr. Rao, and called a
number listed on several web pages, but could not contact him
directly.  Forbes editor: Please pass these comments along.)

--
Dave Dittrich                           Computing & Communications
dittrich () cac washington edu             Client Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".