A duo who said they're part of the apparently tireless campaign to free convicted hacker Kevin Mitnick has staged a nearly invisible but still jolting raid on Yahoo. But the Web-wide catastrophe the pseudonymous pair threatens to unleash unless Mitnick is turned loose is dismissed as a hoax by both the directory service and those with some expertise dealing with similar cyberthreats.
The 7 p.m. Monday attack on Yahoo, first reported by hacked.net, consisted of a warning displayed on the directory service's homepage: Release Mitnick from federal custody or suffer a Net-wide catastrophe.
The message, from self-described Mitnick Liberation Front hackers calling themselves "Pantz" and "Hagis," said anyone who had accessed Yahoo in the past month had unwittingly downloaded "a logic bomb/worm" that is now "implanted deep within their computer." The message, which Yahoo said was visible for about 15 minutes to those using non-frames-aware browsers like Lynx, said the virus would destroy the planet's networks on Christmas unless Mitnick goes free.
Yahoo said flatly Tuesday that the threatened bomb/worm is nonexistent. "There absolutely is no virus," said Yahoo spokeswoman Diane Hunt.
Hoax or not, the hack, and the sentiments behind it, did gain some sympathy. The Yahoo duo wrote, in part: "Mitnick did what he did out of intellectual curiosity, without compromising the hacker ethic."
In the most celebrated individual hacker case, Mitnick was tracked down in February 1995 after more than two years as a federal fugitive on wire- and computer-fraud and related charges. He is currently detained in a federal lockup in Los Angeles awaiting trial on charges arising from his 27 months on the lam.
"It's a beautiful hack in that it uses perception management techniques to scare the willies out of people," said computer virus myth dispeller Rob Rosenberger.
"Hoaxes are beginning to evolve," Rosenberger said. These kind of subtle hacks, he said, are much more effective than the childish ones where Web sites are defaced with assorted profanities - they're not as easy to detect. "If a few thousand people walk by and they see an alert that looks like this, that's stunning."
Other experts were less taken with the hackers' work.
"A wrong doesn't make a right. The tactics of these people, whoever they may be, are very, very wrong," said Jonathan Littman, who wrote a book on the Mitnick case, The Fugitive Game.
"But Mitnick's case is troubling," he said. "Wiretaps and monitoring were conducted in Mitnick's case, court orders and FBI policy were broken, and essentially his case was turned into entertainment. Right now he's being treated far worse than someone who blows up a building and has killed hundreds of people."
The MLF has claimed responsibility for other hacks in recent years, including a system at Los Alamos National Laboratory and the Web site of Telia, Sweden's largest telecom provider, but Yahoo was the most high-profile site to get hit - a recent study showed that Yahoo was the most popular site on the Web last month, with 17.2 million users.
"It didn't surprise me that it happened - it just surprised me that it was Yahoo," Rosenberger said.
