- Dear Mike
Thank you very much for your eMail and bringing the new article you have posted on your site to our attention:
We have been investigating this developing situation since last night.
You should be aware that when we first came across the defacement yesterday morning at the HUM website, we did a follow up to authenticate the attack by calling Dan Verton of Computerworld, who had been referred to on the defaced page.
When we called Dan Verton in Boston yesterday, in our communication he confirmed the authenticity of his 30th January correspondence revealed on the tampered HUM web site and his challenge to the purported claims of HUM in regard to Slammer.
So, naturally this allowed us to confirm the validity of the defacement and to incorporate his testimony in our news alert which you saw yesterday. Indeed at 14:30 GMT the Hum web site at www.harkatulmujahideen.org went back to looking like this:
There is confirmation of the HUM web site going back to normal at the same time from the article published on your site:
All evidence pointed to the authenticity of this story until the HUM web site started broadcasting the message that it was a hoax operation at 19:00 GMT yesterday.
In order for us to deal with the spill over of this situation, we are in contact with Dan Verton of Computerworld and others to ascertain the nature of the hoax.
Thank you and regards
Intelligence Unit, mi2g Limited
I am the owner of the domain harkatulmujahideen.org. I created a hoax about who wrote the Slammer worm, and faked the hacking of my domain, harkatulmujahideen.org, in order to try to prove a point about the difficulties of reporting on cyber-terrorism.
I regret that I didn’t spill the beans about the whole scheme before your articles were published, and I am sorry if the misinformation has caused any harm to your organization.
For your background:
I registered harkatulmujahideen.org in March 2002 when the domain’s previous owners failed to renew it. But they left in place a mirror image of the Harkat site on a server in Pakistan, including email links to my domain:
As a result, I’ve been secretly receiving lots of interesting e-mails apparently intended for HuM. I was hoping I might get a story out of some of the stuff that came in to the site.
Most of the messages have been from people in the Middle East who wanted to join jihad.
The who-is on the domain is screwy because of the change in ownership of the dot-org registry. But you can see that it was registered at Dotster last March. I listed the registrant as “Abu-Mujahid” of Karachi.
Computerworld reporter Dan Verton wrote to [email protected] in November asking for help with his upcoming book on cyber-terrorism. I responded as “A.M.” with some cryptic rhetorical questions, and when he asked for more info, I did not reply.
Last week, I sent Verton a message from Harkatulmujahideen.org as “Abu Mujahid” hinting that HuM had written the SQL Slammer worm. When he asked for proof, I sent him some mumbo jumbo about the fingerprints in the ASM.
“Abu” and Verton traded a couple other e-mails after that. I thought I provided some hints so he would see the hoax.
I “defaced” Harkatulmujahideen.org Tuesday evening by putting up a page at Angelfire with the defacement text and pointing the domain to it. I submitted the defacement URL to zone-h.org.
To its credit, Computerworld tried repeatedly to debunk the hoax while staying aggressive in its reporting.
I recognize how difficult it is to report on such events in cyberspace, given the ease with which one can conceal an IP address and anonymously register domain names. So perhaps I shouldn’t have tried so hard to make my hoax seem real. Again, I apologize for any harm this incident may have caused you.
Please contact me if you need more information.