Cybergang 'Gunmen' aim for media

'United Loan Gunmen' continue cyber attacks on media sites, while keeping identities secret.

Few details have emerged about the secretive cybergang known as the United Loan Gunmen, who, for the fourth time, struck at a media Web site late on Tuesday.

The ULG hacked into the news and information Web sites for the Nasdaq and Amex stock exchanges, posting an obviously false story on the site. The defacement only affected the Web site, and only for minutes, before the Nasdaq's security quashed the unauthorised story. "Our sites are working perfectly," said Scott Peterson, spokesman for the Nasdaq and Amex stock exchanges. "We have no evidence of intrusion at this time. However, we take all such allegations very seriously and we are investigating."

Very seriously, indeed. The stock exchange has already called in the FBI to investigate the Nasdaq defacement, said a knowledgeable source, who asked to remain anonymous. The same office that investigated The New York Times defacement over a year ago will be spearheading the investigation.

Finding the Gunmen may be tough, however. "These guys are very careful," said B. K. DeLong, a staff member at Attrition.org -- the hacker and security Web site that first reported the defacements. "We don't know who they are."

Attrition.org has a running list of defacements and is frequently contacted by cyber vandals wanting to show off their latest achievements. The Gunmen contacted Attrition.org to report its defacement of four media-related sites in the past four weeks, including television network ABC's main site, cable channel C-SPAN, tabloid Web reporter Matt Drudge's site, and Tuesday's hit on the news and information sites of the Nasdaq and Amex exchanges.

Despite an obvious desire to get the word out, the cybergang has been careful about guarding its members' identities. In contacting Attrition.org, its members used a third person to set up "meet" times on an Internet chat channel, and would only stay on for a very short time. Little else is known about the Gunmen, except that its members have focused on online news and media sites.

During the group's first defacement of ABC.com on 19 August, it posted a diatribe criticising TV and cable as "elderly" media. Seemingly a pro-Digital Age message, the Gunmen wrote, "The Internet is there not only for you to use, but for you to control."

Yet, the most recent attack appears more juvenile fun than serious commentary. "(The ULG's) goal was to attempt to make stocks rise drastically," wrote the group, "thus making all investors happy, hopefully ending with investors putting bumper stickers on their new Mercedez' (sic) that say 'Thanks ULG!' Meanwhile, ULG Members go back to flipping burgers at McDonalds."

Due to the fact that the target of the Gunmen's attacks remaining largely mum on the holes exploited to gain access to their servers, it's hard to gauge whether ULG is a serious hacking group or less skilled "script kiddies". The label is pasted on those who use widely available hacking tools to gain access to a server rather than their own programs.

ABC left the window open ABC.com admitted that the group gained access through a known security hole. "Our understanding is that we had a window left open," said Michelle Bergman, spokeswoman for the network. Bergman added that -- as in the Nasdaq case -- the defaced site only stayed up for less than an hour.

Webmasters for neither C-SPAN nor the Drudge Report responded before press time.

Take me to the Hackers news special

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All