[free-sklyarov] re: Brian West

[Ben Ford]

This is the response I got from the newspaper in response to a query 
about the case.


-------- Original Message --------
Subject: Re: news
Date: Wed, 22 Aug 2001 09:06:59 -0500
From: "Grover Ford" <publisher at pdns.com>
To: "Ben Ford" <ben at kalifornia.com>
References: <3B836A33.4060102 at kalifornia.com>



the newspaper did not file charges against Mr. West...owners of the software
that was tampered with and the FBI are pursuing this matter.This is the
story that ran back in February 2000

Hacker says he broke into PDN&S site
By John M. Corbitt, Managing Editor

As the world focuses on damage to huge Internet companies by computer
hackers, the story has been brought home with a vengeance at the Poteau
Daily News & Sun.

According to Federal court records in Muskogee, a search warrant was served
Monday on CWIS Internet Services at 203 North Broadway in Stigler.

In the documentation with the warrant, Special Agent Christopher Headrick of
the Federal Bureau of Investigation, assigned to the Oklahoma City Division.

He is investigating an alleged violation of federal law by unauthorized
access to an Internet web page owned by the Poteau Daily News & Sun (PDN&S)
that is housed by Cyberlink Rural Telecommunications, Inc. (CRTI).

Headrick said in the affidavit attached to the warrant that he had acquired
information from other FBI agents and witnesses.

Cyberlink provided PDN&S with an Internet web page that the newspaper uses
to post news stories and advertisements. Access to the site is limited to
system administrators at CRTI and reporters at PDN&S by user identification
and password.

The affidavit explains that James W. McCoy Jr. wrote a program in Practical
Extraction and Report language (Perl) software that allows reporters in the
field to access the news service website and make updates remotely.

"Many large news agencies have in house computer programmers or hire
companies to write custom software to allow for remote update to their
websites. CRTI anticipated marketing their Perl script program as an
off-the-shelf software package that could be customized and sold to medium
and small news agencies," he said.

Headrick went on to explain that CRTI anticipated selling the software
package for about $4,000 to $6,000 per copy. CRTI was testing the Perl
script called E-Z Net News at PDN&S.

According to the document, PDN&S Publisher Wally S. Burchett reported that
Brian West, known to Burchett as a salesman for CWIS Internet Services,
recently posted advertisements in the PDN&S newspaper.

According to the affidavit, when Burchett met West on Jan. 31, West
indicated to him that he wanted to advertise CWIS Internet Services on the
PDN&S website. Burchett provided West advertising rates for the service and
West indicated that he would soon contact Burchett.

On Feb. 2, according to the federal document, West allegedly telephoned
Burchett to ask if Burchett "realized that his website at www.pdns.com was
not secure."

West allegedly indicated to Burchett that he had accessed the website by
obtaining usernames and passwords.

Burchett reportedly contacted West at CWIS to discuss how West had accessed
the website, and recorded the conversation, that he provided to Det. Jim
Craig of the Poteau Police Department.

On the tape, West allegedly told Burchett that anyone with Microsoft Front
Page, Internet programming software, could enter the PDN&S website, and that
there are no safeguards at all.

West allegedly said he had done a security overview of the site and provided
a technical explanation to Burchett of how to log on with a user password to
PDN&S and "edit your stories."

"Subsequent investigation determined that this intrusion was not done
inadvertently," Headrick wrote in the affidavit.

According to court records, West told Burchett on Feb. 7 that he had
"inadvertently" entered the website of First National Bank in McAlester, and
looked at customer checking and saving accounts and the transfers of funds.

West reportedly told an officer at the bank about the event and the bank's
lack of security. He said the bank officer thanked him but reacted "in a
hostile manner." He said he had accessed the bank's website on two other
occasions, then contacted a senior vice president of an Oklahoma City branch
of First National to advise him of what had been done.

User logs from PDN&S computer indicate that hundreds of attempts to connect
to the PDN&S website were made Feb. 1 from three specific Internet addresses
owned by Webzone of Tulsa, CWIS Internet Services, and Voltage Networks of
Mena, Ark.

The computer logs indicate that at least 30 attempts to connect to the
newspaper's server from those addresses were made between 4:05 p.m. and 4:48
p.m., according to the court document.

It goes on to say that group of attempts were followed by at least five
separate attempts to connect to the same computer at PDN&S from the site in
Mena.

The affidavit said that the logs reflect that many of the attempts to
connect were "not simply requests to view the web page, but attempts to
access the files and Perl scripts that cause the web page to operate."

The document said that a computer operator managed to log into the newspaper
's web page edit program from the Mena site at 7:50 p.m. using the user
identification and password of CRTI employee James W. McCoy, Jr.

Headrick said that an interview with McCoy revealed that he did not access
the PDN&S web page program on Feb. 1 and did not authorize anyone to use his
user ID and password.

Headrick said that he found that the Internet provider in Mena is owned by
CWIS, and that he believes there is an ongoing business relationship between
CWIS Internet Services and Webzone in Tulsa and Voltage Networks in Mena.

Headrick wrote that he has learned from FBI Computer Crimes Investigator
Matthew T. Harper that a computer can be linked so that a person at the
Tulsa site could appear to be accessing the web page from Mena, but that
computer would show that link.

The affidavit said that a CWIS system administrator would be asked to assist
the FBI in the search of records on their equipment, but that a member of
the FBI Computer Analysis Response Team (CART) would conduct the search if
CWIS personnel did not choose to assist the agency.

The affidavit accuses West of "conducting computer intrusion activities in
violation of Title 18, United State Code, Section 1030(a)(2)(C)." It goes on
to allege that the computer used in the crime would be found at CWIS in
Stigler.

Confiscated in the search were backup data disks and tapes.

As of press time Wednesday, no arrests had been made.