|Levi's Sites Caught With Pants Down|
By Julian Matthews, Newsbytes
KUALA LUMPUR, MALAYSIA,
25 Jun 2001, 4:22 PM CST
Jeff Beckman, a spokesperson for the company, said the server was immediately shut down shortly after the intrusion happened at about 12:30 p.m. EDT.
"The global 'splash' pages of levi.com and dockers.com were affected. Anyone trying to get into our regional sites via our global 'splash' pages was unable to during the two to three hours downtime," he said.
Beckman confirmed that corporate site Levistrauss.com was also affected on the same day.
The hack was claimed by "Perfect.br", an active Internet vandal of various sites around the world, and had been reported to security mirror sites safemode.org and alldas.de.
Various multinational corporation sites were targeted the same day including the U.S. site for global sports group Adidas (http://usa.adidas.com) and a service site of electronics giant Sony Corp. (http://service-asc.sel.sony.com) - each by different groups.
Levi.com has been online since 1995, and debuted its Web store three years later, much to the chagrin of its traditional retail outlets. In late 1999, the jeans maker backed out of direct Internet sales citing high maintenance costs - shortly after Philip Marineau, of PepsiCo, came on board as its new CEO.
Customers currently browsing its online catalogues are rerouted to the sites of retailers Macy's and JCPenney when they wish to make purchases.
Beckman said since Levi's no longer sells its products directly online, the downtime costs to its retail partners could not be immediately determined. However, he added that the company took the incident seriously, and was in the process of evaluating the security flaw and putting measures in place to prevent a recurrence.
Security expert Niels Heinen of safemode.org said that the Levi's server was likely based on the Windows 2000 platform and using Microsoft IIS 5.0 software, which is known to be prone to vulnerabilities.
"The problem we often see in organizations like Levi's is that they are slack in keeping their servers up-to-date. If they had installed the latest two IIS security patches, then this probably would never have happened," Heinen said.
Alldas.de systems administrator Stefan Wagner said he attributes the spike in defacements in recent months to the fact that more users are connected to the Internet and that hacking and cracking tools are widely available from various underground and security sites. "I believe a 12-year-old can download the needed software from the Internet and in 30 minutes deface a Windows machine," he said.
Alldas.de and safemode.org have taken more central roles in keeping their mirror archives updated and online, ever since the well-known defacement tracker attrition.org shut down its service in May, citing it as a "thankless chore."
Such security sites and defacement mirrors are usually managed by volunteers. But the number of defacements have shot up to over 100 sites, making the task a daily burden. Many sites have also been targets of denial-of-service attacks themselves.
Despite the adversity, both alldas.de and safemode.org have vowed to keep plugging away. "We try to show the world that Internet security is a global threat and that every company's site can get defaced. We hope the statistics are useful for normal users, as well as the media, law enforcement and various other agencies," said Wagner.
The mirror of Levi's defaced site is at alldas.de at http://defaced.alldas.de/mirror/2001/06/22/www.levi.com .
The mirror of Levi's defaced site is at safemode.org at http://www.safemode.org/mirror/2001/06/22/www.levi.com .
Reported by Newsbytes.com, http://www.newsbytes.com .
(20010625/WIRES ONLINE, BUSINESS/)
© 2001 The Washington Post Company