Serbian Gov't Website Taken Over – BBC Blames ... the Serbs?
by Jared Israel
Emperors-Clothes.com
4/14/00
Updated 4/15/00 – 12:30 am
Some things are only to be expected. One is: whatever happens in the Balkans, we must blame the Serbs. Having undergone a decade of successful testing, this rule can now be extended. The Serbs must be blamed for anything that happens anywhere in the world.
   

Or at least in the Worldwide Web.

Case in point: the original BBC story, appearing April 13th, the headline reads:

'Serb hackers' on the rampage

Very often, I have found, Western news stories begin with a lie and end with something approximating truth. So with this BBC story. Here's a quote that appears three-quarters of the way through:

CIA Announced Cyberwar Against Serbs a Year Ago
Plan to Train KLA in Hacking Begun

"President Clinton has authorized the Central Intelligence Agency to look into ways to destabilize the [Yugoslav] government...The authorization comes in the form of a "finding," a highly classified document authorizing covert operations. The sources have told CNN that the finding authorizes the CIA to consider the use of computers to conduct cyberwar against Milsoevic."

CNN: May 24, 1999

"It is impossible to say exactly who the hackers are, or how they managed to breach databases that should be secure."

Indeed.

The story itself is slightly incomprehensible. As you will see when you read it, it appears to be talking about two different sets of events. The set of events related to the headline is this: apparently a number of websites whose domain names are registered with Network Solutions were taken over in the past few days. The Websites included some big companies (like Adidas) as well as a variety of Balkans sites including www.kosovapress.com (KLA) and www.Arkan.com and www.yu.com (definitely not KLA). The only evidence the BBC offers to support the "Serb rampage" headline is: one or more of the hacked sites sported a Serbian Eagle emblem and the rather mild comment "Kosovo is Serbia. Be happy if we hacked your site because we only hack the best sites on the internet."

The problem with the "the Serbs did it" line is: why then were Serbian sites also hacked? Indeed, as the BBC didn't bother to mention, the main Serbian government site – www.serbia-info.com – was also hacked Wed. afternoon and serbia-info is also registered with Network Solutions. And it didn't get an emblem and a harmless logo. It got an entire English presentation full of NATO-type propaganda, accusing the Serbian government of atrocities.

There's another problem with the Serbs-did-it line: The BBC story says the hackers forged email address identical to those of the hacked Websites and then transferred control of the various domain names to the hackers. Explains the BBC: "The contact addresses were at first transferred to a Yugoslav address, and then on Monday night to an Albanian address." Huh? Doesn't this suggest a KLA-type group did the hacking and tried to pin it on "the rampaging Serbs"?

[Note: Since this story was written, the BBC has now changed their line, not once but twice. First, they replaced the original story with a new one that softens the allegations against the Serbs. Most recently, they have posted a story which correctly portray the Serbian websites as the victims. Unfortunately, the original Serb-bashing story was run on the front page of their website, while the final story portraying the Serbs as victims does not appear on any main news page. It was only discovered by doing a deep search of the BBC site.]

When the Serbia-info.com site was hacked, Eric Garris at www.antiwar.com spoke with Christine from Media Relations at Network Solutions. She suggested that the hackers had emulated the email addresses of owners of various Websites and using those addresses, sent false messages, transferring the domain ownership over to the hackers.

But there's a big problem with this explanation. As Garris noted, before a domain change can be processed, Network Solutions has to send a confirmation email to the proper owner. So the hacker would not only have to emulate the email address when sending in the transfer request – a fairly easy task – he or she would have to intercept the Network Solutions confirmation message as well – a very difficult task.

This suggests something a good deal more sophisticated than amateur hackers. One possible explanation: this was a black ops move, orchestrated by the US government, which this past May announced its intention to take the war to the Internet. Network Solutions is licensed by the US government and US intelligence organizations could easily gain access to the Network Solutions technical apparatus. The purpose: to disrupt the Serbian government Website and to set the stage for a media smear campaign about "Rampaging Serbs."

Read the In-Depth Follow-Up Analysis

Below is the text of the altered domain registration information, which appeared when Serbia-Info.com was taken over by hackers, apparently from Pristina, in Kosovo. We also link to a statement from Serbia-Info.com which sees the hacking of the Serbian government Website as part of the US assault on Yugoslavia. I think they may well be right on the money.

Here is the text of the domain info. It can also be read by going to www.networksolutions.com/cgi-bin/whois/whois?STRING=serbia-info.com&S%20%20TRING=Search

Registrant: EPI (SERBIA-INFO-DOM) Sheshi Adem Jashari Prishtine, Kosove 38000 AL Domain Name: SERBIA-INFO.COM Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Albodude, Domain (DAS649) fluiddd@USA.NET Sheshi Adem Jashari Prishtine, 38000 AL 011 381 38 37 921 (FAX) 011 381 38 37 921 Record last updated on 10-Apr-2000. Record expires on 29-Jul-2000. Record created on 28-Jul-1997. Database last updated on 12-Apr-2000 04:50:42 EDT. Domain servers in listed order: NS1.WEBPROVIDER.COM 209.143.154.70 NS2.WEBPROVIDER.COM 207.226.255.71

Read the In-Depth Follow-Up Analysis

Back to Antiwar.com Home Page | Contact Us