Apparently there has been someone “close to Landis” who has been sending faked emails appearing to come from the LNDD lab to WADA. Those faked emails allege that the lab is very prone to making errors.
What the hell is going on here??
http://www.cyclingnews.com/news.php?id=news/2006/nov06/nov14news2
http://news.yahoo.com/s/nm/20061114/sp_nm/doping_france_laboratory_dc
**Investigation opened after French lab’s computers hacked **
PARIS (Reuters) - A preliminary investigation has been launched after the computer system of the leading French anti-doping laboratory (LNDD) was hacked, the public prosecutor said on Tuesday.
“Some e-mails have been sent as if they were from the laboratory to other (anti-doping) laboratories, including Montreal’s,” French Anti-Doping Agency (AFLD) boss Pierre Bordry told French Radio France Info.
“These e-mails were meant to show the laboratory was bound to make mistakes,” Bordry added.
…
A couple years ago a came across a program. You could type in the receivers’ email address and also the senders. So you could pretend the email came from another sender, not yourself. I was young and dumb and played a trick on a friend of mine. Stuff didn’t turn out as planned and I got a nice invitation to the police dept…All I meant to say is that you don’t necessarily have to hack a computer to make it look like the email came from somebody else. I’m not saying it wasn’t hacked, but this topic brought that memory back. Of course you could double check it with the IP address.
And to all the ones interested, No, I do no longer have the program or recall its name.
Even better would be to check the email against the LNDD email server and originating email account. IP addresses can be spoofed quite easily as well.
makes sense.
The interesting thing will be if actual LNDD documents were sent, and if they actually do cast a shadow on the labs practices.
You can do that with rlogin -25 whatever@whatever.xxx under unix.
However a trace shows where it’s really coming from.
The web server of the LNDD was really hacked,
Was it just the web server, or were there other servers as well? It would be a much bigger deal if the internal mail and file servers were hacked (and harder to figure out that the email was spoofed).
I could only get confirmation that the web server was hacked. Not the rest.
You can do that with rlogin -25 whatever@whatever.xxx under unix.
You can do that if your unix box hasn’t been properly secured.
obviously.
So has the lab once again demonstrated their ineptitude by failing to secure their technology infrastructure?
That would be the comment of someone who doesn’t know that you can’t secure completely a network unless you just want to disconnect it from the internet…then seal it into concrete so that the box isn’t jammed by EM waves…but then availability of resources might be impaired… 
True, but a casual reading of what has been presented seems to indicate that this was not a sophisticated attack. A sophisticated attacker would probably not have used poorly reproduced logos, etc. More likely it is something of a script kiddie attack, which should be easily prevented by adequate security, such as turning off unnecessary services, adequate and up to date patch levels and firewalls, etc.
I hope you have airconditioning in your concrete-sealed network
True story…some security guard 5-6 years ago) went for a pee at the entrance of NSA…at the same time pizza boy arrived…no one there…so he enters…ends up in a room because the card reading doors were set up by default to open if someone didn’t have a badge with the current clearance (dumb indeed)…the guy ends up in a really restricted area is about to leave and has a woman with a gun to his face…
Story reported while working with CERT, who’s been hacked stupidly too at times…
that said, as far as I know nothing about the type of attack has been revealed so far.
I’d bet this is the work of some script kitty, definitely not from the use of an email anonymizer. Most academic institutes, labs, and other high profile institutions which need an internal network (think if the machines in your home had names livingroom.myhouse.org, bedroom.myhouse.org, and the logins were mom, dad, sister, …) these hackers write programs which sniff for open ports, try logging in using likely usernames (admin, guest, user, etc) with likely passwords (password, guest, admin, etc), and if they find a way in, they snoop around.
I wouldn’t be surprised if someone at that lab had their machine setup with login: user, password: password. Spoof the IP you’re at and you can browse around the machine and possibly the network for hours without anyone knowing any better.
You’d be surprised how many bright researchers know VERY little about network security. In one day, a machine without proper security settings can receive 100,000+ access attempts.
Francois, do you have your hosts.deny file set to
ALL: ALL
ALL: PARANOID
and the hosts.allow set to the machines and users you want to allow access? 
Researchers at Los Alamos routinely walk-out the front door with classified material stuck in notebooks and folders, by accident of course, but still…
I have one machine with nothing on it that I use for internet. And one for work. How more paranoid can you be.
The one for work is in the concrete sealed vault with no AC