Levi’s Sites Caught With Pants Down

Posted on June 25, 2001 
Filed Under Julian, Newsbytes

By Julian Matthews

Crackers defaced multiple Web sites belonging to apparel-maker Levi Strauss & Co. on Friday including flagships levi.com and dockers.com.

Jeff Beckman, a spokesperson for the company, said the server was immediately shut down shortly after the intrusion happened at about 12:30 p.m. EDT.

“The global ‘splash’ pages of levi.com and dockers.com were affected. Anyone trying to get into our regional sites via our global ‘splash’ pages was unable to during the two to three hours downtime,” he said.

Beckman confirmed that corporate site Levistrauss.com was also affected on the same day.

The hack was claimed by “Perfect.br”, an active Internet vandal of various sites around the world, and had been reported to security mirror sites safemode.org and alldas.de.

Various multinational corporation sites were targeted the same day including the U.S. site for global sports group Adidas (http://usa.adidas.com) and a service site of electronics giant Sony Corp. (http://service-asc.sel.sony.com) – each by different groups.

Levi.com has been online since 1995, and debuted its Web store three years later, much to the chagrin of its traditional retail outlets. In late 1999, the jeans maker backed out of direct Internet sales citing high maintenance costs – shortly after Philip Marineau, of PepsiCo, came on board as its new CEO.

Customers currently browsing its online catalogues are rerouted to the sites of retailers Macy’s and JCPenney when they wish to make purchases.

Beckman said since Levi’s no longer sells its products directly online, the downtime costs to its retail partners could not be immediately determined. However, he added that the company took the incident seriously, and was in the process of evaluating the security flaw and putting measures in place to prevent a recurrence.

Security expert Niels Heinen of safemode.org said that the Levi’s server was likely based on the Windows 2000 platform and using Microsoft IIS 5.0 software, which is known to be prone to vulnerabilities.

“The problem we often see in organizations like Levi’s is that they are slack in keeping their servers up-to-date. If they had installed the latest two IIS security patches, then this probably would never have happened,” Heinen said.

Alldas.de systems administrator Stefan Wagner said he attributes the spike in defacements in recent months to the fact that more users are connected to the Internet and that hacking and cracking tools are widely available from various underground and security sites. “I believe a 12-year-old can download the needed software from the Internet and in 30 minutes deface a Windows machine,” he said.

Alldas.de and safemode.org have taken more central roles in keeping their mirror archives updated and online, ever since the well-known defacement tracker attrition.org shut down its service in May, citing it as a “thankless chore.”

Such security sites and defacement mirrors are usually managed by volunteers. But the number of defacements have shot up to over 100 sites, making the task a daily burden. Many sites have also been targets of denial-of-service attacks themselves.

Despite the adversity, both alldas.de and safemode.org have vowed to keep plugging away. “We try to show the world that Internet security is a global threat and that every company’s site can get defaced. We hope the statistics are useful for normal users, as well as the media, law enforcement and various other agencies,” said Wagner.

The mirror of Levi’s defaced site is at alldas.de at http://defaced.alldas.de/mirror/2001/06/22/www.levi.com

The mirror of Levi’s defaced site is at safemode.org at http://www.safemode.org/mirror/2001/06/22/www.levi.com

Published in Newsbytes, June 25, 2001
Alternative links: Levi’s sites caught with pants down
Levi’s sites caught with pants down
by Julian Matthews, Malaysian correspondent


Comments are closed.