[ISN] Crackers: We Stole Nuke Data

From: mea culpa (jerichoat_private)
Date: Thu Jun 04 1998 - 04:39:32 PDT

  • Next message: mea culpa: "[ISN] Truth be Told, Blitzkrieg is Sham"

    [Moderator: I only have a few problems with this article. 
     By their own admission, some things were "secured to the bone"
     making me wonder if any sensitive info was compromised at all.
     The "we learned from Analyzer" continues to plague these
     types of article. After more truth came out about him, can
     we assume these kids ran a single remote exploit and that
     is the extent of their 'hacking skill'?]
    
    Crackers: We Stole Nuke Data         
    by James Glave                       
                                           
      2:02pm  3.Jun.98.PDT
    
    Three teenage crackers say they have broken into computer systems at
    India's Bhabha Atomic Research Centre , Bombay (BARC) and that they are
    targeting Pakistani computers in a protest against the two nations' recent
    series of nuclear weapons tests. 
    
    In an interview conducted by Internet Relay Chat -- a venue that makes it
    difficult to verify correspondents' real-world identities -- the trio took
    credit for altering the research center's homepage and said they had
    stolen email exchanged among Indian nuclear scientists in the weeks
    immediately preceding and following weapons tests last month. 
                                           
    "We gained total control over six of the eight servers on the
    *.barc.ernet.in domain," wrote a 17-year-old calling himself savecOre, one
    of the three crackers who carried out the computer intrusion. The break-in
    began on Monday and continued today. 
    
    The three said that they had erased all data on two of BARC's servers as a
    protest against that nation's nuclear weapons development program.
    
    "We were able to download several thousand pages of email and research
    before we decided it was time to get out," said savec0re, who did not
    disclose his real-world whereabouts.  The group also includes an
    individual named VeNoMouS, 18, who says he lives in New Zealand, and JF,
    another 18-year-old who said he's a resident of England. All three are
    members of an organized cracking group called Milw0rm. 
    
    The trio mailed a number of email files to Wired News to verify their
    claims. The mails appear to include detailed scientific discussions of
    nuclear physics and were dated as far back as last October and as recently
    as Monday. 
    
    Authenticity of the files was not confirmed, and the Indian Embassy in
    Washington, DC, did not immediately respond to a request for comment. 
    Email queries about the incident to representatives of the Bhadha Atomic
    Research Center also went unanswered. 
    
    The three crackers said they had only just begun to read through the
    email, which they said contained analysis of the five nuclear blasts that
    India conducted beginning 11 May. The group said they grabbed the mail and
    also defaced the Indian research center's homepage, mostly for thrills,
    but also to draw attention to what they said was the threat of nuclear
    war. 
    
    "We disabled two of the eight servers as retaliation to the tests, but not
    before our presence had been detected. This was early this Wednesday,"
    wrote savec0re. 
    
    The group's aim was straightforward, the three said: They want to register
    a protest against the weapons tests. 
    
    "I'm just sick of nuclear shit,"  said VeNoMouS, who added that he learned
    how to crack from Ehud Tenebaum, aka Analyzer, the Israeli teenager
    implicated in attacks on US government network earlier this year. 
    
    "If you're gonna amass data which can take [so] many lives ... at least
    secure it," said savec0re. 
    
    As of this morning, the Indian research center home page was disabled, and
    displayed a directory listing of the facility's Web server. This was
    likely because the webmaster had deleted a spoof BARC page that the
    crackers had posted.  That page showed a mushroom cloud and the text "If a
    nuclear war does start, you will be the first to scream ..." 
    
    The cracking trio said that they had obtained root, or administrator
    level, access to the Indian servers with a recently discovered public
    vulnerability in the Sendmail mail server program. The crackers claim that
    BARC was using an old and buggy version of the mail program. The whole
    process was completed in 13 minutes and 52 seconds, they said. 
    
    "They had certain things secured to the bone, and yet other things were
    completely obsolete," said savec0re. 
    
    JF said that he had launched his attack on the Indian servers by using an
    US military network machine in the .mil domain. 
    
    The crackers say they're turning their attention to Pakistani government
    computer systems, claiming to have obtained topology maps for both Indian
    government networks and those maintained by Islamabad. The trio said they
    intend to take a closer look into Pakistan's nuclear weapons program. 
    
    News of the intrusions came a day after Jacques Gansler, US undersecretary
    of defense for acquisition and technology, told an industry-military forum
    that teenage crackers pose a "real threat environment" to national
    security. 
    
    Peter Neumann, a critical infrastructure and security expert with SRI
    International, said that the three teens weren't as much of a threat as
    terrorists, but that India was "way behind" America in terms of security. 
    
    "The fact that so many systems are all so weak is the biggest threat," 
    Neumann said. "[The crisis] has nothing do with teenagers and everything
    to do with the fact that the US government is incapable of ratcheting up
    its security." 
    
    Editor's Note: Due to the anonymous nature of Internet Relay Chat, the
    real-world identities of the individuals in this story cound not be
    positively confirmed. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:16 PDT