Next message: mea culpa: "Re: [ISN] Reminder about WIPO Bill (from COAST)"
[Moderator: Saying this took one hour is quite misleading or downright
wrong. Even if the sites had already been hacked, it would take more
than an hour to log into each of 300 servers and upload a new page.
I am contacting James Glave to get a list of which sites were hit as
well.]
Forwarded From: bluesky�t_private
Anti-Nuke Cracker Strikes Again
by James Glave
5:08pm 3.Jul.98.PDT
An 18-year-old member of the anti-nuclear cracker
group that last month wreaked havoc with email
and Web servers at India's atomic research center
has struck again with another Internet political
protest.
In what may be the largest "mass hack" ever
undertaken, the cracker, who goes by the name
"JF," along with a number of anonymous
colleagues, simultaneously defaced more than
300 Web sites late Thursday. The group replaced
the sites' homepages with an image of a
mushroom cloud and an anti-nuclear screed.
"This mass takeover goes out to all the people out
there who want to see peace in this world," read
the 800-word declaration that graced an eclectic
mix of general interest, entrepreneur, adult, sport,
and fan sites until early Friday morning.
Affected domains included sites for The World
Cup, Wimbledon, The Ritz Casino, actor Drew
Barrymore, and The Saudi Royal Family. Some of
the sites were still defaced or down as of late
Friday afternoon, when Wired News spoke with JF
over Internet Relay Chat.
"The year is 1998," wrote JF, who is based in
England. "We should be moving towards world
peace in the millennium, and nuclear warfare [and]
testing is NO way forward. It can destroy the
world," the teen said.
"I'm only young; I don't want a hostile world on the
edge of a nuclear conflict," he added.
The mass hack happened almost by accident.
While scanning a large network, looking for
security weaknesses, JF and his colleagues came
across a Web site hosting company called
EasySpace. The firm, based in Kingston upon
Thames, England, offers "virtual domain" hosting --
an arrangement where multiple Web sites are
located on a single server.
"We ... came across this, at first by accident,
then [we] realized what it was, and as we were
planning a mass hack, we decided to put it into
operation," JF said.
The teen said that he and his colleagues --
members of another group called Ashtray
Lumberjacks -- penetrated EasySpace's network
with what they claimed was a nonpublic attack,
and ran computer code that inserted the same
altered Web page on all the sites hosted at
EasySpace.
The entire operation was completed in
approximately one hour, he said.
EasySpace representatives could not be reached
for comment.
The resulting protest Web page bore the logo of
JF's group Milw0rm. Last month, the same group
claimed responsibility for stealing email and
deleting Web servers at the Bhabha Atomic
Research Centre in Bombay, India. In the latest
protest statement, the crackers expressed their
disappointment that peace talks had not begun on
the subcontinent.
"This tension is not good, it scares you as much
as it scares us. For you all know that this could
seriously escalate into a big conflict between India
and Pakistan and possibly even World War III, and
this CANNOT happen," the text read.
John Vranesevich, founder of the computer
security Web site AntiOnline, said that mass Web
page attacks, affecting multiple sites at one time,
are not common events.
"Usually any Internet Service Provider that hosts
such a large number of domains has very good
security procedures in place simply because they
are usually a larger operation," Vranesevich said.
Vranesevich added that the group was unusual in
that its members appear to be driven as much by
politics as they are by computer security issues.
"They're not claiming to be hacking to help
progress computer security and to help make new
exploits known. They're doing it for political
reasons; it's not the means that's important it's the
end result," Vranesevich said.
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:57:49 PDT