Forwarded From: phreakmoi <hackereliteat_private> From: http://www.forbes.com/tool/html/98/nov/1116/featb.htm continued from "Hacking Bhabha" Superuser status After logging on to Internet Relay Chat, t3k-9 headed over to one of the hacker channels. IRC is a place on the Internet where you can conduct real-time chat without anyone being able to track you. After checking who was around, t3k-9 found out that IronLogik, a hacker he calls his friend but has never met in the flesh, was also floating about. Here's their conversation: IronLogik> what's the address yer working on? t3k-9> hehehe. i'll probably get on news.com or cnn. IronLogik> just give me the url, I'm bored. t3k-9> phenix.barc.ernet.in. IronLogik> india? kewl. t3k-9> yep. just use IRIX cgi-bin exploit. IronLogik> irix? sweet. t3k-9> hehehe. I already controlled the www.barc.ernet.in by way of backdoors now. IronLogik> and that is? this a *nuclear* facility? t3k-9> yep. IronLogik> double the pain :>) t3k-9> it has top secret #@$%. I have the pw file, it has like 800 passwords. IronLogik> thanks. i'll be there soon. t3k-9> if you haxor it put like stop nuke testing and stuff. IronLogik> on the web site? no problem. t3k-9> bye got to go eat... IronLogik> later. IronLogik immediately left IRC and got to work, entering BARC via t3k-9's backdoor. Within 45 minutes, he was able to achieve superuser status. That meant IronLogik had gotten "root," or total control, as if he were the network's system administrator. IronLogik could read any document or E-mail he felt like. If he were malicious, he could do extensive damage--uncork a virus, plant a logic bomb, joyride through their servers and trash their data. But he wasn't here to vandalize; he was here for information. Constant vigilance is his motto. IronLogik created two new "users" with passwords of his own invention, so that even if BARC changed its password protection scheme he'd still be able to gain access. Once he'd done all this, he installed his own backdoors, then disconnected from BARC and lay on two mattresses stacked on the floor to reflect. The room was dimly lit by a single lamp. His shades were drawn like they always were when he hacked: Constant vigilance is his motto. IronLogik's real first name is Ratko and he's an 18-year-old immigrant from Serbia. For fun, he DJs parties from his laptop with pirated music he's downloaded off the Internet. He chose the name "IronLogik" because his childhood was spent behind the Iron Curtain and 'logic' in his native tongue is spelled 'logik.' Ratko weighed whether he should go on or not. His father, formerly a computer programmer stationed in Russia, is now an aerospace engineer in the U.S. He worries his son could get deported if caught hacking. And if the authorities ever conducted a background check on his family, they'd find out that Ratko's Serbian grandfather had been born in Russia and employed by the KGB, which his father fears would not sit well with either the Indians or the Americans. While t3k-9 talks big about the threat of nukes but has no direct experience with them, Ratko is different. He grew up near a military base with hated Russian MIGs constantly roaring overhead, carrying nuclear warheads and spreading intimidation. Ratko thinks nuclear weapons should be strictly for protection, not genocide. "If a country uses nuclear arms to threaten other nations, then they do not deserve to carry them," he says. This is what clinched it for him. Those stupid Indians aren't responsible enough to control nukes. He'd prove this. continued from "Hacking Bhabha" Claiming credit Ratko cracked open a notebook and began scribbling ideas. Starting from a hacked Internet account, IronLogik hopped through several different Internet service providers in the U.S. and Europe and, while at Los Alamos, picked up a new Internet Protocol (IP) address--a unique number that is assigned to the computer. Equipped with a military IP, BARC would identify him as a regular U.S.-based researcher. Changing his IP address to one associated with the military was like changing into a soldier's uniform. It made for good camouflage. IronLogik hopped through several more ISPs, plus university networks, corporate servers and military research centers, more than 30 in all, to make it extremely difficult for anyone to trace his steps. Once he got to BARC, he erased the administrator logs that detailed his intrusions along the way. "Even Tsunami-boy (Tsutomu Shimomura), the guy who caught Kevin Mitnick, would find it impossible to track me," he boasts. They'd need a wiretap at the precise moment IronLogik was hopping through cyberspace and what were the odds of that? About a billion to one. He maneuvered over to BARC's R&D server and sifted through E-mail, both new and already read. The UNIX system BARC relies on saves all mail until the system administrator deletes it. One of BARC's biggest mistakes, besides its irresponsible password protection scheme, was that it allowed workers to keep old mail. Much of the mail was encrypted, which IronLogik realized meant it was probably quite sensitive. He read some of the unencrypted mail, eavesdropping on conversations between scientists at BARC, Los Alamos and other research centers. Some detailed the recent atomic detonations, including one that postulated that one of the blasts had been faked. Another offered information on Co2 laser radiation. A third criticized a recently published paper on particle physics. He also saw plant layouts and noticed that almost all the users had their own projects stored in their own network files. Information is not free, it is earned. Next, he began to download E-mail. He traveled around the server until he found BARC's intranet, which is a kind of internal Internet. That's where the sensitive stuff would be--details of the recent atomic tests. He also knew if he cracked BARC's intranet, he'd be a major international cyberfugitive. At this point, IronLogik decided he'd gone far enough; the risks didn't outweigh the rewards. During breakfast that morning, he told his father he'd hacked BARC and his father was both impressed and angry. His father pleaded with him not to return. But Ratko knew that although his father was worried, he really didn't mean it. He was proud of his son's hacking skills. At school the next day, Ratko showed two of his Indian classmates the printouts of BARC's logs and "threatened to sell the information to my Russian superiors." They were impressed, and even helped Ratko by translating some of the E-mails. Meanwhile, if someone as disciplined as Ratko felt the need to brag, imagine how t3k-9 must have felt. Which is why t3k-9 posted the whole BARC password file--all 800 passwords and log-in names--on one of the hacker channels. Immediately, hackers began accessing this information and preparing to attack BARC. When IronLogik went online later that day and found out what t3k-9 had done, he was not pleased. "Information is not free," he chided t3k-9, "it is earned." But it was too late. BARC was about to get hacked on all sides. Shortly after, Wired News broke the story with an exclusive interview with milw0rm, whose members buttressed their claims by producing a mirror of BARC's hacked home page. Other media outlets followed suit, also fixating on milw0rm as the culprits and waiting breathlessly as its members prepared for its next announced hack attack: Pakistan's nuclear research networks. Why did milw0rm receive all the glory? Essentially because its members had acted like drunken fraternity boys, digitally defacing BARC's home page, trashing a couple of its servers and then crowing about it. Unfortunately, when it comes to media coverage in the digital domain, that's the most effective PR. IronLogik, unsurprisingly, was irritated. It wasn't fair, he thought. t3k-9 had been the first one in, then IronLogik. All the rest of those hackers, including milw0rm--especially milw0rm--had coasted in on their work. And milw0rm's claim that it used a sendmail bug to penetrate BARC was false. Rather, "they had used the backdoors that t3k-9 and I set up," says IronLogik. "Besides, all this talk about attacking Pakistan next was so bogus, because Pakistan's atomic research centers are all offline. I know. I checked. milw0rm is just a bunch of stupid kids." IronLogik says that if he had decided to try his hand at cracking BARC's intranet, he is sure he could have accessed extremely sensitive material. Given BARC's woefully inadequate security, this would not have been out of the realm of possibilities. What's worse, if he had been a terrorist or corporate spy, who knows what he could have downloaded. As for t3k-9, he says he dreams of the day when someone will pay him $100,000 to hack. At that price he doesn't care whether it's legal or not. IronLogik plans to attend the University of Belgrade like his father. He either wants to be a system administrator ("The people I outsmart," Ratko says) or a penetration tester, someone who's paid to hack systems to show their vulnerabilities. In the meantime both have moved on. t3k-9 recently found a security hole in Microsoft's Front Page software product and IronLogik has been exploring other atomic targets--Iran, Iraq, Italy and Turkey. In fact, a few days after he hacked BARC, IronLogik nailed a nuclear research center in Turkey. Connecting to host www.nukleer.gov.tr...Connected. Cnaem login: ***** Password: ***** Welcome to Cekmece Nuclear Research Center... "I just want to live my life to the fullest," said Ratko, happily scrolling through reams of Turkish technical data. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:35 PDT