[ISN] Hacking Bhabha Continued

From: mea culpa (jerichoat_private)
Date: Tue Nov 17 1998 - 02:44:23 PST

  • Next message: mea culpa: "[ISN] Re: Hackers Beware: This Man's Life Mission is to Stop Your Fun"

    Forwarded From: phreakmoi <hackereliteat_private>
    From: http://www.forbes.com/tool/html/98/nov/1116/featb.htm
    continued from "Hacking Bhabha"
    Superuser status
    After logging on to Internet Relay Chat, t3k-9 headed over to one of the
    hacker channels.  IRC is a place on the Internet where you can conduct
    real-time chat without anyone being able to track you. After checking who
    was around, t3k-9 found out that IronLogik, a hacker he calls his friend
    but has never met in the flesh, was also floating about. Here's their
    IronLogik> what's the address yer working on?
    t3k-9> hehehe. i'll probably get on news.com or cnn.
    IronLogik> just give me the url, I'm bored.
    t3k-9> phenix.barc.ernet.in.
    IronLogik> india? kewl.
    t3k-9> yep. just use IRIX cgi-bin exploit.
    IronLogik> irix? sweet.
    t3k-9> hehehe. I already controlled the www.barc.ernet.in by way of
    backdoors now.
    IronLogik> and that is? this a *nuclear* facility?
    t3k-9> yep.
    IronLogik> double the pain :>)
    t3k-9> it has top secret #@$%. I have the pw file, it has like 800
    IronLogik> thanks. i'll be there soon.
    t3k-9> if you haxor it put like stop nuke testing and stuff.
    IronLogik> on the web site? no problem.
    t3k-9> bye got to go eat...
    IronLogik> later.
    IronLogik immediately left IRC and got to work, entering BARC via t3k-9's
    backdoor. Within 45 minutes, he was able to achieve superuser status. 
    That meant IronLogik had gotten "root," or total control, as if he were
    the network's system administrator. IronLogik could read any document or
    E-mail he felt like. If he were malicious, he could do extensive
    damage--uncork a virus, plant a logic bomb, joyride through their servers
    and trash their data. But he wasn't here to vandalize; he was here for
    Constant vigilance is his motto. 
    IronLogik created two new "users" with passwords of his own invention, so
    that even if BARC changed its password protection scheme he'd still be
    able to gain access. Once he'd done all this, he installed his own
    backdoors, then disconnected from BARC and lay on two mattresses stacked
    on the floor to reflect. The room was dimly lit by a single lamp. His
    shades were drawn like they always were when he hacked: Constant vigilance
    is his motto. 
    IronLogik's real first name is Ratko and he's an 18-year-old immigrant
    from Serbia. For fun, he DJs parties from his laptop with pirated music
    he's downloaded off the Internet. He chose the name "IronLogik" because
    his childhood was spent behind the Iron Curtain and 'logic' in his native
    tongue is spelled 'logik.'
    Ratko weighed whether he should go on or not.  His father, formerly a
    computer programmer stationed in Russia, is now an aerospace engineer in
    the U.S. He worries his son could get deported if caught hacking. And if
    the authorities ever conducted a background check on his family, they'd
    find out that Ratko's Serbian grandfather had been born in Russia and
    employed by the KGB, which his father fears would not sit well with either
    the Indians or the Americans. 
    While t3k-9 talks big about the threat of nukes but has no direct
    experience with them, Ratko is different. He grew up near a military base
    with hated Russian MIGs constantly roaring overhead, carrying nuclear
    warheads and spreading intimidation. Ratko thinks nuclear weapons should
    be strictly for protection, not genocide. "If a country uses nuclear arms
    to threaten other nations, then they do not deserve to carry them,"  he
    says. This is what clinched it for him. Those stupid Indians aren't
    responsible enough to control nukes. He'd prove this.  continued from
    "Hacking Bhabha" 
    Claiming credit
    Ratko cracked open a notebook and began scribbling ideas. Starting from a
    hacked Internet account, IronLogik hopped through several different
    Internet service providers in the U.S. and Europe and, while at Los
    Alamos, picked up a new Internet Protocol (IP)  address--a unique number
    that is assigned to the computer. Equipped with a military IP, BARC would
    identify him as a regular U.S.-based researcher. Changing his IP address
    to one associated with the military was like changing into a soldier's
    uniform. It made for good camouflage. 
    IronLogik hopped through several more ISPs, plus university networks,
    corporate servers and military research centers, more than 30 in all, to
    make it extremely difficult for anyone to trace his steps. Once he got to
    BARC, he erased the administrator logs that detailed his intrusions along
    the way. "Even Tsunami-boy (Tsutomu Shimomura), the guy who caught Kevin
    Mitnick, would find it impossible to track me," he boasts.  They'd need a
    wiretap at the precise moment IronLogik was hopping through cyberspace and
    what were the odds of that? About a billion to one. 
    He maneuvered over to BARC's R&D server and sifted through E-mail, both
    new and already read. The UNIX system BARC relies on saves all mail until
    the system administrator deletes it. One of BARC's biggest mistakes,
    besides its irresponsible password protection scheme, was that it allowed
    workers to keep old mail. Much of the mail was encrypted, which IronLogik
    realized meant it was probably quite sensitive. 
    He read some of the unencrypted mail, eavesdropping on conversations
    between scientists at BARC, Los Alamos and other research centers. Some
    detailed the recent atomic detonations, including one that postulated that
    one of the blasts had been faked. Another offered information on Co2 laser
    radiation. A third criticized a recently published paper on particle
    physics. He also saw plant layouts and noticed that almost all the users
    had their own projects stored in their own network files. 
    Information is not free, it is earned. 
    Next, he began to download E-mail. He traveled around the server until he
    found BARC's intranet, which is a kind of internal Internet. That's where
    the sensitive stuff would be--details of the recent atomic tests. He also
    knew if he cracked BARC's intranet, he'd be a major international
    At this point, IronLogik decided he'd gone far enough; the risks didn't
    outweigh the rewards.  During breakfast that morning, he told his father
    he'd hacked BARC and his father was both impressed and angry. His father
    pleaded with him not to return. But Ratko knew that although his father
    was worried, he really didn't mean it. He was proud of his son's hacking
    At school the next day, Ratko showed two of his Indian classmates the
    printouts of BARC's logs and "threatened to sell the information to my
    Russian superiors." They were impressed, and even helped Ratko by
    translating some of the E-mails. Meanwhile, if someone as disciplined as
    Ratko felt the need to brag, imagine how t3k-9 must have felt. Which is
    why t3k-9 posted the whole BARC password file--all 800 passwords and
    log-in names--on one of the hacker channels. 
    Immediately, hackers began accessing this information and preparing to
    attack BARC.  When IronLogik went online later that day and found out what
    t3k-9 had done, he was not pleased. "Information is not free," he chided
    t3k-9, "it is earned." But it was too late. BARC was about to get hacked
    on all sides. 
    Shortly after, Wired News broke the story with an exclusive interview with
    milw0rm, whose members buttressed their claims by producing a mirror of
    BARC's hacked home page. Other media outlets followed suit, also fixating
    on milw0rm as the culprits and waiting breathlessly as its members
    prepared for its next announced hack attack: Pakistan's nuclear research
    Why did milw0rm receive all the glory?  
    Essentially because its members had acted like drunken fraternity boys,
    digitally defacing BARC's home page, trashing a couple of its servers and
    then crowing about it.  Unfortunately, when it comes to media coverage in
    the digital domain, that's the most effective PR.
    IronLogik, unsurprisingly, was irritated. It wasn't fair, he thought.
    t3k-9 had been the first one in, then IronLogik. All the rest of those
    hackers, including milw0rm--especially milw0rm--had coasted in on their
    work. And milw0rm's claim that it used a sendmail bug to penetrate BARC
    was false. Rather, "they had used the backdoors that t3k-9 and I set up,"
    says IronLogik.  "Besides, all this talk about attacking Pakistan next was
    so bogus, because Pakistan's atomic research centers are all offline. I
    know. I checked. milw0rm is just a bunch of stupid kids." 
    IronLogik says that if he had decided to try his hand at cracking BARC's
    intranet, he is sure he could have accessed extremely sensitive material. 
    Given BARC's woefully inadequate security, this would not have been out of
    the realm of possibilities. What's worse, if he had been a terrorist or
    corporate spy, who knows what he could have downloaded. 
    As for t3k-9, he says he dreams of the day when someone will pay him
    $100,000 to hack. At that price he doesn't care whether it's legal or not. 
    IronLogik plans to attend the University of Belgrade like his father. He
    either wants to be a system administrator ("The people I outsmart,"  Ratko
    says) or a penetration tester, someone who's paid to hack systems to show
    their vulnerabilities. 
    In the meantime both have moved on. t3k-9 recently found a security hole
    in Microsoft's Front Page software product and IronLogik has been
    exploring other atomic targets--Iran, Iraq, Italy and Turkey. In fact, a
    few days after he hacked BARC, IronLogik nailed a nuclear research center
    in Turkey. 
    Connecting to host www.nukleer.gov.tr...Connected.  Cnaem login: *****
    Password: ***** Welcome to Cekmece Nuclear Research Center... 
    "I just want to live my life to the fullest," said Ratko, happily
    scrolling through reams of Turkish technical data. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:35 PDT