[ISN] I shut radio site, boasts teen hacker

From: InfoSec News (isnat_private)
Date: Thu Dec 05 2002 - 22:45:44 PST

  • Next message: InfoSec News: "[ISN] Al Qaeda Web Site Calls Israel New Target"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.nzherald.co.nz/storydisplay.cfm?storyID=3008007&thesection=technology&thesubsection=general
    
    By CHRIS BARTON 
    December 06, 2002
    
    A teenage hacker attacked an online chatroom run by The Edge radio 
    station and then turned his attention to TV3's website. 
    
    The 15-year-old, who goes by the online name of "deejay-fuzion" and 
    attends Roturua Lakes High School, rang the Herald to brag about his 
    exploits. 
    
    Asked why he launched a "DDOS" (distributed denial of service) attack 
    against the chatroom on Monday night, he said: "Because the 
    administrator was ... just being a smart arse." 
    
    "Dj-fu" signalled his "bots" to flood the chatroom computer with 
    spurious internet traffic, causing the server to slow down and 
    eventually stop. 
    
    During the process he noticed other servers belonging to TV3 were in 
    the same proximity so he tried his attack on TV3's website - "just 
    because I could". (Radioworks, which owns the Edge, and TV3 have the 
    parent company CanWest). 
    
    TV3 communications manager Roger Beaumont confirmed The Edge chat 
    server had a DDOS attack and was offline for a short period. But he 
    said it was coincidence that TV3's website was offline on Tuesday for 
    routine maintenance. 
    
    Will Steele, a friend of the 15-year-old who was online at the time, 
    said the TV3 site was unavailable during the attack and the "routine 
    maintenance" message appeared on the site after the attack ended at 
    9.45pm. That was when the hacker was taken offline by his internet 
    provider, Quicksilver. 
    
    Its network manager Mark Frater said two individuals were disconnected 
    on Monday night after the internet provider received a complaint from 
    a server administrator. 
    
    When contacted by Quicksilver, both denied knowledge of an attack and 
    had their internet accounts reinstated. 
    
    Quicksilver manager Trevor Isted said there was no proof to link the 
    pair to the attack. Usage logs were being investigated, and if 
    evidence was found, the pair would be banned from access for breaching 
    the internet provider's acceptable use policy. 
    
    The teenager claims to have written a trojan program called "FB3" with 
    a friend known online as "lynx". 
    
    The program exploits a "Netbios" vulnerability in Windows PCs related 
    to file and print sharing, to plant itself on unsuspecting users' 
    computers. 
    
    The infected computers (bots - short for robots) signal their presence 
    to a computer in the United States which the teenager uses to send out 
    the instructions to attack. 
    
    In this case the method of attack was a "SYN flood" - an efficient 
    process which fakes the initial handshake of an internet connection 
    with false addresses which the target Machine is unable to answer. 
    
    It keeps retrying to accept them, and with enough of these happening, 
    a server can become overwhelmed. 
    
    New anti-hacking provisions - including clauses covering DDOS attacks 
    - in the Crimes Amendment Bill are waiting to be introduced to 
    Parliament. 
    
    But the hacker would be immune from prosecution because he is only 15. 
    
      
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Dec 06 2002 - 01:25:55 PST