[IWAR] PRPGNDA anti-nuke web defacement

From: Mark Hedges (hedgesat_private)
Date: Mon Jul 06 1998 - 20:53:18 PDT


Anti-Nuke Cracker Strikes Again
by James Glave

5:08pm  3.Jul.98.PDT
An 18-year-old member of the anti-nuclear cracker group
that last month wreaked havoc with email and Web servers
at India's atomic research center has struck again with
another Internet political protest.

In what may be the largest "mass hack" ever undertaken,
the cracker, who goes by the name "JF," along with a
number of anonymous colleagues, simultaneously defaced
more than 300 Web sites late Thursday. The group replaced
the sites' homepages with an image of a mushroom cloud and
an anti-nuclear screed.

"This mass takeover goes out to all the people out there who
want to see peace in this world," read the 800-word
declaration that graced an eclectic mix of general interest,
entrepreneur, adult, sport, and fan sites until early Friday

Affected domains included sites for The World Cup,
Wimbledon, The Ritz Casino, actor Drew Barrymore, and
The Saudi Royal Family. Some of the sites were still defaced
or down as of late Friday afternoon, when Wired News spoke
with JF over Internet Relay Chat.

"The year is 1998," wrote JF, who is based in England. "We
should be moving towards world peace in the millennium,
and nuclear warfare [and] testing is NO way forward. It can
destroy the world," the teen said.

"I'm only young; I don't want a hostile world on the edge of a
nuclear conflict," he added.

The mass hack happened almost by accident. While scanning
a large network, looking for security weaknesses, JF and
his colleagues came across a Web site hosting company
called EasySpace. The firm, based in Kingston upon Thames,
England, offers "virtual domain" hosting -- an arrangement
whereby multiple Web sites are located on a single server.

"We ... came across this, at first by accident, then [we]
realized what it was, and as we were planning a mass hack,
we decided to put it into operation," JF said.

The teen said that he and his colleagues -- members of
another group called Ashtray Lumberjacks -- penetrated
EasySpace's network with what they claimed was a
nonpublic attack, and ran computer code that inserted the
same altered Web page on all the sites hosted at EasySpace.

The entire operation was completed in approximately one
hour, he said.

EasySpace representatives declined to comment, aside from
forwarding to Wired News a copy of the email the company
sent to affected customers.

"This attacked [sic] coincided with us preparing to move
our Easypost mail system onto a new server and receive
upgraded software," the message read in part.

"We will be re-installing the operating systems of the
server your Web site is hosted on over the weekend and will
be upgrading the security. Apologies for any inconvenience
that may have been caused," the message concluded.

The email included instructions for customers to restore
their own Web sites, suggesting that EasySpace had no
backups of its own.

The protest Web page bore the logo of JF's group Milw0rm.
Last month, the same group claimed responsibility for
stealing email and deleting Web servers at the Bhabha
Atomic Research Centre in Bombay, India. In the latest
protest statement, the crackers expressed their
disappointment that peace talks had not begun on the

"This tension is not good, it scares you as much as it scares
us. For you all know that this could seriously escalate into a
big conflict between India and Pakistan and possibly even
World War III, and this CANNOT happen," the text read.

John Vranesevich, founder of the computer security Web
site AntiOnline, said that mass Web page attacks, affecting
multiple sites at one time, are not common events.

"Usually any Internet Service Provider that hosts such a
large number of domains has very good security procedures
in place simply because they are usually a larger
operation," Vranesevich said.

Vranesevich added that the group was unusual in that its
members appear to be driven as much by politics as they
are by computer security issues.

"They're not claiming to be hacking to help progress
computer security and to help make new exploits known.
They're doing it for political reasons; it's not the means
that's important it's the end result," Vranesevich said.

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:01 PDT