http://www.wired.com/news/news/technology/story/13446.html Anti-Nuke Cracker Strikes Again by James Glave 5:08pm 3.Jul.98.PDT An 18-year-old member of the anti-nuclear cracker group that last month wreaked havoc with email and Web servers at India's atomic research center has struck again with another Internet political protest. In what may be the largest "mass hack" ever undertaken, the cracker, who goes by the name "JF," along with a number of anonymous colleagues, simultaneously defaced more than 300 Web sites late Thursday. The group replaced the sites' homepages with an image of a mushroom cloud and an anti-nuclear screed. "This mass takeover goes out to all the people out there who want to see peace in this world," read the 800-word declaration that graced an eclectic mix of general interest, entrepreneur, adult, sport, and fan sites until early Friday morning. Affected domains included sites for The World Cup, Wimbledon, The Ritz Casino, actor Drew Barrymore, and The Saudi Royal Family. Some of the sites were still defaced or down as of late Friday afternoon, when Wired News spoke with JF over Internet Relay Chat. "The year is 1998," wrote JF, who is based in England. "We should be moving towards world peace in the millennium, and nuclear warfare [and] testing is NO way forward. It can destroy the world," the teen said. "I'm only young; I don't want a hostile world on the edge of a nuclear conflict," he added. The mass hack happened almost by accident. While scanning a large network, looking for security weaknesses, JF and his colleagues came across a Web site hosting company called EasySpace. The firm, based in Kingston upon Thames, England, offers "virtual domain" hosting -- an arrangement whereby multiple Web sites are located on a single server. "We ... came across this, at first by accident, then [we] realized what it was, and as we were planning a mass hack, we decided to put it into operation," JF said. The teen said that he and his colleagues -- members of another group called Ashtray Lumberjacks -- penetrated EasySpace's network with what they claimed was a nonpublic attack, and ran computer code that inserted the same altered Web page on all the sites hosted at EasySpace. The entire operation was completed in approximately one hour, he said. EasySpace representatives declined to comment, aside from forwarding to Wired News a copy of the email the company sent to affected customers. "This attacked [sic] coincided with us preparing to move our Easypost mail system onto a new server and receive upgraded software," the message read in part. "We will be re-installing the operating systems of the server your Web site is hosted on over the weekend and will be upgrading the security. Apologies for any inconvenience that may have been caused," the message concluded. The email included instructions for customers to restore their own Web sites, suggesting that EasySpace had no backups of its own. The protest Web page bore the logo of JF's group Milw0rm. Last month, the same group claimed responsibility for stealing email and deleting Web servers at the Bhabha Atomic Research Centre in Bombay, India. In the latest protest statement, the crackers expressed their disappointment that peace talks had not begun on the subcontinent. "This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen," the text read. John Vranesevich, founder of the computer security Web site AntiOnline, said that mass Web page attacks, affecting multiple sites at one time, are not common events. "Usually any Internet Service Provider that hosts such a large number of domains has very good security procedures in place simply because they are usually a larger operation," Vranesevich said. Vranesevich added that the group was unusual in that its members appear to be driven as much by politics as they are by computer security issues. "They're not claiming to be hacking to help progress computer security and to help make new exploits known. They're doing it for political reasons; it's not the means that's important it's the end result," Vranesevich said.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:01 PDT