SAN FRANCISCO (Wired) - Three teenage computer hackers say they have broken into computer systems at India's Bhadha Atomic Research Center and that they are targeting Pakistani computers in a protest against the two nations' recent series of nuclear weapons tests.
In an interview conducted by Internet Relay Chat --- a venue that makes it difficult to verify correspondents' real-world identities -- the trio took credit for altering the research center's homepage (http://www.barc.ernet.in) and said they had stolen e-mail exchanged among Indian nuclear scientists in the weeks immediately preceding and following weapons tests last month.
"We gained total control over six of the eight servers on the +.barc.ernet.in domain," wrote a 17-year-old calling himself savecOre, one of the three crackers who carried out the computer intrusion. The break-in began on Monday and continued today.
The three said that they had erased all data on two of BARC's servers as a protest against that nation's nuclear weapons development program.
"We were able to download several thousand pages of email and research before we decided it was time to get out," said savec0re, who did not disclose his real-world whereabouts. The group also includes an individual named VeNoMouS, 18, who says he lives in New Zealand, and JF, another 18-year-old who said he's a resident of England. All three are members of an organized cracking group called Milw0rm.
The trio mailed a number of e-mail files to Wired News to verify their claims. The mails appear to include detailed scientific discussions of nuclear physics and were dated as far back as last October and as recently as Monday.
Authenticity of the files was not confirmed, and the Indian Embassy in Washington, DC, did not immediately respond to a request for comment. E-mail queries about the incident to representatives of the Bhadha Atomic Research Center also went unanswered.
The three hackers said they had only just begun to read through the e-mail, which they said contained analysis of the five nuclear blasts that India conducted beginning May 11. The group said they grabbed the mail and also defaced the Indian research center's homepage, mostly for thrills, but also to draw attention to what they said was the threat of nuclear war.
"We disabled two of the eight servers as retaliation to the tests, but not before our presence had been detected. This was early this Wednesday," wrote savec0re.
The group's aim was straightforward, the three said: They want to register a protest against the weapons tests.
"I'm just sick of nuclear (expletive)," said VeNoMouS, who added that he learned how to crack from Ehud Tenebaum, aka Analyzer, the Israeli teenager implicated in attacks on US government network earlier this year.
"If you're gonna amass data which can take so many lives ... at least secure it," said savec0re.
---
As of this morning, the Indian research center home page was disabled, and displayed a directory listing of the facility's Web server. This was likely because the Webmaster had deleted a spoof BARC page that the crackers had posted. That page showed a mushroom cloud and the text "If a nuclear war does start, you will be the first to scream ..."
The cracking trio said that they had obtained root, or administrator level, access to the Indian servers with a recently discovered public vulnerability in the Sendmail mail server program. The crackers claim that BARC was using an old and buggy version of the mail program. The whole process was completed in 13 minutes and 52 seconds, they said.
"They had certain things secured to the bone, and yet other things were completely obsolete," said savec0re.
JF said that he had launched his attack on the Indian servers by using an US military network machine in the .mil domain.
---
The crackers say they're turning their attention to Pakistani government computer systems, claiming to have obtained topology maps for both Indian government networks and those maintained by Islamabad. The trio said they intend to take a closer look into Pakistan's nuclear weapons program.
News of the intrusions came a day after Jacques Gansler, US undersecretary of defense for acquisition and technology, told an industry-military forum that teenage crackers pose a "real threat environment" to national security.
Peter Neumann, a critical infrastructure and security expert with SRI International, said that the three teens weren't as much of a threat as terrorists, but that India was "way behind" America in terms of security.
"The fact that so many systems are all so weak is the biggest threat," Neumann said. "The crisis has nothing do with teenagers and everything to do with the fact that the US government is incapable of ratcheting up its security."
(Editor's Note: Due to the anonymous nature of Internet Relay Chat, the real-world identities of the individuals in this story cound not be positively confirmed.)
(Reuters/Wired) --- "The hardest thing in the world to understand is the income tax." Albert Einstein
//Posting via Dejanews cuz my posting server blows//
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreading
>Hackers claim entry to India atom research center
>By James Glave
>SAN FRANCISCO (Wired) - Three teenage computer hackers say they have broken >into computer systems at India's >Bhadha Atomic Research Center and that they are targeting Pakistani computers >in a protest against the two nations' recent >series of nuclear weapons tests.
>In an interview conducted by Internet Relay Chat --- a venue that makes it >difficult to verify correspondents' real-world >identities -- the trio took credit for altering the research center's >homepage >(http://www.barc.ernet.in) and said they had stolen >e-mail exchanged among Indian nuclear scientists in the weeks immediately >preceding and following weapons tests last month.
>"We gained total control over six of the eight servers on the +.barc.ernet.in >domain," wrote a 17-year-old calling himself >savecOre, one of the three crackers who carried out the computer intrusion. >The break-in began on Monday and continued >today.
>The three said that they had erased all data on two of BARC's servers as a >protest against that nation's nuclear weapons >development program.
>"We were able to download several thousand pages of email and research before >we decided it was time to get out," said >savec0re, who did not disclose his real-world whereabouts. The group also >includes an individual named VeNoMouS, 18, who >says he lives in New Zealand, and JF, another 18-year-old who said he's a >resident of England. All three are members of an >organized cracking group called Milw0rm.
>The trio mailed a number of e-mail files to Wired News to verify their >claims. >The mails appear to include detailed scientific >discussions of nuclear physics and were dated as far back as last October and >as recently as Monday.
>Authenticity of the files was not confirmed, and the Indian Embassy in >Washington, DC, did not immediately respond to a >request for comment. E-mail queries about the incident to representatives of >the Bhadha Atomic Research Center also went >unanswered.
>The three hackers said they had only just begun to read through the e-mail, >which they said contained analysis of the five >nuclear blasts that India conducted beginning May 11. The group said they >grabbed the mail and also defaced the Indian >research center's homepage, mostly for thrills, but also to draw attention to >what they said was the threat of nuclear war.
>"We disabled two of the eight servers as retaliation to the tests, but not >before our presence had been detected. This was early >this Wednesday," wrote savec0re.
>The group's aim was straightforward, the three said: They want to register a >protest against the weapons tests.
>"I'm just sick of nuclear (expletive)," said VeNoMouS, who added that he >learned how to crack from Ehud Tenebaum, aka >Analyzer, the Israeli teenager implicated in attacks on US government network >earlier this year.
>"If you're gonna amass data which can take so many lives ... at least secure >it," said savec0re.
>---
>As of this morning, the Indian research center home page was disabled, and >displayed a directory listing of the facility's Web >server. This was likely because the Webmaster had deleted a spoof BARC page >that the crackers had posted. That page >showed a mushroom cloud and the text "If a nuclear war does start, you will >be >the first to scream ..."
>The cracking trio said that they had obtained root, or administrator level, >access to the Indian servers with a recently >discovered public vulnerability in the Sendmail mail server program. The >crackers claim that BARC was using an old and buggy >version of the mail program. The whole process was completed in 13 minutes >and >52 seconds, they said.
>"They had certain things secured to the bone, and yet other things were >completely obsolete," said savec0re.
>JF said that he had launched his attack on the Indian servers by using an US >military network machine in the .mil domain.
>---
>The crackers say they're turning their attention to Pakistani government >computer systems, claiming to have obtained topology >maps for both Indian government networks and those maintained by Islamabad. >The trio said they intend to take a closer look >into Pakistan's nuclear weapons program.
>News of the intrusions came a day after Jacques Gansler, US undersecretary of >defense for acquisition and technology, told an >industry-military forum that teenage crackers pose a "real threat >environment" >to national security.
>Peter Neumann, a critical infrastructure and security expert with SRI >International, said that the three teens weren't as much of a >threat as terrorists, but that India was "way behind" America in terms of >security.
>"The fact that so many systems are all so weak is the biggest threat," >Neumann >said. "The crisis has nothing do with teenagers >and everything to do with the fact that the US government is incapable of >ratcheting up its security."
>(Editor's Note: Due to the anonymous nature of Internet Relay Chat, the >real-world identities of the individuals in this story >cound not be positively confirmed.)
>(Reuters/Wired) >--- >"The hardest thing in the world to understand is the income tax." > Albert Einstein
My question is, after hacking a nuclear test site, where do you go from there? Is there anything bigger, better?
Anyway, much more information can be found at www.antionline.com. You may also want to check out www.sysfail.org. Members of milworm can also be found on irc in #peng (I talked to some of them last night).
As far as I know, this is only one of three news stories on the hack. CNN, NBC, ABC, CBS, etc. have not reported anything as of yet. They are probably awaiting an official response to the hacks.
One thing that scares me... One the AntiOnline site they show the path of the hackers. Now, their final leap to the nuke site was from an army.mil site. Woulnd't that but the U.S. in a whole lot of trouble with India if the Indians thought that the U.S. military was hacking their site to find information on their nuclear testing.
Deftone01 got drunk in alt.2600 and incoherently spewed as such:
c[_] : My question is, after hacking a nuclear test site, where do you go from there? : Is there anything bigger, better?
probably not better, just different. but you get bragging rights for life after a stunt like that. ;-)
: Anyway, much more information can be found at www.antionline.com. You may also : want to check out www.sysfail.org. Members of milworm can also be found on irc : in #peng (I talked to some of them last night).
nice. what net?
: As far as I know, this is only one of three news stories on the hack. CNN, NBC, : ABC, CBS, etc. have not reported anything as of yet. They are probably awaiting : an official response to the hacks.
*cough* official.
: One thing that scares me... One the AntiOnline site they show the path of the : hackers. Now, their final leap to the nuke site was from an army.mil site. : Woulnd't that but the U.S. in a whole lot of trouble with India if the Indians : thought that the U.S. military was hacking their site to find information on : their nuclear testing.
yup. which is interesting; the hackers were trying to keep a nuclear war from happening, whilst unwittingly provoking tension between the US and India, by looking like the US hacking India.
interesting, that an Indian gov site would run an old version of sendmail. wonder how much they pay those sysadmins... :-)
>Deftone01 got drunk in alt.2600 and incoherently spewed as such:
>c[_] >: My question is, after hacking a nuclear test site, where do you go from >there? >: Is there anything bigger, better?
>probably not better, just different. but you get bragging rights for life >after >a stunt like that. ;-)
>: Anyway, much more information can be found at www.antionline.com. You may >also >: want to check out www.sysfail.org. Members of milworm can also be found on >irc >: in #peng (I talked to some of them last night).
>nice. what net?
>: As far as I know, this is only one of three news stories on the hack. CNN, >NBC, >: ABC, CBS, etc. have not reported anything as of yet. They are probably >awaiting >: an official response to the hacks.
>*cough* official.
>: One thing that scares me... One the AntiOnline site they show the path of >the >: hackers. Now, their final leap to the nuke site was from an army.mil site. >: Woulnd't that but the U.S. in a whole lot of trouble with India if the >Indians >: thought that the U.S. military was hacking their site to find information >on >: their nuclear testing.
>yup. which is interesting; the hackers were trying to keep a nuclear war from >happening, whilst unwittingly provoking tension between the US and India, by >looking like the US hacking India.
>interesting, that an Indian gov site would run an old version of sendmail. >wonder how much they pay those sysadmins... :-)
>: dark phiber
> - Todd
Yes, interesting point you make as well. I don't really think milworm was protesting the nulcear testing...at least, I doubt that was their true motivation. Supposedly, milworm jumped from about 3-4 different mil sites before attacking barc.ernet.in. #peng can be found on efnet.
One general question that maybe anyone could answer. How would milworm fine out that *.barc.ernet.in was a nuke research facility? I'm sure they didn't just hope on yahoo and search for it. What would be one method of finding sites under say *.army.mil or any other address?
>One general question that maybe anyone could answer. How would milworm fine out >that *.barc.ernet.in was a nuke research facility? I'm sure they didn't just >hope on yahoo and search for it. What would be one method of finding sites >under say *.army.mil or any other address?
Ecli...@ticktock.dyn.ml.org wrote $3c...@nnrp1.dejanews.com>...
>Wednesday June 3 6:12 PM EDT
>Hackers claim entry to India atom research center
>By James Glave
<snipped>
Wasn't me, Guv, honest :-)
I think that Balif raised the most important point on the topic: India and Pakistan can't afford to be throwing money away like that. With all the military talk lately, I got interested, and though you might want to view www.nrdc.org/nrdc/nrdcpro/nuguide/ It's got info on nuclear capabilities. Thanks for a good post.
nuclear_intrusion -- don't be afraid of what you can't see
There is bigger, at least there is for personal satisfaction.
My last feed is that milw0rm is hitting more indian servers as well as pakistani. The choice of targets has narrowed though as india has pulled most of ernet offline. We've noticed changes in the .pk topology as well, although the information as of yet is vague as it takes us 24-36 hours to update our topology maps. Anyhow, I can tell you that the group has already penetrated a few subnets.
On a personal note; The wired news story is about 90-95% accurate, and is therefore your best link to what's going on. Do not believe ANYTHING put out there by JP (John Vranisevich) of AntiOnline as he is a clueless media whore only trying to agrandise himself and his ego with our story. I'd like to apologise to the people in the scene for the huge media mess.
While most of the group is busy getting pimped by JP to the media I refuse any further intercourse with the media. It's too full of lies and this story has already gotten way more attention than it deserves. I thought that a one day article on wired.com would complement the happenings, but then JP started on his bandwagon, for that, I am sorry. I am currently in a vicious war against JP but some of the group does not share my views.
I'd be glad to hear your comments, both positive and negative in order to sort out our immediate situation, thanks.
- savec0re
P.S. note to JP: Next time I see you I'm gonna bust your teeth up, have a nice day
In article <1998060504592100.AAA11...@ladder01.news.aol.com>, defton...@aol.com (Deftone01) wrote:
> >Deftone01 got drunk in alt.2600 and incoherently spewed as such:
> >c[_] > >: My question is, after hacking a nuclear test site, where do you go from > >there? > >: Is there anything bigger, better?
> >probably not better, just different. but you get bragging rights for life > >after > >a stunt like that. ;-)
> >: Anyway, much more information can be found at www.antionline.com. You may > >also > >: want to check out www.sysfail.org. Members of milworm can also be found on > >irc > >: in #peng (I talked to some of them last night).
> >nice. what net?
> >: As far as I know, this is only one of three news stories on the hack. CNN, > >NBC, > >: ABC, CBS, etc. have not reported anything as of yet. They are probably > >awaiting > >: an official response to the hacks.
> >*cough* official.
> >: One thing that scares me... One the AntiOnline site they show the path of > >the > >: hackers. Now, their final leap to the nuke site was from an army.mil site. > >: Woulnd't that but the U.S. in a whole lot of trouble with India if the > >Indians > >: thought that the U.S. military was hacking their site to find information > >on > >: their nuclear testing.
> >yup. which is interesting; the hackers were trying to keep a nuclear war from > >happening, whilst unwittingly provoking tension between the US and India, by > >looking like the US hacking India.
> >interesting, that an Indian gov site would run an old version of sendmail. > >wonder how much they pay those sysadmins... :-)
> >: dark phiber
> > - Todd
> Yes, interesting point you make as well. I don't really think milworm was > protesting the nulcear testing...at least, I doubt that was their true > motivation. Supposedly, milworm jumped from about 3-4 different mil sites > before attacking barc.ernet.in. #peng can be found on efnet.
> One general question that maybe anyone could answer. How would milworm fine out > that *.barc.ernet.in was a nuke research facility? I'm sure they didn't just > hope on yahoo and search for it. What would be one method of finding sites > under say *.army.mil or any other address?
> dark phiber
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreading
This letter is in response to savec0re's last comments. Although I usually don't bother to respond to such childish comments, this one was directed toward my journalistic integrity, so I feel a response is warrented.
I was contacted by JF, the senior member of MilW0rm, with information about their hacks, as well as with an offer for an interview. Of course I felt the need to report this! Like it or not, it was a major breach of India's National Security, and that makes big news.
Every story that i've published to date have been checked by MilW0rm members JF, KeyStroke, and VeNoMouS for accuracy before they ever see the light of AntiOnline.
SaveC0re was the member of MilW0rm who first contacted the press, when he sent a letter to Wired News. He thought, as he said in his last post, that it would just be up there for a day then be done with it. Little did he know that news stories done by wired are also distributed by reuters, which means that they appear on all the major search engines and other on-line media news sources. The wired reporter, James Glave, then did a cnn interview, and will be on CBS on tuesday night. So, if anything, it was that Wired interview that made this story "huge". With AntiOnline, my goal is to provide an open medium for the other side of the story, the hackers, to appear. It is my feeling that far too often in mainstream media, hackers don't have the opportunity to get their sides out. It's always the government's views that are told.
With the occasional exception, which savec0re is, most are happy with the way that I cover them. I will continue to follow my goals of educating the public on computer security, and getting the hacker's side of the story told.
I will be posting no more reactions to this forum, even to the immature replies to this letter from savec0re which I know are coming.
Yours In CyberSpace, John Vranesevich Founder, AntiOnline
-----== Posted via Deja News, The Leader in Internet Discussion ==----- http://www.dejanews.com/ Now offering spam-free web-based newsreading
Savec0re couldn't have said it better myself. I will be on irc later so see you there. Did you get told about what happened when I challenged him on half the stuff about the exploits and proof of MOD etc last night? -- Defiant
In article <3576f8a...@206.170.198.12>, Todd Santos <bb...@europa.com> wrote:
->yup. which is interesting; the hackers were trying to keep a nuclear war ->from happening, whilst unwittingly provoking tension between the US and ->India, by
Really ? Well thats one hell of a naive and idealistic goal As if a web page hack would disuade India or Pakistan from a Nuclear War.
Incidently a war is the least likely possibility, short term anyway. What is more probable is a regional arms race for a number of years.
->interesting, that an Indian gov site would run an old version of ->sendmail. wonder how much they pay those sysadmins... :-)
Big deal, there are .mil workstations that run 4.x versions of sendmail(perhaps not for long). If you have hundreds of systems to admin its easy to overlook security upgrades, esp. if you believe that your systems are low key and not well known :-/ -- "All around us, information is moving faster and becoming cheaper to acquire, and the benefits are manifest. With email you can get every get-rich quick offer ever invented. Twice a day! With Usenet you can acquire 2 gigabytes of porn a day without ever having to spend a penny.
Kamal S. got drunk in alt.2600 and spewed as such: : In article <3576f8a...@206.170.198.12>, Todd Santos <bb...@europa.com> wrote:
: ->yup. which is interesting; the hackers were trying to keep a nuclear war : ->from happening, whilst unwittingly provoking tension between the US and : ->India, by
: Really ? Well thats one hell of a naive and idealistic goal
I can't speak for milw0rm.
: As if a web page hack would disuade India or Pakistan from a Nuclear War.
*shrug* never know.
: Incidently a war is the least likely possibility, short term anyway. What : is more probable is a regional arms race for a number of years.
which will lead to war. you cannot buy arms just because the other guy is doing it. you have to start a war to justify the weapons.
: ->interesting, that an Indian gov site would run an old version of : ->sendmail. wonder how much they pay those sysadmins... :-)
: Big deal, there are .mil workstations that run 4.x versions of : sendmail(perhaps not for long). If you have hundreds of systems to admin : its easy to overlook security upgrades, esp. if you believe that your : systems are low key and not well known :-/
> In article <3576f8a...@206.170.198.12>, Todd Santos <bb...@europa.com> wrote:
> ->yup. which is interesting; the hackers were trying to keep a nuclear war > ->from happening, whilst unwittingly provoking tension between the US and > ->India, by
> Really ? Well thats one hell of a naive and idealistic goal > As if a web page hack would disuade India or Pakistan from a Nuclear War.
> Incidently a war is the least likely possibility, short term anyway. What > is more probable is a regional arms race for a number of years.
> ->interesting, that an Indian gov site would run an old version of > ->sendmail. wonder how much they pay those sysadmins... :-)
> Big deal, there are .mil workstations that run 4.x versions of > sendmail(perhaps not for long). If you have hundreds of systems to admin > its easy to overlook security upgrades, esp. if you believe that your > systems are low key and not well known :-/ > -- > "All around us, information is moving faster and becoming cheaper to > acquire, and the benefits are manifest. With email you can get every > get-rich quick offer ever invented. Twice a day! With Usenet you can > acquire 2 gigabytes of porn a day without ever having to spend a penny.
OK, this is where I get serious.
First: While I can appreciate milw0rm's altruistic goal of helping to stop a nuclaer exchange between India and Pakastan, Hacking a webpage is NOT the way to do it.
I'm gonna drop a very simple analogy here:
You and your neighbor have been fueding for years over the strip of land that runs between your houses.
Occasionaly you've both been know to stand in the middle of the street and scream obscenities at one another. And while dannybrooking has happened, arson hasn't.
Then one day, you come home and find that your garage door has been spray painted, your house ransacked, and NOT ONLY that, but your son of a bitch neighbor has installed a fence on YOUR property, and is rototilling his side of it, still on YOUR property. It's been in the 90's, temp wise for a week, an now this.
It doesn't help matters that your garage door is painted with the words "Make love, not war" does it, hmmm?
Look. I'm all for the hack in that it revealed how vulnerable the sys at the nuke facs was. I also hope that the files taken will prove useful in deterring nuclear war. But fer christ's sake, Web page hacking is NOT a means of stopping a war! Disabling the bright red key activated encrypted code required button IS!
Ambitious Wench Off her rocker on onto the soap box. Can anybody see what time the doomsday clock reads?
>>I think that Balif raised the most important point on the topic: India and >>Pakistan can't afford to be throwing money away like that. With all the >>military talk lately, I got interested, and though you might want to view >>www.nrdc.org/nrdc/nrdcpro/nuguide/ It's got info on nuclear capabilities.
>Anyone think the foreign subsidies for India and Pakistan are going to >be increased next year to "pacify" them?
I would hope that the opposite would do the trick, but India and Pakistan rely too much on foreign aid. It couldn't be justified to reduce aid to punish the people for a governmental problem. Giving more aid would just make it easier for India and Pakistan to justify producing thses bombs. I suppose something like improving trade relations, and investing into the two countries would be usefull for the cause.
