Forwarded From: phreakmoi <hackerelite@deathsdoor.com>
From: http://www.forbes.com/tool/html/98/nov/1116/featb.htm
continued from "Hacking Bhabha"
Superuser status
After logging on to Internet Relay Chat, t3k-9 headed over to one of the
hacker channels. IRC is a place on the Internet where you can conduct
real-time chat without anyone being able to track you. After checking who
was around, t3k-9 found out that IronLogik, a hacker he calls his friend
but has never met in the flesh, was also floating about. Here's their
conversation:
IronLogik> what's the address yer working on?
t3k-9> hehehe. i'll probably get on news.com or cnn.
IronLogik> just give me the url, I'm bored.
t3k-9> phenix.barc.ernet.in.
IronLogik> india? kewl.
t3k-9> yep. just use IRIX cgi-bin exploit.
IronLogik> irix? sweet.
t3k-9> hehehe. I already controlled the www.barc.ernet.in by way of
backdoors now.
IronLogik> and that is? this a *nuclear* facility?
t3k-9> yep.
IronLogik> double the pain :>)
t3k-9> it has top secret #@$%. I have the pw file, it has like 800
passwords.
IronLogik> thanks. i'll be there soon.
t3k-9> if you haxor it put like stop nuke testing and stuff.
IronLogik> on the web site? no problem.
t3k-9> bye got to go eat...
IronLogik> later.
IronLogik immediately left IRC and got to work, entering BARC via t3k-9's
backdoor. Within 45 minutes, he was able to achieve superuser status.
That meant IronLogik had gotten "root," or total control, as if he were
the network's system administrator. IronLogik could read any document or
E-mail he felt like. If he were malicious, he could do extensive
damage--uncork a virus, plant a logic bomb, joyride through their servers
and trash their data. But he wasn't here to vandalize; he was here for
information.
Constant vigilance is his motto.
IronLogik created two new "users" with passwords of his own invention, so
that even if BARC changed its password protection scheme he'd still be
able to gain access. Once he'd done all this, he installed his own
backdoors, then disconnected from BARC and lay on two mattresses stacked
on the floor to reflect. The room was dimly lit by a single lamp. His
shades were drawn like they always were when he hacked: Constant vigilance
is his motto.
IronLogik's real first name is Ratko and he's an 18-year-old immigrant
from Serbia. For fun, he DJs parties from his laptop with pirated music
he's downloaded off the Internet. He chose the name "IronLogik" because
his childhood was spent behind the Iron Curtain and 'logic' in his native
tongue is spelled 'logik.'
Ratko weighed whether he should go on or not. His father, formerly a
computer programmer stationed in Russia, is now an aerospace engineer in
the U.S. He worries his son could get deported if caught hacking. And if
the authorities ever conducted a background check on his family, they'd
find out that Ratko's Serbian grandfather had been born in Russia and
employed by the KGB, which his father fears would not sit well with either
the Indians or the Americans.
While t3k-9 talks big about the threat of nukes but has no direct
experience with them, Ratko is different. He grew up near a military base
with hated Russian MIGs constantly roaring overhead, carrying nuclear
warheads and spreading intimidation. Ratko thinks nuclear weapons should
be strictly for protection, not genocide. "If a country uses nuclear arms
to threaten other nations, then they do not deserve to carry them," he
says. This is what clinched it for him. Those stupid Indians aren't
responsible enough to control nukes. He'd prove this. continued from
"Hacking Bhabha"
Claiming credit
Ratko cracked open a notebook and began scribbling ideas. Starting from a
hacked Internet account, IronLogik hopped through several different
Internet service providers in the U.S. and Europe and, while at Los
Alamos, picked up a new Internet Protocol (IP) address--a unique number
that is assigned to the computer. Equipped with a military IP, BARC would
identify him as a regular U.S.-based researcher. Changing his IP address
to one associated with the military was like changing into a soldier's
uniform. It made for good camouflage.
IronLogik hopped through several more ISPs, plus university networks,
corporate servers and military research centers, more than 30 in all, to
make it extremely difficult for anyone to trace his steps. Once he got to
BARC, he erased the administrator logs that detailed his intrusions along
the way. "Even Tsunami-boy (Tsutomu Shimomura), the guy who caught Kevin
Mitnick, would find it impossible to track me," he boasts. They'd need a
wiretap at the precise moment IronLogik was hopping through cyberspace and
what were the odds of that? About a billion to one.
He maneuvered over to BARC's R&D server and sifted through E-mail, both
new and already read. The UNIX system BARC relies on saves all mail until
the system administrator deletes it. One of BARC's biggest mistakes,
besides its irresponsible password protection scheme, was that it allowed
workers to keep old mail. Much of the mail was encrypted, which IronLogik
realized meant it was probably quite sensitive.
He read some of the unencrypted mail, eavesdropping on conversations
between scientists at BARC, Los Alamos and other research centers. Some
detailed the recent atomic detonations, including one that postulated that
one of the blasts had been faked. Another offered information on Co2 laser
radiation. A third criticized a recently published paper on particle
physics. He also saw plant layouts and noticed that almost all the users
had their own projects stored in their own network files.
Information is not free, it is earned.
Next, he began to download E-mail. He traveled around the server until he
found BARC's intranet, which is a kind of internal Internet. That's where
the sensitive stuff would be--details of the recent atomic tests. He also
knew if he cracked BARC's intranet, he'd be a major international
cyberfugitive.
At this point, IronLogik decided he'd gone far enough; the risks didn't
outweigh the rewards. During breakfast that morning, he told his father
he'd hacked BARC and his father was both impressed and angry. His father
pleaded with him not to return. But Ratko knew that although his father
was worried, he really didn't mean it. He was proud of his son's hacking
skills.
At school the next day, Ratko showed two of his Indian classmates the
printouts of BARC's logs and "threatened to sell the information to my
Russian superiors." They were impressed, and even helped Ratko by
translating some of the E-mails. Meanwhile, if someone as disciplined as
Ratko felt the need to brag, imagine how t3k-9 must have felt. Which is
why t3k-9 posted the whole BARC password file--all 800 passwords and
log-in names--on one of the hacker channels.
Immediately, hackers began accessing this information and preparing to
attack BARC. When IronLogik went online later that day and found out what
t3k-9 had done, he was not pleased. "Information is not free," he chided
t3k-9, "it is earned." But it was too late. BARC was about to get hacked
on all sides.
Shortly after, Wired News broke the story with an exclusive interview with
milw0rm, whose members buttressed their claims by producing a mirror of
BARC's hacked home page. Other media outlets followed suit, also fixating
on milw0rm as the culprits and waiting breathlessly as its members
prepared for its next announced hack attack: Pakistan's nuclear research
networks.
Why did milw0rm receive all the glory?
Essentially because its members had acted like drunken fraternity boys,
digitally defacing BARC's home page, trashing a couple of its servers and
then crowing about it. Unfortunately, when it comes to media coverage in
the digital domain, that's the most effective PR.
IronLogik, unsurprisingly, was irritated. It wasn't fair, he thought.
t3k-9 had been the first one in, then IronLogik. All the rest of those
hackers, including milw0rm--especially milw0rm--had coasted in on their
work. And milw0rm's claim that it used a sendmail bug to penetrate BARC
was false. Rather, "they had used the backdoors that t3k-9 and I set up,"
says IronLogik. "Besides, all this talk about attacking Pakistan next was
so bogus, because Pakistan's atomic research centers are all offline. I
know. I checked. milw0rm is just a bunch of stupid kids."
IronLogik says that if he had decided to try his hand at cracking BARC's
intranet, he is sure he could have accessed extremely sensitive material.
Given BARC's woefully inadequate security, this would not have been out of
the realm of possibilities. What's worse, if he had been a terrorist or
corporate spy, who knows what he could have downloaded.
As for t3k-9, he says he dreams of the day when someone will pay him
$100,000 to hack. At that price he doesn't care whether it's legal or not.
IronLogik plans to attend the University of Belgrade like his father. He
either wants to be a system administrator ("The people I outsmart," Ratko
says) or a penetration tester, someone who's paid to hack systems to show
their vulnerabilities.
In the meantime both have moved on. t3k-9 recently found a security hole
in Microsoft's Front Page software product and IronLogik has been
exploring other atomic targets--Iran, Iraq, Italy and Turkey. In fact, a
few days after he hacked BARC, IronLogik nailed a nuclear research center
in Turkey.
Connecting to host www.nukleer.gov.tr...Connected. Cnaem login: *****
Password: ***** Welcome to Cekmece Nuclear Research Center...
"I just want to live my life to the fullest," said Ratko, happily
scrolling through reams of Turkish technical data.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Nov 18 14:57:25 1998