Cat Techie

Thursday, November 25, 2010

"The world is lucky we're so nice : Milw0rm”

"I like the world in its current state (i guess), well its better than the world would be if the b0mb went b00m. think about it k1dz, it’s not clever, it’s not big, so don't think destruction is cool, coz it’s not […] So India, LISTEN TO WISE OLD MILWORM ... You do not need nuclear weapons in the 1990s!#@!" a part of the message, which was signed by JF, VeNoMouS, Hamst0r, Keystroke, savec0re and ExtreemUK,
This was the message left by MILWORM and group, after Bhabha Atomic Research Centre (BARC) in Mumbai. Rather the group came in limelight here after. milw0rm was a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai, the primary nuclear research facility of India, on June 3, 1998. . The message announcing Milw0rm's shutdown has been removed from the website. Submissions seem to have also been reopened. It is not yet clear if str0ke decided to continue alone, if he got assistance with reviewing exploits or if someone else took over the maintenance tasks entirely. Massive dd0s from someone which str0ke put them down in their server, One of the major sources of proof of concept (PoC) exploits on the Internet,, closing down all of sudden miraculously. The website's maintainer, str0ke, gave thunder stroke to the used by announcing the closer of this site. While this is sad news for people familiar with the exploit release scene, as well as a fair amount of script kiddies by some accounts, it might not mean much for the uninitiated without some background history. Milw0rm was originally the name of a group of hackers with members from various parts around the globe that communicated with each other over IRC (Internet Relay Chat). The outfit went on to achieve international fame after it took credit for compromising the computer network of India's Bhabha Atomic Research Centre (BARC) in Bombay and gaining administrative access (root) on multiple systems during the night of June 3, 1998. The hackers walked off with confidential emails and classified documents about nuclear tests, amounting to around five megabytes. The first news outlet to break out the story at the time was Wired, which the collective contacted with proof of their feat. The reasons behind the attack were mostly political in nature. The group's members, who were still teenagers at the time, wanted to show their disapproval over the development and testing of atomic weapons, making this pretty clear by defacing the BARC home page and posting pacifist messages. The group disbanded soon after this high-profile hack, or at least its members stopped being hacktivists. Several years later, in 2004, Keystroke, who is, today, better known as str0ke, went on to set up as a place to publish PoC exploits, with the consent of some of his former comrades. In order to ensure a high quality for the published content, str0ke personally verified and tested all exploits submitted by other hackers, something that, unfortunately, he can no longer do. He goes on to explain that, "For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn't fair to the authors on this site." Finally, the hacker extends his thanks to everyone who contributed to the website. "I appreciate and thank everyone for their support in the past. Be safe, /str0ke," he signs off.
The submissions of exploits got closed, the hackers who used to explore their dreams here got panic, and there were whispers around, IRC community of hackers was in grave discussions about the same,  str0ke no more remained the same keystroke from milw0rm. str0ke was not in the original milw0rm which hacked BARC and many other sites. The hacker and exploit writers started accusing him for many reasons. This was the Black day in history....This is what happens when the best goes down; there was big conspiracy behind all this. Hackers like P3ac3 and 51l3n7 voice opinion but soon that disappeared with time. The message announcing Milw0rm's shutdown was removed from the website. Submissions also reopened. Then It was not very clear if str0ke decided to continue alone, if he got assistance with reviewing exploits or if someone else took over the maintenance tasks entirely.
Members of milw0rm was the international hacking team went by the aliases of JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS(Real Name: Jodi Jones***). VeNoMouS, 18, hailed from New Zealand, ExtreemUK and JF, 18, from England, and Keystroke and Savec0re, 17 from the US. To date, none of the group have come forward with their real names or identities, and investigations of the incident by the CIA and FBI or any other intelligence organizations proved fruitless in deciphering their identities, which were well-hidden. However, numerous people who were not a part of milw0rm have come forward saying that they were responsible for the hacks. Their claims have been discredited. JF went on to achieve a modicum of notoriety when MTV "hacked" its own website intentionally and graffitied the words "JF Was Here" across the page, at the same time that JF was under investigation for the milw0rm attacks by Scotland Yard. Hundreds of pages hosted on sported the new JF logo, including one page that read, JF was here, greets to milw0rm,VeNoMouS claimed that he learned to crack into systems from Ehud Tenenbaum, an Israeli hacker known as The Analyzer. Four days before the incident, the five permanent members of the United Nations Security Council, the US, Russia, United Kingdom, France and China, denounced both India and Pakistan for unilaterally declaring themselves nuclear weapons states. The day before the attack, Jacques Gansler, US undersecretary of defense for acquisition and technology, warned a military conference that teenage hackers posed "a real threat" to national security. On the night of June 3, 1998 from their workstations on three continents, the group used a US military .mil machine to break into the LAN, or local area network, of BARC and gained root access. The center's website, connected to the LAN, and their firewall was not secured enough to prevent the group from entering and gaining access to confidential emails and documents. The emails included correspondence between the center's scientists relating to their development of nuclear weapons. They then posted a statement of anti-nuclear intentions on the center's website. In the process of the break-in, the multinational group of teenagers -- from the United States, United Kingdom and New Zealand -- gained access to five megabytes of classified documents pertaining to India's nuclear weapons program. Savec0re erased all the data on two servers as a protest against the center's nuclear capabilities. To display their security breach publicly, they changed the center's webpage to display a mushroom cloud along with an anti-nuclear message and the phrase "Don't think destruction is cool, coz its not” Milw0rm then came forward with the security flaws they exploited in BARC's system, along with some of the thousands of pages of documents they had lifted from the server, concerning India's last five nuclear detonations. The group's purpose for the attack was to protest nuclear testing, according to Savec0re, VeNoMouS and JF. After the attack Keystroke claimed that the breach had taken "13 minutes and 56 seconds" to execute. Many news organizations reported breathlessly how the teenagers had penetrated a nuclear research facility in "less than 14 minutes." However, examining more closely the hacker's wording and tone in the interview, and especially the specificity of the "56 seconds" claim, it is apparent that Keystroke meant this as a lighthearted answer to the question, "Exactly how long did it take you?". The actual invasion took careful planning, routing through servers throughout the world from three different continents, and took days to execute. An Indian news agency reported that downloading thousands of pages from India's slow servers would have taken much longer than 14 minutes. The security breach was first reported by Wired News. Members of the group claimed credit by emailing Wired reporter James Glave with documents they had obtained from the BARC servers as proof. After first denying that any incident had occurred, BARC officials admitted that the center had indeed been hacked and emails had been downloaded. An official at BARC downplayed the severity and importance of the incident announcing that the security flaw resulted from "a very normal loophole in Sendmail," while going on to state that the center had not bothered to download a new version of the Sendmail program, responsible for the center's email servers. The center also admitted that after milw0rm's breach, the site had been hacked into again, this time with less severe consequences. Forbes wrote that perhaps up to 100 hackers had followed milw0rm's footsteps into the BARC servers once they were revealed as insecure. The website was shut down while its security was upgraded. Later, a senior US government official told ZDNet that the Indians had known about the flaw and had chosen to ignore it, creating the opportunity for milw0rm to root the servers. BARC officials said that none of the emails contained confidential information, the group did not destroy data, and that the computers they have that contain important data were isolated from the ones broken into.
Nevertheless, the breach was a severe one and had the potential to cause an incident of international proportions. Forbes called it "potentially the most devastating" hacking incident of 1998.After the attack, members of the group participated in an anonymous Internet Relay Chat (IRC) chat with John Vranesivich, the founder of hacking news website Anti-Online. Keystroke explained how if he wanted to, he could have sent threatening emails from the Indian email server to a Pakistani email server. If the group had possessed malicious intentions, the consequences for both south Asian countries could have been catastrophic. For these reasons, the milw0rm attack caused other groups to heighten their security to prevent invasion by hackers. The U.S. Army announced, without giving evidence as to why they believed this to be the case, that the hacks might have originated in Turkey, noting that "Turkey is the primary conduit for cyber attacks." A senior US official said that the CIA had obtained the material that milw0rm had purloined and was reviewing it-- the official did not mention how the CIA obtained this information.Later, Wired News revealed that an Indian national and self-proclaimed terrorist, Khalid Ibrahim, had approached members of milw0rm and other hacker groups on IRC-- including Masters of Downloading and the Noid-- and attempted to buy classified documents from them. According to savec0re, Ibrahim threatened to kill him if the hacker did not turn over the classified documents in question. The Electronic Disturbance Theater released a statement in support of JF, applauding him for his hacktivism and maintaining that computer break-ins of this sort were not cyber-terrorism as some claim.
One month after the BARC incident, in July 1998, milw0rm hacked the web hosting company Easyspace, putting their anti-nuclear mushroom cloud message on more than 300 of Easyspace's websites. The text placed on the sites read in part, "This mass takeover goes out to all the people out there who want to see peace in this world... This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen..Use your power to keep the world in a state of PEACE.
While scanning a network for weaknesses, members of the group came across EasySpace, a British company which hosted many sites on one server. Along with members of the fellow hacking group Ashtray Lumberjacks, milw0rm had the revised mushroom cloud image and text on all of Easyspace's websites in less than one hour."It's ironic that India has weapons capable of destroying the world, but they can't secure a little web server which is connected to their networks." That’s how Milw0rm dead and inj3ct0r born..Who are the injectors? There are total four prime admins, and four key injectors running the show, after going through lots of legal mess now injectors are revamping their plans. JF who is CEO of this group, holds big team of black hat hackers, the other key holder injectors are form India and Pakistan. Milworms all published exploits were posted on injector, one of the amature injector, who is young and sill studying, has taken undue advantage of the situations that who the Injector came in existance, R00ter a pakistan based injector is one of the most brillient and strongest admin of this group,Microsoft is the biggest sponsor and one of the financial supports for this group….
read more details in my book ‘Cyber Terror"
As a journalist it's my right to discover and publish ...I know all the Hacker and injectors are pro..And the biggest irony is that they have their own private exploits what they have never published anywhere, just core impact (an exploiting software) has that exploits. Injector guys can be defined as pure cyber criminals.. Some of them are former member of PHC.. Pakistan hackers club, now this group have dissolved and is no more .and some of them are the members of ICW which is vanished recentely.. most of members are working in very good companies and different sectors and having good family life. These hackers have tremendous unity when it comes for wrong things, I am sure they will find their own ways to sabotage me and my interest. What I am doing is my profession, what they are doing is their passion.. I respect them from the bottom of my heart and do not expect the same.

No comments:

Post a Comment

thanks for visiting this blog