Crackers: We Stole Nuke Data

by James Glave

2:02pm 3.Jun.98.PDT

http://www.wired.com/news/news/business/story/12717.html

Three teenage crackers say they have broken into computer systems at India's Bhabha Atomic Research Centre , Bombay (BARC) and that they are targeting Pakistani computers in a protest against the two nations' recent series of nuclear weapons tests.

In an interview conducted by Internet Relay Chat -- a venue that makes it difficult to verify correspondents' real-world identities -- the trio took credit for altering the research center's homepage and said they had stolen email exchanged among Indian nuclear scientists in the weeks immediately preceding and following weapons tests last month.

It also makes it difficult to verify their validity and claims of who hacked what. Glave of course doesn't mention this until after the last paragraph.

"We gained total control over six of the eight servers on the *.barc.ernet.in domain," wrote a 17-year-old calling himself savecOre, one of the three crackers who carried out the computer intrusion. The break-in began on Monday and continued today.

The three said that they had erased all data on two of BARC's servers as a protest against that nation's nuclear weapons development program.

"We were able to download several thousand pages of email and research before we decided it was time to get out," said savec0re, who did not disclose his real-world whereabouts. The group also includes an individual named VeNoMouS, 18, who says he lives in New Zealand, and JF, another 18-year-old who said he's a resident of England. All three are members of an organized cracking group called Milw0rm.

The trio mailed a number of email files to Wired News to verify their claims. The mails appear to include detailed scientific discussions of nuclear physics and were dated as far back as last October and as recently as Monday.

Authenticity of the files was not confirmed, and the Indian Embassy in Washington, DC, did not immediately respond to a request for comment. Email queries about the incident to representatives of the Bhadha Atomic Research Center also went unanswered.

The three crackers said they had only just begun to read through the email, which they said contained analysis of the five nuclear blasts that India conducted beginning 11 May. The group said they grabbed the mail and also defaced the Indian research center's homepage, mostly for thrills, but also to draw attention to what they said was the threat of nuclear war.

"We disabled two of the eight servers as retaliation to the tests, but not before our presence had been detected. This was early this Wednesday," wrote savec0re.

Above, they said they downloaded thousands of pages and decided it was time to get out. Now it was them being detected. Make up your minds anonymous unverifiable sources.

The group's aim was straightforward, the three said: They want to register a protest against the weapons tests.

"I'm just sick of nuclear shit," said VeNoMouS, who added that he learned how to crack from Ehud Tenebaum, aka Analyzer, the Israeli teenager implicated in attacks on US government network earlier this year.

"If you're gonna amass data which can take [so] many lives ... at least secure it," said savec0re.

As of this morning, the Indian research center home page was disabled, and displayed a directory listing of the facility's Web server. This was likely because the webmaster had deleted a spoof BARC page that the crackers had posted. That page showed a mushroom cloud and the text "If a nuclear war does start, you will be the first to scream ..."

The cracking trio said that they had obtained root, or administrator level, access to the Indian servers with a recently discovered public vulnerability in the Sendmail mail server program. The crackers claim that BARC was using an old and buggy version of the mail program. The whole process was completed in 13 minutes and 52 seconds, they said.

"They had certain things secured to the bone, and yet other things were completely obsolete," said savec0re.

JF said that he had launched his attack on the Indian servers by using an US military network machine in the .mil domain.

Great. Protest nuclear weapons and war, and do it in such a fashion to possibly bring more tension between countries.

The crackers say they're turning their attention to Pakistani government computer systems, claiming to have obtained topology maps for both Indian government networks and those maintained by Islamabad. The trio said they intend to take a closer look into Pakistan's nuclear weapons program.

News of the intrusions came a day after Jacques Gansler, US undersecretary of defense for acquisition and technology, told an industry-military forum that teenage crackers pose a "real threat environment" to national security.

Peter Neumann, a critical infrastructure and security expert with SRI International, said that the three teens weren't as much of a threat as terrorists, but that India was "way behind" America in terms of security.

"The fact that so many systems are all so weak is the biggest threat," Neumann said. "[The crisis] has nothing do with teenagers and everything to do with the fact that the US government is incapable of ratcheting up its security."

Editor's Note: Due to the anonymous nature of Internet Relay Chat, the real-world identities of the individuals in this story cound not be positively confirmed.