Crackers Set Sights on Iraq

by James Glave

updated 3:00 a.m. 30.Jan.99.PST

3:00 a.m. 30.Dec.98.PST

http://www.wired.com/politics/law/news/1998/12/17074

A global group of 24 hackers and crackers spent Monday night probing, mapping, and preparing to attack computer networks owned by the government of Iraq.

Quoting at one point from the Declaration of Independence, Steve Stakton, a member of the seven-year-old Legions of the Underground group, called for a concerted one-week cracking campaign against Iraq.

"Iraq has treated human rights issues as poorly as China has," said Stakton in a meeting of the group that was held Monday night on Internet Relay Chat. "We need to carry out what the government won't, and can't, do."

Stakton, 24, quoted from the group's mission statement: "We are ready to commence, and take [part] in electronic warfare if requested."

[Yet Glave later says that all of the above may not have been Stakton/Optiklenz. Which is it?]

Iraq has no connection to the public Internet. Group members claim to be targeting an older, nonpublic network inside Iraqi borders that they say runs on a vintage protocol called X.25.

"We are targeting them via terminal dialup," said Stakton in an interview conducted with group members on Tuesday over IRC, a global text-based chat network where identities can easily be forged.

Group members said they were probing sequential network numbers within an older network owned by MCI, which they believed were assigned to Iraq. They described the system as "a gateway that handles systems that have no local chain of numbers."

"It would effectively isolate them from the world if we took out the X.25," added a 19-year-old member based in Minnesota who goes by the name "lothos."

"If we wanted we'd be able to dial up and make a huge amount of connection to their systems and possibly bring it down to its knees," Stakton said.

One member said that he was analyzing network scans from the Iraqi cities of Ar Rutbah and Al Kut.

Scott Ellentuch, a network security specialist with Internet consultancy TTSG, said X.25 networks are commonly used to connect older equipment. Iraq hasn't received any computers or computer supplies since the United Nations embargo was put in place at the time of the Gulf War.

"If they do have an X.25 connection into Iraq, and that is their only network capability, someone could hop off the Internet and hop on to the X.25 and ride into the X.25 network," said Ellentuch. The group said its efforts partly involved "wardialing," a process of automatically dialing one phone number after another looking for modems. Members said that many modems answered at 2400 bps -- a speed common in the late 1980s.

"Many other countries don't have ... technology as [advanced as] the United States," said Ellentuch. "The exploits that are possible on these machines have been around for ages."

A member of the group supplied Wired News with a log of attempted connections to various institutional computer systems and bulletin board systems. Though the systems' geographic origin could not be positively confirmed, login prompts contained phonetic spellings of Arabic words.

[Even though simple network commands like 'traceroute' and resources like Internet IP Indexes can verify this. No effort was made to verify these logs.]

Stakton said that Legions' scanning efforts would continue Monday night, but declined to say when the group hoped to launch its attack. The Legions said that the attack was a legitimate act of protest against a rogue dictator.

"It's a crime in itself to build weapons of mass destruction when the children of the country are starving," said a group member who goes by the name "kInGbOnG."

In recent months, Legions of the Underground, whose members are largely in their 20s, has launched numerous attacks against China to draw attention to that nation's human-rights record.

Last July, in a demonstration of their technical abilities, members claimed to have remotely moved a satellite dish owned by Time Warner Cablevision. The company confirmed a security breach in that incident.