Misplaced Pages

Revision as of 16:28, 24 November 2007

milw0rm is a group of "hacktivists" best known for penetrating the computers of the <a href="/Bhabha_Atomic_Research_Centre" title="Bhabha Atomic Research Centre">Bhabha Atomic Research Centre</a> (BARC) in <a href="/Bombay" title="Bombay">Bombay</a>, the primary nuclear research facility of <a href="/India" title="India">India</a>, on June 3, 1998. The group conducted hacks for political reasons, including an anti-nuclear agenda and peace message that it spread on hacked websites. The group's logo featured the slogan "Putting the power back in the hands of the people."

The BARC attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons and the information necessary to do so, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with people willing and able to break into insecure international websites.

<script type="text/javascript"> //<![CDATA[

if (window.showTocToggle) { var tocShowText = "show"; var tocHideText = "hide"; showTocToggle(); } 

//]]> </script>

<a name="Members_of_milw0rm" id="Members_of_milw0rm"></a>

Members of milw0rm

Little is known about the members of milw0rm. The international hacking team went by the aliases of JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS. VeNoMouS, 18, hailed from New Zealand, ExtreemUK and JF, 18, from England, and Keystroke and Savec0re, 17 from the US. To date, none of the group have come forward with their real names or identities, and investigations of the incident by the <a href="/CIA" title="CIA">CIA</a> and <a href="/FBI" title="FBI">FBI</a> or any other intelligence organizations proved fruitless in deciphering their identities, which were well-hidden. However, numerous people who were not a part of milw0rm have come forward saying that they were responsible for the hacks. Their claims have been discredited.

JF went on to achieve a modicum of notoriety when <a href="/MTV" title="MTV">MTV</a> "hacked" its own website intentionally and graffitied the words "JF Was Here" across the page, at the same time that JF was under investigation for the milw0rm attacks by <a href="/Scotland_Yard" title="Scotland Yard">Scotland Yard</a>. Hundreds of pages hosted on MTV.com sported the new JF logo, including one page that read, "JF was here, greets to milw0rm".

VeNoMouS claimed that he learned to crack into systems from <a href="/Ehud_Tenenbaum" title="Ehud Tenenbaum">Ehud Tenenbaum</a>, an Israeli hacker known as The Analyzer.

<a name="BARC_Attack" id="BARC_Attack"></a>

BARC Attack

Four days before the incident, the five permanent members of the <a href="/United_Nations_Security_Council" title="United Nations Security Council">United Nations Security Council</a>, the <a href="/US" title="US">US</a>, <a href="/Russia" title="Russia">Russia</a>, <a href="/United_Kingdom" title="United Kingdom">United Kingdom</a>, <a href="/France" title="France">France</a> and <a href="/China" title="China">China</a>, denounced both <a href="/India" title="India">India</a> and <a href="/Pakistan" title="Pakistan">Pakistan</a> for unilaterally declaring themselves nuclear weapons states. The day before the attack, <a href="/search/?title=Jacques_Gansler&action=edit" class="new" title="Jacques Gansler">Jacques Gansler</a>, US undersecretary of defense for acquisition and technology, warned a military conference that teenage hackers posed "a real threat" to national security.

On the night of <a href="/June_3" title="June 3">June 3</a>, <a href="/1998" title="1998">1998</a> from their workstations on three continents, the group used a US military .mil machine to break into the <a href="/LAN" title="LAN">LAN</a>, or local area network, of BARC and gained root access. The center's website, connected to the LAN, and their firewall was not secured enough to prevent the group from entering and gaining access to confidential emails and documents. The emails included correspondence between the center's scientists relating to their development of nuclear weapons. They then posted a statement of anti-nuclear intentions on the center's website.

In the process of the break-in, the multinational group of teenagers -- from the <a href="/United_States" title="United States">United States</a>, <a href="/United_Kingdom" title="United Kingdom">United Kingdom</a> and <a href="/New_Zealand" title="New Zealand">New Zealand</a> -- gained access to five megabytes of classified documents pertaining to India's nuclear weapons program. Savec0re erased all the data on two servers as a protest against the center's nuclear capabilities. To display their security breach publicly, they changed the center's webpage to display a mushroom cloud along with an anti-nuclear message and the phrase "Don't think destruction is cool, coz its not".

Milw0rm then came forward with the security flaws they exploited in BARC's system, along with some of the thousands of pages of documents they had lifted from the server, concerning India's last five nuclear detonations.<a href="http://www.savageideas.com/downloads/mba/Global_Information_Systems_Threats.pdf" class="external autonumber" title="http://www.savageideas.com/downloads/mba/Global_Information_Systems_Threats.pdf" rel="nofollow"></a>

The group's purpose for the attack was to protest nuclear testing, according to Savec0re, VeNoMouS and JF, in their correspondence with Wired's reporter James Glave.

After the attack Keystroke claimed that the breach had taken "13 minutes and 56 seconds" to execute. Many news organizations reported breathlessly how the teenagers had penetrated a nuclear research facility in "less than 14 minutes." However, examining more closely the hacker's wording and tone in the interview, and especially the specificity of the "56 seconds" claim, it is apparent that Keystroke meant this as a lighthearted answer to the question, "Exactly how long did it take you?". The actual invasion took careful planning, routing through servers throughout the world from three different continents, and took days to execute. An Indian news agency reported that downloading thousands of pages from India's slow servers would have taken much longer than 14 minutes.

<a name="Attack_Aftermath" id="Attack_Aftermath"></a>

Attack Aftermath

The security breach was first reported by <a href="/Wired_%28magazine%29" title="Wired (magazine)">Wired</a> News. Members of the group claimed credit by emailing Wired reporter <a href="/search/?title=James_Glave&action=edit" class="new" title="James Glave">James Glave</a> with documents they had obtained from the BARC servers as proof.

After first denying that any incident had occurred, BARC officials admitted that the center had indeed been hacked and emails had been downloaded. An official at BARC downplayed the severity and importance of the incident, announcing that the security flaw resulted from "a very normal loophole in Sendmail," while going on to state that the center had not bothered to download a new version of the Sendmail program, responsible for the center's email servers. The center also admitted that after milw0rm's breach, the site had been hacked into again, this time with less severe consequences. Forbes wrote that perhaps up to 100 hackers had followed milw0rm's footsteps into the BARC servers once they were revealed as insecure. The website was shut down while its security was upgraded. Later, a senior US government official told ZDNet that the Indians had known about the flaw and had chosen to ignore it, creating the opportunity for milw0rm to root the servers. BARC officials said that none of the emails contained confidential information, the group did not destroy data, and that the computers they have that contain important data were isolated from the ones broken into.

Nevertheless, the breach was a severe one and had the potential to cause an incident of international proportions. <a href="/Forbes_Magazine" title="Forbes Magazine">Forbes</a> called it "potentially the most devastating" hacking incident of <a href="/1998" title="1998">1998</a>.

After the attack, members of the group participated in an anonymous <a href="/Internet_Relay_Chat" title="Internet Relay Chat">Internet Relay Chat</a> (IRC) chat with John Vranesivich, the founder of hacking news website Anti-Online. Keystroke explained how if he wanted to, he could have sent threatening emails from the Indian email server to a Pakistani email server. If the group had possessed malicious intentions, the consequences for both south Asian countries could have been catastrophic.

For these reasons, the milw0rm attack caused other groups to heighten their security to prevent invasion by hackers. The U.S. Army announced, without giving evidence as to why they believed this to be the case, that the hacks might have originated in Turkey, noting that "Turkey is the primary conduit for cyber attacks." A senior US official said that the <a href="/Central_Intelligence_Agency" title="Central Intelligence Agency">CIA</a> had obtained the material that milw0rm had purloined and was reviewing it-- the official did not mention how the CIA obtained this information.

Later, <a href="/Wired_%28magazine%29" title="Wired (magazine)">Wired</a> News revealed that an Indian national and self-proclaimed terrorist, <a href="/Khalid_Ibrahim" title="Khalid Ibrahim">Khalid Ibrahim</a>, had approached members of milw0rm and other hacker groups on IRC-- including Masters of Downloading and the Noid-- and attempted to buy classified documents from them. According to savec0re, Ibrahim threatened to kill him if the hacker did not turn over the classified documents in question.

The Electronic Disturbance Theater released a statement in support of JF, applauding him for his hacktivism and maintaining that computer break-ins of this sort were not cyber-terrorism as some claim.<a href="http://www.thing.net/~rdom/ecd/Brithacker.html" class="external autonumber" title="http://www.thing.net/~rdom/ecd/Brithacker.html" rel="nofollow"></a>

The event received wide national coverage, with reports by <a href="/CNN" title="CNN">CNN</a>, <a href="/MSNBC" title="MSNBC">MSNBC</a> and the <a href="/Associated_Press" title="Associated Press">Associated Press</a> in the days following.<a href="http://www.antionline.com/about.php?action=inthenews" class="external autonumber" title="http://www.antionline.com/about.php?action=inthenews" rel="nofollow"></a>

<a name="Other_Attacks" id="Other_Attacks"></a>

Other Attacks

One month after the BARC incident, in July 1998, milw0rm hacked the web hosting company <a href="/search/?title=Easyspace&action=edit" class="new" title="Easyspace">Easyspace</a>, putting their anti-nuclear mushroom cloud message on more than 300 of Easyspace's websites.

Wired reported that this incident was perhaps the "largest 'mass hack' ever undertaken." Some of the sites hacked in the incident were for the <a href="/World_Cup" title="World Cup">World Cup</a>, <a href="/The_Championships%2C_Wimbledon" title="The Championships, Wimbledon">Wimbledon</a>, the Ritz Casino, <a href="/Drew_Barrymore" title="Drew Barrymore">Drew Barrymore</a>, and the <a href="/Saudi_Arabia" title="Saudi Arabia">Saudi</a> royal family. The text placed on the sites read in part, "This mass takeover goes out to all the people out there who want to see peace in this world... This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen... Use your power to keep the world in a state of PEACE."

While scanning a network for weaknesses, members of the group came across EasySpace, a British company which hosted many sites on one server. Along with members of the fellow hacking group Ashtray Lumberjacks, milw0rm had the revised mushroom cloud image and text on all of Easyspace's websites in less than one hour.

<a name="milw0rm_Quotes" id="milw0rm_Quotes"></a>

milw0rm Quotes

"The world is lucky we're so nice."

-Keystroke

"It's ironic that India has weapons capable of destroying the world, but they can't secure a little web server which is connected to their networks."

-Keystroke

"If you're gonna amass data which can take many lives ... at least secure it."

-savec0re

"I'm only young; I don't want a hostile world on the edge of a nuclear conflict."

-JF

"We should be moving towards world peace in the millennium, and nuclear warfare testing is NO way forward. It can destroy the world."

-JF

The full text of the milw0rm-revised BARC website:

oh gn0, like this is what happens if j00 play with atomic energy!#@! It g0es b00m@#@#@# so PLEEEZE, do not fuck around, didn't you parents ever teach you manners? I like the world in its current state (i guess), well its better than the world would be if the b0mb went b00m. think about it k1dz, its not clever, its not big, so don't think destruction is cool, coz its not. If a nuclear war does start, you will be the first to scream. You all saw the movie WARGAMES right? well.... That could have been us$#@ So India, LISTEN TO WISE OLD MILWORM .... You do not need nuclear weapons in the 1990s!#@! STOP THE SHIT Owned Savec0re - JF - VeNoMouS JF - Hamst0r - Keystoke - savec0re - ExtreemUK

<a name="See_also" id="See_also"></a>

See also

• <a href="/Hacktivism" title="Hacktivism">Hacktivism</a>

<a name="References" id="References"></a>

References

1. ^ <a href="#_ref-wiredmasshack_0" title=""></a> <a href="#_ref-wiredmasshack_1" title=""></a> "<a href="http://www.thing.net/~rdom/ecd/Brithacker.html" class="external text" title="http://www.thing.net/~rdom/ecd/Brithacker.html" rel="nofollow">Anti-Nuke Cracker Strikes Again</a>", Wired, July 3, 1998. 
2. <a href="#_ref-Ottawa_0" title="">^</a> "<a href="http://hrea.org/lists/huridocs-tech/markup/msg00014.html" class="external text" title="http://hrea.org/lists/huridocs-tech/markup/msg00014.html" rel="nofollow">E-Guerrillas in the mist</a>", Ottawa Citizen, October 27, 1998. 
3. <a href="#_ref-CNet_0" title="">^</a> "<a href="http://news.com.com/2100-1023-215319.html" class="external text" title="http://news.com.com/2100-1023-215319.html" rel="nofollow">MTV "hack" backfires</a>", CNet, September 9, 1998. 
4. <a href="#_ref-Antionline_0" title="">^</a> "<a href="http://web.archive.org/web/19981205104829/http://antionline.com/SpecialReports/mtv/opinion.html" class="external text" title="http://web.archive.org/web/19981205104829/http://antionline.com/SpecialReports/mtv/opinion.html" rel="nofollow">AntiOnline's Editorial Coverage Of The MTV Site "Hack" ?</a>", AntiOnline, September 1998. 
5. ^ <a href="#_ref-Wiredfirst_0" title=""></a> <a href="#_ref-Wiredfirst_1" title=""></a> "<a href="http://attrition.org/errata/www/art.0027.html" class="external text" title="http://attrition.org/errata/www/art.0027.html" rel="nofollow">Crackers: We Stole Nuke Data</a>", Wired, June 3, 1998. 
6. ^ <a href="#_ref-zdnet_0" title=""></a> <a href="#_ref-zdnet_1" title=""></a> <a href="#_ref-zdnet_2" title=""></a> <a href="#_ref-zdnet_3" title=""></a> <a href="#_ref-zdnet_4" title=""></a> "<a href="http://news.zdnet.com/2100-9595_22-510664.html" class="external text" title="http://news.zdnet.com/2100-9595_22-510664.html" rel="nofollow">India has scary nuke hack</a>", ZDNet, June 5, 1998. 
7. ^ <a href="#_ref-India_0" title=""></a> <a href="#_ref-India_1" title=""></a> <a href="#_ref-India_2" title=""></a> "<a href="http://www.rediff.com/computer/1998/jun/09barc.htm" class="external text" title="http://www.rediff.com/computer/1998/jun/09barc.htm" rel="nofollow">The Eye of the Needle</a>", Rediff, June 9, 1998. 
8. ^ <a href="#_ref-Forbes_0" title=""></a> <a href="#_ref-Forbes_1" title=""></a> "<a href="http://www.forbes.com/1998/11/16/feat.html" class="external text" title="http://www.forbes.com/1998/11/16/feat.html" rel="nofollow">Hacking Bhabha</a>", Forbes, November 16, 1998. 
9. <a href="#_ref-Wired_0" title="">^</a> "<a href="http://www.wired.com/politics/law/news/1998/11/15812" class="external text" title="http://www.wired.com/politics/law/news/1998/11/15812" rel="nofollow">Do Terrorists Troll the Net?</a>", Wired, November 4, 1998. 
10. <a href="#_ref-Harvard_0" title="">^</a> "<a href="http://hir.harvard.edu/articles/print.php?article=905" class="external text" title="http://hir.harvard.edu/articles/print.php?article=905" rel="nofollow">Cyberwarriors: Activists and Terrorists Turn to Cyberspace</a>", The Future of War, Summer 2001. 

<a name="External_links" id="External_links"></a>

External links

• <a href="http://www.milw0rm.com/" class="external text" title="http://www.milw0rm.com/" rel="nofollow">milw0rm.com</a> Exploit and Vulnerability Database

Mirrors of hacked sites:

• <a href="http://fb.provocation.net/www.flashback.se/hack/1998/07/02/1/index.html" class="external text" title="http://fb.provocation.net/www.flashback.se/hack/1998/07/02/1/index.html" rel="nofollow">Mass hack</a>
• <a href="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/fantasyfootball.htm" class="external text" title="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/fantasyfootball.htm" rel="nofollow">Fantasyfootball.co.uk hacked</a>
• <a href="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/leje.htm" class="external text" title="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/leje.htm" rel="nofollow">Hacked site</a>
• <a href="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/michaelpowels.htm" class="external text" title="http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/michaelpowels.htm" rel="nofollow">"We Hacked Prince Charles' Bentley!"</a>

<a href="/Special:Categories" title="Special:Categories">Categories</a>: <a href="/Category:Articles_needing_additional_references_from_July_2007" title="Category:Articles needing additional references from July 2007">Articles needing additional references from July 2007</a> | <a href="/Category:Hacker_groups" title="Category:Hacker groups">Hacker groups</a> | <a href="/Category:Underground_computer_groups" title="Category:Underground computer groups">Underground computer groups</a> | <a href="/Category:Hacking_%28computer_security%29" title="Category:Hacking (computer security)">Hacking (computer security)</a>

Views

• <a href="/Milw0rm" title="View the content page " accesskey="c">Article</a>
• <a href="/Talk:Milw0rm" title="Discussion about the content page " accesskey="t">Discussion</a>
• <a href="/search/?title=Milw0rm&action=edit" title="You can edit this page. Please use the preview button before saving. " accesskey="e">Edit this page</a>
• <a href="/search/?title=Milw0rm&action=history" title="Past versions of this page " accesskey="h">History</a>

Personal tools

• <a href="/search/?title=Special:Userlogin&returnto=Milw0rm" title="You are encouraged to log in, it is not mandatory however. " accesskey="o">Sign in / create account</a>

<a style="background-image: url(/images/wiki-en.png);" href="/Main_Page" title="Visit the Main Page " accesskey="z"></a>

<script type="text/javascript"> if (window.isMSIE55) fixalpha(); </script>

Navigation

• <a href="/Main_Page" title="Visit the main page " accesskey="z">Main page</a>
• <a href="/Wikipedia:Contents" title="Guides to browsing Misplaced Pages">Contents</a>
• <a href="/Wikipedia:Featured_content" title="Featured content — the best of Misplaced Pages">Featured content</a>
• <a href="/Portal:Current_events" title="Find background information on current events">Current events</a>
• <a href="/Special:Random" title="Load a random page " accesskey="x">Random article</a>

interaction

• <a href="/Wikipedia:About" title="Find out about Misplaced Pages">About Misplaced Pages</a>
• <a href="/Wikipedia:Community_Portal" title="About the project, what you can do, where to find things">Community portal</a>
• <a href="/Special:Recentchanges" title="The list of recent changes in the wiki " accesskey="r">Recent changes</a>
• <a href="/Wikipedia:Contact_us" title="How to contact Misplaced Pages">Contact Misplaced Pages</a>
• <a href="http://wikimediafoundation.org/Donate" title="Support us">Donate to Misplaced Pages</a>
• <a href="/Help:Contents" title="Guidance on how to use and edit Misplaced Pages">Help</a>

<label for="searchInput">Search</label>

<input id="searchInput" name="search" type="text" title="Search Misplaced Pages " accesskey="f" value="" /> <input type='submit' name="go" class="searchButton" id="searchGoButton" value="Go" />  <input type='submit' name="fulltext" class="searchButton" id="mw-searchButton" value="Search" />

Toolbox

• <a href="/Special:Whatlinkshere/Milw0rm" title="List of all wiki pages that link here " accesskey="j">What links here</a>
• <a href="/Special:Recentchangeslinked/Milw0rm" title="Recent changes in pages linked from this page " accesskey="k">Related changes</a>
• <a href="/Wikipedia:Upload" title="Upload images or media files " accesskey="u">Upload file</a>
• <a href="/Special:Specialpages" title="List of all special pages " accesskey="q">Special pages</a>
• <a href="/search/?title=Milw0rm&printable=yes" title="Printable version of this page " accesskey="p">Printable version</a>
• <a href="/search/?title=Milw0rm&oldid=169493180" title="Permanent link to this version of the page">Permanent link</a>
• <a href="/search/?title=Special:Cite&page=Milw0rm&id=169493180">Cite this article</a>

• This page was last modified 00:17, 6 November 2007.
• All text is available under the terms of the <a class='internal' href="/Wikipedia:Text_of_the_GNU_Free_Documentation_License" title="Misplaced Pages:Text of the GNU Free Documentation License">GNU Free Documentation License</a>. (See <a class='internal' href="/Wikipedia:Copyrights" title="Misplaced Pages:Copyrights">Copyrights</a> for details.)
  Misplaced Pages® is a registered trademark of the <a href="http://www.wikimediafoundation.org">Wikimedia Foundation, Inc</a>., a U.S. registered <a class='internal' href="/501%28c%29#501.28c.29.283.29" title="501(c)(3)">501(c)(3)</a> <a href="http://wikimediafoundation.org/Deductibility_of_donations">tax-deductible</a> <a class='internal' href="/Non-profit_organization" title="Non-profit organization">nonprofit</a> <a href="/Charitable_organization" title="Charitable organization">charity</a>.
  
• <a href="http://wikimediafoundation.org/Privacy_policy" title="wikimedia:Privacy policy">Privacy policy</a>
• <a href="/Wikipedia:About" title="Misplaced Pages:About">About Misplaced Pages</a>
• <a href="/Wikipedia:General_disclaimer" title="Misplaced Pages:General disclaimer">Disclaimers</a>

<script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script>

</body></html>