Milw0rm

Last updated
Milw0rm
Formation1998
Membership
JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS

Milw0rm is a group of hacktivists [1] best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai, the primary nuclear research facility of India, on June 3, 1998. [2] The group conducted hacks for political reasons, [3] including the largest mass hack up to that time, inserting an anti-nuclear weapons agenda and peace message on its hacked websites. [4] [5] The group's logo featured the slogan "Putting the power back in the hands of the people." [6]

Contents

The BARC attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons and the information necessary to do so, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with people willing and able to break into insecure international websites.

The exploit site milw0rm.com and str0ke are unaffiliated with the milw0rm hacker group.

Members

Little is known about the members of milw0rm, which is typical of hacking groups, which often conceal members' identities to avoid prosecution. [7] The international hacking team "united only by the Internet"[ citation needed ] [8] was composed of teenagers [9] who went by the aliases of JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS. [10] VeNoMouS, 18, hailed from New Zealand, ExtreemUK and JF, 18, from England, Keystroke, 16, from the US and Savec0re, 17, from the Netherlands.

JF went on to achieve a modicum of notoriety when MTV "hacked" its own website intentionally and graffitied the words "JF Was Here" across the page, [11] at the same time that JF was under investigation for the milw0rm attacks by Scotland Yard. [12] Hundreds of pages hosted on MTV.com sported the new JF logo, including one page that read, "JF was here, greets to milw0rm". [13] MTV later confirmed that the alleged JF "hack" was a publicity stunt to promote the appearance of a commentator named Johnny Fame at the 1998 MTV Video Music Awards. [12] Many were puzzled by the apparent hack committed by JF since the hacker was "known for relatively high ethical standards." [12]

VeNoMouS claimed that he learned to crack into systems from Ehud Tenenbaum, an Israeli hacker known as The Analyzer. [14]

BARC attack

On the night of June 3, 1998, the group used a US military .mil machine to break into the LAN of BARC and gained root access. The group gained access to five megabytes of confidential emails and documents. These emails included correspondence between the center's scientists relating to the development of nuclear weapons. Savec0re erased all the data on two servers as a protest against the center's nuclear capabilities. They changed the center's webpage to display a mushroom cloud along with an anti-nuclear message and the phrase "Don't think destruction is cool, coz its not". [14] [15]

The group of teenagers were from the United States, United Kingdom and New Zealand. [16]

Milw0rm then came forward with the security flaws they exploited in BARC's system, along with some of the thousands of pages of documents they had lifted from the server, concerning India's last five nuclear detonations.

After the attack Keystroke claimed that the breach had taken "13 minutes and 56 seconds" to execute. Though it was later reported that Keystroke meant this as a lighthearted answer. The invasion took careful planning, routing through servers throughout the world from three different continents, and took days to execute. [17]

Attack aftermath

The security breach was first reported by Wired News. JF and VeNoMouS claimed credit by emailing Wired reporter James Glave with documents they had obtained from the BARC servers as proof. [15]

After first denying that any incident had occurred, BARC officials admitted that the center had indeed been hacked and emails had been downloaded. It was reported that the security flaw resulted from "a very normal loophole in Sendmail". Forbes wrote that perhaps up to 100 hackers had followed milw0rm's footsteps into the BARC servers once they were revealed as insecure. [18] The website was shut down while its security was upgraded. [15] BARC officials said that none of the emails contained confidential information, the group did not destroy data, and that the computers they have that contain important data were isolated from the ones broken into. [17]

The milw0rm attack caused other groups to heighten their security to prevent invasion by hackers. The U.S. Army announced, without giving evidence as to why they believed this to be the case, that the hacks might have originated in Turkey. [15]

Later, Khalid Ibrahim approached members of milw0rm and attempted to buy classified documents from them. According to savec0re, Ibrahim threatened to kill him if the hacker did not turn over the classified documents in question. [19] Savec0re told Kevin Mitnick that Ibrahim first approached him posing as a family member of an FBI agent who could grant immunity to the members of milw0rm. [20]

The Electronic Disturbance Theater released a statement in support of JF, applauding him for his hacktivism and maintaining that computer break-ins of this sort were not cyber-terrorism as some claim. [21]

Other attacks

One month after the BARC incident, in July 1998, milw0rm hacked the British web hosting company Easyspace, putting their anti-nuclear mushroom cloud message on more than 300 of Easyspace's websites, [22] along with text that read: "This mass takeover goes out to all the people out there who want to see peace in this world." [23]

Wired reported that this incident was perhaps the "largest 'mass hack' ever undertaken." [23] The United States Department of Defense adviser John Arquilla later wrote that it was one of the largest hacks ever seen. [24] Some of the sites hacked in the incident were for the World Cup, Wimbledon, the Ritz Casino, Drew Barrymore, and the Saudi royal family. [23] The text placed on the sites read in part, "This mass takeover goes out to all the people out there who want to see peace in this world... This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen... Use your power to keep the world in a state of PEACE." [25]

While scanning a network for weaknesses, members of the group came across EasySpace, a British company which hosted many sites on one server. Along with members of the fellow hacking group Ashtray Lumberjacks, [6] milw0rm had the revised mushroom cloud image and text on all of Easyspace's websites in less than one hour. [23] Vranesevich said that the mass hack was rare in its effect and its intention: the hackers seemed to be more interested in political purposes than exposing computer security flaws. [23]

It was also reported that milw0rm broke into a Turkish nuclear facility in addition to BARC. [26]

See also

Related Research Articles

Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be completed by governments, corporations, criminal organizations, or individuals. It may or may not be legal and may or may not require authorization from a court or other independent government agencies. Computer and network surveillance programs are widespread today and almost all Internet traffic can be monitored.

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Cult of the Dead Cow</span> Hacker organization

Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas. The group maintains a weblog on its site, also titled "[Cult of the Dead Cow]". New media are released first through the blog, which also features thoughts and opinions of the group's members.

The 1998 MTV Video Music Awards aired live on September 10, 1998, honoring the best music videos from June 17, 1997, to June 12, 1998. The show was hosted by Ben Stiller at Gibson Amphitheatre in Los Angeles.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

<span class="mw-page-title-main">Antisec Movement</span> Hacking (computer security)

The Anti Security Movement is a movement opposed to the computer security industry. Antisec is against full disclosure of information relating to software vulnerabilities, exploits, exploitation techniques, hacking tools, attacking public outlets and distribution points of that information. The general thought behind this is that the computer security industry uses full disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software and auditing services.

weev Internet troll and hacker (born 1985)

Andrew Alan Escher Auernheimer, best known by his pseudonym weev, is an American computer hacker and professional Internet troll. Affiliated with the alt-right, he has been described as a neo-Nazi, white supremacist, and antisemitic conspiracy theorist. He has used many aliases when he has contacted the media, but most sources state that his real first name is Andrew.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

Ryan Ackroyd, a.k.a.Kayla and also lolspoon, is a former black hat hacker who was one of the six core members of the computer hacking group "LulzSec" during its 50-day spree of attacks from 6 May 2011 until 26 June 2011. Throughout the time, Ackroyd posed as a female hacker named "Kayla" and was responsible for the penetration of multiple military and government domains and many high profile intrusions into the networks of Gawker in December 2010, HBGaryFederal in 2011, PBS, Sony, Infragard Atlanta, Fox Entertainment and others. He eventually served 30 months in prison for his hacking activities.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This refers to its unified Military Unit Number of the Russian army regiments. The headquarters of Fancy Bear and the entire military unit, which reportedly specializes in state-sponsored cyberattacks and decryption of hacked data, were targeted by Ukrainian drones on July 24, 2023, the rooftop on an adjacent building collapsed as a result of the explosion.

<span class="mw-page-title-main">Phineas Fisher</span> Hacktivist

Phineas Fisher is an unidentified hacktivist and self-proclaimed anarchist revolutionary. Notable hacks include the surveillance company Gamma International, Hacking Team, the Sindicat De Mossos d'Esquadra and the ruling Turkish Justice and Development Party three of which were later made searchable by WikiLeaks.

<span class="mw-page-title-main">Distributed Denial of Secrets</span> Whistleblowing organization

Distributed Denial of Secrets, abbreviated DDoSecrets, is a nonprofit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

References

  1. "'Hacktivists' of All Persuasions Take Their Struggle to the Web". New York Times. October 31, 1998. Archived from the original on May 6, 2011. Retrieved March 2, 2010.
  2. Milworm Bites BARC Archived 2013-05-18 at the Wayback Machine outlookindia.com. Retrieved 30 December 2012
  3. Margolis, Michael; David Resnick (2000). Politics As Usual. Sage Publications. p. 195. ISBN   0-7619-1330-0.
  4. Wall, David; William L. Simon (2001). Crime and the Internet . London: Routledge. p.  65. ISBN   0-415-24429-3.
  5. Himma, Kenneth Einar (2006). Internet security. Jones & Bartlett Publishers. pp. 64–65. ISBN   0-7637-3536-1.
  6. 1 2 "E-Guerrillas in the mist". Ottawa Citizen. October 27, 1998. Archived from the original on July 30, 2009. Retrieved July 9, 2009.
  7. Himma, Kenneth Einar (2006). Internet security. Jones & Bartlett Publishers. p. 92. ISBN   0-7637-3536-1.
  8. Smallridge, Joshua (2016). "Understanding Cyber-Vigilantism: A Conceptual Framework". Journal of Theoretical & Philosophical Criminology. 8: 57–70. ProQuest   1787752058. Archived from the original on 2024-05-21. Retrieved 2022-12-20 via ProQuest.
  9. Rashtriya Sahara. India: Sahara India Mass Communication. 1996.
  10. Boni, William C.; Gerald L. Kovacich (1999). I-way robbery. Butterworth-Heinemann. p. 142. ISBN   0-7506-7029-0.
  11. "MTV "hack" backfires". CNet. September 9, 1998. Archived from the original on 2012-11-04.
  12. 1 2 3 "MTV Cries 'Hacked!'". Wired. September 9, 1998. Archived from the original on November 7, 2009. Retrieved March 10, 2017.
  13. "AntiOnline's Editorial Coverage Of The MTV Site "Hack" ?". AntiOnline. September 1998. Archived from the original on 1998-12-05.
  14. 1 2 "Crackers: We Stole Nuke Data". Wired. June 3, 1998. Archived from the original on January 18, 2014. Retrieved March 10, 2017.
  15. 1 2 3 4 "India has scary nuke hack". ZDNet. June 5, 1998. Archived from the original on April 13, 2008. Retrieved July 9, 2009.
  16. Liang, Qiao; Al Santoli (2002). Unrestricted warfare. NewsMax Media. p.  35. ISBN   0-9716807-2-8.
  17. 1 2 "The Eye of the Needle". Rediff. June 9, 1998. Archived from the original on October 11, 2008. Retrieved July 9, 2009.
  18. "Hacking Bhabha". Forbes. November 16, 1998. Archived from the original on March 3, 2016. Retrieved September 5, 2017.
  19. "Do Terrorists Troll the Net?". Wired. November 4, 1998. Archived from the original on January 18, 2014. Retrieved March 10, 2017.
  20. Mitnick, Kevin; William L. Simon (2005). The Art of Intrusion . John Wiley and Sons. p.  33. ISBN   0-7645-6959-7.
  21. "The Electronic Disturbance Theater supports "JF" the young british anti-nuclear hacker". The Electronic Disturbance Theater. July 8, 1998. Archived from the original on October 10, 2009. Retrieved July 9, 2009.
  22. Boni, William C.; Gerald L. Kovacich (1999). I-way robbery. Butterworth-Heinemann. p. 130. ISBN   0-7506-7029-0.
  23. 1 2 3 4 5 "Anti-Nuke Cracker Strikes Again". Wired. July 3, 1998. Archived from the original on October 10, 2009. Retrieved July 9, 2009.
  24. Arquilla, John; David F. Ronfeldt (2001). Networks and netwars. Rand Corporation. p.  273. ISBN   0-8330-3030-2.
  25. "Cyberwarriors: Activists and Terrorists Turn to Cyberspace". The Future of War. Summer 2001. Archived from the original on 2007-08-25. Retrieved 2009-07-09.
  26. Defensor Pacis. The Institute. 1999.

Mirrors of hacked sites