From: InfoSec News (isnC4I.ORG)
Date: Mon Apr 09 2001 - 22:40:22 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.vnunet.com/News/1120308

By James Middleton
[09 Apr 2001]

What motivates a hacker? Does the stereotypical concept of hackers as
antisocial teens spending weekends on the net surfing for porn and
trying to break into Windows boxes still fit?

vnunet.com puts these questions to a new group on the hacking scene.
Less than a month old, World of Hell is indeed on a mission to create
havoc for systems administrators everywhere, on any platform.

Although the group may only have existed since 12 March, it's already
got defacements on such sites as BT, Compaq, Motorola and Kellogs
under its belt, and makes no bones about the fact that members are
defacing sites to get media attention.

World of Hell also takes pride in the fact that it doesn't just hit on
NT boxes, confirming the belief that the hacking underground considers
hackers that can only break into Windows as 'lame'.

"My nan could be hacking NT within 10 minutes of me teaching her - it
is that easy," said one World of Hell member, Rubix. "Most NT defacers
don't have the patience to read and learn - they want to be spoon-fed
like babies. That is how poor NT security is."

But the hackers also have a heart. A trait of the group is to leave a
link to the relevant security patch on the defaced page.

This is not to rub the admin's nose in it, but because they don't want
"them to get shit off their employer. I'd hate for an admin to be
fired because some lame Unicode kiddie like me defaced their box. The
idea is the admin will update and restore before anyone else notices."

To get more of an insight into what it is to be a hacker, read
vnunet.com's exclusive interview with World of Hell.

http://www.vnunet.com/News/1120306

Hacking group spills the beans

By James Middleton
[09 Apr 2001]

vnunet talks to hacking group World of Hell.

What's your motivation for hacking? Personal, political, to prove a
point about security issues or just for fame/infamy?

Rubix: Well, I myself am 'hacking' to get media attention, and would
be known in the underground world as a 'media wh0re'. When I started
out I was hacking unknown and insignificant websites, but then I
thought, 'why am I hacking sites nobody cares about? I am gaining
nothing here.' So I set myself to only deface big companies, that way
I get more attention and 'respect' from guys on the underground.

Cowhead2000: I just hack because I'm bored. I try to equal out my
internet time evenly between pr0n [surfing for porn] and ./hax0rin
[hacking].

World of Hell only seems to carry out a few defacements a week. Any
particular reason behind that, or are you guys busy doing other
activities?

Rubix: That is true only because our group is not yet a month old. We
only started out sometime around March 12, but we have over 80
defacements so far. That's more than two a day, which is quite good in
my opinion.

Cowhead2000: We're lazy.

Would World of Hell describe itself as a group of opportunist defacers
or 'elite' (133t) hackers?

Rubix: Well the real reason we deface sites is because we can. Some
hackers want to be 'leet' so they'd hack a box then go onto IRC
[internet relay chat] and say: 'Hey everybody, I owned
www.momandpop.com! I'm l33t!' It's different for me. I use a different
alias when defacing. RuBiX is not my usual IRC and internet alias and
I don't boast about it at all. Only a few people (around five to 10)
know that it was me who hacked BT, Sony, Hewlett Packard and Compaq.
So I'd say I am an opportunist defacer, I wouldn't say I am a 'hacker'
just a 'defacer'.

Cowhead2000: It depends on what kind of mood I'm in. If I want to do
something lame and Unicode something, then I look for that
vulnerability. If for some reason I want to ro0t, I'll look for a good
*nix box. But we only hit big sites.

World of Hell has claimed some defacements on *nix boxes as well as
NT. Is it true that on the hacker underground, breaking into Linux or
Unix boxes earns you higher respect from other hackers?

Rubix: If you can hack *nix then you are regarded as 'leet' on the
underground. If you deface an unknown NT box, you get flamed. I have
only ever defaced an NT box if it is on a big domain. Whenever I have
'owned' a nobody site, it has been running a form of *nix.

Cowhead2000: It takes the same amount of skill to echo something to an
NT box, as it does to run a C script to hack a Linux box.

Is NT the hackers' favourite target because it is a popular platform
for web servers, or because it is seen as an operating system that is
easier to hack than *nix? Are there only a small number of hackers out
there with the skill to break *nix boxes, and does coming up against a
web server running Red Hat for example immediately put some hackers
off straight away?

Rubix: To be honest, my nan could be hacking NT within 10 minutes of
me teaching her, it is that easy. I think that NT will continue to be
hacked for a long, long time, just because some kid can echo 'I owned
jew!!' onto some lame.sub.server.wing.yang.ac.kr. Hacking *nix is not
hard, but requires more patience and reading. Most NT defacers don't
have the patience to read and learn - they want to be spoon fed like
babies. I do believe that if someone found a box they wanted to hack,
and it was running Red Hat, they would be totally put off by it. That
is how poor NT security is.

Some of your defacements are carried out through well known
vulnerabilities, such as the Unicode bug. This gives off a general
impression that some companies aren't taking security seriously
enough. Do you agree or do you think that those responsible for
security aren't clued up enough?

Rubix: I think it is ignorance. The patch for Unicode has been
available since August 2000, that's over seven months. I'm sure that
the administrator knows enough to install a simple Unicode patch, but
they probably say to themselves: 'It's okay, I'm earning 50K+ and no
one will ever want to hack my machine.' Or even: 'Yeah, I'll install
the security patches next week,' and then they never actually do.

World of Hell seems to have a habit of leaving instructions on how to
patch the hole exploited in the defacement. Is this your calling card?

Rubix: I point administrators to the correct patch because I don't
want them to get shit off their employer. I'd hate for an admin to be
fired because some lame Unicode kiddie like me defaced their box. The
idea is the admin will update and restore the server before anyone
else notices.

Do script kiddies pose the biggest threat to security simply because
it's possible to download and run a 'can opener' script against a
vulnerable box and do some sort of damage? Or are the elite hackers
those who sneak in, take control and keep quiet about it more
dangerous?

Rubix: Well, the 'elite' hackers out there are not seen. They don't
damage systems at all and you wouldn't even know they have been there.

Cowhead2000: People who sneak in, because when script kiddies get in,
the admins finally wake up and fix their shit.

Do you have any security advice that you'd like to offer to security
managers, such as tips on locking a web server down?

Rubix: Well, some of the admins have emailed me asking how I got in
etc, and I told them how to fix the flaw. Then they asked me to audit
their machine. Which I did. [The World of Hell email address is
whoyours.com].

Cowhead2000: If the admins aren't gonna keep up with security and
patch their boxes when need be, then I think every big company should
fire their admins and hire me. I need a job bad.

World of Hell is a new group, so how well do you know your other
members? How do you guys meet up?

Rubix: I am the only guy from the UK who is in the World of Hell crew.
We have two US members, myself from the UK, one from The Netherlands,
one from India, one from Brazil, and a few other guys who'd like to
stay anonymous. I met them all on IRC and have never met them or
contacted them in 'real life'. Most defacers out there are based in
Brazil and the USA and we have several hacker meetings, the most
famous being Defcon, which this year is in Las Vegas. Hackers from all
over the world go to this three day event to meet each other. That is
about the only 'real life' socialising that hackers do.

What is a typical hacker? Is the stereotype of antisocial teenagers
locked in their bedrooms hacking for hours on end true?

Rubix: I am a student and I attend high school. Most hackers are
between 14 and 20, but I have spoken to many hackers 20+ who could
hack but don't because they have jobs and can't risk being kicked out
for hacking, so I guess that is why it is 'kids' who hack. My idea of
a 'typical' hacker is a guy who spends all weekend on the computer
with the curtains drawn. I don't fit into that category, I have a
life, friends, girlfriend, and I play sport regularly. Now that the
summer is coming up I guess I won't be hacking as much. Who knows?
Maybe I'll grow up.

Anything else to add?

Rubix: Well, my view on defacing is this: if you're gonna do it, do
it. If not, don't. Ask yourself 'what is the point?' and 'what am I
gaining here?'

Cowhead2000: Anyone that would like to hire me for any kind of job,
computer related or not, preferably something to do with either
computers, sex or smoking pot, email my personal email address:
cowhead2000hotmail.com.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]