Feeds

Wanna know how BT.com was hacked?

We had a sniff about and come up trumps

  • alert
  • submit to reddit

High performance access to file storage

Last week, we were contacted by a reader who claimed to have taken bt.com, btinternet.com and gameplay.com offline through a denial of service attack. We checked it out and he wasn't lying. The anonymous person went to great length as to why he had attacked BT, quoting its appalling Internet access packages as the source of his ire.

We don't condone such activity but we could certainly understand his frustration and seems as though most of you could too.

Since then we been sniffing about the Web to find how someone managed to bring down BT's main Web sites. While yer man was clearly technically very literate, had BT maintained his level of Net expertise and simply failed to make the sites solid enough?

We note with interest that BT has since beefed up security. That was extremely fast, we pondered. But then is it surprising? Our beloved monopolistic telecoms giant had simply remained true to form and held back technology until it was needed.

However, thanks to a reader tip-off, we also came across the latest issue of an online hacking mag which featured a article called "Plague v0.1" written by Datawar and another person with a surprisingly similar pseudonym to one of the emails we received from the attacker.

Plague is, unsurprisingly, a DoS method and coding. It would appear that Datawar had written the original tool, which our man had then perfected - to apparently great effect. Plague's primary purpose "is to create an environment that it capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.

"The program will consist of a client which runs on the users own machine. The client communicates with a master server which will be responsible for coordinating a set of ghost daemons."

Top of the list of the program's attributes was Stream flood - listed as complete and extensively worked on by the attacker - which was what most likely used against BT. A scanning aspect - which looks for weak machines to act as ghosts - is also part of the program.

For those of you that don't know how a denial of service attack works is follows something like this: one machine locates and compromises a number of other machines that have poor security. It then installs a hidden piece of code on it. This code effectively enables the original machine to make the others (known as ghosts) send information to sites of its choice. By sending dead packets of information to a particular server, that server responds to confirm a connection but the message is reflected back. This build up from a range of different machines can cause the server to topple over and makes viewing the site by anyone else extremely difficult.

Those being attacked can block all the traffic from one machine but when many are used, this job requires a lot of effort and time.

So there you have it. But where's the code or the URL, you want to know. You said you'd tell us how to do it. Well, my friends that was a headline to catch your attention. We've had a brief debate here at The Reg and our ethical stance about this sort of activity is that while we will report and inform people about what is going on, we will not point people in the direction of potentially damaging information.

This sort of approach is used widely by the UK media in all sorts of sensitive reporting, although the court system appears to have got carried away with reporting restrictions. On the other side are things like the News of the World's recent approach to the murder of child Sarah Payne. It has decided, in a moment of self-imposed omniscience, to print a list of known paedophiles in the UK - even extending this to an interactive "search for your local paedophile" on its Web site. Since this is totally irresponsible, we feel it would be irresponsible to do the same with this DoS story.

That said, we credit you the readers with enough intelligence to find out what you want to know. If it's that important to you, have a hunt around yourselves. ®

Related stories

BT hacked: revenge for crap service
BT hands over money for the Great British Stitch-Up

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.