Feeds

Wanna know how BT.com was hacked?

We had a sniff about and come up trumps

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Last week, we were contacted by a reader who claimed to have taken bt.com, btinternet.com and gameplay.com offline through a denial of service attack. We checked it out and he wasn't lying. The anonymous person went to great length as to why he had attacked BT, quoting its appalling Internet access packages as the source of his ire.

We don't condone such activity but we could certainly understand his frustration and seems as though most of you could too.

Since then we been sniffing about the Web to find how someone managed to bring down BT's main Web sites. While yer man was clearly technically very literate, had BT maintained his level of Net expertise and simply failed to make the sites solid enough?

We note with interest that BT has since beefed up security. That was extremely fast, we pondered. But then is it surprising? Our beloved monopolistic telecoms giant had simply remained true to form and held back technology until it was needed.

However, thanks to a reader tip-off, we also came across the latest issue of an online hacking mag which featured a article called "Plague v0.1" written by Datawar and another person with a surprisingly similar pseudonym to one of the emails we received from the attacker.

Plague is, unsurprisingly, a DoS method and coding. It would appear that Datawar had written the original tool, which our man had then perfected - to apparently great effect. Plague's primary purpose "is to create an environment that it capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.

"The program will consist of a client which runs on the users own machine. The client communicates with a master server which will be responsible for coordinating a set of ghost daemons."

Top of the list of the program's attributes was Stream flood - listed as complete and extensively worked on by the attacker - which was what most likely used against BT. A scanning aspect - which looks for weak machines to act as ghosts - is also part of the program.

For those of you that don't know how a denial of service attack works is follows something like this: one machine locates and compromises a number of other machines that have poor security. It then installs a hidden piece of code on it. This code effectively enables the original machine to make the others (known as ghosts) send information to sites of its choice. By sending dead packets of information to a particular server, that server responds to confirm a connection but the message is reflected back. This build up from a range of different machines can cause the server to topple over and makes viewing the site by anyone else extremely difficult.

Those being attacked can block all the traffic from one machine but when many are used, this job requires a lot of effort and time.

So there you have it. But where's the code or the URL, you want to know. You said you'd tell us how to do it. Well, my friends that was a headline to catch your attention. We've had a brief debate here at The Reg and our ethical stance about this sort of activity is that while we will report and inform people about what is going on, we will not point people in the direction of potentially damaging information.

This sort of approach is used widely by the UK media in all sorts of sensitive reporting, although the court system appears to have got carried away with reporting restrictions. On the other side are things like the News of the World's recent approach to the murder of child Sarah Payne. It has decided, in a moment of self-imposed omniscience, to print a list of known paedophiles in the UK - even extending this to an interactive "search for your local paedophile" on its Web site. Since this is totally irresponsible, we feel it would be irresponsible to do the same with this DoS story.

That said, we credit you the readers with enough intelligence to find out what you want to know. If it's that important to you, have a hunt around yourselves. ®

Related stories

BT hacked: revenge for crap service
BT hands over money for the Great British Stitch-Up

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.