Feeds

Wanna know how BT.com was hacked?

We had a sniff about and come up trumps

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Last week, we were contacted by a reader who claimed to have taken bt.com, btinternet.com and gameplay.com offline through a denial of service attack. We checked it out and he wasn't lying. The anonymous person went to great length as to why he had attacked BT, quoting its appalling Internet access packages as the source of his ire.

We don't condone such activity but we could certainly understand his frustration and seems as though most of you could too.

Since then we been sniffing about the Web to find how someone managed to bring down BT's main Web sites. While yer man was clearly technically very literate, had BT maintained his level of Net expertise and simply failed to make the sites solid enough?

We note with interest that BT has since beefed up security. That was extremely fast, we pondered. But then is it surprising? Our beloved monopolistic telecoms giant had simply remained true to form and held back technology until it was needed.

However, thanks to a reader tip-off, we also came across the latest issue of an online hacking mag which featured a article called "Plague v0.1" written by Datawar and another person with a surprisingly similar pseudonym to one of the emails we received from the attacker.

Plague is, unsurprisingly, a DoS method and coding. It would appear that Datawar had written the original tool, which our man had then perfected - to apparently great effect. Plague's primary purpose "is to create an environment that it capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.

"The program will consist of a client which runs on the users own machine. The client communicates with a master server which will be responsible for coordinating a set of ghost daemons."

Top of the list of the program's attributes was Stream flood - listed as complete and extensively worked on by the attacker - which was what most likely used against BT. A scanning aspect - which looks for weak machines to act as ghosts - is also part of the program.

For those of you that don't know how a denial of service attack works is follows something like this: one machine locates and compromises a number of other machines that have poor security. It then installs a hidden piece of code on it. This code effectively enables the original machine to make the others (known as ghosts) send information to sites of its choice. By sending dead packets of information to a particular server, that server responds to confirm a connection but the message is reflected back. This build up from a range of different machines can cause the server to topple over and makes viewing the site by anyone else extremely difficult.

Those being attacked can block all the traffic from one machine but when many are used, this job requires a lot of effort and time.

So there you have it. But where's the code or the URL, you want to know. You said you'd tell us how to do it. Well, my friends that was a headline to catch your attention. We've had a brief debate here at The Reg and our ethical stance about this sort of activity is that while we will report and inform people about what is going on, we will not point people in the direction of potentially damaging information.

This sort of approach is used widely by the UK media in all sorts of sensitive reporting, although the court system appears to have got carried away with reporting restrictions. On the other side are things like the News of the World's recent approach to the murder of child Sarah Payne. It has decided, in a moment of self-imposed omniscience, to print a list of known paedophiles in the UK - even extending this to an interactive "search for your local paedophile" on its Web site. Since this is totally irresponsible, we feel it would be irresponsible to do the same with this DoS story.

That said, we credit you the readers with enough intelligence to find out what you want to know. If it's that important to you, have a hunt around yourselves. ®

Related stories

BT hacked: revenge for crap service
BT hands over money for the Great British Stitch-Up

Using blade systems to cut costs and sharpen efficiencies

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.