Wanna know how BT.com was hacked?
We had a sniff about and come up trumps
Last week, we were contacted by a reader who claimed to have taken bt.com, btinternet.com and gameplay.com offline through a denial of service attack. We checked it out and he wasn't lying. The anonymous person went to great length as to why he had attacked BT, quoting its appalling Internet access packages as the source of his ire.
We don't condone such activity but we could certainly understand his frustration and seems as though most of you could too.
Since then we been sniffing about the Web to find how someone managed to bring down BT's main Web sites. While yer man was clearly technically very literate, had BT maintained his level of Net expertise and simply failed to make the sites solid enough?
We note with interest that BT has since beefed up security. That was extremely fast, we pondered. But then is it surprising? Our beloved monopolistic telecoms giant had simply remained true to form and held back technology until it was needed.
However, thanks to a reader tip-off, we also came across the latest issue of an online hacking mag which featured a article called "Plague v0.1" written by Datawar and another person with a surprisingly similar pseudonym to one of the emails we received from the attacker.
Plague is, unsurprisingly, a DoS method and coding. It would appear that Datawar had written the original tool, which our man had then perfected - to apparently great effect. Plague's primary purpose "is to create an environment that it capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
"The program will consist of a client which runs on the users own machine. The client communicates with a master server which will be responsible for coordinating a set of ghost daemons."
Top of the list of the program's attributes was Stream flood - listed as complete and extensively worked on by the attacker - which was what most likely used against BT. A scanning aspect - which looks for weak machines to act as ghosts - is also part of the program.
For those of you that don't know how a denial of service attack works is follows something like this: one machine locates and compromises a number of other machines that have poor security. It then installs a hidden piece of code on it. This code effectively enables the original machine to make the others (known as ghosts) send information to sites of its choice. By sending dead packets of information to a particular server, that server responds to confirm a connection but the message is reflected back. This build up from a range of different machines can cause the server to topple over and makes viewing the site by anyone else extremely difficult.
Those being attacked can block all the traffic from one machine but when many are used, this job requires a lot of effort and time.
So there you have it. But where's the code or the URL, you want to know. You said you'd tell us how to do it. Well, my friends that was a headline to catch your attention. We've had a brief debate here at The Reg and our ethical stance about this sort of activity is that while we will report and inform people about what is going on, we will not point people in the direction of potentially damaging information.
This sort of approach is used widely by the UK media in all sorts of sensitive reporting, although the court system appears to have got carried away with reporting restrictions. On the other side are things like the News of the World's recent approach to the murder of child Sarah Payne. It has decided, in a moment of self-imposed omniscience, to print a list of known paedophiles in the UK - even extending this to an interactive "search for your local paedophile" on its Web site. Since this is totally irresponsible, we feel it would be irresponsible to do the same with this DoS story.
That said, we credit you the readers with enough intelligence to find out what you want to know. If it's that important to you, have a hunt around yourselves. ®
Sponsored: Customer Identity and Access Management