talks to hacking group World of Hell.
What's your motivation for hacking? Personal, political, to prove a point about security issues or just for fame/infamy?
Rubix: Well, I myself am 'hacking' to get media attention, and would be known in the underground world as a 'media wh0re'. When I started out I was hacking unknown and insignificant websites, but then I thought, 'why am I hacking sites nobody cares about? I am gaining nothing here.' So I set myself to only deface big companies, that way I get more attention and 'respect' from guys on the underground.
Cowhead2000: I just hack because I'm bored. I try to equal out my internet time evenly between pr0n [surfing for porn] and ./hax0rin [hacking].
World of Hell only seems to carry out a few defacements a week. Any particular reason behind that, or are you guys busy doing other activities?
Rubix: That is true only because our group is not yet a month old. We only started out sometime around March 12, but we have over 80 defacements so far. That's more than two a day, which is quite good in my opinion.
Cowhead2000: We're lazy.
Would World of Hell describe itself as a group of opportunist defacers or 'elite' (133t) hackers?
Rubix: Well the real reason we deface sites is because we can. Some hackers want to be 'leet' so they'd hack a box then go onto IRC [internet relay chat] and say: 'Hey everybody, I owned www.momandpop.com! I'm l33t!' It's different for me. I use a different alias when defacing. RuBiX is not my usual IRC and internet alias and I don't boast about it at all. Only a few people (around five to 10) know that it was me who hacked BT, Sony, Hewlett Packard and Compaq. So I'd say I am an opportunist defacer, I wouldn't say I am a 'hacker' just a 'defacer'.
Cowhead2000: It depends on what kind of mood I'm in. If I want to do something lame and Unicode something, then I look for that vulnerability. If for some reason I want to ro0t, I'll look for a good *nix box. But we only hit big sites.
World of Hell has claimed some defacements on *nix boxes as well as NT. Is it true that on the hacker underground, breaking into Linux or Unix boxes earns you higher respect from other hackers?
Rubix: If you can hack *nix then you are regarded as 'leet' on the underground. If you deface an unknown NT box, you get flamed. I have only ever defaced an NT box if it is on a big domain. Whenever I have 'owned' a nobody site, it has been running a form of *nix.
Cowhead2000: It takes the same amount of skill to echo something to an NT box, as it does to run a C script to hack a Linux box.
Is NT the hackers' favourite target because it is a popular platform for web servers, or because it is seen as an operating system that is easier to hack than *nix? Are there only a small number of hackers out there with the skill to break *nix boxes, and does coming up against a web server running Red Hat for example immediately put some hackers off straight away?
Rubix: To be honest, my nan could be hacking NT within 10 minutes of me teaching her, it is that easy. I think that NT will continue to be hacked for a long, long time, just because some kid can echo 'I owned jew!!' onto some lame.sub.server.wing.yang.ac.kr. Hacking *nix is not hard, but requires more patience and reading. Most NT defacers don't have the patience to read and learn - they want to be spoon fed like babies. I do believe that if someone found a box they wanted to hack, and it was running Red Hat, they would be totally put off by it. That is how poor NT security is.
Some of your defacements are carried out through well known vulnerabilities, such as the Unicode bug. This gives off a general impression that some companies aren't taking security seriously enough. Do you agree or do you think that those responsible for security aren't clued up enough?
Rubix: I think it is ignorance. The patch for Unicode has been available since August 2000, that's over seven months. I'm sure that the administrator knows enough to install a simple Unicode patch, but they probably say to themselves: 'It's okay, I'm earning £50K+ and no one will ever want to hack my machine.' Or even: 'Yeah, I'll install the security patches next week,' and then they never actually do.
World of Hell seems to have a habit of leaving instructions on how to patch the hole exploited in the defacement. Is this your calling card?
Rubix: I point administrators to the correct patch because I don't want them to get shit off their employer. I'd hate for an admin to be fired because some lame Unicode kiddie like me defaced their box. The idea is the admin will update and restore the server before anyone else notices.
Do script kiddies pose the biggest threat to security simply because it's possible to download and run a 'can opener' script against a vulnerable box and do some sort of damage? Or are the elite hackers those who sneak in, take control and keep quiet about it more dangerous?
Rubix: Well, the 'elite' hackers out there are not seen. They don't damage systems at all and you wouldn't even know they have been there.
Cowhead2000: People who sneak in, because when script kiddies get in, the admins finally wake up and fix their shit.
Do you have any security advice that you'd like to offer to security managers, such as tips on locking a web server down?
Rubix: Well, some of the admins have emailed me asking how I got in etc, and I told them how to fix the flaw. Then they asked me to audit their machine. Which I did. [The World of Hell email address is [email protected]].
Cowhead2000: If the admins aren't gonna keep up with security and patch their boxes when need be, then I think every big company should fire their admins and hire me. I need a job bad.
World of Hell is a new group, so how well do you know your other members? How do you guys meet up?
Rubix: I am the only guy from the UK who is in the World of Hell crew. We have two US members, myself from the UK, one from The Netherlands, one from India, one from Brazil, and a few other guys who'd like to stay anonymous. I met them all on IRC and have never met them or contacted them in 'real life'. Most defacers out there are based in Brazil and the USA and we have several hacker meetings, the most famous being Defcon, which this year is in Las Vegas. Hackers from all over the world go to this three day event to meet each other. That is about the only 'real life' socialising that hackers do.
What is a typical hacker? Is the stereotype of antisocial teenagers locked in their bedrooms hacking for hours on end true?
Rubix: I am a student and I attend high school. Most hackers are between 14 and 20, but I have spoken to many hackers 20+ who could hack but don't because they have jobs and can't risk being kicked out for hacking, so I guess that is why it is 'kids' who hack. My idea of a 'typical' hacker is a guy who spends all weekend on the computer with the curtains drawn. I don't fit into that category, I have a life, friends, girlfriend, and I play sport regularly. Now that the summer is coming up I guess I won't be hacking as much. Who knows? Maybe I'll grow up.
Anything else to add?
Rubix: Well, my view on defacing is this: if you're gonna do it, do it. If not, don't. Ask yourself 'what is the point?' and 'what am I gaining here?'
Cowhead2000: Anyone that would like to hire me for any kind of job, computer related or not, preferably something to do with either computers, sex or smoking pot, email my personal email address: [email protected]
Dubbed Barnard's star B, newly discovered planet is believed to be rocky
Also, what's a USB stick?
Gravitational waves become extremely weak by the time they reach the Earth and require highly sensitive equipment for detection
The reactor topped out at 100 million° C