Re: Pakistan Hacker Club ?

sillyhead (cdale@home.isolnet.com)
Tue, 12 Oct 1999 20:51:47 -0500 (CDT)


Well, it was them, but they didn't deface anything. What happened was
that a friend of mine took over #pakistan or someshit on irc, and this guy
said that if he'd give the channel back, he'd give him root on any box he
wanted. Knowing my box was pretty secure in general, my friend told him
that if he rooted my machine, he'd give him the channel back. So, anyhow,
my pal said 'PSYCHE' and didn't give him the channel back, so he rm -rf'd
all the boxes on the network. Fun stuff. But really, he got in thru my
name server, but to this day, I have no clue how he managed to get into
the other boxes. He admitted he was part of this "Club" when he was
caught. He was not a US citizen, and I don't know what happened after
he was jailed (what do they do with folks like that anyhow?) Of course,
he could have just been saying that he was a member of this group, who
knows? It was really a fluke that he ws even caught because we'd done
backups like, RIGHT when he did this, so somehow we had his IP (yeh, the
dumbass telnetted from his school account) and rm -rf /* was even in the
.bash_profile! Weird. But the weirdest thing about all of it was that we
reinstalled all the boxes as fast as we could, and left the name server
-blank- until we were done and for a few days longer, and for a few more
days longer, and it just sat there, a blank drive, serving name service
for the network. We finally took it down and reinstallled over a week
later. -boggle-
Anyhow, this was a couple of weeks before the bind exploit hit rootshell
or whatever, and it was also the FORTH time I'd been hit with an exploit
right before it hit BT (But will Aleph ever listen to me? noooooo). Of
course, by that time, I'd learned to stop sayin that my systems are secure
without a doubt, so it didn't hurt my ego as badly as the times before.
heh.
I'ma stop rambling now,
C

On Tue, 12 Oct 1999, B.K. DeLong wrote:

> At 06:05 PM 10/12/99 -0500, you wrote:
> >I have more info about them. About 2 years ago, they jumped on the bind
> >exploit bandwagon (before it hit the public) and hacked my network, and rm
> >-rf'd 9 boxes. (: Unfortunately for one of them, he was here in the US
> >in college and we were able to track him down. He's now in jail. (:
>
> I highly doubt that was a member of the Pakistan Hackers Club. They didn't
> start defacing Web sites until July of this year. Mind you....there are
> hundreds of script kiddie groups that are in existance from one day to the
> next.
>
> Was your Web site defaced?
>
> Here's what the head of PHC says:
>
> "noh..we never had any US or any other member..i formed the club and i wuz the
> only member of PHC..then i got Mr_Sweet..and since then there is no other
> person related to PHC.. itz just two of us..PHC will always be the same like
> this..we will NEVER include any other person.."
> --
> B.K. DeLong
> Research Lead
> ZOT Group
>
> 617.642.7149
> bkdelong@zotgroup.com
> http://www.zotgroup.com