{{Short description|Hacker group}} {{Lowercase title}} {{Infobox organization | image = Milw0rmcnn.jpg | image_alt = <!-- alt text; see WP:ALT --> | caption = Milw0rm on CNN | map = <!-- optional --> | predecessor = | successor = | formation = 1998 | extinction = | type = <!-- GO, NGO, IGO, INGO, etc --> | status = | purpose = | headquarters = | coordinates = <!-- Coordinates of location using a coordinates template --> | language = <!-- official languages --> | key_people = | main_organ = <!-- gral. assembly, board of directors, etc --> | parent_organization = <!-- if one --> | affiliations = | budget = | remarks = | name = Milw0rm | bgcolor = <!-- header background color --> | fgcolor = <!-- header text color --> | image_border = | image_size = 180px | map_size = <!-- map size, optional, default 250px --> | map_alt = <!-- map alt text --> | map_caption = <!-- optional --> | map2 = | abbreviation = | location = | region_served = | membership = JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS | general_secretary = <!-- Secretary General --> | num_staff = | num_volunteers = | website = | former_name = }} '''Milw0rm''' is a group of hacktivists<ref name="NYTimes1998">{{cite news | url=http://www.pixelyze.com/scrapbook/articles/nyt103198/31hack.html | title='Hacktivists' of All Persuasions Take Their Struggle to the Web | newspaper=New York Times | date=October 31, 1998 | access-date=March 2, 2010 | archive-date=May 6, 2011 | archive-url=https://web.archive.org/web/20110506053722/http://www.pixelyze.com/scrapbook/articles/nyt103198/31hack.html | url-status=live }}</ref> best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai, the primary nuclear research facility of India, on June 3, 1998.<ref>[http://www.outlookindia.com/article.aspx?205741 Milworm Bites BARC] {{Webarchive|url=https://web.archive.org/web/20130518190738/http://www.outlookindia.com/article.aspx?205741 |date=2013-05-18 }} ''outlookindia.com''. Retrieved 30 December 2012</ref> The group conducted hacks for political reasons,<ref name="politics usual">{{cite book |title= Politics As Usual|last= Margolis|first= Michael|author2=David Resnick|year= 2000|publisher= Sage Publications|isbn= 0-7619-1330-0|page= 195}}</ref> including the largest mass hack up to that time, inserting an anti-nuclear weapons agenda and peace message on its hacked websites.<ref name="crime and internet">{{cite book |title= Crime and the Internet|last= Wall|first= David|author-link= David S. Wall|author2=William L. Simon|year= 2001|publisher= Routledge|location= London|isbn= 0-415-24429-3|page= [https://archive.org/details/crimeinternet00wall/page/n77 65]|url=https://archive.org/details/crimeinternet00wall|url-access= limited}}</ref><ref name="Internet security 64">{{cite book |title= Internet security|last= Himma|first= Kenneth Einar|year= 2006|publisher= Jones & Bartlett Publishers|isbn= 0-7637-3536-1|pages= 64–65}}</ref> The group's logo featured the slogan "Putting the power back in the hands of the people."<ref name="Ottawa">{{cite news | url=http://hrea.org/lists/huridocs-tech/markup/msg00014.html | title=E-Guerrillas in the mist | newspaper=Ottawa Citizen | date=October 27, 1998 | access-date=July 9, 2009 | archive-date=July 30, 2009 | archive-url=https://web.archive.org/web/20090730210759/http://hrea.org/lists/huridocs-tech/markup/msg00014.html | url-status=live }}</ref>
The BARC attack generated heated debate on the security of information in a world prevalent with countries developing nuclear weapons and the information necessary to do so, the ethics of "hacker activists" or "hacktivists," and the importance of advanced security measures in a modern world filled with people willing and able to break into insecure international websites.
The exploit site milw0rm.com and str0ke are unaffiliated with the milw0rm hacker group.
==Members== Little is known about the members of milw0rm, which is typical of hacking groups, which often conceal members' identities to avoid prosecution.<ref name="Internet security 92">{{cite book |title= Internet security|last= Himma|first= Kenneth Einar|year= 2006|publisher= Jones & Bartlett Publishers|isbn= 0-7637-3536-1|page=92 }}</ref> The international hacking team "united only by the Internet"{{citation needed|date=August 2012}}<ref>{{Cite journal|last=Smallridge|first=Joshua|date=2016|title=Understanding Cyber-Vigilantism: A Conceptual Framework|url=https://www.proquest.com/docview/1787752058|journal=Journal of Theoretical & Philosophical Criminology|volume=8|pages=57–70|id={{ProQuest|1787752058}}|access-date=2022-12-20|archive-date=2024-05-21|archive-url=https://web.archive.org/web/20240521145346/https://www.proquest.com/docview/1787752058|url-status=live}}</ref> was composed of teenagers<ref name="Rashtriya Sahara">{{cite book |title= Rashtriya Sahara|year= 1996|publisher= Sahara India Mass Communication|location= India}}</ref> who went by the aliases of JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS.<ref name="i-way robbery">{{cite book |title= I-way robbery|last= Boni|first= William C.|author2=Gerald L. Kovacich|year= 1999|publisher= Butterworth-Heinemann|isbn= 0-7506-7029-0|page= 142}}</ref> VeNoMouS, 18, hailed from New Zealand, ExtreemUK and JF, 18, from England, Keystroke, 16, from the US and Savec0re, 17, from the Netherlands.
JF went on to achieve a modicum of notoriety when MTV "hacked" its own website intentionally and graffitied the words "JF Was Here" across the page,<ref name="CNet">{{cite news | url=http://news.cnet.com/2100-1023-215319.html | title=MTV "hack" backfires| publisher=CNet | date=September 9, 1998|archive-url=https://web.archive.org/web/20121104091710/http://news.cnet.com/2100-1023-215319.html|archive-date=2012-11-04}}</ref> at the same time that JF was under investigation for the milw0rm attacks by Scotland Yard.<ref name="wired mtv">{{cite magazine | url=https://www.wired.com/culture/lifestyle/news/1998/09/14914 | title=MTV Cries 'Hacked!' | magazine=Wired | date=September 9, 1998 | access-date=March 10, 2017 | archive-date=November 7, 2009 | archive-url=https://web.archive.org/web/20091107204722/http://www.wired.com/culture/lifestyle/news/1998/09/14914 | url-status=live }}</ref> Hundreds of pages hosted on MTV.com sported the new JF logo, including one page that read, "JF was here, greets to milw0rm".<ref name="Antionline">{{cite news | url=http://antionline.com/SpecialReports/mtv/opinion.html | title=AntiOnline's Editorial Coverage Of The MTV Site "Hack" ?| publisher=AntiOnline | date=September 1998 |archive-url = https://web.archive.org/web/19981205104829/http://antionline.com/SpecialReports/mtv/opinion.html |archive-date = 1998-12-05}}</ref> MTV later confirmed that the alleged JF "hack" was a publicity stunt to promote the appearance of a commentator named Johnny Fame at the 1998 MTV Video Music Awards.<ref name="wired mtv"/> Many were puzzled by the apparent hack committed by JF since the hacker was "known for relatively high ethical standards."<ref name="wired mtv"/>
VeNoMouS claimed that he learned to crack into systems from Ehud Tenenbaum, an Israeli hacker known as The Analyzer.<ref name="Wiredfirst">{{cite magazine | url=https://www.wired.com/science/discoveries/news/1998/06/12717 | title=Crackers: We Stole Nuke Data | magazine=Wired | date=June 3, 1998 | access-date=March 10, 2017 | archive-date=January 18, 2014 | archive-url=https://web.archive.org/web/20140118163920/http://www.wired.com/science/discoveries/news/1998/06/12717 | url-status=live }}</ref>
==BARC attack== On the night of June 3, 1998, the group used a US military .mil machine to break into the LAN of BARC and gained root access. The group gained access to five megabytes of confidential emails and documents. These emails included correspondence between the center's scientists relating to the development of nuclear weapons. Savec0re erased all the data on two servers as a protest against the center's nuclear capabilities. They changed the center's webpage to display a mushroom cloud along with an anti-nuclear message and the phrase "Don't think destruction is cool, coz its not".<ref name="Wiredfirst" /><ref name="zdnet">{{cite news |date=June 5, 1998 |title=India has scary nuke hack |url=http://news.zdnet.com/2100-9595_22-510664.html |work=ZDNet |access-date=July 9, 2009 |archive-date=April 13, 2008 |archive-url=https://web.archive.org/web/20080413104846/http://news.zdnet.com/2100-9595_22-510664.html |url-status=dead }}</ref>
The group of teenagers were from the United States, United Kingdom and New Zealand.<ref name="liang qiao">{{cite book|title= Unrestricted warfare|last= Liang|first= Qiao|author2= Al Santoli|year= 2002|publisher= NewsMax Media|isbn= 0-9716807-2-8|page= [https://archive.org/details/isbn_9780971680722/page/35 35]|url= https://archive.org/details/isbn_9780971680722/page/35}}</ref>
Milw0rm then came forward with the security flaws they exploited in BARC's system, along with some of the thousands of pages of documents they had lifted from the server, concerning India's last five nuclear detonations.
After the attack Keystroke claimed that the breach had taken "13 minutes and 56 seconds" to execute. Though it was later reported that Keystroke meant this as a lighthearted answer. The invasion took careful planning, routing through servers throughout the world from three different continents, and took days to execute.<ref name="India">{{cite news | url=http://www.rediff.com/computer/1998/jun/09barc.htm | title=The Eye of the Needle | publisher=Rediff | date=June 9, 1998 | access-date=July 9, 2009 | archive-date=October 11, 2008 | archive-url=https://web.archive.org/web/20081011210835/http://www.rediff.com/computer/1998/jun/09barc.htm | url-status=live }}</ref>
==Attack aftermath== The security breach was first reported by ''Wired'' News. JF and VeNoMouS claimed credit by emailing ''Wired'' reporter James Glave with documents they had obtained from the BARC servers as proof.<ref name="zdnet"/>
After first denying that any incident had occurred, BARC officials admitted that the center had indeed been hacked and emails had been downloaded. It was reported that the security flaw resulted from "a very normal loophole in Sendmail". ''Forbes'' wrote that perhaps up to 100 hackers had followed milw0rm's footsteps into the BARC servers once they were revealed as insecure.<ref name="Forbes">{{cite news | url=https://www.forbes.com/1998/11/16/feat.html | title=Hacking Bhabha | work=Forbes | date=November 16, 1998 | access-date=September 5, 2017 | archive-date=March 3, 2016 | archive-url=https://web.archive.org/web/20160303173028/http://www.forbes.com/1998/11/16/feat.html | url-status=live }}</ref> The website was shut down while its security was upgraded.<ref name="zdnet"/> BARC officials said that none of the emails contained confidential information, the group did not destroy data, and that the computers they have that contain important data were isolated from the ones broken into.<ref name="India"/>
The milw0rm attack caused other groups to heighten their security to prevent invasion by hackers. The U.S. Army announced, without giving evidence as to why they believed this to be the case, that the hacks might have originated in Turkey.<ref name="zdnet" />
Later, Khalid Ibrahim approached members of milw0rm and attempted to buy classified documents from them. According to savec0re, Ibrahim threatened to kill him if the hacker did not turn over the classified documents in question.<ref name="Wired">{{cite magazine | url=https://www.wired.com/politics/law/news/1998/11/15812 | title=Do Terrorists Troll the Net? | magazine=Wired | date=November 4, 1998 | access-date=March 10, 2017 | archive-date=January 18, 2014 | archive-url=https://web.archive.org/web/20140118174050/http://www.wired.com/politics/law/news/1998/11/15812 | url-status=live }}</ref> Savec0re told Kevin Mitnick that Ibrahim first approached him posing as a family member of an FBI agent who could grant immunity to the members of milw0rm.<ref name="mitnick">{{cite book |title= The Art of Intrusion|last= Mitnick|first= Kevin|author-link= Kevin Mitnick|author2=William L. Simon|year= 2005|publisher= John Wiley and Sons|isbn= 0-7645-6959-7|page= [https://archive.org/details/artintrusionreal00mitn_335/page/n44 33]|url=https://archive.org/details/artintrusionreal00mitn_335|url-access= limited}}</ref>
The Electronic Disturbance Theater released a statement in support of JF, applauding him for his hacktivism and maintaining that computer break-ins of this sort were not cyber-terrorism as some claim.<ref>{{cite web |url=http://www.thing.net/~rdom/ecd/Brithacker.html |title=The Electronic Disturbance Theater supports "JF" the young british anti-nuclear hacker |publisher=The Electronic Disturbance Theater |date=July 8, 1998 |access-date=July 9, 2009 |archive-date=October 10, 2009 |archive-url=https://web.archive.org/web/20091010053810/http://www.thing.net/~rdom/ecd/Brithacker.html |url-status=live }}</ref>
==Other attacks== One month after the BARC incident, in July 1998, milw0rm hacked the British web hosting company Easyspace, putting their anti-nuclear mushroom cloud message on more than 300 of Easyspace's websites,<ref name="i-way robbery130">{{cite book |title= I-way robbery|last= Boni|first= William C.|author2=Gerald L. Kovacich|year= 1999|publisher= Butterworth-Heinemann|isbn= 0-7506-7029-0|page= 130}}</ref> along with text that read: "This mass takeover goes out to all the people out there who want to see peace in this world."<ref name="wiredmasshack">{{cite magazine | url=http://www.thing.net/~rdom/ecd/Brithacker.html | title=Anti-Nuke Cracker Strikes Again | magazine=Wired | date=July 3, 1998 | access-date=July 9, 2009 | archive-date=October 10, 2009 | archive-url=https://web.archive.org/web/20091010053810/http://www.thing.net/~rdom/ecd/Brithacker.html | url-status=live }}</ref>
''Wired'' reported that this incident was perhaps the "largest 'mass hack' ever undertaken."<ref name="wiredmasshack"/> The United States Department of Defense adviser John Arquilla later wrote that it was one of the largest hacks ever seen.<ref name="arquilla">{{cite book|title= Networks and netwars|last= Arquilla|first= John|author-link= John Arquilla|author2= David F. Ronfeldt|year= 2001|publisher= Rand Corporation|isbn= 0-8330-3030-2|page= [https://archive.org/details/networksnetwars00john/page/273 273]|url= https://archive.org/details/networksnetwars00john/page/273}}</ref> Some of the sites hacked in the incident were for the World Cup, Wimbledon, the Ritz Casino, Drew Barrymore, and the Saudi royal family.<ref name="wiredmasshack"/> The text placed on the sites read in part, "This mass takeover goes out to all the people out there who want to see peace in this world... This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen... Use your power to keep the world in a state of PEACE."<ref name="Harvard">{{cite news | url=http://hir.harvard.edu/articles/print.php?article=905 | title=Cyberwarriors: Activists and Terrorists Turn to Cyberspace | publisher=The Future of War | date=Summer 2001 | access-date=2009-07-09 | archive-date=2007-08-25 | archive-url=https://web.archive.org/web/20070825042107/http://hir.harvard.edu/articles/print.php?article=905 | url-status=live }}</ref>
While scanning a network for weaknesses, members of the group came across EasySpace, a British company which hosted many sites on one server. Along with members of the fellow hacking group Ashtray Lumberjacks,<ref name="Ottawa"/> milw0rm had the revised mushroom cloud image and text on all of Easyspace's websites in less than one hour.<ref name="wiredmasshack"/> Vranesevich said that the mass hack was rare in its effect and its intention: the hackers seemed to be more interested in political purposes than exposing computer security flaws.<ref name="wiredmasshack"/>
It was also reported that milw0rm broke into a Turkish nuclear facility in addition to BARC.<ref name="defense analysis">{{cite book |title= Defensor Pacis|year= 1999|publisher= The Institute}}</ref>
==See also== *Hacktivism *1984 Network Liberty Alliance
==References== {{reflist|2}}
==External links== {{wikiquote}}
=== Mirrors of hacked sites === *[http://www.zone-h.org/mirror/id/14681 BARC hack] *[https://www.flashback.se/hack/1998/07/02/1/index.html Mass hack] *[http://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/leje.htm Hacked site] *[https://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/fantasyfootball.htm Fantasyfootball.co.uk hacked] *[https://www.kitetoa.com/Pages/Textes/Les_Dossiers/Hacked/Souvenirs/michaelpowels.htm "We Hacked Prince Charles' Bentley!"] {{Hacking in the 1990s}}
Category:Hacker groups Category:Anti–nuclear weapons movement Category:Hacking (computer security) Category:Cybercrime in India Category:Nuclear history of India Category:Nuclear weapons programme of India Category:Indian nuclear weapons testing Category:Anti-nuclear movement in India