March 30, 2020
Home  »  Magazine  »  National  » Spotlight »  Milworm Bites BARC

Milworm Bites BARC

How did teenagers break into the BARC computer network? Could it happen again?

Milworm Bites BARC

INDIA has learnt its first lesson in global cyber-warfare: even a Nuclear Weapon State is vulnerable. The first known cyber-attack on this country occurred last week when specific computer systems were targeted in protest against the May 11 and 13 nuclear tests. And the attackers involved were not nation-states but groups of pimply-faced teenagers from around the globe.

  •  A group of three teenage hackers broke into computer systems at the Bhabha Atomic Research Centre (BARC), Trombay. They claim to have obtained data and e-mail on the recent tests, and destroyed all data in at least two of the eight servers at BARC.

  •  And several computer networks on the countrywide network, ERNET, that connects most of the academic institutions, have been reportedly broken into by various other groups of hackers as many as three times in the last fortnight.

    Officially, BARC denies having lost any "sensitive" data. But there is a sense of nervousness about the booty the hackers decamped with. And about the ease with which they achieved their aim of refocusing global attention on India. A typical headline: "Is the atom bomb safe in the hands of people who cannot even secure their servers?"

    Who did it? A group going by the name MilwOrm. Comprising six teenagers residing in the UK, New Zealand and the US, its youngest member, HamstOr, is just 15 years old. They claim to have hacked into a number of commercial sites as well as at least one US army server just two weeks ago. When BARC valiantly denied loss of data, the young hackers sent copies of the data they had obtained to a number of independent observers, and even posted some of it over the Internet. A large part of these claims appear to be verified by various observers.

    At least two more attacks on Indian networks took place two days after the initial round. In the first, a cluster of about 30 machines was hacked into. Around the same time, another group calling themselves "Armageddon" broke into the Bioinformatics Centre at the University of Pune. MilwOrm and the other groups plan to "continue their attacks" and claim that they "should have everything and be finished with India in about a week". Pakistani networks are slated to be next.

    What did they do? By merely tapping keys on their computer keyboards, MilwOrm claims to have downloaded five megabytes of information from BARC, opened e-mail between scientists and researchers, obtained the "test results", and taken a peak at "sensitive" internal memos. They also defaced the BARC home page ( and replaced it by their own. BARC's home page has since been dysfunctional. The hackers substituted the BARC's home page with one displaying a mushroom cloud with the text, "If a nuclear war does start, you will be the first to scream...."

    How did they do it? MilwOrm used a trusted and standard method to break in: they took advantage of the internal weaknesses in the BARC network. BARC's Internet server was connected to the internal line area network. This enabled the hackers to break into the BARC servers through a programme known as 'Sendmail'.

    The loophole in the pro-gramme is well known and, in fact, a patch had been posted several months ago. But neither BARC nor ERNET appear to have acted on it. The hackers covered their tracks by breaking in to a series of computers starting in Turkey and followed by three US military servers. Internal BARC logs would show as if the break-in came from a US military server.

    Is ERNET under threat? Yes. In the last three months, there have been at least two serious attacks on various nodes of ERNET. Break-ins into Web servers is almost routine. It happens to a fair number of servers and even "secure military" networks almost routinely. That is why the Web servers ought not to have any connection to anything valuable. However, isolating sensitive information from public networks (a standard security practice known as compartmentalising) was not done and it was negligence on the government's part to expose even relatively harmless data, never mind sensitive e-mail to the Internet. Insiders say ERNET is a "primitive horse and buggy" system compared to the current networks and security is "non-existent and borders on the abysmal". Further attacks in almost all probability cannot be ruled out.

    Did the US know? There is sharp suspicion that it did. In fact it is quite likely that all data stolen by the hackers is in the hands of the US. The hackers reached the BARC network through a chain of US defence servers. According to experts, it is highly unlikely that the US defence department was not aware about the hackers' movements and their final destination. The US Defense Intelligence Agency and the US National Security Agency were aware of the hack and monitored the hack in real time. According to NBC News, CIA had obtained the material hacked from BARC and was "reviewing it". This "coup" of sorts was probably very handy after the spate of criticism that the agency faced after failing to predict the Pokhran blasts.

    Is this war? It is, but it's a Net war, not a nuclear one. Cyber wars are not "real wars". Unlike traditional wars, they are not fought over military, economic, political and social matters. In contrast, they seek to disrupt and destroy the information and communications systems that increasingly govern human lives. That is, it's low-cost, maximum damage. Doomsday theorists are conjuring scenarios of crippling attacks on the US infrastructure from flight control systems to banking and finances that are totally dependent on networked computers.

    Is the US itself safe? No. The US spends upwards of $7 billion (Rs 30,000 crore) or about two-thirds of India's entire defence budget on various offensive and defensive forms of e-wars and cyber-wars against an estimated 20,000 groups of hackers. Yet, there has been a spate of well-publicised attacks in the last three months.

    In the first of these, a teenager accessed many of the Pentagon's secure networks and accessed "very sensitive information". It took an team of at least 100 investigators including 30 FBI agents to track this 18-year-old down to Israel. The teenager, going by the handle "Analyzer", had managed to obtain root—or administrator-level—access to a number of US military servers.

    After the identification, the Israeli prime minister publicly praised the kid as "damn good...very dangerous, too". The US request to extradite him will probably be refused as the "Analyzer" after being taken into custody by the Israeli police was drafted into the Israeli army!

    What can we do? The US has a stated policy against hackers, and their blood brothers (and sisters): crackers and phreakers. It has vowed to crack down on malicious and mischievous crackers probing computer systems, whether classified or not. Bill Clinton has just appointed a "tsar". The attorney general of the US is on record as recently as a month ago stating that the US would "work around the world and in the depths of cyberspace to investigate and prosecute those who attack computer networks".

    Nuclear India doesn't have a policy, or the means to enforce it, against warfare that can bleed it dry with no drop of blood shed.

  • Next Story >>
    Google + Linkedin Whatsapp

    Read More in:

    The Latest Issue

    Outlook Videos