RealTime IT News

Three-Week Hack Renders Over 1300 Windows Servers Inoperable

A 30-year-old man was charged with criminal damage in Melbourne, Australia on Friday in connection with what could be well over one thousand attacks on Windows servers connected to the Internet.

Over the last three weeks, a hacker with the nickname "Number Cruncher" had been gaining access to Net-connected workstations running the Windows desktop operating system, and deleting enough vital system files to make the servers unbootable.

Reports have come in from victims across Australia, who had in common an IP address starting with the number 203, and who had "File Sharing" turned on in their Windows or TCP/IP preferences without passwords enabled.

The hacked servers had the contents of their root directories deleted, many executable programs and DLL files removed from their "C:\windows" directory, and many directories and files were added--including a picture of the Unabomber.

A "readme" file, which was copied numerous times on victim's hard drives, included a victim count, the epitaphs "Not quite random internet violence," "They had computers, some even had guns and other weapons of mass destruction," and an instruction for victims to telephone two Melbourne television stations.

Police estimated the cost of rebuilding drives at up to AUS$15,000 (US$9,300) each, with at least 30 businesses known to have been affected. While the toll of victims had risen to 1332 by early Friday, this may be misleading as it counted the number of drives attacked, not the number of servers or the number of locations.

The man, who lives in Glen Waverley, Victoria, was bailed to appear on September 15, 1998.