Three-Week Hack Renders Over 1300 Windows Servers Inoperable

A 30-year-old man was charged with criminal
damage in Melbourne, Australia on Friday in connection with what could be
well over one thousand attacks on Windows servers connected to the
Internet.


Over the last three weeks, a hacker with the nickname “Number Cruncher” had
been gaining access to Net-connected workstations running the Windows
desktop operating system, and deleting enough vital system files to make
the servers unbootable.


Reports have come in from victims across Australia, who had in common an IP
address starting with the number 203, and who had “File Sharing” turned on
in their Windows or TCP/IP preferences without passwords enabled.


The hacked servers had the contents of their root directories deleted, many
executable programs and DLL files removed from their “C:windows”
directory, and many directories and files were added–including a picture
of the Unabomber.


A “readme” file, which was copied numerous times on victim’s hard drives,
included a victim count, the epitaphs “Not quite random internet violence,” “They had computers, some even had guns and other weapons of mass
destruction,” and an instruction for victims to telephone two Melbourne
television stations.


Police estimated the cost of rebuilding drives at up to AUS$15,000
(US$9,300) each, with at least 30 businesses known to have been affected.
While the toll of victims had risen to 1332 by early Friday, this may be
misleading as it counted the number of drives attacked, not the number of
servers or the number of locations.


The man, who lives in Glen Waverley, Victoria, was bailed to appear on
September 15, 1998.

News Around the Web