Buscar
Juicios contra el canon
Para más información, apúntese a nuestra
lista de correo
Sindicar
Technorati
La Topología de Internet: el nuevo Territorio (XV)
Mencionábamos en el último artículo que la norma jurídica ha perdido la coercibilidad debido a la topología de Internet. Lo entenderemos mejor con un ejemplo real ocurrido durante esta Semana Santa.
El pasado jueves 20 de abril comenzó un "thread" (literalmente hilo - grupo de mensajes y sus respuestas) en el grupo de usenet -alt.hackers.malicious-, thread que se consumió el sábado 22. Al final de este articulo les incorporo en Anexo un resumen de los mensajes a los que hago referencia.
Lo que se ha planeado en estos tres días es el ataque a una serie de páginas de pornografía infantil. Varios crackers (Mr. Bean, ExecutoR, Daito, Sunnut, Rikijo, Damien, Krakan, The Jester, Sycho y John Starrett) han comenzado a ejecutar su plan a la luz de todos los ojos y a compartir públicamente su trabajo.
Uno de los crackers expone la existencia de una página con contenido pornográfico infantil, otros verifican a nombre de quién está registrada esta página, otros más escanean la página en busca de los puertos abiertos del ordenador. Todos los resultados que obtienen, se "postean" en el foro, a la vista de cualquiera. Y ninguno de ellos oculta que va a "crackear" dichas páginas.
Asimismo, mantienen que les repulsa ese tipo de páginas y que el FBI, a quien han denunciado la existencia de las mismas, no les ha hecho caso alguno, por lo que se toman la Ley por su mano (ver mensaje de John Starrett de 21 de abril).
Las páginas atacadas se hallan en servidores de EE. UU, de Filipinas y de Rusia.
Los crackers, aparentemente, son norteamericanos, según se desprende de su lenguaje, expresiones y otros datos.
El acto que quieren realizar consiste en borrar páginas de pornografía infantil.
El escenario es la Red: los II PP, los tipos de servidores y los servicios que éstos prestan.
¿Es ilícito atacar servidores de pornografía infantil? ¿Es ilícito asociarse para atacar servidores de pornografía infantil? ¿Es ilícito escanear los puertos de los servidores de pornografía infantil?
La topología de Internet nos da el escenario donde se desarrolla toda la actividad que hemos comentado: el plan, la información compartida, la puesta a disposición de los demás de la información obtenida, para que otros ya trabajen desde ese punto? En definitiva, la topología define necesariamente los diversos actos necesarios para hackear. Sólo desde el conocimiento de esa topología, pueden definirse previamente los ilícitos para luego perseguirlos.
ANEXO. Extracto de mensajes en alt.hackers.malicious desde el 20 al 22 de abril de 2000.
Comienza el thread: Mr. Bean expone sus experiencias como hacker y afirma que se pueden atacar páginas de pornografía infantil. Da la dirección de una de ellas.
SUBJECT: PEDOPHILI SITES AGAIN & PRECIOUS LESSONS THAT I'VE LEARNED
From: "Mr. Bean"
Newsgroups: alt.hackers.malicious
Date: Thu, 20 Apr 2000 23:57:47 GMT
I've learnt a few things, from my own experience, from seeing others, etc. Who knows it might be useful.
1) Never bragg to anybody, especially in the IRC. FBI are everywhere. I got my account suspended, and possibly I'm gonna be kicked out from my university because of that. This is my biggest mistake - bragging to someone else.
2) Delete log files. If lazy, delete /var/log. If one has so much time, edit wtmp, utmp, secure, lastlog, maillog, root or operator's mail (usually there are some people who set up their network such that when there's an attack, it directly mails to root/operator)
3) Also, kill the printer, which might be a possible output.
4) Newsgroup is also being monitored
5) Never hack innocent ppl *and* big sites (eg: pentagon)... except pedo & child molesters (eg: dxxxxcher.com, xxxxxx.org, asianxxxxxxxx.com).
And... oh I've found http://xxxxx.com/lolilink.htm, a link to nasty pedo sites. Fucking nasty people post to alt.binaries.pictures.erotica.13-17, alt.binaries.pictures.erotica.early-teens, pre-teens, etc. Outta be destroyed!
I'm planing to make a telnet & pop3 cracker next month, probably. Is there any suggestion on this one? I'd like to make it multithreaded so that it can make as much as .. probably 10-50 connection ... faster cracking. And also, I'm gonna differentiate the current password list with cracklib so that old one doesn't count. Any suggestions ?
Mr. Bean_18
ExecutoR le manifiesta que siga "posteando" y le ofrece ayuda para probar su programa en versión beta.
SUBJECT: RE: PEDOPHILI SITES AGAIN & PRECIOUS LESSONS THAT I'VE LEARNED
From: ExecutoR
Reply-To: the above - remove the dot.
Newsgroups: alt.hackers.malicious
Date: Thu, 20 Apr 2000 21:32:01 -0300
Keep us posted dOOd. Lemme know if you need beta testerz.
ExecutoR
John Starrett enuncia el nombre de una página con pornografía infantil que debe ser atacada.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: John Starrett
Newsgroups: alt.hackers.malicious
Date: Thu, 20 Apr 2000 20:00:55 -0600
This is particularly nast and should be killed post haste.
http://csf.xxxxxxxxxxx.ph/~xxxx/xxxxx/enter.html
John Starrett
Daito, después de verificar la página que señala John Starrett, manifiesta que está de acuerdo.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: Daito
Reply-To: someone who cares
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 04:24:58 GMT
Ohhhhhhhh this sites going down real fucking hard..
Sunnut afirma lo mismo.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: sunnut
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 04:48:42 GMT
Oh jesus, I couldn't agree more!!! Was wondering where you've been hiding out John, but after seeing just the front page of that site, now I know; you've been puking for a month!!
sunnut
John Starret se queja de la desatención del FBI.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: John Starrett
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 08:57:55 -0600
You know what really gets me though? I tried to forward this to the FBI, and after searching through their pages and not finding a single email addy, I called the local field office and was told that they don't have any email address to which I could forward the URL, but I could write a letter! I asked the agent if he could just take it down over the phone and he refused. I then asked if he could recommend a good anti child porn site I could send it to and he said I would have to find it myself. I did, but with no help from these folks who are supposed to be fighting this stuff.
--
John Starrett
Comienza el trabajo. Daito expone los nombres de los responsables de la página en InterNic, así como un inicial escaneo de los puertos que el servidor tiene abiertos.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: Daito
Reply-To: someone who cares
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 04:35:32 GMT
203.xxx.13.0 - 203.xxx.13.255
Manila Bulletin
Online Newspaper Services
Philippines
Mr. xxxxxxx xxxxxxx
Manila xxxxx Bldg., Muralla,
Manila PH
+632 xxxxxx
+632 xxxxxx
Mr. Johnny xxxxx
Manila xxxxx Bldg., Muralla,
Manila
PH
+632 xxxxxx
+632 xxxxxx
+ 203.xxx.13.3
|___ 80 [http/Executor] World Wide Web/Trojan
|___ 113 [auth] Authentication Service
|___ 513 [login] remote login a la telnet;
|___ 514 [shell] cmd
|___ 515 [printer] spooler
Sunnut expone las respuestas del servidor cuando se pretende conectar.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: sunnut
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 05:00:55 GMT
GET / HTTP/1.1
Host: 203.xxx.13.3
Connection: close
Read 795 bytes from host 203.xxx.13.3, path /
HTTP/1.1 200 OK
Date: Fri, 21 Apr 2000 06:07:14 GMT
Server: Apache/1.3.9 (Unix) (Red Hat/Linux)
Last-Modified: Wed, 02 Feb 2000 17:59:10 GMT
ETag: "5fa3-215-3898706e"
Accept-Ranges: bytes
Content-Length: 533
Connection: close
Content-Type: text/html
The Jester propone dos direcciones más con pornografía infantil.
SUBJECT: RE: PEDOPHILI SITES AGAIN
From: The Jester
Reply-To: Jesters Cat.
Newsgroups: alt.hackers.malicious
Date: Fri, 21 Apr 2000 00:30:01 -0500
Here's a couple more to add to the list.
http://www.tinyxxx.com
http://www.tinybxxx.com
Sycho expone su trabajo, un análisis de toda la web.
SUBJECT: ABOUT THOSE SITES THAT JOHN STARRETT POSTED.. (QUITE LONG.)
From: Sycho
Reply-To: Someone else besides me!
Newsgroups: alt.hackers.malicious
Date: Sat, 22 Apr 2000 18:00:19 GMT
FYI, I did some checking on the sites that were posted a couple of days ago in case no one else has done it yet. Here they are, in no particular order.. ;o) More information as it becomes available..
**************************************************************************
Server Apache/1.3.11 (Unix) (Red Hat/Linux)
Found 4 URLs for analysis.
Start URL: http://xxxx.lolita.xxxx/ Local Links Far Links
Possible Break-Ins
http://xxxx.lolita.xxxx/
Total : 1 (for current entry only, analyze every Local Link)
Local Links (recommended for analysis)
http://xxxx.lolita.xxx/edit.html
http://x.lolita.xxx/add.shtml
http://xxx.lolita.xxx/del.html
Far Links
http://www.lolita.xxx
Total URLs: 5 Links: 4 Local Links: 3
**************************************************************************
Server Apache/1.3.12 (Unix) PHP/4.0b4pl1 mod_perl/1.21_03
Found 4 URLs for analysis.
Start URL: http://www.xxxx-lolitasxx.xxx/ Local Links Far Links
Possible Break-Ins
Total : 0 (for current entry only, analyze every Local Link)
Local Links (recommended for analysis)
http://www.xxxx-lolitas.com/join.html
http://www.xxxx-lolitas.com/members.html
http://www.xxxx-lolitas.com/tour.html
http://www.xxxx-lolitas.com/rules.html
Far Links
http://www.lolitaxxxx.com
http://the.sexxxxx.com/e/183166
http://xxx.xxxx.com/rd
Total URLs: 23 Links: 7 Local Links: 4
**************************************************************************
http://www.xxxxdomfh.com/members/lehin/
Server Apache/1.3.9 (Unix)
http://www.xxxxdomfh.com/members/lehin/ : 401 Authorization Required
Same results when I tried the above URL without "/members/lehin/"
**************************************************************************
Server Apache/1.3.9 (Unix)
Found 2 URLs for analysis.
Start URL: http://www.xxxx-virgins.com/ Local Links Far Links
Possible Break-Ins
Total : 0 (for current entry only, analyze every Local Link)
Total URLs: 2 Links: 2 Local Links: 2
Local Links (recommended for analysis)
http://www.xxxx-virgins.com/main.html
http://www.xxxx-virgins.com/indexx.html
**************************************************************************
Server Apache/1.3.6 (Unix)
Found 2 URLs for analysis.
Start URL: http://www.xxxx-lolita.com/ Local Links Far Links
Possible Break-Ins
Total : 0 (for current entry only, analyze every Local Link)
Far Links (Top 10)
http://xxx.xxxxx.com/rd
http://xxx.sexxxxx.com/e/143735
http://www.xxxx-virgins.com/cgi-bin/ad.cgi
http://www.xxxx -industry.com/potop/
http://www.sex-xxxx.com/cgi-bin/potop.cgi
http://www.xxxxsex.com/cgi-bin/ads.cgi
http://www.sex-xxxx.com/cgi-bin/acc_management.cgi
http://www.sex-xxxx.com
http://www.exxxx-sex.com
http://www.sex-xxxx.com
Total URLs: 34 Links: 19 Local Links: 0
**************************************************************************
http://www.xxxlolita.com/index.html
Socket : Interrupted system call
Same results when I tried the above URL without "/index.html"
**************************************************************************
Server Apache/1.3.6 (Unix)
Found 3 URLs for analysis.
Start URL: http://www.sex-xxxx.com/ Local Links Far Links
Possible Break-Ins
Total : 0 (for current entry only, analyze every Local Link)
Local Links (recommended for analysis)
http://www.sex-xxxxx.com/cgi-bin/potop.cgi
http://www.sex-xxxx.com/cgi-bin/acc_management.cgi
????..
????..
**************************************************************************
With that in mind, I figured I may as well get the IP addies on the sites I analyzed. *eg*
Hostname: innocent.xxxx.xxx
IP Address: xxx.xxx.37.217
Results of 7Th Sphere Port Scan:
Connects on ports; 21, 23, 25, 80, and 110. Scan halted on port 1070
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hostname: xxxxxlolitas.com
IP Address: xxx.xxx.37.182
Mr. Jack xxxx (template xxx-xxxx946)
Leninsky pr., xx
Moscow, RU 126xxx RU
Domain Name: xxxxxlolitas.com
Status: production
Admin Contact, Technical Contact, Zone Contact:
Jack xxxx (xxxx-xxxx946) xxxxxxx@usa.net
+7 095 xxxxxx (FAX) +7 095 xxxxx
CORE Registrar: CORE-11
Record created: 2000-02-05 21:54:51 MET by CORE-11
Domain servers in listed order:
?.
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 22, 23,25, 53, and 80. Scan halted on port 1031.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 23, 25, 79, 80, 110, and 111. Scan halted on port 1056.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 23, 25, 53, 80, and 110. Scan halted on port 1025.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 22, 25, 113, and 514. Scan halted on port 1108.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 22, 23, 25, 53, 80, and 110. Scan halted on port 1216.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of 7Th Sphere Port Scan;
Connects on ports; 21, 22, 23, 25, 80, and 113. Scan halted on port 1355.
----------------
