Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Security
Linux rootkit hacker suspect arrested in UK
By JT Smith
on
September 19, 2002 (8:00:00 AM)
Share
Print
Comments
-
By John Leyden of The Register -
A 21-year old from Surbiton, Surrey, has been arrested on suspicion of writing and distributing the T0rn rootkit, which dumbs down the process of hacking Linux servers.
A 21-year old from Surbiton, Surrey, has been arrested on suspicion of writing and distributing the T0rn rootkit, which dumbs down the process of hacking Linux servers.
Officers from Scotland Yard's Computer Crime Unit arrested the man for alleged offences under Computer Misuse Act 1990 earlier this week, as part of a joint FBI/Scotland Yard investigation into the creation of the T0rn rootkit. A search warrant was served and computer equipment seized from his house.
Today the man was released on police bail until October, pending further inquiries.
The T0rn rootkit has been a hazard for system admins since its creation two years ago, most particularly when the rootkit was bundled as the backdoor component of the Lion worm, released in the middle of last year.
Lion, which attacked vulnerable Linux BIND (DNS) servers, was a particularly nasty little package. It left infected victims with no choice but to re-format their entire systems and rebuild from scratch.
TOrn is explained in greater detail here at Sans.org.
Today the man was released on police bail until October, pending further inquiries.
The T0rn rootkit has been a hazard for system admins since its creation two years ago, most particularly when the rootkit was bundled as the backdoor component of the Lion worm, released in the middle of last year.
Lion, which attacked vulnerable Linux BIND (DNS) servers, was a particularly nasty little package. It left infected victims with no choice but to re-format their entire systems and rebuild from scratch.
TOrn is explained in greater detail here at Sans.org.
All Content copyright 2002 The Register
Comments
on Linux rootkit hacker suspect arrested in UKNote: Comments are owned by the poster. We are not responsible for their content.
If he created this, and gave it out with stated intent to hurt people - then I have no problem with him going to jail. A programmer wanted to build and write unsafe code, and then say "don't use it", or perhaps break it slightly so he knows it works, but you'd have to be smart to get it to do bad things...
But if it's written, and distributed with intent to harm...I don't know. I'd say the evil's in the distribution though. Perhaps he did even use it himself, then it's an open&shut case.
But if it's written, and distributed with intent to harm...I don't know. I'd say the evil's in the distribution though. Perhaps he did even use it himself, then it's an open&shut case.
I agree. It isn't against the law to manufacture firearms. In many cases owning a firearm is also legal.
However this is a Canadian perspective, and from what I understand firearms are not legal in the UK. This however, is not a firearm!
However this is a Canadian perspective, and from what I understand firearms are not legal in the UK. This however, is not a firearm!
This isn't a good comparison as a firearm isn't dispensed in the public with the intention of attacking, but defending. IMHO, this program sounds as if its used mainly as an attack. Personally, I don't see an issue with him releasing such a program for educational purposes provided that if he did find such a security flaw, that he reported the flaw to the party, being in this situation, the people who maintain BIND. Once they have been given a chance to fix the problem (if possible), then the release of the program is totally acceptable as a "proof of concept" to demonstrate the flaw.
'm no fan of rootkits, but unless they can prove this guy directly attacked a system I don't think he should be charged with anything.
There is a difference between writing software and targeting it against a victim in a malicious manner. I really don't want to see anyone going to jail just for the act of writing and compiling some code. You should need to take some action before you can be charged.
If he wrote it and only kept it on his computer - nobody would know it ever existed to begin with and this would be a non-issue. He can't be prosecuted for something nobody but him knows about. If he installed it on another computer without the specific permission of the owner of the computer he should be prosecuted for a number of reasons. One - he intruded into a computer system he shouldn't have. Installed software he didn't have permission to install - which further compromised the integrity of the system.
Assuming he is the author, he had to do this at *least* once or nobody would ever know the program existed - and as such he should be prosecuted and the consequences, IMO, should be quite high.
Your reasoning is somewhat dubious, there are several ways that something, perhaps written as an academic execise, to prove a point, could get out into the field and be put to malicious use without its author being in any way criminally (or morally IMO) liable.
he could have just submitted it into several bbs systems and wanabee haxor sites.. and he could have tested & developed it on his own boxes.
one doesn't NEED to hack into other people's sites to release hacking tools (vulnerability testing program suite)..
one doesn't NEED to hack into other people's sites to release hacking tools (vulnerability testing program suite)..
Time will tell how it was used - but I don't believe anybody would've been concerned with his efforts if he handn't used that been where he shouldn't have.
Just as one doesnt' need to break into a zoo to release tigers. It is perfectly possible to buy and release your own.
Downtown<nobr> <wbr></nobr>... at lunch time for the workers, feeding time for the tiger.
As if the UK does not have enough REAL crime, no they have to go after computer programmers for merely writing or discussing politically incorrect code (or mathematics). You would think the UK police would have better things to do with their time and resources.
Of course, pissing away resources going after political "crimes" may be the "root" cause of their violent real crimes.
Of course, pissing away resources going after political "crimes" may be the "root" cause of their violent real crimes.
What do you refer to as REAL crime?
Writing code that harm other people's computer and publishing it in that intent, is a crime.
Just because it concerns data this does not mean it is not a real crime.
Writing code that harm other people's computer and publishing it in that intent, is a crime.
Just because it concerns data this does not mean it is not a real crime.
real crime eh?
So using a computer cant be judged as a crime?
peadophiles use computers to display and encourage their filth.
The point is anyone who writes, is in reciept of, or distributes software for the purpose of attacking other computers, other peoples data is a crime. And it isnt educational which is just a perfetic excuse, "i shot his legs off and stole all his money your honour, for the purpose of education! can i have a rebate on this trial pls".
So using a computer cant be judged as a crime?
peadophiles use computers to display and encourage their filth.
The point is anyone who writes, is in reciept of, or distributes software for the purpose of attacking other computers, other peoples data is a crime. And it isnt educational which is just a perfetic excuse, "i shot his legs off and stole all his money your honour, for the purpose of education! can i have a rebate on this trial pls".
Well...
If he likes to research security and LKM trojans, he should publish the research and he could also write a LKM that could try to detect and block such atempts... He could contribute to the field as a respectable researcher.
It's hard to think that such nasty piece of code as free speech.
Code is nothing something pure teoretical, it is a functional part of a programable machine. Code makes a general purpose machine (computer) to act some desired way, turning it, for the time the program run, into a specific purpose machine. I think this code can be considered a kind of virtual part of the machine, and I do not think every machine should be build.
IMHO, to write about LKM trojans is free speach, even to write a proof of concept; but to actually glue all pieces into a instalable/distributable and unlimited form is away too far...
If he likes to research security and LKM trojans, he should publish the research and he could also write a LKM that could try to detect and block such atempts... He could contribute to the field as a respectable researcher.
It's hard to think that such nasty piece of code as free speech.
Code is nothing something pure teoretical, it is a functional part of a programable machine. Code makes a general purpose machine (computer) to act some desired way, turning it, for the time the program run, into a specific purpose machine. I think this code can be considered a kind of virtual part of the machine, and I do not think every machine should be build.
IMHO, to write about LKM trojans is free speach, even to write a proof of concept; but to actually glue all pieces into a instalable/distributable and unlimited form is away too far...
I say, fry this f--ker.
And whilst we're at it who says this guy isn't being charged with unlawful entry into computer systems?
Frankly, I wonder seriously about the motivation of individuals who develop this kind of thing.
If real terrorists use this software to massively attack the US or their interests would you want to defend him?
Frankly, I wonder seriously about the motivation of individuals who develop this kind of thing.
If real terrorists use this software to massively attack the US or their interests would you want to defend him?
Yes
If the US used this to attack irak would that be ok ? Would he be a hero in your eyes then ?
Terrorists, terrorists. You people need to drop that crap. I'm very sick of hearing about how our rights should be taken away by morons fearing the worst.
Of course we're all assuming we know *why* this individual created this software, aren't we?
I am not saying we should make the development of cracking software illegal. I am saying it is harder to forgive someone for creating something that is essentially for wrong-doing if it is used for wrong-doing.
Maybe I'm getting tired in my old age, but this liberal 'he didn't harm anyone', 'it's not the gun that kills people' argument is just a way of relinquishing personal responsibility.
If he committed a crime, send him to prison. If he didn't don't. I am arguing that the act of development & distribution is a moral crime and find it hard to defend morally.
I am not saying we should make the development of cracking software illegal. I am saying it is harder to forgive someone for creating something that is essentially for wrong-doing if it is used for wrong-doing.
Maybe I'm getting tired in my old age, but this liberal 'he didn't harm anyone', 'it's not the gun that kills people' argument is just a way of relinquishing personal responsibility.
If he committed a crime, send him to prison. If he didn't don't. I am arguing that the act of development & distribution is a moral crime and find it hard to defend morally.
Question : This can't be considered as a "Flaw-demonstration" like we found in somes security web sites ?
The first thing I asked myself: Where can I get this software so I can test my own system's vulnerability? I would hate to be vulnerable to something like this.
Unless he has attacked someone else's system, and as long as he is publishing his results to the community, he should be hailed as another "hacker" not "cracker". He is doing a lot more good than harm by exposing the weaknesses in our software.
If he isn't openly publishing it, or if he is using it to do things he shouldn't be doing, he's a cracker, and I won't mind seeing him in jail for a while.
Unless he has attacked someone else's system, and as long as he is publishing his results to the community, he should be hailed as another "hacker" not "cracker". He is doing a lot more good than harm by exposing the weaknesses in our software.
If he isn't openly publishing it, or if he is using it to do things he shouldn't be doing, he's a cracker, and I won't mind seeing him in jail for a while.
I totally agree. Of course, some of us have prejudged his actions and motivations...
The real question is "Should he be arrested for pointing out our software flaws and his code's ability to show them up?"
The NRA in the US have a saying that guns don't kill ppl, ppl kill ppl. Doesnt the same rule apply here? and when do you actually draw the line ?? and who has the right to say when the line should be drawn because it suits their purposes (referring to governements).
At some point the guy that built the tool has to suffer just like the guy that used it. If it applies here it must apply to the gun and the bullet. The same goes for the guy that built the bomb and the guy that set it off.
But where do we draw the line?
A friend of mine onec saw me port scanning my system as a security check and said who wrote that software should be in jail. I told him it serves a valid purpose. So was he right? SHould the authors of nmap be arrested as well. What about ping floods ???
Fact is the tool is never dangerous, but it has potential to cause danger just as much as it can do good. But do we want our minds and our ideas regulated ?? This is a sign of human innovation.<nobr> <wbr></nobr>... it may well be doubted whether human ingenuity can construct an enigma of the kind which human ingenuity may not, by proper application, resolve. -- Edgar Allan Poe, The Gold-Bug [William Legrand]
The NRA in the US have a saying that guns don't kill ppl, ppl kill ppl. Doesnt the same rule apply here? and when do you actually draw the line ?? and who has the right to say when the line should be drawn because it suits their purposes (referring to governements).
At some point the guy that built the tool has to suffer just like the guy that used it. If it applies here it must apply to the gun and the bullet. The same goes for the guy that built the bomb and the guy that set it off.
But where do we draw the line?
A friend of mine onec saw me port scanning my system as a security check and said who wrote that software should be in jail. I told him it serves a valid purpose. So was he right? SHould the authors of nmap be arrested as well. What about ping floods ???
Fact is the tool is never dangerous, but it has potential to cause danger just as much as it can do good. But do we want our minds and our ideas regulated ?? This is a sign of human innovation.<nobr> <wbr></nobr>... it may well be doubted whether human ingenuity can construct an enigma of the kind which human ingenuity may not, by proper application, resolve. -- Edgar Allan Poe, The Gold-Bug [William Legrand]
If I create a weapon and then make it easily available for children to use, I think I'm just as guilty as if I used the weapon myself.
Torn was created precisely for the purpose of compromising systems. I don't see any glimmer of "white hatness" here.
Torn was created precisely for the purpose of compromising systems. I don't see any glimmer of "white hatness" here.
If a bank leaves $1000 on a windowsill and a kid on a bike rides by and nabs it who is really to blame?
Similarly if anyone puts Linux-the-pseudo-UNIX on a computer and a kid writes rootkit then who is to blame?
Similarly if anyone puts Linux-the-pseudo-UNIX on a computer and a kid writes rootkit then who is to blame?
The kid on the bicycle is in the wrong. That wasn't his money and he knew it.
The kid who wrote the rootkit is also in the wrong. The computers that were attacked weren't his and he knew it.
Within legal limitations, I have the right to run whatever software I wish on my own computer. He has the same rights on his own computer. I have no rights on his computer, he has no rights on mine.
And we both know it.
It's an old legal principle commonly referred to as "property rights". Interestingly enough, the kid is a British citizen and Britain is the modern source of the common law principles he violated.
Even though he didn't target my computer specifically, what he did was analogous to letting a tiger out of a cage. Since he knows the tiger (rootkit) is dangerous, he is responsible for its attacks.
Who is really to blame? Those who, not grasping even the simpler principles of humanitarian ethics, religious morality or civil law - all of which forbid such behavior - would excuse such behavior with lame analogies.
The kid who wrote the rootkit is also in the wrong. The computers that were attacked weren't his and he knew it.
Within legal limitations, I have the right to run whatever software I wish on my own computer. He has the same rights on his own computer. I have no rights on his computer, he has no rights on mine.
And we both know it.
It's an old legal principle commonly referred to as "property rights". Interestingly enough, the kid is a British citizen and Britain is the modern source of the common law principles he violated.
Even though he didn't target my computer specifically, what he did was analogous to letting a tiger out of a cage. Since he knows the tiger (rootkit) is dangerous, he is responsible for its attacks.
Who is really to blame? Those who, not grasping even the simpler principles of humanitarian ethics, religious morality or civil law - all of which forbid such behavior - would excuse such behavior with lame analogies.
I hate seeing garbage like this. This whole mentality of "he knows more than us and could possibly someday maybe use it for malicous purposes" is just so much BS. How about working with the people like this to *gasp* learn something! Otherwise you'll have to go arrest some of the programmer dorks at Microsoft for "making PCs easier to manage" aka, putting in easier backdoors for hackers to use.
Is this really a good thing?
Posted by: Anonymous Coward on September 20, 2002 05:53 AMThere is a difference between writing software and targeting it against a victim in a malicious manner. I really don't want to see anyone going to jail just for the act of writing and compiling some code. You should need to take some action before you can be charged.
#