Elektronic Tribulation Army

Wired recently reported raids on three alleged ETA (ETA, geddit?) members. Gives an insight into what some hackers are like.

First of all, an ETA member pleaded guilty in May to computer-tampering charges for putting malware on a dozen machines at the Texas hospital where he worked as a security guard. He also installed the remote-access program LogMeIn on the hospital’s Windows-controlled HVAC system.

This was followed by harassment of Wesley McGrew, a computer-security researcher who discovered screenshots of the HVAC access online and informed the FBI. McGrew said: “They set up website in my name to pose as me, and put up embarrassing content or things they thought would embarrass me, including a call-to-action to buy sex toys, and fake pornographic images… They harvested e-mail addresses from the university I work at and e-mailed it out to those.” He also suffered DDoS attacks to his website, and threatening e-mails, phone calls and IMs, according to the FBI. The harassment was “affecting a potential witness in an official proceeding,” the affidavit reads, and thus may violate federal law against witness intimidation.

McGrews blog is scathing about one of the exploits prodiced by ETA. Apparently it runs from a small botnet they operate. It is written in PHP (?) which has been obfuscated using FOPO, a legitimate PHP obfuscator which mostly uses base64 conversion. McGrew had no trouble breaking the obfuscation layer. The programme appears just to deface the screens of infected machines. (As McGrew says, “Real smart, defacing your own botnet…”). There are 26 comments so far on his blog posting, remarkable for the level of bad language, anger, sarcasm and personal abuse. Seems someone cares about this.

According to Wired, the original hacker, McGraw (not to be confused with McGrew), aka GhostExodus, “… was a colorful figure who once shot a YouTube video of himself staging an “infiltration” mission at an office building, in which he’s seen skulking through the halls and installing RxBot on a desktop computer. According to court records, ETA was building a modest botnet to attack a rival hacker gang. In another video he displays his personal collection of infiltration gear, including lock picks, a cellphone jammer and fake FBI credentials. Both videos turned out to be shot at the Northern Central Medical Plaza in Dallas, where he worked as a night security guard and had free run of the building.” The YouTube video was removed but you can still see this one in which he wears a mask of his own design. According to a CBS news video, he is 25 years old, worked as a contract security guard, and his wife says that he was on medication for mental health problems and had not been taking it for some weeks. He was apparently trying to access patient records, but only succeeded in accessing the hospital HVAC system.

The ETA has a myspace page, containing such gens as We are Not User Friendly and images of members wearing masks. Their interests are given as “Smuggling data, high tech espianauge, not spelling words right.”

It does seem that hackers vary from the very sophisticated (see previous posting on Stuxnet) to the very simplistic. Writing (or disassembling and detecting) these hacks is time-consuming and detailed, and it is obviously not beyond the reach of the sort of people who work as contract security guards. But you do need a certain sort of mind to do it: attention to detail, very low-level knowledge of systems and protocols, and time on your hands. There seem to be a growing number of books about it too (eg this one).

The conclusion seems to be that almost anyone can do it to some degree, though because it is a tedious process you need a lot of motivation. Relatively few people can do it well, but that still adds up!

Leave a Reply

Your email address will not be published. Required fields are marked *