Rediff Logo Infotech IBM Banner Find/Feedback/Site Index
June 9, 1998


HCL Infosystems

                    The Eye of the Needle Q: How did BARC hackers download

Priya Ganapati in Bombay

Email this story to a friend. The terribly slow Education and Research Network could not have allowed hackers to download "thousands of pages of email and research" from the Bhabha Atomic Research Centre server that they cracked into for a mere 13 minutes and 52 seconds.

Eye of the Needle
More cellular debt
Exchanges to improve
HCL 'Carnival' all set
Ask any nerd at any government research lab in India, and he would be glad to make copies on a floppy and cycle halfway across the country to deliver the data rather than yawn away in front of his computer hooked to the ERNET.

But every dog has his day. And ERNET, the World Wide Web's underdog, proved itself helpful, just for once.

Its sluggish pipes slowed down the teenage cyberpunks owing allegiance to the Milw0rm group and prevented them from doing much damage when they made an anti-Indian nukes protest by targeting BARC computers.

Of the several claims and denials that have been flying between the Milw0rm cowboys and the BARC eggheads since last Thursday's break-in, the "thousands of pages" claim proves what journalists have suspected for long: That much of the hacking cyberlore is mere bravado.

National Centre for Software Technology's Associate Director S P Mudur confirmed with Rediff that it would be extremely difficult to download thousands of pages of data, let alone upload a homepage and images to go with it in about 14 minutes.

He's got figures: "Though ERNET speeds vary from time to time, on an average, in Bombay, I would put it around 8 to 10 KBPS. The maximum it could go up to is about 28 KBPS but not any higher than that," he is emphatic.

Now, the Milw0rm hackers claim to have downloaded 5 MB of emails. And that contradicts their claim of having thousands and thousands of pages.

"Assuming 500 words per page, 6 characters in a word, would make 3,000 characters in a page. If you consider 5 MB of data, then it would work out to approximately 1,500 pages," Mudur points out.

That brings us to another claim from the hacker underworld. 'Savec0re', a hacker handle from Milw0rm, posted in an IRC session with AntiOnline, a hacker ezine, that "We gained total control over six of the eight servers on the domain".

"That is totally incorrect," shoots back H K Kaura, head of BARC's computer department. He clarifies that, "It was just a network of seven to eight computers that addressed translation and ran a proxy server. There was no database on them."

But three handles claiming to represent three separate individuals from Milw0rm, claimed in the same IRC session that they had actually erased all data on two BARC servers. "We disabled two of the eight servers as retaliation to the (nuclear) tests," posted savec0re.

Kaura explains that there are no two servers to begin with and claims that no files were deleted. "They did not destroy any data. They didn't do any harm," he is emphatic. Though, he admits that Milw0rm did copy email files.

The group is said to possess emails that allegedly talk of specific isotopes, reactions and energy results from the nuclear tests.

When Rediff asked Kaura to comment on this, he could only say, "We are dead sure that there is no important data in the emails."

David Albright, director of the Institute for Security and International Studies, who analysed some of the emails, supports this. He says that the emails showed evidence of civilian, rather than military nuclear research.

Anil Kakodkar, director, BARC, also disproved claims made by the hackers that they have broken into secret stores containing classified research.

He said the computers used for emails and home pages were isolated from all other computers used at BARC and hence there was no way they could tap into classified data.

Kaura seconds this. "Our computers containing the important data are totally isolated. They cannot be dialled into by any outsider," he assures.

He told Rediff of BARC's game plan now: "We'll have to work to make the system more secure. We will be writing new software soon. Whatever software you buy from outside is not foolproof. At least the manufacturing company will know how to crack it. So, we will be developing some software ourselves. Now that we know email utilities can also create problems we will have to prevent access to that too."

Kaura feels the break-in is being hyped up. Referring to the flurry of media reports deriding BARC's security, he charges "All this is being artificially created by some people."

He told Rediff that a UNIX operating system runs on the old server, but declined to reveal the OS version number.

Significantly, the BARC Web site is not responding. P S Dekene, computer service in-charge at BARC, can only say that the home page is not available because the server is down.

However, Kaura confirms that the server with the domain name has been disconnected till all loopholes are found and rectified.

"The server is not up yet. We are trying to find some methods of making the system more secure," he explained.

The hackers, however, have mocked the security measures at BARC and boasted about their gaining access to India's top nuclear establishment.

Reproduced below is part of the IRC session with AntiOnline

Keystroke (one of the hacker handles) - it's security was uhm

Keystroke - lacking

Keystroke - severely lacking


Keystroke - it's ironic that India has weapons capable of destroying the world

Keystroke - but they can't secure a little Web server which is connected to their networks.

JF (another hacker handle) - We have information on their weapons, their test projectories, everything and we are doing this from all over the world, they are not secure, this shouldn't be happening

JF - all we want is for this place to be secure, if they secured it I would be happy

Kaura denies there have been any lapses on their part. "We knew that email facilities can easily be broken into so we keep all our sensitive information isolated.

"Every server on email has similar problems. If you know that the door is weak you will not put any weight on it. Everywhere email is known to create such kinds of difficulties. We are prepared for such eventualities. Come to see, a virus would have been more damaging than this incident," he assures.

Kaura vehemently denies charges that any major damage was done. "There was absolutely no sensitive information in the emails. In fact, there was not even a terminal connected to that server. The hackers copied some user email files. All the other computers were isolated," he said.

He also pooh-poohed claims made by the group that they would sell the data they possess.

"Once you come into the network, a layman looking at our papers may come across some scientific equations. He may think that he can sell it but it is actually meaningless," says Kaura.

One of the hackers with the handle JF has claimed that Milw0rm has large samples of data that could be a threat to India's security.

Kaura finds these claims ridiculous. "Everybody knows that the Internet is not secure. Knowing that anybody can access it there is no chance that we would put sensitive information on the Internet," he said.

Computer experts say it is not easy to have a network that cannot be penetrated. A pragmatic stance would be to have more safeguards built into the system. Kaura agrees.

"Whatever you do, there is always some possibility of someone hacking in. The only thing you can do is to put higher levels of security," he says.

Tell us what you think of this story