More emerges about Brazilian hacking hacker

INQ unravels the truth

By Paulo Rebêlo in Brazil
The Inquirer, Friday 21 May 2004, 15:12

A SUPPOSED group of international hackers declares digital war against the United States directly from their headquarters in Russia. They call themselves Hackers Against America (HAA) and their purposes are based on stealing classified documents and launching mass virus attacks against government servers. They claimed to have active members from China, Hong Kong, Brazil and Russia and were already planning a massive attack for the next days.
Sounds appealing, mate?

In a suspicious [perhaps ingenious?] move, it seems that someone in Brazil started to spread too much news among the Brazilian press. In a couple of days, tons of websites and newspapers around the country published stories about HAA and their newer plans of aiding terrorists groups around the world, attacking the New York Times computers and helping Osama bin Laden’s Al Qaeda.

Just when you thought that genuine hackers don’t like publicity, huh?

That’s exactly what moved Brazilian Security Expert, Marcos Flávio Assunção, to deface HAA’s website on May 19 and to write only a short message: ‘this site has been taken down in spite of bad use of the term ‘hacker’ and for spreading ridiculous and nonsense ideas’.

In a phone interview with The Inquirer, Assunção was quite straightforward: “When I noticed them for the first time, their cause seemed a bit interesting… but suddenly they want to help Al Qaeda and terrorists groups that kill innocent people? C’mon.”

HAA’s announcement against The New York Times also proved to be a silly move. Assunção, aged only 23, is a well-known security expert worldwide who last year played a significant role in a Times story about Brazilian Hackers.

Assunção is also the one behind two anti-intrusion tools: Defnet Honeypot and Defnet Guard. After an e-mail thread with one of HAA members, he used the Honeypot tool to hack into the member computer and get their FTP login and password.

“COUNTER-TERRORISTS WIN” – Before the defacement of HAA’s website, Brazilian newspaper O Estado de São Paulo got an interview with a supposedly HAA member who had the guts to say that one of its newest associates was a soldier from the U.S. Army, born in Russia and somehow connected to Al Qaeda.

In a Hollywood-like comment, this new member of HAA says that during the 70’s his father helped CIA agents with secret documents from the KGB. Later, CIA agents murdered his grandfather, a KGB official. Afraid of revenge, father and son migrated to the United States.

He continues saying that he became an American citizen to avenge his grandfather death. In order to do that, he constantly sends classified documents to ‘several terrorists groups’. As an evidence of his will to join HAA, he says that some of these classified documents would be published in a ‘suitable time’.

Just when you though that you were watching too much TV.

The Action
In order to take down HAA’s website, Assunção used his own honey pot tool. After a small talk by e-mail with one HAA member, he looked up the DNS and found out that the ‘hacker’ was using an insecure system.

For those curious about it: a non-firewalled Windows XP using a Bind version for Cygwin (a Linux emulator for Windows). Just when you were about to make fun.

Using the honey pot, the HAA member was misled to believe he was connecting to HAA’s FTP server in Russia but, truly, he was connecting to Assunção’s computer. After gathering the login and password, ‘the difficult part was only the translation of some words… I don’t speak Russian, you know’, says Assunção.

* Paulo Rebêlo is a journalist in Brazil – [email protected]