Hacker chatroom secrets exposed

The hackers accused of secretly planting a Trojan horse on the computer of Aaron Caffrey, the UK teenager acquitted of bringing down the systems of one of the largest ports in the US, have spoken exclusively to silicon.com about the dangerous script kiddie chatroom wars that are putting unwitting businesses at risk.

The two hackers – who go under the tags dryice and frixion - were both named by Caffrey during his defence at Southwark Crown Court in London earlier this month. They were put up as the possible perpetrators who could have hijacked his PC using a Trojan horse to launch a denial of service (DoS) attack on another chatroom user, which resulted in the Port of Houston's computer systems crashing.

Despite the prosecution expert witness testimony that there was no evidence of the hijack and that it would be impossible not to leave any evidence, Caffrey's defence, which the jury accepted, was that the Trojan horse could have contained a wiping tool to erase any tell-tale traces of its existence.

During his testimony, Caffrey told the court that he thought dryice and frixion were "up themselves" and that he had visited one of their chatrooms on a dot-tv domain set up with stolen credit cards where they had demonstrated their expertise with Trojan horses, Zombies and denial of service tools.

dryice and frixion contacted silicon.com to put forward their side of the story and to warn how many businesses computer systems are inadvertently being hit as inexperienced script kiddies use them as hosts to fight denial of service battles with each other.

silicon.com first asked frixion about the claims against their chatroom and their sharing and demonstration of hacking and denial of service tools.

"We, and many other people, used to use a chatroom with a domain name that was purchased using stolen credit card details. However, the domain was not purchased by us, nor did we obtain the credit card details, this was all done way back in early 2000 by an individual we will not name, who very kindly pointed the sub domain irc.nerd.tv at our servers. At the time when we used this we had no knowledge of how the dot-tv domain was purchased, we only found out later," he wrote in an email.

frixion said both he and dryice made hacking tools for their own use but that they were not for release to the general public and that they did not make denial of service tools – but he admitted having used denial of service tools already out there.

"Back in the mid-nineties, when we were just kids with a brand new 33.6k modems, there was an element of fun to loading up your out-of-band nuker, and watching someone disconnect, but this quickly becomes boring, and you move on," he said.

One of the pictures that emerged during the evidence presented in the trial was that of the intense rivalry between hackers using these chatrooms, which often resulted in people launching denial of service attacks to try and knock each other offline and gain kudos among their peers.

dryice said: "Some set up huge networks of 'zombie' bots, which would at their command launch a co-ordinated attack at a single focal point using the bandwidth of all of their host machines combined."

These kinds of attacks are unrelated to organised cybercrime gangs, which hold whole corporations to ransom and operate much more secretly than these script kiddies, he said.

But frixion said damage is being done to businesses that are unwittingly caught in the middle of the antics of these script kiddies. The hackers will scan for vulnerable IP addresses - many of which will be those of businesses - download exploits available from any number of underground websites and use the insecure machines to launch a denial of service attack on a rival.

The victim of the denial of service attack – who is likely to be another chatroom user – will then use different vulnerable IP addresses – which could be another unsuspecting business - as hosts to launch an attack back on the hijacked IP addresses that are trying to knock him or her offline.

"So in a very short space of time, multiple businesses can become involved in attacking each other. Most of them are probably used inadvertently," said frixion. "Many businesses probably think 'No one will target us' but what they don’t realise is that these people are not targeting specific organisations or individuals, they’re just incrementing a number, testing machine after machine to get whatever they can."

Read part two of our interview next week as dryice and frixion expose more of the shady world of the hacker underground and reveal the latest techniques and tools and the most common security vulnerabilities malicious hackers are using to target businesses.

What do you make of dryice and frixion – are they talking sense or is it just scaremongering and hacker bravado? Tell us in the Reader Comments box below.