Infractiuni in Internet
Iata mai jos cateva comentarii si dezbateri pe marginea 'cazului
Metal'. Pe langa observatiile mele, am extras si discutiile mai relevante
de pe o lista 'roprob@WU.net', creata de CERT si de cei afectati si
pagubiti de Calin Mateias (mi-e si greu sa-i scriu numele, de indignare,
de asta prefer MC).
Este acelasi individ, pare-se, care in vara-toamna a distrus mai
multe servere din tara de la PUB si altii. La ROSE'96 la masa rotunda din
ultima zi a fost o lunga discutie legata de aceste fraude - delicvente cred
ca e mai corect - mai multe firme recunoscand (in cerc restrans) ca au fost
afectate.
Din pacate recunoastem ca nu avem o lege pentru asa ceva si gata.
Atunci la ROSE era si teama de a nu-i face publicitate, de a nu-l face 'erou'.
Acum a fost deja facut, pe plan international. Merita, cred, citite relatarile,
chiar daca nu aveti parte de comentariile de la TV-urile de la noi. Se pare
ca a fost 'mediatizat' si prin presa occidentala, totusi.
Unii isi manifesta acum grija pentru 'copilul genial', altii, precum
cel caruia i-am raspuns in copia inserata, transmit apeluri privind dorinta
de a-l gasi si angaja la o noua firma ISP.
Cineva (adis@expres.ro), relatand despre mai vechile 'aventuri' ale
lui MC incerca sa explice si cum este posibil accesul, datorita unor masini
vechi si neprotejate, si a inserat si apelul lui Iosif Szavuj, dorinta sa
de a-l gasi pe MC - traducand-o si in engleza, pentru ca, asa cum spuneam,
discutiile pe lista roprob se poarta in engleza. Roprob, cine o fi botezat
asa lista s-a gandit la 'problemele cu Romania', sau la 'Oprobiul public', pe
care infractori ca MC si cei care ii transforma in eroi geniali, il provoaca
tarii.
Iata deci discutia cu I.Szavuj (cel cu dorinta de a-l angaja pe MC), si apoi
discutiile in engleza de pe lista roprob@EU.net
Josif Szavuj wrote:
> Date: Tue, 21 Jan 1997 08:24:17 +0200
> From: Szavuj Iosif
> Organization: IODES TRADING SRL
> To: Mihai Jalobeanu
> Subject: Re: Metal
>
>Mihai Jalobeanu wrote:
>>
>> Angajarea unui delicvent precum MC, chiar daca nu avem inca legile necesare,
>> este nu numai un delict ci si o insulta adusa tuturor acelora pe care MC
>> a reusit sa-i pagubeasca, acelora care lucreaza din greu pentru ca informatiile
>> sa circule. Oferta si apelul pe care-l faceti, alaturi de modul in care
>> televiziunea si unele ziare l-au prezentat pe 'genialul erou' din mahalaua
>> Bucurestiului, se alatura imaginii Romaniei create de Caritas , Evenimentele
>> din Tg. Mures si Mineriade.
>> Cat de greu se obtine simpatia si interesul, dar cat de usor si de perseverent
>> se darama.
>>
>> Chiar si intentia declarata de a-l angaja la o firma pentru servicii Internet
>> mi se pare in aceasta clipa o insulta adusa intregii comunitati de utilizatori
>> ai Net din Romania.
>>
>> PS Mesajul este adresat d-lui Iosif Savuj, ca urmare a intentiei marturisite
>> de a-l angaja pe MC, pentru a-i valorifica talentul de SysAdmin!
> Va multumesc pentru mail-ul de ieri, dar cred cred ca ati dramatizat un
> pic situatia.
> E bine sa nu exageram si sa nu devenim atit de patetici incit sa
> declaram ca intentia de angajare a lui MC este un delict. Bine ca nu
> vreti sa ma si puneti linga Miron Cosma.
> Dupa cum probabil ca ati auzit saptamina viitoare o sa deschid un nou
> ISP in Bucuresti. Pur si simplu ca om de afaceri am considerat ca este o
> oportunitate foarte bune de a atrage atentia asupra acestui lucru (de
> fapt o reclama), angajarea lui MC. Si dumnavoastra ati sarit in sus. De
> fapt asta si vroiam sa obtin, sa stiti de IODES!
>
> P.S. Numele meu este Szavuj, nu Savuj. Sint ungur! (sic!)
>
> Cu mult respect,
> Iosif Szavuj
>
Mai intai scuze pentru gresala de 'dactilografie', pentru 'z'-ul scapat. Poate
ca am fost prea iritat, dar imi mentin afirmatiile. Cu o astfel de declaratie
de intentie, poate ca va faceti reclama pentru ISP-ul planuit, dar nu numai ca
puneti in alerta prezumtivii clienti seriosi (sa puna cat de repede domeniul
d-voastra pe lista de interdictii la acces, nu sa negocieze un acces!), ci,
mai grav, pentru noi toti, contribuiti la agravarea -deteriorarea 'imaginii'
noastre in Internet (Regret folosirea unor cuvinte compromise ).
Alaturi de modul in care infractiunile lui MC sunt prezentate ca performante la
unele emisiuni TV si in diferite ziare, cu astfel de actiuni 'publicitare'
incercam doar sa demonstram comunitatii internationale cat de nepregatiti
suntem pentru accesul la Internet. Si din pacate sunt destui cei care ar
dori sa nu mai comunicam chiar asa 'necontrolat', nu?
Deci Domnule Szavuj, in incheiere si cu speranta ca m-ati inteles,
apreciez raspunsul d-voastra civilizat, dar inca nu pot sa-mi exprim
respectul, pentru ca va plasati singur (inca) alaturi de cei care l-au
chemat si sprijinit pe Miron Cozma, printr-o atitudine similara in opinia
mea fata de infractorul Calin Mateias.
Mihai Jalobeanu
----------------------------------------------
Subject: Re: Break-in at your site.
Sender: owner-roprob@EU.net
On Thu, 16 Jan 1997, glynn stanton wrote:
>
> Dear Sir,
>
> Recently many machines over the internet have been compromised
> by an individual known as Matheus Calin who originates from
> romania.
I have passed your message on to the other admins on our campus.
We were aware a break in had happened, and have been busy repairing
the systems infiltrated, since password sniffers and utilities to
hide their presence was used. We were severly compormised, as they
gained root access on our primary user system, and were able to run
a packet sniffer. As we speak, our friend is again trying to get in,
adn we are in the process of placing a draconian firewall in place to
restrict access to our campus.
>
> This user tends to target IRC Servers and the machines of the operators
> of those services, however, recently reports have been made to the
> roprob@eu.net list about him attacking .mil sites also.
>
It was noted, after the university opened, that numerous accounts had
eggdrop bots (1.0n) installed on them, and activity was going on between
bots that were running on irc servers on the undernet (shadow.net),
(hyper.shadow.net).
Furthermore, many of our local ISPs have been hit in varying degrees
by this person, with the same mo (each has found utilities for exploiting
numerous security holes on their filesystems in hacked accounts).
Systems, for your information, affected were:
digimag.net (no root compromise)
netdoor.com (not details on if root was compormised)
> *** _METAL_ was ~carnahan@whale.st.usm.edu (Scott Baker Carnahan) on channel
> *private*
>
>
> I seriously reccomend you investigate the above account. This
> user has caused a lot of destruction to many many machines.
If you wish to forward on our information to the list, that is ok.
--Tim
Tim.Lawless@usm.edu
1-601-266-4103
>
> I would also suggest you subscribe to the above list by contacting
> bilse@Eu.net where the collective of the sites attacked, the romanian
> ISP's and the Backbone providers as well as the FBI and Cert
> have a presence.
>
>
> Glynn Stanton
> British Telecom.
>
Timothy Lawless added.
On Jan 17, 18:17, Timothy Lawless wrote:
> I am at one of the sites that has been compromised, and am
> writing to request that this address, Tim.Lawless@usm.edu,
> be added to the roprob mailing list.
Tim.Lawless@usm.edu
601-266-4104 (Day)
601-266-6254 (After-Hours)
Hiya, a bit of a problem - it seems that already people are pretending
to be METAL on IRC all over the place.
Note that I heared that METAL's case now also already has been on
the Romanian television. My 'spy' told me, _METAL_ was afraid (more carefull).
Can this be confirmed by people from Romanian ?
Ofcourse faking to be him doesn't hold when you don't speak Romanian, but
this one did, and in exactly the same way Mateias does it seemed.
He also seems to know a lot about hacking (from what he was saying).
311 METAL is ding@rhine.usc.edu (Chihshun)
319 on channels: #romania
312 on irc via server Des-Moines.IA.US.Undernet.Org ([167.142.225.3] netINS IRC Server)
*spy* no..he is talking a lot...in _METAL_ style....
...
*spy* this METAL seems to know a lot about hacking
...
*spy* aaaaaaa......This METAL speak romanian just like _METAL_ he is romanian for sure
~/Mail/archive>finger @rhine.usc.edu
[rhine.usc.edu]
Login Name Tty Idle Login Time Office Office Phone
chengtah Cheng-Ta Hsieh p2 1d Jan 16 16:32 (tigris.usc.edu)
ding Chihshun 1 7d Jan 10 20:45
ding Chihshun p0 3d Jan 10 20:46 (:0.0)
>From this I thought: He isn't Mateias, because he's using X windows...
~/Mail/archive>finger ding@rhine.usc.edu
[rhine.usc.edu]
Login: ding Name: Chihshun
Directory: /maxtor/home/ding Shell: /bin/tcsh
On since Fri Jan 10 20:45 (PST) on tty1 7 days 18 hours idle
On since Fri Jan 10 20:46 (PST) on ttyp0 from :0.0
3 days 5 hours idle
Last login Thu Jan 16 10:18 (PST) on ttyp3 from :0.0
Mail last read Sat Jan 18 13:15 1997 (PST)
No Plan.
A telnet showed linux 1.2.13.
That looks like he rebooted 7 days ago, started X windows 1 minute later,
and is still using that window.
My "spy" asked him directly what his explanation was for this, and he
said he was faking it.
Then I talked to our "METAL" and (tried to) scared the hell out of him,
towards me he was very convincing afraid, even said at one moment:
-> *METAL* You're lucky I don't believe you're the real METAL
*METAL* why ?
*METAL* and if i'm the real what u will make me ?
-> *METAL* I'd shut down your systems, what else.
*METAL* please don't do that
(That doesn't sound like Mateias to me ;) !
I said some more, and then:
*METAL* oh shit...
*METAL* ok i got it
...
However, he did NOT change nick, and continued to continue to pretend
to pretend to be Mateias, talking about SYN flooding on the channel, my
spy told me.
-> *spy* He's still pretending he's metal?
*spy* course
-> *spy* Ok, .. I'll give 'alarm' :/
...
*spy* he explain to us how to do syn floods
...
*spy* he is for sure
*spy* he told all about syn-floods
Maybe, we should inform someone there of a possible break in anyway :/
The spy seemed to be convinced, so we could warn someone.
Please CC the list when you do (I am afraid I do not have more time :( for
this).
Carlo
--
carlo@runaway.xs4all.nl, Run @ IRC.
Hi!
I've been reading all the letters regarding METAL's irc session
last night from rhine.usc.edu....I've been talking on IRC to him a
lot,about such technical problems like SYNflooding and sendmail problems.
I thought that he is just using exploits and programs,but I
realized that he wrote all the programs and exploits he use and he
actually knows a LOT about computers and the TCP/IP protocols.
He explained me ( i was prentending that i don't know) how two
hosts sets up a tcp/ip connection and what is synflooding..I can say that
i think he knows a LOT about computers,and if someone knows so much about
computers at his age it's understandable he's doing such bad things.
So,He is not a genius,but he is either not a fool,I think he is
pretty smart.
Regards,
Magyari Endre
P.S.: By the wave,he also said that if press&media keeps broadcasting his
picture,he'll change the president's picture at www.guv.ro.If he'll
so,He'll be a national hero,that's for sure.:))
balu:~$: make love
make:***No rule to make 'love'.Stop.
Hi!
I've been reading all the letters regarding METAL's irc session
last night from rhine.usc.edu....I've been talking on IRC to him a
lot,about such technical problems like SYNflooding and sendmail problems.
I thought that he is just using exploits and programs,but I
realized that he wrote all the programs and exploits he use and he
actually knows a LOT about computers and the TCP/IP protocols.
He explained me ( i was prentending that i don't know) how two
hosts sets up a tcp/ip connection and what is synflooding..I can say that
i think he knows a LOT about computers,and if someone knows so much about
computers at his age it's understandable he's doing such bad things.
So,He is not a genius,but he is either not a fool,I think he is
pretty smart.
Regards,
Magyari Endre
P.S.: By the wave,he also said that if press&media keeps broadcasting his
picture,he'll change the president's picture at www.guv.ro.If he'll
so,He'll be a national hero,that's for sure.:))
balu:~$: make love
make:***No rule to make 'love'.Stop.
Hi guys, this is ZMEU, the guy on undernet #romania that has been attacked by
_METAL_. I am in New York, and I use a dialup connection to MSN here, and the
fact that I appeared on Undernet with nick _METAL_ was meant to be a joke.
Also bila@*.ix.netcom.com is someone I have met before and know for sure he
was not _METAL_.
I am shocked by the fact that by releasing info to the press and by allowing
the romanian press on this list made _METAL_ a national hero. I have logs
with _METAL_ and specific addresses from where he used his IRCop powers to
kill me , evidence that he blocked my modem through fishnet.net (intended for
the UU.NET in New York), and other addreses where he entered irc along with
other nicks used by him on Undernet, but this list is becoming very insecure,
since he reads the papers and possibly even this.
I have spoken to _METAL_ today , and I have here some fragments that prove
to *me* he is the real Calin Mateias.
these are taken from #romania EFNET (not Undernet) on satuday night
around 10:00 pm local New York time
_METAL_ is ding@rhine.usc.edu * Chihshun
_METAL_ on #romania
_METAL_ using irc.phoenix.net Phoenix Data Net - Houston
End of /WHOIS list.
<||ZMEU||> bai astia nu cred ca esti adevaratul _metal_....mai zi odata de pe
ce server mi-ai blocat modemul ???
<_METAL_> fishnet.net
translation in English (TiE)
ZMEU: hey, these guys don't believe you are the real _METAL_ ...tell me one
more time from which server you attacked my modem???
_METAL_: fishnet.net
this is after I spoke to him about 3 days ago and he told me the same
thing..so I make sure he is teh same person
later in the channel...
<_METAL_> ba
<_METAL_> sunt io vedeta, sau nu !?!?!?!?!?!
TiE
_METAL_: yo!
_METAL_: am I the man, or not ??????
this is about his appearance in the romanian press
<_METAL_> da ba da mi-au promis ca nu imi dau poza in ziara...
<_METAL_> da au fost muisti pina la urma
TiE
_METAL_: yeah, but they promised me they're not gonna show my picture in the
paper...
_METAL_: but they suck
the word "muisti" in romanian characterizes his previous rude language on
undernet
<_METAL_> in fine...
<_METAL_> am zis ca pot conta pe o relatie...da vad ca toti sunt niste
ordinari...nu mai poti sa ai incredere in nimeni
<_METAL_> sunt pe prima pagina primul rind o poza cu mine cum stau la
compuatator !!!
TiE
_METAL_: anyways... <---- he always says that
_METAL_: I thought I can count on somebody...but I see they are all a bunch of
suckers...you can't trust anybody no more
_METAL_: I am on the first page in the paper in a picture of me in front of my
computer
he made the first page of a well known paper in Romania
<_METAL_> 2 mil. pt pro tv ?
<_METAL_> cam vreo 1.000 $ la Antena 1 si TOT nu ma duc
<_METAL_> he he he he
<_METAL_> a mai vazut cineva poza mea ?
TiE
_METAL_: 2 million for PRO TV ?
_METAL_: about $1000 for Antena 1 (this may be a radio station or a tv one, I
don't know since i left romania before this opened)
_METAL_: he he he he (happy and satisfied)
_METAL_: did anybodyelse see my picture?
he looks like he likes the attention
later on the channel, he comes back to his UNBELIEVABLY RUDE language which he
had used MANY times on #romania where he was almost always banned
<_METAL_> sa te fut in cur ba handicapatule
<_METAL_> esti un lamer imputit care mori de ciuda ca nu esti si tu ca mine
<_METAL_> si care improsca cu cacat in stinga si in dreapta
<_METAL_> nu vedeti ba ca a venit pina si aici scirnavia asta de coolio
<_METAL_> muie lu' ma-ta javra dracu
<_METAL_> javra aia ca sa ma duc sa sparg canalul luyi preferat, #gay
TiE (I dunno why I have to translate this :))
_METAL_: you are a dirty lamer, that is jealous he can't be like ME
_METAL_: and that talks Sh** around
_METAL_: can't you see this jacka** came even here? (on EFnet)
_METAL_: tell your mom to suck my d***
_METAL_: this jacka**, I'm gonna break his favorite channel, #gay
I would have more to show, but this press thing makes me back away...e-mail me
at dragon66@msn.com.
Also I am going skiing for a week now, so whoever needs the info I have will
probably get it when I come back...keep me posted with the e-mails
ZMEU
this is unbelievable....I am on IRC right now, and metal was connected from
_METAL_ is ding@rhine.usc.edu * Chihshun
Unbelievable that is my friend's friend account, who also knows a ROMANIAN guy
in the science dept. This is the log:
ding@rhine:://///chengtah Cheng-Ta Hsieh p1 Jan 18 21:42 (tigris.usc.edu)
chengtah Cheng-Ta
Hsieh p2 2d Jan 16 16:32 (tigris.usc.edu) ding Chihshun 1 8d Jan 10 20:45 ding
Chihshun p0 3d Jan 10 20:46 (:0.0) Login
the romanian guy in there ( I got this from my friend on irc):
he is not getting involved...he is there in the library and did an access for
users log to check on metal
usc knows they're being h acked!
Best regards, ZMEU
On Fri, 20 Sep 1996, Dragos Draculea wrote:
> _METAL_ is ding@rhine.usc.edu * Chihshun
>
> usc knows they're being h acked!
METAL have root access at the site. I "saw" him messing up with DNS
records at that site earlier on #romania.
Regarding Mr. Carlo Wood post early on this list, I am pretty sure that it
was METAL at that time. His primary targets are the old systems based on
systems for which root attacks were made public long time ago. His new
preference are systems using NIS withiout proper firewall rules in place
by spoofing the address of the NIS master server and sending password
change requests.
He wants to be taken a tough guy by others or really means it - several
times said that his declarations about calming down and ceasing this kind
of attacks were nothing but bulls**t.
I know that it is quite easy to fake METAL nick on irc, including his
dirty language, but I saw him actually using his root priviledges on
rhine.usc.edu.
Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton gafton@sorosis.ro
Computers & Communications Center Network Administrator
http://www.sorosis.ro/~gafton Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
On Fri, 20 Sep 1996, Dragos Draculea wrote:
> I have spoken to _METAL_ today , and I have here some fragments that prove
> to *me* he is the real Calin Mateias.
> these are taken from #romania EFNET (not Undernet) on satuday night
> around 10:00 pm local New York time
> _METAL_ is ding@rhine.usc.edu * Chihshun
> _METAL_ on #romania
> _METAL_ using irc.phoenix.net Phoenix Data Net - Houston
> End of /WHOIS list.
>
The language is exactely the same and this can be proven by anybody
speaking with him.
About "Antena 1", this is a TV station here in Bucharest.
Sebastian
Hello everybody.
Let's try to make a list with all sites that he ever hacked, along with
times of attack/intrusion. Let's also define as much as possible the
methods he used for attacking them. Next, let's define what changes is he
usually doing to a system that he compromised. And last let's define what
we want to do to him.
Is somebody actually doing such a list?
Regards,
Sebastian
On Sun, 19 Jan 1997, Sebastian Taralunga wrote:
>
>
> Hello everybody.
>
> Let's try to make a list with all sites that he ever hacked, along with
> times of attack/intrusion. Let's also define as much as possible the
> methods he used for attacking them. Next, let's define what changes is he
> usually doing to a system that he compromised. And last let's define what
> we want to do to him.
We have a "to do to him" list over here, but none of it, I think, would
be verry legal.
On a more serious note, has anyone notified anyone at usc about him?
I have a number here (12137401111) but can't call at current (ld blockout,
in the infinite wisdom of the powers that be), and am trying to contact
the operator at mizar.usc.edu (logged on from console).
--tim
>
> Is somebody actually doing such a list?
>
> Regards,
>
> Sebastian
>
> Let's try to make a list with all sites that he ever hacked, along with
> times of attack/intrusion. Let's also define as much as possible the
> methods he used for attacking them. Next, let's define what changes is he
> usually doing to a system that he compromised. And last let's define what
> we want to do to him.
Also (for the press on the list) to define the methods of intrusion in
"common language" and see if it is any way to make this public - MC is not
a genius. I have a feeling I will see MC working for someone very soon,
and doing all he likes in an "organised" way. I know someone who needs a
"genius" to check some emails.... Well, I'm just a little paranoic (like
most of sys-admins), but....
--
Costin Manolache
Network admin,
Soros Foundation for an Open Society,
Bucharest, Romania
On Sun, 19 Jan 1997, Costin Manolache wrote:
> Also (for the press on the list) to define the methods of intrusion in
> "common language" and see if it is any way to make this public - MC is not
> a genius. I have a feeling I will see MC working for someone very soon,
No, he is not a genius. He have the right exploits and the right audience
- old, security forgotten systems. He is most likely attacking linux
boxes, maybe because is wider spread in Romania than any other
unix and he knows it better, but he mentuioned that solaris machines are
also an easy target. This guy is just up-to-date with BUGTRAQ postings
were exploit code and methods was made available for the big security
holes for about every unix version out there.
The press is presenting him like a genius (I've just read some France
Press reports and after finishing reading my impression was that METAL is
the God of the Internet, if he wants he can nail down every site and any
service). It is NOT like that. Every article I read sais "he breaked into
that site, then into that one, etc.", but NO article sais few words about
"taking advanage of the weak security those sites have". I agree we have
to protect the affected sites image, but let's not make from METAL an
Super-Genius. He is NOT. He did not promote one year of the high-school
and he is repeating that year. Now it seems there is a second year he will
repeat, after his current school situation.
Best regards,
Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton gafton@sorosis.ro
Computers & Communications Center Network Administrator
http://www.sorosis.ro/~gafton Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
On Sun, 19 Jan 1997, Costin Manolache wrote:
> > Let's try to make a list with all sites that he ever hacked, along with
> > times of attack/intrusion. Let's also define as much as possible the
> > methods he used for attacking them. Next, let's define what changes is he
> > usually doing to a system that he compromised. And last let's define what
> > we want to do to him.
> Also (for the press on the list) to define the methods of intrusion in
> "common language" and see if it is any way to make this public - MC is not
> a genius.
Right, for the press, a press-release. If they will not publish it, that
means that they are not objective, and we can simply avoid them. What
moderators think about this?
> I have a feeling I will see MC working for someone very soon,
> and doing all he likes in an "organised" way. I know someone who needs a
> "genius" to check some emails.... Well, I'm just a little paranoic (like
> most of sys-admins), but....
He was employed as I said, for installing a UNIX system. And he was fired
next day, because he left some trojan horses. He also pretended a huge
ammount of money for nott destroying what he's been doing. Evenimentul
Zilei however presented this under other therms, something like "Cruel
boss, he did not pay him!".
And as a syadmin he's not so good after all. I remember somebody telling
me that he entered his computer, and being with a `rm /' a the # prompt
:-)
So I do not think that a normal mind will employ him.
Sebastian
_______________________________________________________________________________
Home: (+40)/1/6141863 | snail: Sebastian Taralunga
Office: (+40)/1/3365771 | C.P. 13-20,
Fax: (+40)/1/3365761 | Bucharest, Romania
E-mail: seba@tcx.kappa.ro, sebastian.taralunga@taide.net, seba@kappa.ro
WWW: http://tcx.kappa.ro
On Sun, 19 Jan 1997, Sebastian Taralunga wrote:
> And as a syadmin he's not so good after all. I remember somebody telling
> me that he entered his computer, and being with a `rm /' a the # prompt
> :-)
>
> So I do not think that a normal mind will employ him.
Unfortunately, if the press continues to make from him an hero this will
happen, and he will get paid _very_ well in the security related business
by those trusting too much the press releases. He is currently using his
puvlicity to pretend that he can break any site he wants. A lot of people
can ve fooled by the argument that they employ as the sysadmin one of the
most know crackers on the Internet. Here is a difference: a lot of people
does not sense the difference between cracking and hacking.
Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton gafton@sorosis.ro
Computers & Communications Center Network Administrator
http://www.sorosis.ro/~gafton Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
> Unfortunately, if the press continues to make from him an hero this will
> happen, and he will get paid _very_ well in the security related business
> by those trusting too much the press releases. He is currently using his
Did you heard SRI's point? Either he's a genious or all admins are stupid.
So, someone really belive he's a smart person.
(for non-Romanians, SRI is the local equiv of KGB (or CIA?))
Also, in the last year they said "internet is used to spy poor Romania",
and "we must control that, to prevent blah blah".
Giving that they don't speak without reason...
I'm sorry I fill your mailboxes with junk, but I just want to point that
this is not only a technical problem, and the press on the list must do
something - and present him as he is - it's normal for a thief to know his
weapons, and this doesn't makes him a genious, nor makes fools the
guardians.
---
Costin Manolache
Network admin,
Soros Foundation for an Open Society,
Bucharest, Romania
Thank you for alerting us. No, USC as a whole is not hacked.
A specific host, rhine.usc.edu, was compromised.
rhine.usc.edu is not administered by us, University Computing
Services. It is a departmental host that we only provide net
access for, we have no logins on the host nor do we do any work on
it. We know of several other hosts on campus that have been
compromised by him. He gained root access on hosts not supported
by us because the sysadmins of those hosts had not applied the
latest (or any) security patches. On hosts that we do support, he
has only been able to gain user-level access, all were IRC users so
it is my guess that he somehow convinced our users to allow him to
DCC a .rhosts file, standard social engineering stuff, definitely
illegal but no master hacking skills necessary.
In fact, his hacking skills do not impress me. Everything he has
done has been cookbook. I have yet to see anything new.
rhine.usc.edu appears to be a Pentium box running Linux 1.2.13,
which is quite old. We have blocked its net access until I can
talk with the owner of the box. Unfortunately, there are many
other unsupported Linux and HP-UX boxes on campus that he will
undoubtedly target. We will keep our eyes open.
Thanks again,
Robert Lau Systems Programmer, Unix Systems
University Computing Services
213-740-2866 University of Southern California
rslau@usc.edu 1020 W Jefferson, LA, CA USA, 90089-0251
It was brought up at a SANS conference that 'the black hats have
better information distribution channels than the white hats'.
The press will always be there, the press will always sensationalize,
that's how they make money. There will never be a 'secure' mailing
list. It's a handicap us sysadmins will always have to live with.
In the meantime, we must continue passing necessary information to
one another. This MC character might derive great satisfaction from
seing his name in the papers, I don't care.
I'm happy that we have finally started another valuable information
resource for sysadmins. bugtraq is great for announcing holes, but
for actual breakins, lists like this allow sysadmins to see the bigger
picture.
Robert Lau Systems Programmer, Unix Systems
University Computing Services
213-740-2866 University of Southern California
rslau@usc.edu 1020 W Jefferson, LA, CA USA, 90089-0251
> He explained me ( i was prentending that i don't know) how two
> hosts sets up a tcp/ip connection and what is synflooding..I can say that
> i think he knows a LOT about computers,and if someone knows so much about
> computers at his age it's understandable he's doing such bad things.
You can find all of that information on a dozen web pages or any
'underground' hacker journal. Just do a 'Net Search' in your favorite
web browser. So he can cut and paste, and even remember what he has read.
Wow.
Robert Lau Systems Programmer, Unix Systems
University Computing Services
213-740-2866 University of Southern California
rslau@usc.edu 1020 W Jefferson, LA, CA USA, 90089-0251
On Sun, 19 Jan 1997, Magyari Endre wrote:
>
> Hi!
>
> I've been reading all the letters regarding METAL's irc session
> last night from rhine.usc.edu....I've been talking on IRC to him a
> lot,about such technical problems like SYNflooding and sendmail problems.
> I thought that he is just using exploits and programs,but I
> realized that he wrote all the programs and exploits he use and he
> actually knows a LOT about computers and the TCP/IP protocols.
> He explained me (I was prentending that i don't know) how two
> hosts sets up a tcp/ip connection and what is synflooding..I can say that
> i think he knows a LOT about computers,and if someone knows so much about
> computers at his age it's understandable he's doing such bad things.
>
> So,He is not a genius,but he is either not a fool,I think he is
> pretty smart.
>
> Regards,
> Magyari Endre
Endre, it is not difficult to know about TCP/IP and computer protocols, that
does not mean that you are a genius.
He is definitely not a fool, but all the programs that he used are not
written by him, regardless what he told you. As stated here on the list,
there are a couple of sites where he can get these sources. I know many
people of his age who know much more about computers even more than most
of their teachers know! and this does not mean that they break-in or do
something bad, they really help people protect themselves on the Internet.
Think about such a kid, who definitely knows more than Mateias Calin, if
he sees Metal presented as agenious, only because he applied some
programs, at his age, what he will do?
I really think you missed the point out-here.
>
> P.S.: By the wave,he also said that if press&media keeps broadcasting his
> picture,he'll change the president's picture at www.guv.ro.If he'll
> so,He'll be a national hero,that's for sure.:))
Exchanging the picture of the former president on www.guv.ro was done by
somebody else, and it was allowed most probably to spoof packets from one
client of Kappa. Try only to think in which media that news occured
exactely next day and you will see what I mean...
I tried to explain at that moment a little bit about security to the
sysadmin of www.guv.ro at that time, he wouldn't listen to me, eventually
he started swearing me (no comments).
This is history anyway, and www.guv.ro seems to be well enough protected
at this moment, so any attack of him would be hopeless.
Best Regards,
Sebastian
_______________________________________________________________________________
Home: (+40)/1/6141863 | snail: Sebastian Taralunga
Office: (+40)/1/3365771 | C.P. 13-20,
Fax: (+40)/1/3365761 | Bucharest, Romania
E-mail: seba@tcx.kappa.ro, sebastian.taralunga@taide.net, seba@kappa.ro
WWW: http://tcx.kappa.ro
> I thought that he is just using exploits and programs,but I
> realized that he wrote all the programs and exploits he use and he
> actually knows a LOT about computers and the TCP/IP protocols.
All programs found behind him where public domain ( and well-known).
> He explained me ( i was prentending that i don't know) how two
> hosts sets up a tcp/ip connection and what is synflooding..I can say that
> i think he knows a LOT about computers,and if someone knows so much about
> computers at his age it's understandable he's doing such bad things.
Any how-to-break article explain that. And the age is not relevant - all
kids having internet at home knows all of those things ( we provide
internet for schools, and make training with them - I met a kid in the 7th
(~14) who installed a Linux.)
> So,He is not a genius,but he is either not a fool,I think he is
> pretty smart.
So, anyone using computer is smart. And anybody on this list can do
exactly the same - plus ~50 highschool kids who mantain their schools
servers. In Romania ~100 highschools use Linux for email, and most of
them are mantained only by kids. After one admin is choosen, all other
"smart" kids begin to try to break-in, or gain more rights (they all read
all nice stories about hackers)
We try to keep them "under control" by very severe penalties (i.e. no
internet for the school) - and half of time in training camps organised by
Soros Foundation was spent in explaining why it's bad to steal and
breakin.
> so,He'll be a national hero,that's for sure.:))
1 year ago maybe. Now - I don't think so (and it was done in Oct)
--
Costin Manolache
Network admin,
Soros Foundation for an Open Society,
Bucharest, Romania
For those who haven't seen it:
http://www.expres.ro/press/evzilei/english/Welcome.htm#miscellaneous
Since we now have one or more staff members from Expres on this list,
I would like to encourage you to correlate any information you
receive from MC with information from other people who know more
about his activities. You will likely find that people who have had
their systems damaged by MC do not consider him "a victim", any more
than people who have had their houses and homes burnt down by an
arsonist will consider the arsonist "a victim". And similar to
somebody pouring petrol through a letterbox, MC has displayed no
sophistication, brilliance, innovation, or talent; rather, he has
merely exploited his freedom to do things he should not have done,
and that the world expects people not to do. The fact that crimes
similar to those committed by MC may not be illegal in Romania
doesn't mean that MC has any "right" whatsoever to do what he does.
By way of example, recall how a number of activities were perfectly
legal in Germany some 55 years ago.
It should also be pointed out that his motives as portrayed in the
article obviously don't hold any water at all -- "I set fire to the
house to warn people that it could burn down". Sure. Note that when
BT called him to ask, face-to-face, to stop his attacks, he replied
via IRC:
*_METAL_* don't try again to call me ! i will "prosecute" that !! he he he he
he he
By "prosecute" he means that he will carry out further attacks; and
the thought obviously makes him very pleased.
The archive of this list, available by sending mail to majordomo@EU.net,
contains a fair amount of background information. I'm including
here an excerpt from a UK service provider, who had their systems
destroyed no less than four times over Christmas.
On Jan 12, 23:21, Andrew Crawford wrote:
> It was a fun Christmas.
>
> What I don't understand is what his motivation was in returning on the
> subsequent occasions. My IRCop access had been suspended, any files he had
> on our system were gone, and there seems to have been no reason for his
> destructive and illegal behaviour except for sheer, unreasoned malice.
>
>[...]
>
> We have suffered significant financial loss as a result of this person's
> activity, as well as many sleepless nights. There are some things I'd like
> to point out:
>
> 1. The hacker's activity is illegal almost everywhere - and this includes
> Romania.
>
> 2. He cannot be expected to behave rationally. There was no rational
> motivation for breaking into Net Online on the subsequent occasions,
> except perhaps that bringing this small ISP to its knees had become a
> sport for him.
Dear Expres and others, please keep one thing in mind:
To destroy is easy; to build and create takes real genius. For every
one destructive person there is one thousand people who build and
create; this applies to the Internet as well as to any other area of
human endeavour. It is those one thousand people who are the heroes,
and it is they who display brilliance, sophistication, and talent.
--
------ ___ --- Per G. Bilse, Mgr Network Operations
----- / / / __ ___ _/_ ---- EUnet Communications Services B.V.
---- /--- / / / / /__/ / ----- Singel 540, 1017 AZ Amsterdam, NL
--- /___ /__/ / / /__ / ------ tel: +31 20 5305333, fax: +31 20 6224657
--- ------- 24hr emergency number: +31 20 421 0865
--- Connecting Europe since AS286 --- http://www.EU.net e-mail: bilse@EU.net
| Since we now have one or more staff members from Expres on this list,
| I would like to encourage you to correlate any information you
| receive from MC with information from other people who know more
| about his activities. You will likely find that people who have had
Let me put it in my own words:
If the "Express" doesn't, from now one starts to publish news in which
it is _clear_ METAL is a terrorist without any morality, damaging other
peoples businesses and properties, making threats to honest people AND
carrying out these treats (like dynial of service attacks on people that
earn their money with their business, like ISPs (Internet Service Providers)).
Then the RESULT will be that the rest of world has NO other means then to
shut Romania off from internet, until the government accepts a law against
computer crimes and takes care of anti-social elements like MC.
I am sure that he REALLY is national hero, when that is what will happen when
he doesn't stop - or at least, that SHOULD be the result. So how can you
even THINK that MC is great guy when he would burn all Romanian ISP to the
ground with a smile ??? (From the logs you will find that he makes NO difference
between either European, USA, Romanian ISPs or even harddisks of his own teenage
friends!!! He erases them as "punishment" when you don't do what he demands
from you, stamping his little feet. This man is SICK in his head.
Hoping for a little common sense from now on at the "Express", I'll stay
on this list for a little while more ( == cooperating together in this mess).
O, and before you start """quoting""" me in _your_ interpretation:
The PROBLEM, the MESS, the SHIT here are the *laws* (or lack there of) of
Romania. If Romania would have had a law against computer crime, equally as
it has against burning down houses (thanks S.), then he would have been
sent to prison LONG LONG ago, where he belongs.
Carlo
--
carlo@runaway.xs4all.nl, Run @ IRC.
On Sun, 19 Jan 1997, Per Gregers Bilse wrote:
> For those who haven't seen it:
>
> http://www.expres.ro/press/evzilei/english/Welcome.htm#miscellaneous
>
> Since we now have one or more staff members from Expres on this list,
> I would like to encourage you to correlate any information you
> receive from MC with information from other people who know more
> about his activities. You will likely find that people who have had
> their systems damaged by MC do not consider him "a victim", any more
> than people who have had their houses and homes burnt down by an
> arsonist will consider the arsonist "a victim". And similar to
> somebody pouring petrol through a letterbox, MC has displayed no
> sophistication, brilliance, innovation, or talent; rather, he has
> merely exploited his freedom to do things he should not have done,
> and that the world expects people not to do. The fact that crimes
> similar to those committed by MC may not be illegal in Romania
> doesn't mean that MC has any "right" whatsoever to do what he does.
I would like to make a short history of all I know about MC:
A year ago, I was a friend of MC. We had accounts at PCNET ( free ISP in
Romania ). We were fascinate about the possibility of entering ( via
telnet or..etc.. ) in to another computer and we wanted to gain full
access on more and more computers..
This lasted since a day when
MC succeeded to gain root access on a computer whom belongs to the manager
of Kappa. He read his personal mail( in facts that is the first thing
that he is making when has root access on a server). He made this using my
personal account from PCNET and we was called by the manager to answer for
my actions.( I was warned that I might have problems at school!).MC didn't
want to come there because he IS THINKING that there are no laws to attack
him
. I have met the manager of Kappa and he explained me what is a
network who are the persons who bulid it and what hard work they are
making.
I decided that I must renounce of breaking attempts. He found out about my
decision and called me "traitor". After 2 months he succeeded to destroy
the computer of my High School, so the admins had to reinstall it. In the
mean time he was breaking a lot of computers ( using the same "bug" (
libroot ) ) form our country. He succeded to destroy again our High
School server and after a while we have decided ( I become
administrator..) to make him an account so he will stop destroying other's
people computers.. So we made him an account on our server, but he thought
this is not enough for his intelligence.. so he wanted a "callback", but
we said that this is impossible because the SOROS foundation ( our ISP )
pay our phone line! and he was very furious about this and wanted to
destroy our server.. and for the third time he succeded .. From the last
time we were more interested about security.. and we have succeeded to
make a secure system ( Linux box ).
All the time he threatens me, that he has a "friend" who can beat me for
what I have done to him ( I was trying to talk to every admin in ROmania,
in order to stop his "illegal" ( he was using other's people
accounts, with or without their acknowledge ) access on INternet). Six
months ago I was hired as a Network Admin at Kappa, and he wanted to
destroy everything I was doing there.. and he succeded to destroy one of
the most important computers in our network.. but there is no law against
him ..
MC short portait:
He is a teenager ( as I am..), he doesn't know almost anything about
programming, and everything that he is using to destroy learned form other
people or reading BUGTRAQ or downloading "useful" programs from
ftp.infonexus.com ..He knows a few things about TCP/IP protocol, but he is
using this in order to destroy .. ( sniffers .. ).. I said all this
because our local TV and newspapers made him a genius.. Hope the persons
from expres.ro ( one of the most important newspaper in ROmania!! ) will
change their public attitude.
Teodor Iacob,
Kappa-NET Administrator ( theo@kappa.ro )
Finger info: theo@lbi.lbi.ro
Going through the logs of whale.st.usm.edu, the time
metal was on, he was coming from bestdpx.power-dept.pub.ro.
No ident on the user on that machine.
Today a very good friend of mine called me, knowing that I deal with
Internet, and asked me: "Poor Mateias Calin, what do you think we caon do
to help him?" .....
No further comments..
S.
_______________________________________________________________________________
Home: (+40)/1/6141863 | snail: Sebastian Taralunga
Office: (+40)/1/3365771 | C.P. 13-20,
Fax: (+40)/1/3365761 | Bucharest, Romania
E-mail: seba@tcx.kappa.ro, sebastian.taralunga@taide.net, seba@kappa.ro
WWW: http://tcx.kappa.ro
>From owner-roprob@EU.net Mon Jan 20 09:33:07 1997
Return-Path: owner-roprob@EU.net
Received: from mail-relay.EU.net (mail-relay.EU.net [134.222.91.10]) by oc1.itim-cj.ro (8.6.12/8.6.9) with ESMTP id JAA05430 for ; Mon, 20 Jan 1997 09:32:57 +0200
Received: (daemon@localhost) by mail-relay.EU.net (8.8.3/8.6.10) id VAA27824 for jalobean@oc1.itim-cj.ro; Sun, 19 Jan 1997 21:06:15 +0100 (MET)
Received: (list@localhost) by mail-relay.EU.net (8.8.3/8.6.10) id VAA27769 for roprob-outgoing; Sun, 19 Jan 1997 21:05:39 +0100 (MET)
Received: from relay.logicnet.ro (ns1.logicnet.ro [193.226.80.252]) by mail-relay.EU.net (8.8.3/8.6.10) with ESMTP id VAA27762 for ; Sun, 19 Jan 1997 21:05:28 +0100 (MET)
Received: from default (m14-b.logicnet.ro [193.226.80.79])
by relay.logicnet.ro (8.8.4/8.8.4) with SMTP
id WAA27534 for ; Sun, 19 Jan 1997 22:05:17 +0200
Date: Sun, 19 Jan 1997 22:05:17 +0200
Message-Id: <199701192005.WAA27534@relay.logicnet.ro>
To: roprob@EU.net
From: Cristian Ivan
Subject: metal ?!
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver 1.12
Sender: owner-roprob@EU.net
Precedence: bulk
Status: RO
HI !
After reading most of the mails from this list, I finally decided to write
something, too. That's why I decided to present you "Mateias Calin: HISTORY"...
:)
First at all, I must say that I PERSONALLY know Mateias Calin (aka
Metal ministry, maxc etc.).
I met him for the first time some years ago (2 or something).
At that time he was just kinda normal, his interests beeing FidoNet
mail and games. (of course normal is not the right word maybe, cause even at
that time I realised something was not alright with him.. and I wasn't the only
one to say that). So, after some time, he discovered the Net, through a very
slow link, shell account on a VAX machine.. not the kind of stuff that makes
you NET addicted. He used it only to get some freeware/shareware programs to
put on his BBS. Slowly he noticed the UNDERGROUND face of the Internet (warez,
sex-stuff, cracking/hacking etc).
That's the time he started his "hacking" activity (like 1-1.5 years ago). But
before that let's say a few things about MC, the man. Even at my first meeting
with him I noticed something: this guy is VERY frustrated.. he has NO friends,
no social life; noone recognizes his "talents". His "friends" were ONLY
business friends, persons who want something from him (hacked accounts, mainly)
and offer their presence in exchange. He was very happy when someone visited
him at house (there should be a lot to say about his "home environnment",
but I don't think it's VERY important right now).
His mainly goal was to be recognized as beeing SOMEONE ! He likes a lot when
someone appreciates his "work" and congratulates him for it and he becomes
VERY friendly and willing to help. Anyhow, there should be A LOT to talk about
his personality, but I think I've already bored you enough...
So.. about his so called hacking activity. We were in "good"
relations for some long time, cause I was the only link between the "good guys"
and the "bad guys". He enjoyed a lot to "teach" me about hacking.. to tell
me stories about his hacked sites and so on... Meanwhile, I gave that
informations to "the other side".. :) All stopped some time ago, when I
kicked him out of the #romania channel, after telling him , without success
of course, to stop swearing. Started then, he became VERY angry with me..
tried UNSUCCESSFULLY to hack my Linux box. (yeah.. he's VERY emotional
unstable...). During the time, I followed most of his acctivities (without
letting him know, of course): I was hacking the same sites like him, deny-
ing his access and letting the admins know about their security hole..
(I know it's not VERY orthodox, but my hacking was the only way to stop him),
I erased/changed password on his "hacked" sites and so on...
Let's talk about his "hacking skills":
1. he's MAINLY using BUGTRAQ/infonexus/CERT advisories exploits. His skill is
maybe noticed in CHOOSING the right exploit.. :)
2. Linux is his preffered OS. Maybe because there are so many linux boxex in
Romania and he had a lot of opportunities to test the scripts/exploits.. :)
And of course because MOST of the available bug-exploits are for Linux.
(btw he's using Windows95 and Linux at home).
3. After breaking into a site (and hacking root) his first move is to start a
packet sniffer in background, mainly on telnet , sendmail ports. If you do a
"ps -aux" on a hacked site you'll sure noticed some lines like "nn -f *.* -t -p 21 -t ^ A" or something like that. After that he's trojanizing
the system, (using Linux Rootkit and tools like that): patching login, telnet,
etc. He also seems to like A LOT starting a telnetd or something similar on
an arbitrary port (check /etc/services for more info.. :) ). Of course, he's
doing all that ONLY when he has some interests on that site (like good speed,
much hdd free space).
Elsewhere he might just "rm -rf / &" the system. That depends on his mood...
it's totaly unpredictible.
So, he's DEFINITELY _NOT_ a genius. In fact, I know A LOT of ppl knowing
more about computers than MC will ever know... But he's got this publicity
need, which might just be fatal to him. His "hacking skills" are not a
problem for a sysadmin who knows some basic elements about security (as an
example, as USC.EDU admins could remember, he tried to hack my box from
usc domain; he had an account (it was somehting like a semi-public
ftp account, so it's was n/p for him to get it.. in fact i knew he had it,
but i was very curious to see his "improved by anger" skills); well..
he had a login and a pass on my site and he COULD'N even login ! -
the shell was something like /bin/null ;-> )).
This was VERY frustrating to him.. as some ppl told me.. :).
So, protecting >from him is VERY easy.. one thing to start with may be
limiting the access to in.telnetd and swiching to some more secure things,
like SSHD for example.
Enough for tonight... :) If you have any question about him.. shoot.
Thank you for your tim,
cRIS
- OTTO.DEPGERM.PUB.RO sysadmin -
Well, if the press is on the list let make things more serious:
We can forward messages to the press.
This can eventualy convince them to support (or request) some laws.
I will try to make a list with all publications having internet access and
I will put it on the list (we use this for making press-announces, besides
regular metods).
Let's give them all info they need!!
So they will have no escuse to publish s...., and we need press suport
anyway - it's the only way (now) to convince all the young Romanians that
steeling is not good !
--
Costin Manolache
Network admin,
Soros Foundation for an Open Society,
Bucharest, Romania
On Sun, 19 Jan 1997, Per Gregers Bilse wrote:
> Dear Expres and others, please keep one thing in mind:
>
> To destroy is easy; to build and create takes real genius. For every
> one destructive person there is one thousand people who build and
> create; this applies to the Internet as well as to any other area of
> human endeavour. It is those one thousand people who are the heroes,
> and it is they who display brilliance, sophistication, and talent.
I see two different aspects here: MATEAL is presentet as a genius not only
in romanian press, but also in the US, France, UK press. Just try again to
read the articles from Hotwired and you will see what I mean. If Hotwired
fail to present him as he really is, and Hotwired is supposely a computer
literate publication, I don't see why the romanian press, knowing very
little about computers related problems, will do it otherwise.
I suggest we make a public statement about this, try to agree on the final
form, and mail it to Hotwired and other mass media representatives. If
they fail to see the real situation, let's give them a hint.
Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton gafton@sorosis.ro
Computers & Communications Center Network Administrator
http://www.sorosis.ro/~gafton Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.
Hello,
I think the media attitude concerning Calin Mateias and his position in our
specific gallery, together with other romanian VIP's like Ion Stoica, Miron
Cozma, Sever Muresan, etc., we should understand from the point of view of
the people and/or organizations benefiting from such intruder actions.
I have in mind the declaration discussed in our mass-media about the
Internet as the most dangerous thing for Romania ! It was in 1995 April, I
guess, and at least Cristian Tudor Popescu and Ulieru had proved this idea!
The local solution, in my opinion, is educational one. Therefore I think
that we must organize a list in romanian also, as well as a focused media
action to convince romanians about the jeopardy for our opening and
democracy, to urge the elaboration of a proper law for such felony.
It is up to us to convince people that Calin Mateias is a dangerous
delinquent, not a genius nor a hero.
Don't forget that until now, as far as I know, the only official opinion
presented in Romania was the SRI's comment about the proper law missing...
Yours sincerely affected by this fact,
Mihai Jalobeanu
Appologies to those who already got these two mails. I tried to improve
performance of the delivery to the list members which resulted in unreliability
:-( Now changed back to the old configuration.
Regards Jarda
Subject: Re: Expres article
Cc: roprob@EU.net
On Jan 19, 18:08, Danny Mitchell wrote:
> Hmm.. this list has gone totally useless to me now.
> Information sent to this list is being delivered to various
> press members and publicized; Information is not secure for investigation,
Well, there isn't really anything to investigate (any longer), all
facts are well known, etc, etc. The current objective is to get
something done about the problem, not to find out more about it.
But you have been removed from the list.
--
------ ___ --- Per G. Bilse, Mgr Network Operations
----- / / / __ ___ _/_ ---- EUnet Communications Services B.V.
---- /--- / / / / /__/ / ----- Singel 540, 1017 AZ Amsterdam, NL
--- /___ /__/ / / /__ / ------ tel: +31 20 5305333, fax: +31 20 6224657
--- ------- 24hr emergency number: +31 20 421 0865
--- Connecting Europe since AS286 --- http://www.EU.net e-mail: bilse@EU.net
Subject: Press excerpt
In-Reply-To: <199701192044.VAA00373@jolan.ppro>
Message-ID:
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-roprob@EU.net
Precedence: bulk
--------------------------------------------------------------------
The press has created a false hero capable of breaking into computers all
over the world
Mateias Calin Is A Jerk
@ He is hiding, but nobody is looking for him @ His "spectacular doings"
with computers involve no geniality @ The americans have not even heard of
him @ They claim it is wrong to picture him as important, because that would
encourage distructive behaviour
For the last couple of days, Romanian mass-media has found a sensational
subject, announcing loud and clear that Bucharest has finally produced a
young genius capable of focusing the Western countries' attention on our
little country. The "overskilled" Calin Mateias the newspapers have been
roaring about is a 17 year-old kid repeating for the 2nd year the 10th grade
in a Bucharest high-school. The only thing he is good at is managing to get
lousy school results. Yet, on the 11th and 12th of January he did something
that made him quite well-known: using his home computer, he broke-into and
destroyed several computers connected on the Internet. The news was
sensational in Romania, where most of the people still think about computers
as about some mysterious and hi-tech devices. Instantly, Mateias has become
some kind of a national hero. Unfortunately, reality shows him totally
different. The "Romanian Genius" is a press-fabricated character and could
become a dangerous myth.
How the legend was born
It is pretty hard to explain how some attention-seeking teenager doings
did get to be taken as a proof of genius. We can understand that if we take
a look at the Romanian newspaper issues on the last couple of days. All of
them are full of technical terms which sound pretty wild: "server",
"hard-disk", "subroutine", "accessing" etc. Add to all this the names of
well-known foreign organisations, such as the NASA, the FBI, the British
Telecom. Only the KGB, the Mossad and the MI-5 were missing. Reality is far
from being so spectacular. A non-technical translation does not leave us
with much.
We have to explain what Mateias Calin really did. Nothing with a touch of
genius, unfortunately. He used his home computer in order to access the
Internet. Exactly as many thousands of other Romanians. The Internet is a
network consisting of many computers linked together that are exchanging
information. Powerful computers, also known as "servers", placed everywhere
in the world, are hosts for remote users. Users connected to such a computer
can easily communicate.
Anybody can access the NASA database up to a certain level
Among all these computers, there are also several special "communication
servers", which allow users to "talk" using their computers. Such an
activity was a favorite one for Mateias, and he used to introduce himself
sometimes as "Mateias", sometimes using a surname, "Metal". After that
stage, his favorite entertainment has become to destroy everything he could
using the Internet. Mainly he distroyed unprotected databases, open for
access to anyone. The Pentagon, the NASA and many other well-known
organisations have free-access databases on the Internet. Of course, these
databases contain non-confidential information and anybody can browse
them. Yet, Mateias could not find anything better to do than erase them.
Why? Because it was easy. Probably he thought of himself as of a very smart
person because of that, considering the fact that he made sure to leave his
signature, using "smart" messages.
It is dangerous to encourage distructive behaviour
Paul Dresson, an FBI agent in the National Computer Crime Department,
confirmed the fact that FBI does not have any investigations in progress in
Romania. He said: "There is nothing sensational here. Any American kid could
do such a thing using his home computer. But he does not have a reason to do
it. There is nothing to gain and he knows he could be punished for doing so.
Of course, public access databases are very easy to destroy. They are
unprotected because nobody could have an interest in erasing them. Why
bother?" Dresson was amazed to learn that Mateias is considered a genius in
Romania. He said it is very dangerous to portrait him as an important
character: "I trust in Romania there are thousands of young people who could
do what Mateias did. If Mateias is going to be presented as a genius, there
are others who could also start destroying servers, just to show they are
not inferior to him. Things should be said correctly."
Miruna Munteanu
----------------------------------------------------------------
This article is an excerpt from the Romanian national ZIUA Daily Newspaper,
issued on Monday, the 20 of January, 1997.
Regards,
--------------------------------------------------------------------------
Felix Chirciu
Communications Manager and System Administrator
The Daily ZIUA Newspaper, Bucharest ROMANIA
--------------------------------------------------------------------------
--
======= ___ === Jaroslav Martan, Network Engineer,
====== / / / ___ ____ _/_ ==== EUnet Communications Services BV
===== /--- / / / / /___/ / ===== Singel 540, 1017 AZ Amsterdam, NL
==== /___ /___/ / / /___ /_ ====== Tel. +31 20 5305333; Fax. +31 20 6224657
=== ======= [ 24hr emergency number +31 20 4210865 ]
=== Connecting Europe since 1982 === http://www.EU.net e-mail: martan@EU.net
On Sun, 19 Jan 1997, Timothy Lawless wrote:
>
> Going through the logs of whale.st.usm.edu, the time
> metal was on, he was coming from bestdpx.power-dept.pub.ro.
> No ident on the user on that machine.
>
>
I read this mail and I think that I must to show you, why this
"cracker" Mateias Calin aka METAL had use bestdpx to broke other systems.
I was sysadm on this machine 2 years ago. The machine is running UNIX
System V Release 02.01. It made by BULL from France and is an very OLD and
UNSECURE system.
When I was Bestdpx's (is at "Politehnica" University of Bucharest,
Power Department), I tried to contact the BULL and they told me that
don't have this system in the archive.
This host is full with bugs. Anybody can broke this system via NFS
because this site exports for everybody a directory with Slackware.
Bestdpx is the machine where any novice teachs UNIX and uses the host
to try broke other systems. So, Bestdpx is a public machine and you must
don't have trust in it.
METAL is an IDIOT. The Press and TVs from Romania make him advertise
and look what's happening:
Date: Sun, 19 Jan 1997 20:06:09 +0200
From: Szavuj Iosif
To: webmaster@expres.ro
Subject: metal
Ma numesc Iosif Szavuj, si sint patronul firmei IODES TRADING SRL din
Bucuresti.
Saptamina viitoare o sa pornesc afacerea mea On-line, un server
Internet comercial.
Va rog frumos sa ma ajutati sa iau legatura cu Calin Mateias
(macar o
adresa de E-mail) pentru ca vreau sa-l angajez, si sa-i ofer un salariu
pe masura capacitatii lui. E pacat ca un asemenea tinar trebuie sa se
gindeasca sa plece in strainatate, nu ?
Va rog ajutati-ma!
Cu respect, Iosif Szavuj
I translate:
<>
Hehehe... This is...
Adrian Samareanu
Network Engineer & Webadmin.
Expres Ltd.
adis@expres.ro
Per Gregers Bilse was known to have stated:
>
> On Jan 19, 18:08, Danny Mitchell wrote:
> > Hmm.. this list has gone totally useless to me now.
> > Information sent to this list is being delivered to various
> > press members and publicized; Information is not secure for investigation,
>
> Well, there isn't really anything to investigate (any longer), all
> facts are well known, etc, etc. The current objective is to get
> something done about the problem, not to find out more about it.
> But you have been removed from the list.
>
Thanks for the clarification. Problem is, that the only thing that I see
happening is that the press is getting involved, and turning things into
a circus :( If I thought that there was something that I could do to actually
help get something done, I'd hang around to help out.. But, I dont really feel
that there is much I can do in that area... Best of luck with this
project. I do hope that something proper comes out of it.
--
_______________________________________________________________________________
DannyM -- WildStar Internet Services
http://www.wildstar.net/~danny
(405) 447-0581 fax: (405) 447-0616
_______________________________________________________________________________
Everything that I post is of my personal opinion, and not that of my employer!
Random Excuse for being late:
I am converting my calendar from Julian to Gregorian.