Teen hacks 27 ISPs, gains root access

A 16-year-old hacker affiliated with the cybergang known as Global Hell compromised at least 27 Internet service providers late last year, stealing passwords and, in some cases, destroying data, according to details of a police investigation released Monday.

The organisations that were compromised were "mainly in the US," said Damian Frisby, a detective with the Sacramento Valley Hi-Tech Crime Task Force. "A lot of them were private Internet companies, law schools and colleges, and a couple were backbone Internet providers. The hackers were able to gain root access."

The facts in the case came three days after Pacific Bell Internet Services notified an unknown number of customers that their passwords had been compromised and that they have until January 14 to change them. In an email message sent Friday to customers, Valeri Marks, president and CEO of Pacific Bell Internet Services, said that a band of hackers targeted a number of its California customers.

"We were recently notified by law enforcement officials that a ring of hackers, currently in police custody, had gained access to the password information of some California ISP users. Although there has been no indication of any account abuse, you should change your password immediately," the notice read.

In fact, the police have charged just one person, a 16-year-old West Hills, California, resident, with several felonies including unlawful access and grand theft. According to Frisby, the cyberthief had connections with a notorious online group known as Global Hell, several members of which were arrested last fall by federal law enforcement officials.

The original investigation followed a December 7, 1999, complaint by Innercite, an El Dorado County Internet service provider, which reported that its servers had been compromised and several files deleted. Innercite also reported that its service had been used to perform network scans of computers at Sandia and Oakridge National Laboratories.

Pacific Bell went beyond issuing a simple warning, saying that subscribers would be required to change their passwords or face being shut out of their accounts. "For your protection, if you have not changed your password by January 14, 2000, Pacific Bell Internet will require that you call in to change it in order to access your account," the email stated.

For good reason: More than 200,000 passwords had been stolen from the California Internet service provider, though the police found that only 63,000 had been decrypted at the time of arrest, said Frisby.

Pacific Bell provided a Web address where users could change their passwords.

A Pacific Bell support technician confirmed the action Saturday but could not provide details. No other information has been made available on Pacific Bell's site.

Although hack attacks on ISPs are not uncommon, it is more rare for a service provider to require customers to change their passwords.

So far, none of the other providers has come forward with details about the problem.

What do you think? Tell the Mailroom . And read what others have said.

Take me to Hackers