en

The VICE Channels

    Outside 32c3. Image: Joseph Cox

    Chaos Communication Congress Hackers Invaded Millions of Servers With a Poem

    Written by

    Joseph Cox

    Contributor

    Just before the end of 2015, sys admins all over the world woke up to a whimsical message beaming out of their computer screens.

    “DELETE your logs. Delete your installations. Wipe everything clean, Walk out into the path of cherry blossom trees and let your motherboard feel the stones,” the poem started.

    It was sent out from an IP address associated with the 32nd Chaos Communication Congress (32c3), an annual arts, politics and security festival that takes place in Hamburg, Germany. The message was fired out to a swathe of the public internet, attempting to hit all the IP addresses it could and leave its musings in administrators’ server logs.

    The hackers behind the stunt, who called themselves “masspoem4u,” told Motherboard in an encrypted email that the poem potentially reached tens of millions of machines.

    “One of our goals was to place something beautiful in an unexpected place, nestling a little poetic message amongst repetitive server access logs. We were very happy to hear that many people got a smile out of it!” they said.

    “Let water run in rivulets down your casing,” the poem continued. “You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping.”

    “We know that you are ready and waiting. Join us.”

    Masspoem4u—who say they are long time fans of the Congress and attended this year for the first time—used the tool “masscan” to flood the internet with their message. Masscan can be used to scan the entire internet, typically for hunting out vulnerable systems. Robert Graham, one of the tool's creators, demonstrated it at the hacking conference Defcon back in 2014.

    Graham suggested putting a friendly message along with your scan, so people don't immediately think it's a malicious attack. This is where Masspoem4u pasted their few lines of verse.

    “We attempted connections to the entire public IPv4 space (excluding private/reserved ranges and other blocks excluded in the default masscan exclude list), meaning that we reached out to almost 4 billion servers (though many of these packets may have been filtered by a firewall before reaching their intended destination),” Masspoem4u said.

    "If we could have covered our message in cute animal stickers, we probably would have, but sadly the HTTP standard does not support this feature"

    The actual number of systems reached would be lower. “There appear to be approximately 55 million servers open to connections on port 80 (the standard port for HTTP),” the group continued—these servers could have recognised the communication being sent. Of those, around 30 million returned “non-empty responses” and therefore “would be likely to have logged our poem.”

    HTTP does have some limitations though. “If we could have covered our message in cute animal stickers, we probably would have, but sadly the HTTP standard does not support this feature,” they wrote.

    Naturally, this huge, scatter-shot approach takes up a whole lot of bandwidth. Fortunately, the Congress provided attendees with some serious connection speed.

    “We are also indebted to the 32c3 NOC [network operations centre] team, for providing such great connectivity and encouraging playful experimentation,” Masspoem4u said.

    “Our poem delivery wasn't pre-planned, but many of the themes behind it are ones we've thought a lot about, and while wandering around 32c3 we saw an opportunity to realize past daydreams with the fast network uplink,” the group continued.

    Instead of seeing the messages as simply server logs, Masspoem4u envisions “tiny postcards flying across the net, without using any sort of centralized service like Twitter or Facebook (or Weibo, etc.) through which most communications seem to flow these days.”

    “In this vein, we would like to remind people of the importance of keeping the internet free and decentralized,” the hackers continued.

    “The internet is ours, and it is adorable.”