Well well long time no see eh? I type in 'krepgb' as the nickname (Well thats what you get with random keystrokes) and I'm connected. I think I'll go to #ChickSpot; it used to be a place of decent isloo crowd. So I'm in the channel....huh? Is it a war zone? I see lots of text scrolling on the main full of swear words, curses and indecent language. As I look closely its just one girl causing the trouble (well I figured out her gender from the abusive replies of others). Ok the speed of scrolling is slowing down as the users start quitting the channel....abnormally....eh? Why is that every participant in the discussion getting a 'operation timed out' quitting message?

Just then I see a message..."LOL! poor kids they don’t know who they are up against. I OWN this channel" The operator of the channel replies "This is too much. whats your problem?" and what happens next? you guess...yeah the operator also gets an operation timed out termination. Ok so this girl not being the operator is somehow able to kick people out of the channel, infact IRC. Well..I'm a curious person and I need to find out so I get ready for some action.

Me: Soo...you're the one kicking people out of here?
Her: you bet
Me: Cool...so how do you do it?
Her: Well...I'm a hacker
Me: Prove it
Her: My pleasure...
(30 seconds pause)
Me: Well??? Where did your hacking skills go?
(30 more seconds and no reply yet)
The blinking monitors of my dialup connection in the system tray on the bottom right catch my attention. Its shows its continuously receiving data but not sending any. I type something random on the keyboard and send it to her on IRC but still the sending monitor icon wont light up. Since I'm not downloading anything and not browsing any site, there is no way I could be receiving so much of data. Soon my MSN signs out with an error...fine I was going to close it anyway just to hunt down the program pulling so much of data. I close all the programs in the system tray, I quit IRC, terminate the antivirus and all user level programs that show up on task manager. So now I have no program running and still the incoming bytes won't stop.

I quickly open the Ethereal packet sniffer program to see what do these packets contain. As I enable the packet capturing, I see great deal of text scroll in seconds. I stop the sniffer and ponder over the packets for a while. I notice I'm continuously receiving UPD packets on different ports from 5 different IPs, all 1kb in size. I open the TCP View program to see if any of the applications are listening to these packets and I see that there are no programs listening to them.

Ohkayyyyyyyyy... so she conducted a Distributed Denial of Service (DDoS) attack on me. Since my connection is so overwhelmed with incoming data its unable to send any acknowledgement back and hence all my client softwares lose their connectivity with their servers e.g. mIRC and MSN. By the way...when did this become computer hacking? Anyone with the right amount of resource can do this. This does not make you a hacker dumbhead!

No wonder! technology sometimes goes into hands of people who don’t deserve it. Money can buy them a broadband connection but it can't buy them brains. I think its time for payback but its 12:01 AM now and I want to go to sleep. I'll do something tomorrow.

I wake up at 5:30 AM, offer my Fajar prayer, get a cup of coffee and get on to my PC. I first code a module that does SYN flood on a given IP. Within 30 minutes I'm done with it but its useless for me because I'm on a dialup connection and before it does anything to him I'll get disconnected my self. I count all the PCs I have access to that have high speed Internet well..I don’t have direct access but indirectly there are 2. A friend of mine works in an office in night shift and they have a T-1 line. Technically, that should be enough but I want more. Another friend of mine has DSL and he is connected 24/7 so I'll count her in. Now that I know where to use that module, I write a program that posts the IP of the machine it is installed on. On a page of my website then it pulls another page to see if it has been asked to trigger the SYN flood on any machine.

My program would post it’s IP on to the page every time the PC go online so I'd know that both of the PCs are online and I'm ready to perform the attack then I'll put the IP of the machine I want to attack on the second page so that when it is pulled by my program it performs the attack on the given IP. Now that I come to think of it, I can actually use the bandwidth of the machine my website is hosted on, as well ;)

So I code a PHP page that displays the online PCs in a listbox. Then it has a textbox where I can type the IP of the target machine and button which when pressed updates the second page with the given IP so the attack is conducted. Finally, I translate the C++ SYN flood module to PHP and put it in another page which would allow me to attack the IP from my website. Good enough...now I have 3 PCs ready for action. Its 8:18 AM and I'm tired. I need some sleep so I go to the bed again.

When I wake up, I give my friends a call and tell them to host a small program for me tonight; they agree and I email it to them. At night after my dinner, i go on IRC and see the same nick sitting in the channel. I open up my PHP page to see the list of online PCs and find that both of my friends are online. I right click her nick and get her IP but its a class A IP. There is a fair possibility that she has an IRC shell account. So I disconnect and reconnect the Internet and then go onto IRC with another nickname and trick her into adding me on MSN (on my fakeID ofcourse) and then I tell her to accept the file transfer of my picture that sure made her drool so she accepted the transfer of 'me.bmp'. Bitmaps are bigger in size and I am on a dialup so it takes some time for the file transfer to finish while I get her real IP and setup the attack.

Well I have her real IP now so my job is finished. I tell her that my dad needs to use phone so I'm going offline and so I disconnect. Then I connect to another ISP change my nickname, my ident info, name and email on mIRC settings and re-enter the channel.

She is still online. I bring her into conversation on the channel...

Me: I've heard you bully kids around here by nuking them?
Her: Yeah any problem? Do you need some too?
(Without saying anything further I press the attack button on both my PHP pages which were already setup to attack her IP).
Me: Well...do you know how does it feel being nuked?
After 10 seconds I receive
Her: LOL (Laughing Out Loud)

And that was her last message on the channel...soon I see the wonderful message "isb_roxah`` has quit IRC (Read error: Operation timed out)" hahahahahahaha peace....finally.

I'm going to get a good sleep tonight but before that I email my friends and tell them my work is done and they can delete the program now. Well I'm a good guy afterall. :)

The above story is a fiction based on possible real-time experiences. This story is published in good faith and to educate general public about potential risks of hacking attacks.

The writer is a software Engineering student at BIMCS. Islamabad and an active member of Research And Development Group of Information Technology (RADGIT).
He can be reached at hasan.khan@itinsight.info