Cyberwar On The World SMS Capital?

I don’t know how often this happens, but if true, it must be a worry. It’s either a hoax, a script kiddie adventure, or the first bit of post-US election cyberwar.

According to Filipino news website INQ7.net (no live URL available), a group of hackers today “breached the short messaging service (SMS) servers of both Smart Communications and Globe Telecom”. It quoted a posting on the blog of a concerned hacker, Hacker PI_Flashbulb, who appears to be a regular commentator on security issues and claims to have alerted the government to several holes in their security.

What’s intriguing is that the story has since been removed: A message on the link says “temporarily unavailable or has been taken down from our server”. The same hacker, PI_Flashbulb, was quoted earlier this month by the same publication as warning of “a group of hackers who said that they will soon launch coordinated attacks against Philippine websites. Their main reason: “their government is supporting Bush.” Akala nila Singaporean ako (they thought I was a Singaporean)”.

Today’s article, since removed, says that to see “the hacker group’s message, one has to create a new SMS message, key in “FLT RB9” on the message body, and send it to 2333 for Globe and 211 for Smart subscribers. After sending the cryptic text message to 211 or 2333, the subscriber will receive this message: “Greetz to PATz, Luvchris, Verum, Fed-X, hEps, ch1m3ra, TriSha22, powerb0xx, clown AFeD-XA, Bryle, royX, Crayden at sa mga wanabee hacker groups ng masang Pilipino!”” The article says that as of Wednesday evening, “the Smart service was still sending this same message to subscribers, while the Globe number gave an error message.”

Intriguingly, the earlier article, published Nov 6, said anonymous readers had posted messages on PI_Flashbulb’s blog saying that “that the digital subscriber line (DSL) service of both Digital Telecommunications Philippines Inc.(Digitel) and Globe Telecom were open to possible attacks”. One comment appeared to suggest the hackers PI_Flashbulb were referring to are Indonesian. Many Indonesians — the world’s largest Muslim population — are opposed to George W Bush’s administration for his war on terror.

I’m trying to reach PI_Flashbulb to learn more about this. His website is usually given as phackers.org but that has not been reachable, although there’s a separate blog to which he contributes here. I could find no mention of the attack there.

17. November 2004 by jeremy
Categories: datawars, Phones, Security | Tags: , , , , , , , , , , , , , , , | 9 comments

Comments (9)

  1. Hi. I searched around and found this live link: http://news.inq7.net/infotech/index.php?index=1&story_id=18407

    I thought you might find this useful.

    However, you may also wish to consider this post by a fellow Filipino blogger:

    http://www.albrine.wyldnation.com/mysite/?feature=permalink&blogId=171

    Sometimes, indeed, even mainstream media makes mistakes. And very recently, I can say that INQ7.net (and the Philippine Daily Inquirer itself) had made quite a big one in publishing a story that was proven to be a hoax.

    Angelo

  2. Thanks for the feedback. After speaking to someone in the Philippines who is familiar with the tech underground there, it seems to be clear that this attack was not politically motivated, and was probably done by a local individual, perhaps with inside help from the telcos. I’d love to hear from anyone in the Philippines who could shed more light on this and other security breaches there. Seems to be quite a problem.

  3. Hi,
    If you had been a content provider for these telco’s using the access numbers of 2333 / 211 for such a time, then you must know that it is not these telco’s that has been hacked but a content provider :). Very easy indeed, all you need to know are some technical info on the providers and let the fun begin 🙂 .

    -oist

  4. I don’t think it was the content provider that was hacked. The Smart short code 211 is used by their balance inquiry utility. Smart could not have outsourced their billing system to a content provider.

  5. Jeremy, did you really talk with somebody in the Philippine tech underground? Your contact seems doesn’t give you clear information. Kindly read the link posted by J Angelo. If you wish to see the guys mentiond in the text message along with the one that did the hack, you may chat on irc.dal.net in the room #asianpride. This is the room founded by the core asianpride members that did some exploits a few years back. They are still active and just to inform you, once you enter the room a security scan is on its way.

    Angelo, thanks. 🙂

  6. Hi,

    Roger, you need to do a little more research :). Smart 211 is a general access number, Smart relays messages from this access number to the content providers and or to their own content systems depending on the “keyword” .
    Been there, done that so I know what I’m saying.

    -oist

  7. In Most of case Sms Hoax, sms sender tries to hide the identity, there are software avialables where you can change mobile number with any other sender name, or even you can set different Mobile number in sent sms. Above is highly avaiable with sms sending through internet