r00t .o ChiEF IdiOt ThAT oWNz EWe: hosaka o. .o ELiTe T-SHirT MaKEr AnD dA ViCE IdiOt: t3 o. .o oFFiCiAL nEkkiD piKTuReS fOtOGrAPhEr: X o. .o oFFiCiAL Bi-PoLAr MaNiAC: yy[Z] o. .o MiGHtY & pOwERFuL: rs o. .o GoLDeN ShoWER KiNG: Okinawa o. .o ELiTE SeKReTS & EmBARasSiNG InFoZ KeEpER: entropy o. .o EgOMaNiAC SoOpAH DoOpah pLaYah: Y o. .o GuNs & WEaPonS SpEciALisT: ReDragon o. .o oFFiCiAL JeT PlaNE PiLOt: Ice-9 o. ! ThERe aRE SoME ELiTe MeMbeRs wE hAVE nOT aNNouNcED ! ****************************************************************************** r00t in association with t3 productions proudly present: r00t t-shirts Yes that's right, you too can own and proudly wear a t-shirt from the most elitest "group" on the Internet. These t-shirts are no half-assed silk-screen deal. These shirts are 100% pure cotton (Beefy T's) and never shrink or get lame after a year. You too can proudly wear this elite shirt on your pestilent back and show people your stylish ways. These shirts are created using digital offset and custom transparencies that are heat-pressed onto the shirt. The ink melts *into* the shirt, not *on top* of the shirt, and the color *never* bleeds or fades (unless you don't know how to wash clothes). "Okay okay, but what do they say?" Well I'm glad you asked. These are minimalists t-shirts, as in, they don't say much. On the front it reads in large black print: r00t (witty, eh?) and on the back it reads: (on the very top)- "we're all idiots." - including the quotes. (on the very bottom)- "but we own you." - also in quotes. You have two choices of shirt color: white and beige. If you are familiar with this process, you understand why we can't print onto black t-shirts. If you aren't, try getting a clue. The shirt sizes come in medium, large, and xtra large. These shirts shrink only a LITTLE bit after a wash. So if you're a regular guy (ie: not fat), you should consider getting a large. As for cost: If you are not a r00t member (chances are, you're not. And don't ask to join either), the cost is TEN bucks. Money order or *CONCEALED* cash. No checks, no credit cards, no bullshit. If you *are* a r00t member then the cost is 6 bucks. This is exact cost of the t-shirts (4 bucks) and the transfer (2 bucks). Shipping: one dollar. Mail to: Red Dye/r00t 5 Greenview Avenue Princeton, NJ 08540 Money orders payable to Alex Swain. Dig? Give two weeks to get your shirt. There are VERY limited supplies of these shirts. I suggest emailing me prior to sending away for one. t3@escape.com. And if you think it couldn't get more elite. Tsutomu Shimomura hates us. === the r00t collective === "makin' shit stupid for a while now." t3 1996 ****************************************************************************** r00t the r00t machines will be up within the next 1.5 months.. Only the elite members of r00t will have accounts on it.. r00t will have an ftp site..a mailing list..and a web site.. ****************************************************************************** r00t is r00tin and t00tin our way through the year of 1996 with good microbrew, active libido, and idiotic self determinism and motivation. Just read what our "supporters" have to say: Date: Sat, 3 Feb 1996 00:00:03 -0500 (EST) From: Tsutomu Shimomura To: t3@escape.com Subject: rude and disrespectful t3: your group "r00t" and your attempts at accessing our systems have provided successful several times. I acknowledge your groups skills but I would like you to realize that what you are doing is illegal. You have pointed out several (trivial) weak points in tigerfish, and I have since fixed and secure them. This is a formal warning to you: If you should choose to work your way into my systems again, you will not be receiving email from me. You will be receiving a call from the FBI. I'm sure you're familiar with them. .Tsutomu * * * Feb 12, 1996 For Public Release r00t Announces Involvement with IRA On Monday, infamous hacking and computer terrorism group "r00t" announced it's envolvement with Sinn Fein, the political party of the Irish Republican Army. In an interview Monday, spokesperson Ypcat said, "They are good at fighting a conventional battle, but they needed us for a different kind of war." Ypcat, known only by his handle, went on to say that r00t was 100% devoted to the IRA's battle for freedom. "We will do anything in our vast power to put the brittish back where they belong, and keep them out of where they don't.", says Ypcat. In Washington, the Department of Defense reports that it is not yet ready to respond to electronic warfare assaults. According to Kevin Bacon, DoD spokesman, U.S. forces have just begun planning data warfare units, but these units aren't due to be manned until the year 2003. Meanwhile, United Kingdom network providers report increasing problems maintaining network connectivity. "We feel it is sunspot activity," remarked one systems administrator, "There's no way anyone can hack our network." r00t officials maintain that they are indeed responsible for the United Kingdom's network troubles, and Ypcat warns that, "this is just the tip of the iceberg." AP * * * Digital Systems security advisory: November 27, 1995 08:14:00 This is an interoffice memo meant for distribution to only those authorized engineers and security techs. for the B division. Roger C. Sykes (roger@ds1.diderot.digital.com) Hackers identified as "slick, buttery ones" have managed to enter through our dt8 gateway (our primary firewall) by using an old, outdated method of ip fragmentation called Tiny Fragmentation. Please refer to memo A-8B72 for further information on this method. These hackers while connected erased a great deal of information, primarly from the /tmp directory. Proprietary source was not taken but a few copies of our Netscape multi-license contract were ftp'd back to a host at: digital-gw1.pa-x.dec.com (204.123.0.241). This is obviously our gateway. Upon further investigation we noticed that they had compromised root on the gateway machine by using an (unknown to us) rlogin bug. However, we contacted CERT and they sent us the proper patch to fix this. These intruders, known as the group "r00t" were using our gateway as a trusted machine to violate other hosts. As a security precaution we have closed off all of our outside connections past our firewall-1 (.38) until we have analyzed and patched these holes. Dan Risco will be heading this investigation. If you should find any bizarre activity on your system, please notify him (danr@digital.com) or by pager by emergency (xxx-xxx-xxxx). As for this group, we have heard that these intruders are not a malicious group, so much as a group that likes to, as they put it, "play". The following is an example of their tactics we have monitored on hobbes and delilah from Friday (18:42) to Sunday (21:08): ~ > ò > format c: format: Command not found. > format c:\ ? help format: Command not found. > format c:\*.* format: No match. > rm c:\*.* rm: No match. > delete c:\*.* rm: No match. > > whoami root > ps PID TT STAT TIME COMMAND 27931 qf IWs 0:00.48 -tcsh (tcsh) 27949 sb IWs 0:00.26 octopus 204.123.0.241 25 28022 sb IWs 0:00.26 octopus 204.123.0.241 25 28121 sb IWs 0:00.26 octopus 204.123.0.241 113 28142 sb IWs 0:00.26 octopus 204.123.0.241 6665 28145 sb IWs 0:00.26 octopus 204.123.0.241 80 28167 sb IWs 0:00.26 octopus 204.123.0.241 19 28176 sb IWs 0:00.26 octopus 204.123.0.241 514 28195 sb IWs 0:00.26 octopus 204.123.0.241 513 28247 sb IWs 0:00.26 octopus 204.123.0.241 23 > talk tsutomu@sdsc.edu [No connection yet] [Your party is not logged on] > whois takedown.com The Takedown Project (TAKENDOWN-DOM) P.O. Box 85608 San Diego, CA 92138 Domain Name: TAKEDOWN.COM Administrative Contact: Sum, Dum, Gook (TS260) tsutomu@SDSC.EDU (619) 534-5050 Technical Contact, Zone Contact: American Regional Providers Association (ARPA-HM) hostmaster@arpa.net (619) 534-5050 Record last updated on 09-Feb-95. Record created on 19-Jan-95. Domain servers in listed order: NS0.ARPA.NET 198.17.46.77 198.17.47.77 NOC.CERF.NET 192.153.156.22 WERD.UP.SLICK.NET 127.0.0.1 > goodbye goodbye: Command not found. > bye bye: Command not found. > byebye byebye: Command not found. > exit Connection closed by foreign host. [end] For now our machines are secure. We have commented out the telnet port (23) on every machine. Therefore there is absolutely NO way they can enter back in. Granted, this is a hard workaround for us, but if we all work together, we should be able to solve this quite quickly. Roger C. Sykes (roger@ds1.diderot.digital.com) November 27, 1995 certification: AE H0 A2 EA 0B 1C LeechDate