“The internet is ours, and it is adorable,” said hackers going by the name of masspoem4u who managed to insert a poem into millions of web servers’ logs shortly before the new year.
The poem spelled out a loving invitation to soggy existential doom, but in a very sweet, Zen-like manner.
Here’s how it starts:
DELETE your logs. Delete your installations. Wipe everything clean, Walk out into the path of cherry blossom trees and let your motherboard feel the stones.
The hackers were able to insert the message because the poem is actually an HTTP request – a command in the language used by web browsers to browse the web.
Web servers are generally configured to record the commands they receive and in this case, as far as the servers were concerned, they got a command asking them to DELETE a very long URL (the URL is everything from your logs… onwards).
According to Motherboard’s Joseph Cox, who managed to communicate over encrypted email with whomever’s behind the stunt, masspoem4u claims that the poem potentially reached tens of millions of machines.
Its origination was an IP address associated with the 32nd Chaos Communication Congress, an annual arts, politics and security festival held in Hamburg, Germany.
I woke up this morning and found this lovely message from a CCC IP address in my server logs. pic.twitter.com/ceHJS1MqGb
— Nex ~ Claudio (@botherder) December 30, 2015
masspoem4u reportedly showered the public internet with the poem as the poet jinksters tried to hit all possible IP addresses.
Motherboard quotes masspoem4u:
One of our goals was to place something beautiful in an unexpected place, nestling a little poetic message amongst repetitive server access logs. We were very happy to hear that many people got a smile out of it!
The poem continues:
Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you.
We know you're out there, beeping in the hollow server room, lights blinking, never sleeping.
We know that you are ready and waiting. Join us.
Masspoem4u credited the Chaos Computer Congress’s NOC (network operations centre) team for “providing such great connectivity” for the mass, bandwidth-intensive prank and for “encouraging playful experimentation.”
They told Motherboard that they’re long-time fans, first-time participants of the Congress this year.
To flood the internet with the poem, masspoem4u used a tool called “masscan” that one of its creators, Robert Graham, demonstrated at Defcon in 2014.
Masscan is a TCP port scanner that can scan the entire internet in under 5 minutes.
According to Motherboard, Graham suggested including a friendly message along with scans, to prevent spooking system administrators with what might look like a malicious attack.
Masspoem4u’s friendly message was the poem. They would have made it even more cuddly if possible, they told Motherboard:
If we could have covered our message in cute animal stickers, we probably would have, but sadly the HTTP standard does not support this feature.
All these “tiny postcards flying across the net,” without the benefit of centralized services such as Twitter, are one example of why the internet should be “free and decentralized,” the hackers said.
We laughed, but we wouldn’t be doing our job if we didn’t do some finger wagging too because this particular “tiny postcard” was delivered on the back of a DELETE command and that got us tutting.
The senders would have known that most servers wouldn’t honour a DELETE command and any that did would only go as far as trying to delete a file with a name that matched the entire contents of their poem.
Assuming the servers that received the postcards were all correctly configured (and that’s a big assumption if you’re trying to talk to many millions of servers) there’s no harm done.
It is extremely unlikely that this particular DELETE command would have done any damage at all but it’s still a misuse of a potentially destructive operation.
We suggest you don’t GET, POST, PUT or DELETE unless you mean it.