Update: The message announcing Milw0rm's shutdown has been removed from the website. Submissions seem to have also been reopened. It is not yet clear if str0ke decided to continue alone, if he got assistance with reviewing exploits or if someone else took over the maintenance tasks entirely.
One of the major sources of proof of concept (PoC) exploits on the Internet, milw0rm.com, will be closing down. The website's maintainer, str0ke, announces that he can't commit anymore to reviewing exploits submitted by third-parties, in a timely manner.
While this is sad news for people familiar with the exploit release scene, as well as a fair amount of script kiddies by some accounts, it might not mean much for the uninitiated without some background history.
Milw0rm was originally the name of a group of hackers with members from various parts around the globe that communicated with each other over IRC (Internet Relay Chat). The outfit went on to achieve international fame after it took credit for compromising the computer network of India's Bhabha Atomic Research Centre (BARC) in Bombay and gaining administrative access (root) on multiple systems during the night of June 3, 1998.
The hackers walked off with confidential emails and classified documents about nuclear tests, amounting to around five megabytes. The first news outlet to break out the
story at the time was Wired, which the collective contacted with proof of their feat.
The reasons behind the attack were mostly political in nature. The group's members, who were still teenagers at the time, wanted to show their disapproval over the development and testing of atomic weapons, making this pretty clear by defacing the BARC home page and
posting pacifist messages.
"I like the world in its current state (i guess), well its better than the world would be if the b0mb went b00m. think about it k1dz, its not clever, its not big, so don't think destruction is cool, coz its not […] So India, LISTEN TO WISE OLD MILWORM ... You do not need nuclear weapons in the 1990s!#@!" a part of the message, which was signed by JF, VeNoMouS, Hamst0r, Keystroke, savec0re and ExtreemUK, read.
The group disbanded soon after this high-profile hack, or at least its members stopped being hacktivists. Several years later, in 2004, Keystroke, who is, today, better known as str0ke, went on to set up milw0rm.com as a place to publish PoC exploits, with the consent of some of his former comrades.
In order to ensure a high quality for the published content, str0ke personally verified and tested all exploits submitted by other hackers, something that, unfortunately, he can no longer do. "Well, this is my goodbye header for milw0rm. I wish I had the time I did in the past to post exploits, I just don't," a message from str0ke displayed on the home page reads.
He goes on to explain that, "For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn't fair to the authors on this site." Finally, the hacker extends his thanks to everyone who contributed to the website. "I appreciate and thank everyone for their support in the past. Be safe, /str0ke," he signs off.
The footer on milw0rm now informs visitors that, "Submissions are closed."
We will return with more information when/if it becomes available.
