The hacker wants to force the company to patch up the vulnerabilities

Mar 19, 2012 13:41 GMT  ·  By

The hacker known as BlackJester claims that he managed to breach a number of servers owned by Qwest Communications International, one of the largest telecoms carrier in the United States.

BlackJester may be remembered as the hacker who personally went to a United Nations office and the US embassy to report vulnerabilities that exposed a couple of UN public websites to malicious operations.

Now he returns with another stunt. He gained unauthorized access to a Qwest server and plans to keep it hostage until the company contacts him. By this he wants to prove how easily accessible their servers are.

“What I have breached is a server that controls the server ‘under it’. It’s like with switches and routers. If u gain control on them u can control the rest. You cannot enter the network yet, but u can open a route to the network,” he told us.

BlackJester says that he turned off three of the servers in the morning of March 18. By shutting down the servers he also shut down “company networks and panels.”

“I wanted to try something called forced offline. I thought that it will be online and my session will be on and it will act like an offline server, but it appears not. They are off and only they are able to turn them back on manually. Until now they didn’t notice that” he explained.

“I got around 3, but there is around 10 or more. If u controlled one u can also make changes in the others because every one has under it many other servers.”

The curious thing about the situation is that the hacker doesn’t intend to cause any damage. Instead, he wants the company to contact him, so that he can help them patch up the vulnerabilities.

“I want to send them a message so that they know that they are in danger. Also, I want to warn them that anyone can reach US government servers through them,” the hacker added.

The screenshot he provided shows that he was logged in with administrator privileges to a host on qintra.com, a domain controlled by two domain name servers at qwest.net. He provided other information that allegedly proves that he gained access, but for security reasons we will not publish it.