Sunday, June 13, 2010

Deatail for hacking a computer system

Hacking a computer system

A few requisites

Surprisingly enough there is no distinct profile of a hacker. He or she comes from all creeds and breeds, old or young. Some see it as a sport: 'the tinkerers'. Others just want to get to the goodies, some are spies, some are just out to destroy the system, some are even anarchists, and some are pacifists trying to save the world and not to forget some are professionals unveiling the weaknesses of a particular system. They are rich, poor, wealthy, upper or lower class, blue color or white color, smart or just lucky. Hark! Computing does not make a difference.
But, when they are pursuing it, they all WILL find a way to gain access into company, government or other computer systems.

Since not all humans are evenly smart and intelligent there are various types of hackers and methods to gain access to computers.

What would you need and need to know whilst to be or becoming a hacker that wants to hack a computer:

  • You need to create your own special password crack program, dial in simulators, firewall penetrators, worm "alike" assault mechanisms, listeners, decoding or decrypting engines,
  • Need good practical knowledge of C, machine language and at least some Awk or Sed, VI when going for the big irons,
  • Know how to handle Artificial Intelligence,
  • How knowbots and search agents work and be able to create one,
  • Need a good knowledge on TCP/IP mechanisms and other stuff comprising network protocols,
  • How to get into PBX or other phone switch components,
  • Would need to gain knowledge about the computersystem that wants to be hacked,
  • Good to excellent knowledge about the operating system you are likely to encounter,
  • Have knowledge about network layouts and system architecture of the system to be hacked,
  • Need to understand the security measures in various breeds of security levels,
  • How to make use of backdoors,
  • Have a good grasp of likely and possible flaws or leaks in firewalls, routers and access server software,
  • Must know how to cover their traces (e.g. by masking their presence on the net or computer's logfiles),
  • Be VERY VERY secretive and know when to go for cover,
  • Time must be abundant,
  • the list goes on and on...

Now you should understand why companies want to hire a caught hacker: he or she knows it all!

Also you will understand that to be or become a fairly successful computer hacker you have to be a knowledgeable, intelligent and persistent entity. When you never want to be caught you have to be crazy and genius at the same time. And you will never read this page on hacking.

-o0o-

But to get there means doing it. And how to achieve a hack depends on the complexity of the system, the level of security, the intelligence of the hacker and above all its persistence. And a combination of all of the above.

Generalizing there are three large contingents of hackers.

The hardworking, knowledgeable and intelligent one

  • These persons are the most secretive and intelligent persons and hacking is not a hobby but a convocation
  • They design their own software, borrowing means to give away your identity
  • Build sometimes there own hardware that switch between PBX's with difficult to trace marks
  • Know their way around in networks and play with it as if it are toys
  • Are mostly not a member of any group
  • They know very well how to hide what they have done
  • Are never heard of or they get arrested and convicted under false pretense as to cover the real reason, but would be waited for at the prisons gate by representatives of the same company they hacked
  • Or just rot away in a prison or psychiatric institution and only come out when old and useless or crazy as a door
  • Have a bit of luck not being caught

The hardworking persisting one

  • These types use a mixture of tools, either made by group members or designed by themselves
  • There is fair knowledge about operating systems and computing networks
  • Most of the time this type of hacker is member of a hacker's group or so you want organization
  • Some are working with temporary loose clusters of individuals acting together for a hack
  • There are inner circle 'manuals'
  • Use information via the Internet of other channels, not much pure individual work is done
  • Have a lot of luck not being caught

The easy ones

  • Use somebody else's dictionary or programs to generate passwords
  • Use a list of often used usernames (e.g. admin)
  • Have a list of easy to hack systems
  • Have a hacker's "cookbook" to gain access (tips and tricks)
  • Don't bother about leaving traces
  • Be member of a hacker's ring and exchange information freely
  • Have all the world's luck of not being caught

Actually to make a hack the need for hardware or software is modest. All you need is a connection to the Internet, or have a modem of various types (synchronous, asynchronous) or a connection via cable or an existing network. Plenty of time and some intelligence and luck. And to no much surprise you will be in business before you know it.

This all sounds very optimistic, but be aware that:

IT IS WAR OUT THERE !

As soon as you enter the arena the cyber-war is going to be between the guardians and you. So don't tell us you weren't warned! There are only a very few success stories. And of course economic interest grow larger by the day, companies will try to protect their products more and more aggressive, especially the music industry.

-o0o-

The latter years of the 1990's various government bodies established what has become known as cyber cops.

The FBI, KGB, CIA, MI5, Interpol, United Nations, various secret services of all governments, anarchistic movements, terrorists fractions, police organizations all have their special cyber forces.
Most governments are overreacting in their law making attempts to secure the networks and attached computers. Mainly because of 'what you don't know you fight'. But also: what might be expected of a politician that heard the term hacking for the first time when attending a meeting on that subject to pass a law. Just imagine, by the time the law is passed the technology has again leaped forward to make the law redundant by the time it gets approved. Or what becomes more and more the reality producers of audio visual products try to clamp down on relatively innocent attempts to circumvent copy protection schemes, some are not so innocent agreed. But again the industry is overreacting as was the case in the late 1980's. Millions of dollars were spent in protecting software but by the time the software reached the market hackers broke the code. The difference now is that the industry is trying to stamp down on the creators of anti copy protection software like dropping an atomic bomb on an anthill.

But protection schemes and the technology behind it becomes much more complicated every day. It is therefore no wonder that corporations and other agencies turn to specialized persons or businesses that specialize in that type of security. From the end of the 20th century that industry is booming: cyber security. There is little to tell about these companies of organizations. For obvious reasons: there is little known. History has just begun.

-o0o-

Hackers Chronology(3)

1878

http://www.thocp.net/images/pointer.gifLess than two years after Alexander's Graham Bell's telephone system went into operation a group of unauthorized teenagers were thrown off the network.

1960

http://www.thocp.net/images/pointer.gifEarly mainframes at MIT were used by 'original' hackers to develop skills and explore the potential of computing. 'Hacker' was, at that time a complimentary term for users with exceptional knowledge of computing

1971


1976

'Freedom of Information contra security by obscurity'


Two homebrew computer club members Steve jobs and Steve Wozniak launch so called blue boxes which can be used to hack into phone systems.

1983

http://www.thocp.net/images/pointer.gifFirst arrest of hackers as FBI clamps down on 414 group after it hacked in to the Los Alamo research center


http://www.thocp.net/images/pointer.gifThe movie war games is released, shaping public perception of hackers and glamorizing the hacker

http://www.thocp.net/images/pointer.gifPlovernet BBS (Bulletin Board System) was a powerful East Coast pirate board that operated in both New York and Florida.

Owned and operated by teenage hacker 'Quasi Moto', Plovernet attracted five hundred eager users. The actual Legion of Doom bulletin board was quite ahead of its time. It was one of the first "Invitation-only" hacking based BBSes; it was the first BBS with security that caused the system to remain idle until a primary password was entered; and it was the first hacking BBS to deal with many subjects in close detail, such as trashing and social engineering. This BBS was so heavily trafficked, that a major long distance company began blocking all calls to its number (516-935-2481).(7) Eric Corley ('Emmanuel Goldstein') was one-time co-sysop of Plovernet, along with 'Lex Luthor', who will found the phreaker/hacker group, Legion of Doom.(6)

1984

http://www.thocp.net/images/pointer.gif

Quarterly publication 2600 (named after the frequency of John Draper's whistle) is founded, providing a platform for hackers and phreakers (phone hackers)

Two hacker groups form this year:

The Legion of Doom in the United States founded by the hacker .a.k.a. Lex Luthor to educate new generations of hackers.

And the Chaos Computer Club in Germany.

In one of the first arrests of hackers, the FBI busts the Milwaukee-based 414s (named after the local area code) after members are accused of 60 computer break-ins ranging from Memorial Sloan-Kettering Cancer Center to Los Alamos National Laboratory.

Comprehensive Crime Control Act gives Secret Service jurisdiction over credit card and computer fraud.

1986

January; Legion of Doom/H member Loyd Blankenship ('The Mentor') is arrested. He publishes a now-famous treatise that comes to be known as the Hacker's Manifesto. (6)


1987

Seventeen year old Herbert Zinn is arrested in September after hacking AT&T's system for months. Experts say he was close to crashing the entire US phone network.(9)

First known MS-DOS virus 'Brain' is created. Investigators believe it is written by two brothers in Pakistan. It infected the boot sector of floppy disks

1988

(3)

Robart Morris crashes some 6000 computers across the ARPANET with his worm which he claimed is accidentally released.

CERT (Computer Emergency Response Team) is founded in response.

First anti virus software released by a code writer in Indonesia

1989

First known case of cyber espionage in Germany (west) allegedly the CHAOS computer club is involved.

Mentor releases the hacker manifesto Conscience of a hacker, which ends with the intriguing line: "You may stop the individual, but you can't stop us all."

1990

Freedom on the Internet advocacy group Electronic Frontier is launched

Sophisticated virus types such as polymorphic viruses ( which modifies themselves when they spread) and multipartite viruses (infecting multiple locations in the machine) appear.

First National Citybank of Chicago is relieved of 70 million US$ in the first acknowledged major computer bank hack.

Hacker Dark Dante, Kevin Lee Poulsen, is arrested after a 17-month search. He got hold of military secrets.

Mitnick and Shimomura lock horns

1993

The first Def Con hacking conference takes place in Las Vegas. The event was supposed to be a one-off-knees-up to bid good-bye to BBS's (outdated by the web), but was so popular it became an annual event.

Hackers hit US federal web sites, including the CIA, Department of Justice, NASA and the Air Force. This isn't popular with US officials. ;=)

1994

(3)
Vladimir Levin

Vladimir Levin, the legendary head of a Russian hacking ring, is believed to have masterminded a $10 million virtual holdup of Citybank. He is arrested in London a year later and extradited to the USA.

1995

US defense department suffers a quarter of a million hacks in one year.


Kevin Mitnick

Mitnick is arrested on suspicion of stealing 20,000 credit card numbers. He pleads guilty a year later.

(3)

The movie Hackers hits cinema screens, sparking more misconceptions about hackers' activities.

1998

Network Associates runs an anti-hacker advert during the Superbowl in the US. In it, two Soviet missile technicians blow up the world, unsure whether the orders came from Moscow or hackers.

Hackers claim to have cracked a military satellite system and threaten to sell secrets to terrorists

NIPC (National Infrastructure Protection Center) launched with multi million dollar funding.

Hacking group LOpht tell congress it could shut down the Internet in half an hour and calls for greater security.

1999

Massive year for Microsoft patches as hackers exploit Windows 1998 vulnerabilities. Birth of mainstream anti-hacking software.

2000

Denial of Service attacks cripple the net's biggest names.

(4)
Jon Johansen

Jon Johansen (Norway) co-authored with two other programmers who remained anonymous, a program called DeCSS and published it on the Internet.

The program decrypted DVD's so that DVD's could be run on a computer too. On Jan 23 he got arrested on the charge of hacking on to other's computers: by creating a program that enables people to watch (legally bought) DVD's on their own computers in stead of a stand alone DVD player. This time the case was not won by the Motion Picture Association because the E.U. law they were banking on was not yet implemented(8). A few years later in 2005 Jon Johanson will be acquitted by the justice department because European law explicitly allows reverse engineering when needed for interoperatibility.

2001

XP - 'the safest windows yet' - is cracked before launch

Benni Baermann posts his "eight thesis on liberation" on 27th of December. A statement that can be interpreted as opposition against commercial software and pro sharing of knowledge. All in the thru hackers philosophy.

2002

Microsoft Bill Gates launches Trustworthy computing. It soon appeared the the security leaks were as numerous as in all other Microsoft software.

ISP CloudNine was literally hacked to death because of massive DOS attacks. The company could no longer serve its customers and closed down its network. Customers are transferred to other ISP'S and the company goes broke.

-o0o-

Hacker movements

(Publicly known)

Chaos Computer Club 1989

The CCC (Chaos computer club) from Hamburg began around 1989 as a loose organization of hackers with modems.

They proved how good they were so people would be interested. They took over app. 75,000 US$ from the Hamburg's national savings bank but then they gave it all back the next day.
The Chaos Computer Club is also associated with cracking computer systems on assignment for the Russians.

Cult of the Dead Cow 1984

Quoting from their website:

Based in Lubbock, Texas, the CULT OF THE DEAD COW (cDc) is the most-accomplished and longest-running group in the computer underground. Founded in 1984 and widely considered to be the most elite people to ever walk the face of the earth, this think tank has been referred to as both "a bunch of sickos" (Geraldo Rivera) and "the sexiest group of computer hackers there ever was" (Jane Pratt, _Sassy_ and _Jane_ magazines). The cDc is a leading developer of Internet privacy and security tools, which are all free to the public. In addition, the cDc created the first electronic publication, which is still going strong.

Legion of Doom

The Legion of Doom (LOD) was an influential hacker group from the 1980s and 1990s.

It released the LOD Technical Journals. The Legion of Doom was founded by the hacker Lex Luthor to educate new generations of hackers on the Internet. The Legion of Doom split into two factions after Phiber Optik (a new member of LOD) was thrown out because of a feud with Erik Bloodaxe. Phiber Optik joined another group, the Masters of Deception as did some other former LOD members who opposed Erik Bloodaxe. The division of these two rival hacker factions led to the Great Hacker War, where both groups competed for prestige in the hacker community by gaining access to computer and telephone networks. The Legion of Doom disbanded in the early 1990s after Operation Sundevil and Operation Redux began the era of US Secret Service crackdowns on hacker groups.(5)

The group's wide ranging activities included diversion of telephone networks, copying proprietary information from companies and distributing hacking tutorials.

The group of individuals who made up the original Legion of Doom were: Lex Luthor, Karl Marx, Mark Tabas, Agrajag the Prolonged, King Blotto, Blue Archer, EBA, The Dragyn, Unknown Soldier (6)(7)

L0pht

New Hack City

Restricted Data Transmissions (RDT)

Soylent Communications

the Hasty Pastry

the Masters of Deception (MOD)

the USENIX Association

the Walnut Factory

The editors are convinced that there are a lot more active groups and would like to hear about them!

-o0o-

Books on Hacking, hackers and hacker's ethic:

an annotated bibliography

The page mentioned here only give the most publicized books. There are many other books to read about Hacking, encryption, cryptography, programming, system topologies etc. There are also quite a few movies to watch on the subject(1) which are clearly overly romanticized.

-o0o-

No comments:

Post a Comment