OWNED: Why hacking continues to be a problem

OWNED: WHY HACKING CONTINUES TO BE A PROBLEM

by

Mister Reiner

SMASHWORDS EDITION

1.00

* * * * *

PUBLISHED BY:

Mister Reiner at Smashwords

OWNED: Why hacking continues to be a problem

Copyright © 2010 by Mister Reiner

All rights reserved. Prior written consent must be obtained from the publisher of this book in order to use or reproduce any portion of this book.

Smashwords Edition, License Notes

This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each person. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com and purchase your own copy. Thank you for respecting the hard work of this author.

* * * * *

Table of Contents

CHAPTER 1: Introduction

CHAPTER 2: The Standard Security Template

CHAPTER 3: Let’s talk a bit about Chapter 2

CHAPTER 4: Hacking 101 – An Introduction

CHAPTER 5: Hacking 201 – Getting more technical

CHAPTER 6: The Hacker’s Edge

CHAPTER 7: Know Thy Enemy

CHAPTER 8: Advanced Recon

CHAPTER 9: Smart Trojans and Sleepers

CHAPTER 10: Intrusion Detection - Do you see what I see?

CHAPTER 11: Final Words

* * * * *

CHAPTER 1

Introduction

Despite all the money, time and effort spent on computer security these days, hackers continue to be a scourge on society. Stories about stolen credit card numbers, identify theft, industrial espionage, and unauthorized access into financial, government and military networks, quickly turn into major news across the planet.

One would think that the computer industry, after more than 15 years of developing computer security products, would have figured out how to stop hackers in their tracks. Unfortunately, this is not the case.

Unlike what most people are led to believe, the hacking problem is not just about hackers and those security vulnerabilities which are constantly being announced by computer vendors. What I and many computer security professionals know, is that there are serious shortcomings in computing and security technologies, and in the people who develop, implement and use the technology, thus making it possible for hackers to break into what are perceived to be secure networks and computers.

If you are skeptical at this point, I do not blame you. Until I came across my first professional hacker, I was convinced that the hundreds of thousands of dollars worth of computer security technology that the company I worked for purchased, actually worked. Like many companies, our management bought into the glossy product marketing brochures and slick presentations made by computer security salespeople, and believed that our computers would be safe. I was sold on the technology as well, until an incident occurred that changed my mind about how well our computers were actually protected against hackers.

In 2001, I managed a department responsible for overseeing computer security for a large organization. The organization had more than 10,000 computers, spread across nine locations, spanning three time zones. Our two main responsibilities were to notify system administrators about new security patches and to make sure everyone addressed security vulnerabilities detected by the vulnerability scanner.

One Monday after lunch, a local system administrator came to me with a problem. While he was logged into one of the severs at a remote data center, something briefly flashed across the screen that led him to believe that his server was hacked. Since my department was not responsible for computer incident response (investigating potential unauthorized access), I directed him across the hall to the department that was responsible for dealing with such matters. He came back a few hours later with a blank look on his face.

So what did they say? I asked.

They don’t see anything, he said disappointingly.

They don’t see anything?

All the patches are applied, the anti-virus is up-to-date, there is nothing unusual running on the box and there is nothing in the logs files. They don’t see anything in the network intrusion detection logs either.

Are they sure? I questioned in disbelief. Is that it?

That’s it, he said. He shrugged his shoulders and walked away.

I went home that night quite unconvinced that nothing was wrong. After dinner, I started doing research on the Internet about what the troubled local system administrator said he saw flash across the screen. I wanted to figure out if I could prove that the server indeed was hacked. A few hours later, I stumbled across something that caught my attention. I drove back to the office and called the data center manager where the server was located. I asked her to search the file system for a file containing a certain keyword - and sure enough, a file was found containing that keyword.

At 11:00pm that night, I called in my boss, who called in his boss, who called in the head of our division.

The server is hacked, I told them. The guys across the hall don’t think so, but I can assure you it’s hacked.

Okay, the division head said. Do you know how they broke into the server?

Well, no - but if you give me a few days, I can prove it.

Alright then, you have a few days to prove it.

Over the next three days, I worked around the clock to prove that the server was hacked. Using some in-house written applications, I started analyzing the server network activity logs back through time. In the process, I found indications that two desktops were also hacked. I still did not know how any of the three computers were hacked, but I was determined to figure out how the hacker was able to get into these systems.

On Thursday night at 9:00pm, I stumbled upon an important clue that led me to what I needed to prove that the systems were hacked. An email was sent to both users of the hacked desktops and the network activity showed that some time thereafter, both computers uploaded information to some obscure looking Website that neither user would ever visit. The hacked server was initiating communication to this Website as well. A few phone calls and an hour later, I had a copy of the email.

Before inspecting the email, I transferred it to a spare computer. I then proceeded to open the email and figure out how it worked. The email contained an attachment, which contained some cryptic looking programming instructions including some type of weird decoding sequence. I got the instructions to run, but then it just stopped after a few seconds and did not seem to actually do anything.

At 4:00am on Friday morning, my boss, the computer incident response department head and our data center manager were looking over my shoulder as I was tinkering with the instructions.

I think you’re just imagining all of this, our data center manager said. I think what you’re looking at doesn’t contain any malicious code and we’re all just standing around here wasting our time.

I was furious. At that point, the thought of just giving up crossed my mind.

My boss pulled me aside and said, I believe you. You just have to prove it. I know you can do this.

I was incredibly tired, my nerves were on edge and I couldn’t focus my attention. I was so close to figuring things out and yet so far. Extremely frustrated, I walked back to my desk and sat down. I put on the headphones that were plugged into my computer, cranked up the volume on the techno music CD that was playing, leaned back in the seat and closed my eyes. After a few minutes, with the music pulsating in my ears, an idea came to mind.

I opened the attachment, modified the instructions to skip the decoding sequence and restarted the instructions. To everyone’s astonishment, the attachment proceeded to hack the computer and transmit information out of the network.

After receiving a congratulatory handshake from my boss, I went home to sleep. By the time I returned to the office a few hours later, others had already confirmed that the server and both desktops were indeed hacked.

During the days following the incident, I began to piece together how and why the hacker was able to bypass all the security measures. In the process, it dawned on me that I really did not know as much as I thought I did about computer security and hacking. After that realization, I became obsessed with understanding everything I could about how and why hackers are able to break into secured computers and remain undetected.

Since that incident, I have been doing extensive research on computer and network forensics, studying security vulnerabilities and hacker exploits, scrutinizing security products, performing risk assessments, and analyzing stories about hackers in the media. This book is the accumulation of the knowledge I have gained in my quest to fully understand computer security and hacking.

What I know now, is that it is not possible to keep someone who is determined to break into a computer from breaking into a computer. The old adage, If people really want to steal your car, they are going to steal your car – no matter what you do, also applies to breaking into computers. Though it is possible to install all types of security hardware and software, these security measures may only slow hackers down – not necessarily stop them. Ask computer security professionals and