Cooler than in Watch_dogs: Three real hacking stories

itpr Avatar

Brilliant programmers, system administrators and crackers exist not only in the works of William Gibson and Bruce Sterling. Ordinary people do not really trust computer botanists, but it is they who generate a Cyberpanka subculture around them, without which, you see, it would be very boring to live.

[[Videoid_11421]] no_desc [[/videoid_11421]]

Case No. 1: Terry Childs

The city is dozens of networks. The streets move one to another and are friends with intersections; the metro is extended by interconnected moves; The contents of sewer pipes from the city center and from its outskirts are found in effluents; Telephone wires keep in touch through the PBX; Traffic lights winch over to motorists, providing "green" avenues from one end of the city to the other. Take care of their work is a gigantic work, unbearable for a person, but a trifle business for his siliceous friend. And sometimes this friendship is stronger than the people themselves.

San Francisco-a large cultural, financial and technological center of the United States. Here in the late seventies, the focus of high technologies – Silicon Valley was laid, the soap bubble of dotcomes was born and grew up here, here in 1996 a strategic plan was adopted to introduce high technologies in the management of the city. It took ten years and some unsuccessful attempts to ensure that the Fiberwan system, which combined disparate networks of city service management, finally earned. The main architect of the project was someone Terry Childs , CISCO certified engineer for inter -grid technologies (at that time there were about sixteen thousand specialists in the world).

► Two weeks, the computer control system for this beautiful city was left without technical support.

Childs spent https://pyramid-spins-casino.co.uk/ five years on Fiberwan. Being the most advanced system administrator in the entire technological department of San Francisco (DTIS), he independently developed the principle of unification of networks, each of which was written at different times by different people on different technologies. Childs considered Fiberwan as a kind of art project (which is not surprising for Mecca of artists, designers and musicians) and even managed to get an author's patent for the architecture of his computer network.

As befits a genius, Childs held a low opinion about his colleagues. He did not trust anyone with the passwords from routers (the main nodes of city networks) and was actually the only system administrator for several hundred routers and servers. But remained in touch around the clock, without lunches and vacations. In DTIS itself, they looked through the fingers at this state of affairs: it makes no sense to repair what works. So it was until June 20, 2008, until a woman appeared in the Date Center of the Department.

► unsuccessful attempts to regain control of Fiberwan so angry Gina Pierrold that she collected a team that wrote a new system of organizing urban networks.

Gina Pierold I was also an engineer and a system administrator. Having successfully worked for three years on projects for the Ministry of Justice of California, she finally received a promotion and now as a system security manager was supposed to lead the direct management of the city network of San Francisco. And the first thing she took up the audit. Only now, no one reported Childs about this.

Sources describe that day as follows: having appeared in the Date Center, Childs found Pierrold there, who enthusiastically asked the Department of Fiberwan-about his, Childs, the system, about his Childs, brainchild, about his five years of continuous work. Terry Childs with his paranoid character took the lady as a threat. He pulled out a mobile phone and began to follow her on his heels, continuously photographing her and from time to time blocking the path. Gina Pierold had no choice but to lock himself in the office and call his boss. He contacted Childs and convinced him to leave the building.

► Gavin News, mayor of San Francisco, turned out to be the only person whom Childs trusted so much that he agreed to return virtual keys to the city.

Later, Childs said that Pierrold actually searched the boxes of his employees and even took a hard drive from one computer. But the authorities did not listen to their chief specialist and demanded to give out login and passwords from routers. Childs refused and was immediately removed from work. Three days later he was arrested, and the house and workplace were carefully searched. But the coveted piece of paper with passwords did not find.

Only two weeks after dismissal, when the mayor of San Francisco came to the camera himself in the camera, the passwords were in the hands of DTIS. Thirteen days the city did without technical support – knowing what could happen during this time? Lightning could hit the transformer, causing a short circuit and overload of systems; the hurricane could demolish the control tower, leaving important services without management; Any technogenic disaster, while Childs was behind bars, could deplete the city budget more effective than Godzilla and King Kong combined. What is funny, the largest damage to the city was done by Gina Pierrold herself: at the direction of her, all VPN services were forcibly changed passwords, because of which employees could not connect to the right networks for some time.

► Terry Childs sentenced to four years in prison and a fine of $ 1.5 million (of which $ 900,000 went to pay off accounts for the mayor's office to restore passwords).

Almost all the former chiefs of Childs, except for his boss from DTIS, spoke out in the spirit that Childs is a professional and zealot of his work. He would never have caused damage to his own system and would not have tried to benefit from his position, and that he has five modems at the workplace open to incoming calls and set up to bypassing security systems and a journal of events – well, this is normal for a round -the -clock system.

The main thing is what? The fact that Childs has everything under control. Was. But the city did not have.

Case No. 2: Kevin Mitnik

Sometimes, in order to gain access to information, you need to hack not a computer, but a person. A pleasant voice will convince the secretary, the manager – a confident tone, system administrator – excellent possession of terminology. Having at your disposal a pack of the most common communication patterns, you can get any information. And who owns information – he owns the world.

In the mid -nineties, when the theme of Haking and cyberspace was more fashionable than ever, an American became a central figure among crackers Kevin Mitnik. There are many legends about him, but he really made a series of dizzying feats, which now seem inconceivable to the layman: for example, Mitnik knew how to find out passwords, simply talking with strangers on the phone. Even when he studied at school and college, because of his acts in some states, new laws on unauthorized access to the computer were adopted.

► on the adventures of Kevin Mitnik, almost all involved managed to cash in: a journalist and one of the victims of the hacker wrote a book on which they immediately put a bad film.

[Bullet]], having served, Mitnik made up for the missed – he wrote two books about the art of social engineering, and his autobiography withstood several reprints and is still successfully sold.

Basically, Mitnik specialized in friking – interfering in the operation of automated telephone networks. He could secure a call to any part of the world at the expense of the company, put a telephone line on the wiretap, connect to any working computer, and with the advent of mobile phones, he learned to disguise himself under another subscriber of a cellular network. The “traditional” hacking took a lot of time: to gain access to the sources of operating systems or guidelines for the latest technologies, he used little -known holes in operating systems, installed backdors and home -made patches.

Here are a few characteristic excerpts from the autobiography of Kevin Mitnik "Ghost in the Web".

“The fundamental tactics were simple. Before dealing with social engineering with a specific purpose, you need to find out everything. Collect data on the company, how the specific department or official division works, what are its tasks, what information employees have access to. Find out the standard procedure for submitting requests to whom and where they are usually submitted, under what conditions the operator gives the desired information, as well as study the slang and terminology of the company ”.

“… Then I called the Van-Noyis police station, said that I was from DMV and compose a new database. “Your request code 36472?" – I am interested in. “No, 62883,” they answer me.

I understood: this technique is very often triggered. If you require any confidential data, people have suspicions. However, if you pretend that you already have such information, and give them obviously incorrect data, they simply correct you and thereby issue the necessary information ”.

► Now Mitnik has its own company, which is engaged in ethical khaking. In fact, this is the same as he did to prison, only legally and for money.

“By calling the company U. S. Leasing that I chose my goal, I asked me to connect me with a computer hall. I was convinced that I was saying with the system administrator, and said: “This is [the fictional name that came to my mind at that moment] from the DEC support service. We found a serious mistake in your version of RSTS/E. You can lose data ". This is a very powerful socio-engineering technique, because the fear of losing data is huge, and in front of his face, people without hesitation agree to cooperate with you.

[[Bullet]] Not every computer scientist in his life has been in the list of the most wanted citizens of the United States.

Having frightened the administrator quite strongly, I said: “We can correct your system without violating any serious work processes”. At this stage, the guy, and sometimes the girl, with joy and impatience gave me the call number and access to the accounting record of the system administrator. If I came across resistance, I immediately said: “Well, we will contact you by e -mail”. Then I moved to the next purpose ".

System administrator u. S. Leasing without any rear thoughts gave me a password for access to my account. I entered, created a new account for myself and added a special loophole (backdor) to the operating system: a program code that allows me to secretly enter the system at any time ".

The fundamental credo of Mitnik, like most hackers, was "do not harm". For the sake of his goal, he never substituted and did not deceive people (although he was more than once betrayed by his friend-hackers), did not sell the found, did not violate the established order of things. Having gained access to the system, he did not interfere in its performance – the hacker needed files, not chaos. After the first imprisonment in the colony for minors in 1981, Mitnik was supposed to indicate in the documents for liberation, which he plans to stop doing free. The young cracker wrote: "I will not engage in dark hacking". Unfortunately, this did not save him from the persecution of the FBI, accusations of multimillion -dollar damage and from several years in prison.

Case No. 3: Robert Morris

Curiosity can destroy the cat, deprive the nose or speed up the aging process. But without curiosity, we would still hunt mammoths and lived in caves. It is impossible to reject the temptation – a normal person will not calm down until he finds out why the apple falls, why the sun shines or, for example, how many computers are connected to the World Wide Web.

Robert Morris I did not want evil to anyone, which he repeatedly stated. Including in the appeal filed in court after he was found guilty of violating the law on computer fraud and causing damage to $ 53,000. The court believed in his good intentions, but since the Morrisa program used unauthorized access and holes in operating systems (he deliberately programmed it), nevertheless sentenced the author by a conditional time, several hundred hours of working out and a fine of $ 10,050. Such was the price of the question, the answer to which the freshman of the University of Cornelsky Robert Morris tried to find on November 2, 1988: how many computers are combined into the international Internet Internet?

► Having left the punishment, Robert Morris applied his skills in the right direction-he founded a company for the production of online stores and soon sold it for $ 48 million.

Morris's program was quite complicated, consisted of 99 lines of code and, if briefly, worked as follows: a small part of it (“clue”) could be launched on any version of UNIX. Once on the computer, the “clue” pumped two options for the main program, sharpened to the most popular versions of UNIX, and launched them in turn – if one does not work, then the second may work. In any case, after trying to launch, both files and traces of their stay in the system were deleted from the disk.

The Morris program successfully settled in my memory first of all checked whether there were copies on the computer (Morris allowed such an opportunity). If uniqueness was confirmed, the program gained the addresses of computers, logins and passwords, then examined in search of one of several Unix vulnerabilities known to Morris, allowing you to transfer the clue to the next computer using the addresses and user data. Further see. Clause 1.

[[Bullet]] Robert Morris-Sr. was probably very regretted that he did not well teach his son to program complex spy programs.

The program with such behavior is classified by experts as "worm". This name occurs from one fantastic story, but Morris was not the first to create such self-cutting travelers programs. And he had no problems, if in his desire for perfection he did not integrate the mechanism of protection against too vigilant computer scientists. When checking a copy, even if the answer was positive (it could just emulate an experienced system administrator), in one case, out of the seven “worm” still launched another process of studying the system. It is because of this, according to some estimates, 10% of computers connected to the network on November 2-3, 1988 were loaded so much that they caused an alarm from the world community of system administrators.

Morris could not find traces of Morris: nothing pointed to him in the sources, the “worm” itself did not contact his computer, and he was not launched in the campus of his native university, but in the bowels of the Massachusetts Technological. After the news of how destructive effect his program caused, Morris tried to explain to the system administrators how to get rid of the “worm”, but due to the overload of the networks, his message never reached. He was finally persuaded by the police by his father – a senior researcher at the NSA and, by the way, one of the developers of the same Unix operating system.

► Before entering the University of Cornell, Robert Morris graduated from Harvard with a degree in the humanities. Following the motto of this university, in his research, he was interested only in truth.

The Commission of the University of Cornell, which considered the case of Morris, summed up his statement:

“This is not just an act of penetration into a private territory, similar to wandering around someone else's house without permission (but also without intention to inflict damage). A more suitable analogy is to ride a golf car on a rainy day for others. The driver could lead the car carefully and not touch a single item, but the dirt from the wheels will still get on the carpets, and the owners of the houses will have to spend it pretty to be cleaned ”.

However, this did not stop Morris in just ten years to receive the position of professor of electromechanics and computer sciences at the Massachusetts Technological Institute.

Tagged in :

itpr Avatar

Leave a Reply

Your email address will not be published. Required fields are marked *

Alexa Liv

1.5M Followers

Check out our new font generatorand level up your social bios. Need more? Head over to Glyphy for all the fancy fonts and cool symbols you could ever imagine.