HACKING &
CRACKING 
used to obtain I.D. theft info

this page created 2002 Dec 11
updated 2003 Nov 13
further updated 2006 Jan 30
further updated 2007 Nov 13

VIDEO # 1

notes from the TLC video 
"Hackers, Outlaws & Angels"
 
.
This page is prepared by Prof. Tim Richardson for his students.

.
 
The White Hats
. The 2002  video opens with a tour of, and interview of key personnel in the ISS Global Threat Operations Center .
.
http://www.iss.net/about/
ISS Global Threat Operations Center
ISS is a private company with academic and government links
Internet Security Systems
The ISS Global Threat Operations Center is located at ISS headquarters in Atlanta, Georgia,.
.
 
The Black Hats
. The video mentions a former black hat hacker, Ian Murphy who went by the name "Captain Zap".
.
Murphy targeted the giant telephone company AT&T. By using a number of technical and non-technical techniques (such as recovering manuals from dumpsters) , he changed the clocks on the telephone system computers to give everyone free long distance calls. Millions of people saved money and they didn't even know it, till AT&T sent out the next monthly bills. According to Wired Magazine it was the top hack ever.
.
 
Tiger Teams
. The term "Tiger Teams" is used in IT security to describe people who try to break into a network, then tell the system administrator how they did it so they can protect themselves from that vulnerability. Sometimes the team attacks without the "defenders" being alerted in advance.

Actually, FYI, "Tiger Teams" is an old term used in the military in the 1970's

check  www.securitypanel.org/glossary.html#T  to see a glossary that explains well the term Tiger Teams

.
From  www.ctrl-c.liu.se/~ingvar/jargon/t.html we see the following explanation

"Originally, a team whose purpose is to penetrate security, and thus test security measures. These people are paid professionals who do hacker-type tricks, e.g., leave cardboard signs saying "bomb" in critical defense installations, hand-lettered notes saying "Your codebooks have been stolen" (they usually haven't been) inside safes, etc. After a successful penetration, some high-ranking security type shows up the next morning for a `security review' and finds the sign,  note, etc., and all hell breaks loose. Serious successes of tiger teams sometimes lead to early retirement for base commanders and security officers,.

.
Social Engineering
see also  witiger.com/ecommerce/SocialEngineering.htm
 
Black Hats
Tricks

Social
Engineering
 
 
 
 
 
 

Black Hats
Tricks

Social
Engineering

. In the video it mentioned how a person is hired to break in to the company's system. This person then makes phone calls to company employees [pretending to be from the IT dept.,] and solicits them to reveal confidential information through trickery.

Many hackers use "social engineering", instead of technical methods, to determine the userids and passwords from which they can then penetrate a network. Social Engineering is an expression used to simply mean tricking people, through lies, into giving you secret information under false pretenses.

.
"Social engineering is hacker jargon for getting needed information (for example, a password) from a person rather than breaking into a system. Psychological subversion is Thunder's term for using social engineering over an extended period of time to maintain a continuing stream of information and help from unsuspecting users."
This link below explains at length the variations on social engineering techniques
http://packetstorm.decepticons.org/docs/social-engineering/soc_eng2.html

http://packetstorm.decepticons.org/docs/social-engineering/soc_eng2.html

.
 
Black Hats
Tricks

Social
Engineering
 
 
 
 
 
 

Black Hats
Tricks

Social
Engineering

. Social Engineering, as a term, has broadened to also include the process where an attacking entity promises to give out free things [porn site passwords, anti-virus software, etc.] and in the process of obtaining the free password, you are tricked in to loading a virus on your computer, or a dialer program that will log you into a phonecall long distance, etc.

CERT has been making people aware that social engineering is now used to compromise IRC

.
"The enticements of pornography, free software and security -- otherwise known as "social engineering" -- that have been common among  e-mail-borne computer viruses now have spread to instant messaging (IM) and Internet Relay Chat (IRC), according to CERT, a federally  funded security center based at the Software Engineering Institute of Carnegie Mellon University.  CERT said it has received reports that "tens of thousands of systems have recently been compromised" using "social engineering attacks" via IRC or instant messaging. 

 The attacks attempt to trick Internet chat users into downloading what purports to be antivirus protection, improved music downloads or  pornography but is actually malicious code, the center reported.   While use of social engineering among virus writers and hackers is nothing new, the IRC and IM tricks have allowed thousands of computers to be taken over and used in distributed denial-of-service (DDoS) attacks or infected with Trojan horse or backdoor programs, according to  CERT."

"... another trend in social engineering with IRC networks involves picking out individuals, spamming them with unsolicited messages, then offering a bogus spam solution that is actually malicious code."
http://www.newsfactor.com/perl/printer/16870/

.
 
Social
Engineering

an example

An example of a "social engineering" attempt on one of your fellow students.
Social Engineering

In the 4th week of January 2006, I received the following email from one of my UTM students in MGD415.

She said
"On Friday, I received a phone call from an employment company that I know of. The representative on the phone kept asking me questions like where you live, what is your occupation and asked me for my SIN #.  I gave her my number, but didn’t know the exact order of the numbers. I responded, “I don’t know the numbers” and she was like “well go check please.” Then, I thought, why is she asking me all this, when I have a file with them! I hung up.

This company probably didn’t exist, but just used a popular name.  Such things like this are scary because you think you’re talking to the right person, but then things get a bit fishy later.  Information needs to be confidential and secured.  Isn’t this an example of information intelligence? – trying to steal peoples information!"

Yes, it is a good example, you should always be circumspect and suspicious when people ask you to clarify information they are already supposed to have on file.
 

.
Info War
. The threat of an "info war" is real and has already happened on a low scale with Serbian hackers attacking U.S. gov't sites during the war in Kosovo and Chinese university students launching the Code Red worm virus on the occasion of the incident involving a U.S. spy plane and a Chinese fighter pilot in 2001..
.
Chris Roland
XForce Internet Intelligence discusses Info War

Bob Ayers
former Defense Dept employee discusses how hackers tried to obtain secret information about the Stealth Bomber.

.
War Drive
exposing vulnerabilities in wireless networks
a variety of government departments use wireless networks and are vulnerable to hackers on the outside
"war drive" is slang expression for an electronic fishing expedition looking for vulnerable wireless networds
.
witiger.com
  CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
.
  MISTAKES I TEXTS USED I IMAGES I RANK I DISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I PUBLICATIONSfor those On The Level who believe in faith, hope and charity
.

.