Thursday 15 December 2011

Other On-line Security Steps

In real life and detective fiction, the real enemies to a person's well being are patterns in that person's life. Having a regular schedule of activity may make life easier for you, but it also allows others to find you when you are trying to hide, and notice you when you are trying to remain inconspicuous.

As an example, consider the case of the oilman who would ask the system manager to mount tem-porary backup tapes every time he began a com-puting session. The oilman would then read from the tapes posted by the system manager before starting his work. The manager got suspicious fast: it was pretty evident that the
oilman was looking for data that others before him had backed-up onto those tapes. That industrial spy, like many other hackers and crackers, was caught because he followed a pattern.

Criminals (and hackers) like to formulate plans of action. But remember, any plan you conceive should have elements of randomness to it. Don't allow yourself to always call at a certain time, from the same workstations or telephones, because one day you will arrive at your favorite hacking loca-tion and find someone standing there with a pair of handcuffs.

Once I got a list of Social Security numbers from sitting in on a computer class on the first day: the professor handed around a sign-up sheet for stu-dents to list their name and number so that ac-counts could be made for them on the computer system. I waited until the accounts were made, then I had to go in and try them
out. But trying them all at one time would have been too suspi-cious. Instead, I tried a new one every few hours, a different name each time, so it would look as though different people were trying it out.

The system was secure in that it asked me to change my password upon first login. After doing so I was able to use the operating system's pass-word-changing command to go back to the Social Security number so the original user could get in.

But in each user's directory I left behind a hidden program that I could use for remote file viewing and playtime later on.

If you ever get into a situation where you can't change the password back to its original form, try re-entering the password as some variation on the Social Security number. For 123-45-6789 you might enter 123456789 or 123-45-6780 or 123-45- 67890, as if the typist's finger has slipped. If security precau-tions require a capital letter or something, use one that is close to the last digit in the ID.

It is equally important that your modus operandi change as you move from one hack to the next. As you know, once you're into a system you should do what you can to create a new account for yourself. But make sure you always use a different name and password, and make anything you input about your fictional persona as noncommittal as possible. It is a minor point, but one of the things investigators noticed when tracking down computer cracker Kevin Mitnick was that the words he used were often identifiable American vernacular, thus implying that he was in fact American (i.e., a spy from a Third World country probably wouldn't use the password "RENANDSTIMPY").



Security Logs

It is easy to get manufacturers of security prod-ucts to mail you everything you would ever want to know about the things they sell. Here I am con-cerned mostly with software which quietly moni-tors the activity on a system, audits the system re-sources for misuses and irregularities, and keeps a disk-based or printed log of
usage. Someone at the company takes a look at the log, then says to him-self, "Hey! Mr. Poultry has been logging on every night at three in the morning. That seems unusual... Better have a chat with him..." Suddenly you're in an unsafe position, and you never even knew it was coming.

From your research into a particular computer you are looking to hack, you will know which se-curity products are in force (by calling system op-erators feigning that you are a computer consult-ant, or by looking through the company's library of reference manuals). Get the descriptive literature from the manufacturer so you'll know what silent enemy you are up against.

Security logs - if they are in place and actually attended to - will alert administrators to any pat-terns which you create. Well, you're not going to create any patterns, but you're probably going to create some problems, and those too, will show up on the security log's report.

If you plan to stay on a given computer for any length of time, for instance if you plan to use that computer as a springboard from which to jump around through the network, you must discover the security auditor and render it useless.

Don't destroy the auditor, simply reprogram it to ignore you when you log on. Or find out how it keeps a record of events and see what can be done to eliminate your own tell-tale traces. This should be piece of cake, considering that if you're in the position to do these sorts of things, you most likely already have root access.

If you have been logging on in a similar way for a while, you might want to change previous log en-tries to reflect a more random login schedule. You may also be able to use a date or time setting cornmand to control how the security monitor judges your behavior.


WARNING!
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

There have been many, many instances of hackers carefully editing out personal sections of audit records, only to find to their horror that they've deleted more than they should have. Or hackers who were trying to be helpful by cleaning up a messy program or fixing a typo in a memo, and having some disaster occur. You know you should always keep backups. The backup rule applies every time you use a computer, especially computers which aren't yours. If you feel you must alter a file that doesn't belong to you, alter a backup of that file. When you're done, make certain your changes are perfect, delete the original file and then rename the
backup.

One simple task that most auditors and many secure operating systems will perform is the re-cording of unsuccessful login attempts. Again, re-search is needed to see how your particular target computer responds to inaccurate logon inputs. Some programs will let you try three or four user-name password combinations before resetting and saving the last attempt. In that case you would try to always make your last login attempt something innocuous. Or to be safer, don't type anything for your last allowed login attempt. Instead, press Con-trol-C or Control-Z or whatever it is you can use to break back to the previous level of interaction.

Auditing programs can be a nuisance if you're running a big job, such as a brute force password generator. If you're able, try to write these pro-grams so that they get around the security logs. Going directly to the hardware may be one solution to this problem. Another, depending on what kinds of things the log is keeping track of, would be to rename suspicious commands, so that the log either won't know to record those commands under their new name, or if the supervisor reads through the log printouts, he or she won't notice any question-able activity going on. Printed logs are a big problem. Any hacker worth his salt, can go in and fiddle with records which have been stored on a tape or disk. But what if the security monitor makes a real-time printout of events as they occur? Then, my friend, you are stuck. Once a deed is done, it is trapped on that page for life.

The thing to do is catch any mistakes before you make them. Limit the number of illegal or questionable activities you perform until you can find a way to disable the printer. You may be able to use software switches to program the printer to print everything in a nonexistent font, or if it's a multi-color printer, in a color that has no ink car-tridge or ribbon. Of course, since you're probably doing all this over the phone, you might not know what equipment is being used. However, it might be possible to reroute print jobs to an electronic storage medium, or to an unused port; that is, tell the computer to print stuff out on a printer that doesn't exist. At times it may even be possible to trick the computer into thinking it's printing to the printer when actually it's printing back through its own modem - and so you end up receiving re-Ports of your own activities as you go about your business.

A more troublesome form of paper log is some-times used by organizations to keep track of who does what, when, and why. Some companies insist that each employee enter telephone calls in a log. A monthly review and a comparison of the log with phone bills is done - and if anything doesn't match up, well, you can figure
out what happens next. If you sneak into an office to make long dis-tance calls, you can be easily trapped with such a log, since you probably won't know about it. Even if you're dialing in from home (or a phone booth), a log can trip you up. If you use a company's corn-puters to call other computers, that might be a toll call which would show up on the phone bill, but not in the employee log.

Companies may keep logs to verify employee comings and goings, and use of equipment. Stay on top of things because the littlest errors lead to the biggest downfalls.


In Public And On-Site

Doing any sort of hacking-related function in public or on-site - altering public access comput-ers (PACs) or public access terminals (PATs), sabo-taging for reverse social engineering (RSE), doing in-person social engineering (SE), using a university's computing facilities, or simply doing research at a library - is riskier
than doing the same sorts of things at home. Not only do you have all the threats that a home-based hacker has, you have the additional concerns of whether or not you will be recognized or apprehended.

Use proven burglar's techniques when selecting spot to do public hacking. When a burglar enters a house, the first thing he does is scope out all the exits. Don't sit down at a computer from where you won't be able to escape easily in more than one di-rection. And just as a burglar is always glad to see tall shrubbery to hide
behind, you should try to sit at computers that are hidden in some way; with people or objects sitting in front of you, and hope-fully a wall behind you, so no one can look over your shoulder.

Always be ready to leave a public hack at a moment's notice, and never get so involved with your work that you forget where you are. Remem-ber, that's what happens to regular users when shoulder surfing takes place - they forget where they are and they let people see the secret things they're doing. A hacker must always be more secu-rity-aware than a regular user.

Take care to have a decent story prepared if youre trespassing, or if your actions will seem fishy to a passer-by. Make sure you dress the part of your story. Regardless of your story, clean dressy clothes are always a plus.

Finally, one should always keep in mind that a computer room is very likely occupied by at least one hacker or cracker at any given moment. Be alert to shoulder surfers, and to other tricks of the trade. When I sit down at a public terminal I always press the Break key a few times, and log off several times before logging in - just in case someone has set up a simulation trap.

Be cautious, too, upon log out. Some terminals, such as the Tektronix 4207 and others, maintain a buffer of the screen display. Often that buffer is not cleated, even after log out. What that means is, some unsuspecting soul walks away from the ter-minal, but leaves behind a record of every action taken during his or her
session. Anyone can go over to that terminal now and access, read, even print out dozens or hundreds of screenfuls of data.


While Off-Line: Minimizing Losses

Okay, so what if all of this doesn't help you? What if you still get caught? It's good to be pre-pared for such an emergency so if the feds do catch up to you they at least won't have any evidence on which to base a trial.


Maintaining Your Computer

You should routinely look at the files stored on your computer and destroy those which you ille-gally  acquired. When I say "destroy" I mean it -don't just delete those files: overwrite them with a single repeated character, encrypt them with the lengthiest, twistiest key you can fathom, and only then erase those files. You can use a "Wipefile" or "Wipedisk" program to write over data. That way you won't have compu-cops poking around in your secrets.

Also keep in mind that sometimes pieces of files get lost or unattached from the files to which they belong, or parts of files get duplicated elsewhere on your disks. It's a good idea to regularly check for these orphan text strings and eradicate them if they contain incriminating evidence.

Any computer file which you simply can't de-stroy must be encrypted and, ideally, hidden under an inconspicuous filename, such as PACMAN.EXE.

There are other matters to consider, other things about your computer that might not directly con-vict you, but can lead to evidence that will: termi-nal programs, autodialers, databases of modem numbers and account codes, lists of BBS numbers (especially pirate, phreak or hacking boards), and any other program that could
even remotely be linked with a crime.

To play it safe, I use physical locks on my com-puters along with software "locks." I programmed all my computers to check for a particular key be-ing pressed during the start up procedures. If the computer goes through its entire start up mode without detecting that key, it knows that something's wrong. It will then call a time-and-date sub-routine. The routine shows the correct time and date, and gives me the opportunity to correct them. I must input a certain time and date, otherwise the computer will display a "LOADING MENU"
mes-sage and remove the directory in which I keep all my naughty stuff. There is an opening menu too, which one can not enter or exit without inputting the proper password.

Luckily, I've never had my computers seized. If I ever do, I pity the untrained lummox who gets to go through my stuff; my systems are all booby trapped to destroy incriminating evidence. And even if he's prepared for that, he still won't know how to prevent it from happening!



Keeping Your Other Stuff

Once a law enforcement official has a warrant for your arrest, he or she can legally steal all of your computers and peripherals, blank disks and audio cassettes, commercial software and documentation, printouts and operating logs, telephones and answering machines, any piece of electronic equip-ment as well as any papers
indicating that you are the owner or user of that equipment, wires and loose parts, model rockets, disk boxes, radios, soldering irons, surge protectors, books, journals, magazines, et cetera. These things I've listed are all things that have been seized in past raids. Also, if the crimes which you are suspected of committing are related to a specific place or person, they will seize any papers or evidence with which a connec-tion may be made between that place or person and the crime. They purposely write their warrants to allow seizure of a wide range of items, and believe me - they will take all of it.

And don't expect to get any of it back in one piece, either. This is yet another reason why, as I said in the beginning, it may not be such a great idea for hackers to even own a computer. It's sad but true, and so you should do your best to hide anything when you're out of your house or not us-ing your equipment. If you have
printouts or notes lying around, keep them in folders marked "SCHOOL HOMEWORK" or "CHURCH GROUP". Make the marks big and visible, and innocuous, and maybe they'll overlook the folders' contents.

it is a myth commonly heard that computer printouts can not be used as evidence in court, since they are so easily forged. The truth is, a print-out is just as valid as any other piece of written evi-dence, as long as it can be shown to have been made at or near the time of the criminal act, or during preparation for the act. If a Secret Service thug, after taking your computer, makes a printout of a file contained on it, then that printout is invalid evidence, since he made it and not you. On the other hand, if there is in fact some accessible in-criminating evidence stored on your computer, the prosecuting attorneys will know how they can le-gally present it to the court (I presume by bringing your computer into the courtroom, plugging it in and firing away). On the other hand, the feds are so good at smashing up seized computer equipment that you probably have nothing to worry about!

It is important that when you hide stuff, you make it look as if the stuff has no connection with computers or electronics. Law enforcement officers are smart enough to get warrants that let them take anything even remotely connected to electricity. Let's look at a hypothetical example. Suppose un-derground information were routinely distributed on audio cassettes. Naturally we would resort to putting that information on store-bought tapes with legitimate names -Beatles, Grateful Dead, whatever. The cops would know that, and thus would want to get their hands on every tape we own, including ones that look as harmless as rock and roll.

As hackers, we do exchange information and keep records on disk. So if you have a box of disks containing all your hacker stuff, you can't simply label the disks with names like "Space War" and Pac Man." They will suspect either that the disks have been labeled misleadingly, or that the games themselves are real. (Think of Steve Jackson.) Be-sides, in their raid they won't stop to sort seemingly irrelevant belongings from the obviously illegal ones. So you'll have to hide the disks themselves, and hide them in a way that is unrelated to tech-nology. The same goes for your other electronics equipment, and anything else that might reasonably
be stolen by the feds. For example, I keep my backup disks in a graham cracker box. Am I being paranoid? I don't think so. I store my laptop in a big corn flakes box up in the closet - it's just as easy to keep it there as anywhere else, and doing so makes me feel more secure. You already know how companies leave help-ful information in their garbage bins, but you should realize that your garbage is just as helpful to someone investigating you for computer crime. Anything incriminating you want to discard should be destroyed beyond recoverability first, and discarded from somewhere other than your home. When I say "destroyed" I don't mean putting it through a shredder - I mean completely de-stroyed. If the Secret Service finds shredded paper in your trash, they WILL piece it back together.

Paper printouts should be soaked in water to wash away the lettering, and then shredded. Disk contents should be encrypted, then deleted. Disks should then be zapped with a strong magnet (bulk erasers, called degaussers, are available to do just that) and the disks themselves chopped up.<This behavior is not paranoid
enough for the US Department of Defense, which according to Lance Hoffman in his Modern Methods for Computer Security and Privacy (Prentice-Hall, Inc., Englewood Cliffs, NJ: 1977) "feels that there are techniques for electronically retrieving overwritten information and thus requires destruction of the recording
medium.">These items can be anonymously deposited in some public garbage can, or in the case of paper, a public re-cycling bin. I'm serious! You do this and you've just blown away any "theft of trade secrets" indictments they wanted to hang on you!



Conclusion: How To Get Caught

This is a book of methods after all, and so here is a list of methods NOT to follow. If you do these things, you will definitely get in trouble. Because, you see, there are five ways you, the hacker, can get caught hacking:
1. by traces or technical means,
2. by being finked on,
3. by getting many agencies ganged up against you,
4. by making a mistake, or
5. by being made (recognized).

You will get caught by phone line traces and other technical means, such as audit logs. So don't keep a routine. Switch the phones and computers you call from all the time.

You will get caught by getting ratted on. Maintain contacts with other hackers, but do so discreetly. Don't tell anyone who doesn't need to know about what you're up to. Above all, be nice to the people you come into contact with while sharing hacking tales, doing research, or while performing the hacking itself. Be nice to them, and hope-fully they will be nice to you.

You will get caught by getting many agencies ganged up against you. Don't steal or destroy or vandalize. These things make you look bad, and downgrade hacking in the eyes of those investigat-ing it. Hackers have a bad enough image as it is, mainly because hacking's most public practitioners are nerdish eighth grade heavy
metal pseudo-anarchists with skin problems. If you re-main true to hacking ethics, you will fare better than if you demolish what you hack - because fewer agencies will be willing to pursue you. Tiptoe.

You will get caught by making a mistake. It is a mistake not to take all of these precautions. Always think before you act. Never reveal anything about yourself. Remember to delete backup files. One of the things that tripped up Lt. Col. Oliver North -according to Donn B. Parker in his Computer Crime: Criminal justice
Resource Manual - was that he: did not understand that using the ERASE command in the White House Executive E-mail system merely removed the name and storage address of an E-mail message from the directory of messages; it did not destroy the contents of the message. In addition, frequent backup copies of all messages were made and stored for later retrieval in the event of a com-puter failure. As a result, much of his corre-spondence was retrieved as evidence of possi-ble wrongdoing. You need to be especially vigilant about timed backups which are made automatically, without your consent.

If you're careful, you will make few mistakes. But the most careful hacker can be tripped up by the mistake of assuming a course of action is infal-lible when there are, in fact, gaping holes in it. For example, in 1974 a criminal in Tokyo tried to use one of the fundamental properties of electronic transmission of data in his favor - the delay that comes about from data being shuffled through ca-bles or telephone lines.

The criminal opened a bank account using the false name S. Kobayashi, then proceeded to with-draw small amounts of cash from automatic teller machines (ATMs) scattered around Japan. Each time, after he withdrew some money, he would telephone the bank to find out the status of his ac-count. By doing so,
Kobayashi found that it took twenty minutes for the bank's central computer to register a withdrawal from a remote cash-dis-pensing machine.

Later, Kobayashi used this information after carrying out a kidnapping. He demanded a ransom of 5 million yen to be paid into his account, figur-ing he would have twenty minutes of getaway time while bank officials waited for the main computer to receive the information regarding from which dispenser the sum had been withdrawn. The plan backfired because of this one assumption. What Kobayashi didn't realize was that programmers at the bank were able to reprogram the central com-puter to immediately identify which machine the criminal was using. Police were stationed close by to each of the bank's 348 ATMs, and when the kid-napper retrieved the money, he was caught.

Look out for the unexpected twists in your plans, and remember that there probably are peo-ple on the other side trying to find ways to foil you. Finally, you will get caught by being recog-nized. In public places, make sure you stay unob-trusive.

The surest way to NOT get caught is to NOT start hacking. But then, the surest way not to die is to live an inactive life. Part of your life is computers and the things you can do with computers. Without hacking, all you have to do with computers is busi-ness stuff or school stuff, a little game playing, and possibly some programming.

But WITH hacking, you have instantaneous control of the world. Enough said. May we all have a good many peaceful, happy hacks!