If you like to watch television while you use your computer, you may have noticed something funny happening when the channel is turned to certain stations. With the computer on, channel two on my television is complete static, while channels 3 and 4 get decreasingly snowy. This happens when electromagnetic fields radiating
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.
There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).
When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.
Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.
Showing posts with label Chapter 8. Show all posts
Showing posts with label Chapter 8. Show all posts
Tuesday, 15 January 2013
Radiation Comprehension
If you like to watch television while you use your computer, you may have noticed something funny happening when the channel is turned to certain stations. With the computer on, channel two on my television is complete static, while channels 3 and 4 get decreasingly snowy. This happens when electromagnetic fields radiating
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.
There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).
When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.
Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.
There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).
When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.
Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.
Always A Way
Think about the enormous amount of power government possesses over us. Think of the billions of dollars it can spend to pry into our lives, to pho-tograph us, record our movements and our daily activities. Think of all the expertise available to such a powerful entity. Anything that government - or big business, or anyone in power for that matter -wants to know about, wants to happen, or wants to change, will become known to it, will happen, or will be changed.
When we start to think about all the covert ac-tions going on around us, and all the myriad ways in which we don't even know we are being ma-nipulated or spied upon, we begin to think of gov-ernment agencies as unbreakable, unstoppable... unhackable. And even if we think we have a chance at hacking it, we know we will end up in prison.
But all of that is simply untrue!
Government agencies are limited in what they can do and in what they know. You only have to look as far back as Operation Sun Devil a few years ago, when Steve Jackson got his games taken away because they were thought to be a menace to socl-ety. Sure, the Secret Service and the FBI may be powerful, but maybe they arefeeble-minded too.
We read about all these scary spy gadgets that have been developed that can read our lives like a README.DOC. We hear about the "impenetrable" government computer systems that have been set UP, and we are scared away because they sound so hermetically protected. For example, we know that any transmission of an interesting nature has a 100% chance of being intercepted. Therefore, all those spy guys in Washington have set up ul-tra-secure network links in an effort to protect their valuable secrets. Their most safeguarded lines are fiber-optic cables buried deep below the surface of the earth and sealed in gas-filled pipes. These are strictly isolated systems - no connections to outside phones or computers, so no hackers can gain access by dialing in. Even if a hacker were to dis-cover where the (unmarked) underground lines are, and even if that hacker were to manage to dig down undetected, and cut open the pipe to tap the cable, the drop in gas pressure instantly sounds an alarm.
This is heavy protection, and sounds like it would be impossible to hack, especially when you realize that even if there were some way to get at those lines, you still need various levels of permis-sions, passwords and access codes to reach the highest and most secret classifications of data.
But think again. Never forget that behind every complicated system, is nothing more than some human beings. And what are human beings if not fallible? In the case of this seemingly impenetrable system, we can imagine the humans who sit night after peaceful night, watching their TV monitors, waiting for the alarm to sound that signals a breach. They're probably asleep more often than awake, especially if the temperature and humidity is high in their work area. If ever the alarm did sound, they probably would ignore it, or wouldn't know what to do. Or they would take a quick look out the window and go back to sleep.
Even if the guards did go out and check the wires to make sure everything was okay, do you think they would continue checking them after five or six false alarms? "The boy who cried wolf' trick always works, especially on a dark and stormy night. No guard is going to go out sloshing through the mud and rain to investigate an intruder he knows won't be there. There is always a way. Don't be fooled by first appearances.
And here are some more ways you can beat the security:
When we start to think about all the covert ac-tions going on around us, and all the myriad ways in which we don't even know we are being ma-nipulated or spied upon, we begin to think of gov-ernment agencies as unbreakable, unstoppable... unhackable. And even if we think we have a chance at hacking it, we know we will end up in prison.
But all of that is simply untrue!
Government agencies are limited in what they can do and in what they know. You only have to look as far back as Operation Sun Devil a few years ago, when Steve Jackson got his games taken away because they were thought to be a menace to socl-ety. Sure, the Secret Service and the FBI may be powerful, but maybe they arefeeble-minded too.
We read about all these scary spy gadgets that have been developed that can read our lives like a README.DOC. We hear about the "impenetrable" government computer systems that have been set UP, and we are scared away because they sound so hermetically protected. For example, we know that any transmission of an interesting nature has a 100% chance of being intercepted. Therefore, all those spy guys in Washington have set up ul-tra-secure network links in an effort to protect their valuable secrets. Their most safeguarded lines are fiber-optic cables buried deep below the surface of the earth and sealed in gas-filled pipes. These are strictly isolated systems - no connections to outside phones or computers, so no hackers can gain access by dialing in. Even if a hacker were to dis-cover where the (unmarked) underground lines are, and even if that hacker were to manage to dig down undetected, and cut open the pipe to tap the cable, the drop in gas pressure instantly sounds an alarm.
This is heavy protection, and sounds like it would be impossible to hack, especially when you realize that even if there were some way to get at those lines, you still need various levels of permis-sions, passwords and access codes to reach the highest and most secret classifications of data.
But think again. Never forget that behind every complicated system, is nothing more than some human beings. And what are human beings if not fallible? In the case of this seemingly impenetrable system, we can imagine the humans who sit night after peaceful night, watching their TV monitors, waiting for the alarm to sound that signals a breach. They're probably asleep more often than awake, especially if the temperature and humidity is high in their work area. If ever the alarm did sound, they probably would ignore it, or wouldn't know what to do. Or they would take a quick look out the window and go back to sleep.
Even if the guards did go out and check the wires to make sure everything was okay, do you think they would continue checking them after five or six false alarms? "The boy who cried wolf' trick always works, especially on a dark and stormy night. No guard is going to go out sloshing through the mud and rain to investigate an intruder he knows won't be there. There is always a way. Don't be fooled by first appearances.
And here are some more ways you can beat the security:
Thursday, 15 December 2011
Ups And Downs
This method of on-site computer cracking is safer than most because it involves no trespassing at all to get at your target computer. Van Eck has reported that he was able to use his invention to view the contents of computer screens from dis-tances over a kilometer away. His working group housed the device in a van which they parked on the street, usually right in front of a target's home, without incident.
These devices give us hackers the opportunity to do what we always say we want to do - innocently look around in computer systems without hurting, without changing, without destroying. But Van Eck and Britton machines also deprive us of freedom of direction, of choice. We can only use it to see what the user himself sees; there is no chance for us to hack, only to spy. Very rarely do pass-words appear on a computer screen, so we most likely won't even be allowed the opportunity to use a bit of learned knowledge to coax what other excit-ing information we can from the system unless the user chooses to allow us entry into those secret realms.
Seeing the contents of a forbidden computer screen from a kilometer away is marvelous in and of itself when one is discussing, as we were, pulling flutters of distant radiation from the ether. But tra-ditional hacking methods - through the telephone - allow us to delve into the forbidden from much further away than a
kilometer. In the following section we will start looking at how a hacker can roam through all the confidential computer systems of his neighborhood, his country, and, if he chooses, the world.
These devices give us hackers the opportunity to do what we always say we want to do - innocently look around in computer systems without hurting, without changing, without destroying. But Van Eck and Britton machines also deprive us of freedom of direction, of choice. We can only use it to see what the user himself sees; there is no chance for us to hack, only to spy. Very rarely do pass-words appear on a computer screen, so we most likely won't even be allowed the opportunity to use a bit of learned knowledge to coax what other excit-ing information we can from the system unless the user chooses to allow us entry into those secret realms.
Seeing the contents of a forbidden computer screen from a kilometer away is marvelous in and of itself when one is discussing, as we were, pulling flutters of distant radiation from the ether. But tra-ditional hacking methods - through the telephone - allow us to delve into the forbidden from much further away than a
kilometer. In the following section we will start looking at how a hacker can roam through all the confidential computer systems of his neighborhood, his country, and, if he chooses, the world.
Van Eck And Britton
In 1985 a group of Swedish engineers, led by one William "Wim" Van Eck, presented a paper called "Electromagnetic Radiation from Video Dis-play Units: An Eavesdropping Risk?" at the Securi-corn Conference in Cannes. The paper, which was published in Computers and Security 4, described how one could easily and inexpensively convert a normal television set into a non-trespassing, pas-sive device to intercept and reconstruct the infor-mation from any digital device, most notably com-puters. Scientist Don Britton had already gone public with a virtually identical device in 1979, but it was the Van Eck paper that got people to sit up and take notice.
We were talking before about how you could set up a radio receiver to pick up the mess of sig-nals coming from cables, wiring and circuit boards. This is possible, yes, but you would end up with an unintelligible mishmash of signals. It would be dif-ficult to separate and decode the various signals -though not entirely impossible.
Doing so would enable you to determine what a distant computer was "thinking" as those electrical pulses shot through its system.
"Pulses" is the key term here. We all know the story about how computers are digital beasts, proc-essing streams of ones and zeroes to create the fabulous tapestries of color and sound that we get to appreciate every time we boot up a copy of the latest Sierra game.
In reality, there aren't actually tiny Is and Os coursing through the wiring. What's going on is a high or low electrical current passing through. We think of these high and low currents as being Is and Os because it is convenient for us to imagine them this way. Any electrical device is going to have radiation emissions. But only a digital device, like a computer, will have pulses of high and low. Keep all this in mind while we take a little side trip.
Computer screens operate on the pointillist school of display painting: what you see as con-tinuous shapes and lines on the screen is actually composed of thousands or millions of tiny dots, called picture elements, or pixels for short. Each dot is a little speck of some substance that glows (fluoresces) when energized, and the inside of the screen is covered with the stuff.
Video control circuitry located either within the monitor or plugged into the computer, controls the position of an electron gun, which repeatedly scans the screen top-to-bottom, firing an electron where appropriate to energize a bit of the fluorescent sub-stance. Light up the appropriate pixels and keep them lit, and you
end up with glowing dots that can combine to form the lines, characters, symbols and graphics that make up our daily experience with visual computer output. You may ask yourself, "Well, once a pixel is lit up, how do you darken it to clear that portion of the screen?" The answer is simple. Hitting the phosphorescent matter with an electron only pro-duces a very brief burst of glow before extinguishing. That's why the electron gun must systemati-cally scan the entire screen sixty times a second to constantly refresh the image appearing on it. If we wish to cancel a pixel or series of pixels, we simply discontinue firing an electron at that section of the screen.
Every time the beam fires we get a high voltage pulse of electromagnetic emission. Britton's and Van Eck's idea was to simply use a television re-ceiver to listen for those bursts of high voltage as a monitor emits them, and have the television respond by firing a pixel in the corresponding place on its own screen - thus ending
up with a display screen that exactly matches, pixel by pixel, that of the target computer.
A good thing for a spy to have, huh? The problem is that while a television can receive those bursts of high voltages, they don't know what to do with them. There's nothing inherent to a high pulse that signals where on the receiving television that pixel should go. <Actually, such signals are readily available from the mishmash, because the originating monitor's synchroni-zation components also generate signals as they func-tion.
However, the pulses are too weak to pick up from a distance.>
The Van Eck or Britton devices bestow this function upon any lowly TV receptor, by producing an artificial syn-chronization signal. Two adjustable oscillators are used to create the vertical (picture) and horizontal (line) synchronization. For technical reasons, proper reception requires a constant re-tuning of the oscillators. This
could theoretically be done by hand, but this is the computer age: the signals are mathematically combined and fed into a logic cir-cuit which performs the job automatically.
The difference between Britton's and Van Eck's designs are that Britton based his system on United States NTSC technology, while Van Eck's model is based on European PAL receptors, using European voltages, and includes a built-in digital frequency meter. If you have the tech knowledge you can build one of these for
$10 to $15. Models are also commercially available through spy shops.
Besides the oscillators and the logic processing sync restorer board, you will want to hook up a di-rectional antenna to help focus in on exactly what you're after. Someone using one of these devices should be able to fine-tune their receiver to the point where multiple CRTs within the same room may be distinguished. This is
due to differences in the components making up the monitors. Pieces that come off of different assembly lines or from different countries will have varying radia-tionemitting characteristics. Your suitably engi-neered Van Eck or Britton device can discriminate between the several traits presented. Just pick one line of signals
which you wish your machine to follow, and off you go.
We were talking before about how you could set up a radio receiver to pick up the mess of sig-nals coming from cables, wiring and circuit boards. This is possible, yes, but you would end up with an unintelligible mishmash of signals. It would be dif-ficult to separate and decode the various signals -though not entirely impossible.
Doing so would enable you to determine what a distant computer was "thinking" as those electrical pulses shot through its system.
"Pulses" is the key term here. We all know the story about how computers are digital beasts, proc-essing streams of ones and zeroes to create the fabulous tapestries of color and sound that we get to appreciate every time we boot up a copy of the latest Sierra game.
In reality, there aren't actually tiny Is and Os coursing through the wiring. What's going on is a high or low electrical current passing through. We think of these high and low currents as being Is and Os because it is convenient for us to imagine them this way. Any electrical device is going to have radiation emissions. But only a digital device, like a computer, will have pulses of high and low. Keep all this in mind while we take a little side trip.
Computer screens operate on the pointillist school of display painting: what you see as con-tinuous shapes and lines on the screen is actually composed of thousands or millions of tiny dots, called picture elements, or pixels for short. Each dot is a little speck of some substance that glows (fluoresces) when energized, and the inside of the screen is covered with the stuff.
Video control circuitry located either within the monitor or plugged into the computer, controls the position of an electron gun, which repeatedly scans the screen top-to-bottom, firing an electron where appropriate to energize a bit of the fluorescent sub-stance. Light up the appropriate pixels and keep them lit, and you
end up with glowing dots that can combine to form the lines, characters, symbols and graphics that make up our daily experience with visual computer output. You may ask yourself, "Well, once a pixel is lit up, how do you darken it to clear that portion of the screen?" The answer is simple. Hitting the phosphorescent matter with an electron only pro-duces a very brief burst of glow before extinguishing. That's why the electron gun must systemati-cally scan the entire screen sixty times a second to constantly refresh the image appearing on it. If we wish to cancel a pixel or series of pixels, we simply discontinue firing an electron at that section of the screen.
Every time the beam fires we get a high voltage pulse of electromagnetic emission. Britton's and Van Eck's idea was to simply use a television re-ceiver to listen for those bursts of high voltage as a monitor emits them, and have the television respond by firing a pixel in the corresponding place on its own screen - thus ending
up with a display screen that exactly matches, pixel by pixel, that of the target computer.
A good thing for a spy to have, huh? The problem is that while a television can receive those bursts of high voltages, they don't know what to do with them. There's nothing inherent to a high pulse that signals where on the receiving television that pixel should go. <Actually, such signals are readily available from the mishmash, because the originating monitor's synchroni-zation components also generate signals as they func-tion.
However, the pulses are too weak to pick up from a distance.>
The Van Eck or Britton devices bestow this function upon any lowly TV receptor, by producing an artificial syn-chronization signal. Two adjustable oscillators are used to create the vertical (picture) and horizontal (line) synchronization. For technical reasons, proper reception requires a constant re-tuning of the oscillators. This
could theoretically be done by hand, but this is the computer age: the signals are mathematically combined and fed into a logic cir-cuit which performs the job automatically.
The difference between Britton's and Van Eck's designs are that Britton based his system on United States NTSC technology, while Van Eck's model is based on European PAL receptors, using European voltages, and includes a built-in digital frequency meter. If you have the tech knowledge you can build one of these for
$10 to $15. Models are also commercially available through spy shops.
Besides the oscillators and the logic processing sync restorer board, you will want to hook up a di-rectional antenna to help focus in on exactly what you're after. Someone using one of these devices should be able to fine-tune their receiver to the point where multiple CRTs within the same room may be distinguished. This is
due to differences in the components making up the monitors. Pieces that come off of different assembly lines or from different countries will have varying radia-tionemitting characteristics. Your suitably engi-neered Van Eck or Britton device can discriminate between the several traits presented. Just pick one line of signals
which you wish your machine to follow, and off you go.
Radiation Comprehension
If you like to watch television while you use your computer, you may have noticed something funny happening when the channel is turned to certain stations. With the computer on, channel two on my television is complete static, while channels 3 and 4 get decreasingly snowy. This happens when electromagnetic fields radiating
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.
There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).
When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.
Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.
from my computer and cables are picked up by the televi-sion antenna. If I'm watching channel 2, 1 can even make out a very fuzzy representation of what I see on the computer screen.
There is a simple reason for this happening. The various components of a computer - amplifiers, cables, the coupling between cables, the power supply to power line coupling, switching transis-tors, the ground loop, internal wires, and even printed circuit boards - all act as antennae to con-duct electromagnetic radiation. The
components, cables and whatnot will not only pick up the radia-tion, but transmit it as well, sometimes re-emitting it at some distance from the source equipment. Nearby electrical wiring and metal pipes can further act as antennae. Computers operate at radio frequencies and so they are also radio transmitters.
That's why the Federal Communications Commission must ap-prove all computers (and many other electronic appliances) before they can be sold in the United States. The FCC wants to make sure those radio emissions aren't strong enough to interfere with other licensed radio receivers (such as television sets). In fact, there
have been cases of unregistered computer monitors whose screens have been picked up on the next-door-neighbor's television set. This sort of thing is more likely to occur when the neighbor has a black and white television and the computer has a composite monitor, because a black and white set can more easily adapt the syn-chronization signals that it picks up from a com-posite monitor (especially if the TV has an antenna amplifier attached).
When my television receives computer fre-quencies, it is doing so accidentally. Imagine the consequences of someone setting out to purposely receive radiated information. Indeed, such a thing is possible, and has been going on for quite some time. For years the Department of Defense has stashed away its most hush-hush
computers and communications devices in copper-lined rooms to prevent radiation leakage. They have also pro-duced guidelines for a security standard called TEMPEST ( Transient Electromagnetic Pulse Emanation Standard. ) which defines how military computers are to be constructed so that the radiation leaking from
them is minimal.
Special military computers might be well pro-tected, but your run-of-the-mill PC or terminal is not. The FCC ensures that equipment won't inter-fere with other equipment; it makes no promises that equipment is safe from prying eyes. In fact, those eyes don't even have to be at the scene of the crime. There is an electronic
marvel called the Van Eck device which picks up your favorite leaked radiation and projects it onto a television screen. Hook up a VCR to the television and you've got a living document of everything that goes on in your target's computer account.
Electronic Passive Computing
I don't like to use the term, but active computer hacking can be thought of as a "sport," or a game that is to be won by the hacker. That's the way many hackers view this activity of hacking - as an intellectual exercise in which the hacker tries to out-think either the computer, the user, the Goliath corporation, or the computer
designer.
Passive computing, or "lounging," is like watching a sporting event on television, rather than going out to the field and playing the game your-self. Passive computing is the act of eavesdropping - monitoring computer usage and surreptitiously collecting the information that is transferred.
In seventh grade I was amazed, the first day of my intro to computers class, when the teacher told us that each of our Apple computers were con-nected to his. Thus, by a flick of a switch he could send any of our screens to his computer monitor, to make sure we did the work we were assigned and didn't goof off. He was screening our screens! Some paranoid bosses do just that to their employees to-day, to make sure they do the work they're as-signed.
Actually, it's no great technological feat to con-nect two or more monitors to the same computer and switch between them. If you have access to the computer your target will be using, you can attach an RF adapter to the back and secretly run the cable to another monitor or television set. Then sit back and watch as what occurs on your target's screen unfurls on yours. You won't get to see your target's password, since it will be covered by asterisks, dots or spaces as it is typed - but you can get other in-formation this way. This is a good technique if your target has a lot of encrypted files for which you don't have the key. Monitoring your target like this will let you read whatever he reads; and if he de-crypts his files, you get to read them, too.
It may not be possible to sit down close to the target at your own monitor and watch. You may have to attach a broadcaster to the RF connector, and listen from outside the building with a re-ceiver, which in turn is connected to a viewing screen.
If you hook up a VCR to your monitor, you'll get a hard copy of your target's activities. It may even be possible to directly connect the VCR to the computer your target will be using. If you do so, it is best to have a remote way of turning the VCR on and off, so you don't record while the computer is idle. If the target has
a regular schedule you can simply program the VCR to tape at a certain time.
There's no law saying all screen output has to go to a screen - if for some reason you can't use any of the above techniques. An alternative is to have information sent to a printer buffer. Make sure that either the printer is fast or the buffer is large. Otherwise the target's computer will slow down tremendously and he won't know why. Also, of course, the printer has to be located far away from the target, preferably in another room or an-other building entirely.
As an example of one limited way in which this can be accomplished, consider the "print from key-board" option found on many word processors. "Print from keyboard" causes that several thousand dollar machine to act like any old junky typewriter, printing characters directly as they are typed on the keyboard. While your target slips away from his word processor for a coffee break, you can slip over and activate the "print from keyboard" feature. From then on, anything further he types within the pro-gram will be sent to the printer. As I said, this is of limited use, but it shows one more way that even impromptu situations can be exploited by the cornputer-knowledgeable investigator.
By printing "Shift-PrintScreen" on any DOS computer, the "print from keyboard" mode will be activated. However, if the printer is not ready, the system may hang up.
As an example of passive computing which is really very active, in that hacking is required, it might be reasonable to log on to a network and use programming to direct the target's output to your own terminal. If you have the target's password, the host computer would have to be tricked into allowing the same user to be
logged on twice si-multaneously. Additional programming might be required if the computer refuses to send the target's output to your screen, or if the target is getting your output.
If you have a password other than the target's, some programming could send the target's screen to yours, or yours to the target's (if you want to get into simulation). On UNIX systems, you would be thinking in terms of altering already existing pro-grams such as TALK or WRITE to get the job done. These two programs induce a link between two separate accounts. Any time two accounts are joined, there is a potential for misuse of that link-age. But these programs are written with security in mind; the hacker's job is to rewrite the programs, eliminating the security measures.
Another option is to make use of monitoring software which is commercially available - or write some yourself, to satisfy your own personal needs. Managers of offices routinely spy on their secretaries, data entry clerks and other computer operators through the use of software which stores key presses. Other monitoring
software keeps track of which programs are being used and how, often timestamping such information as well. Doing this form of research does not, as you might at first think, necessitate going back to your target's com-puter to see what keystrokes have been recorded. I hot-wired one such keystroke-capturing program
to print a weekly report to a hidden directory. When secretly installing the program (visiting the site, posing as a confused user who had a vi-rus-attacked disk that needed repairs), I also al-tered the computer's startup file which executes upon login. I altered it to look for that hidden re-port on certain days and e-mail it to me
through an unknowing third party. Now I get weekly reports on this one poor system manager's every last key-stroke!
I didn't think of it at the time, but it would've been a good idea to add a few lines to the startup batch to look for the existence of a piece of mail from me containing a few key words which would signal the program to remove all incriminating files and program lines from the computer.
You might ask, "Why would you need such a thing - don't you have the guy's password and everything from reading those weekly lists of his keystrokes? You can delete the evidence yourself." Good question, and actually I do have his password, but it took a long time to get it.
You see, the keystroke-capturer can only go into effect once the user has logged in and the startup file is executed - by then there is no need to enter one's password. (You can tell that even though I put a lot of thought into this hack, there were a lot of things which I didn't ever consider be-fore the actual results starting coming in. Hacking often involves making assumptions and then see-ing how one's assumptions were wrong.) It took awhile, but eventually I did get the password, when the system manager invoked a second sub-shell within his logon. Tapping the phone line or intercepting micro-wave transmissions are always open options, or bugging the phone if the modem is coupled to it. Then you get the added bonus of hearing the tar-get's voice-phone conversations as well. Printer, modem, monitor, and other computer cables can also be tapped to good effect. One nice method is to tap the modem line, making a recording of any modem calls that take place. You go home, call the number that the tapped computer called, and play back the recording for the remote computer to hear.
Remember, the high-pitched squeals and cries in the recording you made will include that lawful user's access codes. Your goal will be to synchro-nize the playing of the recording with the remote computer's prompting. If you can get it right, you get yourself in.
You know, once someone gets their computer all plugged in and set up, it is only on very rare oc-casions that they ever look at the backside or un-derneath it again, especially since they probably have a messy tangle of cords running out the back, an office cleaning staff to keep it dusted, and the back of the computer pushed
against a wall. That RF adapter or extra wire coming out will surely go unnoticed for a long while.
designer.
Passive computing, or "lounging," is like watching a sporting event on television, rather than going out to the field and playing the game your-self. Passive computing is the act of eavesdropping - monitoring computer usage and surreptitiously collecting the information that is transferred.
In seventh grade I was amazed, the first day of my intro to computers class, when the teacher told us that each of our Apple computers were con-nected to his. Thus, by a flick of a switch he could send any of our screens to his computer monitor, to make sure we did the work we were assigned and didn't goof off. He was screening our screens! Some paranoid bosses do just that to their employees to-day, to make sure they do the work they're as-signed.
Actually, it's no great technological feat to con-nect two or more monitors to the same computer and switch between them. If you have access to the computer your target will be using, you can attach an RF adapter to the back and secretly run the cable to another monitor or television set. Then sit back and watch as what occurs on your target's screen unfurls on yours. You won't get to see your target's password, since it will be covered by asterisks, dots or spaces as it is typed - but you can get other in-formation this way. This is a good technique if your target has a lot of encrypted files for which you don't have the key. Monitoring your target like this will let you read whatever he reads; and if he de-crypts his files, you get to read them, too.
It may not be possible to sit down close to the target at your own monitor and watch. You may have to attach a broadcaster to the RF connector, and listen from outside the building with a re-ceiver, which in turn is connected to a viewing screen.
If you hook up a VCR to your monitor, you'll get a hard copy of your target's activities. It may even be possible to directly connect the VCR to the computer your target will be using. If you do so, it is best to have a remote way of turning the VCR on and off, so you don't record while the computer is idle. If the target has
a regular schedule you can simply program the VCR to tape at a certain time.
There's no law saying all screen output has to go to a screen - if for some reason you can't use any of the above techniques. An alternative is to have information sent to a printer buffer. Make sure that either the printer is fast or the buffer is large. Otherwise the target's computer will slow down tremendously and he won't know why. Also, of course, the printer has to be located far away from the target, preferably in another room or an-other building entirely.
As an example of one limited way in which this can be accomplished, consider the "print from key-board" option found on many word processors. "Print from keyboard" causes that several thousand dollar machine to act like any old junky typewriter, printing characters directly as they are typed on the keyboard. While your target slips away from his word processor for a coffee break, you can slip over and activate the "print from keyboard" feature. From then on, anything further he types within the pro-gram will be sent to the printer. As I said, this is of limited use, but it shows one more way that even impromptu situations can be exploited by the cornputer-knowledgeable investigator.
By printing "Shift-PrintScreen" on any DOS computer, the "print from keyboard" mode will be activated. However, if the printer is not ready, the system may hang up.
As an example of passive computing which is really very active, in that hacking is required, it might be reasonable to log on to a network and use programming to direct the target's output to your own terminal. If you have the target's password, the host computer would have to be tricked into allowing the same user to be
logged on twice si-multaneously. Additional programming might be required if the computer refuses to send the target's output to your screen, or if the target is getting your output.
If you have a password other than the target's, some programming could send the target's screen to yours, or yours to the target's (if you want to get into simulation). On UNIX systems, you would be thinking in terms of altering already existing pro-grams such as TALK or WRITE to get the job done. These two programs induce a link between two separate accounts. Any time two accounts are joined, there is a potential for misuse of that link-age. But these programs are written with security in mind; the hacker's job is to rewrite the programs, eliminating the security measures.
Another option is to make use of monitoring software which is commercially available - or write some yourself, to satisfy your own personal needs. Managers of offices routinely spy on their secretaries, data entry clerks and other computer operators through the use of software which stores key presses. Other monitoring
software keeps track of which programs are being used and how, often timestamping such information as well. Doing this form of research does not, as you might at first think, necessitate going back to your target's com-puter to see what keystrokes have been recorded. I hot-wired one such keystroke-capturing program
to print a weekly report to a hidden directory. When secretly installing the program (visiting the site, posing as a confused user who had a vi-rus-attacked disk that needed repairs), I also al-tered the computer's startup file which executes upon login. I altered it to look for that hidden re-port on certain days and e-mail it to me
through an unknowing third party. Now I get weekly reports on this one poor system manager's every last key-stroke!
I didn't think of it at the time, but it would've been a good idea to add a few lines to the startup batch to look for the existence of a piece of mail from me containing a few key words which would signal the program to remove all incriminating files and program lines from the computer.
You might ask, "Why would you need such a thing - don't you have the guy's password and everything from reading those weekly lists of his keystrokes? You can delete the evidence yourself." Good question, and actually I do have his password, but it took a long time to get it.
You see, the keystroke-capturer can only go into effect once the user has logged in and the startup file is executed - by then there is no need to enter one's password. (You can tell that even though I put a lot of thought into this hack, there were a lot of things which I didn't ever consider be-fore the actual results starting coming in. Hacking often involves making assumptions and then see-ing how one's assumptions were wrong.) It took awhile, but eventually I did get the password, when the system manager invoked a second sub-shell within his logon. Tapping the phone line or intercepting micro-wave transmissions are always open options, or bugging the phone if the modem is coupled to it. Then you get the added bonus of hearing the tar-get's voice-phone conversations as well. Printer, modem, monitor, and other computer cables can also be tapped to good effect. One nice method is to tap the modem line, making a recording of any modem calls that take place. You go home, call the number that the tapped computer called, and play back the recording for the remote computer to hear.
Remember, the high-pitched squeals and cries in the recording you made will include that lawful user's access codes. Your goal will be to synchro-nize the playing of the recording with the remote computer's prompting. If you can get it right, you get yourself in.
You know, once someone gets their computer all plugged in and set up, it is only on very rare oc-casions that they ever look at the backside or un-derneath it again, especially since they probably have a messy tangle of cords running out the back, an office cleaning staff to keep it dusted, and the back of the computer pushed
against a wall. That RF adapter or extra wire coming out will surely go unnoticed for a long while.
Other Successful Tricks & Antics
There have been hackers (and thieves and spies) who dress as one of the maintenance crew to get into a place and get closer to the computers there. Grab yourself a ladder and a can of paint, and see if there's any work you can pretend to be doing. This sort of impersonation works best in large companies where no one
will question you, because everyone assumes you're there because someone else wants you there. As long as you act like you belong, you will be accepted. One hacker/spy completely re-wallpapered the employee lounge while learning codes, names, and procedures over a five day period. You may not have the
stamina or the patience to invest in a scheme such as this, but similar actions can be worked effectively on a smaller scale. Besides, you may find that you're suited to being a delivery boy or sandwich girl for a few days.
You can gain access to dozens of offices by signing up at a few temporary agencies. Then, even if the jobs you are assigned don't take you near a computer you will be able to later use your temp-ing as justification for a return visit to the site. That is, you wouldn't necessarily come out and tell people you're there on another
temporary as-signment - you would let them think it, mean-while roaming freely around the building.
Cubicles are great - I love cubicles! Because once you're in one of those gigantic gray ice-tray rooms, you have the entire area to explore: no locked doors and lots of comers to hide behind. If you ever trespass into an office of cubicles, you can roam from one cube to the next, finding passwords taped to ink blotters and stuck to walls. You can find pictures of kids, people's names, hobbies, etc., from which to guess more passwords. You can eas-ily eavesdrop and find out inside dope on people, as well as shoulder surf with ease. Yes, to a hacker, those yucky gray cubicles can be wonderful!
Sometimes you will be trying helplessly to hack an on-site computer, but for whatever reason the data you type refuses to be entered. Note that on some terminals (or computers), non-standard data entry keys are used. Thus, instead of pressing Re-turn or Enter following a command, you type Fl, or Home, or Insert. I
know, it's crazy, but I've seen it.
On-site hacking doesn't only have to imply the hacking of computers behind closed doors. In air-ports one can often find unattended terminals. Step behind the counter and you can hack until you're chased away.
Before concluding this section on the hacking of private and on-site computers, I want to touch on an area that is connected to the subject by a tenuous thread.
will question you, because everyone assumes you're there because someone else wants you there. As long as you act like you belong, you will be accepted. One hacker/spy completely re-wallpapered the employee lounge while learning codes, names, and procedures over a five day period. You may not have the
stamina or the patience to invest in a scheme such as this, but similar actions can be worked effectively on a smaller scale. Besides, you may find that you're suited to being a delivery boy or sandwich girl for a few days.
You can gain access to dozens of offices by signing up at a few temporary agencies. Then, even if the jobs you are assigned don't take you near a computer you will be able to later use your temp-ing as justification for a return visit to the site. That is, you wouldn't necessarily come out and tell people you're there on another
temporary as-signment - you would let them think it, mean-while roaming freely around the building.
Cubicles are great - I love cubicles! Because once you're in one of those gigantic gray ice-tray rooms, you have the entire area to explore: no locked doors and lots of comers to hide behind. If you ever trespass into an office of cubicles, you can roam from one cube to the next, finding passwords taped to ink blotters and stuck to walls. You can find pictures of kids, people's names, hobbies, etc., from which to guess more passwords. You can eas-ily eavesdrop and find out inside dope on people, as well as shoulder surf with ease. Yes, to a hacker, those yucky gray cubicles can be wonderful!
Sometimes you will be trying helplessly to hack an on-site computer, but for whatever reason the data you type refuses to be entered. Note that on some terminals (or computers), non-standard data entry keys are used. Thus, instead of pressing Re-turn or Enter following a command, you type Fl, or Home, or Insert. I
know, it's crazy, but I've seen it.
On-site hacking doesn't only have to imply the hacking of computers behind closed doors. In air-ports one can often find unattended terminals. Step behind the counter and you can hack until you're chased away.
Before concluding this section on the hacking of private and on-site computers, I want to touch on an area that is connected to the subject by a tenuous thread.
Piggybacking
There are two kinds of piggybacking. Electroluic piggybacking is dialing up a computer and finding yourself connected to the account of the last person who logged off. Physical piggybacking is using another person's access to gain entry to a computer or computer room.
One way of getting in at hospitals, offices and other buildings which require the insertion of a magnetic card to gain access is to stand around and wait for someone with access to open the door for you. Many offices stay open late at night and on weekends, for people who need to come in to clean or work overtime. I especially
like going into big office buildings on Sundays. Just wait around outside until you see a car pull up, then time yourself so you will be behind the employee as he or she heads toward the door. Let the person unlock the door and hold it open for you. If you can get in, the whole building is yours for the asking. There may not
even be a maintenance crew around to get in your way.
The thing is, though, you have to plan ahead to be successful at this and not arouse suspicion. If you're going to try piggybacking your way into an office building, dress like an office worker. Perhaps carry a briefcase or a lunch bag.
I know these things are possible because I have done them. I spent last week at the regional head-quarters of a large bank, doing temporary work for them. From the moment I drove into the parking garage I was inundated with all sorts of warnings about security measures. First there were the signs hanging up in the
parking garage about how my car would be towed if I parked there without a hangtag. A guard was sitting in a little booth near the entrance of the place. I went over and explained to him that I was a temp worker and I didn't have a hangtag. He told me not to worry about it, that they don't really tow cars unless there is some problem with them, like if they are double parked.
Then I went into the building, up to the seven-teenth floor, and came out of the elevator facing a locked door that required a magnetic card to get in. A sign informed me that I was supposed to buzz the receptionist and have her open the door for me, but there was no receptionist sitting at the desk. I waited a few moments until an office worker ap-proached the door from the other side, held it open for me, then went on his way.
The entire week I 'got in and out of the office without a security card, and in fact later on I even found a concealed door that allowed entrance to the same offices, without a key or card of any kind.
So you see, piggybacking - the use of another's legitimate access to gain entry into a building or computer - is an on-site hacker's best friend!
One way of getting in at hospitals, offices and other buildings which require the insertion of a magnetic card to gain access is to stand around and wait for someone with access to open the door for you. Many offices stay open late at night and on weekends, for people who need to come in to clean or work overtime. I especially
like going into big office buildings on Sundays. Just wait around outside until you see a car pull up, then time yourself so you will be behind the employee as he or she heads toward the door. Let the person unlock the door and hold it open for you. If you can get in, the whole building is yours for the asking. There may not
even be a maintenance crew around to get in your way.
The thing is, though, you have to plan ahead to be successful at this and not arouse suspicion. If you're going to try piggybacking your way into an office building, dress like an office worker. Perhaps carry a briefcase or a lunch bag.
I know these things are possible because I have done them. I spent last week at the regional head-quarters of a large bank, doing temporary work for them. From the moment I drove into the parking garage I was inundated with all sorts of warnings about security measures. First there were the signs hanging up in the
parking garage about how my car would be towed if I parked there without a hangtag. A guard was sitting in a little booth near the entrance of the place. I went over and explained to him that I was a temp worker and I didn't have a hangtag. He told me not to worry about it, that they don't really tow cars unless there is some problem with them, like if they are double parked.
Then I went into the building, up to the seven-teenth floor, and came out of the elevator facing a locked door that required a magnetic card to get in. A sign informed me that I was supposed to buzz the receptionist and have her open the door for me, but there was no receptionist sitting at the desk. I waited a few moments until an office worker ap-proached the door from the other side, held it open for me, then went on his way.
The entire week I 'got in and out of the office without a security card, and in fact later on I even found a concealed door that allowed entrance to the same offices, without a key or card of any kind.
So you see, piggybacking - the use of another's legitimate access to gain entry into a building or computer - is an on-site hacker's best friend!
Acting For The On-Site Hack
On-site hacking requires some acting ability -the ability to act like you have a valid reason for being where you shouldn't be and undertaking questionable activities while there. There's nothing difficult about this - just pretend you own the place.
Strut down the center of hallways holding your head high. Smile and say hello to the people you pass. I learned this trick in school, where we needed hall passes while classes were in session if we wanted to leave the classroom. All throughout junior and senior high, I never got stopped once by a teacher or hall monitor for not being in class, simply because I acted as if I was on some official mission for the principal. (It helped that I was a "good kid.")
So do your best to keep your cool. Have a reasonable story prepared in case you are stopped and questioned, and try to tell it without fumbling for words. Here's a hint to help you do that.
After rehearsing a story in your head for the umpteenth time and finally repeating it aloud to a security guard, the quickness with which words come to your mouth may seem to you to be too well-prepared, too fake to your ears, and you start throwing in "uhhmm"s and "uhhhhh"s to slow yourself down. Don't do that - it sounds really bad and it takes away from your credibility and sincer-ity. Talk at a normal pace. Say your prepared script without worrying if it sounds fake. And throw in some company insider lingo or gibberish to give yourself an extra believability edge.
Strut down the center of hallways holding your head high. Smile and say hello to the people you pass. I learned this trick in school, where we needed hall passes while classes were in session if we wanted to leave the classroom. All throughout junior and senior high, I never got stopped once by a teacher or hall monitor for not being in class, simply because I acted as if I was on some official mission for the principal. (It helped that I was a "good kid.")
So do your best to keep your cool. Have a reasonable story prepared in case you are stopped and questioned, and try to tell it without fumbling for words. Here's a hint to help you do that.
After rehearsing a story in your head for the umpteenth time and finally repeating it aloud to a security guard, the quickness with which words come to your mouth may seem to you to be too well-prepared, too fake to your ears, and you start throwing in "uhhmm"s and "uhhhhh"s to slow yourself down. Don't do that - it sounds really bad and it takes away from your credibility and sincer-ity. Talk at a normal pace. Say your prepared script without worrying if it sounds fake. And throw in some company insider lingo or gibberish to give yourself an extra believability edge.
Always A Way
Think about the enormous amount of power government possesses over us. Think of the billions of dollars it can spend to pry into our lives, to pho-tograph us, record our movements and our daily activities. Think of all the expertise available to such a powerful entity. Anything that government - or big business, or anyone in power for that matter -wants to know about, wants to happen, or wants to change, will become known to it, will happen, or will be changed.
When we start to think about all the covert ac-tions going on around us, and all the myriad ways in which we don't even know we are being ma-nipulated or spied upon, we begin to think of gov-ernment agencies as unbreakable, unstoppable... unhackable. And even if we think we have a chance at hacking it, we know we will end up in prison.
But all of that is simply untrue!
Government agencies are limited in what they can do and in what they know. You only have to look as far back as Operation Sun Devil a few years ago, when Steve Jackson got his games taken away because they were thought to be a menace to socl-ety. Sure, the Secret Service and the FBI may be powerful, but maybe they arefeeble-minded too.
We read about all these scary spy gadgets that have been developed that can read our lives like a README.DOC. We hear about the "impenetrable" government computer systems that have been set UP, and we are scared away because they sound so hermetically protected. For example, we know that any transmission of an interesting nature has a 100% chance of being intercepted. Therefore, all those spy guys in Washington have set up ul-tra-secure network links in an effort to protect their valuable secrets. Their most safeguarded lines are fiber-optic cables buried deep below the surface of the earth and sealed in gas-filled pipes. These are strictly isolated systems - no connections to outside phones or computers, so no hackers can gain access by dialing in. Even if a hacker were to dis-cover where the (unmarked) underground lines are, and even if that hacker were to manage to dig down undetected, and cut open the pipe to tap the cable, the drop in gas pressure instantly sounds an alarm.
This is heavy protection, and sounds like it would be impossible to hack, especially when you realize that even if there were some way to get at those lines, you still need various levels of permis-sions, passwords and access codes to reach the highest and most secret classifications of data.
But think again. Never forget that behind every complicated system, is nothing more than some human beings. And what are human beings if not fallible? In the case of this seemingly impenetrable system, we can imagine the humans who sit night after peaceful night, watching their TV monitors, waiting for the alarm to sound that signals a breach. They're probably asleep more often than awake, especially if the temperature and humidity is high in their work area. If ever the alarm did sound, they probably would ignore it, or wouldn't know what to do. Or they would take a quick look out the window and go back to sleep.
Even if the guards did go out and check the wires to make sure everything was okay, do you think they would continue checking them after five or six false alarms? "The boy who cried wolf' trick always works, especially on a dark and stormy night. No guard is going to go out sloshing through the mud and rain to investigate an intruder he knows won't be there. There is always a way. Don't be fooled by first appearances.
And here are some more ways you can beat the security:
When we start to think about all the covert ac-tions going on around us, and all the myriad ways in which we don't even know we are being ma-nipulated or spied upon, we begin to think of gov-ernment agencies as unbreakable, unstoppable... unhackable. And even if we think we have a chance at hacking it, we know we will end up in prison.
But all of that is simply untrue!
Government agencies are limited in what they can do and in what they know. You only have to look as far back as Operation Sun Devil a few years ago, when Steve Jackson got his games taken away because they were thought to be a menace to socl-ety. Sure, the Secret Service and the FBI may be powerful, but maybe they arefeeble-minded too.
We read about all these scary spy gadgets that have been developed that can read our lives like a README.DOC. We hear about the "impenetrable" government computer systems that have been set UP, and we are scared away because they sound so hermetically protected. For example, we know that any transmission of an interesting nature has a 100% chance of being intercepted. Therefore, all those spy guys in Washington have set up ul-tra-secure network links in an effort to protect their valuable secrets. Their most safeguarded lines are fiber-optic cables buried deep below the surface of the earth and sealed in gas-filled pipes. These are strictly isolated systems - no connections to outside phones or computers, so no hackers can gain access by dialing in. Even if a hacker were to dis-cover where the (unmarked) underground lines are, and even if that hacker were to manage to dig down undetected, and cut open the pipe to tap the cable, the drop in gas pressure instantly sounds an alarm.
This is heavy protection, and sounds like it would be impossible to hack, especially when you realize that even if there were some way to get at those lines, you still need various levels of permis-sions, passwords and access codes to reach the highest and most secret classifications of data.
But think again. Never forget that behind every complicated system, is nothing more than some human beings. And what are human beings if not fallible? In the case of this seemingly impenetrable system, we can imagine the humans who sit night after peaceful night, watching their TV monitors, waiting for the alarm to sound that signals a breach. They're probably asleep more often than awake, especially if the temperature and humidity is high in their work area. If ever the alarm did sound, they probably would ignore it, or wouldn't know what to do. Or they would take a quick look out the window and go back to sleep.
Even if the guards did go out and check the wires to make sure everything was okay, do you think they would continue checking them after five or six false alarms? "The boy who cried wolf' trick always works, especially on a dark and stormy night. No guard is going to go out sloshing through the mud and rain to investigate an intruder he knows won't be there. There is always a way. Don't be fooled by first appearances.
And here are some more ways you can beat the security:
Biometric Systems
Controls based on personal characteristics are the ultimate in computer access control - when they work properly. Known as biometric systems, these devices limit access to a computer or the computer room by verifying physical attributes of a person. A biornetric system may look at any one of these individual traits to
verify user identity: fin-gerprints, voiceprint, handwritten signature, palm print, hand geometry, or retinal patterns.
Biometric systems are costly to implement, but they are not always as accurate as television would have one believe. For example, a legitimate user's voiceprint may be rejected because of a change in voice pattern or voice speed due to illness or stress, or because of interference from outside noises. One system I tested would occasionally offer responses to the noise my finger made as it scratched the microphone! Similarly, finger and palm print technology can be thrown for a loop due to cuts and scratches on the hand, dirt on the hands, bandages and blisters, or scrapes in the glass tray on which a user places his finger or palm for scanning. Signature and handwriting analysis systems sometimes fail to pick up nuances in pressure, style
and velocity; people do not always write their names the same way every day. I imagine this would be especially true for someone rushing into the computer room to print out a report three hours past deadline. Hand injuries could also make a person's signature look different.
Hand geometry devices - those which meas-ure the length and translucency of fingers - don't seem to have much going against them, although again a Band Aid or scraped machine tray could easily cause the rejection of an otherwise legitimate system user. Finally there are retinal pattern rec-ognition systems, which look at
the pattern com-posed by blood vessels in the eyes. These too have been shown to be reliable in their accep-tance/rejection rates when user cQmplicity is high. I point out the flaws in these systems so you will get a feeling for what it must be like to work in a building where you're required to get your eye-balls scanned every
time you want to walk through a door. Or imagine being in a place where you have to speak foolishly aloud to switch on the computer. The first few times it may be seen as a novelty, but soon these gadgets become another ho-hurn part of office life. Add to that the time delays these devices cause, the frustration when they
don't work prop-erly, the feeling of subservience that comes from having to remove gloves and glasses, speak dis-tinctly into a microphone, present a clean hand, or hold one's face immobile, and you will find a bunch of people who - even under the strictest of security conditions - are sick of the whole damn thing!
Unless there is some incentive for workers to use these biometric devices - for example if their time cards will be punched depending on the time they register in, or if their actions are being moni-tored by guards - unless there is a motivation to follow the rules, you know very well that everyone is going to try their hardest to
break them. People like showing how friendly they are. People like to show that they are not a part of the stupid bureauc-racy that runs the place - they like holding doors open for others, even for strangers. They don't mind allowing others to use their own clearance to gain access to a room. Nobody wants to look like she is so caught up in protocol that she has ceased being a human being! And after a while, people don't Re that their humanness has been reduced to a digitized picture of their thumbs, or the snaky red rivers in their eyes.
So, you will sometimes find these costly ma-chines turned off and unplugged. You'll find gar-bage cans placed in the doorways to prevent them from shutting anyone out. You will find helpful, smiling personnel who will open doors for you and hold doors open behind them to let you through -even when they've never seen you
before in their lives. Look what has happened here, and what does happen: the most effective way of
ensuring user legitimacy is overthrown by the users themselves. Well, that's good for you, the hacker. Don't abuse the access that has been offered you by being mali-cious in your explorations of the facilities you find laid out before you.
verify user identity: fin-gerprints, voiceprint, handwritten signature, palm print, hand geometry, or retinal patterns.
Biometric systems are costly to implement, but they are not always as accurate as television would have one believe. For example, a legitimate user's voiceprint may be rejected because of a change in voice pattern or voice speed due to illness or stress, or because of interference from outside noises. One system I tested would occasionally offer responses to the noise my finger made as it scratched the microphone! Similarly, finger and palm print technology can be thrown for a loop due to cuts and scratches on the hand, dirt on the hands, bandages and blisters, or scrapes in the glass tray on which a user places his finger or palm for scanning. Signature and handwriting analysis systems sometimes fail to pick up nuances in pressure, style
and velocity; people do not always write their names the same way every day. I imagine this would be especially true for someone rushing into the computer room to print out a report three hours past deadline. Hand injuries could also make a person's signature look different.
Hand geometry devices - those which meas-ure the length and translucency of fingers - don't seem to have much going against them, although again a Band Aid or scraped machine tray could easily cause the rejection of an otherwise legitimate system user. Finally there are retinal pattern rec-ognition systems, which look at
the pattern com-posed by blood vessels in the eyes. These too have been shown to be reliable in their accep-tance/rejection rates when user cQmplicity is high. I point out the flaws in these systems so you will get a feeling for what it must be like to work in a building where you're required to get your eye-balls scanned every
time you want to walk through a door. Or imagine being in a place where you have to speak foolishly aloud to switch on the computer. The first few times it may be seen as a novelty, but soon these gadgets become another ho-hurn part of office life. Add to that the time delays these devices cause, the frustration when they
don't work prop-erly, the feeling of subservience that comes from having to remove gloves and glasses, speak dis-tinctly into a microphone, present a clean hand, or hold one's face immobile, and you will find a bunch of people who - even under the strictest of security conditions - are sick of the whole damn thing!
Unless there is some incentive for workers to use these biometric devices - for example if their time cards will be punched depending on the time they register in, or if their actions are being moni-tored by guards - unless there is a motivation to follow the rules, you know very well that everyone is going to try their hardest to
break them. People like showing how friendly they are. People like to show that they are not a part of the stupid bureauc-racy that runs the place - they like holding doors open for others, even for strangers. They don't mind allowing others to use their own clearance to gain access to a room. Nobody wants to look like she is so caught up in protocol that she has ceased being a human being! And after a while, people don't Re that their humanness has been reduced to a digitized picture of their thumbs, or the snaky red rivers in their eyes.
So, you will sometimes find these costly ma-chines turned off and unplugged. You'll find gar-bage cans placed in the doorways to prevent them from shutting anyone out. You will find helpful, smiling personnel who will open doors for you and hold doors open behind them to let you through -even when they've never seen you
before in their lives. Look what has happened here, and what does happen: the most effective way of
ensuring user legitimacy is overthrown by the users themselves. Well, that's good for you, the hacker. Don't abuse the access that has been offered you by being mali-cious in your explorations of the facilities you find laid out before you.
Closed-Circuit Television
My home computer broke a little after 5:00 p.m. one night. I called up the store where I bought it, trying to reach the service and repair department. Nobody answered the phone. Finally I spoke with someone in the computer department who assured me that people would be in the store until 9:00 p.m. to deal with my
broken computer. So I drove over there, lugged my computer downstairs to the repair department and - guess what? The place was empty.
The door was open and unlocked, the lights were on, thousands of dollars worth of broken appliances were lying around, and there were two of the store's terminals up and running. All I had to do was step behind the counter and I'd be able to see what made them tick. But surely someone was there? I yelled for assistance. I
rang the bell. I walked behind the counter and into the back areas of the shop. The place was absolutely devoid of life. And there were those two terminals there....
The only thing that stopped me from fooling around with them were the hidden security cam-eras I spotted. Now, as it turns out, I did some checking around the store until I managed to find a room that appeared to house the viewing monitors associated with the store's security cameras. Natu-rally no one was paying any
attention to them, so I went back downstairs, closed the door behind me, and had my way with those terminals. Even though the monitors were not being watched, it was good that I had seen those hidden security cameras. You, too, should be wary of such things when you attempt to hack on private property.
The correct terminology for security cameras is Closed-Circuit Television, or CCTV. Both black & white and color transmissions can be sent over pri-vately owned cables from distances of a few feet to hundreds of miles. Usually black & white is used, as it is less expensive and color is generally an un-needed feature. No
licensing is required for most private CCTV installations, so given the relative cheapness of the technology, such security meas-ures can be found in many settings.
The cameras employed may be either openly visible or hidden (as my department store cameras were). Another approach is to place an empty cam-era frame in an obvious location, while hiding an actual camera in an unusual spot. A trespasser will then cringe from the dummy camera, straight into view of the well-placed real camera. Dummy cam-eras may also be used to give a false sense of high-security, when in reality only a few, or maybe no security precautions are in place. If you see some cameras visibly panning back and forth, but one or two remaining stationary, it is likely those motionless ones are either broken or fake.
Many cameras, especially ones used out-of-doors, will be contained in some sort of housing. This housing may be a conventional metal box, or one more suited for covert surveillance. For example, cameras are often placed in housings made to resemble a light fixture, smoke detector, loudspeaker, or utility box. Cameras may
also be placed behind grillwork, pipes, or a one-way rnir-ror, or hung from the ceiling inside a translucent plastic dome. If you are trespassing you must be aware that hidden cameras exist, but you shouldn't necessarily try to seek them out. After all, you don't want to give a camera a full-frontal shot of your face and body. You're better off, when walking where you oughtn't, to walk tall and proud, but don't stare at the corners or ceilings of rooms. If a shape pro-trudes from a wall or ceiling, pay it no mind - it won't do you any good to stare.
Note that many surveillance systems are not all that great. Images picked up may be fuzzy, dark, full of shadows, and generally hard to see. Others, however, give perfect views of a point or an area within the camera's range. Concealing a camera may hinder its usefulness. Placing a concealing grillwork in front of a camera will result in a loss of detail in the images the camera picks up. Hidden cameras are more likely to be stationary and fo-cused on a single point, such as an entrance or exit, or a particular point in a hallway.
You often see cameras outside buildings, near rooftops or over doorways. These will be protected from the elements with suitable housings, sun-shields, fans, wipers, and/or defoggers. Outdoor cameras are often contained in a white or alurni-nurn housing with vents on the sides. If they are outside, they will have night viewing capabilities, and so you may be detected even before you enter the building. I remember walking across the lawn of a Johnson & Johnson building one rainy night, and as I got closer to the building, I looked up to see two guards with their faces pressed against the glass, staring at me.
If you absolutely must trespass a building or its property to get to its computers, try to go at night during a thunderstorm. Visibility will be poor, you can use your umbrella as a face-shield, and if you get chased away they will be reluctant to chase you very far.
broken computer. So I drove over there, lugged my computer downstairs to the repair department and - guess what? The place was empty.
The door was open and unlocked, the lights were on, thousands of dollars worth of broken appliances were lying around, and there were two of the store's terminals up and running. All I had to do was step behind the counter and I'd be able to see what made them tick. But surely someone was there? I yelled for assistance. I
rang the bell. I walked behind the counter and into the back areas of the shop. The place was absolutely devoid of life. And there were those two terminals there....
The only thing that stopped me from fooling around with them were the hidden security cam-eras I spotted. Now, as it turns out, I did some checking around the store until I managed to find a room that appeared to house the viewing monitors associated with the store's security cameras. Natu-rally no one was paying any
attention to them, so I went back downstairs, closed the door behind me, and had my way with those terminals. Even though the monitors were not being watched, it was good that I had seen those hidden security cameras. You, too, should be wary of such things when you attempt to hack on private property.
The correct terminology for security cameras is Closed-Circuit Television, or CCTV. Both black & white and color transmissions can be sent over pri-vately owned cables from distances of a few feet to hundreds of miles. Usually black & white is used, as it is less expensive and color is generally an un-needed feature. No
licensing is required for most private CCTV installations, so given the relative cheapness of the technology, such security meas-ures can be found in many settings.
The cameras employed may be either openly visible or hidden (as my department store cameras were). Another approach is to place an empty cam-era frame in an obvious location, while hiding an actual camera in an unusual spot. A trespasser will then cringe from the dummy camera, straight into view of the well-placed real camera. Dummy cam-eras may also be used to give a false sense of high-security, when in reality only a few, or maybe no security precautions are in place. If you see some cameras visibly panning back and forth, but one or two remaining stationary, it is likely those motionless ones are either broken or fake.
Many cameras, especially ones used out-of-doors, will be contained in some sort of housing. This housing may be a conventional metal box, or one more suited for covert surveillance. For example, cameras are often placed in housings made to resemble a light fixture, smoke detector, loudspeaker, or utility box. Cameras may
also be placed behind grillwork, pipes, or a one-way rnir-ror, or hung from the ceiling inside a translucent plastic dome. If you are trespassing you must be aware that hidden cameras exist, but you shouldn't necessarily try to seek them out. After all, you don't want to give a camera a full-frontal shot of your face and body. You're better off, when walking where you oughtn't, to walk tall and proud, but don't stare at the corners or ceilings of rooms. If a shape pro-trudes from a wall or ceiling, pay it no mind - it won't do you any good to stare.
Note that many surveillance systems are not all that great. Images picked up may be fuzzy, dark, full of shadows, and generally hard to see. Others, however, give perfect views of a point or an area within the camera's range. Concealing a camera may hinder its usefulness. Placing a concealing grillwork in front of a camera will result in a loss of detail in the images the camera picks up. Hidden cameras are more likely to be stationary and fo-cused on a single point, such as an entrance or exit, or a particular point in a hallway.
You often see cameras outside buildings, near rooftops or over doorways. These will be protected from the elements with suitable housings, sun-shields, fans, wipers, and/or defoggers. Outdoor cameras are often contained in a white or alurni-nurn housing with vents on the sides. If they are outside, they will have night viewing capabilities, and so you may be detected even before you enter the building. I remember walking across the lawn of a Johnson & Johnson building one rainy night, and as I got closer to the building, I looked up to see two guards with their faces pressed against the glass, staring at me.
If you absolutely must trespass a building or its property to get to its computers, try to go at night during a thunderstorm. Visibility will be poor, you can use your umbrella as a face-shield, and if you get chased away they will be reluctant to chase you very far.
On-Site Hacking: The Trespasser-Hacker
In the previous section we discussed methods of exploring publicly available computers, but there is another.side to on-site hacking. It is one that you might think would be best left to spies and thieves, but one that you can actually participate in yourself. I'm referring to the on-site hacking of, not public computers, but private ones. Basically, I'm referring to trespassing.
It is risky and possibly dangerous to walk into a company headquarters and simply start using the computers you find there. But it's also thrilling! It is an electrifying experience to first maneuver one's way into a restricted place and then, while there, to explore both the building itself and its computer system.
Sometimes, on-site hacking is a necessity. In many situations, computers will not be connected to outside phone lines. More secure setups might use some facet of the hardware to validate authen-ticity. You might have to use a particular kind of terminal or modern, or install a certain security chip to access the system. In these cases you would have to hack on premises. Furthermore, reverse social engineering often requires admission to the computing site. Hacking is about computers; there are lots of reasons why a hacker will need to be able to touch and see those computers in person.
You might think it would be virtually impossible to do this, but more often than not it can be an easy thing to do. For example, security expert Robert Farr, in his book The Electronic Criminals, explains how he penetrated the "heavily guarded company headquarters... [of] ... a well-known office machine company" to win a bet. Farr also tells an anecdote of his entry into a vault at the Bank of England: "There I was
standing inside a vault con-taining millions of dollars with a bewildered look on my face, wondering what to do next." Farr did it with prethought, planning, and sometimes blundering. You can do it too. In some ways it is easier to enter large organizations like this than the local insurance office or small busi-ness. Wherever you go, you will often have cameras, guards and possibly biometric devices (see below) to deal with. All of these
can make it tough for a hacker to get close enough to even touch acomputer on site, let alone infiltrate it.
It is risky and possibly dangerous to walk into a company headquarters and simply start using the computers you find there. But it's also thrilling! It is an electrifying experience to first maneuver one's way into a restricted place and then, while there, to explore both the building itself and its computer system.
Sometimes, on-site hacking is a necessity. In many situations, computers will not be connected to outside phone lines. More secure setups might use some facet of the hardware to validate authen-ticity. You might have to use a particular kind of terminal or modern, or install a certain security chip to access the system. In these cases you would have to hack on premises. Furthermore, reverse social engineering often requires admission to the computing site. Hacking is about computers; there are lots of reasons why a hacker will need to be able to touch and see those computers in person.
You might think it would be virtually impossible to do this, but more often than not it can be an easy thing to do. For example, security expert Robert Farr, in his book The Electronic Criminals, explains how he penetrated the "heavily guarded company headquarters... [of] ... a well-known office machine company" to win a bet. Farr also tells an anecdote of his entry into a vault at the Bank of England: "There I was
standing inside a vault con-taining millions of dollars with a bewildered look on my face, wondering what to do next." Farr did it with prethought, planning, and sometimes blundering. You can do it too. In some ways it is easier to enter large organizations like this than the local insurance office or small busi-ness. Wherever you go, you will often have cameras, guards and possibly biometric devices (see below) to deal with. All of these
can make it tough for a hacker to get close enough to even touch acomputer on site, let alone infiltrate it.
Subscribe to:
Posts (Atom)