- Email: [email protected]
Dutch hacker video now out
February 7992
Computer Fraud & Security Bulletin
Long Island with the air traffic controllers at the three area airports. The latter disruption led eventually to the cancellation or delay of nearly 1200 flights nationally. This last problem reflected a wider concern. The FAA had reported that 114 incidents of this type had occurred in the US during the 12 months ending August 1991. The basic issue reportedly had been identified by the FAA in 1989. But the US General Services Administration, which controls non-military agency use of telecommunication facilities, had blocked efforts to remedy the situation as part of a US Government telecommunication cost containment venture known as FTS2000. Be/den Menkus
Dutch hacker video now out Early in 1991 we reported the penetration of US military computers by Dutch hackers (see May issue of CFS). Those of ,you who are interested in more details may like to get hold of a video advertised in the autumn issue of 2600, the hackers ‘zine. The hacking videoed took place in July 1991, so it is not necessarily the same group responsible for the series of intrusions in late 1990. The tape opens with shots of the Amsterdam site and the hackers in the group. Through a local phone number, they connect into Internet, and use telnet to connect to the Defense Data Network Information Center, where they request any addresses containing the word ‘army’ on the military network. An address is chosen at random, and the hackers try default passwords like ‘guest’, ‘public’ and ‘uucp’. None of these work. The next line of attack is to use ftp (file transfer protocol), and this version contains a common bug which allows the hackers, after issuing three commands, to change their directory to the root directory. At this stage the hackers can read and alter information, but cannot login to the system or run any programs.
01992 Elsevier Science Publishers Ltd
What they then do is simply create another user, ‘dquale’, with blanks for his password. On their second try in the root directory, they modify the passAword file to create another account, ‘toor’, and give it root privileges. They use telnet to login as dquale and issue the su command to change to the identity toor. The change of identity is in the hope that the su command will not check to see if the call was coming from outside, and this proves to be the case. Since they were already logged onto the system, su assumed they were legitimate. The system is now under their control. The final part of the tape demonstrates the use of a password hacking program. Instead of decrypting the passwords in the system, it encrypts the most common passwords, and looks for a match with the existing file. In the example on the tape, many passwords were found this way. 2600 will deliver a copy of the tape for $10 or three blank 120 tapes. Contact: 2600, PO Box 752, Middle Island, NY 11953, USA. Those of you using Simplex locks on your computer rooms may also like to get hold of their autumn issue, which contains a lengthy article explaining the limitations of these types of locks.
Disaster Recovery Site loses power Two buildings at Comdisco’s New Jersey site lost commercial electrical power suddenly when water that had flooded a parking lot shorted, out their electrical service. The uninterruptible power supply (UPS) installed in these buildings was able to supply only 30 minutes of battery power before it too failed. Diesel electric power generators had not been installed at the Carlstadt site, even though they have been placed at some other Comdisco locations. The UPS had apparently been installed only to help in switching the electrical supply between the two services that supplied the two buildings. Comdisco management assumed that there was a very low probability of the two electrical services being disrupted at the same time.
3
Computer Fraud & Security Bulletin
Long Island with the air traffic controllers at the three area airports. The latter disruption led eventually to the cancellation or delay of nearly 1200 flights nationally. This last problem reflected a wider concern. The FAA had reported that 114 incidents of this type had occurred in the US during the 12 months ending August 1991. The basic issue reportedly had been identified by the FAA in 1989. But the US General Services Administration, which controls non-military agency use of telecommunication facilities, had blocked efforts to remedy the situation as part of a US Government telecommunication cost containment venture known as FTS2000. Be/den Menkus
Dutch hacker video now out Early in 1991 we reported the penetration of US military computers by Dutch hackers (see May issue of CFS). Those of ,you who are interested in more details may like to get hold of a video advertised in the autumn issue of 2600, the hackers ‘zine. The hacking videoed took place in July 1991, so it is not necessarily the same group responsible for the series of intrusions in late 1990. The tape opens with shots of the Amsterdam site and the hackers in the group. Through a local phone number, they connect into Internet, and use telnet to connect to the Defense Data Network Information Center, where they request any addresses containing the word ‘army’ on the military network. An address is chosen at random, and the hackers try default passwords like ‘guest’, ‘public’ and ‘uucp’. None of these work. The next line of attack is to use ftp (file transfer protocol), and this version contains a common bug which allows the hackers, after issuing three commands, to change their directory to the root directory. At this stage the hackers can read and alter information, but cannot login to the system or run any programs.
01992 Elsevier Science Publishers Ltd
What they then do is simply create another user, ‘dquale’, with blanks for his password. On their second try in the root directory, they modify the passAword file to create another account, ‘toor’, and give it root privileges. They use telnet to login as dquale and issue the su command to change to the identity toor. The change of identity is in the hope that the su command will not check to see if the call was coming from outside, and this proves to be the case. Since they were already logged onto the system, su assumed they were legitimate. The system is now under their control. The final part of the tape demonstrates the use of a password hacking program. Instead of decrypting the passwords in the system, it encrypts the most common passwords, and looks for a match with the existing file. In the example on the tape, many passwords were found this way. 2600 will deliver a copy of the tape for $10 or three blank 120 tapes. Contact: 2600, PO Box 752, Middle Island, NY 11953, USA. Those of you using Simplex locks on your computer rooms may also like to get hold of their autumn issue, which contains a lengthy article explaining the limitations of these types of locks.
Disaster Recovery Site loses power Two buildings at Comdisco’s New Jersey site lost commercial electrical power suddenly when water that had flooded a parking lot shorted, out their electrical service. The uninterruptible power supply (UPS) installed in these buildings was able to supply only 30 minutes of battery power before it too failed. Diesel electric power generators had not been installed at the Carlstadt site, even though they have been placed at some other Comdisco locations. The UPS had apparently been installed only to help in switching the electrical supply between the two services that supplied the two buildings. Comdisco management assumed that there was a very low probability of the two electrical services being disrupted at the same time.
3