OWNED: Why hacking continues to be a problem
()
About this ebook
Unlike what most people are led to believe, the hacking problem is not just about hackers and security vulnerabilities. Get an insider’s perspective on computer security and hacking, to learn some of the hidden reasons why hackers have an advantage over their security counterparts. Can the world ever be free of hackers given today’s technology? The answer to this question may surprise you.
Related to OWNED
Related ebooks
PC Safety 101 Rating: 0 out of 5 stars0 ratingsPerl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring Rating: 0 out of 5 stars0 ratingsSecurity and Privacy in the Internet of Things: & Dark-web Investigation Rating: 0 out of 5 stars0 ratingsDigital Cop: A Digital Cop's Guide to Cyber Security Rating: 0 out of 5 stars0 ratingsBreaking Computer Network with Internet Rating: 0 out of 5 stars0 ratingsRansomware Revealed: A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks Rating: 0 out of 5 stars0 ratingsOnline Hacker Survival Guide Rating: 0 out of 5 stars0 ratingsSoftware Security For You Rating: 0 out of 5 stars0 ratingsSeven Deadliest Unified Communications Attacks Rating: 0 out of 5 stars0 ratingsCompsec: For the Home User Rating: 0 out of 5 stars0 ratingsMaking Passwords Secure Rating: 0 out of 5 stars0 ratingsTor and the Deep Web Rating: 0 out of 5 stars0 ratingsCompTIA Security+: Securing Networks Rating: 0 out of 5 stars0 ratingsBreaking Ransomware: Explore ways to find and exploit flaws in a ransomware attack (English Edition) Rating: 0 out of 5 stars0 ratingsPHP Security and Session Management: Managing Sessions and Ensuring PHP Security (2022 Guide for Beginners) Rating: 3 out of 5 stars3/5vSphere Virtual Machine Management Rating: 0 out of 5 stars0 ratingsCloud Computing… Commoditizing It: The Imperative Venture for Every Enterprise Rating: 0 out of 5 stars0 ratingsMicrosoft DirectAccess Best Practices and Troubleshooting Rating: 5 out of 5 stars5/5The Best Damn Exchange, SQL and IIS Book Period Rating: 0 out of 5 stars0 ratingsEthereum Bible Rating: 0 out of 5 stars0 ratingsSecuring Citrix XenApp Server in the Enterprise Rating: 0 out of 5 stars0 ratingsMy Conversations With God AI Rating: 0 out of 5 stars0 ratingsSeven Deadliest Microsoft Attacks Rating: 0 out of 5 stars0 ratingsCEH v9: Certified Ethical Hacker Version 9 Practice Tests Rating: 0 out of 5 stars0 ratingsPayment Services Hub A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsQuick Guide for Obtaining Free Remote Desktop Protocol (RDP) Services Rating: 0 out of 5 stars0 ratingsDeploying Citrix MetaFrame Presentation Server 3.0 with Windows Server 2003 Terminal Services Rating: 0 out of 5 stars0 ratingsSome Tutorials in Computer Networking Hacking Rating: 0 out of 5 stars0 ratingsHackproofing Your Wireless Network Rating: 0 out of 5 stars0 ratingsHack Attack Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsTor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Destination CISSP Rating: 3 out of 5 stars3/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a GOD: Master the secrets of hacking through real-life hacking scenarios Rating: 4 out of 5 stars4/5Codes and Ciphers Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Real-World Cryptography Rating: 4 out of 5 stars4/5
Reviews for OWNED
0 ratings0 reviews
Book preview
OWNED - Mister Reiner
OWNED: WHY HACKING CONTINUES TO BE A PROBLEM
by
Mister Reiner
SMASHWORDS EDITION
1.00
* * * * *
PUBLISHED BY:
Mister Reiner at Smashwords
OWNED: Why hacking continues to be a problem
Copyright © 2010 by Mister Reiner
All rights reserved. Prior written consent must be obtained from the publisher of this book in order to use or reproduce any portion of this book.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each person. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com and purchase your own copy. Thank you for respecting the hard work of this author.
* * * * *
Table of Contents
CHAPTER 1: Introduction
CHAPTER 2: The Standard Security Template
CHAPTER 3: Let’s talk a bit about Chapter 2
CHAPTER 4: Hacking 101 – An Introduction
CHAPTER 5: Hacking 201 – Getting more technical
CHAPTER 6: The Hacker’s Edge
CHAPTER 7: Know Thy Enemy
CHAPTER 8: Advanced Recon
CHAPTER 9: Smart Trojans and Sleepers
CHAPTER 10: Intrusion Detection - Do you see what I see?
CHAPTER 11: Final Words
* * * * *
CHAPTER 1
Introduction
Despite all the money, time and effort spent on computer security these days, hackers continue to be a scourge on society. Stories about stolen credit card numbers, identify theft, industrial espionage, and unauthorized access into financial, government and military networks, quickly turn into major news across the planet.
One would think that the computer industry, after more than 15 years of developing computer security products, would have figured out how to stop hackers in their tracks. Unfortunately, this is not the case.
Unlike what most people are led to believe, the hacking problem is not just about hackers and those security vulnerabilities
which are constantly being announced by computer vendors. What I and many computer security professionals know, is that there are serious shortcomings in computing and security technologies, and in the people who develop, implement and use the technology, thus making it possible for hackers to break into what are perceived to be secure
networks and computers.
If you are skeptical at this point, I do not blame you. Until I came across my first professional hacker, I was convinced that the hundreds of thousands of dollars worth of computer security technology that the company I worked for purchased, actually worked. Like many companies, our management bought into the glossy product marketing brochures and slick presentations made by computer security salespeople, and believed that our computers would be safe. I was sold on the technology as well, until an incident occurred that changed my mind about how well our computers were actually protected against hackers.
In 2001, I managed a department responsible for overseeing computer security for a large organization. The organization had more than 10,000 computers, spread across nine locations, spanning three time zones. Our two main responsibilities were to notify system administrators about new security patches and to make sure everyone addressed security vulnerabilities detected by the vulnerability scanner.
One Monday after lunch, a local system administrator came to me with a problem. While he was logged into one of the severs at a remote data center, something briefly flashed across the screen that led him to believe that his server was hacked. Since my department was not responsible for computer incident response (investigating potential unauthorized access), I directed him across the hall to the department that was responsible for dealing with such matters. He came back a few hours later with a blank look on his face.
So what did they say?
I asked.
They don’t see anything,
he said disappointingly.
They don’t see anything?
All the patches are applied, the anti-virus is up-to-date, there is nothing unusual running on the box and there is nothing in the logs files. They don’t see anything in the network intrusion detection logs either.
Are they sure?
I questioned in disbelief. Is that it?
That’s it,
he said. He shrugged his shoulders and walked away.
I went home that night quite unconvinced that nothing was wrong. After dinner, I started doing research on the Internet about what the troubled local system administrator said he saw flash across the screen. I wanted to figure out if I could prove that the server indeed was hacked. A few hours later, I stumbled across something that caught my attention. I drove back to the office and called the data center manager where the server was located. I asked her to search the file system for a file containing a certain keyword - and sure enough, a file was found containing that keyword.
At 11:00pm that night, I called in my boss, who called in his boss, who called in the head of our division.
The server is hacked,
I told them. The guys across the hall don’t think so, but I can assure you it’s hacked.
Okay,
the division head said. Do you know how they broke into the server?
Well, no - but if you give me a few days, I can prove it.
Alright then, you have a few days to prove it.
Over the next three days, I worked around the clock to prove that the server was hacked. Using some in-house written applications, I started analyzing the server network activity logs back through time. In the process, I found indications that two desktops were also hacked. I still did not know how any of the three computers were hacked, but I was determined to figure out how the hacker was able to get into these systems.
On Thursday night at 9:00pm, I stumbled upon an important clue that led me to what I needed to prove that the systems were hacked. An email was sent to both users of the hacked desktops and the network activity showed that some time thereafter, both computers uploaded information to some obscure looking Website that neither user would ever visit. The hacked server was initiating communication to this Website as well. A few phone calls and an hour later, I had a copy of the email.
Before inspecting the email, I transferred it to a spare computer. I then proceeded to open the email and figure out how it worked. The email contained an attachment, which contained some cryptic looking programming instructions including some type of weird decoding sequence. I got the instructions to run, but then it just stopped after a few seconds and did not seem to actually do anything.
At 4:00am on Friday morning, my boss, the computer incident response department head and our data center manager were looking over my shoulder as I was tinkering with the instructions.
I think you’re just imagining all of this,
our data center manager said. I think what you’re looking at doesn’t contain any malicious code and we’re all just standing around here wasting our time.
I was furious. At that point, the thought of just giving up crossed my mind.
My boss pulled me aside and said, I believe you. You just have to prove it. I know you can do this.
I was incredibly tired, my nerves were on edge and I couldn’t focus my attention. I was so close to figuring things out and yet so far. Extremely frustrated, I walked back to my desk and sat down. I put on the headphones that were plugged into my computer, cranked up the volume on the techno music CD that was playing, leaned back in the seat and closed my eyes. After a few minutes, with the music pulsating in my ears, an idea came to mind.
I opened the attachment, modified the instructions to skip the decoding sequence and restarted the instructions. To everyone’s astonishment, the attachment proceeded to hack the computer and transmit information out of the network.
After receiving a congratulatory handshake from my boss, I went home to sleep. By the time I returned to the office a few hours later, others had already confirmed that the server and both desktops were indeed hacked.
During the days following the incident, I began to piece together how and why the hacker was able to bypass all the security measures. In the process, it dawned on me that I really did not know as much as I thought I did about computer security and hacking. After that realization, I became obsessed with understanding everything I could about how and why hackers are able to break into secured
computers and remain undetected.
Since that incident, I have been doing extensive research on computer and network forensics, studying security vulnerabilities and hacker exploits, scrutinizing security products, performing risk assessments, and analyzing stories about hackers in the media. This book is the accumulation of the knowledge I have gained in my quest to fully understand computer security and hacking.
What I know now, is that it is not possible to keep someone who is determined to break into a computer from breaking into a computer. The old adage, If people really want to steal your car, they are going to steal your car – no matter what you do,
also applies to breaking into computers. Though it is possible to install all types of security hardware and software, these security measures may only slow hackers down – not necessarily stop them. Ask computer security professionals and