The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Page A
Tags: General, Computers, Business & Economics, Electronic Books, security, Computer Hackers, Computer Security, Computer Networks, Information Management, Data Protection, Social Aspects, Information Technology, Internal Security, Computer Science
Ads: Link
an ID and password, but also provide a guest account. The user is supposed to set his or her own password for the guest account or disable it, but most people don't know about this, or just don't bother. This system was probably just set up and the owner hadn't bothered to disable the guest account.
LINGO PASSWOPRD HASH: A string of gibberish that results from processing a password through a one way encryption process. The process is supposedly irreversible; that is, its believed that it is not possible to reconstruct the password from the hash
Thanks to the guest account, I now had access to one computer, which turned out to be running an older version of the UNIX operating system. Under UNIX, the operating system maintains a password file which con- rains the encrypted passwords of everybody authorized to access that computer. The password file contains the one-way hash (that is, a form of encryption that is irreversible) of every user's password. With a one-way hash an actual password such as, say, "justdoit" would be represented by a hash in encrypted form; in this case the hash would be converted by UNIX to thirteen alphanumeric characters.
When Billy Bob down the hall wants to transfer some files to a computer, he's required to identify himself by providing a username and password. The system program that" checks his authorization encrypts the password he enters, and then compares the result to the encrypted password (the hash) contained in the password file; if the two match, he's given access.
Because the passwords in the file were encrypted, the file itself was made available to any user on the theory that there's no known way to decrypt the passwords. That's a laugh - I downloaded the file, ran a dictionary attack on it (see Chapter 12 for more about this method) and found that one of the engineers on the development team, a guy named Steven Cramer, currently had an account on the computer with the password "Janice." Just on the chance, I tried entering his account with that password on one of the development servers; if it had worked, it would have saved me some time and a little risk. It didn't.
That meant I'd have to trick the guy into telling me his username and password. For that, I'd wait until the weekend. 70 You already know the rest. On Saturday I called Cramer and walked him through a ruse about a worm and the servers having to be restored from backup to overcome his suspicions.
What about the story I told him, the one about listing a password when he filled out his employee papers? I was counting on him not remembering that had never happened. A new employee fills out so many forms that, years later, who would remember? And anyway, if I had struck out with him, I still had that long list of other names.
With his username and password, I got into the server, fished around for a little while, and then located the design files for the STH-100. I wasn't exactly sure which ones were key, so I just transferred all the files to a dead drop, a free FTP site in China, where they could be stored without anybody getting suspicious. Let the client sort through the junk and find what he wants. LINGO DEAD DROP A place for leaving information where it is unlikely to be found by others. In the world of traditional spies, this might be behind a loose stone in a wall; in the world of the computer hacker, it's commonly an Internet site in a remote country.
Analyzing the Con For the man we're calling Craig Cogburne, or anyone like him equally skilled in the larcenous-but-not-always-illegal arts of social engineering, the challenge presented here was almost routine. His goal was to locate and download files stored on a secure corporate computer, protected by a firewall and all the usual security technologies.
Most of his work was as easy as catching rainwater in a barrel. He began by posing as somebody from the mail room and furnished an added sense of urgency by claiming there was a FedEx package waiting to
LINGO PASSWOPRD HASH: A string of gibberish that results from processing a password through a one way encryption process. The process is supposedly irreversible; that is, its believed that it is not possible to reconstruct the password from the hash
Thanks to the guest account, I now had access to one computer, which turned out to be running an older version of the UNIX operating system. Under UNIX, the operating system maintains a password file which con- rains the encrypted passwords of everybody authorized to access that computer. The password file contains the one-way hash (that is, a form of encryption that is irreversible) of every user's password. With a one-way hash an actual password such as, say, "justdoit" would be represented by a hash in encrypted form; in this case the hash would be converted by UNIX to thirteen alphanumeric characters.
When Billy Bob down the hall wants to transfer some files to a computer, he's required to identify himself by providing a username and password. The system program that" checks his authorization encrypts the password he enters, and then compares the result to the encrypted password (the hash) contained in the password file; if the two match, he's given access.
Because the passwords in the file were encrypted, the file itself was made available to any user on the theory that there's no known way to decrypt the passwords. That's a laugh - I downloaded the file, ran a dictionary attack on it (see Chapter 12 for more about this method) and found that one of the engineers on the development team, a guy named Steven Cramer, currently had an account on the computer with the password "Janice." Just on the chance, I tried entering his account with that password on one of the development servers; if it had worked, it would have saved me some time and a little risk. It didn't.
That meant I'd have to trick the guy into telling me his username and password. For that, I'd wait until the weekend. 70 You already know the rest. On Saturday I called Cramer and walked him through a ruse about a worm and the servers having to be restored from backup to overcome his suspicions.
What about the story I told him, the one about listing a password when he filled out his employee papers? I was counting on him not remembering that had never happened. A new employee fills out so many forms that, years later, who would remember? And anyway, if I had struck out with him, I still had that long list of other names.
With his username and password, I got into the server, fished around for a little while, and then located the design files for the STH-100. I wasn't exactly sure which ones were key, so I just transferred all the files to a dead drop, a free FTP site in China, where they could be stored without anybody getting suspicious. Let the client sort through the junk and find what he wants. LINGO DEAD DROP A place for leaving information where it is unlikely to be found by others. In the world of traditional spies, this might be behind a loose stone in a wall; in the world of the computer hacker, it's commonly an Internet site in a remote country.
Analyzing the Con For the man we're calling Craig Cogburne, or anyone like him equally skilled in the larcenous-but-not-always-illegal arts of social engineering, the challenge presented here was almost routine. His goal was to locate and download files stored on a secure corporate computer, protected by a firewall and all the usual security technologies.
Most of his work was as easy as catching rainwater in a barrel. He began by posing as somebody from the mail room and furnished an added sense of urgency by claiming there was a FedEx package waiting to
Similar Books
