Select Page

I would imagine the real golden age was when you needed to be more than just a script kiddie to hack into a network. Back in the day, hacking was one part social engineering, one part software engineering, and one part magic.


—–,aid,106352,00.asp Are We Living in the Golden Age of Hacking?

Recent months have seen an increase in security holes and in new tools used to exploit them, expert warns.

Gretel Johnston, IDG News Service Friday, October 25, 2002

Over the last eight months major new hacker tools have been released or revealed, ending a lull in activity among hackers that followed the September 11 terrorist attacks and the enactment of legislation that enhanced law enforcement’s ability to prosecute people who break code and wreak havoc on networks by exploiting software vulnerabilities, hacking consultant Ed Skoudis said Thursday.

LibRadiate, Paketto Keiretsu, Setiri, and The Defiler’s Toolkit are just some of the newest tools that have cropped up since March and that are keeping security specialists awake at night, according to Skoudis, who gave a threat update briefing at a SANS Institute conference. SANS is a security education and research organization in Bethesda, Maryland.

Skoudis, the vice president of ethical hacking and incident response at consultancy Predictive Systems, in New York, said the June-through-September period saw massive exposures of security vulnerabilities in OpenSSH, Internet Explorer, and Apache Web server software.

“This summer has been a huge summer for hackers. There were huge issues discovered all summer long, and things really opened up between March and now,” Skoudis said. “The Golden Age of Hacking rolls on.” Insecure Networks

One of the latest developments involves the security of wireless LANs and the ease with which people are able to detect them. For one week in early September, amateur wireless LAN sniffers used freeware called NetStumbler to detect hundreds of insecure business and home wireless LANs in North America and Europe in an exercise called a “war drive.”

Skoudis said attackers have “flocked to this area” and are finding that many wireless LANs are set up without basic security. After they detect the wireless LAN, they can use a tool that’s been available since May called LibRadiate, an API that allows developers easily to capture, create, and transmit arbitrary packets on a wireless LAN using the IEEE 802.11b standard. The tool runs on Linux (kernel 2.4) with wireless cards that have the Intersil Prism 2 chipset, Skoudis said.

LibRadiate makes it possible for hackers, using “fairly simple C code,” to capture TCP/IP packets or inject them into a network. Among the wireless attack tools expected to become available for use with LibRadiate, according to Skoudis, are Wired Equivalent Privacy crackers, which exploit flaws in the WEP protocol, allowing a hacker to determine encryption keys even when WEP is in use; and malformed packet generators, which inject strange and noncompliant packets into a network in an attempt to crash systems that cannot handle unusual packet structures.

“With tools like LibRadiate, the computer underground is starting to develop far more sophisticated attack tools than what we have seen in the past,” Skoudis said. TCP/IP Tricks

Another tool released, two weeks ago, is called Paketto Keiretsu, which Skoudis referred to as a suite of tools for doing TCP/IP tricks. One of its most fundamental capabilities involves rapid port scans, which it does by separating the packet sender from the receiver.

Skoudis also described Setiri, a new Trojan horse back door. The tool bypasses personal firewalls, Network Address Translation devices, proxies, and advanced firewalls by starting up an invisible browser on the victim’s PC.

Then Setiri, running on the victim’s system, uses OLE to communicate with the hidden browser. As long as the victimized PC’s browser can access the Internet, Setiri can reach across the network and get the attacker’s commands. The personal firewall, NAT, proxy, and stateful firewall do not know whether the access is caused by a user surfing the Internet or Setiri getting commands.

Setiri, developed by a small group of South African security consultants and demonstrated in August at Def Con, hasn’t been seen in the wild yet, Skoudis said. Nevertheless, he included it in his presentation because its existence has been acknowledged within the security community and writing the code is something a moderately skilled coder could do.

Skoudis said the system strips out information about the user by going through, so blocking access to that site is a way of defending against Setiri. Another solution would require changes in IE that limit the actions of an invisible browser, and Skoudis said Microsoft has publicly said it will address the matter. Hacker’s Toolkit

In the new area of “antiforensics,” hackers have had access to a tool called the Defiler’s Toolkit since July. It’s able in a number of ways to foil the Coroner’s Toolkit, a tool that has been used by computer forensic specialists for several years, Skoudis said. For example, it can destroy or hide the traces of a hack that the Coroner’s Toolkit looks for. The Defiler’s Toolkit targets Linux Ext2fs file system, but Skoudis said the concept could be extended to other platforms.

Commenting on the recent distributed denial of service attack on the Internet that happened Monday, Skoudis said major U.S. law enforcement agencies are investigating, but he didn’t know whether they had developed any theories about where the attack originated.

Alan Paller, director of the SANS Institute, said the attack is being characterized by security professionals as a Smurf attack that could have been much worse if all 13 root servers had been affected.

“Had it knocked out all of them, there’s a reasonable expectation that over a certain amount of time … the way that you use the Internet would have ceased to work,” Paller said.

There’s no easy fix for preventing DOS attacks, and the time is fast approaching when ISPs are not going to allow users on the Internet if they pose a threat to the other users by not meeting a minimum standard of security, Paller added.

“DOS attacks are not going to be solved because we get some new hardware in the system,” Paller said. “You are going to have to re-engineer the whole Internet. That’s going to take close to a decade. While we are doing that, we are going to have to start protecting ourselves from [users who] are not going to be careful.”