-Ian.

—– http://www.pcworld.com/news/article/0,aid,106352,00.asp Are We Living in the Golden Age of Hacking?

Recent months have seen an increase in security holes and in new tools used to exploit them, expert warns.

Gretel Johnston, IDG News Service Friday, October 25, 2002

Over the last eight months major new hacker tools have been released or revealed, ending a lull in activity among hackers that followed the September 11 terrorist attacks and the enactment of legislation that enhanced law enforcement’s ability to prosecute people who break code and wreak havoc on networks by exploiting software vulnerabilities, hacking consultant Ed Skoudis said Thursday.

LibRadiate, Paketto Keiretsu, Setiri, and The Defiler’s Toolkit are just some of the newest tools that have cropped up since March and that are keeping security specialists awake at night, according to Skoudis, who gave a threat update briefing at a SANS Institute conference. SANS is a security education and research organization in Bethesda, Maryland.

Skoudis, the vice president of ethical hacking and incident response at consultancy Predictive Systems, in New York, said the June-through-September period saw massive exposures of security vulnerabilities in OpenSSH, Internet Explorer, and Apache Web server software.

“This summer has been a huge summer for hackers. There were huge issues discovered all summer long, and things really opened up between March and now,” Skoudis said. “The Golden Age of Hacking rolls on.” Insecure Networks

One of the latest developments involves the security of wireless LANs and the ease with which people are able to detect them. For one week in early September, amateur wireless LAN sniffers used freeware called NetStumbler to detect hundreds of insecure business and home wireless LANs in North America and Europe in an exercise called a “war drive.”

Skoudis said attackers have “flocked to this area” and are finding that many wireless LANs are set up without basic security. After they detect the wireless LAN, they can use a tool that’s been available since May called LibRadiate, an API that allows developers easily to capture, create, and transmit arbitrary packets on a wireless LAN using the IEEE 802.11b standard. The tool runs on Linux (kernel 2.4) with wireless cards that have the Intersil Prism 2 chipset, Skoudis said.

LibRadiate makes it possible for hackers, using “fairly simple C code,” to capture TCP/IP packets or inject them into a network. Among the wireless attack tools expected to become available for use with LibRadiate, according to Skoudis, are Wired Equivalent Privacy crackers, which exploit flaws in the WEP protocol, allowing a hacker to determine encryption keys even when WEP is in use; and malformed packet generators, which inject strange and noncompliant packets into a network in an attempt to crash systems that cannot handle unusual packet structures.

“With tools like LibRadiate, the computer underground is starting to develop far more sophisticated attack tools than what we have seen in the past,” Skoudis said. TCP/IP Tricks

Another tool released, two weeks ago, is called Paketto Keiretsu, which Skoudis referred to as a suite of tools for doing TCP/IP tricks. One of its most fundamental capabilities involves rapid port scans, which it does by separating the packet sender from the receiver.

Skoudis also described Setiri, a new Trojan horse back door. The tool bypasses personal firewalls, Network Address Translation devices, proxies, and advanced firewalls by starting up an invisible browser on the victim’s PC.

Then Setiri, running on the victim’s system, uses OLE to communicate with the hidden browser. As long as the victimized PC’s browser can access the Internet, Setiri can reach across the network and get the attacker’s commands. The personal firewall, NAT, proxy, and stateful firewall do not know whether the access is caused by a user surfing the Internet or Setiri getting commands.

Setiri, developed by a small group of South African security consultants and demonstrated in August at Def Con, hasn’t been seen in the wild yet, Skoudis said. Nevertheless, he included it in his presentation because its existence has been acknowledged within the security community and writing the code is something a moderately skilled coder could do.

Skoudis said the system strips out information about the user by going through anonymizer.com, so blocking access to that site is a way of defending against Setiri. Another solution would require changes in IE that limit the actions of an invisible browser, and Skoudis said Microsoft has publicly said it will address the matter. Hacker’s Toolkit

In the new area of “antiforensics,” hackers have had access to a tool called the Defiler’s Toolkit since July. It’s able in a number of ways to foil the Coroner’s Toolkit, a tool that has been used by computer forensic specialists for several years, Skoudis said. For example, it can destroy or hide the traces of a hack that the Coroner’s Toolkit looks for. The Defiler’s Toolkit targets Linux Ext2fs file system, but Skoudis said the concept could be extended to other platforms.

Commenting on the recent distributed denial of service attack on the Internet that happened Monday, Skoudis said major U.S. law enforcement agencies are investigating, but he didn’t know whether they had developed any theories about where the attack originated.

Alan Paller, director of the SANS Institute, said the attack is being characterized by security professionals as a Smurf attack that could have been much worse if all 13 root servers had been affected.

“Had it knocked out all of them, there’s a reasonable expectation that over a certain amount of time … the way that you use the Internet would have ceased to work,” Paller said.

There’s no easy fix for preventing DOS attacks, and the time is fast approaching when ISPs are not going to allow users on the Internet if they pose a threat to the other users by not meeting a minimum standard of security, Paller added.

“DOS attacks are not going to be solved because we get some new hardware in the system,” Paller said. “You are going to have to re-engineer the whole Internet. That’s going to take close to a decade. While we are doing that, we are going to have to start protecting ourselves from [users who] are not going to be careful.”

———–

—— http://www.nationalpost.com/home/story.html?id={08164C9D-5C06-490A-A4C1-ED6E833B9DE4} Sniper a ‘psychopath playing god’ FBI profiling: Killings are like ‘psychological Viagra’ for shooter Jan Cienski, with files from Michael Friscolanti National Post

BETHESDA, MD. – The sniper terrorizing suburban Washington after killing as many as six people with a high-powered rifle in less than a day is likely a stone-cold psychopath who is relishing the “heroin-like high” of deciding who lives and who dies, says a former FBI profiler. Despite a massive law enforcement effort, hundreds of calls to a tip line, aerial searches with helicopters and police pulling over dozens of suspicious vehicles, authorities were still stumped about the identity of the killer or killers. “We’re operating under the pretence that they are still in the area,” said Charles Moose, the Montgomery County Police Chief. Late yesterday afternoon, police got word the sniper may have struck again. A woman loading purchases into her minivan at a mall near Fredericksburg, Va., about 60 kilometres south of the U.S. capital, was shot in the back but survived. The other shootings occurred about 10 km north of Washington. Investigators were being sent from Maryland to see if the cases were related.

Police were also investigating whether the killer or killers had claimed a sixth victim: a 72-year-old man killed by a single shot to the chest Thursday night while standing on a street corner in the District of Columbia, a few blocks from the Maryland state line. Few other clues emerged over the course of the day, but police speculated the shooter is teamed up with a driver, and the two may have been using a white delivery truck, seen by a witness leaving the scene of one of the killings. “You’ve got a driver, you’ve got a shooter,” Chief Moose said.

Although only fragments of bullets were found at the murder scenes, police were fairly certain the killer or killers were using a .223-calibre high-velocity rifle. Each of the victims shot Wednesday and Thursday was killed with a single bullet. “We’re dealing with someone shooting from a distance, someone using a high-velocity round,” Chief Moose told reporters. At a press conference yesterday, police and agents from the federal Bureau of Alcohol, Tobacco and Firearms showed several weapons that could shoot the small-calibre rounds, including a hunting rifle mounted with telescopic sights and a semi-automatic military-style rifle called the Colt AR15, similar to the U.S. Army’s M-16s. Unfortunately for police, such rifles are commonly available throughout the United States, although authorities were checking gun-store records to see whether there have been any recent purchases. The fact all the victims were killed with a single shot, and at least one died from a shot to the head, indicates the killer could have military training, said Clinton Van Zandt, a former profiler for the Federal Bureau of Investigations. “The more evidence we see of a head shot, the more evidence we have of military or paramilitary experience, rather than a hunter who shoots at the broad side of a deer and not the head of a human,” he said. That still does not give police much to go on.

A US$50,000 reward is being offered for information leading to an indictment. Police have received more than 200 telephone tips, many of them about loud noises and bangs that were investigated but turned up no more leads. Faced with the daunting prospect of a killer who may have gunned down his victims from up to 600 metres away, then driven off before anyone noticed, authorities are turning to FBI profilers to try to sketch the kind of personality behind the killing spree. According to Mr. Van Zandt, the statistical likelihood is that the killing has been done by two people, probably young white men. If that is correct, the shooter is the dominant partner in the relationship and the driver is subordinate. “They would feed off each other,” said Mr. Van Zandt, “giving each other high-fives and saying, ‘Wasn’t that a good shot!,’ giving each other emotional fuel.” Jack Levin, director of the Brudnick Centre on Violence & Conflict at Northeastern University at Boston, said the pair likely consider the crimes to be nothing more than “a team sport.” The men are inspired by one another, Mr. Levin said, finding “insanity within the relationship.” “A lot of people will do things with their friends that they wouldn’t dream of doing alone,” he said. “They don’t want to let down their buddy. It’s a sign of loyalty; it’s a common bond.” Mr. Levin, who has written numerous books on murderers, said the men are probably social outcasts who desperately crave the international attention their killing spree has triggered. “They were very likely rejected, had suffered a lot — especially the shooter — and they decided to get even, while at the same time having a good laugh at our expense,” he said. But Mr. Van Zandt says it’s too early to say exactly what set off the killings. “It’s one or two individuals who for whatever reason decided to level the playing field, thumbing their nose at law enforcement and society,” he said. “This is someone who is playing God. He can sit there with a rifle and point it at two or three people say, ‘Click … Click … Bang.’ This is psychological Viagra.” The first shooting happened Wednesday night, when James Martin, 55, was shot while crossing a grocery store parking lot. Forty minutes earlier someone had fired a round through a nearby store window, but no one was hurt. Then the killers “punched out and went to bed and stopped killing,” Mr. Van Zandt said. “That takes it past someone who is angry, frustrated and went out and shot someone and then said, ‘Oh my God, what have I done?’ This is someone much more cold-blooded. “The next day they go back to work like you, and I would go to the office. Their job is shooting people down. This is a stone-cold anti-social personality.” About 13 hours after Mr. Martin died, landscaper James “Sonny” Buchanan, 39, was killed at 7:41 on Thursday morning while cutting grass at a car dealership. Prenkumar Walekar, 54, was shot at about 8:12 a.m., while pumping gas into his cab. About 30 minutes later, Sarah Ramos, 34, died while sitting on a bench outside a Post Office waiting for a ride. In the fifth shooting, Lori Ann Lewis-Rivera, 25, was shot and killed at about 10 a.m. while she vacuumed her van at a gas station. The apparently random shootings set off a panic in the U.S. capital equalled only by the terror instilled by the Sept. 11 attacks. Schools kept students indoors for recess and lunch yesterday and Thursday. Panicky parents refused even to let their children play in the yard. Many businesses noticed a drop off in customers. As a nervous and unarmed security guard stood watch outside a grocery store in Rockville, Md., a passer-by noted, “He’s not going to be much help if there’s a guy with a rifle 500 yards from here.” Despite the panic, Mr. Van Zandt said the crimes were “eminently solvable,” especially if someone who knows the killer or the killer calls police. Once the authorities get close, there is nothing about the crimes to suggest the killers intend to surrender. “I don’t think they will willingly go to jail,” Mr. Van Zandt said.

“If they are able to they will force the police into a confrontation in which they will be killed.” jcienski [at] nationalpost [dot] com

———–