lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 25 May 2007 09:37:59 -0400
From: <auto294156@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: PHRACK 64: THE UNDERGROUND SCENE

              _                                                _
            _/B\_                                            _/W\_
            (* *)             Phrack #64 file 4              (* *)
            | - |                                            | - |
            |   |  A brief history of the Underground scene  |   |
            |   |                                            |   |
            |   |        By The Circle of Lost Hackers       |   |
            |   |                                            |   |
            |   |              Duvel@...ack.org              |   |
            (____________________________________________________)  
                         


--[ Contents

1. Introduction
2. The security paradox
3. Past and present Underground scene
	3.1. A lack of culture and respect for ancient hackers
	3.2. A brief history of Phrack
	3.3. The current zombie scene
4. Are security experts better than hackers?
	4.1. The beautiful world of corporate security
	4.2. The in-depth knowledge of security conferences
5. Phrack and the axis of counter attacks
	5.1. Old idea, good idea
	5.2. Improving your hacking skills
	5.3. The Underground yellow pages
	5.4. The axis of knowledge
		5.4.1. New Technologies
		5.4.2. Hidden and private networks
		5.4.3. Information warfare
		5.4.4. Spying System
6. Conclusion


--[ 1. Introduction

"It's been a long long time,
I kept this message for you, Underground
But it seems I was never on time
Still I wanna get through to you, Underground..."

    I am sure most of you know and love this song (Stir it Up). 
After all,
who doesn't like a Bob Marley song? The lyrics of this song fit 
very well
with my feeling : I was never on time but now I'm ready to deliver 
you
the message.

    So what is this article about? I could write another technical 
article
about an eleet technique to bypass a buffer overflow protection, 
how to
inject my magical module in the kernel, how to reverse like an 
eleet or
even how to make a shellcode for a not-so-famous OS. But I won't. 
There
are some other people who can do it much better than I could. 

    But it is the reason not to write a technical article. The 
purpose of 
this article is to launch an SOS. An SOS to the scene, to everyone, 
to all 
the hackers in the world. To make all the next releases of Phrack 
better 
than ever before. And for this I don't need a technical article. I 
need 
what I would call Spirit.

    Do you know what I mean by the word spirit?


--[ 2. The security paradox.

    There is something strange, really strange. I always compare the
security world with the drug world. Take the drugs world, on the 
one side
you have all the "bad" guys: cartels, dealers, retailers, users... 
On
the other side, you have all the "good" guys: cops, DEA, 
pharmaceutical
groups creating medicines against drugs, president of the USA 
asking for
more budget to counter drugs... The main speech of all these good 
guys
is : "we have to eradicate drugs!". Well, why not. Most of us agree.

    But if there is no more drugs in the world, I guess that a big 
part
of the world economy would fall. Small dealers wouldn't have the 
money to
buy food, pharmaceutical groups would loose a big part of their 
business,
DEA and similar agencies wouldn't have any reason to exist. All the
drugs centers could be closed, banks would loose money coming from 
the
drugs market. If you take all thoses things into consideration, do
you think that governments would want to eradicate drugs? Asking the
question is probably answering it.

    Now lets move on to the security world.

    On the one side you have a lot of companies, conferences,
open source security developers, computer crime units... On the
other side you have hackers, script kiddies, phreackers.... Should
I explain this again or can I directly ask the question? Do you 
really
think that security companies want to eradicate hackers?

    To show you how these two worlds are similar, lets look at 
another
example. Sometimes, you hear about the cops arrested a dealer, 
maybe a
big dealer. Or even an entire cartel. "Yeah, look ! We have 
arrested a
big dealer ! We are going to eradicate all the drugs in the 
world!!!". And
sometimes, you see a news like "CCU arrests Mafiaboy, one of the 
best
hacker in the world". Computer crime units and DEA need publicity - 
they 
arrest someone and say that this guy is a terrorist. That's the 
best way 
to ask for more money. But they will rarely arrest one of the best 
hackers 
in the world. Two reasons. First, they don't have the intention 
(and if 
they would, it's probably to hire him rather than arrest him). 
Secondly, 
most of the Computer Crime Units don't have the knowledge required.

    This is really a shame, nobody is honest. Our governments claim 
that
they want to eradicate hackers and drugs, but they know if there 
were
no more hackers or drugs a big part of the world economy could 
fall. It's
again exactly the same thing with wars. All our presidents claim 
that we
need peace in the world, again most of us agree. But if there are 
no more
wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS, 
SAIC...
will loose a huge part of their markets and so banks wouldn't have
the money generated by the wars.

    The paradox relies in the perpetual assumption that threat is
generated from abuses where in fact it might comes from inproper 
technological design or money driven technological improvement 
where the 
last element shadows the first. And when someone that is dedicated 
enough 
digs it, we have a snowball effect, thus every fish in the pound at 
one 
time or an other become a part of it.

   And as you can see, this paradox is not exclusive to the security
industry/underground or even the computer world, it could be 
considered
as the gold idol paradox but we do not want to get there.

    In conclusion, the security world need a reason to justify its
business. This reason is the presence of hackers or a threat 
(whatever 
hacker means), the presence of an hackers scene and in more general 
terms 
the presence of the Underground.

    We don't need them to exist, we exist because we like learning,
learning what we are not supposed to learn. But they give us 
another good
reason to exist. So if we are "forced" to exist, we should exist in
the good way. We should be well organized with a spirit that 
reflect our
philosophy. Unfortunately, this spirit which used to characterized 
us is 
long gone...


--[ 3. Past and Present Underground scene

    The "scene", this is a beautiful word. I am currently in a 
country
very far away from all of your countries, but it is still an
industrialized country. After spending some months in this country, 
I found
some old-school hackers. When I asked them how the scene was in 
their 
country, they always answered the same thing: "like everywhere, 
dying". It's 
a shame, really a shame. The security world is getting larger and 
larger and 
the Underground scene is dying.

    I am not an old school hacker. I don't have the pretension to 
claim
it I would rather say that I have some old-school tricks or maybe 
that my
mind is old-school oriented, but that's all. I started to enjoy the
hacking life more or less 10 years ago. And the scene was already 
dying.

    When I started hacking, like a lot of people, I have read all 
the past
issues of Phrack. And I really enjoyed the experience. Nowadays,
I'm pretty sure that new hackers don't read old Phrack articles 
anymore. 
Because they are lazy, because they can find information elsewhere, 
because they think old Phracks are outdated... But reading old 
Phracks is 
not only to acquire knowledge, it's also to acquire the hacking 
spirit.


----[ 3.1 A lack of culture and respect for ancient hackers

    How many new hackers know the hackers history? A simple example 
is the
Securityfocus. I'm sure a lot of you consult its vulnerabilities
database or some mailing list. Maybe some of you know Kevin Poulsen 
who
worked for Securityfocus for some years and now for Wired. But how 
many of
you know his history? How many knew that at the beginning of the 
80's he
was arrested for the first time for breaking into ARPANET? And that 
he
was arrested a lot more times after that as well. Probably not a lot
(what's ARPANET after all...).

    It's exactly the same kind of story with the most famous hacker 
in
the world: Kevin Mitnick. This guy really was amazing and I have a
total respect for what he did. I don't want to argue about his 
present
activity, it's his choice and we have to respect it.  But nowadays,
when new hackers talk about Kevin Mitnick, one of the first things I
hear is : "Kevin is lame. Look, we have defaced his website, we are 
much
better than him". This is completely stupid. They have probably 
found a
stupid web bug to deface his website and they probably found the 
way to
exploit the vulnerability in a book like Hacking Web Exposed. And 
after
reading this book and defacing Kevin's website, they claim that 
Kevin
is lame and that they are the best hackers in the world... Where 
are we
going? If these hackers could do a third of what Kevin did, they 
would
be considered heroes in the Underground community.

    Another part of the hacking culture is what some people name 
"The
Great Hackers War" or simply "Hackers War". It happened 15 years ago
between probably the two most famous (best?) hackers group which had
ever existed: The Legion of Doom and Master of Deception. Despite 
that
this chapter of the hacking history is amazing (google it), what I
wonder is how many hackers from the new generation know that famous
hackers like Erik Bloodaxe or The Mentor were part of these groups.
Probably not a lot. These groups were mainly composed of skilled and
talented hackers/phreackers. And they were our predecessor. You can 
still
find their profiles in past issues of Phrack. It's still a nice 
read.

    Let's go for another example. Who knows Craig Neidorf? Nobody? 
Maybe
Knight Lightning sounds more familiar for you... He was the first 
editor
in chief of Phrack with Taran King, Taran King who called him his
"right hand man". With Taran King and him, we had a lot of good 
articles,
spirit oriented. So spirit oriented that one article almost sent him
to jail for disclosing a confidential document from Bell South. 
Fortunately, he didn't go in jail thanks to the Electronic Frontier 
Foundation who preached him. Craig wrote for the first time in 
Phrack 
issue 1 and for the last time in Phrack issue 40. He is simply the 
best
contributor that Phrack has ever had, more than 100 contributions. 
Not 
interesting? This is part of the hacking culture.

    More recently, in the 90's, an excellent "magazine" (it was 
more a
collection of articles) called F.U.C.K. (Fucked Up College Kids) was
made by a hacker named Jericho... Maybe some new hackers know 
Jericho for 
his work on Attrition.org (that's not sure...), but have you 
already taken
time to check Attrition website and consult all the good work that 
Jericho
and friends do? Did you know that Jericho wrote excellent Phrack 
World
News under the name Disorder 10 years ago (and trust me his news 
were 
great) ? Stop thinking that Attrition.org is only an old dead 
mirror of 
web site defacements, it's much more and it's spirit oriented.

    Go ask Stephen Hawking if knowing the scientific story is not
important to understand the scientific way/spirit... Do you think 
that 
Stephen doesn't know the story of Aristotle, Galileo, Newton or 
Einstein ?

    To help wannabe hackers, I suggest that they read "The Complete
History of Hacking" or "A History of Computer Hacking" which are 
very 
interesting for a first dive in the hacking history and that can 
easily be 
found with your favorite search engine.

    Another good reading is the interview of Erik Bloodaxe in 1994
(http://www.eff.org/Net_culture/Hackers/bloodaxe-
goggans_94.interview)
where Erik said something really interesting about Phrack:

"I, being so ridiculously nostalgic and sentimental, didn't want to 
see
it (phrack) just stop, even though a lot of people always complain 
about
the content and say, "Oh, Phrack is lame and this issue didn't have 
enough
info, or Phrack was great this month, but it really sucked last 
month."
You know, that type of thing. Even though some people didn't always
agree with it and some people had different viewpoints on it, I 
really
thought someone needed to continue it and so I kind of volunteered 
for
it."

    It's still true...


----[ 3.2 A brief history of Phrack

    Let's go for a short hacking history course and let's take a 
look at
old Phracks where people talked about the scene and what hacking is.


Phrack 41, article 1:
---------------------

"The type of public service that I think hackers provide is not 
showing
security holes to whomever has denied their existence, but to merely
embarrass the hell out of those so-called computer security experts
and other purveyors of snake oil."

    This is true, completely true. This is closely related to what 
I said
before. If there are no hackers, there are no security experts. They
need us. And we need them. (We are family)



Phrack 48, article 2:
---------------------

    At the end of this article, there is the last editorial of Erik
Bloodaxe. This editorial is excellent, everyone should read it. I 
will
just reproduce some parts here:

"... The hacking subculture has become a mockery of its past self.
People might argue that the community has "evolved" or "grown" 
somehow,
but that is utter crap.  The community has degenerated.  It has 
become a
media-fueled farce.  The act of intellectual discovery that hacking 
once
represented has now been replaced by one of greed, self-
aggrandization
and misplaced post-adolescent angst... If I were to judge the 
health of
the community by the turnout of this conference, my prognosis would 
be 
"terminally ill."..."

    And this was in 1996. If we ask to Erik Bloodaxe now what he 
thinks
about the current scene, I'm pretty sure he would say something
like: "irretrievable" or "the hacking scene has reached a point of 
no
return".

"...There were hundreds of different types of systems, hundreds
of different networks, and everyone was starting from ground zero.
There were no public means of access; there were no books in stores 
or
library shelves espousing arcane command syntaxes; there were no 
classes
available to the layperson. ..."

    Have you ever heard of a "hackademy"? Nowadays, if you want to 
be a
hacker it's really easy. Just go to a hacker school and they will 
teach
you some of the more eleet tricks in the world. That's the new 
hacker way.

"Hacking is not about crime. You don't need to be a criminal to be
a hacker. Hanging out with hackers doesn't make you a hacker any 
more
than hanging out in a hospital makes you a doctor. Wearing the t-
shirt
doesn't increase your intelligence or social standing. Being cool 
doesn't
mean treating everyone like shit, or pretending that you know more 
than
everyone around you."

    So what is hacking? My point of view is that hacking is a 
philosophy,
a philosophy of life that you can apply not only to computers but to
a lot of things. Hacking is learning, learning computers, networks,
cryptology, telephone systems, spying system and agencies, radio, 
what
our governments hide... Actually all non-conventional subjects or 
what
could also be called a third eye view of the context.

"There are a bunch of us who have reached the conclusion that the 
"scene"
is not worth supporting; that the cons are not worth attending; 
that the
new influx of would-be hackers is not worth mentoring. Maybe a lot 
of us
have finally grown up."

    Here's my answer to Erik 10 years later: "No Eric, you hadn't 
finally
grown up, you were right." Erik already sent an SOS 10 years ago and
nobody heard it.


Phrack 50, article 1:
---------------------

"It seems, in recent months, the mass media has finally caught onto
what we have known all along, computer security _IS_ in fact 
important.
Barely a week goes by that a new vulnerability of some sort doesn't 
pop up
on CNN. But the one thing people still don't seem to fathom is that 
_WE_
are the ones that care about security the most...  We aren't the 
ones that
the corporations and governments should worry about...	We are not
the enemy."

    No, we are not the enemy. But a lot of people claim that we are 
and
some people even sell books with titles like "Know your enemy". It's
probably one of the best ways to be hated by a lot of hackers. 
Don't be
surprised if there are some groups like PHC appearing after that.


Phrack 55, article 1:
---------------------

    Here I will show you the arrogance of the not-so-far past 
editor,
answering some comments:

"...Yeah, yeah, Phrack is still active you may say. Well let me tell
you something.	Phrack is not what it used to be. The people who make
Phrack are not Knight Lightning and Taran King, from those old BBS
days. They are people like you and me, not very different, that took
on themselves a job that it is obvious that is too big for them. Too
big? hell, HUGE. Phrack is not what it used to be anymore. Just try
reading, let's say, Phrack 24, and Phrack 54..."

    And the editor replied (maybe Route):

"bjx of "PURSUiT" trying to justify his `old-school` ezine.  bjx 
wrote
a riveting piece on "Installing Slackware" article.  Fear and 
respect
the lower case "i"".

    This is a perfect example of how the Underground scene has 
grown up in
the last few years. We can interpret editor's answer like "I'm 
writing
some eleet articles and not you, so I don't have to take into 
consideration your point of view". But it was a really pertinent 
remark.


Phrack 56, article 1:
------------------------------

    Here is another excellent example to show you the arrogance of 
the
Underground scene. Again, it's an answer to a comment from someone:

"...IMHO it hasn't improved. Sure, some technical aspects of the
magazine have improved, but it's mostly a dry technical journal 
these
days.  The personality that used to characterize Phrack is pretty 
much
non-existant, and the editorial style has shifted towards one of `I 
know
more about buffer overflows than you` arrogance. Take a look at the 
Phrack
Loopback responses during the first 10 years to the recent ones. A 
much
higher percentage of responses are along the lines of `you're an 
idiot,
we at Phrack Staff are much smarter than you.`..."

    And the reply:

" - Trepidity <delirium4u@...offspring.net> apparently still bitter 
at
not being chosen as Mrs. Phrack 2000."

    IMHO, Trepidity's remark was probably the best remark for a 
long long
time.

    Let's stop this little history course. I have showed you that 
I'm
not alone in my reflection and that there is something wrong with 
the
current disfunctional scene. Some people already thought this 10 
years ago
and I know that a lot of people are currently thinking exactly the 
same
thing. The scene is dying and its spirit is flying away.

    I'm not Erik Bloodaxe, I'm not Voyager or even Taran King ... 
I'm
just me. But I would like to do something like 15 years ago, when 
the
word hacking was still used in the noble sense. When the spirit was 
still
there. We all need to react together or the beast will eat whats 
left
of the spirit.


----[ 3.3 The current zombie scene

    "A dead scene whose body has been re-animated but whose the 
spirit
is lacking".

    I'm not really aware of every 'groups' in the world. Some 
people are
much more connected than me. And to be honest, I knew the scene 
better 5
years ago than I do now. But I will try to give you a snapshot of 
what
the current scene is. Forgive me in advance for the groups that I 
will
forget, it's really difficult to have an accurate snapshot. The 
best way
to have a snapshot of the current scene is probably to use an 
algorithm
like HITS which allow to detect a web community. But unfortunately 
I don't
have time to implement it.

    So the current scene for me is like a pyramid and it's organized
like secret societies. I would like to split hackers groups in 3
categories. In order to not give stupid names to these groups I 
will call 
them layer 1 group, layer 2 group and layer 3 group. In the layer 
1, 5 
years ago, you had some really "famous" groups which were, I think, 
composed of talented people. I will split this layer into two 
categories: 
front-end groups and back-end groups. Some of the groups I called 
front-end are: TESO, THC, w00w00, Phenoelit or Hert. Back-end 
groups 
include ADM, Synnergy, ElectronicSouls or Devhell. And you also 
have PHC 
that you can include in both categories (you know guys you have 
your 
entry in Wikipedia!). And at the top of that (but mainly at the top 
of 
PHC) you had obscure/eleet groups like AB.

   In the layer 2, I would like to include a lot of groups of less
scale but I think which are trying to do good stuff. Generally, 
these 
groups have no communication with layer 1 groups. These groups are: 
Toxyn,
Blackhat.be, Netric, Felinemenace, S0ftpj (nice mag), Nettwerked 
(congratulation for the skulls image guys!), Moloch, PacketWars, 
Eleventh Alliance, Progenic, HackCanada, Blacksecurity, Blackclowns 
or 
Aestetix. You can still split these groups into two categories, 
front-end 
and back-end. Back-end are Toxyn, Blackat.be or blacksecurity, 
others 
probably front-end.

    Beside these groups, you have a lot of wannabe groups that I'd 
like to
include in layer 3, composed of new generation of hackers. Some of 
these
groups are probably good and I'm sure that some have the good 
hacking
spirit, but generally these groups are composed of hackers who 
learned 
hacking in a school or by reading hackers magazine that they find 
in 
library. When you see a hacker arrested in a media, he generally 
comes 
from one of these unknown groups. 20 years ago, cops arrested 
hackers 
like Kevin Mitnick (The Condor), Nahshon Even-Chaim (Phoenix, The 
Realm), 
Mark Abene (Phiber Optik, Legion of Doom) or John Lee (Corrupt, 
Master 
of Deception), now they arrest Mafia Boy for a DDOS...

    There are also some (dead) old school groups like cDc, Lopht or
rhino9, independent skilled guys like Michal Zalewski or Silvio 
Cesare, 
research groups like Lsd-pl and Darklab and obscure people like 
GOBBLES, 
N3td3v or Fluffy Bunny :-) And of course, I don't forget people who 
are 
not affiliated to any groups.

    You can also find some central resources for hackers or 
phreackers
like Packetstorm or Phreak.org, and magazine oriented resources like
Pull the Plug or Uninformed.

    In this wonderful world, you can find some self proclaimed eleet
mailing list like ODD.

    We can represent all these groups in a pyramid. Of course, this
pyramid is not perfect. So don't blame me if you think that your 
groups
is not in the good category, it's just a try.


		       The Underground Pyramid
				 _
				/ \
			       /   \
			      /     \
			     /	     \
			    /	      \     <-- More eleet hackers in
			   /           \	the world. Are we arrogant?
			  /    -PHC-	\
			 /        	 \
			/		  \
		       /		   \
		      /_____________________\
		     /			     \	<-- skilled hackers
		    /  Fluffy Bunny, GOBBLES  \     hacking mainly 
		   /___________________________\    for fun
		  /	|	|	  |	\
		 / !dSR	| TESO	| ADM	  | cDc  \  <-- Generally
		/  EL8	| THC	| Synnergy| Lopht \	excellent skills 
	       /   h0no | WOOWOO| Devhell | rhino9 \	some groups have
	      /    ...	| ...	| ...	  | ....    \	the good spirit
	     /_______________________________________\
	    /			|		      \
	   /	|     HackCanada       		       \  <-- good skills,
	  /	|     Felinemenace	                \     some are
	 /	|     Netric		                 \    very
	/	 ...		|     ...		  \   original
       /___________________________________________________\
      /							    \
     /         Blacksecurity, Blackhat.be, Toxyn             \ <-- 
newbies
    /_________________________________________________________\
   /							       \ <-- info
  / Resources: 2600,Phrack, PacketStorm, Phreak.org, Uniformed, \   
 for
 /				PTP, ...			 \   all
/_________________________________________________________________\


    All of these people make up the current scene. It's a big 
mixture
between white/gray/black hats, where some people are white hat in 
the day
and black hat at night (and vice-versa). Sometimes there are 
communication
between them, sometimes not. I also have to say that it's generally 
the
people from layer 1 groups who give talks to security conferences 
around
the world...

    It's really a shame that PHC is probably the best ambassador of 
the
hacking spirit. Their initiative was great and really interesting.
Moreover they are quite funny. But IMHO, they are probably a little 
too
arrogant to be considered like an old spirit group.

    Actually, the bad thing is that all these people are more or 
less
separate and everyone is fighting everyone else. You can even find 
some
hackers hacking other hackers! Where is the scene going? Even if 
you are
technically very good, do you have to say to everyone that you are
the best one and naming others as lamerz? The new hacker generation 
will never understand the hacking spirit with this mentality.

    Moreover the majority of hackers are completely disinterested by
alternate interesting subjects addressed for example in 2600 
magazine or 
on Cryptome website. And this is really a shame because these two 
media 
are publishing some really good information. Most hackers are only 
interested by pure hacking techniques like backdooring, network 
exploitation, client vulnerabilities... But for me hacking is 
closely 
related to other subjects like those addressed on Cryptome website. 
For 
example the majority of hackers don't know what SIPRnet is. There 
is only 
one reference in Phrack, but there are several articles about 
SIPRnet in 
2600 magazine or on Cryptome website. When I want to discuss about 
all 
these interesting subjects it's really difficult to find someone in 
the 
scene. And to be honest the only people that I can find are people 
away 
from the scene. The majority of hackers composing the groups I 
mentioned 
above are not interested by these subjects (as far as I know). Old 
school 
hackers in 80's or 90's were more interested by alternated subjects 
than 
the new generation.

    In conclusion, firstly we have to get back the old school 
hacking
spirit and afterwards explain to the new generation of hackers what 
it is.

    It's the only way to survive. The scene is dying but I won't say
that we can't do anything. We can do something. We must do 
something.
It's our responsibility.


--[ 4 Are security experts better than hackers?

    STOP!!!!! I do not want to say that security experts are better 
than
hackers. I don't think they are, but to be honest it's not really
important. It's nonsense to ask who is better. The best guy, 
independent
from the techniques he used, is always the most ingenious. But there
are two points that I would like to develop.


----[ 4.1 The beautiful world of corporate security

    I met a really old school hacker some months ago, he told me 
something
very pertinent and I think he was right. He told me that the 
technology
has really changed these last years but that the old school tricks 
still
work. Simply because the people working for security companies don't
really care about security. They care more about finding a new eleet
technique to attack or defend a system and presenting it to a 
security
conference than to use it in practice.

    So Underground, we have a problem. A major problem. 15 years 
ago,
there were a lot of people working for the security industry. At 
times,
there also were a lot of people working in what I will call the
Underground scene. No-one can estimate the percentage in each camp, 
but
I would say it was something like 60% working in security and 40% 
working
in the Underground scene. It was still a good distribution. 
Nowadays, I'm
not sure it's still true. A better estimation should be 80/20 
orientated
to security or maybe even worse... There are increasingly more and 
more
people working for the security world than for the Underground 
scene. Look
at all these "eleet" security companies like ISS, Core Security, 
Immunity,
IDefense, eEye, @stake, NGSSoftware, Checkpoint (!), Counterpane, 
Sabre
Security, Net-Square, Determina, SourceFire...I will stop here 
otherwise
Google will make some publicity for these companies. All these 
security
companies have hired and still hire some hackers, even if they will 
say
that they don't. Sometimes, they don't even know they hired a 
hacker. How
many past Phrack writers work for these companies? My guess is a 
lot,
really a lot. After all, you can't stop a hacker if you have never 
been
one...

    You'll tell me: "that's normal, everyone has to eat". Yeah, 
that's
true. Everyone has to eat. I'm not talking about that. What I don't 
like
(even if we do need these good and bad guys) is all the stuff 
around the
security world: conferences, (false) alerts, magazines, mailing 
lists,
pseudo security companies, pseudo security websites, pseudo security
books...

    Can you tell me why there is so much security related stuff and 
not
so much Underground related stuff?


--[ 4.2 The in-depth knowledge of security conferences

    If you have a look at all the topics addressed in a security
conference, it's amazing. Take the most famous conferences: 
*Blackhat, 
*SecWest or even Defcon (I mention only marketing conferences, 
there are
others good conferences that are less corporate/business oriented 
like
CCC, PH neutral, HOPE or WTH).  Now look at the talks given by the 
speakers, they're really good. When I went to a security conference 
5 
years ago it was so funny, I was saying to my friends: "these guys 
are 
5 years late". It was true then but I think it's not true anymore. 
They 
are probably still late, but not as late as they were. But the most 
relevant point for me is that recently there have been a lot of 
very 
interesting subjects. OK not everything was interesting - there 
were 
some shit subjects too. What I would consider as interesting 
subjects 
are those related to new technologies (VOIP, WEB 2.0, RFID, 
BlackBerry, 
GPS...) or original topics like hardware hacking, BlackOps, agency 
relationships, SE story, bioinfo attack, nanotech, PsyOp... What 
the 
Fuck ?!#@?! 10 years ago, all the original topics were released in 
an 
Underground magazine like Phrack or 2600. Not in a security 
conference 
where you have to pay more than $1000.

    This is not my idea of what hacking should be. Do you really 
need
publicity like this to feel good? This is not hacking. I'm not 
talking
here about the core but the form. When I'm coding something at home 
all
night and in the morning it works, it's really exciting. And I don't
have to say to everyone "look at what I did!". Especially not in 
public
where people have to pay more than $1000 to hear you.

    Another incredible thing about these security conferences is 
what I
would call the "conference circuit". Nowadays, if you are a security
expert, the trend is to give the same talk at different security 
conferences around the world. More than 50% of all security experts 
are 
doing this. They go in America at BlackHat, Defcon and CanSecWest, 
after 
they move in Europe and they finish in Asia or Australia. They can 
even 
do BlackHat America, BlackHat Europe and BlackHat Asia! Like Roger
Federer or Tiger Woods, they try to do the Grand Slam! So you can 
find 
a conference given in 2007 which is more or less the same than one 
in 
2005. Thus it seems we have now a new profession in our wonderful 
security world: "conferences runner" !

    Last funny thing is the number of conferences that I will 
include in
the category "How to hack the system XXX". For example at the last
Blackhat USA there was a conference on how to hack an embedded 
device, 
for example printers and copiers. Despite the fact that it's 
interesting 
(collecting document printed), what I find funny is the fact that 
you 
just have to hack a non conventional device to be at Blackat or 
Defcon. 
So, I will give some good advice to hackers who want to become 
famous: 
try to hack the coffee machine used by the FBI or the embedded 
device 
used by the lift of the Pentagon and everyone will see you as a 
hero 
or a terrorist (thats context based).


--[ 5. Phrack and the axis of counter-attack

    Now that I have given you an overview of the security world, 
let's
try to see how we can change it. There are two possibilities here. 
The
first one is this:- I say to you "OK now that you really understand 
the
problem, it's definitely time to change our mentality. This is the 
new
mind set that we have to adopt". It's a little bit pretentious to 
say
this though. Nobody can solve the problem alone and pretend to 
bring the
good solution. So I guess that the first possibility won't work. 
People
will agree but nobody will do anything.

    The second possibility is to start with Phrack. All the people 
who
make up The Circle of Lost Hackers agree that Phrack should come 
back to
its past style when the spirit was present. We really agree with 
the quote
above which said that Phrack is mainly a dry technical journal. It's
why we would like to give you some idea that can bring back to 
Phrack its
bygone aura. Phrack doesn't belong to a group a people, Phrack 
belongs to
everyone, everyone in the Underground scene who want to bring 
something
for the Underground. After all, Phrack is a magazine made by the 
community
for the community.

    We would like to invite everyone to give their point of view 
about the
current scene and the orientation that Phrack should take in the 
future.
We could compile a future article with all your ideas.


----[ 5.1. Old idea, good idea

    If you take a look at the old Phrack, there are some recurring
articles :

* Phrack LoopBack
* Line noise
* Phrack World News
* Phrack Prophiles
* International scenes

    Here's something funny about Phrack World News, if you take a 
look
at Phrack 36 it was not called "Phrack World News" but instead it 
was
"Elite World News"...

    So, all these articles were and are interesting. But in these
articles, we would like to resuscitate the last one: "International 
scenes". A first essay is made in this issue, but we would like 
people 
to send us a short description of their scene. It could be very 
interesting to have some descriptions of scenes that are not 
common, 
for example the China scene, the Brazilian scene, the Russian 
scene, 
the African scene, the Middle East scene... But of course we are 
also 
interested in the more classic scenes like Americas, GB, France, 
Germany, 
.... Everything is welcome, but hackers all over the world are not 
only 
hackers in Europe-Americas, we're everywhere. And when we talk 
about the 
Underground scene, it should include all local scenes.


----[ 5.2. Improving your hacking skills

    Here we would like to start a new kind of article. An article 
whose
purpose is to give to the new generation of hackers some different 
little
tricks to hack "like an eleet". This article will be present in 
every
new issue (at least until it's dead ... we hope not soon). The idea 
is
to ask to everyone to send us their tricks when they hack something
(it could be a computer or not). The tricks should be explained in 
no
more than 30 lines, and it could even be one line. It could be an 
eleet
trick or something really simple but useful. Example:


An almost invisible ssh connection
----------------------------------

    In the worse case if you have to ssh on a box, do it every time
with no tty allocation

    ssh -T user@...t

    If you connect to a host with this way, a command like "w" will 
not
show your connection. Better, add 'bash -i' at the end of the 
command to
simulate a shell

     ssh -T user@...t /bin/bash -i

    Another trick with ssh is to use the -o option which allow you 
to
specify a particular know_hosts file (by default it's 
~/.ssh/know_hosts).
The trick is to use -o with /dev/null:

    ssh -o UserKnownHostsFile=/dev/null -T user@...t /bin/bash -i

    With this trick the IP of the box you connect to won't be 
logged in
know_hosts.

    Using an alias is a good idea.


Erasing a file
--------------

    In the case of you have to erase a file on a owned computer, try
to use a tool like shred which is available on most of Linux.

shred -n 31337 -z -u file_to_delete

-n 31337 : overwrite 313337 times the content of the file
-z : add a final overwrite with zeros to hide shredding
-u : truncate and remove file after overwriting

    A better idea is to do a small partition in RAM with tmpfs or
ramdisk and storing all your files inside.

    Again, using an alias is a good idea.


The quick way to copy a file
----------------------------

    If you have to copy a file on a remote host, don't bore 
yourself with
an FTP connection or similar. Do a simple copy and paste in your 
Xconsole.
If the file is a binary, uuencode the file before transferring it.

    A more eleet way is to use the program 'screen' which allows 
copying a
file from one screen to another:

    To start/stop :  C-a H or C-a : log

    And when it's logging, just do a cat on the file you want to 
transfer.


Changing your shell
-------------------

    The first thing you should do when you are on an owned computer 
is to
change the shell. Generally, systems are configured to keep a 
history for
only one shell (say bash), if you change the shell (say ksh), you 
won't be
logged.

    This will prevent you being logged in case you forget to clean
the logs. Also, don't forget 'unset HISTFILE' which is often useful.


    Some of these tricks are really stupid and for sure all old 
school
hackers know them (or don't use them because they have more eleet 
tricks).
But they are still useful in many cases and it should be 
interesting to
compare everyone's tricks.


----[ 5.3. The Underground yellow pages

    Another interesting idea is to maintain a list of all the 
interesting
IP ranges in the world. This article will be called "Meaningful IP
ranges". We have already started to scan all the class A and B 
networks. 
What is really interesting is all the IP addresses of agencies 
which are 
supposed to spy us. Have a look at this site:

http://www.milnet.com/iagency.htm

    However we don't have to focus our list on agencies, but on 
everything
which is supposed to be the power of the world.


It includes:

* All agencies of a country (China, Russia, UK, France, Israel...)

* All companies in a domain, for example all companies related to 
private
  secret service or competitive intelligence or financial clearing 
or
  private army (dyncorp, CACI, MPRI, Vinnel, Wackenhut, ...)

* Companies close to government (SAIC, Dassault, QinetiQ, 
Halliburton,
  Bechtel...)

* Spying business companies (AT&T, Verizon, VeriSign, AmDocs, 
BellSouth,
  Top Layer Networks, Narus, Raytheon, Verint, Comverse, SS8, pen-
link...)

* Spoken Medias (Al Jazeera, Al Arabia, CNN, FOX, BBC, ABC, RTVi, 
....)

* Written Medias or press agencies (NY/LA Times, Washington Post,
  Guardian, Le monde, El Pais, The Bild, The Herald, Reuters, AFP, 
AP, 
  TASS, UPI...)

* All satellite maintainers (Intelsat, Eurosat, Inmarsat, Eutelsat,
  Astra...)

* Suspect investment firms (Carlyle, In-Q-Tel...)

* Advanced research centers (DARPA, ARDA/DTO, HAARP...)

* Secret societies, fake groups and think-tanks (The Club of Rome, 
The
  Club of Berne, Bilderberg, JASON group, Rachel foundation, CFR, 
ERT,
  UNICE, AIPAC, The Bohemian Club, Opus Dei, The Chatman House, 
Church of
  Scientology...)

* Guerilla groups, rebels or simply alternative groups (FARC, ELN, 
ETA,
  KKK, NPA, IRA, Hamas, Hezbolah, Muslim Brothers...)

* Ministries (Defense, Energy, State, Justice...)

* Militaries or international polices (US Army, US Navy, US Air 
Force,
  NATO, European armies, Interpol, Europol, CCU...)

* And last but not least: HONEYPOT!


    It's obvious that not all ranges can be obtained. Some agencies 
are
registered under a false name in order to be more discrete (what 
about
ENISA, the European NSA?), others use some high level systems (VPN, 
tor
....) on top of normal networks or simply use communication systems 
other
than the Internet. But we would like to keep the most complete list 
we
can. But for this we need your help. We need the help of everyone in
the Underground who is ready to share knowledge. Send us your range.

    We started to scan the A and B range with a little script we 
made,
but be sure that the more interesting range are in class C. Here is 
a
quick start of the list :

11.0.0.0 - 11.255.255.255 : DoD Network Information Center
144.233.0.0 - 144.233.255.255 : Defense Intelligence Agency
144.234.0.0 - 144.234.255.255 : Defense Intelligence Agency
144.236.0.0 - 144.236.255.255 : Defense Intelligence Agency
144.237.0.0 - 144.237.255.255 : Defense Intelligence Agency
144.238.0.0 - 144.238.255.255 : Defense Intelligence Agency
144.239.0.0 - 144.239.255.255 : Defense Intelligence Agency
144.240.0.0 - 144.240.255.255 : Defense Intelligence Agency
144.241.0.0 - 144.241.255.255 : Defense Intelligence Agency
144.242.0.0 - 144.242.255.255 : Defense Intelligence Agency
162.45.0.0 - 162.45.255.255 : Central Intelligence Agency
162.46.0.0 - 162.46.255.255 : Central Intelligence Agency
130.16.0.0 - 130.16.255.255 : The Pentagon
134.11.0.0 - 134.11.255.255 : The Pentagon
134.152.0.0 - 134.152.255.255 : The Pentagon
134.205.0.0 - 134.205.255.255 : The Pentagon
140.185.0.0 - 140.185.255.255 : The Pentagon
141.116.0.0 - 141.116.255.255 : Army Information Systems Command-
Pentagon
6.0.0.0 - 6.255.255.255 : DoD Network Information Center
128.20.0.0 - 128.20.255.255 : U.S. Army Research Laboratory
128.63.0.0 - 128.63.255.255 : U.S. Army Research Laboratory
129.229.0.0 - 129.229.255.255 : United States Army Corps of 
Engineers
131.218.0.0 - 131.218.255.255 : U.S. Army Research Laboratory
134.194.0.0 - 134.194.255.255 : DoD Network Information Center
134.232.0.0 - 134.232.255.255 : DoD Network Information Center
137.128.0.0 - 137.128.255.255 : U.S. ARMY Tank-Automotive Command
144.252.0.0 - 144.252.255.255 : DoD Network Information Center
155.8.0.0 - 155.8.255.255 : DoD Network Information Center
158.3.0.0 - 158.3.255.255 : Headquarters, USAAISC
158.12.0.0 - 158.12.255.255 : U.S. Army Research Laboratory
164.225.0.0 - 164.225.255.255 : DoD Network Information Center
140.173.0.0 - 140.173.255.255 : DARPA ISTO
158.63.0.0 - 158.63.255.255 : Defense Advanced Research Projects 
Agency
145.237.0.0 - 145.237.255.255 : POLFIN ( Ministry of Finance Poland)
163.13.0.0 - 163.32.255.255 : Ministry of Education Computer Center 
Taiwan
168.187.0.0 - 168.187.255.255 : Kuwait Ministry of Communications
171.19.0.0 - 171.19.255.255 : Ministry of Interior Hungary
164.49.0.0 - 164.49.255.255 : United States Army Space and Strategic
Defense
165.27.0.0 - 165.27.255.255 : United States Cellular Telephone
152.152.0.0 - 152.152.255.255 : NATO Headquarters
128.102.0.0 - 128.102.255.255 : NASA
128.149.0.0 - 128.149.255.255 : NASA
128.154.0.0 - 128.154.255.255 : NASA
128.155.0.0 - 128.155.255.255 : NASA
128.156.0.0 - 128.156.255.255 : NASA
128.157.0.0 - 128.157.255.255 : NASA
128.158.0.0 - 128.158.255.255 : NASA
128.159.0.0 - 128.159.255.255 : NASA
128.161.0.0 - 128.161.255.255 : NASA
128.183.0.0 - 128.183.255.255 : NASA
128.217.0.0 - 128.217.255.255 : NASA
129.50.0.0 - 129.50.255.255 : NASA
153.31.0.0 - 153.31.255.255 : FBI Criminal Justice Information 
Systems
138.137.0.0 - 138.137.255.255 : Navy Regional Data Automation Center
138.141.0.0 - 138.141.255.255 : Navy Regional Data Automation Center
138.143.0.0 - 138.143.255.255 : Navy Regional Data Automation Center
161.104.0.0 - 161.104.255.255 : France Telecom R&D
161.105.0.0 - 161.105.255.255 : France Telecom R&D
161.106.0.0 - 161.106.255.255 : France Telecom R&D
159.217.0.0 - 159.217.255.255 : Alcanet International (Alcatel)
158.190.0.0 - 158.190.255.255 : Credit Agricole
158.191.0.0 - 158.191.255.255 : Credit Agricole
158.192.0.0 - 158.192.255.255 : Credit Agricole
165.32.0.0 - 165.48.255.255 : Bank of America
171.128.0.0 - 171.206.255.255 : Bank of America
167.84.0.0 - 167.84.255.255 : The Chase Manhattan Bank
159.50.0.0 - 159.50.255.255 : Banque Nationale de Paris
159.22.0.0 - 159.22.255.255 : Swiss Federal Military Dept.
163.12.0.0 - 163.12.255.255 : navy aviation supply office
163.249.0.0 - 163.249.255.255 : Commanding Officer Navy Ships Parts
164.94.0.0 - 164.94.255.255 : Navy Personnel Research
164.224.0.0 - 164.224.255.255 : Secretary of the Navy
34.0.0.0 - 34.255.255.255 : Halliburton Company
139.121.0.0 - 139.121.255.255 : Science Applications International
Corporation
....

    The last one is definitely interesting; people interested by 
obscure
technologies should investigate in-depth SAIC stuff...

    But anyway this list is rough and incomplete. We have a lot more
interesting ranges but not yet classed. It's just to show you how 
easy
it is to obtain.

    If you think that the idea is funny, send us your range. We 
would be
pleased to include your range in our list. The idea is to offer the 
more
complete list we can for the next Phrack release.


----[ 5.4. The axis of knowledge

    I'm sure that everyone knows "the axis of evil". This 
sensational
expression was coined some years ago by Mr. Bush to group wicked
countries (but was it really invented by the "president" or by 
m1st3r
Karl Rove??). We could use the same expression to name the evil 
subjects
that we would like to have in Phrack. But I will leave to Mr 
Powerful
Bush his expression and find a more noble one : The Axis of 
Knowledge.

    So what is it about? Just list some topics that we would like 
to find
more often in Phrack. In the past years, Phrack was mainly focused 
on
exploitation, shellcode, kernel and reverse engineering. I'm not 
saying
that this was not interesting, I'm saying that we need to diversify 
the
articles of Phrack. Everyone agrees that we must know the advances 
in
heap exploitation but we should also know how to exploit new 
technologies.


------[ 5.4.1 New Technologies

    To illustrate my point, we can take a quote from Phrack 62, the
profiling of Scut:


Q: What suggestions do you have for Phrack?

A:  For the article topics, I personally would like to see more 
articles
on upcoming technologies to exploit, such as SOAP, web services,
..NET, etc.


    We think he was right. We need more article on upcoming 
technology.
Hackers have to stay up to date. Low level hacking is interesting 
but we
also need to adapt ourselves to new technologies.

    It could include: RFID, Web2, GPS, Galileo, GSM, UMTS, Grid 
Computing,
Smartdust system.

    Also, since the name Phrack is a combination between Phreack 
and Hack,
having more articles related to Phreacking would be great. If you 
have
a look to all the Phrack issues from 1 to 30, the majority of 
articles 
talked about Phreacking. And Phreacking and new technologies are 
closely 
connected.


------[ 5.4.2 Hidden and private networks

    We would like to have a detailed or at least an introduction to
private networks used by governments. It includes:

* Cyber Security Knowledge Transfer Network (KTN)
	http://ktn.globalwatchonline.com

* Unclassified but Sensitive Internet Protocol Router Network
   and
  The Secret IP Router Network (SIPRN)
	http://www.disa.mil/main/prodsol/data.html

* GOVNET
	http://www.govnet.state.vt.us/

* Advanced Technology Demonstration Network
	http://www.atd.net/

* Global Information Grid (GIG)
	http://www.nsa.gov/ia/industry/gig.cfm?MenuID=10.3.2.2
....

    There are a lot private networks in the world and some are not
documented. What we want to know is: how they are implemented, who
is using them, which protocols are being used (is it ATM, 
SONET...?),
is there a way to access them through the Internet, ....

    If you have any information to share on these networks, we 
would be
very interested to hear from you.


------[ 5.4.3 Information warfare

    Information warfare is probably one of the most interesting 
upcoming
subjects in recent years. Information is present everywhere and the 
one
who controls the information will be the master. USA already 
understands
this well, China too, but some countries are still late. Especially 
in
Europe. Some websites are already specialized in information warfare
like IWS the Information Warfare Site (http://www.iwar.org.uk)

    You can also find some schools across the world which are 
specialized
in information warfare.

    We, hackers, can use our knowledge and ingeniousness to do 
something
in this domain. Let me give you two examples. The first one is 
Black Hat
SEO (http://www.blackhatseo.com/). This subject is really 
interesting
because it combines a lot of subjects like development, hacking,
social engineering, linguistics, artificial intelligence and even
marketing. These techniques can be use in Information Warfare and we
would like the Underground to know more about this subject.

    Second example, in a document entitled "Who is n3td3v?" the 
author
(hacker factor) use linguistic techniques in order to identify
n3td3v. After having analyzed n3td3v's text, the author claims that 
n3td3v and Gobbles are probably the same person. N3td3v's answer 
was 
to say that he has an A.I. program allowing him to generate a text 
automatically. If he wants to sound like George Bush, he has simply 
to find a lots of articles by him, give these texts to his A.I. and 
the AI program will build a model representing the way that George 
Bush write. Once the model created, he can give a text to the A.I. 
and this text will be translated in "George Bush Speaking". 
Author's 
answer (hacker factor) was to say it's not possible.

    For working in text-mining, I can tell you that it's possible. 
The
majority of people working in the academic area are blind and when 
you
come to them with innovative techniques, they generally say you 
that you
are a dreamer. A simple implementation can be realized quickly with 
the
use of a grammar (that you can even induct automatically), a 
thesaurus
and markov chains. Add some home made rules and you can have a small
system to modify a text.

    An idea could be to release a tool like this (the binary, not 
the
source). I already have the title for an article : "Defeating 
forensic:
how to cover your says" !

    More generally, in information warfare, interesting subjects 
could be:

* Innovative information retrieval techniques
* Automatic diffusion of manipulated information
* Tracking of manipulated information

    Military and advanced centers like DARPA are already interested 
in
these topics. We don't have to let governments have the monopoly on
these areas. I'm sure we can do much better than governments.


------[ 5.4.4 Spying System

    Everyone knows ECHELON, it's probably the most documented spying
system in the world. Unfortunately, the majority of the information 
that
you can find on ECHELON is where ECHELON bases in the world are. 
There is
nothing about how they manipulate data. It's evident that they are 
using
some data-mining techniques like speech recognition, text-cleaning, 
topic
classification, name entity recognition sentiment detection and so 
on. For
this they could use their own software or maybe they are using some
commercial software like:


Retrievalware from Convera :
	http://www.convera.com/solutions/retrievalware/Default.aspx

Inxight's products:
	 http://www.inxight.com/products/

"Minority Report" like system visualization:
	http://starlight.pnl.gov/

....

    For now we are like Socrates, all we know is that we know 
nothing.
Nothing about how they process data. But we are very interested to 
know.

    In the same vein, we would like to know more on Narus
(http://www.narus.com/), which could be used as the successor of 
CARNIVORE which was the FBI's tools to intercept electronic data. 
Which 
countries use Narus, where it is installed, how is Narus processing 
information...

    Actually any system which is supposed to spy on us is 
interesting.


--[ 6. Conclusion

    I'm reaching the end of my subject. Like with every articles 
some
people will agree with the content and some not. I'm probably not 
the best
person for talking about the Underground but I tried to resume in
this text all the interesting discussions I had for several years 
with a 
lot of people. I tried to analyze the past and present scene and to 
give 
you a snapshot as accurate as possible.

    I'm not entirely satisfied, there's a lot more to say. But if 
this
article can already make you thinking about the current scene or
the Underground in general, that means that we are on the good way.

    The most important thing to retain is the need to get back the
Underground spirit. The world changes, people change, the security 
world
changes but the Underground has to keep its spirit, the spirit which
characterized it in the past.

    I gave you some ideas about how we could do it, but there are 
much
more ideas in 10000 heads than in one. Anyone who worry about the 
current
scene is invited to give his opinion about how we could do it.

    So let's go for the wakeup of the Underground. THE wakeup. A 
wakeup
to show to the world that the Underground is not dead. That it will 
never
die, that it is still alive and for a long time.

    Thats the responsibility of all hackers around the world.

--
Stuck in a dead end job?? Click to start living your dreams by earning an online degree.
http://tagline.hushmail.com/fc/CAaCXv1S7Y1c4HWxMAWmd95kbjLpK0EX/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ