| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20070525133800.63448C3820@mailserver10.hushmail.com>
Date: Fri, 25 May 2007 09:37:59 -0400
From: <auto294156@...hmail.com>
To: <full-disclosure@...ts.grok.org.uk>
Cc:
Subject: PHRACK 64: THE UNDERGROUND SCENE
_ _
_/B\_ _/W\_
(* *) Phrack #64 file 4 (* *)
| - | | - |
| | A brief history of the Underground scene | |
| | | |
| | By The Circle of Lost Hackers | |
| | | |
| | Duvel@...ack.org | |
(____________________________________________________)
--[ Contents
1. Introduction
2. The security paradox
3. Past and present Underground scene
3.1. A lack of culture and respect for ancient hackers
3.2. A brief history of Phrack
3.3. The current zombie scene
4. Are security experts better than hackers?
4.1. The beautiful world of corporate security
4.2. The in-depth knowledge of security conferences
5. Phrack and the axis of counter attacks
5.1. Old idea, good idea
5.2. Improving your hacking skills
5.3. The Underground yellow pages
5.4. The axis of knowledge
5.4.1. New Technologies
5.4.2. Hidden and private networks
5.4.3. Information warfare
5.4.4. Spying System
6. Conclusion
--[ 1. Introduction
"It's been a long long time,
I kept this message for you, Underground
But it seems I was never on time
Still I wanna get through to you, Underground..."
I am sure most of you know and love this song (Stir it Up).
After all,
who doesn't like a Bob Marley song? The lyrics of this song fit
very well
with my feeling : I was never on time but now I'm ready to deliver
you
the message.
So what is this article about? I could write another technical
article
about an eleet technique to bypass a buffer overflow protection,
how to
inject my magical module in the kernel, how to reverse like an
eleet or
even how to make a shellcode for a not-so-famous OS. But I won't.
There
are some other people who can do it much better than I could.
But it is the reason not to write a technical article. The
purpose of
this article is to launch an SOS. An SOS to the scene, to everyone,
to all
the hackers in the world. To make all the next releases of Phrack
better
than ever before. And for this I don't need a technical article. I
need
what I would call Spirit.
Do you know what I mean by the word spirit?
--[ 2. The security paradox.
There is something strange, really strange. I always compare the
security world with the drug world. Take the drugs world, on the
one side
you have all the "bad" guys: cartels, dealers, retailers, users...
On
the other side, you have all the "good" guys: cops, DEA,
pharmaceutical
groups creating medicines against drugs, president of the USA
asking for
more budget to counter drugs... The main speech of all these good
guys
is : "we have to eradicate drugs!". Well, why not. Most of us agree.
But if there is no more drugs in the world, I guess that a big
part
of the world economy would fall. Small dealers wouldn't have the
money to
buy food, pharmaceutical groups would loose a big part of their
business,
DEA and similar agencies wouldn't have any reason to exist. All the
drugs centers could be closed, banks would loose money coming from
the
drugs market. If you take all thoses things into consideration, do
you think that governments would want to eradicate drugs? Asking the
question is probably answering it.
Now lets move on to the security world.
On the one side you have a lot of companies, conferences,
open source security developers, computer crime units... On the
other side you have hackers, script kiddies, phreackers.... Should
I explain this again or can I directly ask the question? Do you
really
think that security companies want to eradicate hackers?
To show you how these two worlds are similar, lets look at
another
example. Sometimes, you hear about the cops arrested a dealer,
maybe a
big dealer. Or even an entire cartel. "Yeah, look ! We have
arrested a
big dealer ! We are going to eradicate all the drugs in the
world!!!". And
sometimes, you see a news like "CCU arrests Mafiaboy, one of the
best
hacker in the world". Computer crime units and DEA need publicity -
they
arrest someone and say that this guy is a terrorist. That's the
best way
to ask for more money. But they will rarely arrest one of the best
hackers
in the world. Two reasons. First, they don't have the intention
(and if
they would, it's probably to hire him rather than arrest him).
Secondly,
most of the Computer Crime Units don't have the knowledge required.
This is really a shame, nobody is honest. Our governments claim
that
they want to eradicate hackers and drugs, but they know if there
were
no more hackers or drugs a big part of the world economy could
fall. It's
again exactly the same thing with wars. All our presidents claim
that we
need peace in the world, again most of us agree. But if there are
no more
wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS,
SAIC...
will loose a huge part of their markets and so banks wouldn't have
the money generated by the wars.
The paradox relies in the perpetual assumption that threat is
generated from abuses where in fact it might comes from inproper
technological design or money driven technological improvement
where the
last element shadows the first. And when someone that is dedicated
enough
digs it, we have a snowball effect, thus every fish in the pound at
one
time or an other become a part of it.
And as you can see, this paradox is not exclusive to the security
industry/underground or even the computer world, it could be
considered
as the gold idol paradox but we do not want to get there.
In conclusion, the security world need a reason to justify its
business. This reason is the presence of hackers or a threat
(whatever
hacker means), the presence of an hackers scene and in more general
terms
the presence of the Underground.
We don't need them to exist, we exist because we like learning,
learning what we are not supposed to learn. But they give us
another good
reason to exist. So if we are "forced" to exist, we should exist in
the good way. We should be well organized with a spirit that
reflect our
philosophy. Unfortunately, this spirit which used to characterized
us is
long gone...
--[ 3. Past and Present Underground scene
The "scene", this is a beautiful word. I am currently in a
country
very far away from all of your countries, but it is still an
industrialized country. After spending some months in this country,
I found
some old-school hackers. When I asked them how the scene was in
their
country, they always answered the same thing: "like everywhere,
dying". It's
a shame, really a shame. The security world is getting larger and
larger and
the Underground scene is dying.
I am not an old school hacker. I don't have the pretension to
claim
it I would rather say that I have some old-school tricks or maybe
that my
mind is old-school oriented, but that's all. I started to enjoy the
hacking life more or less 10 years ago. And the scene was already
dying.
When I started hacking, like a lot of people, I have read all
the past
issues of Phrack. And I really enjoyed the experience. Nowadays,
I'm pretty sure that new hackers don't read old Phrack articles
anymore.
Because they are lazy, because they can find information elsewhere,
because they think old Phracks are outdated... But reading old
Phracks is
not only to acquire knowledge, it's also to acquire the hacking
spirit.
----[ 3.1 A lack of culture and respect for ancient hackers
How many new hackers know the hackers history? A simple example
is the
Securityfocus. I'm sure a lot of you consult its vulnerabilities
database or some mailing list. Maybe some of you know Kevin Poulsen
who
worked for Securityfocus for some years and now for Wired. But how
many of
you know his history? How many knew that at the beginning of the
80's he
was arrested for the first time for breaking into ARPANET? And that
he
was arrested a lot more times after that as well. Probably not a lot
(what's ARPANET after all...).
It's exactly the same kind of story with the most famous hacker
in
the world: Kevin Mitnick. This guy really was amazing and I have a
total respect for what he did. I don't want to argue about his
present
activity, it's his choice and we have to respect it. But nowadays,
when new hackers talk about Kevin Mitnick, one of the first things I
hear is : "Kevin is lame. Look, we have defaced his website, we are
much
better than him". This is completely stupid. They have probably
found a
stupid web bug to deface his website and they probably found the
way to
exploit the vulnerability in a book like Hacking Web Exposed. And
after
reading this book and defacing Kevin's website, they claim that
Kevin
is lame and that they are the best hackers in the world... Where
are we
going? If these hackers could do a third of what Kevin did, they
would
be considered heroes in the Underground community.
Another part of the hacking culture is what some people name
"The
Great Hackers War" or simply "Hackers War". It happened 15 years ago
between probably the two most famous (best?) hackers group which had
ever existed: The Legion of Doom and Master of Deception. Despite
that
this chapter of the hacking history is amazing (google it), what I
wonder is how many hackers from the new generation know that famous
hackers like Erik Bloodaxe or The Mentor were part of these groups.
Probably not a lot. These groups were mainly composed of skilled and
talented hackers/phreackers. And they were our predecessor. You can
still
find their profiles in past issues of Phrack. It's still a nice
read.
Let's go for another example. Who knows Craig Neidorf? Nobody?
Maybe
Knight Lightning sounds more familiar for you... He was the first
editor
in chief of Phrack with Taran King, Taran King who called him his
"right hand man". With Taran King and him, we had a lot of good
articles,
spirit oriented. So spirit oriented that one article almost sent him
to jail for disclosing a confidential document from Bell South.
Fortunately, he didn't go in jail thanks to the Electronic Frontier
Foundation who preached him. Craig wrote for the first time in
Phrack
issue 1 and for the last time in Phrack issue 40. He is simply the
best
contributor that Phrack has ever had, more than 100 contributions.
Not
interesting? This is part of the hacking culture.
More recently, in the 90's, an excellent "magazine" (it was
more a
collection of articles) called F.U.C.K. (Fucked Up College Kids) was
made by a hacker named Jericho... Maybe some new hackers know
Jericho for
his work on Attrition.org (that's not sure...), but have you
already taken
time to check Attrition website and consult all the good work that
Jericho
and friends do? Did you know that Jericho wrote excellent Phrack
World
News under the name Disorder 10 years ago (and trust me his news
were
great) ? Stop thinking that Attrition.org is only an old dead
mirror of
web site defacements, it's much more and it's spirit oriented.
Go ask Stephen Hawking if knowing the scientific story is not
important to understand the scientific way/spirit... Do you think
that
Stephen doesn't know the story of Aristotle, Galileo, Newton or
Einstein ?
To help wannabe hackers, I suggest that they read "The Complete
History of Hacking" or "A History of Computer Hacking" which are
very
interesting for a first dive in the hacking history and that can
easily be
found with your favorite search engine.
Another good reading is the interview of Erik Bloodaxe in 1994
(http://www.eff.org/Net_culture/Hackers/bloodaxe-
goggans_94.interview)
where Erik said something really interesting about Phrack:
"I, being so ridiculously nostalgic and sentimental, didn't want to
see
it (phrack) just stop, even though a lot of people always complain
about
the content and say, "Oh, Phrack is lame and this issue didn't have
enough
info, or Phrack was great this month, but it really sucked last
month."
You know, that type of thing. Even though some people didn't always
agree with it and some people had different viewpoints on it, I
really
thought someone needed to continue it and so I kind of volunteered
for
it."
It's still true...
----[ 3.2 A brief history of Phrack
Let's go for a short hacking history course and let's take a
look at
old Phracks where people talked about the scene and what hacking is.
Phrack 41, article 1:
---------------------
"The type of public service that I think hackers provide is not
showing
security holes to whomever has denied their existence, but to merely
embarrass the hell out of those so-called computer security experts
and other purveyors of snake oil."
This is true, completely true. This is closely related to what
I said
before. If there are no hackers, there are no security experts. They
need us. And we need them. (We are family)
Phrack 48, article 2:
---------------------
At the end of this article, there is the last editorial of Erik
Bloodaxe. This editorial is excellent, everyone should read it. I
will
just reproduce some parts here:
"... The hacking subculture has become a mockery of its past self.
People might argue that the community has "evolved" or "grown"
somehow,
but that is utter crap. The community has degenerated. It has
become a
media-fueled farce. The act of intellectual discovery that hacking
once
represented has now been replaced by one of greed, self-
aggrandization
and misplaced post-adolescent angst... If I were to judge the
health of
the community by the turnout of this conference, my prognosis would
be
"terminally ill."..."
And this was in 1996. If we ask to Erik Bloodaxe now what he
thinks
about the current scene, I'm pretty sure he would say something
like: "irretrievable" or "the hacking scene has reached a point of
no
return".
"...There were hundreds of different types of systems, hundreds
of different networks, and everyone was starting from ground zero.
There were no public means of access; there were no books in stores
or
library shelves espousing arcane command syntaxes; there were no
classes
available to the layperson. ..."
Have you ever heard of a "hackademy"? Nowadays, if you want to
be a
hacker it's really easy. Just go to a hacker school and they will
teach
you some of the more eleet tricks in the world. That's the new
hacker way.
"Hacking is not about crime. You don't need to be a criminal to be
a hacker. Hanging out with hackers doesn't make you a hacker any
more
than hanging out in a hospital makes you a doctor. Wearing the t-
shirt
doesn't increase your intelligence or social standing. Being cool
doesn't
mean treating everyone like shit, or pretending that you know more
than
everyone around you."
So what is hacking? My point of view is that hacking is a
philosophy,
a philosophy of life that you can apply not only to computers but to
a lot of things. Hacking is learning, learning computers, networks,
cryptology, telephone systems, spying system and agencies, radio,
what
our governments hide... Actually all non-conventional subjects or
what
could also be called a third eye view of the context.
"There are a bunch of us who have reached the conclusion that the
"scene"
is not worth supporting; that the cons are not worth attending;
that the
new influx of would-be hackers is not worth mentoring. Maybe a lot
of us
have finally grown up."
Here's my answer to Erik 10 years later: "No Eric, you hadn't
finally
grown up, you were right." Erik already sent an SOS 10 years ago and
nobody heard it.
Phrack 50, article 1:
---------------------
"It seems, in recent months, the mass media has finally caught onto
what we have known all along, computer security _IS_ in fact
important.
Barely a week goes by that a new vulnerability of some sort doesn't
pop up
on CNN. But the one thing people still don't seem to fathom is that
_WE_
are the ones that care about security the most... We aren't the
ones that
the corporations and governments should worry about... We are not
the enemy."
No, we are not the enemy. But a lot of people claim that we are
and
some people even sell books with titles like "Know your enemy". It's
probably one of the best ways to be hated by a lot of hackers.
Don't be
surprised if there are some groups like PHC appearing after that.
Phrack 55, article 1:
---------------------
Here I will show you the arrogance of the not-so-far past
editor,
answering some comments:
"...Yeah, yeah, Phrack is still active you may say. Well let me tell
you something. Phrack is not what it used to be. The people who make
Phrack are not Knight Lightning and Taran King, from those old BBS
days. They are people like you and me, not very different, that took
on themselves a job that it is obvious that is too big for them. Too
big? hell, HUGE. Phrack is not what it used to be anymore. Just try
reading, let's say, Phrack 24, and Phrack 54..."
And the editor replied (maybe Route):
"bjx of "PURSUiT" trying to justify his `old-school` ezine. bjx
wrote
a riveting piece on "Installing Slackware" article. Fear and
respect
the lower case "i"".
This is a perfect example of how the Underground scene has
grown up in
the last few years. We can interpret editor's answer like "I'm
writing
some eleet articles and not you, so I don't have to take into
consideration your point of view". But it was a really pertinent
remark.
Phrack 56, article 1:
------------------------------
Here is another excellent example to show you the arrogance of
the
Underground scene. Again, it's an answer to a comment from someone:
"...IMHO it hasn't improved. Sure, some technical aspects of the
magazine have improved, but it's mostly a dry technical journal
these
days. The personality that used to characterize Phrack is pretty
much
non-existant, and the editorial style has shifted towards one of `I
know
more about buffer overflows than you` arrogance. Take a look at the
Phrack
Loopback responses during the first 10 years to the recent ones. A
much
higher percentage of responses are along the lines of `you're an
idiot,
we at Phrack Staff are much smarter than you.`..."
And the reply:
" - Trepidity <delirium4u@...offspring.net> apparently still bitter
at
not being chosen as Mrs. Phrack 2000."
IMHO, Trepidity's remark was probably the best remark for a
long long
time.
Let's stop this little history course. I have showed you that
I'm
not alone in my reflection and that there is something wrong with
the
current disfunctional scene. Some people already thought this 10
years ago
and I know that a lot of people are currently thinking exactly the
same
thing. The scene is dying and its spirit is flying away.
I'm not Erik Bloodaxe, I'm not Voyager or even Taran King ...
I'm
just me. But I would like to do something like 15 years ago, when
the
word hacking was still used in the noble sense. When the spirit was
still
there. We all need to react together or the beast will eat whats
left
of the spirit.
----[ 3.3 The current zombie scene
"A dead scene whose body has been re-animated but whose the
spirit
is lacking".
I'm not really aware of every 'groups' in the world. Some
people are
much more connected than me. And to be honest, I knew the scene
better 5
years ago than I do now. But I will try to give you a snapshot of
what
the current scene is. Forgive me in advance for the groups that I
will
forget, it's really difficult to have an accurate snapshot. The
best way
to have a snapshot of the current scene is probably to use an
algorithm
like HITS which allow to detect a web community. But unfortunately
I don't
have time to implement it.
So the current scene for me is like a pyramid and it's organized
like secret societies. I would like to split hackers groups in 3
categories. In order to not give stupid names to these groups I
will call
them layer 1 group, layer 2 group and layer 3 group. In the layer
1, 5
years ago, you had some really "famous" groups which were, I think,
composed of talented people. I will split this layer into two
categories:
front-end groups and back-end groups. Some of the groups I called
front-end are: TESO, THC, w00w00, Phenoelit or Hert. Back-end
groups
include ADM, Synnergy, ElectronicSouls or Devhell. And you also
have PHC
that you can include in both categories (you know guys you have
your
entry in Wikipedia!). And at the top of that (but mainly at the top
of
PHC) you had obscure/eleet groups like AB.
In the layer 2, I would like to include a lot of groups of less
scale but I think which are trying to do good stuff. Generally,
these
groups have no communication with layer 1 groups. These groups are:
Toxyn,
Blackhat.be, Netric, Felinemenace, S0ftpj (nice mag), Nettwerked
(congratulation for the skulls image guys!), Moloch, PacketWars,
Eleventh Alliance, Progenic, HackCanada, Blacksecurity, Blackclowns
or
Aestetix. You can still split these groups into two categories,
front-end
and back-end. Back-end are Toxyn, Blackat.be or blacksecurity,
others
probably front-end.
Beside these groups, you have a lot of wannabe groups that I'd
like to
include in layer 3, composed of new generation of hackers. Some of
these
groups are probably good and I'm sure that some have the good
hacking
spirit, but generally these groups are composed of hackers who
learned
hacking in a school or by reading hackers magazine that they find
in
library. When you see a hacker arrested in a media, he generally
comes
from one of these unknown groups. 20 years ago, cops arrested
hackers
like Kevin Mitnick (The Condor), Nahshon Even-Chaim (Phoenix, The
Realm),
Mark Abene (Phiber Optik, Legion of Doom) or John Lee (Corrupt,
Master
of Deception), now they arrest Mafia Boy for a DDOS...
There are also some (dead) old school groups like cDc, Lopht or
rhino9, independent skilled guys like Michal Zalewski or Silvio
Cesare,
research groups like Lsd-pl and Darklab and obscure people like
GOBBLES,
N3td3v or Fluffy Bunny :-) And of course, I don't forget people who
are
not affiliated to any groups.
You can also find some central resources for hackers or
phreackers
like Packetstorm or Phreak.org, and magazine oriented resources like
Pull the Plug or Uninformed.
In this wonderful world, you can find some self proclaimed eleet
mailing list like ODD.
We can represent all these groups in a pyramid. Of course, this
pyramid is not perfect. So don't blame me if you think that your
groups
is not in the good category, it's just a try.
The Underground Pyramid
_
/ \
/ \
/ \
/ \
/ \ <-- More eleet hackers in
/ \ the world. Are we arrogant?
/ -PHC- \
/ \
/ \
/ \
/_____________________\
/ \ <-- skilled hackers
/ Fluffy Bunny, GOBBLES \ hacking mainly
/___________________________\ for fun
/ | | | \
/ !dSR | TESO | ADM | cDc \ <-- Generally
/ EL8 | THC | Synnergy| Lopht \ excellent skills
/ h0no | WOOWOO| Devhell | rhino9 \ some groups have
/ ... | ... | ... | .... \ the good spirit
/_______________________________________\
/ | \
/ | HackCanada \ <-- good skills,
/ | Felinemenace \ some are
/ | Netric \ very
/ ... | ... \ original
/___________________________________________________\
/ \
/ Blacksecurity, Blackhat.be, Toxyn \ <--
newbies
/_________________________________________________________\
/ \ <-- info
/ Resources: 2600,Phrack, PacketStorm, Phreak.org, Uniformed, \
for
/ PTP, ... \ all
/_________________________________________________________________\
All of these people make up the current scene. It's a big
mixture
between white/gray/black hats, where some people are white hat in
the day
and black hat at night (and vice-versa). Sometimes there are
communication
between them, sometimes not. I also have to say that it's generally
the
people from layer 1 groups who give talks to security conferences
around
the world...
It's really a shame that PHC is probably the best ambassador of
the
hacking spirit. Their initiative was great and really interesting.
Moreover they are quite funny. But IMHO, they are probably a little
too
arrogant to be considered like an old spirit group.
Actually, the bad thing is that all these people are more or
less
separate and everyone is fighting everyone else. You can even find
some
hackers hacking other hackers! Where is the scene going? Even if
you are
technically very good, do you have to say to everyone that you are
the best one and naming others as lamerz? The new hacker generation
will never understand the hacking spirit with this mentality.
Moreover the majority of hackers are completely disinterested by
alternate interesting subjects addressed for example in 2600
magazine or
on Cryptome website. And this is really a shame because these two
media
are publishing some really good information. Most hackers are only
interested by pure hacking techniques like backdooring, network
exploitation, client vulnerabilities... But for me hacking is
closely
related to other subjects like those addressed on Cryptome website.
For
example the majority of hackers don't know what SIPRnet is. There
is only
one reference in Phrack, but there are several articles about
SIPRnet in
2600 magazine or on Cryptome website. When I want to discuss about
all
these interesting subjects it's really difficult to find someone in
the
scene. And to be honest the only people that I can find are people
away
from the scene. The majority of hackers composing the groups I
mentioned
above are not interested by these subjects (as far as I know). Old
school
hackers in 80's or 90's were more interested by alternated subjects
than
the new generation.
In conclusion, firstly we have to get back the old school
hacking
spirit and afterwards explain to the new generation of hackers what
it is.
It's the only way to survive. The scene is dying but I won't say
that we can't do anything. We can do something. We must do
something.
It's our responsibility.
--[ 4 Are security experts better than hackers?
STOP!!!!! I do not want to say that security experts are better
than
hackers. I don't think they are, but to be honest it's not really
important. It's nonsense to ask who is better. The best guy,
independent
from the techniques he used, is always the most ingenious. But there
are two points that I would like to develop.
----[ 4.1 The beautiful world of corporate security
I met a really old school hacker some months ago, he told me
something
very pertinent and I think he was right. He told me that the
technology
has really changed these last years but that the old school tricks
still
work. Simply because the people working for security companies don't
really care about security. They care more about finding a new eleet
technique to attack or defend a system and presenting it to a
security
conference than to use it in practice.
So Underground, we have a problem. A major problem. 15 years
ago,
there were a lot of people working for the security industry. At
times,
there also were a lot of people working in what I will call the
Underground scene. No-one can estimate the percentage in each camp,
but
I would say it was something like 60% working in security and 40%
working
in the Underground scene. It was still a good distribution.
Nowadays, I'm
not sure it's still true. A better estimation should be 80/20
orientated
to security or maybe even worse... There are increasingly more and
more
people working for the security world than for the Underground
scene. Look
at all these "eleet" security companies like ISS, Core Security,
Immunity,
IDefense, eEye, @stake, NGSSoftware, Checkpoint (!), Counterpane,
Sabre
Security, Net-Square, Determina, SourceFire...I will stop here
otherwise
Google will make some publicity for these companies. All these
security
companies have hired and still hire some hackers, even if they will
say
that they don't. Sometimes, they don't even know they hired a
hacker. How
many past Phrack writers work for these companies? My guess is a
lot,
really a lot. After all, you can't stop a hacker if you have never
been
one...
You'll tell me: "that's normal, everyone has to eat". Yeah,
that's
true. Everyone has to eat. I'm not talking about that. What I don't
like
(even if we do need these good and bad guys) is all the stuff
around the
security world: conferences, (false) alerts, magazines, mailing
lists,
pseudo security companies, pseudo security websites, pseudo security
books...
Can you tell me why there is so much security related stuff and
not
so much Underground related stuff?
--[ 4.2 The in-depth knowledge of security conferences
If you have a look at all the topics addressed in a security
conference, it's amazing. Take the most famous conferences:
*Blackhat,
*SecWest or even Defcon (I mention only marketing conferences,
there are
others good conferences that are less corporate/business oriented
like
CCC, PH neutral, HOPE or WTH). Now look at the talks given by the
speakers, they're really good. When I went to a security conference
5
years ago it was so funny, I was saying to my friends: "these guys
are
5 years late". It was true then but I think it's not true anymore.
They
are probably still late, but not as late as they were. But the most
relevant point for me is that recently there have been a lot of
very
interesting subjects. OK not everything was interesting - there
were
some shit subjects too. What I would consider as interesting
subjects
are those related to new technologies (VOIP, WEB 2.0, RFID,
BlackBerry,
GPS...) or original topics like hardware hacking, BlackOps, agency
relationships, SE story, bioinfo attack, nanotech, PsyOp... What
the
Fuck ?!#@?! 10 years ago, all the original topics were released in
an
Underground magazine like Phrack or 2600. Not in a security
conference
where you have to pay more than $1000.
This is not my idea of what hacking should be. Do you really
need
publicity like this to feel good? This is not hacking. I'm not
talking
here about the core but the form. When I'm coding something at home
all
night and in the morning it works, it's really exciting. And I don't
have to say to everyone "look at what I did!". Especially not in
public
where people have to pay more than $1000 to hear you.
Another incredible thing about these security conferences is
what I
would call the "conference circuit". Nowadays, if you are a security
expert, the trend is to give the same talk at different security
conferences around the world. More than 50% of all security experts
are
doing this. They go in America at BlackHat, Defcon and CanSecWest,
after
they move in Europe and they finish in Asia or Australia. They can
even
do BlackHat America, BlackHat Europe and BlackHat Asia! Like Roger
Federer or Tiger Woods, they try to do the Grand Slam! So you can
find
a conference given in 2007 which is more or less the same than one
in
2005. Thus it seems we have now a new profession in our wonderful
security world: "conferences runner" !
Last funny thing is the number of conferences that I will
include in
the category "How to hack the system XXX". For example at the last
Blackhat USA there was a conference on how to hack an embedded
device,
for example printers and copiers. Despite the fact that it's
interesting
(collecting document printed), what I find funny is the fact that
you
just have to hack a non conventional device to be at Blackat or
Defcon.
So, I will give some good advice to hackers who want to become
famous:
try to hack the coffee machine used by the FBI or the embedded
device
used by the lift of the Pentagon and everyone will see you as a
hero
or a terrorist (thats context based).
--[ 5. Phrack and the axis of counter-attack
Now that I have given you an overview of the security world,
let's
try to see how we can change it. There are two possibilities here.
The
first one is this:- I say to you "OK now that you really understand
the
problem, it's definitely time to change our mentality. This is the
new
mind set that we have to adopt". It's a little bit pretentious to
say
this though. Nobody can solve the problem alone and pretend to
bring the
good solution. So I guess that the first possibility won't work.
People
will agree but nobody will do anything.
The second possibility is to start with Phrack. All the people
who
make up The Circle of Lost Hackers agree that Phrack should come
back to
its past style when the spirit was present. We really agree with
the quote
above which said that Phrack is mainly a dry technical journal. It's
why we would like to give you some idea that can bring back to
Phrack its
bygone aura. Phrack doesn't belong to a group a people, Phrack
belongs to
everyone, everyone in the Underground scene who want to bring
something
for the Underground. After all, Phrack is a magazine made by the
community
for the community.
We would like to invite everyone to give their point of view
about the
current scene and the orientation that Phrack should take in the
future.
We could compile a future article with all your ideas.
----[ 5.1. Old idea, good idea
If you take a look at the old Phrack, there are some recurring
articles :
* Phrack LoopBack
* Line noise
* Phrack World News
* Phrack Prophiles
* International scenes
Here's something funny about Phrack World News, if you take a
look
at Phrack 36 it was not called "Phrack World News" but instead it
was
"Elite World News"...
So, all these articles were and are interesting. But in these
articles, we would like to resuscitate the last one: "International
scenes". A first essay is made in this issue, but we would like
people
to send us a short description of their scene. It could be very
interesting to have some descriptions of scenes that are not
common,
for example the China scene, the Brazilian scene, the Russian
scene,
the African scene, the Middle East scene... But of course we are
also
interested in the more classic scenes like Americas, GB, France,
Germany,
.... Everything is welcome, but hackers all over the world are not
only
hackers in Europe-Americas, we're everywhere. And when we talk
about the
Underground scene, it should include all local scenes.
----[ 5.2. Improving your hacking skills
Here we would like to start a new kind of article. An article
whose
purpose is to give to the new generation of hackers some different
little
tricks to hack "like an eleet". This article will be present in
every
new issue (at least until it's dead ... we hope not soon). The idea
is
to ask to everyone to send us their tricks when they hack something
(it could be a computer or not). The tricks should be explained in
no
more than 30 lines, and it could even be one line. It could be an
eleet
trick or something really simple but useful. Example:
An almost invisible ssh connection
----------------------------------
In the worse case if you have to ssh on a box, do it every time
with no tty allocation
ssh -T user@...t
If you connect to a host with this way, a command like "w" will
not
show your connection. Better, add 'bash -i' at the end of the
command to
simulate a shell
ssh -T user@...t /bin/bash -i
Another trick with ssh is to use the -o option which allow you
to
specify a particular know_hosts file (by default it's
~/.ssh/know_hosts).
The trick is to use -o with /dev/null:
ssh -o UserKnownHostsFile=/dev/null -T user@...t /bin/bash -i
With this trick the IP of the box you connect to won't be
logged in
know_hosts.
Using an alias is a good idea.
Erasing a file
--------------
In the case of you have to erase a file on a owned computer, try
to use a tool like shred which is available on most of Linux.
shred -n 31337 -z -u file_to_delete
-n 31337 : overwrite 313337 times the content of the file
-z : add a final overwrite with zeros to hide shredding
-u : truncate and remove file after overwriting
A better idea is to do a small partition in RAM with tmpfs or
ramdisk and storing all your files inside.
Again, using an alias is a good idea.
The quick way to copy a file
----------------------------
If you have to copy a file on a remote host, don't bore
yourself with
an FTP connection or similar. Do a simple copy and paste in your
Xconsole.
If the file is a binary, uuencode the file before transferring it.
A more eleet way is to use the program 'screen' which allows
copying a
file from one screen to another:
To start/stop : C-a H or C-a : log
And when it's logging, just do a cat on the file you want to
transfer.
Changing your shell
-------------------
The first thing you should do when you are on an owned computer
is to
change the shell. Generally, systems are configured to keep a
history for
only one shell (say bash), if you change the shell (say ksh), you
won't be
logged.
This will prevent you being logged in case you forget to clean
the logs. Also, don't forget 'unset HISTFILE' which is often useful.
Some of these tricks are really stupid and for sure all old
school
hackers know them (or don't use them because they have more eleet
tricks).
But they are still useful in many cases and it should be
interesting to
compare everyone's tricks.
----[ 5.3. The Underground yellow pages
Another interesting idea is to maintain a list of all the
interesting
IP ranges in the world. This article will be called "Meaningful IP
ranges". We have already started to scan all the class A and B
networks.
What is really interesting is all the IP addresses of agencies
which are
supposed to spy us. Have a look at this site:
http://www.milnet.com/iagency.htm
However we don't have to focus our list on agencies, but on
everything
which is supposed to be the power of the world.
It includes:
* All agencies of a country (China, Russia, UK, France, Israel...)
* All companies in a domain, for example all companies related to
private
secret service or competitive intelligence or financial clearing
or
private army (dyncorp, CACI, MPRI, Vinnel, Wackenhut, ...)
* Companies close to government (SAIC, Dassault, QinetiQ,
Halliburton,
Bechtel...)
* Spying business companies (AT&T, Verizon, VeriSign, AmDocs,
BellSouth,
Top Layer Networks, Narus, Raytheon, Verint, Comverse, SS8, pen-
link...)
* Spoken Medias (Al Jazeera, Al Arabia, CNN, FOX, BBC, ABC, RTVi,
....)
* Written Medias or press agencies (NY/LA Times, Washington Post,
Guardian, Le monde, El Pais, The Bild, The Herald, Reuters, AFP,
AP,
TASS, UPI...)
* All satellite maintainers (Intelsat, Eurosat, Inmarsat, Eutelsat,
Astra...)
* Suspect investment firms (Carlyle, In-Q-Tel...)
* Advanced research centers (DARPA, ARDA/DTO, HAARP...)
* Secret societies, fake groups and think-tanks (The Club of Rome,
The
Club of Berne, Bilderberg, JASON group, Rachel foundation, CFR,
ERT,
UNICE, AIPAC, The Bohemian Club, Opus Dei, The Chatman House,
Church of
Scientology...)
* Guerilla groups, rebels or simply alternative groups (FARC, ELN,
ETA,
KKK, NPA, IRA, Hamas, Hezbolah, Muslim Brothers...)
* Ministries (Defense, Energy, State, Justice...)
* Militaries or international polices (US Army, US Navy, US Air
Force,
NATO, European armies, Interpol, Europol, CCU...)
* And last but not least: HONEYPOT!
It's obvious that not all ranges can be obtained. Some agencies
are
registered under a false name in order to be more discrete (what
about
ENISA, the European NSA?), others use some high level systems (VPN,
tor
....) on top of normal networks or simply use communication systems
other
than the Internet. But we would like to keep the most complete list
we
can. But for this we need your help. We need the help of everyone in
the Underground who is ready to share knowledge. Send us your range.
We started to scan the A and B range with a little script we
made,
but be sure that the more interesting range are in class C. Here is
a
quick start of the list :
11.0.0.0 - 11.255.255.255 : DoD Network Information Center
144.233.0.0 - 144.233.255.255 : Defense Intelligence Agency
144.234.0.0 - 144.234.255.255 : Defense Intelligence Agency
144.236.0.0 - 144.236.255.255 : Defense Intelligence Agency
144.237.0.0 - 144.237.255.255 : Defense Intelligence Agency
144.238.0.0 - 144.238.255.255 : Defense Intelligence Agency
144.239.0.0 - 144.239.255.255 : Defense Intelligence Agency
144.240.0.0 - 144.240.255.255 : Defense Intelligence Agency
144.241.0.0 - 144.241.255.255 : Defense Intelligence Agency
144.242.0.0 - 144.242.255.255 : Defense Intelligence Agency
162.45.0.0 - 162.45.255.255 : Central Intelligence Agency
162.46.0.0 - 162.46.255.255 : Central Intelligence Agency
130.16.0.0 - 130.16.255.255 : The Pentagon
134.11.0.0 - 134.11.255.255 : The Pentagon
134.152.0.0 - 134.152.255.255 : The Pentagon
134.205.0.0 - 134.205.255.255 : The Pentagon
140.185.0.0 - 140.185.255.255 : The Pentagon
141.116.0.0 - 141.116.255.255 : Army Information Systems Command-
Pentagon
6.0.0.0 - 6.255.255.255 : DoD Network Information Center
128.20.0.0 - 128.20.255.255 : U.S. Army Research Laboratory
128.63.0.0 - 128.63.255.255 : U.S. Army Research Laboratory
129.229.0.0 - 129.229.255.255 : United States Army Corps of
Engineers
131.218.0.0 - 131.218.255.255 : U.S. Army Research Laboratory
134.194.0.0 - 134.194.255.255 : DoD Network Information Center
134.232.0.0 - 134.232.255.255 : DoD Network Information Center
137.128.0.0 - 137.128.255.255 : U.S. ARMY Tank-Automotive Command
144.252.0.0 - 144.252.255.255 : DoD Network Information Center
155.8.0.0 - 155.8.255.255 : DoD Network Information Center
158.3.0.0 - 158.3.255.255 : Headquarters, USAAISC
158.12.0.0 - 158.12.255.255 : U.S. Army Research Laboratory
164.225.0.0 - 164.225.255.255 : DoD Network Information Center
140.173.0.0 - 140.173.255.255 : DARPA ISTO
158.63.0.0 - 158.63.255.255 : Defense Advanced Research Projects
Agency
145.237.0.0 - 145.237.255.255 : POLFIN ( Ministry of Finance Poland)
163.13.0.0 - 163.32.255.255 : Ministry of Education Computer Center
Taiwan
168.187.0.0 - 168.187.255.255 : Kuwait Ministry of Communications
171.19.0.0 - 171.19.255.255 : Ministry of Interior Hungary
164.49.0.0 - 164.49.255.255 : United States Army Space and Strategic
Defense
165.27.0.0 - 165.27.255.255 : United States Cellular Telephone
152.152.0.0 - 152.152.255.255 : NATO Headquarters
128.102.0.0 - 128.102.255.255 : NASA
128.149.0.0 - 128.149.255.255 : NASA
128.154.0.0 - 128.154.255.255 : NASA
128.155.0.0 - 128.155.255.255 : NASA
128.156.0.0 - 128.156.255.255 : NASA
128.157.0.0 - 128.157.255.255 : NASA
128.158.0.0 - 128.158.255.255 : NASA
128.159.0.0 - 128.159.255.255 : NASA
128.161.0.0 - 128.161.255.255 : NASA
128.183.0.0 - 128.183.255.255 : NASA
128.217.0.0 - 128.217.255.255 : NASA
129.50.0.0 - 129.50.255.255 : NASA
153.31.0.0 - 153.31.255.255 : FBI Criminal Justice Information
Systems
138.137.0.0 - 138.137.255.255 : Navy Regional Data Automation Center
138.141.0.0 - 138.141.255.255 : Navy Regional Data Automation Center
138.143.0.0 - 138.143.255.255 : Navy Regional Data Automation Center
161.104.0.0 - 161.104.255.255 : France Telecom R&D
161.105.0.0 - 161.105.255.255 : France Telecom R&D
161.106.0.0 - 161.106.255.255 : France Telecom R&D
159.217.0.0 - 159.217.255.255 : Alcanet International (Alcatel)
158.190.0.0 - 158.190.255.255 : Credit Agricole
158.191.0.0 - 158.191.255.255 : Credit Agricole
158.192.0.0 - 158.192.255.255 : Credit Agricole
165.32.0.0 - 165.48.255.255 : Bank of America
171.128.0.0 - 171.206.255.255 : Bank of America
167.84.0.0 - 167.84.255.255 : The Chase Manhattan Bank
159.50.0.0 - 159.50.255.255 : Banque Nationale de Paris
159.22.0.0 - 159.22.255.255 : Swiss Federal Military Dept.
163.12.0.0 - 163.12.255.255 : navy aviation supply office
163.249.0.0 - 163.249.255.255 : Commanding Officer Navy Ships Parts
164.94.0.0 - 164.94.255.255 : Navy Personnel Research
164.224.0.0 - 164.224.255.255 : Secretary of the Navy
34.0.0.0 - 34.255.255.255 : Halliburton Company
139.121.0.0 - 139.121.255.255 : Science Applications International
Corporation
....
The last one is definitely interesting; people interested by
obscure
technologies should investigate in-depth SAIC stuff...
But anyway this list is rough and incomplete. We have a lot more
interesting ranges but not yet classed. It's just to show you how
easy
it is to obtain.
If you think that the idea is funny, send us your range. We
would be
pleased to include your range in our list. The idea is to offer the
more
complete list we can for the next Phrack release.
----[ 5.4. The axis of knowledge
I'm sure that everyone knows "the axis of evil". This
sensational
expression was coined some years ago by Mr. Bush to group wicked
countries (but was it really invented by the "president" or by
m1st3r
Karl Rove??). We could use the same expression to name the evil
subjects
that we would like to have in Phrack. But I will leave to Mr
Powerful
Bush his expression and find a more noble one : The Axis of
Knowledge.
So what is it about? Just list some topics that we would like
to find
more often in Phrack. In the past years, Phrack was mainly focused
on
exploitation, shellcode, kernel and reverse engineering. I'm not
saying
that this was not interesting, I'm saying that we need to diversify
the
articles of Phrack. Everyone agrees that we must know the advances
in
heap exploitation but we should also know how to exploit new
technologies.
------[ 5.4.1 New Technologies
To illustrate my point, we can take a quote from Phrack 62, the
profiling of Scut:
Q: What suggestions do you have for Phrack?
A: For the article topics, I personally would like to see more
articles
on upcoming technologies to exploit, such as SOAP, web services,
..NET, etc.
We think he was right. We need more article on upcoming
technology.
Hackers have to stay up to date. Low level hacking is interesting
but we
also need to adapt ourselves to new technologies.
It could include: RFID, Web2, GPS, Galileo, GSM, UMTS, Grid
Computing,
Smartdust system.
Also, since the name Phrack is a combination between Phreack
and Hack,
having more articles related to Phreacking would be great. If you
have
a look to all the Phrack issues from 1 to 30, the majority of
articles
talked about Phreacking. And Phreacking and new technologies are
closely
connected.
------[ 5.4.2 Hidden and private networks
We would like to have a detailed or at least an introduction to
private networks used by governments. It includes:
* Cyber Security Knowledge Transfer Network (KTN)
http://ktn.globalwatchonline.com
* Unclassified but Sensitive Internet Protocol Router Network
and
The Secret IP Router Network (SIPRN)
http://www.disa.mil/main/prodsol/data.html
* GOVNET
http://www.govnet.state.vt.us/
* Advanced Technology Demonstration Network
http://www.atd.net/
* Global Information Grid (GIG)
http://www.nsa.gov/ia/industry/gig.cfm?MenuID=10.3.2.2
....
There are a lot private networks in the world and some are not
documented. What we want to know is: how they are implemented, who
is using them, which protocols are being used (is it ATM,
SONET...?),
is there a way to access them through the Internet, ....
If you have any information to share on these networks, we
would be
very interested to hear from you.
------[ 5.4.3 Information warfare
Information warfare is probably one of the most interesting
upcoming
subjects in recent years. Information is present everywhere and the
one
who controls the information will be the master. USA already
understands
this well, China too, but some countries are still late. Especially
in
Europe. Some websites are already specialized in information warfare
like IWS the Information Warfare Site (http://www.iwar.org.uk)
You can also find some schools across the world which are
specialized
in information warfare.
We, hackers, can use our knowledge and ingeniousness to do
something
in this domain. Let me give you two examples. The first one is
Black Hat
SEO (http://www.blackhatseo.com/). This subject is really
interesting
because it combines a lot of subjects like development, hacking,
social engineering, linguistics, artificial intelligence and even
marketing. These techniques can be use in Information Warfare and we
would like the Underground to know more about this subject.
Second example, in a document entitled "Who is n3td3v?" the
author
(hacker factor) use linguistic techniques in order to identify
n3td3v. After having analyzed n3td3v's text, the author claims that
n3td3v and Gobbles are probably the same person. N3td3v's answer
was
to say that he has an A.I. program allowing him to generate a text
automatically. If he wants to sound like George Bush, he has simply
to find a lots of articles by him, give these texts to his A.I. and
the AI program will build a model representing the way that George
Bush write. Once the model created, he can give a text to the A.I.
and this text will be translated in "George Bush Speaking".
Author's
answer (hacker factor) was to say it's not possible.
For working in text-mining, I can tell you that it's possible.
The
majority of people working in the academic area are blind and when
you
come to them with innovative techniques, they generally say you
that you
are a dreamer. A simple implementation can be realized quickly with
the
use of a grammar (that you can even induct automatically), a
thesaurus
and markov chains. Add some home made rules and you can have a small
system to modify a text.
An idea could be to release a tool like this (the binary, not
the
source). I already have the title for an article : "Defeating
forensic:
how to cover your says" !
More generally, in information warfare, interesting subjects
could be:
* Innovative information retrieval techniques
* Automatic diffusion of manipulated information
* Tracking of manipulated information
Military and advanced centers like DARPA are already interested
in
these topics. We don't have to let governments have the monopoly on
these areas. I'm sure we can do much better than governments.
------[ 5.4.4 Spying System
Everyone knows ECHELON, it's probably the most documented spying
system in the world. Unfortunately, the majority of the information
that
you can find on ECHELON is where ECHELON bases in the world are.
There is
nothing about how they manipulate data. It's evident that they are
using
some data-mining techniques like speech recognition, text-cleaning,
topic
classification, name entity recognition sentiment detection and so
on. For
this they could use their own software or maybe they are using some
commercial software like:
Retrievalware from Convera :
http://www.convera.com/solutions/retrievalware/Default.aspx
Inxight's products:
http://www.inxight.com/products/
"Minority Report" like system visualization:
http://starlight.pnl.gov/
....
For now we are like Socrates, all we know is that we know
nothing.
Nothing about how they process data. But we are very interested to
know.
In the same vein, we would like to know more on Narus
(http://www.narus.com/), which could be used as the successor of
CARNIVORE which was the FBI's tools to intercept electronic data.
Which
countries use Narus, where it is installed, how is Narus processing
information...
Actually any system which is supposed to spy on us is
interesting.
--[ 6. Conclusion
I'm reaching the end of my subject. Like with every articles
some
people will agree with the content and some not. I'm probably not
the best
person for talking about the Underground but I tried to resume in
this text all the interesting discussions I had for several years
with a
lot of people. I tried to analyze the past and present scene and to
give
you a snapshot as accurate as possible.
I'm not entirely satisfied, there's a lot more to say. But if
this
article can already make you thinking about the current scene or
the Underground in general, that means that we are on the good way.
The most important thing to retain is the need to get back the
Underground spirit. The world changes, people change, the security
world
changes but the Underground has to keep its spirit, the spirit which
characterized it in the past.
I gave you some ideas about how we could do it, but there are
much
more ideas in 10000 heads than in one. Anyone who worry about the
current
scene is invited to give his opinion about how we could do it.
So let's go for the wakeup of the Underground. THE wakeup. A
wakeup
to show to the world that the Underground is not dead. That it will
never
die, that it is still alive and for a long time.
Thats the responsibility of all hackers around the world.
--
Stuck in a dead end job?? Click to start living your dreams by earning an online degree.
http://tagline.hushmail.com/fc/CAaCXv1S7Y1c4HWxMAWmd95kbjLpK0EX/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists