Stealing the Network This page intentionally left blank Stealing the Network: The Complete Series Collector’s Edition Ryan Russell Timothy Mullen Johnny Long AMSTERDAM • BOSTON • HEIDELBERG • LONDON • NEW YORK • OXFORD PARIS • SAN DIEGO • SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier Syngress is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Stealing the Network: The Complete Series Collector’s Edition, Final Chapters, and DVD Copyright © 2009, Elsevier Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Library of Congress Cataloging-in-Publication Data Russell, Ryan, 1969– Stealing the network: the complete series collector’s edition / Ryan Russell, Timothy Mullen, Johnny Long. p. cm. ISBN 978-1-59749-299-7 1. Computer hackers—Fiction. 2. Computer security—Fiction. 3. Cyberterrorism—Fiction. 4. Short stories, American—21st century. I. Mullen, Timothy M. II. Long, Johnny. III. Title. PS648.C65R87 2009 813'.6—dc22 2008055578 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-299-7 For information on all syngress publications visit our web site at www.syngress.com Printed in the United States of America 09 10 11 12 13 10 9 8 7 6 5 4 3 2 1 Elsevier Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights; email [email protected] Publisher: Laura Colantoni Acquisitions Editor: Rachel Roumeliotis Development Editor: Mathew Cater Project Manager: Andre Cuello Contents v PART I ● How to Own the Box Foreword Jeff Moss CHAPTER 1 Hide and Sneak Ido Dubrawsky ..............................................7 If you want to hack into someone else’s network, the week between Christmas and New Year’s Day is the best time. I love that time of year. No one is around, and most places are running on a skeleton crew at best. If you’re good, and you do it right, you won’t be noticed even by the automated systems. And that was a perfect time of year to hit these guys with their nice e-commerce site—plenty of credit card numbers, I fi gured. The people who ran this site had ticked me off. I bought some computer hard- ware from them, and they took forever to ship it to me. On top of that, when the stuff fi nally arrived, it was damaged. I called their support line and asked for a return or an exchange, but they said that they wouldn’t take the card back because it was a closeout. Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen. They said, “Policy is policy,” and “Didn’t you read the fi ne print?” Well, if they’re going to take that position…. Look, they were okay guys on the whole. They just needed a bit of a lesson. That’s all. CHAPTER 2 The Worm Turns Ryan Russell and Timothy Mullen ............23 After a few hours, I’ve made a tool that seems to work. Geeze, it’s 4:30 A.M. I mail the cleanup tool to the list for people to try. It’s tempting to use the root.exe and make the infected boxes TFTP down my tool and fi x themselves. Maybe, by putting it out there, some idiot will vol- unteer himself. Otherwise, the tool won’t do much good, since the damage is already done. I’m showing about 14,000 unique IPs in my logs so far. Based on previous worms, that usually means there are at least 10 times as many infected. My little home range is only fi ve IP addresses. I decide to hack up a little script that someone can use to remotely install my fi x program, using the root.exe hole. That way, if someone wants to fi x some of their internal boxes, they won’t need to run around to the consoles. Then I go ahead and change it to do a whole range of IP addresses, so admins can use it on their whole internal network at once. When everyone gets to work tomor- row, they’re going to need all the help they can get. I do it in C, so I can com- pile it to an .exe, since most people won’t have the Windows Perl installed. vi Contents CHAPTER 3 Just Another Day at the Offi ce Joe Grand .............................41 I can’t disclose much about my location. Let’s just say it’s damp and cold. But it’s much better to be here than in jail, or dead. I thought I had it made—sim- ple hacks into insecure systems for tax-free dollars. And then the ultimate heist: breaking into a sensitive lab to steal one of the most important weapons the U.S. had been developing. And now it’s over. I’m in a country I know noth- ing about, with a new identity, doing chump work for a guy who’s fresh out of school. Each day goes by having to deal with meaningless corporate policies and watching employees who can’t think for themselves, just blindly following orders. And now I’m one of them. I guess it’s just another day at the offi ce. CHAPTER 4 h3X’s Adventures in Networkland FX ..................................63 h3X is a hacker, or to be more precise, she is a hackse (from hexe, the German word for witch). Currently, h3X is on the lookout for some printers. Printers are the best places to hide fi les and share them with other folks anonymously. And since not too many people know about that, h3X likes to store exploit codes and other kinky stuff on printer, and point her buddies to the web serv- ers that actually run on these printers. She has done this before… CHAPTER 5 The Thief No One Saw Paul Craig ........................................103 My eyes slowly open to the shrill sound of my phone and the blinking LED in my dimly lit room. I answer the phone. “Hmm … Hello?” “Yo, Dex, it’s Silver Surfer. Look, I got a title I need you to get for me. You cool for a bit of work?” Silver Surfer and I go way back. He was the fi rst person to get me into hacking for profi t. I’ve been working with him for almost two years. Although I trust him, we don’t know each ot her’s real names. My mind slowly engages. I was up till 5:00 A.M., and it’s only 10:00 A.M. now. I still feel a little mushy. “Sure, but what’s the target? And when is it due out?” “Digital Designer v3 by Denizeit. It was announced being fi nal today and ship- ping by the end of the week, Mr. Chou asked for this title personally. It’s good money if you can get it to us before it’s in the stores. There’s been a fair bit of demand for it on the street already.” “Okay, I’ll see what I can do once I get some damn coffee.” “Thanks dude. I owe you.” There’s a click as he hangs up. CHAPTER 6 Flying the Friendly Skies Joe Grand ....................................119 Not only am I connected to the private wireless network, I can also access the Internet. Once I’m on the network, the underlying wireless protocol is trans- parent, and I can operate just as I would on a standard wired network. From a hacker’s point of view, this is great. Someone could just walk into a Starbucks, hop onto their wireless network, and attack other systems on the Internet, with Contents vii hardly any possibility of detection. Public wireless networks are perfect for retaining your anonymity. Thirty minutes later, I’ve fi nished checking my e-mail using a secure web mail client, read up on the news, and placed some bids on eBay for a couple of rare 1950’s baseball cards I’ve been looking for. I’m bored again, and there is still half an hour before we’ll start boarding the plane. CHAPTER 7 dis-card Mark Burnett ..........................................................129 One of my favorite pastimes is to let unsuspecting people do the dirty work for me. The key here is the knowledge that you can obtain through what I call social reverse-engineering, which is nothing more than the analysis of people. What can you do with social reverse-engineering? By watching how people deal with com- puter technology, you’ll quickly realize how consistent people really are. You’ll see patterns that you can use as a roadmap for human behavior. Humans are incredibly predictable. As a teenager, I used to watch a late-night TV program featuring a well-known mentalist. I watched as he consistently guessed social security numbers of audience members. I wasn’t too impressed at fi rst—how hard would it be for him to place his own people in the audi- ence and play along? It was what he did next that intrigued me: He got the TV-viewing audience involved. He asked everyone at home to think of a veg- etable. I thought to myself, carrot. To my surprise, the word CARROT suddenly appeared on my TV screen. Still, that could have been a lucky guess. CHAPTER 8 Social (In)Security Ken Pfeil ................................................143 While I’m not normally a guy prone to revenge, I guess some things just rub me the wrong way. When that happens, I rub back—only harder. When they told me they were giving me walking papers, all I could see was red. Just who did they think they were dealing with anyway? I gave these clowns seven years of sweat, weekends, and three-in-the-morning handholding. And for what? A lousy week’s severance? I built that IT organization, and then they turn around and say I’m no longer needed. They said they’ve decided to “outsource” all of their IT to ICBM Global Services… The unemployment checks are about to stop, and after spending damn near a year trying to fi nd another gig in this economy, I think it’s payback time. Maybe I’ve lost a step or two technically over the years, but I still know enough to hurt these bastards. I’m sure I can get some information that’s worth selling to a competitor, or maybe get hired on with them. And can you imagine the looks on their faces when they fi nd out they were hacked? If only I could be a fl y on the wall. CHAPTER 9 BabelNet Dan Kaminsky ......................................................157 Black Hat Defense: Know Your Network Better Than the Enemy Can Afford To… SMB, short for Server Message Block, was ultimately the protocol behind NBT (NetBIOS over TCP/IP), the prehistoric IBM LAN Manager, heir-apparent CIFS, and the most popular data-transfer system in the world short of e-mail and the viii Contents Web: Windows fi le sharing. SMB was an oxymoron—powerful, fl exible, fast, supported almost universally, and fucking hideous in every way shape and byte. Elena laughed as chunkage like ECFDEECACACA-CACACACACACACACACACA spewed across the display. Once upon a time, a particularly twisted IBM engineer decided that this First Level Encoding might be a rational way to write the name BSD. Humanly readable? Not unless you were the good Luke Kenneth Casson Leighton, co-author of the Samba UNIX implementation, whose ability to fully grok raw SMB from hex dumps was famed across the land, a postmodern incarnation of sword-swallowing. CHAPTER 10 The Art of Tracking Mark Burnett .......................................175 It’s strange how hackers’ minds work. You might think that white hat hackers would be on one end of the spectrum and black hat hackers on the other. On the contrary, they are both at the same end of the spectrum, with the rest of the world on the other end. There really is no difference between responsible hacking and evil hacking. Either way, it’s hacking. The only difference is the content. Perhaps that’s why it’s so natural for a black hat to go white, and why it’s so easy for a white hat to go black. The line between the two is fi ne, mostly defi ned by ethics and law. To the hacker, ethics and laws have holes, just like anything else. Many security companies like to hire reformed hackers. The truth is that there is no such thing as a reformed hacker. These hackers may have their focus redi- rected and their rewards changed, but they are never reformed. Getting paid to hack doesn’t make them any less of a hacker. Hackers are kind of like artists. Artists will learn to paint by painting whatever they want. They could paint mountains, animals, or nudes. They can use any medium, any canvas, and any colors they wish. If the artist someday gets a job producing art, she becomes a commercial artist. The only difference is that now she paints what other people want. Appendix: The Laws of Security Ryan Russell ..........................................199 This book contains a series of fi ctional short stories demonstrating criminal hacking techniques that are used every day. While these stories are fi ctional, the dangers are obviously real. As such, we’ve included this appendix, which discusses how to mitigate many of the attacks detailed in this book. While not a complete reference, these security laws can provide you with a foundation of knowledge to prevent criminal hackers from stealing your network… Part II ● How to Own a Continent Foreword Jeff Moss CHAPTER 11 Control Yourself Ryan Russell as “Bob Knuth” ..................227 How much money would you need for the rest of your life? How much would you need in a lump sum so that you never had to work again, never had to Contents ix worry about bills or taxes or a house payment? How much to live like a king? Your mind immediately jumps to Bill Gates or Ingvar Kamprad with their billions. You think that is what you would need… CHAPTER 12 The Lagos Creeper Box 131ah as “Charlos” ........................241 Nigeria was a dump. Charlos now understood why nobody wanted to work there. It’s Africa like you see it on CNN. And yet this was the country that had the largest oil reserve on the continent. Military rule for the past 30 years ensured that the money ended up mostly in some dictator’s pocket and not on the streets where it belonged… CHAPTER 13 Product of Fate: The Evolution of a Hacker Russ Rogers as “Saul” ..............................................................................................................255 Looking back on the entire event, no one could really say how everything ended up the way it did. Saul has always done well in school. And though his parents might not have been the greatest people on the planet, it’s not like they didn’t love him. So, what could have enticed a bright, seemingly normal kid like Saul into committing such a heinous crime? No one knows. But, then again, no one knows what really happened, do they?… CHAPTER 14 A Real Gullible Genius Jay Beale as “Flir” ..........................281 CIA agent Knuth had been very insistent when he recruited Flir. He needed per- sonal student information, including social security numbers, and, as an agent for a non-domestically focused intelligence agency, didn’t have the authority to get such from the U.S. government. He did, on the other hand, have the authority to get Flir complete immunity for any computer crimes that did not kill or physically injure anyone. The letter the agent gave Flir was on genuine CIA letterhead and stated both the terms of the immunity and promised Flir signifi cant jail time if he disclosed any details about this mission. CHAPTER 15 For Whom Ma Bell Tolls Joe Grand as “The Don” ...............325 The sun had already sunk beyond the harbor as Don Crotcho woke up. He nei- ther noticed nor cared. It had been a little more than a year since his fl ight from Boston after a successful theft of the United States’ next-generation stealth landmine prototype, and he had been enjoying his self-prescribed seclusion in this land of fi re and ice… CHAPTER 16 Return on Investment Fyodor as “Sendai” .........................351 Like many professional penetration testers, Sendai was not always the whole- some “ethical hacker” described in his employer’s marketing material. In his youth, he stepped well over the line between questionable (grey hat) and fl at-out illegal (black hat) behavior. Yet he never felt that he was doing anything wrong… CHAPTER 17 h3X and The Big Picture FX as “h3X” .................................379 h3X paints a picture. Actually, she doesn’t really paint but rather just creates a plain white canvas of 256 by 512 pixels in Microsoft Paint, because you can hardly do more with that program than the equivalent of the childish drawings young
Description: