Dissecting the Hack The F0rb1dd3n Network (2010) pdf pdf
Dissecting the Hack This page intentionally left blank
Dissecting the Hack The F0rb1dd3n Network
Jayson E. Street Kent Nabors AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Syngress is an imprint of Elsevier S Y N G R E S S ®
Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Dissecting the Hack: The F0rb1dd3n Network © 2010 ELSEVIER Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or any information storage and retrieval system, without
permission in writing from the publisher. Details on how to seek permission, further information about
the Publisher’s permissions policies and our arrangements with organizations such as the CopyrightClearance Center and the Copyright Licensing Agency, can be found at our Web site: www.elsevier.com/
permissions.This book and the individual contributions contained in it are protected under copyright by the Publisher
(other than as may be noted herein).Notices Knowledge and best practice in this fi eld are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and
using any information, methods, compounds, or experiments described herein. In using such informa-tion or methods, they should be mindful of their own safety and the safety of others, including parties for
whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors assume any
liability for any injury or damage to persons or property as a matter of products liability, negligence orotherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the
material herein.Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-478-6
ISBN: 978-1-59749-478-6 For information on all Syngress publications visit our Web site at www.syngress.com Printed in the United States of America
09 10 11 12 13 10 9 8 7 6 5 4 3 2 1 Typeset by : diacriTech, Chennai, India Elsevier Inc., the author(s), and any person or fi rm involved in the writing, editing, or production
(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained
from the Work.For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director
and Rights; e-mail m.pedersen@elsevier.com Publisher: Laura Colantoni Acquisitions Editor: Rachel Roumeliotis Assistant Editor: David Bevans Project Manager: Julie Ochs
To Earl L. Street
All that I am and part of what my children will become is because
of who you were. Thank you and I miss and think of you everyday.
To Dee Drake and Aliera
For all the love you give me thank you. Also for putting up with me
when I am there and missing me when I am away. This page intentionally left blank
vii Contents
...................................................................................................... 47 In Real Life ....................................................................................... 47
CHAPTER E1GHT
................................................................................................... 81 Code Review .................................................................................... 81
CHAPTER S3V3N
........................................................................................................ 69 The Meeting ..................................................................................... 69 First Lead .......................................................................................... 72 The Discovery .................................................................................. 75
CHAPTER S1X
...................................................................................................... 57 Status Check ..................................................................................... 57 Log Review ....................................................................................... 63
CHAPTER F1V3
CHAPTER F0UR
Foreword ................................................................................................................ xvii Acknowledgements .................................................................................................. xix H0w t0 R34d Dissecting The Hack: The F0rb1dd3n Network .............................. xxi Author Biographies ................................................................................................ xxiii
................................................................................................... 35 In Country ........................................................................................ 35
CHAPTER THR33
....................................................................................................... 27 Just Another Day............................................................................... 27 The Installation ................................................................................ 32
CHAPTER TW0
........................................................................................................ 15 Problem Solved ............................................................................... 15 Getting Started ................................................................................. 20 The Acquisition ................................................................................ 22
CHAPTER 0N3
................................................................................................................ 3 A New Assignment ............................................................................. 3
PART 1 F0RB1DD3N PR010GU3
.................................................................................................... 91 Battle Plans ....................................................................................... 91 Data Collection ................................................................................ 96
viii Contents CHAPTER N1N3
................................................................................................... 105 Data Analysis................................................................................... 105 Shrinking Team ............................................................................... 106 Tenuous Connections .................................................................... 107 Loose Ends ..................................................................................... 112 Expendable Assets .......................................................................... 115
CHAPTER T3N
...................................................................................................... 119 Choosing Sides ............................................................................... 119
3P1L0GU3
............................................................................................................. 127 End Process .................................................................................... 127
PART 2 SECURITY THREATS ARE REAL (STAR) STAR INTRODUCTION
.......................................................................................... 131 Recon ............................................................................................. 131 Scanning ......................................................................................... 131 Exploring ....................................................................................... 132 Exploiting ....................................................................................... 132 Expunging ...................................................................................... 132 Bleeding Edge ................................................................................. 132 Hacking Culture ............................................................................. 133
CHAPTER 1 Recon .............................................................................................. 135 Fictional Story Dissected: U.S. Securities
and Exchange Commission ......................................................... 137 Fictional Story Dissected: Harvesting Addresses ............................ 138 Public Record on Tap: Real-Time E-mail Harvesting ....................... 140 Maltego ........................................................................................... 141 Google ............................................................................................ 143 Netcraft .......................................................................................... 143 Sam Spade ...................................................................................... 144 Public Record on Tap: Sam Spade ................................................... 144 DNSpredict ..................................................................................... 146 Books.............................................................................................. 147
CHAPTER 2 Scanning ......................................................................................... 149 Fictional Story Dissected: Kismet ................................................... 149 Fictional Story Dissected: SuperScan 4 .......................................... 152 Fictional Story Dissected: Nmap .................................................... 154 Public Record on Tap: The Matrix and Nmap ................................ 155
Contents ix
Paratrace ......................................................................................... 155 Scanrand ......................................................................................... 156 Amap .............................................................................................. 157 Public Record on Tap: My Top 5 Fav Tools ...................................... 157 Books.............................................................................................. 158
CHAPTER 3 Explore ............................................................................................ 161 Plug-In ............................................................................................ 161 Public Record on Tap: Hacking Web 2.0 Applications
with Firefox ................................................................................ 161 Public Record on Tap: Firefox Plug-ins for Security
Professionals, by Chris Schmidt .................................................. 162 Vulnerability Scanners .................................................................... 164 Internet Security Systems Scanner ................................................. 164 Nessus ............................................................................................ 165 Public Record on Tap: Nessus Goes Closed License ....................... 166 Tenable NeWt Pro 2.0 .................................................................... 167 Rapid7 ............................................................................................ 168 Microsoft Baseline Security Analyzer ............................................. 170 Retina eEye Network Security Scanner .......................................... 171 Public Record on Tap: Open Source Vulnerability
Database ..................................................................................... 173 Books.............................................................................................. 174
CHAPTER 4 Exploit ............................................................................................. 177 Public Record on Tap: Exploit Used to Breach University ........................................................................ 178 Fictional Story Dissected: Buffer Overfl ows ................................... 178 Fictional Story Dissected: Wiping the Administrative Password ............................................................. 179 Fictional Story Dissected: Subseven .............................................. 180 Don’t Hack Me Please: Stopping Sub7 ........................................... 181 Fictional Story Dissected: Milw0rm.com ...................................... 184 Fictional Story Dissected: Metasploit ............................................. 185 Canvas ............................................................................................ 187 Core Impact ................................................................................... 187 Books.............................................................................................. 190 CHAPTER 5 Expunge .......................................................................................... 193 Public Record on Tap: Registry Keys .............................................. 193 Fictional Story Dissected: Clear Event Logs.................................... 193 Don’t Hack Me Please: Securing Your Logs .................................... 194
x Contents
Event Viewer .................................................................................. 195 How to: Event Log Types ................................................................ 196 How to: Stop Windows From Showing the Last Username
Logged in .................................................................................... 198 How to: Manipulate Last User Logged on Using
Lognamer Tool ............................................................................ 200 How to: Cleaning Out the Internet Explorer Cache, Cookies, and History Using IEClean Tool .................................................. 200 Don’t Hack Me Please: Last True Login Tool ................................... 201 Don’t Hack Me Please: Recording Users Last Logoff Time ............. 202 Public Record on Tap: Windows Security Log ................................ 205 Books.............................................................................................. 209
CHAPTER 6 Information Technology (IT) Policy .................................................. 211
Don’t Hack Me Please: Some Common It Policies ......................... 211 Fictional Story Dissected: Password Management .......................... 212 Fictional Story Dissected: Basic Input /Output System(BIOS) Password ......................................................................... 213 Fictional Story Dissected: Security Awareness................................ 214 Fictional Story Dissected: Local .pst Files ....................................... 215 Public Record on Tap: Microsoft said .pst Files are
Vulnerable with Passwords Applied ............................................ 217 Fictional Story Dissected: Contractor/Visitor Badge Policy ............ 217 Public Record on Tap: Intermountain Health Care (IHC)
Issuing Visitor Tags ...................................................................... 218 Fictional Story Dissected: GPO Screen Savers ................................ 219 Example “IT” Policies ...................................................................... 223 Appendix 1 .................................................................................... 231
Service Specifi c Policies ............................................................ 231 Education ....................................................................................... 233
Computing Technology Industry Association (CompTIA) ......................................................... 233
EC-Council ................................................................................ 236 2 (ISC) ......................................................................................... 236 SANS .......................................................................................... 237
Books.............................................................................................. 240
CHAPTER 7 IT Infrastructure .............................................................................. 243 Fictional Story Dissected: VPN RSA Token One-Time Password .................................................................... 243 Fictional Story Dissected: Honey Pot ............................................. 246
Contents xi
Public Record on Tap: The Honeynet Project ................................. 246 Fictional Story Dissected: No Wi-Fi Should Still Check for Wi-Fi ....................................................................................... 248 Fictional Story Dissected: Null Shares ............................................ 248 Public Record on Tap: Null Session Exploit .................................... 251 Public Record on Tap: Null Session Vulnerability ........................... 252 Fictional Story Dissected: Corporate Firewalls ............................... 253 Fictional Story Dissected: PGP Whole Disk .................................... 255 Public Record on Tap: PGP Whole Disk .......................................... 256 Fictional Story Dissected: Snort ...................................................... 257 Intrusion Prevention and Detection .............................................. 258 Public Record on Tap: TippingPoint ............................................... 264 Public Record on Tap: Web Applications Firewalls ......................... 266 Public Record on Tap: Enterprise Antivirus .................................... 266 Books.............................................................................................. 267
CHAPTER 8 Software, Hardware, and Wetware .................................................. 269 Fictional Story Dissected: USB Knife, Swiss Army Knife
with USB Storage ........................................................................ 269 Fictional Story Dissected: USB Storage Built into a Pen ................. 269 Fictional Story Dissected: VMware ................................................. 271 Fictional Story on Tap: BackTrack 4 ................................................ 272 Public Record on Tap: BackTrack 4 Forensics Mode ...................... 273 Helix CD ......................................................................................... 273 Public Record on Tap: Helix ........................................................... 275 Belgian Fccu Gnu/Linux Boot CD .................................................. 276 Fictional Story Dissected: Pringles can for
Hacking Wireless ......................................................................... 277 Fictional Story Dissected: Wireshark .............................................. 278 Fictional Story Dissected: Pretty Good Privacy
Whole Disk ................................................................................. 279 Fictional Story Dissected: Personal Firewall ................................... 280 Fictional Story Dissected: Perl Script.............................................. 285 Public Record on Tap: Writing a Perl Script by Doug Sheppard ...................................................................... 285 Fictional Story Dissected: Twitter ................................................... 287 Public Record on Tap: Twitter and the Swine Flu ........................... 288 Public Record on Tap: Twitter and Iran? ......................................... 289 Public Record on Tap: Privacy and Security Issues in
Social Networking ...................................................................... 290 Public Record on Tap: Online Social Networking .......................... 291
xii Contents
Fictional Story Dissected: Bluesnarf ............................................... 292 Public Record on Tap: The Role of Bluesnarfi ng ............................. 294 Public Record on Tap: Bluetooth Hacking Tools ............................. 295 Books.............................................................................................. 296
CHAPTER 9 Bleeding Edge Technology .............................................................. 299
Fictional Story Dissected: Infrared Hotel Attack ............................. 299 Fictional Story Dissected: MD5 Hash ............................................. 300 Don’t Hack Me Please: Breaking SSL 2 Using 200 PS3s .......................................................................... 302Fictional Story Dissected: Echelon ................................................. 303 Fictional Story Dissected: TOR Network ........................................ 305 Fictional Story Dissected: Yagi Rifl e ................................................ 306 Public Record on Tap: Sniper Yagi Rifl e .......................................... 307 Public Record on Tap: Bluetooth Yagi Rifl e .................................... 307 Fictional Story Dissected: gh0stRAT ............................................... 309 Public Record on Tap: GhostNet .................................................... 310 Breaking Disk Encryption .............................................................. 312 Don’t Hack Me Please: Cold Boot Attack ........................................ 312 Public Record on Tap: Cold-Boot Attack ......................................... 313 Virtualization Exploits .................................................................... 314 Public Record on Tap: Virtual Machine Exploit .............................. 314 Public Record on Tap: Cloudburst .................................................. 317 Don’t Hack Me Please: Weaponizing the Web at DEFCON 17 ............................................................................ 318 Don’t Hack Me Please: Taking Over Voice Over IP (VOIP)
Conversations at DEFCON 17 ..................................................... 319 Don’t Hack Me Please: The Blue Pill ............................................... 320 Don’t Hack Me Please: Ph-neutral Talks .......................................... 321 Public Record on Tap: Changing How Humans Use Passwords ..... 324 Books.............................................................................................. 325
CHAPTER 10 Hacker Culture ................................................................................ 329
For Public Release: Levy’s Hackers’ Ethic ....................................... 329 Fictional Story Dissected: Spot the Fed .......................................... 330 Fictional Story Dissected: London NASA Hacker ........................... 331 Fictional Story Dissected: 2600 ...................................................... 331 Fictional Story Dissected: Capture the Flag .................................... 332 Fictional Story Dissected: Gary McKinnon ..................................... 333 Public Record on Tap: Gary McKinnon .......................................... 335 Public Record on Tap: The Hacker’s Handbook ............................ 335Contents xiii
Public Record on Tap: Donna Hare ................................................ 336 Fictional Story Dissected: PSP Hack ............................................... 336 Fictional Story Dissected: iDefense and ZDI .................................. 337 Target Acquired… An Infosec/Hacking Pioneer:
Adam Laurie (a.k.a. Major Malfunction) ...................................... 339 Target Acquired… An Infosec/Hacking Pioneer:
Dan Kaminsky ............................................................................. 340 Target Acquired… An Infosec/Hacking Pioneer:
Felix “FX” Lindner ....................................................................... 340 Target Acquired… An Infosec/Hacking Pioneer:
Goodwell and China Eagle .......................................................... 340 Target Acquired… An Infosec/Hacking Pioneer:
HD Moore ................................................................................... 341 Target Acquired… An Infosec/Hacking Pioneer:
Jake Kouns .................................................................................. 341 Target Acquired… An Infosec/Hacking Pioneer:
Jeff Moss ..................................................................................... 342 Target Acquired… An Infosec/Hacking Pioneer:
Joanna Rutkowska ...................................................................... 342 Target Acquired… An Infosec/Hacking Pioneer:
Johnny Long ................................................................................ 343 Target Acquired… An Infosec/Hacking Pioneer:
Kevin Mitnick ............................................................................. 343 Target Acquired… An Infosec/Hacking Pioneer:
Stephan Northcutt ...................................................................... 343 Target Acquired… An Infosec/Hacking Pioneer:
Tony Watson ................................................................................ 344 Fictional Story Dissected: Kaminsky and Watson ........................... 344 Public Record on Tap: Wikiality ...................................................... 344 Public Record on Tap: Megyeri Bridge Naming Poll ....................... 346 Public Record on Tap: NASA and Colbert ....................................... 347 Public Record on Tap: Gobbles ....................................................... 348 Public Record on Tap: n3td3v ........................................................ 348 Conferences ................................................................................... 349
ARES: The International Dependability Conference ................. 350 Best of Open Source Security (BOSS) Conference .................... 350 Black Hat ................................................................................... 350 BlueHat ...................................................................................... 350 BruCON ..................................................................................... 351 New Camelot Council ............................................................... 351
xiv Contents
CanSecWest ............................................................................... 351 Chaos Communication Congress (CCC) ................................... 352 Computer and Communications Security (CCS) ...................... 352 Computer and Enterprise Investigations Conference (CEIC) ... 352 Computer Forensics Show ........................................................ 352 Computer Security Institute Annual Conference (CSI) ............. 353 Computer Security Institute Security Exchange (CSI-SX) ......... 353 CONFidence .............................................................................. 353 DeepSec In-Depth Security Conference ................................... 353 DEFCON .................................................................................... 354 DojoSec Monthly Briefi ngs ........................................................ 354 Ekoparty Security Conference .................................................. 354 EUsecWest London ................................................................... 354 FRHACK International IT Security Conference ......................... 355 Hack.in ...................................................................................... 355 Hack in the box—HITBSecConf ............................................... 355 Hacker Halted ........................................................................... 355
IPTComm: Principles, Systems and Applications of
IP Telecommunications ............................................................. 356 Infosecurity Europe ................................................................... 356 International Conference on Security and Cryptography (SECRYPT) ......................................................... 356 International Workshop on Fast Software Encryption (FSE) ....................................................................... 357 Internet Security Operations and Intelligence (ISOI) ............... 357 Kiwicon ..................................................................................... 357 LayerOne ................................................................................... 357 PacSec ....................................................................................... 357 RSA ............................................................................................ 358 Rocky Mountain Information Security Conference (RMISC) ................................................................. 358 SEaCURE.IT ............................................................................... 358 SecTor: Security Education Conference Toronto ....................... 359 SecureWorld Expo..................................................................... 359 Shakacon ................................................................................... 359 ShmooCon ................................................................................. 359 SOURCE Conference ................................................................. 359 SyScan ....................................................................................... 360 Techno Forensics Conference ................................................... 360 Techno Security Conference ..................................................... 360
Contents xv
ToorCamp ................................................................................. 361 ToorCon .................................................................................... 361 uCon .......................................................................................... 361 USENIX Security Symposium .................................................... 361 Workshop on Collaboration and Security (COLSEC) ................ 362
Blogs ............................................................................................... 362 Podcasts ......................................................................................... 375 Books.............................................................................................. 376
CHAPTER 11 Easter Eggs ..................................................................................... 377 Fictional Story Dissected: 3DNF ..................................................... 377 Fictional Story Dissected: The Account Number ............................ 378 Fictional Story Dissected: Odysseus ............................................... 378 Fictional Story Dissected: Thompson ............................................. 379 Fictional Story Dissected: Resol ..................................................... 380 Fictional Story Dissected: Falken .................................................... 380 Public Record on Tap: What is WarGames? .................................... 380 Fictional Story Dissected: Groom Lake........................................... 381 Public Record on Tap: What is Aurora? ........................................... 382 Fictional Story Dissected: CyberBob .............................................. 383 Fictional Story Dissected: Sydney Bristow ..................................... 383 Fictional Story Dissected: Kimeron ................................................ 384 Public Record on Tap: Chimera Film and Mythology ..................... 384 Mythology of Chimera .............................................................. 385 Books.............................................................................................. 385 CHAPTER 12 Miscellaneous ................................................................................. 389 Fictional Story Dissected: Perverted Justice ................................... 389 Fictional Story Dissected: Plausible deniability
(Legal Defense) ........................................................................... 391 Fictional Story Dissected: IRC Carders ........................................... 392 Public Record on Tap: Credit Card Scam ........................................ 393 Public Record on Tap: Carders ....................................................... 394 Fictional Story Dissected: MPORPG for
Communications Channel .......................................................... 394 Public Record on Tap: WoW has Terrorists! .................................... 398 Fictional Story Dissected: InfraGard ............................................... 399 Fictional Story Dissected: Police Car APs ....................................... 400 Public Record on Tap: CHP and Wi-Fi ............................................. 402 Fictional Story Dissected: Lock Bumping ....................................... 403 Public Record on Tap: Locked, But Not Secure .............................. 405
xvi Contents
Fictional Story Dissected: 36 Stratagems ........................................ 405 Public Record on Tap: The 36 Stratagems ....................................... 406 Public Record on Tap: Sun Tzu ....................................................... 408 Books.............................................................................................. 409
Index ................................................................................................................... 411
Foreword
The world of hacking is a world of pain and frustration. Frustration for the hacker as he tries to fi gure out how to break the latest and greatest security device, and pain for the manufacturer or corporate that made or was relying on that device.
At least, that is the layman’s view – the hacker is the “bad guy,” set on doing evil and causing pain to those he comes up against, and interested only in one thing: destroying the security of the systems in front of him, and the manufacturer is the innocent victim, trying to go about its business, but suffering unprovoked attacks. But it’s not as simple as that. Hackers come in all shapes and sizes, some good and some bad, and they hack for all kinds of reasons, some benign and some selfi sh. Manufacturers also come in all shapes and sizes, and of course, the pain and frustration defi nitely comes in all shapes and sizes: ■
The frustration of not getting your message across – trying and failing to make people understand not only what is wrong with their product but why it’s ■ important that they get it right.
The pain of seeing your research buried under threats of lawsuits, even though ■ you are right and the issue you’ve uncovered is there to be exploited. The frustration of dealing with manufacturers or commercial businesses that ■ put profi t or expedience over end-user safety and security. The pain of losing data or suffering an intrusion through an unpatched system... The list goes on.
When I met Jayson, he didn’t know it then, but he was going to experience pain and frustration in spades. He had come up with a brilliant scheme for overcoming all these obstacles, and it should have been a “no-brainer.” Not only that, but he was enthusiastic, intelligent, personable, committed, and, most importantly, on the right
side . He was one of us, one of the good guys, with something that was going to help
solve the everlasting problem of how you get those with the power to make things change understand not only what needs to happen but why it needs to happen. In other words, how to engage them. Talk to me about marketing and my eyes will glaze over and I’ll be a million miles away in a world of my own. Talk to most management about technical or security problems, and you’ll have the same effect – they are off with the fairies and your wise words are going in one ear and out of the other...
However, Jayson had a plan. What do people like better than technical manuals and lectures on threat management or risk assessments? Stories, of course. Thrillers! Action! Secret agents taking on the forces of evil and winning!
Jayson and I meet about once a year in, of all places, Las Vegas. We both go there for the world’s largest “hacker” conference, DEFCON. When I fi rst met him, Jayson was excited. He had a book. This book. As soon as he explained the concept to me,
xvii
xviii Foreword
could then be fl ipped into a technical reference that showed you exactly how each of those neat hacks worked was a sure winner. Maybe this would be the way to get the “suits” to understand that this is not the stuff of fi ction. This is real and it’s happening to them, right now .
When I met him again the following year, he was still excited. Ideas were fl owing, research was pouring in, and his book was progressing. He was now looking for a publisher. Things were looking good.
The year after that, he was still excited, but he was feeling the pain of rejection, and frustration as fi nding a publisher wasn’t as easy as he’d fi rst thought. But he was upbeat. He was a man on a mission. He had loads of new ideas so that just meant the book would be even better by the time it came out, so no problem... soldier on!
Three years on, and here he is again – still smiling and determined, but still frustrated and in pain. They just don’t get it. The book gets better and better, but he’s hitting a brick wall.
It could have ended there, but Jayson is no quitter. The other thing that impressed me about him when we fi rst met was his determination to follow things through. He’s never made me a promise that he hasn’t kept (and we all know those are ten a penny at conferences... “Sure, I’ll send you that stuff as soon as I get home...”), and he’s always looking out for something he can do to benefi t those around him. This book is all about sharing and learning, and that encapsulates the hacker ethos and, in particular, the DEFCON ethos. If you know something, share it. If you learn something, learn more. When you really know your stuff, teach it.
The publication of this book was a hard-won victory, and I hope you learn as much from it as Jayson did researching it, but most of all, I hope you enjoy it as much as I have and as much as it deserves to be enjoyed.
Adam Laurie Dorset, UK, June 2009. Acknowledgments
Thanks to Haki Berkeri for the pizza, Pepsi, and the good advice that kept me going when nothing else was.
I also owe thanks to Weldon for Wednesday, Dee for all the days in between. Rudy for the rides and for sticking with Hanzo. David Letterman for letting me be on his show (and for Stephen Colbert, I hope). Del Rhea and Lee for their love of rodents who hang out at the mall. Rafe for his patience and tolerance of a wild and loud crazy roommate. Laura (she knows why). Pam for leaving. For Crystal, Jason, and Sean for being good students. Marco for the experience in warehouse living. Leslie’s mom for giving me Jackie (I’m taking good care of her). Capt. Tom Johnson for the loan of the gun (I was glad to give it back). Mrs. F. Collins, the only teacher who encouraged me in learning and poetry. For Sherry, Andrea, and Kris for all the help in the background with the book. Of course to Rachel for taking a chance on some geek on Twitter K. Also to Syngress for making my dream a reality. Stay tuned – more to follow. To my family, who’s fault it is I am such a creative and unique individual. Oh yeah, and to that person for that thing (yeah, you know who I’m talking about) – that was great.
Last and not least the INFOSEC (especially Tim Smith) and Hacking communities who have made my life a lot more interesting than it would have been if I had become a lawyer.
Jayson Lisa, Christina, and Margaret – thank you for giving me the time and inspiration to write. Mrs. Coffi n, thank you for teaching me brevity.
Kent
xix This page intentionally left blank
H0w t0 R34d Dissecting the Hack: The F0rb1dd3n Network
Both sections of this book tell a single story. The adventures of Bob and Leon are more than just a fun read. They illustrate many very real threats to individuals, businesses, organizations, and even countries. The networked world is so interconnected; many don’t realize how valuable a target they really are. The best and worst of humanity connected with the speed and power of modern technology comes together in a world of our own making that we do not yet understand.
“The F0rb1dd3n Network” tells the story of two kids caught up in an adventure they did not expect. Bob and Leon are most comfortable in a digital world but soon fi nd that digital actions have physical consequences. Throughout their fi ctional story are real-world lessons.
“The Security Threats Are Real” or STAR focuses on those real-world lessons. The hacks and tools in the fi ctional story are very real. STAR provides the details, sources, and references to learn more about the threats, defensive techniques, attacker techniques, and even cool toys of the fi ctional story.
“The F0rb1dd3n Network” can be read by itself as a story. It can also be read as an illustration of the issues described in STAR . Throughout “The F0rb1dd3n Network” , you will fi nd links that point to specifi c references in STAR where you can get more information about key concepts. Or if you read STAR , you will fi nd links to “The F0rb1dd3n Network” where the story illustrates a scenario where very real tools and techniques are applied. Each section leans on the other. How you read them is entirely up to you.
For the more adventurous reader, “The F0rb1dd3n Network” contains “Easter Eggs” as well. Woven throughout are references, hints, phrases, and more that will lead you to signifi cant or trivial insights into hacker culture. Again, STAR will help you fi nd out more about the “Easter Eggs.” But not all the answers are given away. There must be some unsolved mystery to make hacking worth the time.
So read “The F0rb1dd3n Network” as a story. Read STAR as a reference work. Dig for “Easter Eggs” in “The F0rb1dd3n Network” . Or put it all together to learn more about the very real threats of the digital world we all live in.
Dissecting the Hack: “The F0rb1dd3n Network” can happen IRL.
xxi This page intentionally left blank
Author Biographies
Jayson E. Street Jayson is well versed in the 10 domains of Information Systems security defi ned by the International Information Systems Security Certifi cation Con- sortium ([ISC]2). He specializes in intrusion detection response, penetration testing, and auditing. He also has a working knowledge of the implementation and administra- tion of major fi rewalls, vulnerability scanners, and intrusion detection systems.
He has created and conducted security awareness training for a major Internet bank and has created security policies and procedures currently used by several com- panies. He also created and taught a three-day training course on intrusion detec- tion systems for an undisclosed government agency in Washington D.C. He has also created and taught a workshop on ethical pen-testing with Backtrack 3 for ISSA. He also taught a two-day class for Backtrack 4 for ISACA.
His consultation with the FBI and Secret Service on attempted network breaches resulted in the capture and successful prosecution of the criminals involved. In 2007, he consulted with the Secret Service on the Wi-Fi security posture at the White House.
He has also spoken from Belgium to Brazil and at several other colleges and organizations on a variety of Information Security subjects. He has attended XCon 2008 in Beijing, the 25th CCC in Berlin, SYSCAN ‘09 in Shang- hai as well as PH-Neutral 0x7d9 plus; he is a regular attendee at Black Hat and DEFCON. Forbes and Scientifi c American interviewed him regarding his research on the issue of cyber-warfare as it relates to China and their preparedness for an online war. He was an expert witness in two cases involving the RIAA. His declaration was on Slashdot and other Web sites and is currently being taught as source material at a University in Massachusetts.
He is on the SANS GIAC Advisory Board as well as a mentor for SANS. He is also a current member on the board of directors for the Oklahoma INFRAGARD. He is also a Vice President for ISSA OKC and a member of the OSVDB. Jayson is also a longtime member of the SNOsoft research team.
On a humorous note, he was chosen as one of Time’s persons of the year for 2006.
Kent Nabors
Kent Nabors serves as a Vice President of Information Security for a multibillion dollar fi nancial institution. He has signifi cant experience in both the banking and the IT industries. He has worked in bank examinations with the Federal Deposit Insurance Corporation and the Federal Reserve Bank.