[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Autopsy of a successful intrusion (well, two actually)
From:       Floydman <floydian_99 () yahoo ! com>
Date:       2001-08-31 8:14:25
[Download RAW message or body]

Autopsy of a successful intrusion (well, two actually)
By Floydman
Computer Security consultant, Bachelor in Computer
Sciences and amateur researcher
floydian_99@yahoo.com
August 30th, 2001

You can distribute this document freely, as long as no
changes are made to the file, or as long as credit for
it is not pretended by someone else.  All comments and
suggestions about the material presented here should
be directed at floydian_99@yahoo.com.  If future
versions of this document include add-ons coming from
other people than me, then proper credit to the
various authors will be clearly identified.  All
version updates of this document are to be released by
me.

You can find it online at
http://www.geocities.com/floydian_99/

Abstract

This paper consists of the recollection and analysis
of two network intrusion that I have performed as part
of my duties as a computer security consultant.  The
name of the company I worked, as well as their
customers that I hacked into, will remain anonymous
for obvious reasons.  The goal of this paper is to
show real life cases of what computer security looks
like in the wild, in corporate environments.  I will
try to outline the principal reasons why these
intrusions were successful, and why this kind of
performance could be achieved by almost anybody,
putting whole networks at risks that their owner don't
even begin to realize yet.

Preface

It's been over a year now that I delved into computer
security.  Before that, I was doing computer support
and server admin on various platforms: DOS, OS/2,
Novell, Windows.  I have always been kind of a hack,
but I never realized it until I had enough free time
ahead of me to start studying the hacking scene and
the computer security industry more in depth.  That is
how I started writing whitepapers, and that I was
eventually invited to a conference to present some of
my work.  But I didn't want to have problems with the
law, and I was short on ressources (money, boxes,
bandwidth), so I limited myself to keeping tracks of
new vulnerabilities and understanding how they worked
without actually having the opportunity to try them on
a real machine.  So when I got this job and they asked
me to try to hack these networks, I was really anxious
at what I could really do.  After all, I can't be
worse than a script kiddie, can I?

Targeted audience

This document is presented to anyone who has interests
in computer security, network intrusion, hacking,
viruses and Trojan horses, network administration and
computing in general.

Table of contents

1. Introduction
2. Technical background of the hack
3. The first victim
4. The second victim
5. The autopsy of the two hacks
6. Conclusion
Appendix A. Ressources

1. Introduction

What I am about to describe here is the complete story
of two successful network intrusion, where we (quickly
and rather easily) had complete access to everything. 
These two networks are the same kind of networks that
get infected all the time with I Love You, Melissa,
Anna.Kournikova, Sircam only to name a few.  The
people who runs these networks, and the people who own
them, can't keep ahead with plain viruses (for another
sample of this, read "Virus protection in a Microsoft
Windows network, or How to stand a chance"), let alone
with a dedicated intruder that will hopefully be smart
enough to hide his tracks (but even that his not even
to be a requirement soon if it keeps up like that, as
we'll see later).  And these are networks owned by
(apparently) respected big corporations, and were
equiped with firewalls and antivirus software.  And
they still wonder why e-commerce never lifted up to
expectations?


_______________________________________________________
Do You Yahoo!?
Get your free @yahoo.ca address at http://mail.yahoo.ca

[prev in list] [next in list] [prev in thread] [next in thread]