Slashdot Mirror
Attack Of The Dreamcasts
kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."
from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?
#include <sig.h>
They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)
Is when someone hacks an iPod to do this. You could hide it in a wall and have an IEEE-1394 to 10base-T adapter with a cat-5 cable right into a patch panel in the wiring closet labeled D-103...
Someone strolls into the office, notices a dreambox in the corner... and they say "Hmmm, that is normal, I'll just ignore that"... hehe
More likely that they would say "Cool, lets see what game is in it!"
"CPU's Don't make mistakes....They just miss a few cycles sometimes..."
so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.
With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.
Been to Pirate Training School?
Replacing 'our' with 'are' is a very common pirate thing to do. Of course, even that was slightly misspelled since 'arr' is the most correct usage, matey...
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
"availability of an Ethernet adaptor"?
You almost have to kill someone to get a network adaptor for the Dreamcast. I'm not even sure they're being manufactured anymore (I wouldn't think so), but there are a few on eBay; the cheapest one is $60.
Besides, as other posters have mentioned, a Dreamcast doesn't exactly look inconspicuous to me, especially if some person I don't recognise is carrying one around in my building.
WMBC freeform/independent online radio.
Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.
I want my rights back. I was actually using them when our government stole them after 9/11.
for those of you w/real reasons to be concerned- would be that if these guys have thought of this - who else already has something much better in a nice small, concealable package.
And then think about how many businesses don't even come close to providing physical security to all the ports that connect to their network. Sure the computer room is locked- but how many cleaning people are in the offices at night? Usually if you worry about them at all- it would be that they steal, not leave something behind.
I had to do some work once at a call center for a client of ours. A large credit card company.
I pulled up to their building but it was this big glass box and I wasn't sure where the entrance was. I just walked around until I found a door. It was open and their were people standing around smoking. So I walked in. I was in the back by the break room.
I wandered around in there for 10 minutes or so until I found the front desk. When I walked into the lobby from inside the building and asked for the guy I was supposed to meet she was pretty freaked out. They brought up security people and asked how I got in, etc.
I hope my credit card company isn't that easy to get into. But I'd be surprised if its much more secure. I wouldn't be surprised it it is less secure.
Something to think about.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
... so I just popped in NFL2K2 and showed the hacker who was boss!!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
All those girl ninjas running around stealthily tucking Dreamcasts under their arms - They weren't trying to steal them. They were trying to deploy them!
Now I understand the tagline... It's thinking...
"Mod, mod, mod...and another troll bites the dust."
We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.
Of course, they didn't fix the basic problem or find our little friend. For all I know it's still running up above the 'ol drop ceiling -- we were to chicken to try and retrieve it. Of course, this was a private school, so the real joke was on us (the clue -- consultants were being paid for by our own stupid selves).
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."
:>
I laughed out loud when I read this.
"Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
I would think much in the same way, a Dreamcast running linux can be used to seriously injure a person, but sneaking up on them and hitting them over the head with it, repeatedly. Of course that's not newsworthy, unless it's a Dreamcast running linux.
sic transit gloria mundi
Near where I live there is this giant uber arcard called Playdium. Instead of using coins or tokens in the machines to get credits you swipe a little plastig card with a barcode on it through a reader. This reader in turn is hooked up to a solid-state machine running MSDOS which then contacts a MS SQL server to see if their is enough credit on the card and if there is it sends an authorization to the machine.
:)
One day we decided that we wanted to get free video games. After scoping the place out we discovered that all the 10baseT ports that the video games plugged into were in fact patched into a 3com 3300 switch and were active. The network designers I guess figured it would be easier to activate all the ports instead of making some video game tech figure out how to patch stuff in.
We brought in a laptop with a long cat5 cable and looked for a place to plug it in where we wouldn't be noticed. Jurassic Park 3 has this little thing you sit in a close the blinds so the ambient light would stay out. It would do nicely.
We watching what we could with different packet sniffers (we were also very paranoid of getting busted) and were able to bring up the Switches web management system. We discovered that the video games use DHCP to get an address in the 10.10.x.x subnet and the video games also seem to contact a master server for configuration information. ie. How much does this game cost. By this time we had been sitting in Jurassic Park 3 for 2 hours and were getting REALLY paranoid. So we decided to try something malicious. We arp-spoofed/flooded everything we could see. An interesting thing happened. When the game control units can no longer talk to their master server, they go into 'free' mode. I guess this is in case there is a network failure. They'd rather lose a bit of money than piss of 100s of people. While our little program ran, every game in the place became free. So I thought to myself, why not just unplug the Cat5 cable for a game to make it free. That doesn't seem to work. I think this is because it needs to detect a link before it will go to free mode. Anyhoo, I guess the moral of this story is to have some kind of port security on your network ports in your business. or something
to just burn a CDR that boots Linux and does all the same stuff on a PC with any of the top X ethernet cards? Set it up to stubbornly ignore all keyboard input and never display anything on the screen. Write "coaster" on it with a black magic marker, drop it in some currently unused PC and hit power/reset and haul ass. Do it at 4:50 PM on a Friday and you'll probably have to 9:00 AM on monday to own some other box on a more permanent basis.
Hell, you might be able to modify a tomsrtbt to do this and wipe (or dd if=/dev/zero of=/dev/fd0; dd if=/dev/urandom of=/dev/fd0) the diskette once the ramdisk is loaded.
IOW, this whole thing strikes me as more of a "stunt" than a "hack."
-Peter
If you mod the box into something black with LEDs, it might not look so out of place. Especially if you tape a while piece of paper with "67...2 Router:Smurphy" to the top (well not look out of place to the peons, anyway). Everyone will be afraid to touch it.
Take a look at the Dallas Semiconductor TINI. It's a Java runtime environment on a 72-pin SIMM, complete with ethernet, serial, I2C, parallel IO, battery up to 1 meg of NVRAM, filesystem emulated in RAM, etc, etc. You can write web or ftp services for it in a few lines of Java, thanks to the supplied classes. You develop your Java code on your PC, compile it to Java bytecode, and then FTP it up to the little TINI device. My description is not doing this hardware justice, so I'll leave some links below.
Anyways, my point is this type of device is probably easier to program than a Linux Dreamcast. It may or may not be cheaper (sub-$100). And it's a lot easier to hide, if that's the goal. I've programmed a handful of hobby projects with this board, and it's really quite amazing for the price. (Compared to trying to implement an TCP/IP stack on a PIC microcontroller, say.)
TINI hardware
TINI
TINI board resource center
more resources
DalSemi discussions
If we assume for a moment that if you can get into the faciity undetected and place a device on the network, that it's not game over already......
why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.
Well, there's the extra humiliation factor... Imagine a bunch of IT boys from different corps going out for a beer:
BOFH1: Yeah, I got 0wn3d today by a massive distributed DOS attack from thousands of zombie machines across the 'net.
BOFH2: Ha! That's nothing. I got r00t3D when someone compromised the latest openSSH source. That woz pretty elite.
BOFH3: (mumble mumble)
BOFH2: What was that?
BOFH3: [sobbing] An iPAQ! I got H4x0r3D by a fucking iPAQ, okay? Are you happy now?
BOFH1: What a l00zer.
BOFH2: Good grief.
Check out the SPINACH project at Stanford: http://mosquitonet.stanford.edu/publications/spina ch.html
It's designed to precisely address this issue by limiting network access from hosts whose Hardware Ethernet addresses are unknown to the local subnet only (not past the router) until it is authenticated (by some password or other scheme). Thus, if you put a Dreamcast on a SPINACH network, it could only reach hosts on the immediate subnet, unless you spoofed the MAC address or something...
There's 10 types of people in this world, those who understand binary and those who don't.