Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Hacking

Posted by timothy on from the prepare-for-cranky-anecdotes dept.

Wrighter the Pessimist writes: "In this article on Yahoo, they report that computer hacking has become easier, partially because of devices that have built-in computers, like printers and playstations. However, it also lists a number of 'ordinary' (obsolete?) methods of 'hacking' - such as gaining physical access to a corporate computer, and social engineering. It would be interesting to see a study done on this, to see how many attacks are actually carried out from such devices." The article touches on the Dreamcast Attack mentioned the other day, but also some slightly less bulky approaches. Be on the lookout for dark-clad intruders slipping CD-Rs into machines at your workplace ...

4 of 175 comments (clear)

  1. Obsolete? by BurritoWarrior · · Score: 5, Informative

    They day social engineering is obsolete is the day there are no more humans and computers rule the world.

    As long as there are people, social engineering will work wonderfully.

  2. Stealing Secrets 101 by MosesJones · · Score: 5, Insightful


    If doing this for a living rather than being a sad muppet who thinks its "cool" (Snowboarding is cool, Skydiving is cool, hacking IIS is not cool).

    1) Buy people, rival firm has a product you need to sabotage... well hire their best brains so it turns out shit... and you get the product as well.

    2) Have a clipboard, 99% of companies and people in those companies will not query a suit with a clipboard. This gives you the ability to walk into any areas saying you are doing a "Time and motion" study for the new Quality Iniative. Or do an "assets" audit and take away servers for "verification" that aren't on the "official register".

    3) Buy the people

    4) Have someone join as a graduate, or even as a more senior person. Sure it violates their contract, but just pay them the cash.

    5) Supply the network upgrade at low low prices via a subsiduary, then ensure they can be "remotely administered as part of the outsourcing and support deal".

    6) Buy the people

    7) Walk into PC support, ask for a backup of your server from date X put onto new server Y. Or even better just get the required files burnt onto CD. Sure you have to fake the paper work, but that isn't hard.

    All of these will be more effective than hiring script kiddies.

    WARNING: Do not try the above at a military base, unless you want to get shot, corporations will normally just have you prosecuted.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  3. The article's a bit late by bsharitt · · Score: 5, Funny

    I wish I would have know you could have used a Dreamcast, CD, or iPAQ to get access to a network. They caught me when when I tried to sneak my main frame in.

  4. Printer trojans by Restil · · Score: 5, Interesting

    At first I took the notion with apprehension. But then I recalled, there was a time when we told people "You can't get a virus in a document file", "You can't get a virus from your email message" But even back in the day, you could cause extensive damage to your dos machine just by typing a text file with malicious ansi codes. Microsoft and others who have opted for the "feature rich" approach to dynamic documents have created more security problems than convienences.

    Postscript is a pretty powerful programming language, and most printers today have it embedded. While I don't think it has TCP/IP capability yet, it wouldn't surprise me if someone doesn't find a stupid reason to implement at feature into the printer language, or even something that allows more low level control of the printer hardware could be used to gain access to the network. Remember people, it doesn't have to be easy. Virus/Trojan writers pride themselves on invading the bold new frontier. Don't get complacent.

    As more appliances get network connectivity and more flexible embedded processors and operating systems, they'll all be subject to the same concerns. I'm already addressing some of these issues with my simple home automation projects. The computer I use to control things is isolated from the rest of the network other than the single open port for commands. Despite the security I might have implemented on my network, I can't assume that the network is always safe. And while right now I only have lamps and sprinklers on this system, when more complex (and potentially dangerous) appliances get added, a comprised system becomes a serious liability.

    -Restil

    --
    Play with my webcams and lights here