Slashdot Mirror
FBI Agent Talks Crime, Macs
hype7 writes "There's an article at SecurityFocus describing a visit an FBI agent to Washington University. His visit was ostensibly about computer security and the general public's complete lack of any idea on computer security whatsoever: 'I have spent a considerable amount in the computer underground and have seen many ways in which clever individuals trick unsuspecting users. I don't think most people have a clue just how bad things are.' His talk ranged from some of the pranks he's seen played on unsuspecting users, to Eastern European extortion of big banks." WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' Another good quote: 'If you're a bad guy and you want to frustrate law enforcement, use a Mac.'"
More good quotes:
"If you're a glutton for punishment type of guy and you want to frustrate yourself, use a Windows based PC."
"If you're a script kiddie and you want to get caught, use a Windows based PC."
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Hmm. Not *precisely* the kind of publicity the Mac folks were probably looking for, but with their marketshare almost any publicity is good publicity. I just think it's cool that all the FBI Infosec guys are on OS X. Makes me feel good about my migration to the platform as well (as soon as Apple posts the much-awaited G5 price adjustment).
I don't quite understand how people are good at mining data off of *nix but not off of a Mac though -- that part didn't make too much sense. I find it hard to believe that the people they were referring to were on OS9, and if they were on OSX then the boxes basically *are* *nix machines...
dmiessler.com -- grep understanding knowledge
I am not really surprised that the FBI security guys use OS X boxes. Years ago I remember another government agency with a three letter acronym that used NeXT boxes it seemed almost exclusively from the situation rooms right down to the secretaries (at least in Langley).
Visit Jonesblog and say hello.
Steve Jobs is smarter than Bill Gates. Not only is he giving discounted hardware and software to educational institutions k12 on up, he's found another entrance vector through which to enhance the brainwashing - send in an Agent with a "Macs are more secure, too" line.
Shoulda taken the blue pill.
I guess that explains why they use Macs in Hackers.
Buckethead
I can see the headline on drudge now, "Terrorists Prefer Apple"
It's always been my experience that the guys are hot on Windows, pretty good on *nix, but very very few know anything about Macs -- my guess because of their law enforcement background, where they used and were trained on PCs.
A predominant amount of their work seems to be recreating or capturing MS Outlook mailboxes (looking for the smoking guns). They aren't as cluey on Eudora (presumably because most corporate enterprises don't use it).
Small market share means that the majority of people focus on the system(s) that form the majority of OS/apps used -- a trait which appears to extend to law enforcement and makers of forensic programs. But the really good professionals are always interested in asking "so just how does this work on a mac" and discussing the similarities/differences...
They're only secure because, with such a minimal share, nobody cares about breaking into one.
Bullshit. Market share has nothing to do with it. There's at least as many Apache-based servers out there as IIS, but there are like 2 Apache worms.
And frankly, there are enough Mac-haters around that surely some would like to take Apple down a peg via a virus or some sort of exploit in OS X. How come it's never happened? How come in three years there hasn't been a single OS X virus discovered?
Apple have had several fixes just in the last few months fixing remote root access vulnerabilities.
Yeah, and the difference is, they were found and fixed without being maliciously exploited. Most of them were very unlikely to be exploited anyway, or were found in services that were off by default. The last one I heard about would allow a brand new machine to get owned if a rogue DHCP server happened to be sitting on the LAN. Yeah, that's likely to happen.
Contrast this with Windows, where shit is wide open by default, and the first anyone hears about a hole is usually when it has already brought the internet to a crawl. Not that patches for exploits do any good when people don't apply them-- I just took a look in my firewall logs, and I'm still getting Nimda and Code Red infection attempts.
But how many of the holes were nt for services that come disabled by default? How many Mail.app exploits? How many required physical access to the computer to exploit?
One of the nice things about the Mac is that most of the services are shipped off by default - like SSHD. So even if a hole is discovered in a service, not EVERYONE is going to be vulnerable by default without taking specific action.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In theory you are right, the vunerabilitys in Outlook could apply to any Unix mail client. In practice they don't though. All unix mailers that I know of (pine, mutt, kmail, and so on) do not by default run programs they get from email. You might be able to configure kmail to do so, but it isn't the default. I'm sure that some mailers considered it, but once outlook got exploited a few times they re-considered. (I have no idea why Microsoft still hasn't).
If that isn't enough for you, most unix systems allow the sysadmin to prevent the user from running arbitary programs. If the sysadmin didn't install it you can't run it, (just mount /home and /tmp with -noexec) after which time you just make sure that the installed mail clients don't allow scripts. Okay, it is slightly more complex than that, but a good sysadmin can deal with it. AFAIK, Windows doesn't have this ability so an admin can't lock things down this way.
... to that PC World bonehead who wrote an article about OS X being "just as insecure as Windows" because somebody discovered a remote exploit (where "remote" meant "on the same lan as your machine").
I don't recall his name, but I remember the sensationalist tone of his article, the minimal facts, and the gloating that Windows was no longer alone in being vulnerable. It's probably asking a bit much for him to read the article without his "I Love Windows Blindly" hat on, but maybe he (and others whose love of bashing the Mac seems to exceed anyone else's love of anything, including the so-called "Mac zealots") might be begin to accept reality.
is that they are technologically impaired halfwits. If they would accually take the time to hire *real* computer experts, maybe they would have a little bit more success in stopping something.
In the past, I could send them detailed logs, including TCP dumps, of people controlling DDOS networks, threatening people, bragging about committing DDOS. And nothing would happen. More recently, a friend of mine had serious threats to her and her child from a stalker - who authorities proceeded to track to Atlanta. But they seemed to miss the fact that he was repeatedly coming from a dialup IP address in Toronto.
Law enforcement on the internet needs to be put into the hands of a capable multinational group with laws that are defined to cross boarders. Until then, DDOS kiddies will still be running around quite loudly proclaiming their existance.
.
Time to strike up the drumbeat:
1. Windows defaults to let users run as root. Neither Mac OS X nor Linux do that.
2. (already noted) Macs ship with most ports shut down.
3. BSD has been combed over for years, and many eyes have searched for vulnerabilities. A lot have already been solved. Nobody can look at Windows code.
4. Macs have fewer application vulnerabilities (because unlike Windows, most applications can't make root system calls and run programs as root (for example, MS Outlook).
Sorry to be repetitive.
I'm a senior admin with a big company, specializing in Windows based systems. My day to day PC is a 15" Powerbook. I can use the Microsoft RDP client to log into any of the Win servers, SSH to log into the Unix stuff and can pretty much do my job with no hiccups or workarounds. The only exception is that Entourage has weak MS Exchange support, so I'm typically using webmail. With Fink installed I have basic tools like nmap and ethereal at my disposal. My only real gripe is that Apple and Broadcam don't open up access to the network hardware.. Being able to put my NICs into promiscuous mode would be a big help. There's a workaround - I could get an Orinoco or Aironet PCMCIA card.. but I'd prefer to use the integrated hardware.
As far as Linux distros go, Yellow Dog Linux runs very nicely on most older Macs.. but as of yet there is no support for the Radeon 9600 in my book. Text is fine for most stuff but I'd love to run KDE or Gnome in Yellow Dog.
Anyway, I think Apple's got a real opportunity. The Virginia Tech cluster shows their potential and this article is good PR, despite the "frustrate law enforcement" comment. Seeing a room full of Powerbooks at NASA was pretty cool, too.
I love how people always seem to think that there are fewer vulnerabilities simply because the mac has a much smaller market share. Sure, it makes sense unless you're actually paying attention. Yes, Apple has had to issue some security updates recently. No, Mac OS X is not perfect. But it beats the hell out of operating systems that ship with holes so big you can drive a truck through with room to spare.
The first thing you have to do when you install the OS is create a user account and a new password. Macs ship with most services disabled by default, and they've got a point-and-click firewall that can be enabled in a matter of seconds. Macs are not secure because no one uses them. They are secure because they do not make the same common mistakes that Microsoft seems to do constantly. They're secure because you don't hear about huge break-ins, loss of data, or life-threatening situations caused by failed security systems. And they're secure because the folks that depend most upon security seem to turn their head more and more these days towards that odd fruit on the other side of the fence. The fact that Apple has issued patches recently is not a red flag. Everyone has to patch their OS. It would be a red flag if they hadn't patched it in a timely manner, like some others that we always seem to hear about.
Of course, they're expensive as all hell, and their isn't enough software for them, but that's another story. ;-)
Sorry, what consolation prize do we have for our departing guest?
m l
Honestly, the security by obscurity thing has been disproven so many times, in so many ways for Mac OS X that I find it impossible that you're unaware. Granted, Mac OS X has security issues patches, but don't make me get into the horrid falacy: "macs are just as insecure as any other OS." They are, by design, far more secure. The exploits possible on a PC are not possible on a Mac due to Outlook, IE, messenger services, etc.
Seriously. Thanks for a good laugh. In case you're missing out on the needed information, here it is. This article sums it up very well.
http://www.theregister.co.uk/content/4/34554.ht
"Politicians find new names for institutions which under old names have become odious to the people."
"If you're a bad guy and you want to frustrate law enforcement, use a Mac."
Nice try Mr. FBI man! This is just a thinly veiled plot!
1) Tell public to use FBI to foil law enforcement.
2) ???
3) Profi^WProsecute!
Someone hand me my tinfoil hat, I'm off to search for nsa_key in Darwin.
~Dalcius
Rome wasn't burnt in a day.
Back when I was a youngster and I did things that were in a legal "gray area", I almost always used a Mac. FWB's Hard Disk Toolkit included transparent HD encryption.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
"...I was trying to plan simultaneous suicide explosions in separate third world countries using the advanced CAJ (Computer-Aided Jihad) program that comes standard with Windows XP, when all of a sudden the computer was like, beep-beep-beep-beep-beep, and I was like, what in Allah is this? And I lost all the plans. It was going to be a really good terrorist strike too! Now I use a Mac. Apple: bringing you the user-friendly tools you need to exterminate all Jews and Crusaders!"
from post: "WeakGeek added, "FBI security guys are using Macs because, 'those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box.' "
from article: "many of the computer security folks back at FBI HQ use Macs running OS X, since those machines can do just about anything: run software for Mac, Unix, or Windows, using either a GUI or the command line. And they're secure out of the box."
The post quote implies that all FBI computer security agents, or at least the majority, use Macs. The second quote, from the actual article, implies that only some unspecified number of FBI computer secuirty agents use Macs. Please don't butcher wuotes to mislead.
Vote for Pedro
apple has been doing unix since 1996, NeXT has been doing it since 1988.
Apple has also been doing unix since 1987 (if I have my years correct) with it's first release of A/UX, a product they supported for almost 10 years afterwards, and through three versions. If that's counted along with their work on NeXTSTEP->OSX, then that's 17 straight years of UNIX experience within the company.
Also don't forget Apache runs on multiple platforms and when made from source, might have countless build variationst. That alone makes many exploits much, much harder to pull off since even if you do manage to overflow a buffer, you can't count on the memory layout being the same.
It's not too unlike how genetic variation limits the spread of real viruses.
Quick! - what's the FBI's number -- I found them in my very own company! -- I always knew the graphics department were up to no good -- dressing above their income in those european clothes - and insisting on only using Macs - and I've seen them, caught them! making websites!
I'd tell the server guys but they use Linux so you can't trust them not to 0wn your box...
In-fact they could be watching what I'm typing right now... AHHH... one's walking over this way...
[good - I hid under my desk and he seems to have gone away... I think I'll make a break for it]
If this message gets through the web of proxies set to trap and stop my messages... send help..
Well, to actually implement a semi-global keylogger in OS X is trivial. You simply put an appropriate .bundle in ~/Library/InputManagers . No root required. Every subsequent program opened will (attempt) to link and run this code. Since .bundles can be versioned, you can even make a platform-specific version.
:)
But then, it's not hard on Windows either.
The trick is in somehow getting the user to install it (usually by running a helper program). In this, OS X mail clients are extremely uncooperative. Pretty much every mail client (including Mail.app), is very clear about what you are getting (and doesn't hide extensions, that's a big one!). Further, when you try and take an attachment it gives you a clear warning of what you are about to do, and makes the default action to save.
So, you don't need root to do it, but fooling your users (especially without some kind of macro in the mail) is much harder on the mac side, because the users get more prompting on the proper response to untrusted email attachments.
It's amazing how far a dialog box will go, eh?
Slashdot. It's Not For Common Sense
You might want to check out this nice UNIX family tree..
You can easily see who's related to who. I might note that Solaris is much further from what we modernly call BSD than some of the others you named. I won't speak of IRIX, but AIX is a weird kind of BSD variant, as is HPUX. OSX is very very close to FreeBSD.
Slashdot. It's Not For Common Sense
The rest of the *NIX development world would be much nicer if they adopted a similar scheme.
Standard shared object libraries in OS X are just that, and are subject to all the pitfalls normally found... ohh.. except one. Since Apple uses a two-level namespace scheme, you see name collisions less. Oh, and they do prebinding very aggressively.
It's pretty much a superior setup to the average linux world. But then, we paid for something besides just iCandy, right?
Show me a reason why OS X should have ldd when the superior otool exists. C'mon! To make you feel more comfortable? To make you feel more loved?
Dude, if you're a developer doing cross platform development, then turn around and complain how annoyed you were at not finding ldd, discontinue cross-platform development. If you can't even be bothered to check the unix rosetta stone for something that simple, then you're not the kind of battle-hardened, talented person that is required to do real cross-platform development.
Perhaps you were just porting? Still no sympathy. Learn your target platform. It's not even like it's hard anymore! You have libtool, autoconf and automake these days. Cross platform development is actually feasible these days, albeit difficult!
Even with services running, it's harder to break into a mac. Apple's security update scheme is extremely aggressive. This is especially true when dealing with holes in trusted services like SSH and Apache.Slashdot. It's Not For Common Sense