Slashdot Mirror

← Back to Stories (view on slashdot.org)

Turning Attackers' Tools Against Them

Posted by kdawson on from the back-bearings dept.

Tasha26 writes "The BBC has an interesting Web security snippet from the SyScan 2010 security conference in Singapore. In a presentation, security researcher Laurent Oudot released details of bugs found in commonly used attack kits such as Neon, Eleonore, and Sniper. These loopholes could be exploited to get more information about the attackers, perhaps identifying them, stealing their tools and methods, or even following the trail back to their own computer."

22 of 75 comments (clear)

  1. Time for hacker bounty hunter! by maillemaker · · Score: 5, Interesting

    There should be bounties put on these folks spreading this shit.

    --
    A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
    1. Re:Time for hacker bounty hunter! by tnok85 · · Score: 4, Funny
      In a special two hour edition of Dog the Bounty Hunter, Dog gets his first Macbook and hacks his way to take down his target!

      *watches two hours of Dog learning to search for people on FaceBook*

    2. Re:Time for hacker bounty hunter! by Anonymous Coward · · Score: 2, Interesting

      Using a macbook to hack is kinda like using an easy bake oven to cook thanksgiving...

    3. Re:Time for hacker bounty hunter! by betterunixthanunix · · Score: 3, Insightful

      Why? "We connected our mission critical systems to a public communications network, and random people on that network are probing our systems! Waaaaah! Wait, let's probe their systems too!"

      --
      Palm trees and 8
  2. Following the trail back to their own computer by nurb432 · · Score: 2, Insightful

    ..or to the person they are setting up to go to jail...

    --
    ---- Booth was a patriot ----
    1. Re:Following the trail back to their own computer by Anonymous Coward · · Score: 2, Insightful

      ..or to the person they are setting up to go to jail...

      Yes, and the police shouldn't bother following up on physical evidence either since it usually leads to someone who's being set up to go to jail.

    2. Re:Following the trail back to their own computer by dbIII · · Score: 2, Interesting

      Most of these attacks are by the sort of script kiddies that you could confuse by saying "bet you can't hack 127.127.127.127". I've got one machine that will accept ssh from anywhere and it's under almost constant dictionary attack by idiot script kiddies - usually under the username "Administrator" which makes little sense since few very MS systems even have ssh. They don't really have a clue (eg. can't even get in with a password on many ssh systems), they just play with the toys without understanding what they do.
      I've seen a couple of hacked systems, and in both cases it was a long chain of embarrassingly STUPID failures by lazy idiots before the script kiddies got in. The nature of the script kiddy tools actually made it easy to see a lot of what they had done (chattr to prevent deletion of their files), but of course you have to dust off and fdisk from orbit - it's the only way to be sure :)

  3. But did he do "responsible disclosure"... by John+Hasler · · Score: 5, Funny

    ...or did he behave irresponsibly and publish the bugs without giving the vendors time to issue patches?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  4. Ka! Crooks' food-chain by oldhack · · Score: 2, Insightful

    All that cleverness wasted...

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  5. Low hanging fruit by retardpicnic · · Score: 5, Insightful

    Meh... Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review, which is why so many computer viruses never get to trigger or release paylod, the only working part of them is the infection mechanism. Perhaps these vulnerabilities would aid n catching a script kiddie who had downloaded a poorly programmed tool and was dumb enough to launch from his own computer. Nobody with brains would launch from "home", they would use bots, which means the police will be storming an old age home with grandparents still using windows 95. I do applaud looking at hacking tools though, I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software and it was far superior to commercial deployment solutions at the time.

    --
    sig loading.......
    1. Re:Low hanging fruit by DigitAl56K · · Score: 3, Insightful

      Thae fact that there are errors and vulnerabilities in web based tools just means that they were written by programmers who largely don't have peer code review

      The fact that there are errors in these attack suites in particular is probably more because their purpose is to attack others with no expectation that counter-attacks are likely to happen, at least against these tools themselves.

      I workd for a company that used a stripped down, harmless version of the sub7 trojan to deploy software

      Funny you bring that up. Older versions used to have a hard coded master password that could be used to steal Sub7 systems, W32/Leaves took over systems that way.

  6. No Honor Among Thieves by IonOtter · · Score: 4, Insightful

    Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?

    "Did you really think you could use my own spell against me , Potter?" -Severus Snape "HP: THBP"

    --
    [End Of Line]
    1. Re:No Honor Among Thieves by WrongSizeGlass · · Score: 3, Interesting

      Do you really think that the creators of these "tools" aren't going to leave SOME way of getting back into them? To prevent them from being used against their own systems?

      No, of course not ... though they may install a copy of Kaspersky to remove the competition from their latest conquest.

  7. In other news... by nacturation · · Score: 4, Funny

    In other news, researchers learn that script kiddies tend not to be very good software developers.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    1. Re:In other news... by Gadget_Guy · · Score: 5, Insightful

      In other news, researchers learn that script kiddies tend not to be very good software developers.

      Surely the very definition of a script kiddie is someone who doesn't write hacking software, but uses software built by others.

      I think this shows that the hacking community can be a bit arrogant, and they think that hackers won't go after one of their own.

    2. Re:In other news... by RobDude · · Score: 2, Insightful

      Eh, I'm not sure I agree.

      It's one thing to have the ability to find a exploit and take advantage of it. It's an entirely different thing to personally go through all of the code running on your machine and remove all exploits.

  8. Illegal in many jurisdiction by Isao · · Score: 4, Interesting

    This is great intel, no doubt. There's a bit of irony in reporting vulnerabilities in malware - can I get a CVE for that? Counter-attack has a bunch of potential issues, though. The primary one is attack attribution, and the other primary one is that it's not legal in many places (including the United States) to counter-attack your attacker. If you execute code or access a system without the permission of the system-owner, you're in the same crime category as the original miscreant.

    1. Re:Illegal in many jurisdiction by Anonymous Coward · · Score: 2, Insightful

      Not so. Try a "self defense" defense.

      If an attacker originates an attack on you,
      you are welcome to use ENOUGH force to stop it.

      I think a requisite measure of restraint would be
      proven, and any subsequent culpability waived.

  9. drug dealers can't report theft of drugs by circletimessquare · · Score: 3, Insightful

    likewise, what hacker is going to report that someone reverse engineered his hack?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  10. Re:walled garden version for the rest of us? by ArghBlarg · · Score: 4, Insightful

    Haven't they already taken the first step with compulsory driver signing in their 64-bit OSes? I hear there's a registry hack to disable it... for now. But MS would -love- it to be mandatory, they've been laying the foundations since the original "Trusted Computing Platform Alliance" days haven't they? I don't keep up to date on all this stuff so maybe it's not so true anymore.

    --
    ERROR 144 - REBOOT ?
  11. Why not just build in counter-attack tools by Orion+Blastar · · Score: 2, Interesting

    in the OS or have an option of and OS update that includes tools to detect attacks and then counter them.

    I remember having a Fedora 9 Web Server and all kinds of foreign IP addresses tried to crack passwords and guess user names. I read the logs as root showing me failed attempts using some dictionary attack of English/American first names and passwords from a dictionary list. Now I don't use first names but handles and pen names that are hard to guess and run as a user account and only use root when I need to do something.

    A friend of mine told me they will keep trying and cannot be stopped because my Linux server has no defense system to counter attack their hacking attempts and when they send a DoS attack my system does not send one back.

    But I was never able to find such programs for Linux that would counter-attack such things and stopped hosting my web site at home and moved it to a web hosting services and let their admins monitor it 24/7. I recall they used an exploit in Apache 2.X and PHP during Halloween when I was taking my wife and son out for collecting candy. I come back home and found that trolls from Kuro5hin hacked my web server and took control and added insulting and untrue stuff about me. Later on they did the same thing to Net Money Chat that used Scoop like Kuro5hin but the admin fixed it to work with Apache 2.X and mod_perl for Apache 2.0, he submitted the code changes to Rusty, but Rusty never did anything about them. Then the Kuro5hin trolls hacked Net Money Chat and make it so it never served web pages and sabotaged the system so no part of it would work.

    I would like to see such things available or built into Linux and other operating systems or be part of a security update or some free or open source software that can be gotten by people or small businesses that run web sites and need some way to force hackers and attackers to stay away from their web servers or at least collect enough evidence to submit to the FBI or some other group to hunt down the hackers and crackers by generating an ODF or PDF or whatever file that contains copies of the logs and a list of IP addresses doing the hacking and cracking attempts and attacks and then lists what they did. If needed a court can examine the Linux logs to see the whole history if they want to as well.

    --
    Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
  12. The presentation: well hidden by GeneralSunTzu · · Score: 2, Informative

    This is to save the energies of the various suckers, who, like me, wanted to read either the presentation (will do even Powerpoint, if really really desperate) or the notes or whatever he had.
    These conferences, unlike BlackHat® conferences, seem to publish zilch, and on his company web site there is nothing, in any language, except for a news item in Inspector Clouseau's English (Pink Panther, remember?) on this same matter, hardly more informative that the OP comment.
    To shake him, please e-mail him in any language, asking him to publish his presentation.
    I am confident that by the 3.000.000th e-mail, he might get it...
    Am going to mail him in idiomatic, begging, French to begin with.

    --
    The Force actually is with me.