Slashdot Mirror
World's Worst Hacker?
An anonymous reader submitted a video clip that allegedly demonstrates a hacker working in a
honeypot.
If you fear for the future security of the internet, this video will set your mind at ease.
← Back to Stories (view on slashdot.org)
That was quick slashdotting..any alternate links?
No its been hacked.
That was quick slashdotting..any alternate links?
Here's the YouTube video I watched on his site while it was in Firehose.
My work here is dung.
In a thousand years, with a thousand more keyboards. But maybe he will produce all of Shakespeare's sonnets first.
Or he could be faking it.
Fight Spammers!
I think what we see here (and I am being serious) is outsourcing at work. He downloads tools from a subnet in Pakistan, likely homebase.
Just like anything from software development to customer service is being offshored to lowest bidder and services being performed by people without appropriate skills, simply because they are cheap. Same thing here - mass hacking is a business, and it is being outsourced to cheap unskilled labor. Look at this and laugh - then realize, this is the kind of quality of production that modern legitimate businesses rely on every day. Scary, ain't it?
Can somebody please explain me what he is trying to do? i just watched some wgets which downloaded some .tar.gz files and that perl is not installed so he couldn't run some scripts. that's it? or do i missed something?
Slashdot ya no es que lo era!
The best part was when he/she downloaded a copy of win2ksp3.exe.
I might have to wait until later to view this. There are, like, 14 people on youtube right now and they have faster connections than I do.
This is clearly the hacker's revenge. He couldn't toss in an exploit using the script-kiddiness, so he's DDOSing the site instead.
For those who are getting a slashdotted server, here is the video.
"- What's so unpleasant about being drunk?"
"- You ask a glass of water."[from h2g2]
http://xkcd.com/606/
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Hey, let's try to CD into all kinds of directories that don't exist.
# /var/spool>cd /spool /var/spool>cd /samba /var/spool>cd /a /var/spool>cd /var /var>cd /spool /var>cd spool /var/spool>copy/pasted commands to download random tarball /var/spool>more failure to cd
No such file or directory
#
No such file or directory
#
No such file or directory
#
#
No such file or directory
#
#
#
#/var/spool>sudo aptitude ruby and stuff
sudo: command not found
#/var/spool>wget path/to/win2ksp3.exe
That's it, basically. If you can use telnet, telnet into 94.255.168.108 and it plays an animated text version of it all.
SSC
First I just thought "well, not everyone is a super smart irrelevant cubicle IT support geek" and shrugged at the point that was trying to be made - which, I guess, is something along the lines of "it's really this easy to break in to some systems, and it's great to laugh at people who.. err.. manage it, because not everyone knows what to do next."
Then I saw them downloading W2Ksp3, and realised that the whole thing is just a bit of sensationalism to get pageviews. The hacker is as genuine as the honeypot.
It's Portal's credit song http://www.google.com/search?q=portal+still+alive
I think watching the "Tracer T" video from NextGenHacker101 will also set your mind at ease about the future of hackers. http://www.youtube.com/watch?v=SXmv8quf_xM
Beware of the Redittor who loans you a Sharpie.
> What is it?
Unnecessary, as with all background music in amateur videos.
Why do kids these days have such problems with absence of noise?
HINT: I came to watch the video, not to inflict your choice of "kewl music" upon myself.
This is called "how the Internet was meant to work" with end-to-end connection between the client and the provider, not with a centralized advertising agency.
The linked site is down, so here it is on youtube
Help find a cure for cancer. Join the [H]orde
This reminds me of Bill Cheswick's paper "An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied," from the 1992 Winter USENIX Conference. (Paper is available directly from Mr. Cheswick's site here as a postscript file).
In it, he toys with an intruder for a number of days. He pretends the system has actually been hacked, gives up bogus password files, and manually pretends to be a particularly slow machine with a lot of easy holes in it. It's a well-written, excellent piece of writing. I recommend it to anyone who enjoyed this video.
Try this one:
Next Gen Hacker 101 - How to view someone's IP address going to Google
Oh that was painful. Did anyone here actually finish that video?
On Good old Youtube: http://www.youtube.com/watch?v=oJagxe-Gvpw
if perl was installed (as it is on almost every linux system these days) his scripts would have run.
First rule of information security: Never run anything you don't need to. If at all possible, don't even install it. Who cares about an exploit in ${PACKAGE} when you haven't got that installed anyway?
Any hacker worth their salt wouldn't be too disappointed that perl wasn't installed. He already had a root prompt and ls showed a .apt directory - there's a good chance apt-get install perl would have got perl in there in about 20 seconds flat.
this guy was simply to follow his cheat sheet and it didn't work. in fact, i see this as a complete failure of the honeypot scenario as it's supposed to provide a fake environment to gather intel. this honeypot does nothing of the sort and seems to be more for entertainment than anything else.
I'm not so sure. We now have a good idea what's on his cheat sheet and - more importantly - have a number of URLs where some potentially interesting scripts may be found. It's possible (though if this is the sort of thing we're dealing with, I'd venture unlikely) that those scripts might provide information about a hitherto unknown local exploit.
please define "metric buttload"
3.28 Imperial butloads.
I guess even in Russia some 'hackers' are better than others:
Additional whois information for 213.248.54.246:
You can't handle the truth.
So, back when I was an undergrad and used to play around on MUDs, my roommate and I wound up talking to a young woman who claimed to be a hacker. She wanted to get together, and asked if she could bring a friend. Figuring we were about to get incredibly laid, we invited her up to the university. Young and dumb, what can I say.
We met her and her friend at a rest stop. We waited for a long time, and were about to leave when an incredibly ramshackle old sedan rolled up, with its muffler clanking and rattling, its headlights flickering, and great clouds of blue smoke trailing out behind. A beautiful girl leapt out of the car, followed by her friend: a very tall, very skinny punker dude.
Our spirits were crushed, but being polite computer science students, we couldn't figure out how to get rid of them. They didn't have enough gasoline to get home, but they DID have booze. So we went back to the university.
Immediately they wanted to "hack a computer", and marched to the computer lab, which was still open. This was where we talked on the MUD. There was no talking them out of it. Trailing behind them, wondering what on earth they thought they were going to be able to do from a computer lab, we somberly shuffled along.
On seeing a computer, the girl leapt into action! jumping into the seat, she said "I'm gonna hack this bitch!" and her boyfriend perched on the back of her seat to egg her on. I said something like "hey, look, don't do anything that'll get anyone in trouble, ok?" and she said something like "don't worry, I'm leet, nobody's ever going to know I was here!" This did not soothe my fears. I was about to say something else when she got a DOS prompt, and started typing in random passwords.
> God
> File not found. (I don't remember the exact words)
> Sex
> File not found.
(This went on for a long time.)
My roommate and I chatted quietly a few feet away, greatly relieved. We admitted our suspicion that this person did not, in fact, know anything about computers, or possibly anything else. To our enormous relief, the person appeared to be harmless. Also, it was becoming clear that neither one of us were going to get any. We wondered what we should do. We didn't want to be rude.
Suddenly, I had a thought. "Let's get her into the MUD!" My roommate thought that was an excellent idea, so we said "Hey, somebody wrote this path on a piece of paper over there... Maybe it'll get you in!" She tried it, and was allowed to log into the MUD. She yelled out in triumph! She was invincible!
She played happily on the MUD for about a half hour, with her boyfriend proudly telling us how "leet" she's always been, and then we went back to our room. We let them crash on the suite couch, and they were gone in the morning.
I wonder how many "hackers" are like this? Just trying stuff they saw on TV, with no understanding of what's actually going on?
Anyway, she was gorgeous, so I think we can be forgiven for indulging her a bit. She was about 5'5, with pale skin, medium brown long straight hair down to her hips, and a mix of hippie and punk clothes. Such an appealing woman... Not really connected to reality, exactly, but definitely not boring.
Thus spake the master programmer:
"When the program is being tested, it is too late to make design changes." (Tao)