Slashdot Mirror
World's Worst Hacker?
An anonymous reader submitted a video clip that allegedly demonstrates a hacker working in a
honeypot.
If you fear for the future security of the internet, this video will set your mind at ease.
← Back to Stories (view on slashdot.org)
That was quick slashdotting..any alternate links?
No its been hacked.
That was quick slashdotting..any alternate links?
Here's the YouTube video I watched on his site while it was in Firehose.
My work here is dung.
I think what we see here (and I am being serious) is outsourcing at work. He downloads tools from a subnet in Pakistan, likely homebase.
Just like anything from software development to customer service is being offshored to lowest bidder and services being performed by people without appropriate skills, simply because they are cheap. Same thing here - mass hacking is a business, and it is being outsourced to cheap unskilled labor. Look at this and laugh - then realize, this is the kind of quality of production that modern legitimate businesses rely on every day. Scary, ain't it?
The best part was when he/she downloaded a copy of win2ksp3.exe.
I saw this last week. There were all kinds of hilarious inabilities to properly change directories or find scripts, which is why he kept downloading the same crap over and over again. Just for fun, my boss here (at a well-known company that makes security products involving pigs) fetched some of the files that the kid was trying to use. Half of the scripts were just fucking awful, such as hard-coding repetitive actions rather than using loops. The so-called "hacker" also left clues to his identity all over the crappy "sploits", too.
I honestly have a hard time believing the douchebag in the video was able to get a shell, even on a honeypot, and then fail to be able to change directories. However, the kits he was fetching were also so terrible I don't think that even if this hadn't been a honeypot he'd ever have gotten any local privilege escalations anyway.
Short version: He doesn't understand that tar -xzf uncompresses into the current working directory, and gets completely lost in terms of where he puts things.
He probably has a sheet of commands to copy/paste from and has little clue about how they actually work.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
For those who are getting a slashdotted server, here is the video.
"- What's so unpleasant about being drunk?"
"- You ask a glass of water."[from h2g2]
http://xkcd.com/606/
I've had enough abrasive sigs. Kittens are cute and fuzzy.
First I just thought "well, not everyone is a super smart irrelevant cubicle IT support geek" and shrugged at the point that was trying to be made - which, I guess, is something along the lines of "it's really this easy to break in to some systems, and it's great to laugh at people who.. err.. manage it, because not everyone knows what to do next."
Then I saw them downloading W2Ksp3, and realised that the whole thing is just a bit of sensationalism to get pageviews. The hacker is as genuine as the honeypot.
I think watching the "Tracer T" video from NextGenHacker101 will also set your mind at ease about the future of hackers. http://www.youtube.com/watch?v=SXmv8quf_xM
Beware of the Redittor who loans you a Sharpie.
> What is it?
Unnecessary, as with all background music in amateur videos.
Why do kids these days have such problems with absence of noise?
HINT: I came to watch the video, not to inflict your choice of "kewl music" upon myself.
And he doesn't seem to know about 'ls'. If I was sitting next to this guy, I would mash his head on the keyboard.
This is called "how the Internet was meant to work" with end-to-end connection between the client and the provider, not with a centralized advertising agency.
The linked site is down, so here it is on youtube
Help find a cure for cancer. Join the [H]orde
if perl was installed (as it is on almost every linux system these days) his scripts would have run.
First rule of information security: Never run anything you don't need to. If at all possible, don't even install it. Who cares about an exploit in ${PACKAGE} when you haven't got that installed anyway?
Any hacker worth their salt wouldn't be too disappointed that perl wasn't installed. He already had a root prompt and ls showed a .apt directory - there's a good chance apt-get install perl would have got perl in there in about 20 seconds flat.
this guy was simply to follow his cheat sheet and it didn't work. in fact, i see this as a complete failure of the honeypot scenario as it's supposed to provide a fake environment to gather intel. this honeypot does nothing of the sort and seems to be more for entertainment than anything else.
I'm not so sure. We now have a good idea what's on his cheat sheet and - more importantly - have a number of URLs where some potentially interesting scripts may be found. It's possible (though if this is the sort of thing we're dealing with, I'd venture unlikely) that those scripts might provide information about a hitherto unknown local exploit.
(at a well-known company that makes security products involving pigs)
I'd suggest you take a good review of your company's product line. Seems all it takes to thwart your security is a ragtag group of birds with a large slingshot and good aim.
Demanding constant attention will only lead to attention.
So, back when I was an undergrad and used to play around on MUDs, my roommate and I wound up talking to a young woman who claimed to be a hacker. She wanted to get together, and asked if she could bring a friend. Figuring we were about to get incredibly laid, we invited her up to the university. Young and dumb, what can I say.
We met her and her friend at a rest stop. We waited for a long time, and were about to leave when an incredibly ramshackle old sedan rolled up, with its muffler clanking and rattling, its headlights flickering, and great clouds of blue smoke trailing out behind. A beautiful girl leapt out of the car, followed by her friend: a very tall, very skinny punker dude.
Our spirits were crushed, but being polite computer science students, we couldn't figure out how to get rid of them. They didn't have enough gasoline to get home, but they DID have booze. So we went back to the university.
Immediately they wanted to "hack a computer", and marched to the computer lab, which was still open. This was where we talked on the MUD. There was no talking them out of it. Trailing behind them, wondering what on earth they thought they were going to be able to do from a computer lab, we somberly shuffled along.
On seeing a computer, the girl leapt into action! jumping into the seat, she said "I'm gonna hack this bitch!" and her boyfriend perched on the back of her seat to egg her on. I said something like "hey, look, don't do anything that'll get anyone in trouble, ok?" and she said something like "don't worry, I'm leet, nobody's ever going to know I was here!" This did not soothe my fears. I was about to say something else when she got a DOS prompt, and started typing in random passwords.
> God
> File not found. (I don't remember the exact words)
> Sex
> File not found.
(This went on for a long time.)
My roommate and I chatted quietly a few feet away, greatly relieved. We admitted our suspicion that this person did not, in fact, know anything about computers, or possibly anything else. To our enormous relief, the person appeared to be harmless. Also, it was becoming clear that neither one of us were going to get any. We wondered what we should do. We didn't want to be rude.
Suddenly, I had a thought. "Let's get her into the MUD!" My roommate thought that was an excellent idea, so we said "Hey, somebody wrote this path on a piece of paper over there... Maybe it'll get you in!" She tried it, and was allowed to log into the MUD. She yelled out in triumph! She was invincible!
She played happily on the MUD for about a half hour, with her boyfriend proudly telling us how "leet" she's always been, and then we went back to our room. We let them crash on the suite couch, and they were gone in the morning.
I wonder how many "hackers" are like this? Just trying stuff they saw on TV, with no understanding of what's actually going on?
Anyway, she was gorgeous, so I think we can be forgiven for indulging her a bit. She was about 5'5, with pale skin, medium brown long straight hair down to her hips, and a mix of hippie and punk clothes. Such an appealing woman... Not really connected to reality, exactly, but definitely not boring.
Thus spake the master programmer:
"When the program is being tested, it is too late to make design changes." (Tao)