Slashdot Mirror

← Back to Stories (view on slashdot.org)

True Tales of (Mostly) White Hat Hacking

Posted by samzenpus on from the playing-for-the-right-team dept.

snydeq writes "Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security, writes Roger A. Grimes, introducing his five true tales of (mostly) white hat hacking. 'Three guys sitting in a room, hacking away, watching porn, and getting paid to do it — life was good,' Grimes writes of a gig probing for vulnerabilities in a set-top box for a large cable company hoping to prevent hackers from posting porn to the Disney Channel feed. Spamming porn spammers, Web beacon stings with the FBI, luring a spy to a honeypot — 'I can't say I'm proud of all the things I did, but the stories speak for themselves.'"

35 comments

  1. Grimes is alive? by Anonymous Coward · · Score: 0

    I thought Frank Grimes elecfrocuted himself years ago. Poor Grimey.

    1. Re:Grimes is alive? by Anonymous Coward · · Score: 0

      That's his son. Frank happened to like hookers.

  2. posting porn to, say, the Disney channel by Joe_Dragon · · Score: 1

    much worse has happened and it has been someone at the cable head end messing up.

    Like porn on the OTA channel showing the super bowl on cable systems or porn showing up on the EAS / public access channels.

  3. The Security of Many Eyes by VortexCortex · · Score: 4, Funny

    'Three guys sitting in a room, hacking away, watching porn, and getting paid to do it — life was good,'

    It's not gay if we don't make eye contact with each other... Why are you staring at m-- Ohh, my bad. Carry On!

    1. Re:The Security of Many Eyes by CheshireDragon · · Score: 1

      Bothered me when I read that too. One thing I never want to hear is, "You all got boners too?"
      I've never watched porn with other guys, nor has any one of my male friends asked if I wanted to watch some porn with them.
      I'm sorry, but watching porn is a private thing.

      --
      "That's right...I said it."
    2. Re:The Security of Many Eyes by Anonymous Coward · · Score: 0

      I am a totally hetero man, even with a girlfriend, but when I was a really young kid my friends and I would have circle-jerks. It didn't take much - a bikini on TV or a stolen porn vid, whatever, and the two friends in the room and I would whip out our members and start whackin' on the spot. And even they made fun of me because of my willingness to jerk to just about anything -- notably a female scantily-clad anthropomorphic Chihuahua depicted in the Starfox comic which ran in Nintendo Power magazine. A magazine that, along with every other magazine in the house, had its pages stuck together. I'm actualyl really fortunate that I don't talk to those guys anymore, because it would be really awkward -- especially because one of them gave my girlfriend a big sloppy kiss after she had sucked my dick on the kitchen floor.

      But now, yeah, I think its creepy when my friends or co-workers whip out their cell phones and describe what's playing, like "She's not really squirting, she's just pissing," or "look at that guy bitch-slap that woman sucking his dick." Makes me wonder if they jerk off to it during their bathroom breaks.

      -- Ethanol-fueled

    3. Re:The Security of Many Eyes by Anonymous Coward · · Score: 1

      If you RTFA, you'll see that their employer specifically asked them to experiment with stealing porn from the porn channels as well as putting porn on family-oriented channels. This isn't a case of some guys at work wasting company time watching porn together, they were legitimately tasked with looking for exploits related to porn on the device.

    4. Re:The Security of Many Eyes by SuricouRaven · · Score: 1

      A chihuahua?

      Krystal I can understand. Everyone finds Krystal hot. But a chihuahua?

    5. Re:The Security of Many Eyes by CheshireDragon · · Score: 3, Interesting

      Yes, I did RTFA. I've done things like this before when I was doing industrial hacking back in the late 90s. I understand the joy they were getting from doing this job and succeeding. What is creepy is how he worded it.

      "Three guys sitting in a room, hacking away, watching porn, and getting paid to do it — life was good," Then he added "The only thing missing was the beer."

      I just see it different. Could also be the fact that when I worked with a team in those days, it was always remote with the others scattered across the country and it wasn't hacking cable companies, but routers. So, there was no TV.

      --
      "That's right...I said it."
    6. Re:The Security of Many Eyes by i.r.id10t · · Score: 1

      Buddy of mine would put on porn tapes of just snippets of action during parties - no lighting effects, no music, just 10 to 30 second clips of raw hard farking in various gender combinations. Then mute TV, play at 2x speed, and crank the stereo up. Seemed to work well.

      --
      Don't blame me, I voted for Kodos
  4. same Web server and setup was being used in millio by Joe_Dragon · · Score: 1

    i-Guide

    Now did that hack let you get FREE HBO and PPV movies or just local remap channels?

  5. And yet the cable co's clam nohackers hit your box by Joe_Dragon · · Score: 2

    Over the years there have been stores of getting big pron PPV / VOD bills for shows they did not see how likely was it that some hacked the box so they where able to get free pron?

    http://consumerist.com/2008/06/21/listen-time-warner-the-60-year-old-english-teacher-didnt-order-1400-of-porn/

  6. "three guys" by Joining+Yet+Again · · Score: 1

    One of the sillier things that the culture of individualism has brought is heroism: the idea that one person or a very small group of people are supermen, able to challenge all perceived evil and win the day. But it's bullshit. There are only two ways to make a system secure: 1) Have everyone on your side; 2) Have no one use it. 2 is approached by an awful lot of firms: why release an exploit for system X, when you get 100x the exposure with an exploit on system Y? 1 is approached another way: many eyes. Three guys in a room aren't going to find shit, no matter how much porn they watch (well, unless it's *that* sort of porn). There will always be hundreds among the 7 billion odd people who will spot something you've missed. So, a security team comprising only three people is merely there for show, and the only reason you haven't been broken into is because you've approached close enough to 1 or 2.

    1. Re:"three guys" by Anonymous Coward · · Score: 0

      Plenty of examples where a thousand guys can't do the job that 3 can. UNIX for one.

    2. Re:"three guys" by sjames · · Score: 1

      Mostly the 3 guys find the stuff that every bad guy and his brother would find. There's still hundreds out there who could exploit some undetected flaw, but that's down from many many thousand. You can hope (but not be assured) that they'll be too busy having fun with someone else's security holes to get around to you.

    3. Re:"three guys" by Anonymous Coward · · Score: 3, Interesting

      Ah yes, another Slashtard screaming that if you can't solve every problem then you can't solve any problem. So black and white. So lunkheaded.

      For those of us that live in a world with shade, color and hue? We're a bit more progressing in our thinking. That's what makes us humans.

    4. Re:"three guys" by pr0fessor · · Score: 1

      One of the sillier things that the culture of individualism has brought is heroism: the idea that one person or a very small group of people are supermen

      Supermen are not required to secure a system and a few or one intelligent person can challenge the ideas of the day and keep moving us forward.

      Sure I could probably hand pick a group of a hundred people that couldn't set the clock on your microwave or I could find just one person that could build you a microwave and set the clock.

      After all we are individuals, I have no idea what you had for breakfast.

    5. Re:"three guys" by Em+Adespoton · · Score: 1

      I have no idea what you had for breakfast.

      The Superman comment might help us narrow that down :D

    6. Re:"three guys" by minstrelmike · · Score: 1

      Huh? You act like the 'culture of individualism' is something new, possibly American.
      Read Homer's Odyssey. Or most any polytheistic mythology and see what sorts of humans the gods deal with.
      It's all about heroes.

  7. Yawn. by Anonymous Coward · · Score: 0

    If you need a hat to show what side you're on, you're not a hacker. You may be a cowboy. There's lots of them in the IT security industry. But you're no hacker.

  8. Say what? by macbeth66 · · Score: 1

    'I can't say I'm proud of all the things I did, but the stories speak for themselves.'"

    Not proud? I assume that means that you were not proud of watching porn with three other guys. I don't even want to know what you did that might make you feel not proud.

    But good going with the techniques you used to catch the bad guys,

    Spamming porn spammers, Web beacon stings with the FBI, luring a spy to a honeypot

  9. The truth revealed writer's choice of words by FuzzNugget · · Score: 1

    ...watching porn...probing for vulnerabilities...

  10. Heh. This reminds me... by Chas · · Score: 5, Interesting

    ...of an idiot who was teaching people how to hack into certain types of setups in an open IRC channel of mine.
    And he was using his employer's servers to do it!

    Now this guy was, at the time, causing ALL sorts of grief for me and several of my colleagues. He kept trying to hack our message boards, hack our e-mails, break onsite computers, tried DDOS'ing us numerous times, was sniffing wifi traffic for all he was worth, etc. All while claiming he was "twice the hacker of all of us put together".

    Anyhow, I was basically logged into my channel 24x7. So I'd logged the whole thing. Including the part where the guy promised to "eventually" get around to cleaning up the hack job they'd used to get in.

    Well, he probably WOULD have.
    Had a copy of the complete IRC log, including the mention of live customer financial data being on that server, NOT found its way directly to the company's owner.

    The next time the guy came in, he was detained, his system was imaged for evidence, and he was let go.
    And it took him nearly 3 months before anyone got around to actually telling him who'd dropped the dime on him.

    And all without doing a single illegal thing.

    I later wound up helping the FBI give him a vacation at Club Fed.
    And it looks like he's going back to stay for a while.

    --


    Chas - The one, the only.
    THANK GOD!!!
    1. Re: Heh. This reminds me... by chromeronin · · Score: 3, Interesting

      Sometimes it is the simplest of things, a client of mine was experiencing random server "crashes". Investigate, and find every single one was a controlled shutdown initiated by the admin user account. I said they should change the admin account ASAP. They said they had tried but other systems where the previous admin had used the admin account would break, and they didn't have a list. To what would be affected. I said and this is better than having someone randomly shutting down your operations, and potentially stealing anything they wanted, or leaving behind Trojans or back doors? 10 minutes later the admin account was disabled, and we just started trouble shifting and changing other system as they appeared broken, then the next user account was was found that started shutting stuff down. Any remote access to these systems? Well the previous IT providor used to use team viewer........ Changed that account and the attacks stopped. Sometimes it really is just the simple things.

  11. 80/20 rule of thumb by Anonymous Coward · · Score: 0

    If a low level of effort can take care of 80% of your problems, then it is worth the effort

    Suppose that most (guessing 90%+) hostile attacks on servers are using a commonly known technique, and that there is either vendor or SANS guidance on dealing with it, then three people can certainly perform the penetration test, test the solution and set it up to be rolled out by existing operations staff

    Sure, the first day and closely held techniques (imho small %) could play hell with you, but the people who actually have access to them are more likely to be targeting vast sums of wealth than playing pranks on Disney

    And yes, I researched, developed and deployed a security solution for a mid-sized data center in less than two months. There was no heroism, just a long grind, lots of documentation and getting rif-ed at the end of the lock-down

  12. Ethanol-fueled totally hetero man ,, by Anonymous Coward · · Score: 0

    Did your underpants get sticky while you were typing that?
    --

    ref: big sloppy kiss, bitch-slap, circle-jerks, girlfriend, hetero man, jerk off, jerk to, just pissing, pages stuck together, porn vid, really squirting, scantily-clad female, sucked my dick, sucking his dick, whackin ..

  13. Re:And yet the cable co's clam nohackers hit your by Anonymous Coward · · Score: 0

    Wow, I guess you really are just typing with one hand.

  14. Re:And yet the cable co's clam nohackers hit your by Anonymous Coward · · Score: 0

    Sorry about that! This guy was selling "Digital Cable Descramblers" which I knew was bullshit because the device was literally just the male end of a cable...however...
    THE FUCKIN THING WORKED!
    I guess it was just a MAC address spoofer and someone else got charged for what everyone was ordering.

  15. how many idiots does it take to lock the door? by raymorris · · Score: 3, Interesting

    Nothing will ever be proven 100% secure because it's easier to break things than make them. However, typical software is akin to a car door that's not only unlocked, but swung wide open. 95% of developers have less than two weeks of security training, often less than 8 hours. They put approximately zero effort into security. It doesn't take a huge team of security experts to close the door and lock it.

    When I started my current job, it took me maybe 40 hours to reduce our attack surface by 90% because my predecessor either knew nothing about security, or just didn't care.

  16. Infoworld by Anonymous Coward · · Score: 0

    Same source as this fairy tale.. http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266

  17. Bs by Anonymous Coward · · Score: 0

    A browser based xss attack that can traverse the file system and return a passwd file? Sorry, but I'm calling bs. Even if the javascript code exploited a vulnerability in the browser's sandbox, i highly doubt many phone jockey call center pcs are running a posix os with a passwd file. This whole article stinks of bs and loosely related security buzz words sequenced together to form something halfway inteligable for someone who knows little about security.

    1. Re:Bs by Anonymous Coward · · Score: 0

      A browser based xss attack that can traverse the file system and return a passwd file? Sorry, but I'm calling bs.

      Your post stinks of someone who read the summary and rushed to shout "BS!" without, you know, actually reading the article.

      FTA:"I was able to access the set-top box using a simple directory traversal attack (such as http://..//..//..//). I was in as root and had complete control of the device. It was running an old flavor of BSD, which was full of vulnerabilities by itself."

      And then a little farther along:"While attacking the set-top box, we found it contained an HTML firewall log, which had an XSS vulnerability. The log would record all Web packet content details after we raised its debug level. Then we crafted an attack packet containing malicious JavaScript and called the cable company's tech support number.
      Posing as a regular customer, we complained that we thought someone was attacking our cable box and asked if the technician could take a look at our device's firewall log to confirm. A few minutes later up popped the technician's shadow and passwd password files. When executed, our encoded malicious JavaScript packet would look for various password and configuration files and, if found, send them back to us. The technician had viewed the firewall log, the XSS had launched, and we ended up with the company's enterprise-wide root password."

  18. one page version by tomlouie · · Score: 1

    Oh, for the love of %DEITY....

    Here's a link to the one page version of the story:

    http://www.infoworld.com/print/222831

  19. This guy is full of BS by Anonymous Coward · · Score: 0

    I hope nobody takes this article even remotely serious.

    It's obvious the author has no idea what he's talking about, and didn't perform any of the attacks that he's mentioned - his example of dot-dot-slash directory traversal, and XSS itself are entirely incorrect - not in a technical nitpick way, but as-in, someone who knew how to utilize such attacks most certainly wouldn't describe them as he has.

    Charlatan.

  20. Re:And yet the cable co's clam nohackers hit your by Anonymous Coward · · Score: 0

    Sorry about that! This guy was selling "Digital Cable Descramblers" which I knew was bullshit because the device was literally just the male end of a cable...however...
    THE FUCKIN THING WORKED!
    I guess it was just a MAC address spoofer and someone else got charged for what everyone was ordering.

    I doubt it was a MAC spoofer, you'd still run into purchase limits and eventually the cable company would start digging into why they were getting sued by a shitload of people in a single town for large amounts of bogus purchases.

    More likely scenario is that it had a small in-band signalling chip that sets the box to what is called "Tech" or "Factory" status. It's a special operational mode where the box assumes it's authorized for everything and that you've already paid for everything, so it never even sends a purchase request up to the head-end equipment. The programming sent down the coax is usually encrypted these days, but the signalling which controls the box status and does stuff like removing PIN locks, resetting, forcing code downloads, etc. is usually signalled "in the clear".