Archive for the ‘security examples’ Category.
Hackers put phony news items on USA Today’s Web site
Hackers put phony news items on USA Today’s Web site. BayArea.com Jul 13 2002 1:59PM ET [Moreover – Computer security news]
W2Knews Postmortem: How Sunbelt Got Hacked
W2Knews Postmortem: How Sunbelt Got Hacked
It’s just one of these things. You talk about security for years, you warn people once a week, protect your domains with many layers, and then some hacker walks right into your own open back door. [grin] At the end of this cautionary tale I will tell you what to do to prevent it in your own organization.
Here is how this whole thing went down, it’s not as bad as it could be, and our domains were never compromised. But it is egg on our face! Someone hacked into our phone system. It’s called phreaking, and has been done for decades. Lucky for us he was just talking to people instead of using it to (try to) break into other systems.
How it started? Last Thursday one of our Reps found she could not use her voice mail box anymore. It was forwarded to some strange number. The Admin in charge frowned, reset it, and things worked again. Then last Friday, it happened again, and with not just one but with a few mailboxes. Now we really started looking!
What the hacker did not know is that we have an advanced phone system that really is just software. The whole system is a W2K server in a special frame with 20 expansion slots. Each slot holds a card for 8 extensions. The software is powerful and allows you to reconfig anything on the fly instead of having to call your PBX vendor all the time if you move a few staff to new spots. The brand is Altigen.
We started to look in the Altigen console, and found a few mailboxes that were forwarded to far away countries. When we started to trace these down, it turned out they were Pakistan, Saudi-Arabia, Kuwait and the Philippines. Anyone that has followed the news recently can draw their own preliminary conclusions. So did we.
Since we can see everything in real-time coming in and out of the system, it was clear that a hacker had compromised a few mailboxes and was using these to break into other companies’ systems as well and create a chain of compromised PBX-es. In some cases we were the end of that chain, so we knew the final destination. The hacker was fairly smart in trying to hide their trail by dialing in, dialing out, and then dialing in again and use another mailbox.
However, since we could see and change things in real time, we took him off the voice T1, and rerouted him to a copper trunk which we could tap. And sure enough a both American and Arabic speaking male voice was busy making calls, through several other companies systems that he already “owned”. So while he was happily tapping away, we recorded what he was doing and called the FBI.
They actually are in a building 5 minutes from here so shortly they were over and listening in. And since Altigen dumps all the data into a SQL database, we were able to give them both the voice recordings and a detailed track of all the calls, their origination and destination points and duration. They were happy we could provide them with all the data immediately burned on a CD so they could start their analysis, using Excel.
The FBI agents told us that phone system hacking is happening thousands of times every day! And we had to shamefacedly admit that the password used for the compromised mailbox turned out to be the same as the extension. OUCH! The hacker simply cracked these mailboxes using this very simple trick. DUH. And me scoffing at the New York Times for using the last four digits of someone’s social security number as their default passwords…[grumble]
Luckily for us, the hacker never got into our W2K domains, and never used it for actual computer cracking, but a simple trick like this can cause damage in many other ways. Especially if one deals with a bit more sophisticated criminal elements. So we compiled all the evidence necessary and turned it over to the FBI Computer Crime Special Agents.
We then shut the hacker down, and changed all mailbox passwords to something a bit more sophisticated. We also shut down all international calling ability for mailboxes that did not need it, which was about 95%, and made some other configuration changes in the Altigen console which I’ll not go into. And to the hacker, if you read this, you were caught. Expect a tap on your shoulder any minute now.
Lesson learned: USE STRONG PASSWORDS FOR THE PHONE SYSTEMS AS WELL. Monitor your phone system logs for unusual activity and out of normal range events or durations, just like you would your networks and set red flags. You could dump that stuff into a flat file and use a tool like ELM to ping you when things are out of the ordinary.
Universities in NY, Netherlands Targeted in Warez Raids
Universities in NY, Netherlands Targeted in Warez Raids
[CNET article] [CNET article]
The US Justice Department and international law enforcement agencies
last week seized over 130 computers belonging to suspected software
pirates around the world. Many of the people targeted in the raids
have been providing law enforcement officials with information that
has resulted in additional search warrants. The Rochester Institute of
Technology and the University of Twente in Hilversum, the Netherlands
were both targets in the raids.
