Alejandro Caceres' weblog

Hacking is becoming easy. Gone are the days where some teenager would go on an internet forum and say “what program do I use to haxx a servoor and 0wnz some systemzz” and real hackers would make him feel small and tell him to go back to whatever AOL chatroom he came from. No, now it’s all about easy how-to guides. I’ve seen it far too often these days where I go on some random forum and someone is saying “hey how do I hack?” and someone is providing hacking tools, methodology, and general advice to this clearly irresponsible human being.

Why is it such a big deal? Well, the most notable place i’ve seen this is on a website called the Al-Mosul Islamic Network. A completely English-only jihadist website. Recently there was a post labeled “how to do step hack” which I can only guess meant step-by-step hacking guide, as it listed clearly how to deface websites and create anarchy online. It provided such wonderful tools including those to: (1) Use SQL injection tools (find vulnerabilities in websites and retrieve information from vulnerable websites) (2) hash cracking tools like john the ripper for cracking encrypted information (3) exploit various other website vulnerabilities

It seems to me like it was a post to reach out to jihadists that might have a vague interest in hacking, or perhaps even hackers that might have a vague interest in being jihadists. Either way, it read more like a “hey here’s some reallly cool stuff you could do for the jihad, look how easy it is!” Definitely seemed to me like a recruitment drive. This got me thinking that that’s not really rare, it seems to me like step-by-step how to hack guides are springing up all over, and the emergence of more advanced easy-to-use hacking tools has seriously increased the danger of the average script-kiddie. Sure, all the REAL hackers are the ones finding the vulnerabilities and writing the actual code to exploit them…but these dwarves standing on the shoulders of giants are becoming increasingly able to do some serious damage by using the easy-to-use tools provided to them.

The danger of jihadist cyber-attacks is therefore very likely to increase soon, as they gain a larger army of script-kiddies, using vulnerabilities found by the best and the brightest Russians, Americans, Chinese, etc, etc… I don’t think it will be long before we see significant dangerous cyber-attacks caused by terrorist script-kiddies.

Also it’s really weird to see phrases like “and then the hash is cracked, Allah willing.” At least they didn’t write Allah as 4114|-|.

Posted by Alejandro Caceres at 02:41 AM | Permalink | Comments (0) | TrackBacks (0)

A recent study by Symantec showed that Israel is very vulnerable to cyber-atacks right now. They’re in the top five right now of the least secure countries in the world when it comes to information security. Furthermore, the report states that more and more network infiltration and cyber attacks are coming about in order to further political goals and steal secrets from nations. Other unsafe nations include the US, China, and France.

McAfee has itself been a long-time proponent of the need to prepare for a global cyber-war, when two years ago CEO David DeWalt said that preparations should begin to made for just such an event as nations were likely to concentrate on cyber-offense in the future.. He’s currently patting himself on the back really hard.

David DeWalt’s newest invention

The point I’m trying to get across is that some of the major players in the cyber-security world are recognizing the signs of impending doom. I think this will help with collaboration between the private and public sector, which I think is much needed to have an informationally (<— apparently not a word) safe nation.

Also, if you’re going to hack something, make sure it’s in Israel, France, or the US for optimal results.

Posted by Alejandro Caceres at 06:47 PM | Permalink | Comments (0) | TrackBacks (0)

I was reading a history book the the other day and it inspired me to write something historical here. OK, maybe I was watching the history channel. Actually it was FX playing “The Patriot” with Mel Gibson, but you get the idea.

Either way, I was inspired me to write a blog entry about what I believe is the first time the government used a hack to cause significant damage to infrastructure. In 2004, Thomas Reed, a retired senior national security official, told the story of a KGB agent who was discovered to have infiltrated the CIA. He was stealing all kinds of data and new technology from everywhere in the country. The CIA then had two options:

1) the nice way (pick him up, torture him a bit, do some mind-control experiment on him or something)
2) what I like to call the “you stole my toys and now I’m going to kill your parents and burn your house down” way.

The CIA chose option 2. In all fairness we were in a “war” with them, a very COLD war if you will. The Soviets were messing with us in similar ways, so they did sort of have it coming. Anyway, here’s what the CIA did. Instead of letting on that they knew they had a spy, they started giving him opportunities to steal more and more new technologies, but they would modify them ever so slightly. For example, they’d let him steal a chip (computer chip, not fritos) that could be used by the soviets, but every few million cycles would just start to act funny. It might start delivering false signals, or use different logic rules.

The peak of this project was when they allowed the KGB to steal perfectly functional software with a few lines of code modified. The program was a more efficient than currently available software for running pipelines and conducting pipeline tests. Everything ran fine for a few months and then:

Pictured above: pwnage

It exploded.

The few lines of code told the pipeline to run pressure tests at ridiculous pressures after a few months.
As far as I can tell, this is the first significant hacking incident causing serious infrastructure damage run by a government. History is cool.

In conclusion, don’t F_ _ _ with the CIA, or they will punch you in the face. Really hard.

Actual IMINT collected by the CIA

Posted by Alejandro Caceres at 11:17 AM | Permalink | Comments (0) | TrackBacks (0)

An article in US News & World Report, reported on the training exercise “cyberdawn” which brought together government and non-government hackers and security experts to conduct a massive training exercise. Basically the hackers are going to try to break into systems while security experts try to stop them. There will be simulations of hacking into banking systems, power grid networks, and military systems.

This caught my eye for a few reasons. For one, they’re bringing together the military, private industry experts, and “teenage computer savants,” the article said. Sounds to me like those teenage computer savants means some teen black-hats, because come on, no teenager grows up thinking “you know what I REALLY want to do with my life? I want to work in IT/cyber-security!!” No, it’s always “I want to break into systems, steal things, and be awesome.”

So why would the military be using them in this exercise? Is it really just going to be this two-day exercise or are they trying to do some recruitment for the future cyber-warriors of America. Unfortunately, that’s highly classified and the nation’s official policy is to not talk about cyber-offense capabilities or plans. I guess we’re only allowed to bat our eyelashes and wink suggestively at plans though, so let’s all get together and give a big glaring look at other countries while not directly threatening them. Then if confronted about it, just act nice until they walk away and then flip them the bird while they aren’t looking:

“I can 0wnz ur systemz?!?”

OK seriously that’s the last lolcat i’m going to post. This is getting ridiculous.

Posted by Alejandro Caceres at 10:55 AM | Permalink | Comments (0) | TrackBacks (0)

Recently, Israeli newspapers released that Israeli intel agency Mossad used a Trojan horse to steal secrets from a high ranking Syrian officials laptops. Apparently these secrets included some valuable intelligence on a possible nuclear reactor being built in Syria. Though of course the exact intelligence hasn’t been released, Israel decided to bomb the facility, so we can assume it had something to do with nukes.

The precise story is that the high ranking official left an unattended PC in his laptop in Kensington, London. Mossad agents then entered his room, planted a Trojan that allowed them to bypass security on the laptop and stole construction plans, letters, and hundreds of photos. The photo showed the Al Kibar facility at various stages of its development. One of the photos showed an Asian guy who was identified as part of the North Korean program. Then the Israelis bombed the facility. Bypassing serious encryption is no small task, and I’m curious to know how exactly they did that with a Trojan. I assume the Trojan had to be developed beforehand and significant intel must have been collected on the exact encryption and security measures taken to prevent people from taking the data from the computer.

The group of agents responsilble for the hack (presumably)

Remember my previous post when I said other countries might respond to Ashiyane’s hacking abilities. Also remember how their hacks had Hamas written on them to show their support? I think it’s awfully convenient that the Israeli government chooses to release this now, this operation occurred in 2007, and there’s not much that might have caused the release of showing their own 1337 hacking skills except that (as I claimed in a previous post) Iran has decided to flex it’s cyber-muscles. I think this Mossad thing is a pseudo response, even though it’s not quite state-sponsored hacking and more like state hacking. In my view theyre saying, “ok you hacked some websites, that was obnoxious, but look what WE did.”

This indicates a couple of things:
1) Continue to look for other countries showing that they know what they’re doing when it comes to hacking. Whether it’s showing that their intel agencies can hack by developing Trojans and stealing information or straight up distance hacking of websites or networks.
2) I was right. Please shower me with praise accordingly.

Posted by Alejandro Caceres at 09:00 PM | Permalink | Comments (0) | TrackBacks (0)