Alternative 3, p.7
Alternative 3, page 7
Curtis and Turk wandered the exhibition hall. It was loud, brash and in-your-face. Turk fitted right in. Curtis looked at the schedule for the presentation sessions. Various ‘experts’ were doing sessions on everything from cryptography to cyber-forensics. Curtis knew that there were any number of security experts and cyber-police, and the odd federal agent, among the hackers. And then there were the corporate recruiters. All assembled to discuss the latest trends in security exploits. One of the break-out sessions even included a panel discussion with security officials from the Army and the National Security Council, with none other than the White House Security Director himself.
The conversation was all computers. Issues like high and low entropy, weak algorithms, credential checking and other techno-talk bounced around the convention. But the big talk was BO2K2.
A couple of years back a group of Californian hackers calling themselves The Cult of the Dead Cow released a new programme that sent shockwaves through the computer underworld. Back Orifice, a typically hackeresque play on a popular Back Office software package, was a remote computer surveillance tool. And even better, it was, as hackers so delicately put it, ‘self-installing’. The Cult had released the programme onto the web, where anyone could download and ‘experiment’ with it. That meant by now there were hundreds, possibly thousands, of dubious characters using it. The programme was loaded onto an unsuspecting victim’s computer, either through email attachments or more subtle means. Once there, the ‘remote user’ could pretty much do anything the victim could do on their own computer, including controlling the full file system, grabbing video from any webcams they had hooked up, and seeing their screen and what they were doing on it in real time. Powerful stuff. And the new version was even better, depending on your point of view. That’s progress for you. But Curtis was here for the competition, and so was the crowd.
‘Good afternoon, ladies and gentlemen. Welcome to DefCon!’ began some dude with a microphone on the stage. A tremendous roar went up from the crowd. They were hyped at the thought of seeing some of the planet’s best hackers in action.
‘We are DefCon!’ screamed the announcer. Maybe his day job was preaching somewhere down the Bible Belt. The crowd loved it.
Curtis and Turk stood in the seething mass of subversive subculture and waited for the show to begin. And begin it did.
‘DefCon has been held every summer for eight years now,’ began the Preacher. ‘Over those years it has grown in size, and attracted people from all over the planet. People come to meet other hackers. People come to hang out with old friends. And people come to listen to new speeches and learn something, or just to hack on the network. That’s what DefCon is all about!’ More yelling. He had the crowd pumped.
‘We are not trying to teach you how to hack in a weekend. We’re creating an environment where you can hang out with people from all different backgrounds, all of them interested in one thing — computer security.’
The Preacher was on a roll now. No stopping him or the crowd. ‘I’d like to extend a special welcome to our friends from the many law-enforcement agencies represented here today.’ A big laugh. They liked that one.
‘So to all you hackers, would-be hackers, security consultants and federal agents, now’s the time for a good time! Now’s your chance to share alcohol. Codes. Ideas. And for the lucky ones — casual sex!’ That really struck a chord with the overwhelmingly young male audience. Dream on, thought Curtis, unless it was going to be with each other.
‘But DefCon exists for many reasons. We want to spread knowledge and information to all who want to learn. Information about computers, telephones, the underground and technology in general. Hackers have undeservedly held a tarnished name for too long. And we plan to build that name back up. Instead of thinking criminal or vandal, we want the public to think of knowledge seekers and curious wanderers.’ Curtis had to hand it to this guy. He was good.
‘Destruction and unethical ignorance has plagued the underground for too long! Let’s bring back the old-school ways of penetrating systems for the knowledge they hold. Not to destroy them. We’re not going to change the hacking world, but we can do our part to help us to be better understood.’
The Preacher was starting to lose Curtis now. Just a little too full on. But it sounded great, and went down with the crowd even better. After several more minutes of preaching the underground gospel, he finally got round to what everyone was waiting for him to do — announce the competition. Curtis was more than ready.
‘The Shield is a new security software system that its developers claim can’t be breached. At the European Systems trade show in Munich, the Shield survived 1.4 million hacks from 360 000 anonymous ISP addresses. They’ve sold a lot of product since. In fact, they think it’s so good that they’ve put up $50 000 in prize money for DefCon, because if one of us doesn’t crack it, they’re gonna sell a whole lot more. So don’t get me wrong. This is a formidable foe. We are their litmus test. They know they can’t model the collective genius of the hacker community in a lab. Only the best will have even a chance to bring it down.’ Yeah, yeah, thought Curtis. Get on with it.
‘This technology is aimed at protecting web servers from attacks that seek to alter data and web pages, or steal information and monetary assets. Contestants, you have a PC with your name on it somewhere in the hall. There are maps to find your way to your designated computer. Your challenge is to break into a fictitious e-commerce website we’ve set up. The only hitch is, the site is protected by the Shield. You have two hours to penetrate the system and to steal as many indices as you can. The winner is the person with the most indices. And they’ll leave $50 000 richer for their efforts. Good luck to you all. Let the competition begin!’
OK, that’s the challenge, thought Curtis. Stealing indices. Indices were merely groups of numbers. But to the uninitiated, they looked suspiciously like credit-card numbers. Turk was getting right into the interactive element of the Preacher’s address. But Curtis was already thinking. Planning his hack.
‘Come on, Turk,’ said Curtis. ‘We’ve gotta find the map and get to our PCs.’
‘Yeah, OK man.’ Turk followed Curtis through the crowd to a badly drawn map pinned to a wall. They found their PCs, Cyrus the Virus and SuperCool, right next to each other at the lobby end of the hall.
Beside their PCs, which were sectioned off from each other but with the monitors facing the crowd so people could watch the contestants at work, Turk put out his hand. ‘May the best man win!’ he said chivalrously. Curtis smiled and shook.
‘See you in two,’ said Curtis.
The computer stations had been thrown together in a hurry. The bargain-basement desks and folding chairs were a give-away, but so too were the pre-installed software packages. Curtis did his best to shut out the noise and ignore the spectators wandering from competitor to competitor, assessing their chances, and probably taking bets too. He felt fidgety. Nervous.
He forced himself to concentrate. OK, he thought to himself as he logged onto the net, we’ve got a certified internet email delivery company. Time for some scouting. Curtis knew from experience that the more he knew about his target the better, even if it was going to take some time to find out. Time was the challenge — anyone could take down a system if they had long enough. But Curtis had two hours, and the clock was ticking. First things first.
He pulled his PocketPC from his bag — his small handheld computer organiser which could do anything from running his diary and some pretty nifty games, to sending and receiving email, surfing the net and playing music. It could also store programmes. And programmes were the tools of the trade.
He set the timer on it for two hours, and after a long search through his bag for a pen and pad, began his hack. He rubbed his hands together as he scanned the target website for partner affiliates, to find any corporate links to the target network. Nerves, dammit. The mouse felt familiar and comfortable in his hand. But he had to force himself to focus, to get into the zone. He pulled his MP3 player from his bag and wrapped the phones about his head. Time for some energy. Time for some Stones. As Keith Richards ripped into the first chords of ‘Jumpin’ Jack Flash’, the bright lights and clamour from the hall began to fade away from his consciousness. Party time.
Curtis knew the weak link was often a fringe partner organisation that wasn’t as secure as the main network. It was a possible way in. But he was disappointed — nothing stood out. Next, he clicked over to the InterNIC and ARIN registers, the services that assign and record domain information. Curtis keyed in a WHOIS command. Several seconds later he’d verified the domain name of the target and IP address. He scratched a note to himself on his pad — three servers. That meant three possible entry points.
He also now had the company nicknames, and the names and phone numbers of the site administrators. Not hugely useful in a short penetration exercise like this, but you never knew. Anyway, he had an overall picture of the target’s network configuration.
The next step was to run a traceroute against the three IP addresses. Network administrators used tracerouting to track packets of data travelling between a source and its destination, similar to a sonar ping by a submarine. The traceroute told Curtis that a router was blocking his packets. A router sits as a sentry to a web server, which meant this router was doing its job. Shit. But Curtis was able to trace the outgoing traffic to a specified port number, which the target used to connect to its ISP. OK, ladies and gentlemen. Time for some hacker tools.
Curtis pulled a floppy disk from his bag and installed a host programme for his PocketPC into the computer, and while that was running, connected the device to the computer with a cable from his bag and selected his favourite tools for transfer. Soon his first programme was installed, and he was running a set of timed pings to a specified range of ports. The pings were slow and small enough to fall beneath the radar of intrusion-detection software. Of course, he could have gone for a full-blown assault on the network, but that would have brought the entire server down. While it would have given him a lot of information about the system, it would have been impossible to restore the system within the two-hour time period. He’d have to continue with the stealth attack.
Next he ran an IP network discovery tool, looking for an open port to use as a possible entry point. The software wasn’t sophisticated. Just clever. Soon he had enough information to deduce which IP address was the router, and make an educated guess that the third IP address was the target’s proxy server. An instant later he had the specs on the target’s network software. Bingo. He fired off a few command lines in short, machine-gun blasts. This was familiar territory now.
He established a ‘null’ session with the target server, avoiding the need for user passwords or ID. By logging on as ‘null’, Curtis was able to see everything and anything he wanted to on the target machine — password files, user accounts, network services, the works. And none of it was logged.
The only drawback was that he couldn’t touch anything, but that didn’t stop him from copying down a few user names on the notepad. Then he logged off, and logged on again using the user name ‘backup’. He didn’t have the password though. Time for an intelligent, scientific approach. He’d have to guess. Curtis couldn’t help smiling in spite of himself. He had it with his first guess. It wasn’t rocket science — the password was ‘backup’. Doh! It still surprised Curtis at how slack people were with passwords. Even administrators running a simulated network they knew would be hacked. Go figure. He stole a glance at his timer. Forty minutes to go. It would be close. Real close. He wondered how Turk was getting on.
Soon Curtis had compiled a list of password hashes representing all the encoded passwords on the system. Now to decode them.
He installed a crack programme on the computer, and ran the coded passwords through it. In less than 15 minutes he’d cracked 70 per cent of them. More importantly, he had the one he was looking for: SuperUser. In minutes he was in, searching through the system files for databases of indices. The prized indices. But he’d have to work fast. It would take time to download them.
Curtis’s hands were sweating now. He was close. He found the file he was looking for and initiated the download. The little grey bar began its long journey across the screen. Could it go any slower? He figured that by now most of the competitors would have some kind of access into the server. That would be slowing the system down. But there was nothing to do now but wait. He willed the little grey bar to grow — move, goddammit! Suddenly his monitor lit up with an access control list warning message. Curtis froze in horror.
The security system knew its doors were being rattled, and it was warning him, since he was logged on as SuperUser. That meant someone was launching an all-out assault against the entire range of ports — one through 65 334. Curtis shook his head in disgust. Someone was blitzing the machine. Too much ‘noise’. He watched his transfer bar closely. It had stopped moving. The system was closing itself down. Shield was doing its job. If Curtis’s approach had been a stealth operation with a few special-ops guys using knives, this was a full-blown airborne assault with B–1 bombers. He threw his hands up in disgust, just as the timer chimed. He was out of time. Shit.
It was over.
The network administrator closed the system and the computer terminated his session. Curtis wasn’t pleased, but he’d given it his best shot. Now he had to wait along with everyone else for the results. He threw his PocketPC and notepad into his bag, cursing himself for even coming. He knew he shouldn’t have listened to Turk. What the hell had he been thinking? He’d just have to hope he could get a flight back from Vegas that night so he wouldn’t miss any more work. Terry Hay was probably starting to wonder where he was. He couldn’t afford to risk his parole. Not for anything.
He’d been crazy to think he could still foot it with the best. There was probably a whole new generation of hackers now who could leave him for dead. And they probably had.
‘Dude!’ It was Turk. Didn’t this guy ever give it a rest? ‘How’d you go?’
Curtis shook his head. ‘Bummed out.’ An expression that could have been sympathy flickered across Turk’s face.
‘Too bad, man.’ Then he was back to his old chipper self. ‘Let’s go see who got the dough. Only takes them a few minutes to get the results!’ He was off.
Curtis had to scramble to keep up with him in the crowd hanging round to find out this year’s winner of the competition. The Preacher was in a very serious-looking huddle on stage with some guys with long hair in ponytails and black T-shirts. The crowd was buzzing, and there was a current of excitement running through the hall. Amongst the bizarre collection of characters pressed together in front of the huge stage, Curtis spotted a face he recognised. Gina!
He watched her closely for a second. She was waiting for the results, and looked as though she was on her own as well. Curtis figured he had some time to kill, and since he was leaving later he should really be polite and at least say hello. He fought his way through the crowd to where she was standing, and casually stood beside her as though he hadn’t spotted her yet.
He pretended to suddenly notice her. ‘Hey, Gina!’
She looked around suspiciously. Heck, she was one of the few babes in the middle of this male madness, so she’d probably been hit on a hundred times before breakfast. Curtis was starting to think this was a bad idea, when her face broke into the most amazing smile he’d ever seen. A real traffic-stopper.
‘Hi Curtis!’ she shouted over the din.
Curtis leant closer to her ear to be heard. ‘How’d you go?’
Gina shrugged her shoulders. ‘Did my best. That’s what matters, right?’ Curtis couldn’t tell whether she was serious or not, so he decided not to push it.
‘Right.’ He nodded casually.
‘What about you?’
Curtis decided to play it cool as well. ‘Not as well as I’d have liked.’ Gina nodded her sympathy. He couldn’t think of much else to say so he just stood beside her while they waited. But then she threw her bag over her shoulder and started to leave.
‘Aren’t you staying to hear the results?’ Curtis tried not to sound too disappointed, but Gina shook her head.
‘I’m not into crowds. And they’re taking forever. Good luck, Curtis.’
The thought of losing Gina in the crowd sent a surge of bravado through him. Or was it desperation? Whatever the case, he surprised himself. ‘What are you doing later? Want to catch up? I’ll fill you in on how badly I did.’
Gina surprised him as well. ‘Sure,’ she said over her shoulder as she squeezed into the crowd, and disappeared. Great going, Curtis. No mobile number, no time or place. Just, ‘Sure’. A real mystery babe.
This whole trip was turning into a lost cause. Curtis was still kicking himself and cursing Turk under his breath when the Preacher finally approached the microphone, looking very important. He was clearly taking his responsibilities very seriously.
‘Ladies and gentlemen, hackers and hackettes!’ The roar from the crowd was more from impatience than excitement. ‘I have the final results of the competition.’ Another roar and a few whistles.
‘First of all, congratulations to all hackers who entered the competition. I can confirm that the system was breached, and we do have a winner!’ Yeah, yeah, thought Curtis. Maybe it was time for him to bail as well. He looked about for Turk, but he was nowhere.
‘I have the Chief Security Officer from the Shield with me to present the cheque for $50 000. Give him a big hand!’ As several hundred hands were raised in mock salute, Curtis thought the Shield guy looked pretty sheepish. Their system had been penetrated. He’d be back to the drawing board on Monday, as well as answering some tough questions from his investors. But you had to hand it to him. It took balls to put his product on the line.
