Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: True tales of (mostly) white-hat hacking

Roger A. Grimes | July 23, 2013
Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security.

With our trap in place, we set up a sting. We contacted our Egyptian friend via phone to notify him of our plans. We sent an email discussing a nonexistent bid, along with our Web beacon. Further, we made a bid price that was several orders of magnitude higher than either party normally negotiated and used a fish type that did not exist. Everything about this email screamed fake, if you took the time to research it.

Immediately after we sent the email, the former VP took the bait, sending a bid to our Egyptian exactly 1 cent lower than our extremely high price. I was also able to produce evidence that the former VP accessed the university email system just prior to his response to the fake bid, and our Web beacon worked as planned. We had his IP address, which tracked him to his home. We knew it was his company; we knew it was him; we knew he had been illegally reading emails.

It was an open-and-shut case, although it took years to wind its way through multiple court hearings. Years after the hacking event, I learned that the CEO never changed his email password, proving once again that I understand computers way better than humans.

True tale of (mostly) white-hat hacking No. 4: Hacking comeuppance. I've been actively fighting malicious hackers for three decades and have been hacked only twice — once, because I knowingly ran an early computer virus on my system but had forget to set up a safe "jail" before executing it.

The second time, a hacker had sent malicious emails to my InfoWorld address in an attempt to take over my computer. I usually investigate these infrequent occurrences if only to see whether the attack is unique or unusual. In this particular case, the hacker had sent me a GIF file, which took advantage of a brand-new zero-day exploit that buffer-overflowed a Microsoft Windows graphics handling file and gave the attacker full control of my system.

I was getting ready to head on vacation, after a few hours of sleep, and was in such a hurry that I didn't take the time to open the email in a virtual environment, like I normally would with an email I knew to be malicious. I also couldn't believe that the attached GIF file could buffer-overflow my system. Many hackers have claimed the ability to do this for nearly two decades, but up until that email, it had never been accomplished in the wild. I was overly confident, perhaps a little cocky, that this malicious graphics file would be like the rest — harmless.

I was wrong. Immediately upon executing it, I could see it implant a backdoor Trojan and dial home. It took me by surprise. After hitting myself in the head a few times for executing a known malicious file on my personal computer, I disconnected from the Internet and immediately began defanging the newly dropped Trojan.

 

Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for CIO Asia eNewsletters.