Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: True tales of (mostly) white-hat hacking

Roger A. Grimes | July 23, 2013
Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security.

He was stunned. I told him that there were lots of smart hackers in this world and he wasn't the only one who knew how to get onto other people's system. I then politely asked that he stop attacking not only my system, but anyone's system, and to turn his curiosity into legal ends. He agreed. As far as I know, he didn't do any illegal hacking anymore.

Afterward, I got emails and IM chat messages from him for years. He went to college, got an engineering degree, and eventually became a midlevel executive at a computer company that got swallowed up by a huge conglomerate. He became fairly rich in the process. He has a wife and a few kids now. I don't know if anyone in his life knows about his hacking teenage years. I can only tell you that it appears one good scare helped turned his life around.

True tale of (mostly) white-hat hacking No. 5: Like spies to a honeypot. I had been hired to help implement honeypots. The client, a defense contractor and think tank, had been thoroughly compromised and wanted an early-warning system to detect malicious hackers or insiders and to catch any unknown malware roaming around its network.

Over the next few weeks we created a "honeynet" of early-warning systems, fake Web servers, SQL servers, and SharePoint servers.During any honeypot project, I'm often asked how we'll attract attackers to the honeypots. I always respond that there is no need to advertise; the attackers will find them. This statement is always met with skepticism, but it's held true over the years.

We fired up the honeypots, and sure enough, we immediately discovered malware that had not previously been detected. Better yet, within 24 hours we discovered that an internal employee was also roving around the network and hacking various systems. She was trying to break into the new fake servers, including the Web, SQL, and SharePoint servers.

We weren't sure what type of content the overly zealous employee was looking for or what her intent was, so we created a few different content areas. One dealt with a popular game, which half the users on the IT team seemed interested in. They were going so far as to hack into underutilized servers to host games and use resources. We also created sites centered on Middle East politics (the think tank's focus) and the space shuttle. We downloaded the content from publicly available websites, copied it to folders, directories, and databases that made it appear as if the information was top secret, and used wget to keep the information updated.

The internal intruder went for the serious stuff. She wasn't interested in gaming. We tracked her to an accounting/payroll department — by coincidence, literally on the other side of the wall from our honeynet team. The accounting department already had a Web camera in the room for payroll security issues.

 

Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for CIO Asia eNewsletters.