Maximum PC


From phone lines to fake certificat­es and social engineers, hacker tradecraft has evolved spectacula­rly over the years


PEOPLE HAVE DONE BAD THINGS with computers for decades. Even before personal computers, people (“phreakers”) used to abuse telephone systems. The hacking journal 2600 takes its name from the 2600Hz tone required to trick AT&T phone lines into giving free calls in the 1960s. This was possible because the same line carried both voice and connection-management signals.

Such in-band signalling was done away with in the 70s when a new signalling system was introduced. This enabled different networks to send this data out of band. This system, known as SS7, is still in use today, and is vulnerable to a manin-the-middle attack. This has been exploited to allow second-factor SMS codes to be intercepte­d, and accounts to be compromise­d.

The Morris Worm is widely regarded as the first self-replicatin­g worm to spread over the internet. It was actually a well-intentione­d effort to highlight security flaws and count the number of computers on the internet, but an error led to it crippling somewhere between 2,000-6,000 of them (watch HaltandCat­chFire S2 E3). Robert Morris won the dubious honour of being the first person convicted under the Computer Fraud and Abuse Act (CFAA), but post-conviction completed his Ph.D. at Harvard and went on to be a professor at M.I.T.


The worm exploited a number of vulnerabil­ities in Unix tools, as well as weak passwords. The problem was re-infection. Morris didn’t want his worm to have to ask targets if they were infected and then infect them only if they replied no—this could be stopped by canny sysadmins installing a program that just says yes all the time. So he specified that one-seventh of the time machines would be re-infected. This, it turns out, was high enough that machines quickly ended up running several copies of the worm and became unusable.

Fast-forward to today, and in the headlines we see not only that rogue packages have been hiding in the NPM registry for years and opening shells on JavaScript developers’ machines, but also that several Russian individual­s have been indicted in the US for attempting to disrupt the 2017 French presidenti­al election, the 2018 Winter Olympics, and Ukraine’s power grid. The groups with which these hackers affiliate, it’s alleged, all report to Russia’s GRU military intelligen­ce unit. It’s a little chilling to be reminded that critical infrastruc­ture may be compromise­d relatively easily.

The Stuxnet worm is widely believed to have been developed by the US and Israel. It was discovered in 2010 targeting Supervisor­y Control And Data Acquisitio­n (SCADA) systems in Iran, where it’s estimated to have crippled one-fifth of their nuclear reactors. The worm was notable because of its ability to attack airgapped (not directly connected to the internet) systems, by exploiting vulnerabil­ities in how they handled USB devices.

 ??  ?? Even our venerable friends over at linuxforma­ have something to learn from this month’s feature.
Even our venerable friends over at linuxforma­ have something to learn from this month’s feature.

Newspapers in English

Newspapers from USA