Thoughts of the perfect hack!
Posted on August 7, 2008
Filed Under General, Hacking |
Definition of a perfect hack:
So, what exactly is a perfect hack?, well my definition is a clean in, taking whatever
you came for, and taking off without having anyone notice, without leaving tracks
as if it never happend.
The real world:
ofcourse in the real world this scenerio wont always be possible, for couple
of reasons; it might just be that the goal of your hack has distructive intention,
like distroying some framing data or spread some malicious creature inside a
network for whatever reason and it is very clear that someone would eventually
notice.
another possibility is some inescapable detecting system monitoring every bit in
the traffic flow and even if we use some methods of steganography/cryptography
to camouflage our doings if the person behind the monitor is good, and knows what
he is doing, he will notice your activity
Always keep in mind:
No matter what we do or how we do it, the first and the most important rule is
Rule #1: Do not get caught!.
therefore if we follow rule #1 at the top of everything we need to be Untracable,
even if we will get noticed somewhere in the process. considering today’s recources,
and the ability of the local police/agencies it is very possible to trigger such an
untracable hack. (note that nothing/no one is perfect so take the term untracable
in proportion)
Annonimity fundamental:
some fundamental methods of annonimity, is to never leave obvious tracks such
as your handle, e-mail address and even arrogant qoute/message or any other
human-ego tracks that could eventually lead them to you, never talk about your
hack before or after you do it ,in other words dont make too much “noise on the line”.
another thing is not to use direct connection between you and the target, for this
cause it is very usefull to use a SOCKS/HTTP/Tor(if you trust it) services on some
compromised box or even chain couple of proxys that would leverege your annonimity.
all those suggestions are known stuff, and if you’re planning a real hack and not some
stupid web defacment you should know them.
ofcourse the are way more elements of annonimity but i aint gonna list them all here.
the problem here is that virtually sitting behind couple of boxs is still not safe
enough for you and if the people that are going after you are good, it is very
possible that they will track you down.
Wireless Hop’ing Attack(WHA):
in the past everything was wired with cables and if you want to be conncted
to some network you had to be somehow physically wired to it. this reallty has
changed, nowdays the internet is flowing on the back of wireless networks in
almost every settled civilization, networks are transmiting/receiving bits over the
air. in my country almost every house has a wireless networks and most of them
arent really secured for user comfortability reasons,
and those that are secured with encrypted transformation(WEP/WPA) can be
broken within minutes or hours.
in addition most of those networks router are protected with default password
which is a great start if you wanna compromise some computers in that network
as well. now lets say you have a target and you already know your way into
this specific system, you just need to make sure no one could ever trace you.
So you go out for a war driving trip. looking at the great view, maybe even at
some walk-on-by chicks, while slowly breathing those great wireless bits of
information that flows around us. maybe even logically XOR’ing AND’ing
(OR’ing NOT’ing) some of them in your head just for the fun of it.
now lets do what we came for to do and thats collecting location of
open/insecure(hackable) wireless networks, except that the goal of this
wardriving isnt really the chicks or wireless networks themselfs,but searching
for a suitable networks to play as a gatway to your target system over the internet.
after you have mapped couple of suitable networks you’re ready to prepare
the sourface for your hack/attack some may want to compromise computers
on that network other may just want to use it as one of the hops for their hack
eventually if you trigger that
hack using your annonimity methods plus hoping between wireless networks no matter
what resources the agencies/police has it is extermly hard to trace such an attacker
What do they know?:
from my experince, in israel i assume that the police has the ability to use the needed
resource but they just dont know how to manipulate those resources in order to
track hackers another reason is that the police is lacking of a good technical people
who deals with computers & security and therefore they are hopeless while facing
against real hackers and attacks and because of that they prefer picking onto those
lame kids thatdeface poor websites and leaveing their handles or/and e-mail address
those are screaming for attention, and they are so easy to track so once in a while
the police are showing off with this new Mega hacker that they caught.
Worst case scenario:
if we will take the worst case scenario of a CERT agency that has uberian resources
monitoring/tracking tools over the IIX(backbone) that logs everything
(which is kinda crazy since you gotta log tons of Terabyes every single second)
with the ability to crossbreed every piece of information in any given time
even with such power, if they wont trace you while your in action,
it might just be that they will never be able to find you. even if you weren’t 100%
precent carefull(which is mostly probable) all they can end up with is just
some hacked system and a MAC address of some wireless network adapter.
Comments
Leave a Reply