Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Passive or Non Intrusive Hacking
11-06-2009, 10:39 AM,
#1
Passive or Non Intrusive Hacking
Hello ConCen users. I somehow never visited these forums and definitely didn't expect a "Computer Security" section since that sort of information is seriously lacking on the tracker. Anyhow, I saw the "NSA" topic and Peter Morris mentioned he had heard "that it is also possible to sit up the road in a van and pick up the signals your monitor gives off as it renders your screen image". I know a bit about this topic and thought starting a new topic on one of my specialties would be appropriate. Let this thread hold some good information regarding physical hacking, on-site hacking, and more interesting... Non intrusive/passive hacking which can be accomplished without leaving a trace at all, not a fingerprint or an electron.


<div align='center'>-------------------------------------------------------------------------------------------------------------------------------------------
=============================================================================
-------------------------------------------------------------------------------------------------------------------------------------------
</div>

Passive/Visual/Non-Intrusive Hacking

I think the important thing to understand when it comes to hacking or spying is, anything you 'change' in the physical world can be monitored, used against you, and even manipulated as you do it. Anything you do, say, emit, smell, or in some cases even THINK can be picked up with the right type of equipment. Most often these things you change are so obvious that the information can be deadly accurate! A good example of this is the earlier mention of a monitor/television emitting enough electromagnetic information to be detected from a van far away. While I have not personally seen this technology, I can say from an engineer point of view that this is definitely possible with the right equipment which may or may not exist. So in this first post I will talk more about the examples of passive hacking which I HAVE seen.

Examples of passive hacking I have seen FIRST hand.

1) I myself and many others have the ability to look at the activity light (LED) on your HUB/SWITCH and tell you the type of traffic which is going across the wire. This can be studied in your own home as you download or surf the web, try some ping commands, do a few netscans, try some IM traffic. It will all have a distinct signature that is VISIBLE on your hub. If you are in a large company or using something like DSL, this may be visible in some basement where your line connects. Worst case, any sleuth could spy in a window or use other means to see the activity light and know the type of internet traffic, how fast, how often its accessed, if the connections are more often incoming or outgoing etc. This can even be recorded and 'played back' to see patterns in usage. This is all done without TOUCHING a wire, no need to tap your line, no need for any corporation or ISP to be involved.

2) An interesting story... When I graduated with my Bachelors degree in Electronics Engineering I was approached at the job fair by representatives of the CIA who assured me the opportunity was amazing and I would remain a civilian with the ranking of a General or better when on any US base (on foreign land of course). I did not want to move to Virginia since my life was at that time in San Diego, CA and I was pretty young. I decided to take their little class anyways to get the 'tour' of the position I would be taking. The position was to build satellite transmitters/receivers at a moments notice out in the middle of nowhere to effectively establish SECURE communications for 'field agents' to send the obtained information home. While learning of the position I tried to understand what would take me 2-4 years of school in Virginia to understand, I already had my degree and surely setting up a communications system wont take 2-4 years to understand. Then they proceeded to explain the methods of encryption etc. and most importantly for this bullet, shielding techniques. They explained that the electromagnetic field on communication wires can easily be tapped into without a trace and information can be compromised without any record of the occurrence. I don't think I need to explain how dangerous this could be to a mission or to the field agents themselves. What it comes down to is this, the CIA and I assume other government agencies as well, have entire course and years of training to understand how the security is done on their side. They have equations/math and other methods of communicating and shielding their communication with complete secrecy. In this example the important thing to understand is, your wires. Your phone lines, and more importantly all the lines used in your communication from point A to B are just sitting there waiting to be spied on. The telco immunity, the Telco sponsored spying to aid the NSA and other government agencies is not a huge advancement. The only thing this did was 'signify' a new realm of cooperation between corporations and the various letter agencies. Also this of course makes it much easier to administer when the Telco themselves are helping spy on the people...

3) Keyboard logging/tracing. Most everyone know there are physical loggers to put on a computer keyboard, USB, Ethernet Devices and there are even programs that do this on your PC (some say backdoors in windows already do this). However the thing most people do not think about is the predictable disturbance your typing causes. With a video or just visual of you typing many people can easily figure out what you are typing on the screen, but this is nothing. With just the sound, there are advanced applications available which can analyse a long series of sound and come to a conclusion about what letters you most often mistype and even to the point of reconstructing everything you just typed by merely listening. The distance between each key differs, each person has a unique style of typing, and each keyboard for that matter is even different. However there are specific patterns and algorithms that can be used to predict and 'decode' what you are typing merely by the sound.

4) Similar to number 3, I often used this tactic on unsuspecting callers using a recorder. Often people will use a calling card or even check their voice mail or answering machine from a payphone, with cellphones now days I think the whole concept of payphones may even be fading away... *sob*.... Anyways if you record the tones, lucky for us each number has a distinct DTM frequency that is easy to identify, it was designed for that exact purpose. In the 'old days' there was a common device called an 'auto dialer' which would play the tones for you. You could hold it up to the microphone of any telephone and it would play those tones and dial for you. This is great because with the recording, even without decoding you could just play it back often and it would dial for you! Either way anyone could easily listen to the tones and compare with your home phone to understand what they dialed. Then free calling card and pin! w00t! (wait thats bad! *slaps hand*)

5) Ok so I'm tired now and will leave you with just one more basic which is actually often used in combination with social engineering (my other specialty). Observation of people and things, and exploiting trust. Sometimes the best hack can be as simple as walking in and looking at what you want. A few examples of this I have used. People have put their passwords on a piece of paper or sticker on their monitor, telephone, desk etc. I have seen this too many times to count! Its crazy, some even have the login as well and the word "PASSWORD"! Ive even seen this at stores like CompUSA (now defunct) where the master password for all computers is in plain site! This is extremely dangerous and common. I have also seen this done with telephone numbers/extensions etc. and while it may seem harmless Ill give just two examples of ways Ive exploited this later. a) One time I obtained the intercom extension, called the store from a payphone and asked the store employee to transfer me to extension #XYZ, it was done and I caused havoc on their loud intercom for quite some time before I finally got the dial tone. I bet they were running from telephone to telephone trying to find the 'offender'.B)I have used an extension to be transferred from one to another to gain trust. For example, if I get the extension to your manager, then I get the extension to shipping... I call anyone at the company up, ask to be transferred to the managers extension... Then when the manager picks up my call, I act like it was a mistake, can he please transfer me to shipping... Now when shipping picks up, on many systems it will look as if the call is coming from the management extension. I now have the element of trust that most people would dream for. "This is __________ please leave all of the new production floor PC shipments in the back for pickup by one of my guys in 10 minutes". Who argues with management? Its much easier to get 'secret' information if it appears you are coming from an internal number, even more if its up the food chain...

Im sure I could think of many more, but this should tie you over for now or bore you to tears. If you are interested in hearing more, or have any questions about my experiences or any of the things mentioned, please feel free to comment/ask. Im always interested in geeking out for a few minutes.


<div align='center'>[Image: att_bell.png]</div>
<div align='center'>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------</div>
A little rundown of my history. Without getting into detail, my name comes from the hacker term "phreak" which I obtained when I was younger and specialized in phone hacking. In those days I was too poor to own a computer and most everything I did was on a phone, most often a payphone, or a even the side of a house jacking into the wires with my home-made lineman's handset (aka Beige Box). Being a Phreak and using boxes of course is detectable, dangerous at times. I later went to college and got my BAS degree in Electronics Engineering and finally got my first 486 computer where I continued my 'hacking' career. I have attended several hacker conventions in person (Toorcon, Schmoocon) and even a few via satellite (DefCon, HOPE). I spent most of my youth on Phreaker bridges and underground 'conference' lines for hours or days at a time in the hacker 'community' scamming, pranking, and overall just abusing technology. You can search my name "brainphreak" and may find an article or two floating around, if you ever purchased a copy of "Blacklisted411" you may check your old printed magazines and see my names as well. Now days I am older and legit, but still have a big interest in security and 'hidden' information. So let the truth prevail, and lets educate each other on passive/non-intrusive methods of spying and hacking.<div align='center'>
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BTW I also am the owner/creator/editor/blah/blah/blah of http://www.theblackpacket.com so come on by if your bored.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


</div>
Reply
11-08-2009, 03:10 PM, (This post was last modified: 11-09-2009, 10:04 PM by damage.)
#2
Passive or Non Intrusive Hacking
There's also man in the middle (MITM) for intercepting packets on a network (almost any proto), and replaying, extracting, reading (if cleartext), and decrypting (if ciphered) a victims traffic from SRC to DST. This can be done in between network devices like switches and routers, like its done in co-locations by big brother, all under the guise of national security, gotta stop those silly home grown terrorists.

The same concept can be applied to any piece of information in route to its destination. A letter in the mail can be (for example) steam opened, read, scanned, and resealed. Tell someone a secret too close to a big eared person, guess what, you just got pwned.

....more to come later....actually, thats it, not because I can't but because.... fuck it.
Reply
11-08-2009, 06:06 PM,
#3
Passive or Non Intrusive Hacking
Good posts, went to your site brainphreak, watched the Portland police riot video there. We need to think of ways to deal with the police. We can't deal with them head on because they break the laws with impunity when sanctioned by their puppeteers. Find out who they are and where they live so we can thank them personally for all the good work that they do, JMO
An error does not become truth by reason of multiplied propagation, nor does truth become error because nobody sees it.
Mohandas Gandhi


Each of us is put here in this time and this place to personally decide the future of humankind.
Did you think you were put here for something less?
Chief Arvol Looking Horse
Reply
11-15-2009, 07:17 AM, (This post was last modified: 11-15-2009, 07:40 AM by brainphreak.)
#4
RE: Passive or Non Intrusive Hacking
(11-08-2009, 06:06 PM)icosaface Wrote: Good posts, went to your site brainphreak, watched the Portland police riot video there. We need to think of ways to deal with the police. We can't deal with them head on because they break the laws with impunity when sanctioned by their puppeteers. Find out who they are and where they live so we can thank them personally for all the good work that they do, JMO


I agree. If I was rich, I would buy in bulk, gas masks to make their tear gases useless, then I would tell everyone to wear heavy thick leather if possible to make their projectiles less effective, or even bring a shield like they do! There is nothing illegal about these things, but you can bet if there was a group of 50 people in gas masks and shields up against them, they would be a bit intimidated.
(11-08-2009, 03:10 PM)damage Wrote: There's also man in the middle (MITM) for intercepting packets on a network (almost any proto), and replaying, extracting, reading (if cleartext), and decrypting (if ciphered) a victims traffic from SRC to DST. This can be done in between network devices like switches and routers, like its done in co-locations by big brother, all under the guise of national security, gotta stop those silly home grown terrorists.

The same concept can be applied to any piece of information in route to its destination. A letter in the mail can be (for example) steam opened, read, scanned, and resealed. Tell someone a secret too close to a big eared person, guess what, you just got pwned.

....more to come later....actually, thats it, not because I can't but because.... fuck it.
Yep the man in the middle attack is a very common one, but it is also an intrusive one. While your modem or ethernet card may remain passive, you still need to physically connect to a switch or network which can be traced. If your at the ISP level etc this is already done of course. Same with mail, fingerprints can be left and the mail can be monitored to see which hands it touches. With passive/non intrusive methods there is absolutely no detection possible no matter who you are. Good tips though for anyone just starting out.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  AntiSec obtained 12 Mil Apple device record by hacking FBI agent's laptop h3rm35 0 737 09-05-2012, 02:13 PM
Last Post: h3rm35
  Hacking human gullibility with social penetration-We don't need no stinking exploits h3rm35 0 659 03-05-2010, 11:25 PM
Last Post: h3rm35
  Everything you ever wanted to know about Xbox hacking - Cracking gameplay laid bare h3rm35 0 1,392 02-23-2010, 03:07 AM
Last Post: h3rm35
  H*commerce The Business of Hacking You webseries Weyland 0 818 06-18-2009, 05:24 AM
Last Post: Weyland

Forum Jump:


Users browsing this thread: 1 Guest(s)