Re: Re: [fw-wiz] Highlighting Security Issues

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 08/06/04

  • Next message: Jorge Duarte Rodríguez: "Re: [fw-wiz] Dumb newbie question" 
    To: <firewalladmin@bellsouth.net>
Date: Fri, 06 Aug 2004 15:50:32 -0400

    firewalladmin@bellsouth.net wrote:
    > This kind of program/tool would probably find it's heaviest use by skilled hackers and unethical systems administrators who surgically plant/run it against a select few. Imagine a scenerio where a foreign government persuads a disgruntled sysadmin (either through social engineering or for monetary reward) to "frame" a higher level government official in such a way as to remove him form his job? Your thoughts?

    Some say this has already happened. ;)

    I think it's quite plausible and not even very difficult. Here, in fact, is a recipe
    for building it:
            1) determine target's O/S platform
            2) acquire the same thing or as close as you can get
            3) tripwire the disk
            4) surf/download/collect porn/Email to Al Qaeda to your heart's content
            5) re-baseline the tripwire database
            6) make a semi-skilled effort at cleaning some of it up
                    a) record the file data PRIOR to cleanup
                    b) record the transactions (rmdir, whatever) used to cleanup
            7) extract out the diffs AND the deleted files and roll them into an overlay patch
            8) overlay the patch on the target's machine using your
                    trojan horse
            9) issue the cleanup transactions on the target machine; so tools like
                    encase will find the "deleted files" in the free blocks
            10) have your tool overwrite itself with obscene mpeg data, or whatever. :)

    You wouldn't even need a sysadmin to do the job if you could trojan or 'bot a
    target in the victim's network. But if you had administrator level access it'd be a
    cakewalk.

    Part of the beauty of this scheme is that the target's immediate reaction
    (being innocent) is going to be angry denial and protestation of innocence.
    Of course the system, when analyzed, would (appear to) show that the target
    had invested some effort in trying to configure the system to wipe itself
    if examined, etc. One could build a very pretty wilderness of mirrors - and
    it only has to hold together long enough to ruin a career.

    I had a dinner discussion with some of my "friends in weird places" the other day
    about the lack of effective use of professional-grade disinformation in American
    politics. :) They think I'm sick too but agreed it'd work all too well.
    It may happen eventually so we all need to be on the lookout for it.
    Consider the effect on the upcoming election if someone very
    close to Kerry or Bush was "outed" as having a computer full of confidential
    documents belonging to the other party - which had obviously been "stolen"..
    If this happened RIGHT BEFORE THE VOTE, it could have a dynamic impact.
    The "discovery" would have to be carefully timed, because the American
    Public's attention span is so damned short... One could easily put the
    whammy on an estranged spouse by jiggering their system to make it
    look as if they had been reading up on how to dispose of a corpse
    (Why did you google for "corpse smelling dog" Mr Ranum? Why were
    you trying to buy a gallon of lye and ship it to Mr Albert Fegg, at a
    mailing service address that you set up online with your credit card?)

    I am partly being silly with these scenarios, but in case someone thinks
    this is good material for humor: it's not. In some parts of the world this
    kind of disinformation attack could easily be made lethal to the target.

    mjr.
    (PS - have I convinced any of the list's readers that I am not a
    good person to piss off? I hope not...) ;)

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Jorge Duarte Rodríguez: "Re: [fw-wiz] Dumb newbie question"

    Relevant Pages

    • Re: George Carlin
      ... Absolutely on target, but snopes states its untrue: ... > If this makes me a BAD American, then yes, I'm a BAD American. ...
      (misc.news.internet.discuss)
    • Re: 7 years ago today
      ... I had never before been fully aware of the true depth of the hatred that some barbarian "civilizations" have oh-so-carefully cultivated toward the US. ... The attacks were not sent forth from any nation. ... Sounds almost reasonable for a madman's excuse, until you remember that the World Trade Center was not a singularly "American" target. ...
      (rec.food.cooking)
    • Re: 7 years ago today
      ... I had never before been fully aware of the true depth of the hatred that some barbarian "civilizations" have oh-so-carefully cultivated toward the US. ... Clinton's cruise-missile assault on terrorist training camps in Afghanistan and the Sudan earlier, which in turn were said to be in retaliation for several terrorist attacks on US Embassies... ... Sounds almost reasonable for a madman's excuse, until you remember that the World Trade Center was not a singularly "American" target. ...
      (rec.food.cooking)
    • @@ Revealed: U.S. plans for "information operations" - from spreading fake news and psychologica
      ... abroad and at home but provides no actual limits as long as U.S. doesn't "target" ... any leakage of PSYOP to the American public does not matter. ... "information intended for foreign audiences, including public diplomacy and PSYOP, ...
      (soc.culture.iranian)