Table Of ContentStealing the Network
This page intentionally left blank
Stealing the Network:
The Complete Series
Collector’s Edition
Ryan Russell
Timothy Mullen
Johnny Long
AMSTERDAM • BOSTON • HEIDELBERG • LONDON •
NEW YORK • OXFORD PARIS • SAN DIEGO • SAN FRANCISCO •
SINGAPORE • SYDNEY • TOKYO
Syngress is an imprint of Elsevier
Syngress is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
Linacre House, Jordan Hill, Oxford OX2 8DP, UK
Stealing the Network: The Complete Series Collector’s Edition, Final Chapters, and DVD
Copyright © 2009, Elsevier Inc. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior
written permission of the publisher.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or
distributed in any form or by any means, or stored in a database or retrieval system, without the prior
written permission of the publisher, with the exception that the program listings may be entered, stored,
and executed in a computer system, but they may not be reproduced for publication.
Library of Congress Cataloging-in-Publication Data
Russell, Ryan, 1969–
Stealing the network: the complete series collector’s edition / Ryan Russell, Timothy Mullen,
Johnny Long.
p. cm.
ISBN 978-1-59749-299-7
1. Computer hackers—Fiction. 2. Computer security—Fiction. 3. Cyberterrorism—Fiction.
4. Short stories, American—21st century. I. Mullen, Timothy M. II. Long, Johnny. III. Title.
PS648.C65R87 2009
813'.6—dc22
2008055578
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-1-59749-299-7
For information on all syngress publications
visit our web site at www.syngress.com
Printed in the United States of America
09 10 11 12 13 10 9 8 7 6 5 4 3 2 1
Elsevier Inc., the author(s), and any person or fi rm involved in the writing, editing, or production
(collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be
obtained from the Work.
For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales
Director and Rights; email [email protected]
Publisher: Laura Colantoni Acquisitions Editor: Rachel Roumeliotis
Development Editor: Mathew Cater Project Manager: Andre Cuello
Contents
v
PART I ● How to Own the Box
Foreword Jeff Moss
CHAPTER 1 Hide and Sneak Ido Dubrawsky ..............................................7
If you want to hack into someone else’s network, the week between Christmas
and New Year’s Day is the best time. I love that time of year. No one is around,
and most places are running on a skeleton crew at best. If you’re good, and you
do it right, you won’t be noticed even by the automated systems. And that was
a perfect time of year to hit these guys with their nice e-commerce site—plenty
of credit card numbers, I fi gured.
The people who ran this site had ticked me off. I bought some computer hard-
ware from them, and they took forever to ship it to me. On top of that, when
the stuff fi nally arrived, it was damaged. I called their support line and asked
for a return or an exchange, but they said that they wouldn’t take the card back
because it was a closeout. Their site didn’t say that the card was a closeout!
I told the support drones that, but they wouldn’t listen. They said, “Policy is
policy,” and “Didn’t you read the fi ne print?” Well, if they’re going to take that
position…. Look, they were okay guys on the whole. They just needed a bit of
a lesson. That’s all.
CHAPTER 2 The Worm Turns Ryan Russell and Timothy Mullen ............23
After a few hours, I’ve made a tool that seems to work. Geeze, it’s 4:30 A.M. I
mail the cleanup tool to the list for people to try.
It’s tempting to use the root.exe and make the infected boxes TFTP down my
tool and fi x themselves. Maybe, by putting it out there, some idiot will vol-
unteer himself. Otherwise, the tool won’t do much good, since the damage is
already done. I’m showing about 14,000 unique IPs in my logs so far. Based
on previous worms, that usually means there are at least 10 times as many
infected. My little home range is only fi ve IP addresses.
I decide to hack up a little script that someone can use to remotely install my
fi x program, using the root.exe hole. That way, if someone wants to fi x some
of their internal boxes, they won’t need to run around to the consoles. Then I
go ahead and change it to do a whole range of IP addresses, so admins can use
it on their whole internal network at once. When everyone gets to work tomor-
row, they’re going to need all the help they can get. I do it in C, so I can com-
pile it to an .exe, since most people won’t have the Windows Perl installed.
vi Contents
CHAPTER 3 Just Another Day at the Offi ce Joe Grand .............................41
I can’t disclose much about my location. Let’s just say it’s damp and cold. But
it’s much better to be here than in jail, or dead. I thought I had it made—sim-
ple hacks into insecure systems for tax-free dollars. And then the ultimate
heist: breaking into a sensitive lab to steal one of the most important weapons
the U.S. had been developing. And now it’s over. I’m in a country I know noth-
ing about, with a new identity, doing chump work for a guy who’s fresh out of
school. Each day goes by having to deal with meaningless corporate policies
and watching employees who can’t think for themselves, just blindly following
orders. And now I’m one of them. I guess it’s just another day at the offi ce.
CHAPTER 4 h3X’s Adventures in Networkland FX ..................................63
h3X is a hacker, or to be more precise, she is a hackse (from hexe, the German
word for witch). Currently, h3X is on the lookout for some printers. Printers
are the best places to hide fi les and share them with other folks anonymously.
And since not too many people know about that, h3X likes to store exploit
codes and other kinky stuff on printer, and point her buddies to the web serv-
ers that actually run on these printers. She has done this before…
CHAPTER 5 The Thief No One Saw Paul Craig ........................................103
My eyes slowly open to the shrill sound of my phone and the blinking LED in
my dimly lit room. I answer the phone.
“Hmm … Hello?”
“Yo, Dex, it’s Silver Surfer. Look, I got a title I need you to get for me. You cool
for a bit of work?”
Silver Surfer and I go way back. He was the fi rst person to get me into hacking
for profi t. I’ve been working with him for almost two years. Although I trust
him, we don’t know each ot her’s real names. My mind slowly engages. I was up
till 5:00 A.M., and it’s only 10:00 A.M. now. I still feel a little mushy.
“Sure, but what’s the target? And when is it due out?”
“Digital Designer v3 by Denizeit. It was announced being fi nal today and ship-
ping by the end of the week, Mr. Chou asked for this title personally. It’s good
money if you can get it to us before it’s in the stores. There’s been a fair bit of
demand for it on the street already.”
“Okay, I’ll see what I can do once I get some damn coffee.”
“Thanks dude. I owe you.” There’s a click as he hangs up.
CHAPTER 6 Flying the Friendly Skies Joe Grand ....................................119
Not only am I connected to the private wireless network, I can also access the
Internet. Once I’m on the network, the underlying wireless protocol is trans-
parent, and I can operate just as I would on a standard wired network. From a
hacker’s point of view, this is great. Someone could just walk into a Starbucks,
hop onto their wireless network, and attack other systems on the Internet, with
Contents vii
hardly any possibility of detection. Public wireless networks are perfect for
retaining your anonymity.
Thirty minutes later, I’ve fi nished checking my e-mail using a secure web mail
client, read up on the news, and placed some bids on eBay for a couple of rare
1950’s baseball cards I’ve been looking for. I’m bored again, and there is still half
an hour before we’ll start boarding the plane.
CHAPTER 7 dis-card Mark Burnett ..........................................................129
One of my favorite pastimes is to let unsuspecting people do the dirty work for
me. The key here is the knowledge that you can obtain through what I call social
reverse-engineering, which is nothing more than the analysis of people. What can
you do with social reverse-engineering? By watching how people deal with com-
puter technology, you’ll quickly realize how consistent people really are. You’ll
see patterns that you can use as a roadmap for human behavior.
Humans are incredibly predictable. As a teenager, I used to watch a late-night
TV program featuring a well-known mentalist. I watched as he consistently
guessed social security numbers of audience members. I wasn’t too impressed
at fi rst—how hard would it be for him to place his own people in the audi-
ence and play along? It was what he did next that intrigued me: He got the
TV-viewing audience involved. He asked everyone at home to think of a veg-
etable. I thought to myself, carrot. To my surprise, the word CARROT suddenly
appeared on my TV screen. Still, that could have been a lucky guess.
CHAPTER 8 Social (In)Security Ken Pfeil ................................................143
While I’m not normally a guy prone to revenge, I guess some things just rub
me the wrong way. When that happens, I rub back—only harder. When they
told me they were giving me walking papers, all I could see was red. Just who
did they think they were dealing with anyway? I gave these clowns seven years
of sweat, weekends, and three-in-the-morning handholding. And for what? A
lousy week’s severance? I built that IT organization, and then they turn around
and say I’m no longer needed. They said they’ve decided to “outsource” all of
their IT to ICBM Global Services…
The unemployment checks are about to stop, and after spending damn near a
year trying to fi nd another gig in this economy, I think it’s payback time. Maybe
I’ve lost a step or two technically over the years, but I still know enough to hurt
these bastards. I’m sure I can get some information that’s worth selling to a
competitor, or maybe get hired on with them. And can you imagine the looks
on their faces when they fi nd out they were hacked? If only I could be a fl y on
the wall.
CHAPTER 9 BabelNet Dan Kaminsky ......................................................157
Black Hat Defense: Know Your Network Better Than the Enemy Can
Afford To…
SMB, short for Server Message Block, was ultimately the protocol behind NBT
(NetBIOS over TCP/IP), the prehistoric IBM LAN Manager, heir-apparent CIFS,
and the most popular data-transfer system in the world short of e-mail and the
viii Contents
Web: Windows fi le sharing. SMB was an oxymoron—powerful, fl exible, fast,
supported almost universally, and fucking hideous in every way shape and byte.
Elena laughed as chunkage like ECFDEECACACA-CACACACACACACACACACA
spewed across the display.
Once upon a time, a particularly twisted IBM engineer decided that this First
Level Encoding might be a rational way to write the name BSD. Humanly
readable? Not unless you were the good Luke Kenneth Casson Leighton,
co-author of the Samba UNIX implementation, whose ability to fully grok raw
SMB from hex dumps was famed across the land, a postmodern incarnation of
sword-swallowing.
CHAPTER 10 The Art of Tracking Mark Burnett .......................................175
It’s strange how hackers’ minds work. You might think that white hat hackers
would be on one end of the spectrum and black hat hackers on the other. On
the contrary, they are both at the same end of the spectrum, with the rest of
the world on the other end. There really is no difference between responsible
hacking and evil hacking. Either way, it’s hacking. The only difference is the
content. Perhaps that’s why it’s so natural for a black hat to go white, and why
it’s so easy for a white hat to go black. The line between the two is fi ne, mostly
defi ned by ethics and law. To the hacker, ethics and laws have holes, just like
anything else.
Many security companies like to hire reformed hackers. The truth is that there
is no such thing as a reformed hacker. These hackers may have their focus redi-
rected and their rewards changed, but they are never reformed. Getting paid to
hack doesn’t make them any less of a hacker.
Hackers are kind of like artists. Artists will learn to paint by painting whatever
they want. They could paint mountains, animals, or nudes. They can use any
medium, any canvas, and any colors they wish. If the artist someday gets a job
producing art, she becomes a commercial artist. The only difference is that now
she paints what other people want.
Appendix: The Laws of Security Ryan Russell ..........................................199
This book contains a series of fi ctional short stories demonstrating criminal
hacking techniques that are used every day. While these stories are fi ctional,
the dangers are obviously real. As such, we’ve included this appendix, which
discusses how to mitigate many of the attacks detailed in this book. While not
a complete reference, these security laws can provide you with a foundation of
knowledge to prevent criminal hackers from stealing your network…
Part II ● How to Own a Continent
Foreword Jeff Moss
CHAPTER 11 Control Yourself Ryan Russell as “Bob Knuth” ..................227
How much money would you need for the rest of your life? How much would
you need in a lump sum so that you never had to work again, never had to
Contents ix
worry about bills or taxes or a house payment? How much to live like a king?
Your mind immediately jumps to Bill Gates or Ingvar Kamprad with their
billions. You think that is what you would need…
CHAPTER 12 The Lagos Creeper Box 131ah as “Charlos” ........................241
Nigeria was a dump. Charlos now understood why nobody wanted to work
there. It’s Africa like you see it on CNN. And yet this was the country that
had the largest oil reserve on the continent. Military rule for the past 30 years
ensured that the money ended up mostly in some dictator’s pocket and not on
the streets where it belonged…
CHAPTER 13 Product of Fate: The Evolution of a Hacker Russ Rogers as
“Saul” ..............................................................................................................255
Looking back on the entire event, no one could really say how everything
ended up the way it did. Saul has always done well in school. And though his
parents might not have been the greatest people on the planet, it’s not like
they didn’t love him. So, what could have enticed a bright, seemingly normal
kid like Saul into committing such a heinous crime? No one knows. But, then
again, no one knows what really happened, do they?…
CHAPTER 14 A Real Gullible Genius Jay Beale as “Flir” ..........................281
CIA agent Knuth had been very insistent when he recruited Flir. He needed per-
sonal student information, including social security numbers, and, as an agent
for a non-domestically focused intelligence agency, didn’t have the authority
to get such from the U.S. government. He did, on the other hand, have the
authority to get Flir complete immunity for any computer crimes that did not
kill or physically injure anyone. The letter the agent gave Flir was on genuine
CIA letterhead and stated both the terms of the immunity and promised Flir
signifi cant jail time if he disclosed any details about this mission.
CHAPTER 15 For Whom Ma Bell Tolls Joe Grand as “The Don” ...............325
The sun had already sunk beyond the harbor as Don Crotcho woke up. He nei-
ther noticed nor cared. It had been a little more than a year since his fl ight
from Boston after a successful theft of the United States’ next-generation stealth
landmine prototype, and he had been enjoying his self-prescribed seclusion in
this land of fi re and ice…
CHAPTER 16 Return on Investment Fyodor as “Sendai” .........................351
Like many professional penetration testers, Sendai was not always the whole-
some “ethical hacker” described in his employer’s marketing material. In his
youth, he stepped well over the line between questionable (grey hat) and fl at-out
illegal (black hat) behavior. Yet he never felt that he was doing anything wrong…
CHAPTER 17 h3X and The Big Picture FX as “h3X” .................................379
h3X paints a picture. Actually, she doesn’t really paint but rather just creates a plain
white canvas of 256 by 512 pixels in Microsoft Paint, because you can hardly
do more with that program than the equivalent of the childish drawings young
Description:If you want to hack into someone else's network, the week between He was the lead author of Hack Proofing Your Network, Second Edition
