[ISN] Hackers can turn network cameras, Microphones on you

From: cult hero (jerichoat_private)
Date: Thu Apr 15 1999 - 14:35:03 PDT

  • Next message: cult hero: "[ISN] Civilian Hackers Go Online to Fight"

    Forwarded From: William Knowles <erehwonat_private>
    (Federal Computer Week) [4.14.99] Do you have a microphone or video camera
    connected to your computer or network? If you value your privacy, turn
    those devices off, a top Army computer protection official warned today.
    Philip Loranger, chief of the Command and Control Protect Division in the
    Army's Information Assurance Office, demonstrated how anyone can attack a
    network and turn on any camera or microphones connected to that network
    with what he called "not very sophisticated hacker tools'' downloaded from
    the Internet.
    Loranger, who conducted an attack on a dial-up military network in
    Columbia, Md., from an Association of U.S. Army Information Assurance
    symposium in Falls Church, Va., said the .mil system he managed to
    penetrate -- and whose identity he would not disclose -- did not have any
    intrusion-detection system despite the spurt of recent publicity about an
    increase in hacker attacks. Using "point and click'' hacker tools,
    Loranger said he cracked three out of seven passwords on the system.
    Once inside the network, Loranger said he then probed the network and
    discovered a "read/write password file'' that allowed him to delete the
    "super-user'' password, allowing him to create a super-user password for
    himself, giving him free reign over the system. Loranger said this then
    allowed him to search the system for any microphones or cameras connected
    to it and then turned them on. "I can capture conversations and bring them
    back to my own computer,'' Loranger said, "and I can turn on video cameras
    and bring pictures back.''
    The Army conducted this "white-hat attack'' after warning the target
    facility to expect it, Loranger explained, but the lack of
    intrusion-detection devices did not provide the system's users with any
    warning "until I launched a denial-of-service attack and brought the
    system down.''
    Loranger said he conducted the demonstration to emphasize that hackers use
    information warfare attacks to do more than just cripple computers or
    steal information located on the network. The networks also can serve as
    real-time windows into the physical world outside the network.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:15 PDT