Forwarded From: William Knowles <erehwonat_private> http://www.fcw.com/pubs/fcw/1999/0412/web-mike-04-14-99.html (Federal Computer Week) [4.14.99] Do you have a microphone or video camera connected to your computer or network? If you value your privacy, turn those devices off, a top Army computer protection official warned today. Philip Loranger, chief of the Command and Control Protect Division in the Army's Information Assurance Office, demonstrated how anyone can attack a network and turn on any camera or microphones connected to that network with what he called "not very sophisticated hacker tools'' downloaded from the Internet. Loranger, who conducted an attack on a dial-up military network in Columbia, Md., from an Association of U.S. Army Information Assurance symposium in Falls Church, Va., said the .mil system he managed to penetrate -- and whose identity he would not disclose -- did not have any intrusion-detection system despite the spurt of recent publicity about an increase in hacker attacks. Using "point and click'' hacker tools, Loranger said he cracked three out of seven passwords on the system. Once inside the network, Loranger said he then probed the network and discovered a "read/write password file'' that allowed him to delete the "super-user'' password, allowing him to create a super-user password for himself, giving him free reign over the system. Loranger said this then allowed him to search the system for any microphones or cameras connected to it and then turned them on. "I can capture conversations and bring them back to my own computer,'' Loranger said, "and I can turn on video cameras and bring pictures back.'' The Army conducted this "white-hat attack'' after warning the target facility to expect it, Loranger explained, but the lack of intrusion-detection devices did not provide the system's users with any warning "until I launched a denial-of-service attack and brought the system down.'' Loranger said he conducted the demonstration to emphasize that hackers use information warfare attacks to do more than just cripple computers or steal information located on the network. The networks also can serve as real-time windows into the physical world outside the network. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:15 PDT