Re: [ISN] Hackers can turn network cameras, Microphones on you

From: cult hero (jerichoat_private)
Date: Fri Apr 16 1999 - 14:18:11 PDT

  • Next message: cult hero: "[ISN] Hearing on Viruses Becomes Debate on Privacy"

    Reply From: Rick Low <>
    At 03:35 PM 4/15/99 -0600 you said:
    >Philip Loranger, chief of the Command and Control Protect Division in the
    >Army's Information Assurance Office, demonstrated how anyone can attack a
    >network and turn on any camera or microphones connected to that network
    >with what he called "not very sophisticated hacker tools'' downloaded from
    >the Internet.
    I saw the same demo by Mr. Loranger at a different location, and was
    >Loranger, who conducted an attack on a dial-up military network in
    >Columbia, Md., from an Association of U.S. Army Information Assurance
    >symposium in Falls Church, Va., said the .mil system he managed to
    >penetrate -- and whose identity he would not disclose...
    The LAN looked to me (from reconnaissance part of the demo) like it was in
    his own office area. I got the feeling he uses the same captive target
    network every time he does the demo. 
    >Once inside the network, Loranger said he then probed the network and
    >discovered a "read/write password file'' that allowed him to delete the
    >"super-user'' password, allowing him to create a super-user password for
    >himself, giving him free reign over the system.
    This is the bit of hand waving where I became completely skeptical. The
    box he attacked in the demo I attended appeared to be a Linux
    installation. The world-writeable /etc/passwd was just too much to
    believe. At a time when there are so many legitimate exploits out there
    that could have been used, this demo strained credibility. 
    >From Mr Loranger's talk, it is clear that this demo is intended to impress
    on politicians and bureaucrats the main issues in Internet attacks. That
    it does, in a slick package. But the "live attack" part bent the needle on
    my crap detector meter. 
    --rick low
    Richard A. Low, P.Eng.
    EWA-Canada Ltd.
    Ottawa, Canada
    +1 (613) 230-6067 x228
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:28 PDT