Re: [ISN] Hackers can turn network cameras, Microphones on you

From: cult hero (jerichoat_private)
Date: Fri Apr 16 1999 - 14:18:11 PDT

Next message: cult hero: "[ISN] Hearing on Viruses Becomes Debate on Privacy"

Previous message: cult hero: "[ISN] FBI Tries To Protect IT Systems From Intrusions"
Maybe in reply to: cult hero: "[ISN] Hackers can turn network cameras, Microphones on you"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Reply From: Rick Low <rlow@ewa-canada.com>

At 03:35 PM 4/15/99 -0600 you said:
>Philip Loranger, chief of the Command and Control Protect Division in the
>Army's Information Assurance Office, demonstrated how anyone can attack a
>network and turn on any camera or microphones connected to that network
>with what he called "not very sophisticated hacker tools'' downloaded from
>the Internet.

I saw the same demo by Mr. Loranger at a different location, and was
underwhelmed. 
 
>Loranger, who conducted an attack on a dial-up military network in
>Columbia, Md., from an Association of U.S. Army Information Assurance
>symposium in Falls Church, Va., said the .mil system he managed to
>penetrate -- and whose identity he would not disclose...

The LAN looked to me (from reconnaissance part of the demo) like it was in
his own office area. I got the feeling he uses the same captive target
network every time he does the demo. 

>Once inside the network, Loranger said he then probed the network and
>discovered a "read/write password file'' that allowed him to delete the
>"super-user'' password, allowing him to create a super-user password for
>himself, giving him free reign over the system.

This is the bit of hand waving where I became completely skeptical. The
box he attacked in the demo I attended appeared to be a Linux
installation. The world-writeable /etc/passwd was just too much to
believe. At a time when there are so many legitimate exploits out there
that could have been used, this demo strained credibility. 

>From Mr Loranger's talk, it is clear that this demo is intended to impress
on politicians and bureaucrats the main issues in Internet attacks. That
it does, in a slick package. But the "live attack" part bent the needle on
my crap detector meter. 

--rick low


Richard A. Low, P.Eng.
EWA-Canada Ltd.
Ottawa, Canada
+1 (613) 230-6067 x228
mailto:rlow@ewa-canada.com
http://www.ewa-canada.com

-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

Next message: cult hero: "[ISN] Hearing on Viruses Becomes Debate on Privacy"
Previous message: cult hero: "[ISN] FBI Tries To Protect IT Systems From Intrusions"
Maybe in reply to: cult hero: "[ISN] Hackers can turn network cameras, Microphones on you"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:28 PDT