Dailydave mailing list archives
Opsec for Hackers aka "Don't pee in your own pool"
From: Dave Aitel <dave () immunityinc com>
Date: Sat, 07 Apr 2007 13:29:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://blog.wired.com/27bstroke6/2007/04/court_okays_cou.html """ The case began in December 1999, when an official at Qualcomm in San Diego detected a hack attack against the company's system, and notified both the FBI, and administrators at the apparent source of the attack -- the University of Wisconsin at Madison. UWisc system administrator Jeffrey Savoy tracked the intrusion to Heckenkamp's dorm computer, and then determined that Heckencamp was also trying to hack into the university's mail server. Savoy blocked the hacker's IP address, which ended in 117, but Heckenkamp, being a pretty smart guy, changed it. That's when Savoy turned the tables and counter-cracked the suspect computer, supposedly for the limited purpose of determining if it really was the same system with a different IP address, and to protect the university server from further attack """ Opsec is hard, and one of the hardest things about it is that it contradicts the naturally aggressive tendencies a hacker must have to be successful. Most hackers spend most of their time prepping and building a tool-chain.[1] Once they have a decent capability, they find that everything looks like a target. Every hotel they stay at has a vulnerable machine they could use as a bounce-point later. Every airport they fly through. Their neighbors. Their schools. Having a good tool-chain means that their technical operational security is air-tight. Chances of getting caught for any one (or any large group) of attacks is reasonably low. But what they do when they hack things they are close to is create a signature for themselves in what the .mil likes to term "the information battlespace". Good opsec requires that nothing connected to the hacker personally is ever touched, no matter how tempting. You never own anything you would care about. Don't pee in your own pool. - -dave [1] A tool-chain differs from a "tool kit" in that it is an integrated and linked set of tools that take you from recon to penetration to long term data exfiltration. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGF9TwtehAhL0gheoRArBkAJ0YZMbrpVPWUM3jbGfAzZFoOkInaQCdGX6S BwzpeZq2qXt0kq4tkM9qhK4= =VLdT -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Opsec for Hackers aka "Don't pee in your own pool" Dave Aitel (Apr 07)