Re: Hacking demo - most spectacular techniques

[Gary Flynn <flynngn () jmu edu>]

Joerg Over wrote:
> Make sure you're showing the room-sound-recording available through Sub7
> with a soundcard(+ mike) installed on the compromised host.
> I don't know why, but from my experience that's shocking the unsavvy more'n
> anything else.

I'll second that. It seemed to be a shocker here.

I found creating an entire scenario helpful. I spoofed email 
from department heads and "Information Security" saying a new virus
was spreading rapidly through campus and that the user needed
to use the attached program to update their anti-virus software.

I had previously attached subseven to a Norton Anti-virus
update program.

I had two computers set up projected on the wall. On one of them,
I said "Oh, my god" and clicked the attachment. It looked like a 
standard Norton update.

On the other computer I got email from the subseven server
and took over from there...grabbing account passwords to
the financial system, taking action from the compromised
computer for which the owner would have been blamed, digging
through the My Documents and email folders, screen shots, etc.
It was particularly effective because the compromised computer
showed no signs of all the activity going on.

Previously skeptical people became believers. Then we talked 
about what ILOVEYOU, CodeRed, and other "damaging" worms might 
have done.

I didn't include the microphone in the demo because of the equipment 
I had but word got back to me that was a major concern.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/