Entrevista de CNET a Kevin Mitnick, de hacker a consultor de seguridad

22 06 2009

mitnickCNET News publicó una interesante entrevista con Kevin Mitnick, el “cóndor“, posiblemente el hacker más famoso y quien ostenta la “distinción”de haber sido el primer hacker en aparecer en un anuncio de “Se Busca” del gobierno federal.  Arrestado en 1995, se declaró culpable de fraude electrónico y fue liberado en el 2002; aprovechando su notoriedad, se dedica a dar conferencias y fundó una compañía de consultoría en seguridad.  A continución reproduzco la entrevista tal y como aparece en la página de CNET:

Q: When did you start hacking?
Mitnick: When I was 16 or 17 years old, when I was in high school–1979 time frame; before it was even illegal.

How did you get into it?
I became very interested in phones. I was a ham operator, an amateur radio operator, for about three years and in high school I met this other student whose dad was a ham radio operator and this other student had a hobby of phone freaking and he introduced me to this. He was able to do amazing things with the telephone system. He was able to get unlisted numbers. If he had my number he could get the name and address…He could do all these magic tricks with the phone system. I also had an interest in telephony over ham radio. He introduced me to phone phreaking and when the phone companies started converting over to electronic systems from electromechanical systems they used front-end computers to control it. So the phone company was in the process of automating their processes. To further my phone phreaking I needed to become familiar with the phone systems’ computers. So that was my foray into hacking.

So you went from phone phreaking into hacking?
Yes. The phone company had this computer system called COSMO, which stood for Computer System for Mainframe Operations. Well, my first hacking occurred as a student at Monroe High School in Sepulveda, Calif., in the San Fernando Valley. I met another student who was very heavy into computers and at this time it was the Commodore VIC-20. They offered a computer training course for seniors but I wasn’t a senior so he introduced me to the professor. He wasn’t going to let me into the class. So I did all these electronic tricks with the phone system and the teacher was amazed and he waived the prerequisites and let me in the class. I think he regrets that decision today.


What could you do with the phones then?
I think I demonstrated calling into comp systems. You could interact with them with your voice and control them by touch-tone. He gave me his name and the city he lived in and I was able to get his telephone number. I was able to interface my ham radio with the telephone system and dial into computers and access them through the touch-tone pad. At that time it was pretty advanced because you didn’t have voice response systems then like you do today.

What’s the hacking activity you are most proud of?
Ethical or unethical (laughing)? You probably want to hear about when I was a hacker. I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Lite cell phone…Motorola had their whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by also manipulating the telephone network and set up call-back numbers within Motorola’s campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely. That’s how I was able to access their internal network and then I was able to use technical means to hack into their development servers for cell phones…I was able to find the source code to all the different cell phones.

I was interested in the MicroTAC series because it looked like a Star Trek communicator. I wanted to understand how these phones worked, how the codes controlled the processor. I wasn’t interested in selling the source code or doing anything with it. It was more about the challenge of getting it. I had to breach like four layers of security to get in. I’m not really proud of it because it was obviously wrong…I made a stupid and regrettable decision and decided to go after the source code.

When you say it was about the challenge of getting it, can you elaborate?
At the time I was actually a fugitive in Denver, Colo., and one of my colleagues handed me a brochure of this phone and I thought it was ultra cool, like the iPhone of today. I really wanted to understand what are the protocols used, how does the phone talk to the communications network, how does the whole thing operate? And I thought maybe I could modify the firmware for the code in my phone and make it more difficult for the government to track me. For example, there are certain methodologies the government uses, like any time your phone is on, it is communicating with the mobile telephone company. I wanted to be able to toggle that off and on, so basically take my phone offline and do extra things to it. At the time I had that idea, but I never went through with it because I was so busy hacking…It was pretty much the trophy. Once I got the source code, that Motorola phone intrigued me. I looked at it, read through it, and tried to understand what I could understand.

After that I went after other different cell phone companies and it really was about the trophy. It was the challenge of getting in and getting the code, storing it at USC in Los Angeles, and moving onto the next one. That’s how I got caught. The USC administrators noticed that a lot of their disk space was being used and that their systems were breached and they called the FBI. The companies themselves didn’t realize they were hacked. It was USC that discovered it…I didn’t spend any time trying to hide it (source code). That was my downfall.

Did know what you were doing was illegal?
I started hacking back in the ’70s and there were basically no laws against it, against phreaking or hacking. In school, my parents and other people actually encouraged it. There were no ethics taught. If you could hack into the school’s computer you were considered a whiz kid. Today if you do it you get expelled or they call the cops. It was like a reward of intellect back when I got started. Then they criminalized it later. I was so hooked into the adventure of the hacking game, doing it for a number of years even though it became illegal. It was thrilling, adventurous. It was all about solving the puzzle, using intellect to get around obstacles. It was like a huge game.

What would you do differently if you could go back in time?
In hindsight, I wouldn’t do what I did because now I’m much smarter and wiser, and I caused a lot of network and systems administrators a lot of headaches undeservedly. It was the wrong thing to do. But at the time there was no such thing as penetration testing and no school curriculum on security. You had to be self-taught. That’s how I learned about security and systems–through hacking. I took the wrong road in doing it. I wouldn’t repeat it. Today there are degrees, pen testing, books on the subject. At the time, a lot of companies and universities didn’t give much thought to security.

When I was 17 years old, the phone company was so livid with me for hacking their systems–and not hacking through a computer but through social engineering and calling and controlling touch phones or calling employees. There were no laws against it. They actually yanked out the phones in our house, and I was living with my mom at the time. I was in high school. They wouldn’t let us have a phone and cited California Public Utilities Commission rules that if there’s fraud or abuse the phone company can yank the phone.

Rather than stop my activities I figured I would one-up them. We were living in a condo. The condo had unit numbers and we were unit 13. I went to the hardware store and got the numbers 1, 2, and a B for unit 12B. I called the phone company and told them the builder had built another unit in the condo complex. Then the phone company came out and installed a phone for a new subscriber in 12B under my name or my mother’s. Then we had a phone for two weeks and one day it just went dead. The phone company was livid because I had done this elaborate thing to trick them. After about six months we got the phone service back but we could only make outgoing calls.

Let me ask about your time in jail. How much time did you serve and what was that like?
I served five years, and I ended up in solitary confinement for a year because a federal prosecutor told the judge that if I got to a phone I could connect to NORAD (North American Aerospace Command) and somehow launch an ICBM (Intercontinental Ballistic Missile). So the judge, reflecting on the movie War Games, put me in solitary confinement. I think it was a strategy they used to get me to plead out or cooperate. I was held for four and a half years without a trial. I spent a lot of time focused on the defense and reading cases and serving as assistant to my attorney. At the end of the day I realized justice is economic; unless you have enough money to properly mount an effective defense you always lose.

I wanted to admit that I was hacking, but the intention and the purpose of it wasn’t fraud because to commit a fraud you have to convert property to your own use and benefit, to profit. In my case that was lacking. I was doing it for the trophy. I was cloning my cell phone to random subscribers and dialing into computers from the cell phone. The purpose wasn’t to make free calls; it was to make it more difficult for the government to track me. They claimed all my hacking into those companies was a huge elaborate fraud and that I caused $300 million of damage. They said the value of property I copied, the R&D development cost, was $300 million. The government tried to use the old (definition of) loss for tangible property. If I copied that code and they no longer had use of it, it would be a $300 million loss or whatever.

They told my attorney that if I didn’t cooperate and plead out, not only would they take me to trial in Los Angeles, but they would put me in a revolving door of trials and put me on a bus and take me from federal jurisdiction to federal jurisdiction. So I signed the deal and admitted causing between a $5 million and $10 million loss. I signed it not believing it. I signed it to get out. I really don’t believe to this day that my actions caused that amount of loss, because none of the victim companies lost use of their code, they never claimed any losses due to my activities. Sure there were losses, maybe in the thousands of dollars, for their time to investigate who hacked into their systems and to secure them. Those are the real losses. But I was the example for the federal government, so they needed to put me away for a long time. That’s why I was very angry and bitter against the government at the time, because I wasn’t being punished for what I did. I was being punished for what I represented at the time. I have no qualms about being punished for what I did. The punishment should fit the crime.

So, if someone were to ask you what lessons you’ve learned, what would you say?
Don’t break the law. Don’t intrude on other peoples’ property. It’s just the wrong thing to do. It’s unethical and immoral. And now of course it’s illegal. It’s trespassing. You’re violating somebody’s property rights. And they have the right to control and keep their property confidential. What I attribute my change of heart to is growing up. Back then I was young and immature, and never damaged anything intentionally.

Do you feel that your hacking has led to positive change in some way?
Yes. It led to my career. Today I speak around world, I do pen testing all the time–and deep penetration testing, where I go after the most sensitive credentials at a company to see if I can get to the crown jewels. I see what I can do as an ethical hacker. I really enjoy this work because when is it that you can take a criminal activity, legitimize it, and get paid for it? Ethical hacking. It’s not like you can be a drug dealer and go work for Walgreens…A lot of pen testers today have done unethical things in their past during their learning process, especially the older ones because there was no opportunity to learn about security. Back in the ’70s and ’80s, it was all self-taught. So a lot of the old-school hackers really learned on other people’s systems. And at the time, I couldn’t even afford my own computer. A dumb terminal was like $2,000. A 1,200-baud modem was like $1,200. The cost of this technology was out of my range as a high school student so I used to go to local universities and use their system, albeit without their knowledge, to learn.

Any advice for young hackers?
Yeah, don’t follow in my footsteps. There are definitely other roads or other opportunities and ways that people can learn and educate themselves about hacking, security, and pen testing. Today it’s a huge market. It’s become a huge issue within the federal government with critical infrastructure.

Some people say companies shouldn’t hire former black hat hackers. What are your thoughts on that?
I’m hired all the time. So far it has not really been an impediment. You have to evaluate the person’s skill set, their maturity, and what they did before as a hacker. Were they getting credit card numbers and buying merchandise on the Internet? Or were they hacking systems for their own intellectual curiosity? You can’t just lump black hat hackers into one category. You have to look at what they did in the past, what they’ve done since then, and what credentials they have to get the job done. People who have operated on the other side of the law, like Frank Abagnale, he is a prime example. He reformed himself and now is the leading authority on counterfeit money and checks. Look at Steve Wozniak. He even started out as a phone phreak (and sold blue boxes on UC Berkeley campus). But he took a whole different direction. He’s done a lot of good for the community. That’s another factor–what good has that person done for the community and industry since the transgression?

What are you doing now?
Consulting, author, public speaker. I go around the world speaking. That’s my primary activity–ethical hacking, pen testing, system hardening, training, education. And I’m working on my autobiography. It’s due out in spring 2010.

Fuente:  CNET, por Elinor Mills, junio 22, 2009





Investigadores en Israel trabajan en la inmunización de las PC’s

11 06 2009

virus-wormUn grupo de investigadores de la Universidad de Tel Aviv en Israel, trabaja en el desarrollo de una solución al constante ataque de virus al las PC’s.  El grupo perteneciente al Departamento de Ingeniería Eléctrica y liderados por Eran Shir, proponen desarrollar una red de computadoras basadas en lo que se conoce como un “Honeypot“, una red que atrae a los programadores de malware y permite estudiar las armas y estrategias que éstos usan para entrar en un sistema (incluyendo las vulnerabilidades), así como para alterar, copiar o destruir sus datos de éstos (por ejemplo borrando el disco duro del servidor).  Estas computadoras estarían distribuídas por el Internet y según los investigadores israelíes, para un virus estas máquinas serían como cualquier PC común y vulnerable, pero los “honeypots” estarían en realidad diseñados para atraer dichos virus, analizarlos automáticamente y generar y distribuír por la Red una respuesta contra ellos de forma rápida.

Fuente:  Times of The Internet





Hacker nombrado al “Homeland Security Advisory Council”

6 06 2009

205002899_3a7b08c319Jeff Moss, conocido en el mundo de los hackers como Dark Tangent y fundador de las conferencias Black Hat y Defcon, fue uno de los 16 seleccionados el pasado viernes para pertenecer al Homeland Security Advisory Council, grupo que proveerá recomendaciones y asesoría a  Janet Napolitano, Secretaria del Homeland Security.  No deja de ser curioso ver la lista de  algunos de los miembros del Consejo que estarán compartiendo con Moss son:  El ex miembro de la CIA Bill Webster, Louis Freeh (FBI), El Sheriff de Los Angeles, el alcalde de Miami, el Comisionado de la Policía de Nueva York, los gobernadores de Maryland y Georgia, el ex-senador de  Colorado Gary Hart y el Presidente del Navajo Nation.  Algunos comentarios de Moss al respecto de haber sido escogido:

I know there is a newfound emphasis on cybersecurity and they’re looking to diversify the members and to have alternative viewpoints.  I think they needed a skeptical outsider’s view because that has been missing.”

“There will be more cyber announcements in coming weeks and once that happens my role will become more clear. This meeting was focused on Southwest border protection… With things like Fastpass and Safe Flight, everything they are doing has some kind of technology component.”

Moss dice sentirse honrado, pero reconoce que puede perder algo de credibilidad entre sus colegas hackers.  Kevin Mitnick, reconocido ex-hacker que cumplió prisión por sus actividades y que hoy es consultor de seguridad, expresó sorpresa de ver a Moss en la lista y aplaudió la diplomacia expresadad por éste.  Las vueltas que da el mundo.

Fuente:  Cnet





La evolución de las PC

29 05 2009

Siempre es interesante dar un vaje en el tiempo para ver de dónde venimos y al mismo tiempo tratar de predecir hacia donde vamos en la evolución tecnológica.  Una de las protagonistas en esa evolución sin duda ha sido la computadora personal; los que llevamos un tiempito laborando en el campo de las computadoras recordamos, por ejemplo,  la TRS-80 y la Commodore 64, entre otras, pero hubo muchas más computadoras destacadas que abrieron las puertas para que hoy tengamos, desde poderosas “Gamer’s PC’s“,  hasta las populares Netbooks.  Mi amigo José Ortíz (@joe0616) me envió via Twitter un enlace a un interesante artículo publicado por PC World que narra con imágenes la evolución de las computadoras personales.  Te invito a compartir este viaje en el tiempo:

165612-img_pc1_slide

Evolution of The PC-Computer World





Wolfram Alpha, un buscador diferente

20 05 2009

Stephen Wolfram tratará de cambiar la forma en que buscamos información en el web con su buscador Wolfram Alpha, donde en teoría, escribes una pregunta en lenguaje natural y recibes una respuesta concreta.  Por ejemplo, si escribo “Distance between the Earth and the Sun” (en inglés, porque aún no está en español), en lugar de recibir como respuesta enlaces a páginas que pueden contener la respuesta, el buscador me muestra la contestación a mi pregunta.  De esto funcionar , cambiaría radicalmente la forma en que buscamos información y recibimos respuestas en el Internet.  Hice varias pruebas para ver su precisión, y estos fueron los resultados:

Al buscar “Tallest man on the world“:

wolfman1

Al aceptar la sugerencia del buscador, recibo la respuesta que busco:

Wolfman2

Al buscar “Black hole” (refiriéndome al término astronómico):

wolfram3

Recibo una fórmula matemática como respuesta, que no es lo que estoy buscando.

Obviamente, hay que pulir más los algoritmos de Wolfram Alpha para que pueda cumplir con un objetivo tan ambicioso.  De momento sigo usando Google para mis búsquedas del diario, pero le veo potencial a este nuevo buscador en área académica y de investigación.

Gracias a José Ortíz (@joe0616) que me envió el enlace a Wolfram Alpha via Twitter

Fuente:  Uberbin





5 formas de reducir el tamaño de las presentaciones de Power Point

18 05 2009

Es cierto que ya no estamos en los tiempos cuando el espacio disponible en medios de almacenamiento digitales escaseaba y su precio esra prohibitivo.  Recuerdo los discos duros de las IBM XT con 20MB de espacio y los “jump drives” de 32MB; ahora es común disponer de 500GB de disco duro y memorias portátiles de 8GB.  Sin embargo esto no significa que no debamos aprovechar ese espacio al máximo y algo que roba espacio, si no estamos atentos, son las presentaciones de Power Point.  Esto por el hecho de estár cargadas de contenido multimedios, como imágenes, audio o viseo.  A continuación 5 formas de reducir ese tamaño:

  1. Usa el nuevo formato pptx cuando sea posible.  Esto puede reducir un promedio de 70kb de tu presentación, porque este formato maneja los multimedios de forma más eficiente.  Por ejemplo, una imagen de 5.62MB en formato ppt se reduce a 1.25mb en formato pptx.
  2. Optimiza el contenido multimedios en tu presentación.  Fíjate bien en el tamaño de lo que vas a incluír y verifica si hay alternativas más livianas o puedes usar la opción que provee Power Point para comprimir el tamaño de la imagen.
  3. Utiliza hipervínculos para acceder a tus videos o imágenes.
  4. Puedes cambiar el tamaño de las imágenes antes de incluírlas en tu presentación utilizando alguna aplicación como Paint.net o GIMP, ambas gratuitas.
  5. Graba tu presentación en formato pdf.  Una presentación de 1.25mb en fotmato pptx se reduce a 352kb en formato pdf, que además puede ser abierto por cualquier computadora con Adobe Reader, Foxit u otra aplicación similar.

powerpoint_compress

Reducción de tamaño de imágenes en Power Point

Fuente:  Ghacks





El “deface” de Google Puerto Rico, lo que pudo haber pasado

27 04 2009

El experto en seguridad Eric Fortis tuvo la amabilidad en el día de ayer de enviarme via correo electrónico su apreciación de qué método pudieron haber usado los hackers que vandalizaron el dominio de Google para Puerto Rico, y no solamente  Google, sino a una serie de páginas con dominio local.  La explicación técnica que da Fortis es la siguiente:

Estos hackers el martes hicieron lo mismo en New Zeland pero llevando un mensaje de parar la guerra, otros de burlas de Bill Gates, entre otros. Alli nunca llegaron a google.com.nz, lo hicieron a cocacola, microsoft, f-secure… y buscando la convergencia de todos los sitios se encuentra que pertenecen a domainz.net y que el grupo de hackers pudo haber entrado bajo SQL Injection y cambiar los records.

Encuentro que es una asunción bastante inocente meter que fue por SQL Injection dado que poco probable que los sistemas puedan alterar los records mediante una aplicación web y se comunique con la db que mantiene los datos en el DNS.

Para DNS desde hace tiempo de está hablando de formas para hackearlo y varias en teoría pero realistas.

Ahora yo entiendo que es más probable que hayan encontrado alguna vulnerabilidad en los  DNS regionales y vayan atacando poco a poco. Lo extraño del asunto es entender pq llegó a .com.pr el grupo de hackers si lo que hicieron con yahoo.com.pr y microsoft.com.pr… no aplica pq a pesar de que existen y estan vivos esos servers no hacen nada con el trafico en PR, aparte de google.com.pr que si habilitaba el defacing.

Mi primera impresión que es habian llegado a OneLink y encontraron una vulnerabilidad y le hicieron Poisoning al DNS, pq yo estoy con Liberty y no veia el problema (cosa que pudo haber sido el mismo cache de mi maquina que no hizo el DNS requesto).

Ahora viendo un poco mejor el perfil de los hackers es probable que si esten haciendole poisoning a los regionales.

Lo único que estoy seguro es que esta mañana google tenia 4 nameservers para .com.pr y ahora tienen 3 y no son los mismos ips, so que esto es un día biien largo para google.”

y si efectivamente entraron por SQL Injection al control panel de Domainz.net que es el registrar de todas esas compañías.”

Ahora la explicación de forma más sencilla:

Bueno en palabras sencillas uno compra un website y le dice a la compañía q lo vendió a que computadora debe apuntar el nombre que recién compraste. En esta situación los hackers entraron directamente a la computadora que contiene esos records que enlazan el nombre comprado
e.g.
www.google.com.pr =  74.125.67.99

y pusieron que
www.google.com.pr =  66.66.66.66

Entonces los usuarios escriben en el browser la dirección en letras y por obligación tienen que pedir un servicio que provea la dirección de IP y en esta situación los hackers cambiaron esa dirección en la computadoras que provee el servicio a todos los usuarios y que pagó quien registró el dominio.”

Esta es la lista de los dominios que fueron atacados con “defacing”:

blogsearch.google.com.pr
live.com.pr
translate.google.com.pr
nokia.pr
dell.com.pr
hsbc.com.pr
pcworld.com.pr
www.coca-cola.com.pr
nike.com.pr
nike.pr
norton.com.pr
www.norton.pr
www.paypal.com.pr
www.fanta.net.pr
www.fanta.com.pr
www.coca-cola.pr
www.yahoo.com.pr
adwords.google.com.pr
images.google.com.pr
groups.google.com.pr
www.google.pr
msn.pr
adsense.google.com.pr
hotmail.com.pr
microsoft.com.pr
news.google.com.pr
www.gmail.pr
www.google.com.pr

*Lista obtenida de zone-h.org

Gracias a Eric Fortis por la amabilidad de enviarme esta explicación que sé arrojará luz sobre aquéllos lectores, especialmente mis estudiantes de Ciencias de Cómputos,  que se preguntaban cómo ocurrió el “defacing” de ayer domingo.  Gracias también a Héctor Ramos que me conecto via Twitter con Eric, a ambos muchas gracias.





Aprende a programar en Google Code University

16 04 2009

Si eres estudiante de programación, programador o simplemente te gusta codificar de vez en cuando para entretener tus neuronas, Google Code University es un recurso formidable para ayudarte en el desarrollo del conocimiento necesario para aprender a codificar o añadir a lo que ya sabes de programación.  Los cursos disponibles son:

  • AJAX Programming
  • Algorithms
  • Distributed Systems
  • Web Security
  • Languages

Adicional hay una sección llamada Tools 101 que contiene intriducciones a herramientas comúnmente usadas en Ciencias de Cómputos y hay hasta un enlace a un Foro para Educadores.  Hay que mencionar que los cursos provienen de reconocidas universidades, comoPrinceton y Stanford.

codeuniv

Fuente:  Make Use Of





Youtube colabora con la educación

27 03 2009

Youtube ha demostrado ser una herramienta sumamente popular, al mismo tiempo fácil de utilizar y con una infinidad de aplicaciones que esperan ser explotadas.  En el ámbito educativo, personalmente creo que es un valioso depósito material listo para usarse en clase, tanto por el profesor como por los estudiantes.  Conscientes de ese detalle, Youtube tiene la sección Youtube Edu, donde encontrarás infinidad de videos publicados por prestigiosas instituciones educativas, [email protected] y colaboradores de la educación.  Excelente recurso para el salón de clase o simplemente para añadir valor a tus neuronas y completamente gratis.

captured_image_png

Fuente:  DigiZen





Qimo, un distro de Linux para niños

24 03 2009

Qimo es una distribución de Linux especialmente diseñada para ser usada por niños; de esta forma les enseñamos que existe algo más que Windows y pueden navegar el Internet en un entorno mucho más seguro.  Los iconos son grandes y en forma de caricaturas e incluye programas de código abierto educativos, tales como:  Tuxmath, Tuxpaint y Tuxtype.  Contrario a otras la distribuciones, Qimo está diseñado para usarse en el hogar, no en un salón de clase y tiene la opción de instalarse o ser usado como un “LiveCD“.

qimo-linux

Descargar Qimo

Fuente:  Download Squad