Entrevista de CNET a Mark Abene, “Phiber Optik”

23 06 2009

AbeneMark Abene, comocido como “Phiber Optik“, comenzó a los 9 años a usar computadoras hasta llegar a formar el grupo de hackers y phreakers “Masters of Deception“.  Siendo todavía un menor recibió una sentencia de un año de prisión por un juez que quizó enviar un mensaje claro a otros hackers.  Ahora a los 37 años Abene es considerado un gurú de seguridad.  Elinor Mills de CNET realizó otra excelente entrevista, en esta ocasión a Mark Abene sobre su pasado y presente.  A continuación reproduzco dicha entrevista:

Q: When did you start hacking or phone phreaking?
Abene: When I first got online in the early 1980s I was using an online service called CompuServe. I was initially looking for people with the same computer as I had. I had a very simple computer in those days, an old TRS-80, 32-column screen, no lower case, cassette tape recorder to load and save programs, and you would connect it to a television set as your monitor. I was online at a whopping 300 baud, which was normal at the time. And I was seeking out people to trade programming ideas, possibly software and so on. There wasn’t a huge amount of commercial software for my computer. One thing I had discovered about CompuServe is that there was a programming environment you had access to…that was a lot more powerful than the computer I had at home. It was the first time I had the notion that you could actually use programming languages and the ability to save and load back programs remotely on a computer that wasn’t yours.

The problem was that CompuServe at that time was insanely expensive, as were any of the competing services. They charged by the hour, which is unfathomable to people these days. I was chatting with people on CompuServe CB (Simulator, the first online chat service). I also discovered BBSes (bulletin board systems) many of which existed on Long Island. I grew up in Queens. Behind the scenes there were often private sections restricted to specific users to discuss certain underground topics, not the least of which was trading passwords for online systems and even calling card numbers to circumvent toll charges. Again at the time, phone service was rather expensive. In most major cities it was timed. No free local service, so you could easily run up a very large phone bill. Bearing in mind, too, that we were kids. I was about 12 or 13 years old. The first passwords I got a hold of from these BBSes were actually for minicomputers that were set up as part of an educational program in Long Island at many of the high schools. It was sponsored by DEC (Digital Equipment Corp.). A lot of the passwords I came across on the BBSes originally were guest accounts.

So that was my initial exposure to being somewhere you were not supposed to be, although things were a lot more relaxed in those times. There was no real notion you were doing something illegal. It really wasn’t (illegal). The fact that you were using a guest account on a minicomputer being maintained at a high school … there wasn’t any notion that anyone was doing anything wrong.

At this time I was weaning my way off CompuServe as I met people on BBSes. I had gotten pretty proficient not only at programming, but at understanding the system administration and security models of a lot of these operating systems from DEC. I was really interested in, not necessarily defeating them. But if, for example, you wanted to maintain access to these systems you would have to understand how the security mechanisms worked. Besides being fun it was definitely an intellectual challenge. If you were used to hanging out on one of these systems and if the guest account password was changed or an account you were using got locked out it would be kind of frustrating. So, that was probably my initial motivation in wanting to understand how to defeat the security mechanisms.

In doing so, I met a guy on BBS with an underground section and this guy introduced me to a couple of guys from the Legion of Doom, who were not from New York. This was probably in around 1985 or 1986. A guy I knew from BBSes, Steve, introduced me to a guy from the Legion of Doom who called himself “Marauder,” from Connecticut and another guy in Florida, who called himself “CompuPhreak.” Marauder was skilled with an operating system called RSTS. A lot of the minicomputers in the school program were DEC PDP-11s and they ran an operating system called RSTS…

I was always interested in the phone system from a relatively early age. The phone system was a lot more present then it is now. There’s a certain silence now because it is digital. Behind the scenes it was electro-mechanical; it was done by machines with lots of moving parts. When you called somebody you heard a lot of these rickety machines in the background. You would hear the switching of the call before the phone started ringing and sometimes you would hear tones in the background going over trunk lines connecting you to the person being called. I was always interested in knowing what was going on when that was happening. I learned later on that a fair amount of that process was computerized and I figured there must be some pretty interesting computers doing that. I got to talking with Marauder and CompuPhreak about that.

On a lot of these BBSes it was very common to have sections with text files which were nicknamed G files for general files. A lot of these general files were categorized into a sort of underground knowledgebase in the form of information that was typed up by other kids who had encountered certain systems in their forays into places they probably weren’t supposed to be. They would describe lists of commands. A lot of these systems had online help. It was not uncommon to log into one of these DEC minicomputers and type in “help” and get a list of commands in insane detail with information about how to get around in the system. A lot of times you would find reprints of these help files. You’d also find info about phreaking or exploring the telephone system. Some of it was from a previous generation, from the ’70s, stuff that had been reprinted or re-transcribed. Other stuff was being put out by other people, primarily in the Legion of Doom. Some of it was re-transcriptions of phone company documents they had found in the trash, for example. In other cases it was descriptions of systems that people had gotten into, management systems in the phone company. In these days security was a lot simpler. There are cases where certain rather powerful management systems within the phone company could be accessed simply by dialing in, knowing the phone number, and not even needing a password because the previous user had forgotten to log out and it wouldn’t reset back to the log-in screen. That was a common problem back then. That was the way a lot of hackers got into these phone company management systems.

There was a lot of overlap between hacking and phreaking. Most of the management systems used in the phone company were actually Unix systems. So I started  earning Unix in the 1980s. And my motivation for wanting to program in C stemmed from my wanting to run password crackers. Certainly you couldn’t do anything like that on your home computer. You had to run a password cracker…Another thing that motivated me to learn C was to be able to do modifications to the security infrastructure of a lot of these systems in order to maintain access to them…The log-in program that runs on Unix was written in C. Being able to modify that and insert a backdoor password for easy entry is something you had to be skilled to do. These were systems we never would have had access to otherwise and we wanted to understand their intricacies and how they worked.

So, the motivation wasn’t to make free phone calls?
Abene: There was no motivation to make free phone calls. It was a means to an end. The motivation was so you didn’t get killed with a whopping phone bill for all these dial-up calls…The way a lot of us justified it as kids was it was an acceptable risk, a means to an end.

What were you learning from those systems?
Abene: I was really interested in the telephone network, switching systems and management systems associated with them, as well as large data networks. Prior to the Internet there were packet switched networks that were used for a variety of purposes. Two of them were Telenet and Tymnet. They were private networks and they had a lot of private subnets within them, in a lot of cases gateways to systems and networks overseas. They were the first real international networks young hackers ever saw. A lot of those young hackers reached out to each other on chat systems that were set up. There were some famous chat systems set up in Germany and the only way to get to them was to learn how to navigate through some of these packet networks.

As far as who the customers were on these networks, pretty much everything under the sun, a cross section of big business. I and a couple other guys had gotten access to a lot of the internal maintenance and debugging tools used by the company that ran the Tymnet network and in doing so we were able to pretty much gain access to any system that was connected to the network just by watching people log in as they entered passwords. That was probably one of the earliest cases of, I guess you could call it interception or eavesdropping, but only in the sense of capturing passwords.

So, you weren’t generally sniffing around networks for corporate information?
Abene: We were only interested in technical documents that explained the workings of system X. Anything that had to do with security…Our pursuits were highly technical. We were motivated by wanting to learn more about the systems we were getting into. There was lot more variety of systems out there than there is today.

What got you in trouble with the law?
Abene: When I first got online and started getting access to systems there was a sort of gray area. When you are a young teenager you’re not really thinking about what the law says. And when I first got online there were no clear-cut computer crime laws. It wasn’t really until 1986 or thereabouts that some of the first laws were drafted specifically addressing computer crime. Prior to that, unless they were doing something really out of the ordinary, most people who got in to trouble with the law at that time were usually doing something silly or foolish. It was relatively easy to remain undetected in those times. Unless you were doing something blatant or going somewhere that was extremely sensitive. I let some of my guard down I suppose because of the way things were changing towards the end of the 1980s…

There was a lot more publicity around hacking as more and more people were being arrested and tried and, as you can probably imagine, a lot of the publicity was very negative. In the United States hackers were public enemy No 1. It was high drama on the electronic frontier, with images of FBI agents kicking in doors and waking up kids at gunpoint, which happened to me personally, so that’s no exaggeration. Things like that typically didn’t happen in other places. There was definitely a high degree of paranoia in the U.S. surrounding all this.

Over the course of us doing this things became illegal. For example, I was charged with possessing 15 or more passwords. The laws themselves, if you read them, are just ludicrous to think about in stark comparison to when they didn’t even exist. When you’re a teenage kid and you’re perusing around looking for access to interesting systems you would have hundreds, thousands of passwords and dial ups and so on. You would keep it all in a notebook. That was the information you collected; it was part of who you were and what your skill sets were. It wasn’t anything unusual. Something like that became illegal. Forgetting about intent or whether or not they were used, it was simply possession. Many systems didn’t even have passwords, in the mid-80s, including phone company systems. The administrators never set passwords.

What was your thinking when these activities were outlawed?
Abene: We always conducted our activities according to a certain code of behavior and we always believed that as long as we adhered to that code of behavior we wouldn’t show up on too many people’s radar. This tended to be the case for a long time, even after laws started to pass.

(Around) 1986 a friend of mine who was in the Legion of Doom had gotten in trouble for various things he did having to do with the phone company and getting access to really sensitive systems. It was Dave Buchwald, who was also one of my business partners when I had my consultancy, (CrossBar Security). There was an internal investigation. Back then it was New York Telephone. At the time it was one of the biggest, most blatant upsets to internal phone company security probably than there had ever been. The phone company wanted to keep it rather quiet because frankly they were pretty embarrassed by it. By the time I had gotten into trouble for very similar things some years later, it was not long after some friends of ours in Atlanta, some Legion of Doom guys had gotten in trouble.

That hit close to home because I was in regular contact with those guys and I figured that if they had gotten into trouble we were on somebody’s radar. And we were. That was around 1989. And the paranoia level had gotten so high that when the Secret Service came knocking in January of 1990 at my parents’ house looking for me they were under the impression that I had something to do with crashing the AT&T network, which had gone down completely around Martin Luther King Day about a week before. As you can imagine they were overeager to find somebody to blame for that. If hackers had taken down the nation’s primary long-distance company then something had to be done. That turned out not to be the case. AT&T then went on the record claiming it was their own software update containing an error which took down the network. They were the cause.

I figured that these guys were so far off in what they believed was going on it really didn’t sway me from doing what I was doing. Although in retrospect, I could have been more careful at that point. There was a certain amount of publicity that was associated with it and the fame that went with it, fame within certain circles anyway, which kind of made it cool I guess for a lot of people. It was probably one of the first high-profile cases of that kind. That was 1990. Over the course of the next year we just did everything bigger and badder. We did lots of interviews, all the while we were still hacking. This basically made us enemies of the government and law enforcement everywhere. Federal law enforcement certainly had it in for us at that point. Again, it was largely our interpretation that these guys were so far off the mark from our initial encounter with them in 1990 that led to all of us getting in trouble in 1991. And that was the end of my first-hand dealings with the so-called “underground.”

What were you arrested for?
Abene: In 1991 there was that aspect of phone company switching systems which are considered a very sensitive part of the nation’s infrastructure and we can’t have teenagers playing around in those. There were also a lot of the public and private data networks we had gotten access to. One of the major complainants in my case was British Telecom, which ran Tymnet. Several of the regional bells were not all too happy. I was charged with the least number of charges compared to others in the case, but I got one of stiffest sentences and that was due to the public image I had created.

Abene: I was sentenced to a year in prison in 1993, as a result of being grouped into a major investigation by a joint FBI/Secret Service task force in 1991, when I was already 18. Even though I was scarcely mentioned in the indictment at all, I surprisingly received the harshest sentence because of my public profile. The judge himself said he wanted to “send a message” at my sentencing. I was charged with conspiracy to commit certain specific acts. In the indictment they laid out various overt acts. The other charge was basically computer trespass on a grand scale. I was ultimately sentenced to a year and a day and actually served about 11 months in federal prison. It was not an experience I like thinking about and it is something I put behind me long since. By the time all that happened I was already employed in companies working as a system administrator.

But it hasn’t hindered your career at all, has it?
Abene: Not at all. I’ve worked as a system administrator and network administrator. Even when I was still doing things that could obviously be construed as being illegal I did a fair amount of public speaking. I did several talks at the New School for Social Research in Manhattan, Parsons, and New York University. A lot of these talks were purely technical, such as the history of the technology of the phone system… After working as a system administrator for two of the first public access BBSes with Internet access (MindVox and ECHO) I became a system administrator and security consultant, and was recruited by Ernst & Young to kick-start a new type of security consulting.

I successfully spun off my own consulting firm based on those experiences in the late ’90s, and did information security work on four continents along with my business partners. We ultimately all went into private practice after the dot-com bubble burst in the early 2000s. I’ve been doing independent information security consulting for some rather large clients ever since, until recently forming a new intrusion detection start-up with some colleagues. I was still working at ECHO when I was released from prison. Then I worked for Radical Media, which was a production house, as a system administrator.

If you could do anything differently what would it be and do you have any regrets?
Abene: That’s a pretty loaded question. You can’t go back. I don’t live with any regrets. I took part in something that at least I considered special. There were certainly some negative aspects in it in the trouble I got into. But there was definitely a lot of positive that came out of it. But I consider that to be a very minor phase of my life. My trouble with the law lasted about a year and if you do a Google search it is 99 percent of what you find.

Do you have any advice for young hackers?
Abene: Things are a lot different today. One of our major motivations was that we wanted to get access to computers that were more powerful than the simplistic ones we had at home. Today most kids’ home computers are a lot more powerful. For us it was a great equalizer. We wanted to get access to the high technology we otherwise wouldn’t have access to, understand it, and learn to program it. As far as anybody today doing a New York sort of underground hacking, I’d caution against it even though, naturally, it’s going to happen. It’s a completely different world these days.

What are you doing now?
Abene: I have been doing lots of consulting. After my own consulting firm folded after the dot-com bust in the early 2000s I continued doing independent security consulting for a lot of large companies. A fun job I had recently was writing the encryption routines for the online streaming service for Major League Baseball

Fuente:  CNET “Mark Abene, from Phiber Optik to security guru”, por Elinor Mills, junio 23, 2009

RedSn0w se actualiza a la versión 0.7.2 y UltraSn0w ya disponible

23 06 2009

quickpwn-299x300RedSn0w, la aplicación del Dev Team para hacer al “jailbrake” al iPod Touch y al iPhone 3G con el OS 3.0,  ha sido actualizada a la versión 0.7.2.  Por otra parte, ya superadas ciertas dificultades, UltraSn0w, la aplicación para desbloquear el iPhone con OS 3.0, también del Dev Team,  ya está disponible en Cydia.  Como recordatorio, antes de hacer el desbloqueo del iPhone, éste tiene que estar actualizado al firmware 3.0  y “jailbraked“.  En el caso del iPod Touch, debe estar actualizado al firmware 3.0 previo al “jailbrake“.

Para un tutorial completo y en español de cómo desbloquear tu iPhone 3.0, accede desde aquí a la página de los colegas de iPhone Fanatic.

Descargar RedSn0w 0.7.2 versión Windows

Descargar RedSn0w 0.7.2 versión Mac

Ya está disponible el RedSn0w 0.7

20 06 2009

RedSn0w 0.7, la herramienta para hacer el “jailbrake” al iPod Touch 2G con 3.0 ha sido liberada por el Dev Team en versiones para Mac y Windows.  Recientemente se corrigieron unos bugs, así como el problema con la aplicación de YouTube.  Notas importantes:

  • Este Jailbreak no funciona el con nuevo iPhone 3Gs
  • Si tienes un iPhone 3G el cual utilizas exclusivamente en otra compañía no actualices a la versión del firmware 3.0 ya que este Jailbreak aun no tiene la versión de UltraSnow y no podras liberarlo por ahora, la liberación de UltraSnow se hará a través de Cydia/Icy como se ha realizado anteriormente.
  • El jailbreak de la versión anterior se perderá
  • No se perderá ningún dato, Redsnow solo modifica el firmware y deja la información intacta
  • Descarga del RedSn0w
  • Videotutorial disponible aquí
  • Nota:  Es importante que tu iPhone/iPod Touch ya esté actualizado al 3.0 antes de realizar el “jailbrake“.  Para realizar dicha actualización necesitas tener iTunes 8.2, si no al momento de actualizar al 3.0 te lo indicará.  También necesitas tener en tu PC una copia del ipsw que corresponda a tu dispositivo.  Puedes buscarla aquí.
  • Actualización:  Ya realicé el “jailbrake” a mi iPod Touch con éxito y sin problemas.  Mis datos, música y videos están intactos y el proceso tomó menos de 5 minutos.

Disponible Pwnage Tool

19 06 2009

El Dev Team ha liberado el Pwnage Tool para hacerle el “jailbrake” a los siguientes productos con el OS 3.0:

  • iPhone 2G
  • iPhone 3G
  • iPod Touch 1G

Esta versión no incluye el UltraSn0w, así que no se puede desbloquear todavía; se espera que UltraSn0w esté disponible más adelante a través de Cydia/Icy.  De nuevo, Pwnage Tool no funciona con el iPod Touch 2G y se puede usar solamente en Mac’s.    QuickPwn, para los usuarios de Windows, debe estar disponible de un momento a otro. En resumen, estos son los pasos que debes seguir para usar Pwnage Tool:

  • Bajar el firmware correspondiente
  • Bajar e instalar PwnageTool
  • Ejecutarlo y conectar el iPhone / iPod Touch 1G
  • Seleccionar el dispositivo correspondiente y seguir los pasos (se recomienda el modo experto, en el tutorial detallado estará mejor explicado)
  • Crear el firmware y poner el dispositivo en modo DFU (el programa ayuda mostrando los pasos)
  • Restaurar con el firmware creado desde iTunes utilizando Alt + Restaurar


Descargar Pwnage Tool 3.0

Fuente:  iPhone Apps

Consideraciones a tomar en cuenta antes de actualizar tu iPhone/iPod Touch al OS 3.0

18 06 2009

Desde ayer miércoles está disponible la actualización al tan esperado OS 3.0 para el iPhone y el iPod Touch; son muchos los que ya dieron el salto, pero si aún no lo has hecho, estás a tiempo de tomar en cuenta los siguientes detalles:

  • Al actualizar se pierde el “jailbrake” y en el caso de un iPhone desbloqueado se pierde esta característica al actualizarse el “baseband” del mismo.  Se supone que la herramienta para desbloquearlo con el OS 3.0, UltraSn0w, esté disponible este viernes.  Sobre QuickPwn, no ha fecha definitiva.
  • En el iPod Touch 2G se activa el bluetooth, peropor el momento solamente para el uso de audífonos, ya que todavía no hay aplicaciones que hagan uso del mismo.
  • Los desarrolladores de aplicaciones que provienen del AppStore, Cydia o el Installer, deben actualizarlas para que funcionen en el nuenvo firmware 3.0 y esto puede ocurrir de forma paulatina.
  • La recomendación general para los que tienen sus equipos “jailbrekeados” es ser pacientes y esperar un poco hasta que el Dev Team tenga listas las herramientas UltraSn0w y QuickPwn.

Fuente: Mi iPod Touch

UltraSn0w, el nuevo YellowSn0w del Dev-Team

17 06 2009

El Dev-Team demostró en un video su nueva versión de la aplicación YellowSn0w, llamada UltraSn0w, con la que se puede liberar el iPhone 3G con el nuevo sistema operativo 3.0.  UltraSn0w estará disponible el viernes, ya que el Dev-Team no quiere arriesgarse a que Apple tenga tiempo de producir un parcho que evite la liberación, razón por la cual tampoco han revelado cómo consiguieron hacerlo.  En teoría pudiera funcionar con el iPhone 3GS, pero eso aún está por verse.  Por el momento se recomienda a los que ya tienen su iPhone “jailbrekeado” no actualizar al 3.0 hasta que está disponible el UltraSn0w.

Fuente:  iPhone Apps

6.7% de iPhones/iPod Touches “jailbraked”, según el NY Times

14 05 2009

ipod-touch-iphone-jailbreak1De acuerdo a un artículo publicado en el New York Times, el 6.7% de los iPhones y iPod Touches se les ha aplicado el proceso de “jailbrake“.  Este proceso envuelve un “hack” al dispositivo que lo libera de las aplicaciones de iTunes, permite ejecutar aplicaciones de terceros y abre una serie de posibilidades técnicas que a la vez lo separan del apoyo técnico de Apple y eliminan ciertos parámetros de seguridad.  El porciento del que habla en NY Times se obtiene del siguiente estimado:  Se dice que se han vendido aproximadamente 37 millones de iPhones y iPod Touches alrededor del mundo; la plataforma principal para hacer el “jailbrake“  ha sido instalada en cerca de 2.3 millones de esos dispositivos.  Una segunda plataforma de “jailbrake” ha recibido cerca de 500,000 descargas y en el artículo estiman que otras 200,000 se pueden haber añadido.  Eso nos deja con 2.5 millones de 37 millones, para un 6.7%, suficientemente grande para ser un mercado, pero al mismo tiempo, una minoría de usuarios de iPhones/iPod Touches.

Fuente:  Appscout