[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: [cobalt-users] Recent Hacks - Why?

Okay! Thanks for the information!

-----Ursprungligt meddelande-----
Från: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]För Dee Dreslough
Skickat: den 26 februari 2001 17:52
Till: cobalt-users@xxxxxxxxxxxxxxx
Ämne: RE: [cobalt-users] Recent Hacks - Why?



>What is it with all the recent "hacks" on the Raq's? Is it really hacks or
>is some sort of bug? It seem to me that very many raq's has been hacked.
>Even my raq was proberly hacked. Who is it that are hacking our servers,
and
>why? I don't see any point in doing this...

I have a friend who's run a few ISPs in his day who now works for my
husband.  He's been doing security for years, so I asked him about what
might be going on.

Basically, all these hacks are probably happening for two reasons:

1. There's a new HUGE recently discovered hole or holes (BIND) that all the
hackers are now trying out. Our systems aren't spontaneously corrupting
themselves...this isn't just a bug. I wish it was!

2. A new crop of 'pups' is cutting their hacking teeth at the same time.
Basically, more kids are discovering hacking right now, so more and more
portscans and scripts are going to be thrown at us. More amateur hackers are
learning by throwing their scripts at our machines.

My friend explained that one of the reasons my hack was so obvious (I
immediately started receiving BIND: Address already in use messages in my
email box within 15 minutes of the hack) was because there are Real Hackers
and Kiddie Scripters.  The real hackers have a kind of honor (if you can
call it that) and they purposely leave errors in the hacking scripts they
distribute to the kiddies so that amateurs leave footprints whenever they
use them to break into systems.  This is the real hackers' way of actually
allowing us to know when we've been hacked. Nice, eh?

These Real Hackers have probably already had access to our systems for
months...we probably never would have known... but now all the Kiddie
Scripters are trying out the scripts, and leaving a mess behind. And, there
are a lot more kiddie scripters than real hackers, I would guess...just like
there are more RaQ newbies than old salts. :)

>Why so much hacking? Why do they do it?

There seems to be some kind of 'cache' in having a list of compromised IPs
of boxes you've hacked. Also, hackers try to pre-prime machines for Denial
of Service attacks. They try to sneak onto as many machines as they can to
set them up to do an attack at a later time. They're basically trying ot get
as many compromised machines in their 'back pockets' for when they need them
to attack someone who's angered them.

So, the kiddies are probably doing it to 'collect' a bunch of hosts they can
use later, or to just show their friends how cool they are. >:P Of course,
they don't realize that they're basically doing the equivalent of breaking
into someone's store downtown...they're threatening our livelyhoods by doing
this.  For them, it's just long distance teenage mayhem, I guess.

I don't think the problem's going to get any better any time soon. As we
pass the 50% internet-use mark in the USA, more and more kids are going to
have access to the web, and more and more are going to want to learn to
hack, and try every portscanner and script they can get their paws on again
and again.

I'm not a hacker, so this is just what my friend (who as a security
specialist has had to study hackers) has explained to me.  I hope it helps
make the possible motivations of these people clearer, and also explain why
we've been catching them so often.

-Dee Dreslough
With love to the Admins -- may we always keep fighting the good fight! :)

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users