Home Archive RSS/XML Subscribe Shop

Re: [ISN] Hackers can turn network cameras, Microphones on you

From: cult hero <jericho_at_dimensional.com>
Date: Fri 16 Apr 1999 - 16:18:11 CDT
Reply From: Rick Low <rlow@ewa-canada.com>

At 03:35 PM 4/15/99 -0600 you said:
>Philip Loranger, chief of the Command and Control Protect Division in the
>Army's Information Assurance Office, demonstrated how anyone can attack a
>network and turn on any camera or microphones connected to that network
>with what he called "not very sophisticated hacker tools'' downloaded from
>the Internet.

I saw the same demo by Mr. Loranger at a different location, and was
underwhelmed. 
 
>Loranger, who conducted an attack on a dial-up military network in
>Columbia, Md., from an Association of U.S. Army Information Assurance
>symposium in Falls Church, Va., said the .mil system he managed to
>penetrate -- and whose identity he would not disclose...

The LAN looked to me (from reconnaissance part of the demo) like it was in
his own office area. I got the feeling he uses the same captive target
network every time he does the demo. 

>Once inside the network, Loranger said he then probed the network and
>discovered a "read/write password file'' that allowed him to delete the
>"super-user'' password, allowing him to create a super-user password for
>himself, giving him free reign over the system.

This is the bit of hand waving where I became completely skeptical. The
box he attacked in the demo I attended appeared to be a Linux
installation. The world-writeable /etc/passwd was just too much to
believe. At a time when there are so many legitimate exploits out there
that could have been used, this demo strained credibility. 

>From Mr Loranger's talk, it is clear that this demo is intended to impress
on politicians and bureaucrats the main issues in Internet attacks. That
it does, in a slick package. But the "live attack" part bent the needle on
my crap detector meter. 

--rick low


Richard A. Low, P.Eng.
EWA-Canada Ltd.
Ottawa, Canada
+1 (613) 230-6067 x228
mailto:rlow@ewa-canada.com
http://www.ewa-canada.com

-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
Received on Fri Apr 16 19:54:56 1999
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy