Police set to step up hacking of home PCs

v3,

Not exactly. There is a overflow which is exploited in the SVCHOST service, and shellcode is then wrote into the buffer and executed. The shellcode is what actually creates the open port (could use 80, if needed to bypass firewall) and not the SVCHOST service.

That exploit is a real vulnerability that worked on all Microsoft operating systems up until about a month ago. SVCHOST doesn't have any open ports, but it doesnt need any either. By sending a malformed rpc packet you are able to overflow the buffer and actually create your own portbind shell on whatever port you deem necessary.

No disinfo here. Totally plausible and while it was zero day it was pretty much a guaranteed way to get into a Microsoft system. Your system could have zero open ports and it would still work.

I also used telnet as a general remote connect software, but me personally would prefer SSH if connecting to a legit system, or netcat when doing things as described above.

I do appreciate the time you took to analyze what people have said though, its nice to see someone trying to disprove false information. I should have included more in my previous post about how it worked but didnt think many would understand even as much as I posted earlier.

what news source did this "snippet" come from?

Hey again,
For the sake of clarity, I wasn't suggesting that you were providing disinformation, sorry if I came off that way.

From what I gathered, the computer would have to actually run the .pl file to complete the circuit to allow the hack to operate. (this wouldn't be that hard to hide on a webpage or other script that would call it by the way)

The reason I say this, is that if my computer is sitting on the net, behind a NAT firewall, then any direct access to my external ip would meet my firewall and my computer would not even see the attempt to access it. Without a hardware firewall the point is of course moot. Software firewalls are "paper condoms" and should not be trusted. without any forwarded ports my computer may as well be invisible until I try to visit a webpage or such.

As with most firewalls, all outbound traffic is typically allowed, and once an outbound connection has been made, traffic back via that same conduit is allowed. So essentially if police were to require access to a computer, they need only to convince a person to make an outbound connection to a known point, probably "Click here to see the pedo alert on your neighbor" or something to that effect. Then access the backdoor, a similar .pl file or some other program. (*cough gotomypc.com...cough) Otherwise, I'm not sure how an externally initiated connection could bypass NAT.

I try not to code in perl or shellscript whenever possible so that might be where I'm lacking the answer. In any case, we can prove that police and others CAN in fact access your machine, the hoops they would need to go through would vary depending on your level of paranoia and expertise but it IS possible.

Thanks for reading
..Ex

The beauty of how it works is NOTHING has to be run on the target system. You only have to run the exploit from your system and you end up with a shell running on the target computer. This also goes to show how dangerous buffer overflows can be when you can use any number of useful shellcodes, in this example, a portbind shellcode for port 4444.

So you at your home system could actually have been hacked, with no knowledge at all. You would not have had to download anything, run anything, or anything of the sort. The only requirement is that you are running a Microsoft operating system with the SVCHOST service, which is ALL of them. The only difference between the systems is having to use a different offset for the exploit to work correctly.

I posted this example to counter someone said that the only way you can be hacked is by downloading, running, or using something that allows it. This cannot be further from the truth, and actually, the holy grail of exploit code is a remotely executable vulnerability that allows you to inject portbind shellcode.

Hopefully this makes a bit more sense.

The thing i have set up for my computer a encrypted flash drive with all the data i don't want anyone to get on it. i only plug it in when i need to and all other times it is hidden away.

They would have to hack my computer at just the right time and them find out my encryption system. even then the first and last of the drive is random garbage.

The joke with the government AES encryption is that with a simple addition of one bit of non-random garbage every 2 to 8 bits of info there backdoor becomes blocked.

The letter A is 8 bits 01000001 and if your program changes every third bit
you get 01100101 then encrypt that. when decrypted they will get 01100101
but you know to farther decrypted it by changing every third bit.

This is called Steganography
And programs can be written to do this.

This can be complex like in the first byte the third bit is changed and in the second byte the sixth bit is changed, ETC

This pattern can also be encrypted with a AES encryption making a encryption system that even the government can not break.

[edit on 4-1-2009 by ANNED]

reply to post by ANNED

---

Hey hey,

Ok I think we are both correct in this case. In your case you are hitting an exploitable service, which is allowing unfettered access to the computer. This proves that the police could also do something similar. (Maintaining thread integrity)

In My case I'm referring to a network, with several computers behind a hardware firewall providing Network Address Translation. There is no Svchost service running on the firewall, thus the exploit is ineffective without a user taking some action to initiate it. This doesn't in any way suggest that the system behind the firewall is un-exploitable.

If I have say 5 computers behind my NAT router, and the ip that is externally bound to the firewall is attacked, it's not possible for the services that are on one of the computers to be exploited in this fashion. How would the exploit know which system it was accessing. This is the very nature of NAT.

However if any one of them were to make an outbound connection to an exploit, then that system could easily be compromised. So again, I agree we are botch correct. I only wish more people on the internet were as astute, we'd have much less spam, and far less zombies

Cheers.
..ex

If they were to show the judge that they obtained this incriminating information from your PC via some clandestine remote connection/ back door to your system , would that then not imply by virtue of this said backdoor that they had the capability to plant this information on your computer in the first place , thus making any use of any kind of information gathered this way as inadmissible ?

Sadly no. When the police question you, even if they lie to you it is still admissible. When the police currently arrest you, they can plant anything they would like, and you are still suspect until you can show it wasn't yours. (I know its backwards to innocent until proven guilty.)
eg:
A 15 year old kid was reported by yahoo to the police for uploading child porn to a yahoo group. Yahoo cited the kids IP and the police seized his computer and ran him through the mill. 2 years later it was finally discovered that a stealth ftp program was installed on his computer and he was simply being a mule for the dirtbags. Even though he was innocent the whole time, he was still ran through the system, completely messed up his life and destroyed his childhood.
(I saw this on an episode of 60 min or their competitor)

The moral of the story is that you need to protect yourself (hardware firewalls), by being aware of what is running on your system. Several apps will show you what is going on tcpview pro is good, or if you simple open a command prompt and type "netstat -an" with no quotes you'll see whats connecting on which ports.
Then google the port and you will have a better idea what is going on. (not fool proof, as bad apps can dictate their own ports. So ftp isn't always on 21/20)

..Ex

As luck would have it , only yesterday I found some good little ap that does some of what you say, ie the monitoring of ports etc . I do not know if i can give links, but the name on the image should be able to get you to the right page :

I feel there is one possible way of hacking into any computer that has been recently overlooked. There is existing technology to have full broadband connections through AC power lines. Could it be possible for secret hacking using this method? Just about every computer is connected to a wall socket using AC power.
Here is a link to what the technology consists of.

Power line communication

Totally understood and 100% agree.

People really should use NAT + Firewall in order to protect their PCs from many of the problems that plague the internet today. You are correct that the scenario I posted would only be available if the computer is the DMZ or the host which receives inbound connections, which although constitutes most of the PCs that home users may use. I currently use a hardened version of Linux, stripped bare pretty much other then essentials, to act as a firewall and first line of authentication. So far it has worked quite well, and with Snort acting as the IDS, I am able to take quite a in depth view of packet analysis and what may be connecting to my system either through TCP, UDP, or any other form of packet received.

And I agree that most people are quite ignorant in terms of security, and that is the reason for so many of the problems with todays internet. If people even took basic measures at securing their systems and networks, the amount of zombie systems, distributed attacks, and hosts used to hurl spam throughout the internet would be minimized.

Either way, very good posts and glad to meet you.

While bush lights up a smoke with U.S government bonds. In my opinion, what if this matter is about finding Rogue coders plotting for a potential cyber attack on the UK or US?

I remember reading how vulnerable are Cyber infrastructure really is. It is weak enough for a potential attacker to take down an electrical grid, fry some computers, and leave us stuck back in the stone age.

News source: U.S fails to withstand mock Cyber attack-Fox News

They are already in my computer. If they get really pissed at my posts they crash my computer. They have the ability to shut off my security at log on and go into the DOS and run simultaneously with me when I log on.
I have had to reload my computer every year. They also have the ability to take over my mouse and halt my backups. I also have to reload my security from time to time. I think the computer comes loaded with a mechanism that allows them to bypass normal security protocol.

Hello,

in germany this law is reality since begin of this year. People call it "The wet dream of the gestapo".

you will know that you have found a reason to live when you walk in a truth for which you are willing to die. At first a true patriot walks a path alone. He is ridiculed and scorned. But in the truth of his cause is a strength undeniable. Indestructable. It will take him across the threshold where he finally succeeds. Here, the masses will gladly join him in his cause. For at this point, it costs nothing to be a patriot.

Truth72

If this plan for intrusion without a warrant becomes Law, then it will be completely abused - as recent history has shown.

In the UK laws brought in a handful of years ago under the guise of being anti-terror - with assurances that they would never be used for any other purpose - have been abused to prosecute for offences as trivial as the wearing of a t-shirt bearing a slogan which insults Tony Blair, or daring to protest peacefully outside political conferences.

When local councils were granted permission to bring prosecutions using those same anti-terror laws, they abused the privilege by using it to monitor and prosectute people for allowing their dogs to foul pavements or park their cars in the wrong place.

The most worrying thing about this was just quickly - and how eagerly - the anti-terror law was adopted for use against citizens who were clearly not terrorists and were not involved in terrorist activity. So to think the situation will be any different and more restrained with this computer hacking law is nothing short of idiocy.

In the UK the Labour governemnt has ensured that rather than the Police serving to act primarily as a Police Force, they now serve to meet stringent targets for arrests. You only have to read blogs by Police Officers to see how this has led to a culture of prosecution for the most mundane and trivial offences - because when aiming for the targets, an arrest is an arrest.

Situations that in previous decades would have warranted nothing worse than a "word of advice" or a dressing down from a Police officer have routinely become automatic arrests. How much easier is it going to be to hit (and surpass!) these arrest targets under these new hacking plans? The Police would probably find a week's worth of "offendors" in a morning's hacking session. And they will.

What a warrantless hacking will lead to is a culture of Police officers trawling home PC's ooking for easy pickings, rather than focusing on serious cyber-criminals.

There is no reason or justification for this hacking to be allowed without a warrant. It's that simple.

reply to post by Siren

---

"They are already in my computer. If they get really pissed at my posts they crash my computer. They have the ability to shut off my security at log on and go into the DOS and run simultaneously with me when I log on."

Several years ago, I never would have believed you. Now I do.

The world today... Orwellian indeed.


[edit on 5-1-2009 by Exuberant1]

I found these comments on the prisonplanet forum on this subject.
----------------------------------------------------------------------------


I woke up to this news, oh WTF!??

I am retired cop, I can assure you if they have this power they'l be keen to use it to get 'the figures' (arrest figures) up.

In modern UK policing, 'the figures' are all. ALL.

I don't think they will remotely hack, as mere knowledge they can do this will upset people to the tipping point.

But they will look at torrent networks for any UK IP addresses sharing 'assumed' protected content, it only has to be 'assumed' then they will get your name and address within half hour then you will be on a 'visit' one cold morning when you are still in bed.

My advice: Get a whole-disc encryption program that encrypts your hard drive from the boot-onwards. PGP Desktop has this facility, all my pc's are protected and if they take my pc's away to examine they will get jack and *snip*.

In the UK, you are obliged by law to hand over your encryption password, or you can be punished just as hard as if they found illicit content. The get-around is to 'share' (not for real -say you do and stick to that) half of your password with another person in your family, with each half unknown to the other. What this means in practical terms if that if one of you were lying about what your password was to frustrate their attempts to open your hard drives, the police could not ever prove who was lying... It is similar to the get-out for speed-camera tickets when you say you cannot remember who was driving... Just make sure you and your other family member get your story right now (about the password share) and stick to it no matter what the pressure they lay on you.

Another benefit of whole-disc encryption -it stops them booting your machine at any level and hence does not allow them to plant illegal porn on your drive -you bet your life they do that.

I urge any of you with any awkward content on CD/DVD, films etc to destroy them, now. Hard drives have come down in price enough for you to keep all your content on drives -fully encrypted of course. Leaving unencrypted CD/DVD's around is like giving them 6 feet of rope.

Re you web-browsing, get a sub to an encrypted network tunnel, I always recommend Steganos Internet Anonym VPN -Why? Because that company keep no records whatsoever of your browsing habits, indeed ALL they keep is the time you log-on, time you logged-off, beyond that, nothing. The authorities cannot beat these VPN systems. I find using it not too expensive, tbh beating these bastards costs a wee bit of money but if you are discussing ANY kind of dissent with the NWO you need to get-off their electronic radars now.

Get onto this today, now. I worked alongside a new breed of 'career cop' who are 100% job-first, people second. They do not give a rats arse about civil liberty.

-----------------------
====
Mod Edit: No profanity, please, not even acronyms or stars
Mod Edit: Profanity/Circumvention Of Censors – Please Review This Link.



[edit on 1/5/2009 by Badge01]

and this next one
--------------------


Further to my previous advice here (was on encryption)

If anyone in your family should be arrested by the state over computer use, then this will help:

Each individual member of the family should totally deny ever using torrents to download ANYTHING illegal, say to the cops that someone else in the family may do it, but that you don't know who -stick to that story no matter what each of you, it is mostly impossible for them to know who is operating your unattended programs or downloads. Deny any knowledge of illicit content on the pc, no matter how incredulous this may sound the police cannot prove otherwise. Download some free and open content (eg movie trailers) from time-to-time, so that if they ask what YOU download, you can give examples -but always be vague...you are under no obligation to have a perfect memory no matter how hard officer jackboot shouts or how scary the threats. Always expect to be told 'another family member has blamed you' -that is a classic police interview trick to catch you out.

If everyone sticks to this 'story' NO MATTER WHAT, then the police are screwed allocating blame. Yes, they may ultimately confiscate the pc, but no-one gets prosecuted or set-up. They cannot hang you all on presumption of shared guilt...

If questioned on you browsing habits, just say that you cannot remember, that the others in the family are the geeks... -again, they cannot prove you cannot remember, they are screwed. Police try to catch you on 'micro detail', that is going back over your story time and time again looking for small detail changes -block that by being openly forgetfull and vague at all times.

Remember, none of the above has to be reality, you could be the only one in your family that uses a pc, but if you all have that story rehearsed properly, and are aware of police interview techniques, then you will be very hard for the state to harm by this route.

reply to post by verylowfrequency

---

although a sledge does work, might I suggest drilling the harddrive as well.

2-3 holes does the trick.

Cheers,

Camain