Police set to step up hacking of home PCs, page 6
Pages: <<  3    4    5    6    7    8  >>
ATS Members have flagged this thread 31 times


reply posted on 4-1-2009 @ 09:06 PM by v3_exceed
Originally posted by deadline527
v3,

Not exactly. There is a overflow which is exploited in the SVCHOST service, and shellcode is then wrote into the buffer and executed. The shellcode is what actually creates the open port (could use 80, if needed to bypass firewall) and not the SVCHOST service.

That exploit is a real vulnerability that worked on all Microsoft operating systems up until about a month ago. SVCHOST doesn't have any open ports, but it doesnt need any either. By sending a malformed rpc packet you are able to overflow the buffer and actually create your own portbind shell on whatever port you deem necessary.

No disinfo here. Totally plausible and while it was zero day it was pretty much a guaranteed way to get into a Microsoft system. Your system could have zero open ports and it would still work.


Hey again,
For the sake of clarity, I wasn't suggesting that you were providing disinformation, sorry if I came off that way.

From what I gathered, the computer would have to actually run the .pl file to complete the circuit to allow the hack to operate. (this wouldn't be that hard to hide on a webpage or other script that would call it by the way)

The reason I say this, is that if my computer is sitting on the net, behind a NAT firewall, then any direct access to my external ip would meet my firewall and my computer would not even see the attempt to access it. Without a hardware firewall the point is of course moot. Software firewalls are "paper condoms" and should not be trusted. without any forwarded ports my computer may as well be invisible until I try to visit a webpage or such.

As with most firewalls, all outbound traffic is typically allowed, and once an outbound connection has been made, traffic back via that same conduit is allowed. So essentially if police were to require access to a computer, they need only to convince a person to make an outbound connection to a known point, probably "Click here to see the pedo alert on your neighbor" or something to that effect. Then access the backdoor, a similar .pl file or some other program. (*cough gotomypc.com...cough) Otherwise, I'm not sure how an externally initiated connection could bypass NAT.

I try not to code in perl or shellscript whenever possible so that might be where I'm lacking the answer. In any case, we can prove that police and others CAN in fact access your machine, the hoops they would need to go through would vary depending on your level of paranoia and expertise but it IS possible.

Thanks for reading
..Ex



reply posted on 4-1-2009 @ 09:55 PM by v3_exceed
reply to post by ANNED



Hey hey,

Ok I think we are both correct in this case. In your case you are hitting an exploitable service, which is allowing unfettered access to the computer. This proves that the police could also do something similar. (Maintaining thread integrity)

In My case I'm referring to a network, with several computers behind a hardware firewall providing Network Address Translation. There is no Svchost service running on the firewall, thus the exploit is ineffective without a user taking some action to initiate it. This doesn't in any way suggest that the system behind the firewall is un-exploitable.

If I have say 5 computers behind my NAT router, and the ip that is externally bound to the firewall is attacked, it's not possible for the services that are on one of the computers to be exploited in this fashion. How would the exploit know which system it was accessing. This is the very nature of NAT.

However if any one of them were to make an outbound connection to an exploit, then that system could easily be compromised. So again, I agree we are botch correct. I only wish more people on the internet were as astute, we'd have much less spam, and far less zombies

Cheers.
..ex


reply posted on 4-1-2009 @ 10:07 PM by v3_exceed
Originally posted by Drexl
If they were to show the judge that they obtained this incriminating information from your PC via some clandestine remote connection/ back door to your system , would that then not imply by virtue of this said backdoor that they had the capability to plant this information on your computer in the first place , thus making any use of any kind of information gathered this way as inadmissible ?


Sadly no. When the police question you, even if they lie to you it is still admissible. When the police currently arrest you, they can plant anything they would like, and you are still suspect until you can show it wasn't yours. (I know its backwards to innocent until proven guilty.)
eg:
A 15 year old kid was reported by yahoo to the police for uploading child porn to a yahoo group. Yahoo cited the kids IP and the police seized his computer and ran him through the mill. 2 years later it was finally discovered that a stealth ftp program was installed on his computer and he was simply being a mule for the dirtbags. Even though he was innocent the whole time, he was still ran through the system, completely messed up his life and destroyed his childhood.
(I saw this on an episode of 60 min or their competitor)

The moral of the story is that you need to protect yourself (hardware firewalls), by being aware of what is running on your system. Several apps will show you what is going on tcpview pro is good, or if you simple open a command prompt and type "netstat -an" with no quotes you'll see whats connecting on which ports.
Then google the port and you will have a better idea what is going on. (not fool proof, as bad apps can dictate their own ports. So ftp isn't always on 21/20)

..Ex



reply posted on 5-1-2009 @ 12:26 AM by deadline527
Originally posted by v3_exceed
reply to
post by ANNED



Hey hey,

Ok I think we are both correct in this case. In your case you are hitting an exploitable service, which is allowing unfettered access to the computer. This proves that the police could also do something similar. (Maintaining thread integrity)

In My case I'm referring to a network, with several computers behind a hardware firewall providing Network Address Translation. There is no Svchost service running on the firewall, thus the exploit is ineffective without a user taking some action to initiate it. This doesn't in any way suggest that the system behind the firewall is un-exploitable.

If I have say 5 computers behind my NAT router, and the ip that is externally bound to the firewall is attacked, it's not possible for the services that are on one of the computers to be exploited in this fashion. How would the exploit know which system it was accessing. This is the very nature of NAT.

However if any one of them were to make an outbound connection to an exploit, then that system could easily be compromised. So again, I agree we are botch correct. I only wish more people on the internet were as astute, we'd have much less spam, and far less zombies

Cheers.
..ex




Totally understood and 100% agree.

People really should use NAT + Firewall in order to protect their PCs from many of the problems that plague the internet today. You are correct that the scenario I posted would only be available if the computer is the DMZ or the host which receives inbound connections, which although constitutes most of the PCs that home users may use. I currently use a hardened version of Linux, stripped bare pretty much other then essentials, to act as a firewall and first line of authentication. So far it has worked quite well, and with Snort acting as the IDS, I am able to take quite a in depth view of packet analysis and what may be connecting to my system either through TCP, UDP, or any other form of packet received.

And I agree that most people are quite ignorant in terms of security, and that is the reason for so many of the problems with todays internet. If people even took basic measures at securing their systems and networks, the amount of zombie systems, distributed attacks, and hosts used to hurl spam throughout the internet would be minimized.

Either way, very good posts and glad to meet you.


reply posted on 5-1-2009 @ 12:33 AM by EnigmaXD
Originally posted by sty
reply to
post by deadline527



i agree with you , also i believe that the punishment is disproportionate too as the main issue was the poor security of the US institution. I expected heads to fall in the US not in the UK!!


While bush lights up a smoke with U.S government bonds. In my opinion, what if this matter is about finding Rogue coders plotting for a potential cyber attack on the UK or US?

I remember reading how vulnerable are Cyber infrastructure really is. It is weak enough for a potential attacker to take down an electrical grid, fry some computers, and leave us stuck back in the stone age.

News source: U.S fails to withstand mock Cyber attack-Fox News


reply posted on 5-1-2009 @ 03:46 AM by Anonymous ATS
If this plan for intrusion without a warrant becomes Law, then it will be completely abused - as recent history has shown.

In the UK laws brought in a handful of years ago under the guise of being anti-terror - with assurances that they would never be used for any other purpose - have been abused to prosecute for offences as trivial as the wearing of a t-shirt bearing a slogan which insults Tony Blair, or daring to protest peacefully outside political conferences.

When local councils were granted permission to bring prosecutions using those same anti-terror laws, they abused the privilege by using it to monitor and prosectute people for allowing their dogs to foul pavements or park their cars in the wrong place.

The most worrying thing about this was just quickly - and how eagerly - the anti-terror law was adopted for use against citizens who were clearly not terrorists and were not involved in terrorist activity. So to think the situation will be any different and more restrained with this computer hacking law is nothing short of idiocy.

In the UK the Labour governemnt has ensured that rather than the Police serving to act primarily as a Police Force, they now serve to meet stringent targets for arrests. You only have to read blogs by Police Officers to see how this has led to a culture of prosecution for the most mundane and trivial offences - because when aiming for the targets, an arrest is an arrest.

Situations that in previous decades would have warranted nothing worse than a "word of advice" or a dressing down from a Police officer have routinely become automatic arrests. How much easier is it going to be to hit (and surpass!) these arrest targets under these new hacking plans? The Police would probably find a week's worth of "offendors" in a morning's hacking session. And they will.

What a warrantless hacking will lead to is a culture of Police officers trawling home PC's ooking for easy pickings, rather than focusing on serious cyber-criminals.

There is no reason or justification for this hacking to be allowed without a warrant. It's that simple.


reply posted on 5-1-2009 @ 04:21 AM by Exuberant1
reply to post by Siren



"They are already in my computer. If they get really pissed at my posts they crash my computer. They have the ability to shut off my security at log on and go into the DOS and run simultaneously with me when I log on."

Several years ago, I never would have believed you. Now I do.

The world today... Orwellian indeed.


[edit on 5-1-2009 by Exuberant1]


reply posted on 5-1-2009 @ 04:30 AM by songthrush
I found these comments on the prisonplanet forum on this subject.
----------------------------------------------------------------------------


I woke up to this news, oh WTF!??

I am retired cop, I can assure you if they have this power they'l be keen to use it to get 'the figures' (arrest figures) up.

In modern UK policing, 'the figures' are all. ALL.

I don't think they will remotely hack, as mere knowledge they can do this will upset people to the tipping point.

But they will look at torrent networks for any UK IP addresses sharing 'assumed' protected content, it only has to be 'assumed' then they will get your name and address within half hour then you will be on a 'visit' one cold morning when you are still in bed.

My advice: Get a whole-disc encryption program that encrypts your hard drive from the boot-onwards. PGP Desktop has this facility, all my pc's are protected and if they take my pc's away to examine they will get jack and *snip*.

In the UK, you are obliged by law to hand over your encryption password, or you can be punished just as hard as if they found illicit content. The get-around is to 'share' (not for real -say you do and stick to that) half of your password with another person in your family, with each half unknown to the other. What this means in practical terms if that if one of you were lying about what your password was to frustrate their attempts to open your hard drives, the police could not ever prove who was lying... It is similar to the get-out for speed-camera tickets when you say you cannot remember who was driving... Just make sure you and your other family member get your story right now (about the password share) and stick to it no matter what the pressure they lay on you.

Another benefit of whole-disc encryption -it stops them booting your machine at any level and hence does not allow them to plant illegal porn on your drive -you bet your life they do that.

I urge any of you with any awkward content on CD/DVD, films etc to destroy them, now. Hard drives have come down in price enough for you to keep all your content on drives -fully encrypted of course. Leaving unencrypted CD/DVD's around is like giving them 6 feet of rope.

Re you web-browsing, get a sub to an encrypted network tunnel, I always recommend Steganos Internet Anonym VPN -Why? Because that company keep no records whatsoever of your browsing habits, indeed ALL they keep is the time you log-on, time you logged-off, beyond that, nothing. The authorities cannot beat these VPN systems. I find using it not too expensive, tbh beating these bastards costs a wee bit of money but if you are discussing ANY kind of dissent with the NWO you need to get-off their electronic radars now.

Get onto this today, now. I worked alongside a new breed of 'career cop' who are 100% job-first, people second. They do not give a rats arse about civil liberty.

-----------------------
====
Mod Edit: No profanity, please, not even acronyms or stars
Mod Edit: Profanity/Circumvention Of Censors – Please Review This Link.



[edit on 1/5/2009 by Badge01]


reply posted on 5-1-2009 @ 04:31 AM by songthrush
and this next one
--------------------


Further to my previous advice here (was on encryption)

If anyone in your family should be arrested by the state over computer use, then this will help:

Each individual member of the family should totally deny ever using torrents to download ANYTHING illegal, say to the cops that someone else in the family may do it, but that you don't know who -stick to that story no matter what each of you, it is mostly impossible for them to know who is operating your unattended programs or downloads. Deny any knowledge of illicit content on the pc, no matter how incredulous this may sound the police cannot prove otherwise. Download some free and open content (eg movie trailers) from time-to-time, so that if they ask what YOU download, you can give examples -but always be vague...you are under no obligation to have a perfect memory no matter how hard officer jackboot shouts or how scary the threats. Always expect to be told 'another family member has blamed you' -that is a classic police interview trick to catch you out.

If everyone sticks to this 'story' NO MATTER WHAT, then the police are screwed allocating blame. Yes, they may ultimately confiscate the pc, but no-one gets prosecuted or set-up. They cannot hang you all on presumption of shared guilt...

If questioned on you browsing habits, just say that you cannot remember, that the others in the family are the geeks... -again, they cannot prove you cannot remember, they are screwed. Police try to catch you on 'micro detail', that is going back over your story time and time again looking for small detail changes -block that by being openly forgetfull and vague at all times.

Remember, none of the above has to be reality, you could be the only one in your family that uses a pc, but if you all have that story rehearsed properly, and are aware of police interview techniques, then you will be very hard for the state to harm by this route.


reply posted on 5-1-2009 @ 05:35 AM by camain
reply to post by verylowfrequency



although a sledge does work, might I suggest drilling the harddrive as well.

2-3 holes does the trick.

Cheers,

Camain
Pages: <<  3    4    5    6    7    8  >>    ^^TOP^^



Russian scientists reach buried Antarctic Lake Vostok
  Posted 4 days ago with 83 member flags
Monsanto quits as GM results announced (EUROPE)
  Posted 5 days ago with 72 member flags
Strange noises reported around North Battleford
  Posted 16 days ago with 67 member flags
Ayatollah: Kill all Jews, annihilate Israel
  Posted 4 days ago with 49 member flags

Newest topics getting replies, in real-time:

Greetings from a Dying Man
  Introductions, Posted 10 hours ago, 88 replies
Alien Grey caught in photo ?
  Aliens and UFOs, Posted 12 hours ago, 70 replies
Pass Me My Rifle
  World War Three, Posted 16 hours ago, 57 replies
Iran sent pink drone to Obama
  World War Three, Posted 17 hours ago, 40 replies