originally posted by: VoidHawk
You clearly have no understanding of how he achieved the hack or why he has no evidence.
First the hack was as SIMPLE as you logging onto your own PC, why? because most of the computers he hacked into still had the DEFAULT
username/password logins. That alone should embarrass the hell out of the people responsible for there security. Also it meant he did NOT have to
damage the computers software meaning he didnt create millions of dollars worth of damage.
He was on a dialup modem and he was looking at images and documents that were 100's of megabytes in size so he was unable to download them, instead
he made them display on the screen of the PC he'd hacked into, then he told that pc to send him a (low res) screen shot, and because he was on a
dialup even that took ages to download.
For all we know he may have had the proof you say you require, but it would have been taken when they arrested him!
Wanted to add my two cents..
I was in the USAF; had a Secret clearance and worked in various levels of Computer Communications.
Military computers are installed with images that are set to log into a Domain or LDAP. The log in must be created for you, there is no default user
In any organization, files that are meant to be viewed and modified by more than one client are stored on a file server, they aren't kept on the
local machine past memory.
Should the tmp file be written to disk for some reason you wouldn't be able to access it without a lot time and possibly the physical disk itself.
I have seen cases where files are kept locally then synced nightly, but that's typically JSL / AS400 for financial data sets (main frame / tape
libraries), not normal files for pcs.
If you were mining, you wouldn't want screen shots - you would want files - and the meta data they come with (creation vs modified). You wouldn't
inspect individual files, you would dump directories via scp/rdp to an "off shore" server or file sharing service.
With regard to viewing a remote desktop with a slow connection..
Most clients and servers have remote desktop capability pre-installed. If I had a desktop on my server I could view it in my terminal here via x11..
Windows has Remote Desktop/Help for clients and servers. If the image had remote desktop removed, there are apps to install. All remote desktop
software has the ability to forward in low-res, low color.
Military networks will likely have a inbound/outbound "sniffer" installed in front of the firewall / load balancer. It's a physical device that
will record any traffic that triggers it and resolve any proxy-to-proxy concerns in detail - furthering why nobody "hacks toward themselves" - they
send it to an off shore service - then connect to that for the files.
Furthermore, a download creates a direct connection, his address would be in the file server's access log and the firewall's access log.
- There is no "default user pass" on military computers.
- Files like the ones mentioned aren't kept on local machines.
- You don't need or want Remote Desktop regardless of connection speed.
- Most Remote Desktop apps are already set to default low-res (1024 by 768, 256 colors).
- You don't want screen shots, you want files and meta data it comes with.
- If you downloaded anything, you created a direct connection that was logged in multiple places.
I don't believe this guys story - it doesn't add up for multiple reasons.