Symantec ThreatCon
Nov 15 2005 12:30AM
Symantec ThreatCon
Search: Home Bugtraq Vulnerabilities Mailing Lists Security Jobs Tools
(page 1 of 7 ) next 
Stealing the Network: How to Own a Continent

By Kevin D. Mitnick, et al
Published by Syngress
ISBN: 1931836051   Buy Now!
Published:May 2004

 About the author
 Buy the book

Chapter 4

A Real Gullible Genius

CIA agent Knuth had been very insistent when he recruited Flir. He needed personal student information, including social security numbers, and, as an agent for a non-domestically focused intelligence agency, didn't have the authority to get such from the US government. He did, on the other hand, have the authority to get Flir complete immunity for any computer crimes that did not kill or physically injure anyone. The letter the agent gave Flir was on genuine CIA letterhead and stated both the terms of the immunity and promised Flir significant jail time if he disclosed any details about this mission.

Flir was a 16-year-old sophomore at one of the nation's best technical colleges, Pacific Tech. A professor had recruited him the previous year to solve some grant-funded physics problems. This was a rare thing to happen to any undergraduate and an extremely rare thing to happen to a 15 year old. You could call him a real genius.

While Flir's mind had a very rare intelligence, as the mind of a 16-year-old genius, it also possessed a gullibility that wasn't rare among 16 year olds or geniuses. So he never even suspected that Knuth wasn't a CIA agent - he just asked for a pair of powerful, extremely thin laptops with the top of the line network cards and went to work.

Flir wasn't the kind of hacker depicted in most movies. He wasn't omniscient, but that wasn't really what hacking required. He was smart, understood computers fairly well, and was creative. The only real difference between a hacker and a really knowledgeable technologist was attitude. A hacker thought somewhat more critically about the technology, tried to understand what wrong assumptions people made in their implementations, and exploited these for his benefit.

He had chosen a handle quite simply. It was the acronym for "forward looking infrared", a capability on the Comanche helicopter that allowed it superior reconnaissance at the time of its creation. Like most hacker handles, Flir chose it primarily because he liked the sound of it and later reasoned that hackers should look at technology from multiple perspectives, seeing details and flaws that others would miss.

"Well," he thought, "if I have to get social security numbers, a college campus is definitely the best place to do it." Colleges in the United States, like many companies and government agencies, used social security numbers as unique personal identifiers. At almost every school, they called it your "student ID number." It didn't matter that this violated US law. It was simple and easy for students to remember and didn't require any creativity on the part of the school. It also saved a few bytes of storage, since the University didn't have to create a unique number for every student.

This simplicity, unfortunately, came at an extremely high cost. Using your social security number, an attacker could apply for credit cards in your name or access your account at most banks.

He could claim that you were disabled and apply for social security benefits. He could open bank accounts by mail. There was way too much that could be done with this supposedly secret number. In short, colleges should never have started using these numbers for identification. They should have generated a specific student ID that could be freely exchanged without allowing an attacker access to any non-University-related information. To do otherwise put students at risk every day, as most employees on campus had access to every student's social security number. Pacific Tech would learn very quickly how risky it was.

Excerpt continued on Page 2 

About the author
Jay Beale is a security specialist focused on host lockdown and security audits. He is the Lead Developer of the Bastille project, which creates a hardening script for Linux, HP-UX, and Mac OS X, a member of the Honeynet Project, and the Linux technical lead in the Center for Internet Security. A frequent conference speaker and trainer, Jay speaks and trains at the Black Hat Briefings and LinuxWorld conferences, among others. Jay is a columnist with Information Security Magazine, and is Series Editor of Jay Beale’s Open Source Security Series, from Syngress Publishing. Jay is also co-author the international best seller Snort 2.0 Intrusion Detection (Syngress, ISBN: 1-931836-74-4) and Snort 2.1 Intrusion Detection Second Edition (Syngress 1-931836-04-3). A senior research scientist with the George Washington University Cyber Security Policy and Research Institute, Jay makes his living as a security consultant through the MD-based firm Intelguardians, LLC.
(page 1 of 7 ) next 


Privacy Statement
Copyright 2005, SecurityFocus