Thursday, March 09, 2006

The day I got cracked...

I hate crackers... they are mostly unethical and bring bad name to us hackers. Hackers are not the ones who break into the system and do some random hollywood movie stuff. The crackers do. They are not heroes... they are the worst villians because they dont know the consequences of their action. They are mainly script kiddies... let me explain. A hacker is mainly a hard core coder who delves deep into the code, sometime backend of webservers, find a vulnerability and publish the code in public so that anyone having a similar security hole will patch it. A cracker is one who gets this code and runs it on some website and cause mayhem. Why this sudden outburst? Well one of the comps in my lab got hacked... (will go with the lingo rather than the word cracked)

Frankly speaking those comps were anything but secure. It was running an ancient apache 1.3 webserver which got cracked. The sshd was also targeted but the attack on the ssh server was not really successful, although their failed attempts to hack into ssh server did give me a lot of information about the hackers.

Yesterday night the department's computer administration was informed by university's conmputing and media services about a possible security breach. The point of attack was located and was immediately hooked off the net. I ran a few post mortem scans on the computer. The logs were full of port scan reports, and the ssh logs were shouting about a possible security breach. It is really not a rocket science to detect these intrusions from the log files. The attempts were from the few ips who were trying all the common login names and password combinations. A whois on the those ip showed that the attacks were launched from Univ Of california, Berkeley, Univ of central lancashire, UK... and some private domains in Germany and Korea. Now either those computers had been hijacked or there is a student in the residence halls of those univ who is going to be in trouble. The logs have been passed to the abuse prevention department of the respective universities.

I personally feel really ashamed of myself that it happened in one of my labs. It's security probably never concerned me because there was no confidential information stored on it whatsoever. The hackers gained root access due to a vulnerability in the php engine, installed an irc server and used it for file sharing.... which is ironical as we seldom log in as root. Their activity was immediately monitored due to the spike in bandwidth usage, so a disaster was avoided.

I learnt my lesson... never underestimate the stupidity of a stupid person and dont be too optimistic about humans.

No comments:

Post a Comment