Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What Can Illegal Hacking Do For MY Business?

sllort (442574) writes | more than 11 years ago

Security 19

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

Slashdot has an interview with security legend Fyodor, admin of the famed insecure.org and author of the world's most affordable port scanner, nmap.

The best part of this interview is that Slashdot does not often interview criminals. Many Slashdot readers know that Fyodor used his tool to illegally attack a college student in 2002, for his personal amusement but also to the benefit of Slashdot's admins. For those that don't know the story, I will present a brief summary.

*Those individuals interested in independently verifying the facts presented in this article should skip to the "Verification" section near the end.

Sdem had created a hoax account entitled electricmonk, and used it to post this comment pronouncing that he was actually a cute Linux booth babe. "electricmonk" left an email at Yahoo and encouraged Slashdot readers to get in touch.

Fyodor proceeded to do so, boasting of his previous exploits with women he'd met online. He was even helpful enough to attach a picture.

This is where the story turns ugly. Sdem responded with a truthful email, in which he advised Fyodor that the whole thing was a hoax. After that, sdem posted a log of his exploits to sid=20721 (trolltalk), mentioning that he had tricked Fyodor and referring to many of the biters as "wankers". This apparently really set Fyodor off, and he began to plot criminal revenge.

First, Fyodor dug through insecure.org's referrer logs to find what IP address had requested the picture of Fyodor & his paramour. Using this information (and the logged User-Agent), Fyodor knew from the get-go Sdem's IP address and O/S. From this point, he launched nmap against Sdem's box and was greeted with the holy grail of sorts for BlackHats: an open X windows server on port 6000.

Sdem had been running an X-windows server for Windows on his Win2k box. Fyodor was able to bypass the authentication on the X-windows server and used the X-windows server to take complete screen captures of Sdem's machine whilst sniffing and recording keystrokes.

Fyodor proceeded to take hours worth of screen captures, including information on a "secret troll irc server" that sdem was using. Fyodor wrote a detailed writeup of what he observed, including an irc robot used on the server to detect new Slashdot stories for the purpose of early posting. Fyodor also mined and posted as much information about Sdem as he could find, including his real name and contact information. Jamie McCarthy used this illegally obtained information shortly after it was posted to log on to the irc server, monitor the bot, and modify Slashdot in order to break the story monitor.

Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected.

After he was done hacking Sdem's computer, Fyodor posted his screen captures and a log of his breakin to www.insecure.org/tmp/trolls. The content was removed 24 hours later. He went on to boast in sid=20721 about his "troll hunting finale". While sid 20721 is regularly cleaned, a cache of Fyodor's boasting about his illegal break-in is available here. Very interesting reading.

So, while Fyodor's interview is no doubt very interesting, I think that, as an accomplished (and due to the lack of prosecution very successful) criminal, the nature of questions given to Fyodor in the interview don't do justice to the type of expertise this man has in illegally penetrating computers across state lines and getting away with it. I'm sure that many companies would like to have a man of this caliber at their disposal in order to infiltrate and destroy their competitor's IT infrastructure.

Of course, no sane person would use this man's software without compiling it from inspected source, given his history. Fortunately the folks at Redhat pore over his code with a fine toothed comb before including it in their distribution, so if you've ever wanted to peer into the mind of a madman, I encourage you to take a look at Redhat's copy of nmap.

Also if anyone has a cached copy of fyodor's insecure.org/tmp/trolls page, please let me know in the comments so we can get it hosted. This particular piece of sordid Slashdot history just became more relevant.

Additional reading:
Sdem's account of the incident
Trolltalk cache, circa break-in
Cache of Fyodor's "Troll Hunting 101" from www.insecure.org/tmp/trolls

Verification:
Above are caches of both Fyodor's bragging about the break-in on his web site, and his bragging in a Slashdot comment about having hacked Sdem. Numerous people witnessed this and have posted comments in my following journal entries certifying to the veracity of these mirrors. To date, no one at Slash Team and no one at insecure.org has denied it. Nor will they; they have almost certainly been advised by legal counsel not to speak about it in public.

That said, any journalist or researcher wishing to pursue this story may wish to take additional steps. The Slashdot editorial staff was well aware of this story when it happened. Jamie McCarthy used Fyodor's information to penetrate the irc server Fyodor discovered and attack the irc bot he found there. Jamie McCarthy and Michael Sims are both aware of the details surrounding this incident and can confirm their recollection and involvement in the incident by email. Their email addresses are easily available to a curious researcher so I won't bother repeating them for spam robots, but suffice it to say that asking Jamie the question "did you see Fyodor's page on his web site in which he took screen captures from a hacked trolls computer" will probably yield you positive confirmation. There is the possibility that they won't want to involve themselves for legal reasons, but I doubt it. Jamie is historically honest to a fault and forthcoming when approached with a legitimate question.
So, if you're a doubter, email the Slashdot editorial staff. Fyodor is a Black Hat, and the eds know it.

cancel ×

19 comments

Sorry! There are no comments related to the filter you selected.

Sir, (-1)

TRoLLaXoR (181585) | more than 11 years ago | (#5940905)

I applaud this effort.

I also promise information soon: I am working to remake old connections that harbor juicey data concerning this fraudulent "white hat" hacker.

IMDDV. (0)

Anonymous Coward | more than 11 years ago | (#5941914)

Ich Mit Diesem Diary Verstanden.

I've got skills too! (0)

Anonymous Coward | more than 11 years ago | (#5942778)

So it sounds like this whole "expertise in illegally penetrating computers across state lines and getting away with it" amounts to:

/usr/X11/bin/xwd some.ip.address

How do you even consider this a "break-in"? Isn't running a completely open X server a lot like putting your private documents on anonymous FTP and then screaming bloody murder when someone finds them? Do you have any reason to believe fydor actually did anything to Sdem's box? Maybe he was lucky to be informed (if embarrassed) rather than being exploited by someone else.

At least your story is amusing. Pointing to '98 versions of his web page was vary clevar! It doesn't exactly help you look unbiased though.

Does anyone have Sdem's IP? If I use my 31337 xwd t3kn1k, will you write a long diatribe about my Mad Sk1llz?

Re:I've got skills too! (0)

Anonymous Coward | more than 11 years ago | (#5944307)

Authentication bypass is a little more elaborate than connecting to an open X server. You should read the details.

No one was ever entirely sure how Sdem's box was initially compromised. Fyodor alluded to an "insecure sshd version" in an email he sent. Who knows if this is truth or red herring.

Go Away Fyodor (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5944318)

Stupid asshat. you just gave yourself away with that xwd comment. We're on to you, and as soon as we can get an FBI agent to listen to us, your ass will be as wide as the goatse man's after you go to prison.

Super secret IRC server? (1)

t0qer (230538) | more than 11 years ago | (#5948436)

Where can I join?

There is no secret IRC server (0)

unterderbrucke (628741) | more than 11 years ago | (#5948715)

It's all lies.

Re:There is no secret IRC server (0)

Anonymous Coward | more than 11 years ago | (#5948998)

Do you like me?

No (0)

unterderbrucke (628741) | more than 11 years ago | (#5950037)

I don't like people whose names they don't know, unless they're funny. You aren't (yet).

Re:No (0)

Anonymous Coward | more than 11 years ago | (#5951259)

Fine. I don't like you either, groin loiterer.

Re:No (1)

AnimeFreak (223792) | more than 11 years ago | (#5952871)

I am funny, right?

Correct (0)

unterderbrucke (628741) | more than 11 years ago | (#5953338)

If you're on my friends list, it generally means you're smart and funny, or you have me on your foes list and I want to piss you off.

Troll (0)

Anonymous Coward | more than 11 years ago | (#5949776)

Now here is a troll that old opensourceman can be proud of. Old timers might even remember the incident I am talking about.

Re:Troll (0)

Anonymous Coward | more than 11 years ago | (#5950069)

The difference between this and OSM's fucking stunt is that this one is true. Don't spam the eds with email. If you do get a response from the, post it.

Can we all coordinate on this? (-1)

Real World Stuff (561780) | more than 11 years ago | (#5957292)

Perhaps the FTSO.ORG irc server.

Archive from Fyodor's site: (0)

Anonymous Coward | more than 11 years ago | (#5957488)

here [lycos.co.uk] . Go take a look.

Hey Sllort... (1)

Eazy-N (215511) | more than 11 years ago | (#5965975)

..please check your 'Operation Mongoose' email.

You will find something hopefully to your advantage therein.

Maintenance post. (0)

Anonymous Coward | more than 11 years ago | (#5995767)

Hello.

Re:Maintenance post. (0)

Anonymous Coward | more than 11 years ago | (#6036397)

Maintenance post #2.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?