PDA

View Full Version : How to hack! Personal experience discussion of cases of cyber hacks and attacks



Vitalux
10th September 2013, 15:16
Many years ago, I use to hang out in college with a group of computer nerds that were great at hacking and causing havoc on the internet.

I wanted to start this thread to demonstrate how easy it is to set up a non suspecting human, and completely destroy ones reputation and life.



Date: Around 1999

software-malware used : Sub7 (http://en.wikipedia.org/wiki/Sub7)


One night a small group of students at a local University, used a program called Sub 7 and hacked into a young girls computer. :ranger:
She was about 18 years old and lived in another part of the world.

What had happened is that she received an email that had a kind of virus, that had a clickable link or photo. :typing:
Once she clicked on the link her life had forever changed.

Once the link was clicked on, she had inadvertantly installed a special program on her computer that allowed the Sub7 program to gain full access to her computer.
I was amazed as I watched how easily it was for us to browse the files on her computer. In her computer we could easily see every single password she had saved on her computer.
Sub7 also had a key logger and we could watch every keystroke and view every thing that she was doing on her screen.

From this platform we could download anything from her computer or upload anything we wished onto her computer. We could also command her computer to visit anywhere on the net we wished her computer to go. Yes, we were using her computer IP address to hack other sites in this demonstration.

In malicious fun, I watched how the student, downloaded images from the girls computer and using photoshop, photoshopped her face onto similar nude images of a girl who looked a great deal like her, and then proceeded to hack into the girls hotmail ( because he easily knew all her stored passwords) and then sent out a mass email to all her friends announcing that she wanted to be a porn star.

The final blow was that they changed the desktop image on her computer, to a sexually explicit nude image portraying her image onto her desk top wall paper.

Than deleted the sub7 program from her computer, before cleaning up as much evidence of the intrusion.

The poor girl would have been at a total loss to explain to her friends as to how such an event could possibly occur and I can only assume that some of her friends would not have believed that she was hacked.

I know of several stories relating to how easy it is to prank or hack systems.

I am just posting this thread as a hack discussion to show that anything is possible and it is very easy for anyone to set up anyone to look like the fall guy.


Note : I am not a hacker nor do I advocate people to do this. As most people know, most computer programmers know quite a bit about hacking, because in order to be able to make your computer safe, you have to have an understanding of what capabilities exists for hackers.

In the above story, no persons were ever caught and that was more than 13 years ago.
I assume that it is probably just as easy to screw someone now, as it was then.

Please don't shoot the messenger of this post. I am only being honest and expressing an experience I had while I was in school more than 13 years ago.
In the group I associated with there were kids that were geniuses in knowing how to do this. I am expressing my thoughts as an observer.




Anyone else have any stories of the past they know of?

I probably have at least 50 tales I could tell.


below image of sub7 interface

http://www.commodon.com/images/sub7_pword.jpg


Moral of the story: You can never be too sure about anything. :confused:

TargeT
10th September 2013, 15:21
things have VASTLY changed since 1999 (that was my first year of professional IT work) these types of things are very very very hard to do now, especially since the IT industry has been laser focused on "cyber security" for the past 9 years or so...

I had to take a test that took 8 hours and cost thousands of dollars just to hold the position I hold now; but not only are the IT staff being held to higher standards, so is the software everyone uses.

In the IT world 14 years is ancient history; something you nostalgically look back on and laugh about. (read Moores law (http://en.wikipedia.org/wiki/Moore's_law)to understand why this is)

Vitalux
10th September 2013, 15:35
Thanks TargeT

than it is a good thing that I started this post.:tea:

Many among the masses are not too familure with how computers historically can be and have been hacked.
Or what are the capabilities of things that hackers can do.
Most just experience a computer virus where they get pop-ups or email worms showing advertising.

I have no doubt whatsoever, that Microsoft can wander into any computer it wishes to scan.
I also have little to no doubt that government agencies such as the NSA (http://en.wikipedia.org/wiki/National_Security_Agency) along with a host of other technological security institutions would have the same intrusion capabilities.

To think otherwise, would be completely naive.

Lefty Dave
10th September 2013, 16:15
Thanks for this post...years back I would go to a website and suddenly my pc would freeze up...would have to reboot...and sometimes more than once...to get it to work properly again...don't know it that is considered being 'hacked'...but it was a pain in the posterior !
I would like to ask you all's input on a discussion I was having with our city utilities director this week. We were forced to put smart meters on our homes last year, now we're being forced to put them on our water intakes...and I questioned her on just how much is too much rf microwave radiation....and if the implementation of these devices would make us more vulnerable to hackers who could disrupt a cities' power or water use...she replied that it couldn't happen...and my mind said "HUH?"...isn't the signal they are pulsing going out into the 'airway' in order to get to the cell tower...then to their receivers...how could it NOT be vulnerable? But alas, I am only one step above ignorant when it comes to computers, so I thought I'd ask you'all...
Could smart meters be hacked ?
end of line.

Sidney
10th September 2013, 16:23
It makes me want to sell my laptop and use the library for internet. I have considered this in the past and I truly think that technology has become such a paradox in our lives. We are gifted with something that can broaden our horizons, then destroy our lives in a day. Like everything else in our world....Upsidedown.

Vitalux
10th September 2013, 16:31
Nice post Lefty Dave

I'm glad that you brought this into the discussion.

I have no doubt that smart meters can be hack, or at least the signal which is being emmitted from the meter unit on the house being intercepted and the information pertaining to your personal usage be observed.

By knowing the flow rate, vs time of day one could easily compose a knowing of what activities are being done in that home.
For example, folks down at the water utilities would have an idea of how many times folks are having a shower, or watering their lawn or using various volumes of water.

This is specifically problematic for example to people that run indoor marijuana grow operations.

Inside the house, timers are attached to high wattage lighting that turn on and off at specific time period during the day or night.
By a power utility company simply knowing the flow of electricity over a given moment of time, they would have little effort in compiling a list of suspected marijuana grow operations within their customer base.

On another note, it might ( as I am unsure) that a hacker could hack a digital system and manipulate the data and the result is one might get an astronomically high water or electricity bill.

Once again, it would be hard to argue with the utility company to prove your innocence if the data they were showing, showed that you used a megawatt of electricity last month and were demanding that you paid the $25 thousand dollar utility bill, regardless of if you only were using a computer, toaster and night light.

jagman
10th September 2013, 16:32
Thanks for the thread Vitalux. It's really great to have guys like you and TargeT around!
I love to learn.

TargeT
10th September 2013, 16:44
Could smart meters be hacked ?
end of line.

yes, they are able to remotely issue a service "cut off" though generally still require a physical visit (just a formality though, your power will be off); there absolutely is a vulnerability there.

I don't know about water, but I don't see why it would be different.


Forget RF, the real problem here is that your power is vulnerable... (IMO)



It makes me want to sell my laptop and use the library for internet. I have considered this in the past and I truly think that technology has become such a paradox in our lives. We are gifted with something that can broaden our horizons, then destroy our lives in a day. Like everything else in our world....Upsidedown.

easy fix:

the girl in this story was hacked mostly because she had her computer "always on"

when you are done with your computer, disconnect the internet or turn it off (disconnecting is better)

install a good fire wall (I use Zonealarm, it's free and very aggressive) and a good virus protection program; update both every time you use your computer (or set them to automatically do so) you're vulnerability foot print will shrink to nearly zero (though zero day software bugs are still a threat)

really "random" computers like yours are NOT a target of hacking unless they are "low hanging fruit" (ie not patched at all, have a huge list of vulnerabilities, no fire wall, no anti-virus etc...) and of course, never click links you are unfamiliar with or run programs you don't know about (though Zonealarm will assist with this since it controls all incoming and outgoing internet traffic).

toad
10th September 2013, 16:45
I lold when I opened it up and saw sub7. Thought this was a cached page from 1995.

Vitalux
10th September 2013, 16:53
Thanks for the thread Vitalux. It's really great to have guys like you and TargeT around!
I love to learn.

You are quite welcome. It is not too often one actually sees this kind of discussion on a forum, so I thought it would be good to bring it out of the closet and discuss it openly.
Oh I do realize that by doing so, I will be opening myself up to those paranoid schizophrenics who will accuse me of being the real mafia boy who hacked Google or the real uni-bomber but that is the nature of an insane world.

Many people hack various systems.
Many systems are actually hackable by design.

Take Microsoft Windows. We were taught in school that Microsoft originally made its product easy to pirate and copy.
They wanted the masses of the population to become so familiarized with the system that it would be the preferred system to use in business applications.

I'm quite certain that most of us know at least one person that has a pirated copy of windows XP or Windows 7 as their current desktop operating system.
In essence, they are using a hacked software.

There are a ton of sites on the internet that have software which is downloadable to their computer for free, that has included a patch or key generator that allows the individual to install the software without having to pay for it.

Many people probably are already familiar with download sites such as bit che or other popular torrent downloads.

However, like TargeT did say, security has come a long way in this day, and it is next to impossible to commit cyber crime without detection.
Like trying to pull a crank phone call from your home phone, the telephone company knows which telephone line ( phone number) called which telephone (phone number) and they ultimately know whose name is on the account of each phone line.

It can only be reason that on the internet we actually have a false sense of anonymity, due in part that every key stroke we make can be stored forever in a digital data base and tied directly to our personal computer, ISP and home location, just to scratch the surface.

CD7
10th September 2013, 20:13
ALL OF OUR EXISTENCE HAS BEEN HACKED-----HELLLOOOOOOOOOooooooooooooooo

Peace of Mind
10th September 2013, 20:36
A couple of months ago one of my PC's were hacked. It happened just after I made a comment about the history of the holocaust in this forum. Someone was literally inside the PC looking around...as I couldn't control anything while I watched the mouse cursor go in and out the registry/folders/and drives. I just watched and laughed for a bit and then pulled the plug.

Fortunately, I never place really important information on computers, especially on ones I plan to use online. I can't say the issue started here or else where because I was multitasking and searching through a couple of sites. I immediately got the problem fixed and just took a break from the net for a while. Be very careful if you keep your financial records in your computer's/ tablets/ and cell phones.

Peace

toad
10th September 2013, 21:09
A couple of months ago one of my PC's were hacked. It happened just after I made a comment about the history of the holocaust in this forum. Someone was literally inside the PC looking around...as I couldn't control anything while I watched the mouse cursor go in and out the registry/folders/and drives. I just watched and laughed for a bit and then pulled the plug.

Fortunately, I never place really important information on computers, especially on ones I plan to use online. I can't say the issue started here or else where because I was multitasking and searching through a couple of sites. I immediately got the problem fixed and just took a break from the net for a while. Be very careful if you keep your financial records in your computer's/ tablets/ and cell phones.

Peace

LOL. These days you need to be pretty careless with problems as severe as that. Windows is pretty funny though.

I appreciate the attempt to bring this conversation forward, maybe what might be more productive then discussing an archaic sciddie tool but discuss some easy steps and advice to avoid such avenues that are generally made easy by most hackers threw social engineering and just careless interneting.

seehas
10th September 2013, 21:18
Many years ago, I use to hang out in college with a group of computer nerds that were great at hacking and causing havoc on the internet.

I wanted to start this thread to demonstrate how easy it is to set up a non suspecting human, and completely destroy ones reputation and life.



Date: Around 1999

software-malware used : Sub7 (http://en.wikipedia.org/wiki/Sub7)


One night a small group of students at a local University, used a program called Sub 7 and hacked into a young girls computer. :ranger:
She was about 18 years old and lived in another part of the world.

What had happened is that she received an email that had a kind of virus, that had a clickable link or photo. :typing:
Once she clicked on the link her life had forever changed.

Once the link was clicked on, she had inadvertantly installed a special program on her computer that allowed the Sub7 program to gain full access to her computer.
I was amazed as I watched how easily it was for us to browse the files on her computer. In her computer we could easily see every single password she had saved on her computer.
Sub7 also had a key logger and we could watch every keystroke and view every thing that she was doing on her screen.

From this platform we could download anything from her computer or upload anything we wished onto her computer. We could also command her computer to visit anywhere on the net we wished her computer to go. Yes, we were using her computer IP address to hack other sites in this demonstration.

In malicious fun, I watched how the student, downloaded images from the girls computer and using photoshop, photoshopped her face onto similar nude images of a girl who looked a great deal like her, and then proceeded to hack into the girls hotmail ( because he easily knew all her stored passwords) and then sent out a mass email to all her friends announcing that she wanted to be a porn star.

The final blow was that they changed the desktop image on her computer, to a sexually explicit nude image portraying her image onto her desk top wall paper.

Than deleted the sub7 program from her computer, before cleaning up as much evidence of the intrusion.

The poor girl would have been at a total loss to explain to her friends as to how such an event could possibly occur and I can only assume that some of her friends would not have believed that she was hacked.

I know of several stories relating to how easy it is to prank or hack systems.

I am just posting this thread as a hack discussion to show that anything is possible and it is very easy for anyone to set up anyone to look like the fall guy.


Note : I am not a hacker nor do I advocate people to do this. As most people know, most computer programmers know quite a bit about hacking, because in order to be able to make your computer safe, you have to have an understanding of what capabilities exists for hackers.

In the above story, no persons were ever caught and that was more than 13 years ago.
I assume that it is probably just as easy to screw someone now, as it was then.

Please don't shoot the messenger of this post. I am only being honest and expressing an experience I had while I was in school more than 13 years ago.
In the group I associated with there were kids that were geniuses in knowing how to do this. I am expressing my thoughts as an observer.




Anyone else have any stories of the past they know of?

I probably have at least 50 tales I could tell.


below image of sub7 interface

http://www.commodon.com/images/sub7_pword.jpg


Moral of the story: You can never be too sure about anything. :confused:

for common people the whole hacking topic is a tale, the tool you showed wasnt used by hackers these people are called "scriptkids".

these so called scriptkids dont know much about coding/cracking/network so they use stuff other people programmed to harm some john does.

real hacking is something pretty different, real hackers dont operate on window systems and move the mouse to the "LETS HACK" button.


graphical made systems are a prison for every hacker because it hinders you to do what you can on your own, instead the programmer dumbs you down to the stuff he made for you - thats why linux or unix based systems are popular in hacking communitys "debian" for example is opensource and the system is able to do what you are able to deliver.

operating systems like apple osx or microsoft windows are the totaly opposite of this but these are needed for "scriptkids" to klick on stuff someone made for them ;)

Violet
10th September 2013, 21:20
Thanks Vitalux for this contribution.

I'm not going to shoot the messenger, :cool: but I do hope you were able to bring some peace back into the life of this girl, knowing what you know.

That being said, is there a way that noobs can learn more about hacking so as to be able to monitor personal hardware for this type of activity? Preferably not in a way that suspicion might arise with on line "monitors" that we're setting up junior hacking careers :wink:

Many thanks in advance.

Peace & Bliss
:wizard:

toad
10th September 2013, 21:21
graphical made systems are a prison for every hacker because it hinders you to do what you can on your own, instead the programmer dumbs you down to the stuff he made for you - thats why linux or unix based systems are popular in hacking communitys "debian" for example is opensource and the system is able to do what you are able to deliver.


Care to show some examples of some closed source linux derivatives? :juggle:

seehas
10th September 2013, 21:25
graphical made systems are a prison for every hacker because it hinders you to do what you can on your own, instead the programmer dumbs you down to the stuff he made for you - thats why linux or unix based systems are popular in hacking communitys "debian" for example is opensource and the system is able to do what you are able to deliver.


Care to show some examples of some closed source linux derivatives? :juggle:

thats why i mentioned debian? did you get what i wanted to say? its not about the name or the system its about the ethic behind.

Operator
10th September 2013, 21:39
Well my story goes back even much longer ... early 80's. I was in College (of technology) with fellow students.
We had classes on a Prime computer (very modern in those days). The human interface was simple on multiple
monochrome (green) colored consoles. So it was a kind of prank then to not log out and display a fake logon
screen (created by us) ... this way we could log the logon attempts and log the passwords.

Although it started as a joke it became quite serious since the teachers also used the computer to store grades
and other info about students. When school management found out we were 'experimenting' too much with the
system a firm warning (being suspended forever from college) was given. But hey, we were all a bunch of hackers
then set free in the garden of Eden :p.

seehas
10th September 2013, 21:40
A couple of months ago one of my PC's were hacked. It happened just after I made a comment about the history of the holocaust in this forum. Someone was literally inside the PC looking around...as I couldn't control anything while I watched the mouse cursor go in and out the registry/folders/and drives. I just watched and laughed for a bit and then pulled the plug.

Fortunately, I never place really important information on computers, especially on ones I plan to use online. I can't say the issue started here or else where because I was multitasking and searching through a couple of sites. I immediately got the problem fixed and just took a break from the net for a while. Be very careful if you keep your financial records in your computer's/ tablets/ and cell phones.

Peace

reads like a scriptkid to me, most hacks (like you explained) arent done by humans manual anymore ,these are done by botnets that scan whole segments automaticly and check for common exploits - a big advantage on safety are the routers people got at home, back in the days when isdn and modems where used it was much more a danger to home computers because the routers are between the pc and the internet.

if you plug an old windows machine directly to the internet it wont be more than 10minutes till its infected i bet on that, tried something similar years ago with an linux machine only had ftp and samba running didnt last 5minutes / after ive noticed some process activity ive checked the system and found some irc-bot software and plenty of kernelmodifications thats where my machine joined a botnet.

botnet machines are both home-computers but also servers, the infected machines dont get destroyed but hijacked and most people dont know about it maybe they even get used to the slow internet :cool:

inside the botnet the machines are categoryzed by their subnet so its possible to say subet XY is a server subnet and the other one is clientside, on serversubnets whole different tools are applied since bandwith and operatingsystem are quite different.

botnets are one of the most powerfull weapons in cybercrime, (gather hundertthousand machines inside the botnet forced on single targets can shut down major sites and services)
and remember real hackers dont sit on their computer to hack into john does computer :)

toad
10th September 2013, 21:58
graphical made systems are a prison for every hacker because it hinders you to do what you can on your own, instead the programmer dumbs you down to the stuff he made for you - thats why linux or unix based systems are popular in hacking communitys "debian" for example is opensource and the system is able to do what you are able to deliver.


Care to show some examples of some closed source linux derivatives? :juggle:

thats why i mentioned debian? did you get what i wanted to say? its not about the name or the system its about the ethic behind.


lol sorry that was a dumb linux joke, there are no closed source distros in the linux world. I use linux daily and have for years, debian/slack/gentoo, only use windows for work.

TargeT
11th September 2013, 00:51
its funny that even when we think we are protecting ourselves, we are really just opening a vulnerability to the fascist PTB... Microsoft has admitted NSA backdoors for years... Android is is the same...
IOS too

and now we have this:

http://i.imgur.com/m5vqEW7.jpg

toad
11th September 2013, 01:00
Yeah Android slop is a problem only until you root your phone and install something open source problem solved. Get rid of all that slack and nonsense on your phone, know whats up. Open up your phone to its true potential.
http://cdn.redmondpie.com/wp-content/uploads/2013/01/Ubuntu-smartphone-OS.png

Operator
11th September 2013, 01:50
its funny that even when we think we are protecting ourselves, we are really just opening a vulnerability to the fascist PTB... Microsoft has admitted NSA backdoors for years... Android is is the same...
IOS too

and now we have this:

http://i.imgur.com/m5vqEW7.jpg

Maybe we should leave the apples on the trees ... :eyebrows:

Then it would be over soon !

Peace of Mind
11th September 2013, 02:28
@Seehas, interesting...
The tech showed me a blasterworm, a trojan, and something else that was suppsedly a way for back door access. I figured it would happen to that rig sooner or later, thou. I can't even use a flash drive I have because I'm thinking it was also compromised, or possibly the carrier.
Good thing I back up the backups.

The net and computers are convenient tools for everyone to use to get into everyone else's biz...not to mention the homebase for tactical propaganda. Hacking, IMO is inevitable...if you can make a connection to a source...the rest is just a matter of time, and proper coding. Imo its just unwise to put much trust in it when the gov (anyone) can be incognito on it.

@Target, I wouldn't be surprised if people finger prints were taking through the daily over-use of their "smart phones" and tablets.


Peace

TargeT
11th September 2013, 02:35
Yeah Android slop is a problem only until you root your phone and install something open source problem solved. Get rid of all that slack and nonsense on your phone, know whats up. Open up your phone to its true potential.
http://cdn.redmondpie.com/wp-content/uploads/2013/01/Ubuntu-smartphone-OS.png


I have an S4, but the vendar specific software is not hte problem from my understanding, it's the base OS that is at issue; though I don't personally know the specifics.

TigaHawk
11th September 2013, 02:51
Funny you should post this! LOL

Last thursday night i put a keylogger on a workmated personal laptop - at my request and her blessings.

She was in an abusive relationship, physically - mentally and emotionally.

The information gathered from this keylogger showed that the X had been seeing other people since april this year. It also revealed plans to try and take her for half the place, ontop of a foiled plan on saturday to clean out the place and take one of the dogs - with intentions to destroy it.

I'd just like to say as well, hacking is not my thing. The keylogger i used was purchased commercial software. I also saw details to personal email accounts, facebook and a dating site. These were untouched an the information removed.

The point of my story - the programs are not allways malicious. Its the intentions and end goal of why they are being used.

Am going to be staying at this persons house for the next week - aparently a breach of DVO, assault, breach of bail and threatening a witness hasnt inclined this person to back the hell off. They and some frieda have been doing slow drive by's of her place at night to try and intimidate her. Right back at em - im installing CCTV tonight.

toad
11th September 2013, 03:32
Yeah Android slop is a problem only until you root your phone and install something open source problem solved. Get rid of all that slack and nonsense on your phone, know whats up. Open up your phone to its true potential.
http://cdn.redmondpie.com/wp-content/uploads/2013/01/Ubuntu-smartphone-OS.png


I have an S4, but the vendar specific software is not hte problem from my understanding, it's the base OS that is at issue; though I don't personally know the specifics.


There are thousands of Android derivatives, each time a carrier releases a phone it has a modified version of Android. Now once rooted, you can load your own version of Android, one that has been looked over quite well, by a community of people (http://forum.xda-developers.com/index.php) who develop and modify the kernels themselves so obviously any backdoors or problems would be sought out and publicly spoken quite rapidly (i.e. CarrierIQ) Things of that nature dont stay hidden within the open source community for very long, this is what makes it so strong, god bless GPL.

norman
11th September 2013, 23:38
I want to raise a glass for the unsung 'white hat' hackers of the world ! ( you know who you are )



:offtopic:

Flash
11th September 2013, 23:45
After reading this Vitalux, I would change your blue doctor avatar clothes for the same design, but orange :p

lol

Flash
11th September 2013, 23:49
Funny you should post this! LOL

Last thursday night i put a keylogger on a workmated personal laptop - at my request and her blessings.

She was in an abusive relationship, physically - mentally and emotionally.

The information gathered from this keylogger showed that the X had been seeing other people since april this year. It also revealed plans to try and take her for half the place, ontop of a foiled plan on saturday to clean out the place and take one of the dogs - with intentions to destroy it.

I'd just like to say as well, hacking is not my thing. The keylogger i used was purchased commercial software. I also saw details to personal email accounts, facebook and a dating site. These were untouched an the information removed.

The point of my story - the programs are not allways malicious. Its the intentions and end goal of why they are being used.

Am going to be staying at this persons house for the next week - aparently a breach of DVO, assault, breach of bail and threatening a witness hasnt inclined this person to back the hell off. They and some frieda have been doing slow drive by's of her place at night to try and intimidate her. Right back at em - im installing CCTV tonight.

Be very careful, you are dealing with a nut case psycho. Take care.

norman
11th September 2013, 23:50
After reading this Vitalux, I would change your blue doctor avatar clothes for the same design, but orange :p

lol

Darn, Flash, I never realised you were that savvy to things outside a 'strict' mental paradigm.