Broadband Tech > Security > Security > Hacking.....seriously, how easy is it to get hacked?

reply to djr777

Re: Hacking.....seriously, how easy is it to get hacked?

reply to keyboard5684
I like your response, part of the real problem is that people can't discern the difference between a Hacker and a cracker and why they are different. If one can't discern the basic difference in syntax, they are already completely out of the realm of understanding a fix.

So, why don't we concentrate efforts in understanding basics first

This is true crackers are people who are using other's people work also known as script kides hackers are people who are programmers and understand security very well.

"I know there are different levels of being hacked but these sights may Highjack my computer for DOS attacks but as far as actually viewing my info, that step is a little further down the line isn't it?

@djr777 .. the answer to that is as follows:

1) Once trojaned you are "potentially" owned in every way. aka rootkit..
2) Always assume the worst and cancel all Credit Cards, format the drive, etc
3) Assume they have all your personal info/hdd contents because that is a secure stance to take and in most cases you wont know how long you are infected. This was your user and not you right? So there is no way to know.
4) The above may not be true in all cases.. Many trojans are simply automated botnets/worms. However if infected, some day the person controlling that bot net may be bored and look directly at you.They will have power to do it too.
5) change ALL passwords, credit cards etc after any "confirmed trojan incident"
6) there is no other way to be safe and be thankful if they didn't find time to look at you "real personal".
7) this is all just advice you are free to ignore .. but once a trojan is "present" its a nasty business and assume the worst.

"But not every trojan unlocks your entire computer...right?"

Of course it will .. or at least from a security perspective that is what you must assume.

A proper hacker that had some reason to target you directly only needs an IP address to work with. He will exploit the "router". There are multile ways to get the IP such as send you a file on MSN (perhaps fixed these days) so voip, skype and lots of other services would still work + a netstat. Once an IP is obtained it will be PROXIED scans that should set off your firewall if you had one. In the old days where #define_no_router.. These are AUTOMATED exploits and require no user "interaction" .. all that is required is ONE unpatched exploit or to send a user an exe they "trust" that exploits one. Exploits are private sometimes for years and when you annoy the wrong person you might be at the wrong end of one of those. Generally, "hackers" want to learn and not "exploit you" directly. SKIDDIES on the other hand take recently published exploit code from "hackers" and target it vs any IP/user they had. Accepting some random.exe from a skiddie is the best way to get owned. Porn sites are another "great vector"..

If your users took an exe form a skiddie in MSN or email or in general dont practice "safe hex" .. GG .. forget the firewall.. It will have no effect.

These days, the term "trojan" is old.. start to think "rootkit".. and no you wont get rid of that easily.

I seriously doubt any user restrictions will help you here because trojans are usually social engineering and somewhere along the line one of your users "clicked something".

Once its on your lan and inside the firewall .. your screwed.. (excuse the french).. but that is reality. Look beyond the initial infection too..

security comes at a cost, there is no free lunch. Assume "nothing".

GL to you and hope it helps.

"I have been working on my nephews computer and because it was such a mess i was wondering if someone had actually gotten in to his personal info and swiped it"

Start with the assumption that they did.. until you can prove otherwise. I am sry to break that to you.

reply to Oleg

reply to djr777
O and changing password will not help a hacker still could get it.

reply to keyboard5684

reply to Oleg
"O and changing password will not help a hacker still could get it."

Changing all passwords alone wont help I agree. However, it should be standard practice to chose new secure passwords after an offline reformat, latest patches, AV, Firewall reinstall etc all from clean sources.

Also in my experience the line between traditional crackers and hackers is totally blurred and has been for some time. Of course crackers can code and they are sometimes very good at reversing/patching ASM level code. They can add new twists to something an original "hacker" discovered. The only distinguishing factor for me is that crackers will have no problem with "illegal activity" for gain while you have "white hat" hackers that publish their work as "research" or indeed work for security companies. For me, "hackers" are those who research/discover while "crackers" are those who will break the law often using someone else's modified or original code. The skills are very similar. Its how you applied them made you "malicious" or not.

As a "hacker" you would want to learn or expose something to the public. The chances of a person of this level "targeting you" and proceeding to attempt to break the law by finding a new flaw in your specific router are next to nil. This said if there are known unpatched exploits anywhere on your LAN, you are at risk.

Reverser, hacker, cracker .. it is all a bit murky and hard to define who is who and those traditional terms need rethinking.

"Also, one thing I very rarely hear is anyone telling someone with an infected machine to take it off the friggin' network until it is cleaned"

I concur with this advice.

"How common is it for your secondary hard drive to be infected?"

I would advise you always assume the very worst and start from there. For example, back up all data to external drive, reformat offline and clean, scan all this data bearing in mind that if this is 0-day it may not be detected by all scanners and once sure data is verified ok copy it back. Do not copy back exes from infected drives, assume they have been compromised and that they have the ability to reinfect you.

Even all of this "traditional" type advice is not enough with the "rootkits" of today in some cases. There is "hacker" research to suggest that a rootkit can infect BIOS/Flash memory and actually survive a reformat. It would be just a matter of time before that research is in the wrong hands:

»www.theregister.co.uk/2009/03/24···ootkits/

While this is probably not "seen in the wild" be aware of it too.

Finally, this can happen to any admin and is why many organisations totally ban USB keys and laptops are such a problem (you have no idea how secure they are offsite).

Hope it helps.

I have seen some PHP databases this is scary i was able to exploit one of them and i got access to addresses,CC info, phone numbers and it was not even SSL database.

Agreed Oleg,

I have seen 20+ php based sites taken in days (all connected). From there the crackers reversed weak MD5 passes, took MSN, paypal, other sites and did untold damage in all.

It was reported to the FBI but unless 5k+ cash damage.. they dont want to know unless it had implications in another case.

Lesson: never use the same passwords or weak passwords "for convenience" on all sites. A common mistake.

The same is true on LANs and individual computers.

EDIT:
I provided 20+ pages of "evidence" from the logs of hacked sites and pinpointed the "unpatched exploits" used to gain entry. Still not enough ...

Edit2:
The only reason it was reported to FBI is that the majority of servers were USA based.

Edit3:
Leave no vulnerability "unpatched"..

I do remember exploiting java script based ISP database so i have called Time Warner Cable to report this and rep. has told me i can go to jail for this.

There is a fine line between "pen test" where you had some permission and well just "your own tests"

Edit:
I exploit myself all the time.. to know attack is to know defence. That goes for websites, comps on lan etc.

Edit2:
That is lame Oleg. They should at least appreciate you did no damage and tried to correct them. For me that is "ethical hacking" + reporting it to the vendor in private.

reply to djr777
There was info a long time ago about malware putting itself somewhere on your harddrive, So everytime you reformat and reinstall windows you would get infected

There was also info about malware being in your motherboard and reinfecting everytime you would reinstall

All a hacker had to do was modify a patch for your hardware or bios and you Supposedly would be owned and need to throw out that infected hardware item

There was a post a long time ago on sysinternals from a user that said their harddrive was infected with something and had proof to back it up, It was something of asian origin. So i assume the harddrive already come exploited

I do believe vendors or workers for the vendors can implement malware on a motherboard rom easily, But you can reflash and it will be gone, But you'd also need to reinstall the os because the malware would go from rom to os.

But then we have no idea how it works though, Does the malware on the os need any type of function from the code on the rom, Or simply the malware on the motherboard just injects code into the os everytime it detects the os is not infected

This remains largely theoretical and "only seen in the lab".

That said the research is there to show that any device with firmware or flash memory could be exploited at a hardware level and it remains vendor dependant.

So, if this were in the wild, no a reformat wont fix it as a reboot will reinfect the new OS if the payload on the hardware device did its job.

This said, its an obscure threat and wont work widely as each vendor would need to be targeted specifically. I expect to hear more on this type of "rootkit" as hardware vendors make it easier for users and allow more firmware/bios updates to happen in windows itself and not the good old DOS screen and only from a boot disk.

To sum up, in theory this is possible. It remains unlikely as the "malicious hacker" needs to know some hardware specifics. If a trojan was present, assume this hardware info is available to the "attacker" .. that is a much better word .. "attacker", and if the attacker took the time to look at local hardware specifics, for sure .. he may well be able to exploit that to his advantage and your detriment.

This raises another issue. That of disclosure in public/private and allowing vendors reasonable time to fix something. For hardware vendors, that is so much harder.

All fun and games. Add "virtualisation" and "hyper this and that" to the mix too. One exploitable hole there is a disaster. The intention of these technologies is to "abstract" the hardware level and not allow the OS see it in the way it normally would. Exploits in this domain would be a bigger threat than ever seen in the past.

Technology is great as it multiplies the work you can do. The same multiple applies to damage when security is breached. Call it "Moores Law for exploits" .. they just get bigger and better and advance at the same pace of the technology they seek to exploit. Security will always increase in importance in the same manner.

Its often inside info from one disgruntled worker and that info leaking to idle hands who wish to exploit leads to that which was considered "theoretical" yesterday becoming today's reality.

reply to nv753
"I do believe vendors or workers for the vendors can implement malware on a motherboard rom easily, But you can reflash and it will be gone, But you'd also need to reinstall the os because the malware would go from rom to os"

here you go nv753:
»isc.sans.org/diary.html?storyid=4247
»www.andrewsayshello.com/technolo···malware/

.. just two examples of this threat in action, and to answer your other question, you would need to trust the source of the flash ROM and when the vendor can ship it infected.. I dunno lol

Let this thread be a glimpse at future threats on the rise and a bow to those in the past too but the future demands we all look more close and not less close at this sort of thing.