LISTSERV - FERRET-SEARCH Archives - LISTSERV.FERRETMAILINGLIST.ORG

FERRET-SEARCH Archives

Searchable FML archives

FERRET-SEARCH@LISTSERV.FERRETMAILINGLIST.ORG

	LISTSERV Archives
	FERRET-SEARCH Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Security Breach
From:	Anonymous Poster <[log in to unmask]>
Reply To:	The Ferret Mailing List (FML)
Date:	Tue, 16 Aug 1994 22:16:48 EDT
Content-Type:	text/plain
Parts/Attachments:	text/plain (138 lines)
Dear Chris,
 
Hi!  I've got a bit of a problem and I think it is connected with my access
to ferrets anonymous or my hook up with internet.  I received e-mail from a
hacker today who said he "hacked" my AOL file and obtained enough information
about me in order to run me through a number of government databases.  As a
result, he was able to recite to me a great deal of personal information,
including my status as a peace officer (usually more difficult to obtain).
 He stated that he has no malicious intent.  His intent is to sell his
services.  Nontheless, this is pretty serious.  I'm somewhat naive about what
hackers do and how common this is but I'm concerned.  I spoke with the FBI
and an attorney friend.  This is indeed serious.  One issue that I discussed
with the attorney was that this could be entrapment.  Perhaps there is a law
enforcement agency looking for people who will nibble at this deal.  It is
possible that perhaps they are attacking those who are associated with
ferrets anonymous.  Possible?  This guy said he was an expert hacker.  Could
he be breaching your security somehow?  At any rate, my first contact with
internet was when I signed up with you a few days ago.  I've never had any
trouble until now. Thus, I see a connection.  Bottom line is that perhaps the
other subscribers should be warned.  I don't know how serious or commonplace
this whole deal is to you.  Its new to me and it freaked me out that someone
could invade my privacy so easily.  Let me know what you think.  By the way,
this guy calls himself "salvage-expert hacker."
Thanks for lending an ear,
 
[This could have been answered privately, but I thought it worth airing
the issue a bit...
 
- I am a consultant in computer security for very large computer
  environments, presently working at a very large corporation.  At
  least they seem to think I know my business - just received a Merit
  Award for nailing a "Cuckoo's Nest" type hacker half-way round the
  world.  By "nailing", I mean we got him so good he does jail time.
  (and I got to buy a new woodworking power tool, Arr!  Arr!   ;-)
 
  [I also tracked down the forged messages sent to the FML a year or
  so ago that some of our subscribers may remember... ;-)]
 
- All I know about you is your first name, and your AOL account.  I do
  not know what your surname, or location is.  In fact, there is no
  indication anywhere that you're "anon".  There is very little
  information to be gotten from me.
 
- The list exploder on cunyvm (where most subscription addresses
  reside) has no indication that you are an anon-user, and only knows
  the same things about you that I do.
 
- Bill Gruber, who operates the list exploder, knows that I consider
  the subscriber list confidential information, and will not divulge
  it to anyone.  Neither will I.
 
- As far as I am aware, the LISTSERV is not subject to VRFY-like
  attacks (because it isn't SMTP) and only Bill and I know the password
  for retrieving the subscriber list.  [Bill, any comments you
  might add?]
 
- There is no way on earth for anyone to figure out that you sent
  a message to FML anonymously, except by having access to my
  Internet provider and seeing the mail logs, having access
  to your account on AOL or AOL's mail logs, sniffing packets
  on the external internet, or breaking into my system.
 
  My internet provider is out, because they're pretty paranoid.
 
  Sniffing packets requires far more expertise than hackers usually
  have at their disposal.  Hackers are, for the most part, rather
  unsophisticated (we watched every keystroke made by the hacker
  we caught.  He was so stupid it was embarassing.)
 
  The exploder does not know what you've sent.
 
  I do, for I keep records for a while of where I received articles,
  but see below:
 
  HOWEVER, all the above is moot, because this is the first message
  you've sent to the FML, so even if the hacker could snoop in the
  "right places", there is NO data to find...
 
- My system is "safe".  How can I say this?  Because:
 
    - my machine is not IP connected, and so no Internet attacks are
      possible.
    - I'm running a mail system that has never been reported to have
      security problems.  Unlike, for example, sendmail.
    - All my external connections (which are a restricted number) are
      via passworded interconnects, and are owned by people that for
      the most part I believe I can trust.  At least as far as aiding
      and abetting a penetration from an American ;-)
    - File transfer permissions are screwed down as tight as they'll
      go, so even if a connection was spoofed, they couldn't retrieve
      anything.
    - I am not running "standard" software here, so there is no
      way that someone would know *what* to retrieve even if they
      could retrieve something.
    - I am the only person who can log into this machine, aside from my wife
      (who is even more security conscious than me ;-)
    - I monitor all traffic, and have various prototype security alarms
      in operation.
    - Even if vrfy reverse attacks were possible on my mail system,
      the people on the exploder aren't in the aliases, so nothing
      useful is retrievable.
    - my house hasn't been broken into, nor my computer stolen.
 
Now to the specific.  By "hacking an AOL file", your "friend" is basically
saying that he penetrated your AOL account, and was able to peruse
your files.  Which would probably tell him you subscribe to the FML, and
possibly that you send anonymously (though, it probably wouldn't mean
much).  Unless he mentioned the FML, I don't think he caught the
significance (if there actually is one).  And access to your file
would tell him a lot of other things, like your full name, probably
that you're a peace officer, and likely all of the other things he
repeated to you.
 
Thus, I believe that the security problem is on AOL, that he's
bluffing about scanning government databases, and it is only coincidental
that it happened close to your subscription to the FML.
 
My suggestion to you is, provided you take steps to shield your ferret
(if you do have one in a FFZ), is to get the FBI to assist you in
trapping the guy.  Nowadays, I'm sure that they would be quite
interested.  Don't change your password yet, because that may tip
the hacker that you didn't swallow his line about where you got the
data.  [And eat this message after reading. ;-)]  More to the point,
*plant* some information, and see what happens.  Like a love letter
to a non-existant SO - that'll get his ears flapping ;-)  Don't
plant anything that sounds illegal tho, otherwise you may have some
difficult explaining to do if it is your government trying to
trap you.  Which is *probably* unlikely.  But I wouldn't count
on it.
 
The other approach is to report it to AOL, and let them handle it.
They'll probably take it quite seriously too.  Unless you were sloppy
with your password.
 
What kind of services is this guy offering?]
 
[Posted in FML issue 0922]
ATOM RSS1 RSS2
LISTSERV.FERRETMAILINGLIST.ORG