Social Engineering
As we saw in the GTMHH on how to break into computers, social
engineering usually consists of telling lies that are poorly
thought through. But a skilled social engineer can convince you
that he or she is doing you a big favor while getting you to
give away the store. A really skilled social engineer can get
almost any information out of you without even telling a lie.
For example, one hacker posted his home phone number on the
bulletin board of a large company, telling the employees to call
him for technical support. He provided great tech support. In
exchange, he got lots of passwords. If he had been smart, he
would have gotten a real tech support job, but then I can never
figure out some of these haxor types.
ISP
Hostage Taking
A favorite ploy of the aggressor in a hacker war is to attack
the victim's Internet account. Then they trumpet around about
how this proves the victim is a lamer.
But none of us is responsible for managing the security at
the ISPs we use. Of course, you may get a domain name, set up
a computer with lots of security and hook it directly to an Internet
backbone provider with a 24 hr phone connection. Then, checking
account depleted, you could take responsibility for your own
Internet host. But as we learned from the AGIS attacks, even
Internet backbones can get taken down.
If you point this out, that you are not the guy running security
on the ISP you use, bad guy hackers will insult you by claiming
that if you really knew something, you would get a "secure"
ISP. Yeah, right. Here's why it is always easy to break into
your account on an ISP, and almost impossible for your ISP to
keep hackers out.
While it is hard to break into almost any computer system
from the outside, there are vastly more exploits that will get
you superuser (root) control from inside a shell account. So
all your attacker needs to do is buy an account, or even use
the limited time trial account many ISPs offer, and the bad guy
is ready to run rampant.
You can increase your security by using an ISP that only offers
PPP (point to point) accounts. This is one reason that it is
getting difficult to get a shell account. Thanks, cybernazis,
for ruining the Internet for the rest of us.
But even an ISP that just offers PPP accounts is more vulnerable
than the typical computer system you will find in a large corporation,
for the simple reason that your ISP needs to make it easy to
use.
********************************************************
Newbie note: A shell account lets you give Unix commands to the
computer you are on. A PPP account is used to see pretty pictures
while you surf the Web but in itself will not let you give Unix
commands to the computer you are logged into.
********************************************************
Because it is easy to break into almost any ISP, haxor d00d
cybernazis think it is kewl to take an ISP hostage by repeatedly
breaking in and vandalizing it until the owner surrenders by
kicking the victim of the attacks off. This was the objective
in the assaults on Succeed.net in Oct. 1997.
*******************************************************
You can go to jail warning: I usually fubar the names of ISPs
in these guides because so many haxor types attack any computer
system I write about. Succeed.net is a real name. If you want
to attack it, fine. Just remember that we have boobytrapped the
heck out of it. So if you attack, men in suits bearing Miranda
cards will pay you a visit.
*******************************************************
More on hacker wars--->>
