ch03.htm

Maximum Security (First Edition) 网络安全 英文版

<P>For example, Schwartz once installed a shell script that allowed him to access
the Intel network from other locations. This script reportedly opened a hole in Intel's
firewall. Another system administrator discovered this program, froze Schwartz's
account, and confronted him. Schwartz agreed that installing the script was not a
good idea and further agreed to refrain from implementing that program again. Some
time later, that same system administrator found that Schwartz had re-installed the
program. (Schwartz apparently renamed the program, thus throwing the system administrator
off the trail.) What does all this mean? From my point of view, Randal Schwartz probably
broke Intel policy a number of times. What complicates the situation is that testimony
reveals that such policy was never explicitly laid out to Schwartz. At least, he
was given no document that expressly prohibited his activity. Equally, however, it
seems clear that Schwartz overstepped his authority.</P>
<P>Looking at the case objectively, some conclusions can immediately be made. One
is that most administrators charged with maintaining network security use a tool
like Crack. This is a common procedure by which to identify weak passwords or those
that can be easily cracked by crackers from the void. At the time of the Schwartz
case, however, such tools were relatively new to the security scene. Hence, the practice
of cracking your own passwords was not so universally accepted as a beneficial procedure.
However, Intel's response was, in my opinion, a bit reactionary. For example, why
wasn't the matter handled internally?</P>
<P>The Schwartz case angered many programmers and security experts across the country.
As Jeffrey Kegler wrote in his analysis paper, &quot;Intel <I>v.</I> Randal Schwartz:
Why Care?&quot; the Schwartz case was an ominous development:

<DL>
	<DD>Clearly, Randal was someone who should have known better. And in fact, Randal
	would be the first Internet expert already well known for legitimate activities to
	turn to crime. Previous computer criminals have been teenagers or wannabes. Even
	the relatively sophisticated Kevin Mitnick never made any name except as a criminal.
	Never before Randal would anyone on the `light side of the force' have answered the
	call of the 'dark side.'
</DL>



<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>You can find Kegler's
	paper online at <A HREF="http://www.lightlink.com/spacenka/fors/intro.html"><B>http://www.lightlink.com/spacenka/fors/intro.html</B></A>.
	
<HR>
</P>

</BLOCKQUOTE>

<P>I want you to think about the Schwartz case for a moment. Do you have or administrate
a network? If so, have you ever cracked passwords from that network without explicit
authorization to do so? If you have, you know exactly what this entails. In your
opinion, do you believe this constitutes an offense? If you were writing the laws,
would this type of offense be a felony?</P>
<P>In any event, as stated, Randal Schwartz is unfortunate enough to be the first
legitimate computer security expert to be called a cracker. Thankfully, the experience
proved beneficial, even if only in a very small way. Schwartz managed to revitalize
his career, touring the country giving great talks as Just Another Convicted Perl
Hacker. The notoriety has served him well as of late.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>The transcripts of this trial are
	available on the Internet in zipped format. The entire distribution is 13 days of
	testimony and argument. It is available at <A HREF="http://www.lightlink.com/spacenka/fors/court/court.html"><B>http://www.lightlink.com/spacenka/fors/court/court.html</B></A>.
	
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>Why Do Crackers Exist?</B></FONT></H2>
<P>Crackers exist because they must. Because human nature is just so, frequently
driven by a desire to destroy instead of create. No more complex explanation need
be given. The only issue here is what type of cracker we are talking about.</P>
<P>Some crackers crack for profit. These may land on the battlefield, squarely between
two competing companies. Perhaps Company A wants to disable the site of Company B.
There are crackers for hire. They will break into almost any type of system you like,
for a price. Some of these crackers get involved with criminal schemes, such as retrieving
lists of TRW profiles. These are then used to apply for credit cards under the names
of those on the list. Other common pursuits are cell-phone cloning, piracy schemes,
and garden-variety fraud. Other crackers are kids who demonstrate an extraordinary
ability to assimilate highly technical computer knowledge. They may just be getting
their kicks at the expense of their targets.
<H2><FONT COLOR="#000077"><B>Where Did This All Start?</B></FONT></H2>
<P>A complete historical account of cracking is beyond the scope of this book. However,
a little background couldn't hurt. It started with telephone technology. Originally,
a handful of kids across the nation were cracking the telephone system. This practice
was referred to as <I>phreaking</I>. Phreaking is now recognized as any act by which
to circumvent the security of the telephone company. (Although, in reality, phreaking
is more about learning how the telephone system works and then manipulating it.)</P>
<P>Telephone phreaks employed different methods to accomplish this task. Early implementations
involved the use of ratshack dialers, or red boxes. (<I>Ratshack</I> was a term to
refer to the popular electronics store Radio Shack.) These were hand-held electronic
devices that transmitted digital sounds or tones. Phreakers altered these off-the-shelf
tone dialers by replacing the internal crystals with Radio Shack part #43-146.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Part #43-146 was a crystal, available
	at many neighborhood electronics stores throughout the country. One could use either
	a 6.5MHz or 6.5536 crystal. This was used to replace the crystal that shipped with
	the dialer (3.579545MHz). The alteration process took approximately 5 minutes. 
<HR>


</BLOCKQUOTE>

<P>Having made these modifications, they programmed in the sounds of quarters being
inserted into a pay telephone. From there, the remaining steps were simple. Phreaks
went to a pay telephone and dialed a number. The telephone would request payment
for the call. In response, the phreak would use the red box to emulate money being
inserted into the machine. This resulted in obtaining free telephone service at most
pay telephones.</P>
<P>Schematics and very precise instructions for constructing such devices are at
thousands of sites on the Internet. The practice became so common that in many states,
the mere possession of a tone dialer altered in such a manner was grounds for search,
seizure, and arrest. As time went on, the technology in this area became more and
more advanced. New boxes like the red box were developed. The term <I>boxing</I>
came to replace the term <I>phreaking</I>, at least in general conversation, and
boxing became exceedingly popular. This resulted in even further advances, until
an entire suite of boxes was developed. Table 3.1 lists a few of these boxes.
<H4><FONT COLOR="#000077"><B>Table 3.1. Boxes and their uses.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Box</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>What It Does</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Blue</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Seizes trunk lines using a 2600MHz tone, thereby granting the boxer the same privileges
			as the average operator</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Dayglo</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Allows the user to connect to and utilize his or her neighbor's telephone line</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Aqua</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Reportedly circumvents FBI taps and traces by draining the voltage on the line</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Mauve</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Used to tap another telephone line</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Chrome</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Seizes control of traffic signals</TD>
	</TR>
</TABLE>
</P>
<P>There are at least 40 different boxes or devices within this class. Each was designed
to perform a different function. Many of the techniques employed are no longer effective.
For example, blue boxing has been seriously curtailed because of new electronically
switched telephone systems. (Although reportedly, one can still blue box in parts
of the country where older trunk lines can be found.) At a certain stage of the proceedings,
telephone phreaking and computer programming were combined; this marriage produced
some powerful tools. One example is BlueBEEP, an all-purpose phreaking/hacking tool.
BlueBEEP combines many different aspects of the phreaking trade, including the red
box. Essentially, in an area where the local telephone lines are old style, BlueBEEP
provides the user with awesome power over the telephone system. Have a look at the
opening screen of BlueBEEP in Figure 3.1.</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>Figure 3.1.</B></A><B><BR>
</B><I>The BlueBEEP opening screen.</I></P>
<P>It looks a lot like any legitimate application, the type anyone might buy at his
or her local software outlet. To its author's credit, it operates as well as or better
than most commercial software. BlueBEEP runs in a DOS environment, or through a DOS
shell window in either Windows 95 or Windows NT. I should say this before continuing:
To date, BlueBEEP is the most finely programmed phreaking tool ever coded. The author,
then a resident of Germany, reported that the application was written primarily in
PASCAL and assembly language. In any event, contained within the program are many,
many options for control of trunk lines, generation of digital tones, scanning of
telephone exchanges, and so on. It is probably the most comprehensive tool of its
kind. However, I am getting ahead of the time. BlueBEEP was actually created quite
late in the game. We must venture back several years to see how telephone phreaking
led to Internet cracking. The process was a natural one. Phone phreaks tried almost
anything they could to find new systems. Phreaks often searched telephone lines for
interesting tones or connections. Some of those connections turned out to be modems.</P>
<P>No one can tell when it was--that instant when a telephone phreak first logged
on to the Internet. However, the process probably occurred more by chance than skill.
Years ago, Point- to-Point Protocol (PPP) was not available. Therefore, the way a
phreak would have found the Internet is debatable. It probably happened after one
of them, by direct-dial connection, logged in to a mainframe or workstation somewhere
in the void. This machine was likely connected to the Internet via Ethernet, a second
modem, or another port. Thus, the targeted machine acted as a bridge between the
phreak and the Internet. After the phreak crossed that bridge, he or she was dropped
into a world teeming with computers, most of which had poor or sometimes no security.
Imagine that for a moment: an unexplored frontier.</P>
<P>What remains is history. Since then, crackers have broken their way into every
type of system imaginable. During the 1980s, truly gifted programmers began cropping
up as crackers. It was during this period that the distinction between hackers and
crackers was first confused, and it has remained so every since. By the late 1980s,
these individuals were becoming newsworthy and the media dubbed those who breached
system security as hackers.</P>
<P>Then an event occurred that would forever focus America's computing community
on these hackers. On November 2, 1988, someone released a worm into the network.
This worm was a self-replicating program that sought out vulnerable machines and
infected them. Having infected a vulnerable machine, the worm would go into the wild,
searching for additional targets. This process continued until thousands of machines