“Greetings, Professor Falken…let’s hack the planet!”
So first off, you would think a blog named “Caheen’s Crypto Corner” would talk about cryptography – That’s just not the case. Back in the day we would say something like “Psych!” For the newer generation, think more along the lines of Dave Chappelle’s Killing Them Softly routine! Google it and watch it if you don’t get it.
Per the title, at times tend to muse about cryptography. More than that, however, I honestly just like the sound of it. Kind of rolls off the tongue. Say it with me:
“Caheen’s Crypto Corner”
Ok, so now let’s get serious. Or not. I can float either way.
This past weekend I watched two of the absolute best “hacker” movies of all time. The one that started it all for me, Wargames, starring Matthew Broderick and Ally Sheedy, and Hackers, starring a gaggle of people, the most notable being Johnny Lee Miller and Angelina Jolie. These movies were a trip down memory lane (insert old man joke now). Now, if you haven’t seen either movie, then stop reading and go to your favorite video outlet, purchase them, and take the time to watch. Then come back and begin reading again. No worries. I will wait.
Ok, you’re back. Awesome movies, right?! These movies both have several things in common, but the most noticeable similarities between the movies are the tactics that the “hackers” in the films utilize. Wargames was made circa 1983 and Hackers came out around 1995. Here comes the shocker – the same tactics deployed in both movies are utilized by hackers today! I would also say that both movies even provide foreshadowing of events that have come to pass in the last two decades, but that’s another musing for another time.
There are five steps to infiltrating a vulnerable network or system that are deployed by attackers. These steps have many different variants, but they all achieve the same purpose. Some steps bleed into others, but there are few exceptions where any of these steps circumvented.
Step 1: Reconnaissance
This is the information gathering phase. The attacker gathers as much freely available or not-so-freely available information about the target. In Wargames, this was simple. David, Matthew Broderick’s character, simply opens a magazine and finds the address for Protovision, a fictitious gaming company in Sunnyvale. He then calls an operator and asks for all the prefixes for Sunnyvale. Remember, it’s an 80’s movie, so no broadband; we are talking 2400 baud at best! Smoking!
In the movie Hackers, this phase of the attack is a little more involved. When the characters decide to hack Ellingson Mineral mainframe, aka. “The Gibson,” the group of hackers employ dumpster diving, the age-old art of rifling through non-shredded, discarded corporate documents in the trash. With many options to safely discard and shred sensitive material, this tactic is nearly obsolete in the corporate world, but how many of you are shredding documents at home like mail that contains account numbers of some kind? Food for thought.
This is not the most sanitary method of information gathering, but it can be fairly effective. They also go as far as to steal a POTS manual from the phone company! But in Hackers we see some evolution take place. Lord Nikon, aka Paul Cook, poses as a floral delivery engineer and does a bit of Shoulder Surfing to gain passwords! Ahh, Social Engineering. I digress.
Step 2: Enumeration
Enumeration is utilizing the information gathered from Reconnaissance to start looking for vulnerabilities in the target network. This is where things start getting interesting. This is where rubber starts to meet the road. Taking learned information and looking for that one hole, that one gap that someone forgot to plug. It sounds way more exciting when you’re typing it out. It’s honestly quite boring in reality. There are a multitude of tools that will perform this step while you <cough>, I mean the nefarious individual attempting to gain access to a network, sleeps or creates a TPS reports.
In Wargames, David runs a utility called a “war dialer.” A war dialer will dial every number in an area code to search for modems and computers. Once a modem answers on the other end, David jumps into the next stage of the attack. In the movie Hackers, this phase is a bit unclear, however it is safe to assume that through the first two steps there was some information that led to an exploitable vector.
Step 3: Access
Party Time! I mean “All your base are belong to us!” No, didn’t mean that, either. What I meant to say was “PWND!” You get the point. Access to the target network or system has been gained. If the previous two steps were successfully completed, this is where the attacker will exploit the weakest vectors discovered.
The epitome of this phase is best expressed in the movie Wargames by those three most awesome words that we hear modulate in all their 4-bit glory from a speaker that seems to be pieced together from an erector set, “Greetings, Professor Falken.” Oh man! Joshua is alive!
In Hackers, access to the Gibson is obtained not once, but twice! At this point in the movie I find myself trying to figure out patch management, remediation, security policy and process, etc. for Ellingson Mineral.
Step 4 Maintaining Access
Once access has been obtained, why not set it up to be maintained? In this phase an attacker, depending on their motive, will create a vector by which they can access the system at will. This phase is an evolutionary step in tactics that is applied by particularly malicious attackers. By maintaining access, an attacker will be able to not only regain access to a compromised target but utilize that device in attacks against other devices. In the movie Hackers, we see an awesome display of a DDoS attack when the “Hackers of the World” unite to assist our protagonist in gaining access to the Gibson and bringing the multi trillion-dollar super computer to a sizzling halt. Although the attack was initiated manually, this movie was created before botnets. These days, one person could initiate that attack solo. In Wargames, on the other hand, we touch on A.I. after David has discovered his error in playing the Global Thermal Nuclear War simulation and the W.O.P.R., aka Joshua, calls David to reengage in the game.
Step 5 Covering Tracks
I’ll be honest – None of these movies displays this step effectively. All the heroes get caught in both feature presentations. However, the attempt is made to destroy physical evidence. In both movies there are scenes where our world saving, socially conscious hackers are frantically ripping and tearing up notebooks and sheets of paper in hopes of destroying any physical evidence linking them to their nefarious late-night activities. In the end, their digital footprint was not erased, though, which ultimately leads to their capture. In real life, the footprint is usually erased during the attack. Think of those old westerns where the bandit doesn’t want to be tracked. He either rides his horse through a shallow stream or drags a tree branch behind him so the posse can’t follow.
Each movie displays all the above steps to one degree or another, which left me asking myself, “Why is it that these movies, created in the 80’s and early 90’s, so clearly display the same tactics we see today?” The answer is simple. These tactics are “tried and true.” They work. They are, in fact, the framework upon which all hacking is based. Every successful breach of every company followed the above steps. So, when looking to defend your network, evaluate how you are defending against these tactics. How much public information is available about your company? What are the exploitable vectors that can be discovered from that available information? How could an attacker gain access through those vectors? How could an attacker maintain that access undetected? What measures or applications do you have in place to stop the attacker from covering their tracks?
If you have never seen the movies, I encourage you to watch them. They are cheesy and old, but also fun and a little bit educational.