Hacker Attack 2830fm.qxd 8/28/00 5:17 PM Page i 2830fm.qxd 8/28/00 5:17 PM Page ii Hacker Attack Richard Mansfield San Francisco Paris Düsseldorf Soest London 2830fm.qxd 8/28/00 5:17 PM Page iii Associate Publisher: Jordan Gold Contracts and Licensing Manager: Kristine O’Callaghan Acquisitions and Developmental Editor: Diane Lowery Editor: Malka Geffen Production Editor: Leslie E. H. Light Technical Editor: Michelle A. Roudebush Book Designer: Maureen Forys, Happenstance Type-O-Rama Electronic Publishing Specialist: Maureen Forys Proofreaders: Erika Donald, Nancy Riddiough, Laura Schattsneider Indexer: Nancy Guenther CD Technician: Keith McNeil CD Coordinator: Kara Eve Schwartz Cover Designer: Daniel Ziegler Cover Illustrator/Photographer: Daniel Ziegler/Corbis Images Copyright © 2000 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. The author(s) cre- ated reusable code in this publication expressly for reuse by readers. Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as Richard Mansfield is attributed in any application con- taining the reusable code and the code itself is never distributed, posted online by electronic transmission, sold or commercially exploited as a stand-alone product. Aside from this specific exception concerning reusable code, no part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, mag- netic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 00-106242 ISBN: 0-7821-2830-0 SYBEX and the SYBEX logo are trademarks of SYBEX Inc. in the USA and other countries. Screen reproductions produced with FullShot 99. FullShot 99 © 1991–1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any par- ticular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 2830fm.qxd 8/28/00 5:17 PM Page iv The media and/or any online materials accompanying this book that are available now or in the future contain programs and/or text files (the “Software”) to be used in connection with the book. SYBEX hereby grants to you a license to use the Software, subject to the terms that follow. Your purchase, acceptance, or use of the Software will constitute your acceptance of such terms. The Software compilation is the property of SYBEX unless oth- erwise indicated and is protected by copyright to SYBEX or other copyright owner(s) as indicated in the media files (the “Owner(s)”). You are hereby granted a single-user license to use the Software for your personal, noncommercial use only. You may not reproduce, sell, distribute, publish, circulate,or commercially exploit the Soft- ware, or any portion thereof, without the written consent of SYBEX and the specific copyright owner(s) of any component software included on this media. In the event that the Software or components include specific license requirements or end-user agreements, statements of condi- tion, disclaimers, limitations or warranties (“End-User License”), those End-User Licenses supersede the terms and conditions herein as to that particular Software component. Your purchase, acceptance, or use of the Software will constitute your acceptance of such End-User Licenses. By purchase, use or acceptance of the Software you further agree to comply with all export laws and regulations of the United States as such laws and regulations may exist from time to time. Reusable Code in This Book The authors created reusable code in this publication expressly for reuse for readers. Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as all three authors are attributed in any appli- cation containing the reusable code, and the code itself is never sold or commercially exploited as a stand-alone product. Software Support Components of the supplemental Software and any offers associ- ated with them may be supported by the specific Owner(s) of that material but they are not supported by SYBEX. Information regarding any available support may be obtained from the Owner(s) using the information provided in the appropriate read.me files or listed elsewhere on the media. Should the manufacturer(s) or other Owner(s) cease to offer support or decline to honor any offer, SYBEX bears no responsi- bility. This notice concerning support for the Software is provided for your information only. SYBEX is not the agent or principal of the Owner(s), and SYBEX is in no way responsible for providing any support for the Software, nor is it liable or responsible for any support provided, or not provided, by the Owner(s). Warranty SYBEX warrants the enclosed media to be free of physical defects for a period of ninety (90) days after purchase. The Software is not available from SYBEX in any other form or media than that enclosed herein or posted to www.sybex.com. If you discover a defect in the media during this warranty period, you may obtain a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of purchase to: SYBEX Inc. Customer Service Department 1151 Marina Village Parkway Alameda, CA 94501 (510) 523-8233 Fax: (510) 523-2373 e-mail: info@sybex.com WEB: HTTP://WWW.SYBEX.COM After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of pur- chase, and a check or money order for $10, payable to SYBEX. Disclaimer SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, per- formance, merchantability, or fitness for a particular purpose. In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequen- tial, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of such damage. In the event that the Software includes an online update feature, SYBEX further disclaims any obligation to pro- vide this feature for any specific duration other than the initial posting. The exclusion of implied warranties is not permitted by some states. Therefore, the above exclusion may not apply to you. This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state.The pricing of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agreement of Terms and Conditions. Shareware Distribution This Software may contain various programs that are distributed as shareware. Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights. If you try a shareware program and continue using it, you are expected to register it. Individual programs differ on details of trial periods, registration, and payment. Please observe the requirements stated in appropriate files. Copy Protection The Software in whole or in part may or may not be copy- protected or encrypted. However, in all cases, reselling or redis- tributing these files without authorization is expressly forbidden except as specifically provided for by the Owner(s) therein. Software License Agreement: Terms and Conditions 2830fm.qxd 8/28/00 5:17 PM Page v 2830fm.qxd 8/28/00 5:17 PM Page vi This book is dedicated to the memory of James Carl Coward. 2830fm.qxd 8/28/00 5:17 PM Page vii 2830fm.qxd 8/28/00 5:17 PM Page viii Acknowledgments E ditor Diane Lowery deserves the primary credit for bringing this book to life. Not only is she a thoughtful acquisitions editor, she’s a most helpful develop- mental project editor—I find her suggestions uniformly wise. She was instru- mental in shaping the overall structure of this book as well as offering excellent advice on individual chapters. And it doesn’t hurt that she’s simply a pleasure to work with. Malka Geffen is another outstanding editor. She made many sensitive, useful recom- mendations throughout the book. I hope she’ll return to editing soon because authors who get to work with her are indeed lucky. Technical editor Michelle Roudebush asked for a double-check when my facts or con- clusions seemed suspect. These queries were, of course, quite worthwhile and prevented me more than once from embarrassing myself. I thank Production Editor Leslie Light for efficiently guiding this project through the production process—from edited manuscript to page layout, to galley proofs, then finally off to the printer. Not least, I would like to acknowledge Maureen Forys for her extraordinary and, I think, highly effective book design. 2830fm.qxd 8/28/00 5:17 PM Page ix Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . . . . . 1 CHAPTER 1 Danger on the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 CHAPTER 2 Phone Phreaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 CHAPTER 3 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . 19 CHAPTER 4 Bypassing Passwords and Doing the Rat Dance . . . . . . . . . . . 31 CHAPTER 5 The Venus Flytrap and Other Anti-Hacks . . . . . . . . . . . . . . . 41 CHAPTER 6 Between a Rock and a Hard Place . . . . . . . . . . . . . . . . . . . . . . 49 CHAPTER 7 The Dangers of High-Speed Connections . . . . . . . . . . . . . . . . 59 CHAPTER 8 How to Protect Your Exposed Broadband . . . . . . . . . . . . . . . . 65 PART 2 Personal Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 CHAPTER 9 Internet Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 CHAPTER 10 The Elements of Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 99 CHAPTER 11 The Great Leap Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 CHAPTER 12 The Computer Steps In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 CHAPTER 13 Infinite Monkeys: Brute Force Attacks and Other Curiosities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 CHAPTER 14 DES: A Public Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 CHAPTER 15 Making Keys Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 CHAPTER 16 Electric Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 CHAPTER 17 Encryption Implementations in Windows 2000 . . . . . . . . . . 171 CHAPTER 18 Hiding Data in Photon Streams . . . . . . . . . . . . . . . . . . . . . . . 191 CHAPTER 19 The Perfect, Unbreakable Encryption System . . . . . . . . . . . . 201 2830fm.qxd 8/28/00 5:17 PM Page x [...]... computer security: hackers, viruses, and the rapid erosion of personal privacy These are fascinating subjects You feel as if you’re watching a great game that might take decades to finish, if it is ever truly finished A clever hacker scores a point by breaching security, then the other side (the government or some other member of the anti -hacker team) scores by nabbing the hacker, then another hacker steps... three sections Part 1: Hackers, Crackers, and Whackers tells the intriguing tale of the intellectual cowboys who ride the electronic range, usually alone, searching for computer systems to break into You’ll read about the various types of hackers: those who are simply trying to demonstrate security weaknesses (“true” hackers), those who want to peep at other people’s information (whackers), those who... 16 Beep Beep 17 CHAPTER 3 Hackers, Crackers, and Whackers 19 How to Tell a Whacker from a Hacker 22 Hackers with Viruses 23 How to Anonymously Send E-Mail or Newsgroup Messages 24 Speaking of Spam: How to Get Rid of... Documents that Attack (and What You Can Do to Protect Yourself ) 259 CHAPTER 24 Prevention, Detection, and Elimination 271 Index 283 xi 2830fm.qxd 8/28/00 5:17 PM Page xii Contents Introduction xxi Part 1 Hackers, Crackers, and Whackers ... 10 The Best Solutions to Hacker Probing 11 CHAPTER 2 Phone Phreaks 13 Who Are Phone Phreaks? 15 Devilish Dialers 16 Beep Beep 17 CHAPTER 3 Hackers, Crackers, and Whackers ... address from strangers Nevertheless, I’m throwing caution to the wind because my interest in hearing from you, dear reader, outweighs my fear of hackers and spammers Write me at earth@worldnet.att.net 2830ch01.qxd 8/29/00 8:45 PM Page 1 1 Hackers, Crackers, and Whackers 2830ch01.qxd 8/29/00 8:45 PM Page 2 2830ch01.qxd 8/29/00 8:45 PM Page 3 1 Danger on the Internet 2830ch01.qxd 4 8/29/00 8:45 PM Page... game W Some people—variously called hackers, whackers, crackers (and other names unsuitable for publication in a decent book)—make it their business to find exposed hard drives and make use of them Sometimes, they just snoop Sometimes they delete files Sometimes they deposit viruses, worms, logic bombs, or other trouble As you’ll see in the next few chapters, no hacker has yet taken advantage of a... Are There Secrets in this Book? You may be wondering if in this book I tell you specific details about hacking—exactly where to get software passwords, hacker tools, other people’s Social Security numbers, and all the many other secret tricks that hackers know I thought about this issue quite a bit I didn’t want this to be one of those Wacko Hacko quickie newsprint books that focus on the fringes and... highly accurate, surprisingly detailed portrait of your personality, finances, personal information such as your Social Security number, and so on ✔ How businesses can intelligently defend against hacker attacks, both from outsiders and the odd, deeply peeved employee inside ✔ Encrypting your data easily and thoroughly (this way, even if someone does get access to your files or e-mail, they can’t make... xxii Introduction the most famous hacker of the 1990s, who was jailed for his endeavors.) This kind of virus is creepy, but there’s no real harm done However, other hacks have been blamed for everything from the sudden disappearance of millions of dollars from bank accounts, to endangering the lives of Shuttle astronauts (NASA denies there was ever any real danger when a hacker broke into their system . Hacker Attack 2830fm.qxd 8/28/00 5:17 PM Page i 2830fm.qxd 8/28/00 5:17 PM Page ii Hacker Attack Richard Mansfield San Francisco. CHAPTER 3 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 How to Tell a Whacker from a Hacker .