Sailors within the net... or pirates?

2000/01/04 Kortabarria Olabarria, Beñardo - Elhuyar Zientzia

• Internet

Computers connected to the Internet have several options and services: web pages, newsgroups, email, BBS or bulletin boards…. Each of them uses ports with specific protocols (understanding system between two computers). For example, on personal computers, peripherals – mice, printers… – need ports to be able to do their job. Internet servers have a similar system but have more ports, one for each service they offer. On the Internet a single computer does not fulfill all functions. For example, a company can be on the network (http server) and use two different email servers. It could also offer newsgroup services. To understand it better imagine a castle (server) and its inputs (ports). These entries should only be open if they are actually used, since having fewer access places, the risk of unwanted visits is lower. Therefore, if a server's services are used exclusively to display web pages, leaving other ports open is an error.

Multiuser computers

The servers use operating systems such as Windows NT, Unix, AIX, Linux, Irix, etc. These systems are multi-user, so they are commonly used. Among them, a single user, known as root or superuser, has the ability to do everything you want. If someone succeeds in being a superuser, the consequences would be terrible, as it could prohibit access to the administrator himself.

All of these systems have a file called passwd or shadow. This file stores all users' data and passing words. If we know the tricks of computers, which is not so difficult, anyone can access them and read them. Of course, passing words are encoded. Hackers already have access to these files until, with the help of small programs that perform searches, you find the right step word comparing words.

The first step is to get as much information as possible about the computer you want to access. To do this, the port is first used to explore possible access routes. Once achieved, each port is accessed to know the version of the protocol used, since many of them present programming errors that facilitate access. These errors allow obtaining passwd or shadow files normally without accessing the server.

Internal movements

Once access is obtained, the goal is to be a superuser. To do this you have to do a small system review to check if there are any errors in the configuration. If you had nothing to do along this path, hackers will have to use the exploit programs that exist to explore specific systems, i.e. programs that can detect errors. If the operating system version is old and no action has been taken, it can become a superuser.

When the hacker becomes a superuser, he is at the top. You may think you are above others and may leave the message to the administrator to see you the next day and know that your system has security issues. The issue does not end with it, as not all administrators take with humor; some are not able to differentiate between hackers and crackers, and a counterattack may occur. Then they have to remove traces left by hackers.

All systems have their own log with all the operations that occur on the server: who makes the connection, from where, at what time, which program you have used, etc. The Hacker, with superuser capability, can delete all tracks, but for this you must know very well the operating systems and programming. Therefore, hackers, to become superusers, do not enter directly into the computer that they must master, but they pass from one computer to another. This makes it more difficult to track.

When the computer is fully controlled, hackers place snifers, programs that control the network, in order to get all the passing words that come out of the server and all the words that enter the server. This data will allow integration into other systems and increase the power chain.

What has become a profession

There are currently numerous security systems, but there are also numerous techniques to combat them. Hackers know everyone and have shown that they are able to cope with any system. They have become a high-level desecrator, so they usually create admiration and fear.

However, the biggest advantage of hackers is the indifference of computer users to security. Those who want to change society, the system, the organizations… just have to hire category hackers, but they also have powers.