“Attackers continue to come up with creative ways of tricking potential victims into installing malicious software.
“Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we’ll be seeing such approaches more often.”
Very true indeed. Such type of attacks are really dangerous for the uninitiated and unsuspecting. I am pretty sure you know what happens if you write your phone number in college student campuses bathrooms? That’s right, what about writing a website on the walls or doors in the following emo style:
https://www.stupidprofessor.com/professor_X_NAKED/ – OMG xD xD OMFG Profesor X naked webcam pictures! xD xD xD UNBLVBL…the truest thing :X:X:X >:)
What about fake student organization promotions, party announcements, homework websites, job offers, surveys,etc… Although many of these methods are kinda’ overkill if done in less crowded places, since the same number, if not even more targets could be allured with online methods rather than physical real life ones.
Anyway it’s an interesting special case of social engineering, in the sense that it doesn’t require you to interact directly with a person, to own them.
And you liked it so much that you want it on your drive for future reference or in case you might want to watch it again later. Now all you need to do is just type pwn in front of youtube in your address bar and you will arrive to a download page of that exact video in standard quality(.flv) and high quality(.mp4).
Kevin David Mitnick (born August 6, 1963) is a computer security consultant and author, who was incarcerated for more than four years without trial or a bail hearing.
He was a world-famous controversial computer hacker in the late 20th century, who was at the time of his arrest, the most wanted computer criminal in United States history. more…
Ever wanted to see Kevin in action?
See him as he types?
See him as he hacks/cracks?
Then you have clicked to the right place.
Some of the network data gathered(sniffed or logged) for prosecution before Kevin’s apprehension by telco’s and other parties involved in the investigation with the help of Tsutomu Shimomura, has been released to the public a long time ago. Shimomura used a custom version of tcpdump in his sniffing sessions on Mitnick and eventually he made a program to convert the gathered data into an interactive application that matches exactly what Mitnick was seeing and doing during his telnet sessions(it sounds more complicated than it is, a little understanding of the telnet protocol, which dominated the internet back then, and the fact that a tcpdump session on a host between mitnick and he’s other peers contains all the needed information to recreate with precise accuracy exactly what happened,when and how it looked).
They have been hosted at the evidence section on a site called Takedown(like the book by Shimomura&John Markoff and the movie) along with the prank calls made to Shimomura’s voicemail and other related stuff.
If you’re not familiar with Kevin’s story and a little bit of unix/linux i don’t think you will be making much sense out of the transcripts,except for the chatting sessions. Although this looks like a great motivation to start learning/using linux/unix just because you wanted to understand what is the stuff Kevin types while he hacks. 😈
For the Mitnick familiar and hackers out there i present Tsutomu’s January 25 Post to Usenet which explains with some level of detail the IP source address spoofing and TCP sequence number prediction attacks that were used by Kevin to pwn Shimomura’s diskless X terminal and from there using a loadable kernel STREAMS module an existent connection to Shimomura’s real box was hijacked thus leading to the pwnage of Tsutomu’s goodies treasurechest.It was interesting the way Tsutomu wanted to make sure the world understands how his box got owned. 😳
You will be needing telnet to view the sessions. For each session you will have to telnet on a different port on the same machine as each transcript is served through a different port.
They always use the ugliest picture possible,so that he looks like a pedofile and everyone is happy.
I am eager to see Kevin haaack, i want to see some stuff right now! Gimme teh box and it’s hole!
Well select one from bellow based on the summary of the transcript, then open a shell and type/paste the corresponding telnet command:
This is the chat session in which Kevin asks his friend jsz at Ben-Gurion University in Israel for tools. He asks over and over again until he gets satisfaction. Since we are seeing what Kevin saw, in the talk session the top half of the window (above the dashed line) is what he was saying; the bottom is what jsz was saying. —>
telnet kevin-on-demand.takedown.com 4009
Nobody speaks better for Kevin Mitnick than Kevin himself. Here we learn that we are indeed dealing with Mitnick, as well as good many other things. Do these sound like nice people to you?Discussion of Tsutomu, Markoff, Dan Farmer, a “picture on the front page of the New York Times.” —>
telnet kevin-on-demand.takedown.com 4010
Kevin breaks into Dan Farmer’s machine(creator of SATAN security scanner), fish.com, and peruses his files and mail looking for information about himself, Tsutomu, security holes, and the FBI. Breaks into Sun, confirming that the “access1” in the talk session that afternoon really did refer to access1.sun.com. Kevin also has a fascination with looking through the command histories of system administrators, presumbaly to see if they are on to him. —>
telnet kevin-on-demand.takedown.com 4013
This is the first session where a possible reference to “Mitnick” was seen. —>
Last Comments