Thursday, June 11, 2009

Doing The Devil’s Work

That old adage about idle hands doing the Devil’s work is so true it’s scary. I’ve recently been lucky enough to avail of some time off and during that time I’ve had a chance to do some of the things I’ve always wanted to do, as well as successfully putting off some things I don’t care for (like painting the bathroom). There’s a surprising downside to being a man of leisure as anyone who has had the chance to lie around the house all day will tell you. I always believed that if you were having trouble sitting on your arse all day then you weren’t doing it right, but there’s no escaping the creeping boredom that finally slopes up your spine, grabs your untaxed brain and directs you towards evil works!

My evil works began simply enough during this period of inactivity. At first I dabbled with some Oracle technologies that I’d been meaning to get into. I played with RAC and a few other bits but, to be fair while they’re definitely evil they’re also wild dull! Then, one Sunday, it struck me. This was the perfect chance to try out some of those infamous hacking tools I’d heard so much about.

I’ve often wondered just how widespread hacking was in the real world. Yes there are lots of viruses and various types of malware out there, and while most do something malicious in some way, they do tend to have a commercial purpose like propagating spam mail or facilitating identity theft. However, actual hackers (in the bad “cracker” breaking into networks and servers sense of the word) are pretty rare, at least here in Ireland where there has never been a criminal prosecution for a computer crime like hacking (I’m sure some knacker somewhere got their collar felt for pinching a laptop or something).

So how come real hacking is so rare? The movies make it look super easy and there’s a massive industry built around protecting your PC from nasty kids who are hell bent on getting their grubby mitts on your holiday snaps and browsing history, so what’s the problem? Well, just like every other subject Hollywood has tackled over the years, the movies are completely wrong about hacking. It’s really hard. Well, maybe not hard exactly, but frustrating in the extreme.

I’m a Theory X kinda guy, I will always do as little as possible whenever possible so I was deeply attracted to the idea of an easy target for my first crack at cracking. As anyone in the know knows, the easiest system to break into is a wireless network. (Actually, there are easier systems, but that’s a story for another day).

In the past I have tried and failed miserably to get a wireless cracking tool to work. There are many reasons for my prior lack of success but basically it always took too long to get anything to work and I’d lose interest way before I managed to get any results. This time out I had nothing better to do so I stuck with it and managed to achieve greatness!

When I first took an interest in wireless networking, many many years ago when Cisco first began peddling the original Aironet 350 series cards and access points, I wondered about how secure it possibly could be. Over the years, as wireless became more widespread, I realised that it’s not secure at all. Of course there has been a lot of work done to make wireless networks secure, open systems soon gave way to WEP protected systems, which were overtaken by WPA protection schemes and fancy MAC lists and the like. But, as soon as a protection method came on the scene out popped a method for hacking it!

The tool I’d read the most about for hacking into wireless networks was Aircrack. I’d tried an earlier version before but never managed to get it to work properly and promptly gave up but this time I was determined. I began my experiments on desktop PC, a dual-boot machine running XP and Fedora 10, installing Aircrack on the Fedora partition. Installing the software was straightforward enough once all the prerequisites are met but getting it to actually work is a different story. The key to Aircrack is in the hardware, never mind what the documentation says, the Atheros based network cards are the only way to go, but this is something I didn’t appreciate at first as I discovered that one of the cheapo Sweex cards I had lying around the place worked perfectly.

Of course there are drawbacks to the desktop. In a housing estate there are bound to be many wireless routers but none were close enough in my estate to enable access and were therefore no fun at all! To try to overcome this I went out and picked up a high-gain directional antenna in Maplin’s in Dublin for about €20. The antenna improved things but it was still not good enough to jump onto a nearby router.

At this point it was fairly obvious that that the only way to have any real fun with Aircrack was to get it running on a laptop. My laptop was exclusively running Windows XP so it needed to be rebuilt to dual boot XP and Linux (like the hardware, don’t even attempt to get Aircrack running on Windows as it’s a waste of time). I re-installed XP along with Fedora 10 (though at one point I was trying different flavours of Ubuntu).

Trying to get Aircrack working on the laptop was a nightmare with way too many blind alleys travelled down; I even spent time editing C code trying to get the on-board wireless card to work before it dawned on me how futile it was trying to use anything other than Atheros hardware.

Then, late one night, while drinking to block out the noise of a trad session taking place in one of my favourite boozers, it occurred to me. Ebay! On ebay I found a PCMCIA wireless network card that, as far as I’m concerned, was built with one purpose in mind – hacking! It is the perfect cracking card. Built by NEC, uses an Atheros chipset, and has a port for an external antenna (hello high-gain!).

With my new network card installed into my laptop, I set about testing it in a live environment.

Now, I’m not going to go into the details of how I got on with Aircrack against an unsuspecting target in this post (I’ll cover that soon) let’s just say I know some guys who aren’t paying for their broadband access anymore. If you have an Eircom broadband wireless router then you NEED to secure it beyond the default settings. At least use WPA as it’s a little harder to get past than WEP.

So, I’d joined the ranks of practicing hackers or, at least, successful script kiddies. About this time Sky Movies began showing “End of Days” the Arnie movie from the late 90’s where he battles the Devil (played very well by Gabriel Byrne). In the movie, set at the turn of the Millennium, there’s a radio news piece about cops being worried that Satanic cults will disrupt the New Year’s celebrations. This led me to a realisation:

There are very few real devil worshipping cults in the world. In fact, there are probably as many Satanists as there are real black hat hackers.

This realisation has led to this blog, a blog that’s hopefully going to serve the needs of these two small groups and in the process put together a Hacking Cult, a coven of those with an interest in computer security and who enjoy good horror movies! So, light the candles, draw a pentagram on the floor, pick a good proxy and let’s see what we can conjure up.