Close

Results 1 to 14 of 14
  1. #1
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Tech Hacking Question

    Recently there has been a few high profile cases of companies being hacked.

    Often they will given the numbers of customer records that were accessed and whether the leaked information contained personal details, financial details etc.

    If these companies were ahead of the hackers, I think it's fair to say the hacks wouldn't have happened in the first place which leads me to my question:

    If these companies were behind enough to let the hacks happen in the first place, how do we know that the hackers aren't a lot more advanced then thought, and have for example in each instance taken 10x more information than the companies actually realise?

    Just as an example, when I was at uni I knew a lad who worked in an RBS call centre and used to take out print outs of credit card details with full info - even limits and balances. He got nicked for it, but I could easily imagine that even after he had been locked up, people may still have been using details he had sold to them.


  2. #2
    DF VIP Member DavidF's Avatar
    Join Date
    Apr 2005
    Location
    GLASGOW
    Posts
    994
    Thanks
    389
    Thanked:        743
    Karma Level
    312

    Default Re: Hacking Question

    I believe the system admin when they run an audit would be able to id which files were viewed/downloaded at what time and from where. That's not to say TT may not be telling small porkies lol.

    Thanks to DavidF

    Over Carl (22nd November 2015)  


  3. #3
    DF VIP Member burner1's Avatar
    Join Date
    Apr 2005
    Location
    South West
    Posts
    7,570
    Thanks
    329
    Thanked:        676
    Karma Level
    1213

    Default Re: hack1ng Question

    I think it'll always be the case that some people will exploit vulnerabilities in any 'System/ Process' if there is opportunity. Could be like you say, taking a list of data that could reap a profit or hack1ng into a computer system for the same aim. There are some very clever people on both sides of the law and it's always a game of catch up: someone finds a weakness in a system, it eventually comes to light and it's plugged.. then someone else pokes away at a system and finds another weakness and so on. It's how anti virus apps and updates work.

    There is a huge amount of money to be made by clever (or just plain lucky) people on the 'wrong' side of the law/ ethics etc.

    Thanks to burner1

    Over Carl (22nd November 2015)  


  4. #4
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Default Re: Hacking Question

    Quote Originally Posted by DavidF View Post
    I believe the system admin when they run an audit would be able to id which files were viewed/downloaded at what time and from where.
    That's what I thought, but then say if they only think one account has been compromised and consider all those records as hacked, what if other accounts were also compromised but had totally different usage patterns so didn't get picked up? What if the hacker is clever enough to bypass all authentication so there is no log that records have been accessed by a particular account? What if hacker is clever enough to modify auditing information to get rid of traces....

  5. #5
    DF MaSter Black Oracle's Avatar
    Join Date
    May 2016
    Location
    Mars
    Posts
    86
    Thanks
    42
    Thanked:        95
    Karma Level
    0

    Default Re: Hacking Question

    Hacking websites for email addresses, has 2 ways of an approach.

    I've had first hand experience of both, I used to run a website, one of many - over the years! But, I found another website selling my 'pharmed' database.sql with over 5,000 active email addresses in the deal, selling for $15.00!!! Couldn't believe it, the whole lot for such a small amount. Don't know what they fetch these days, probably a lot less.

    1. Domain Email Addresses: Scan using Transforms to get all registered email accounts, this is standard penetration and is very easy to do on any website. It basically 'maps' out the entire website, so the mx servers are scanned, hence all email addresses are exposed very easily. If a third-party servers for email, example: gmail.com then it will show the network path servers to MX gmail servers.

    2. Webserver Script running a MySQL database: The Exploitation Technique - this again is done by scanning for exploitation of the current script on the server, basically you go in via a back entrance not to be confused with a backdoor ( which is entirely different and normally used by script kiddies! ). This basically allows the attacker to view all files, and then to run further custom tramforms to pull either the entire database, or just the fields they want, email only, then they just scan which tables are available. Email addresses are not classed as high importance, therefore no encryption is normally deployed. The attacker will just pull that column data it could be just email_id, but thats all they need.

    Removal of any penetration record can easily be overwritten, hence it looks like no attack was ever initiated.

    Many people think hackers are all the same, that is a false statement!
    1. Whitehat Hackers - Normally employed by the company to find and fix any exploits, permission is always required to do this type of attack, or you would be classed as a Blackhat Hacker.
    2. Blackhat Hackers - These are hackers that work for companies or ask for permission, they just penetrate systems for pleasure or just because they're after something. Usually, for illegal purposes.
    3. Greyhat Hackers - These are hackers you don't mess around with, normally professional and will leave no trace of what information was accessed! All they use is a green text and black screen. Whatever data they get is normally paid for in advance. You can 'hire' these guys for a price, the results are guaranteed even if it means putting anyone in jail, by placing illegal data on the suspects system, then calling the local police that there's some illegal data on the persons computer. They can even give the actual MAC address of the device. These are guys you don't play games with, they will go to any extent to take out anyone.

    LinkedID first quoted was a big deal because something like 6.5 million user account passwords were posted online, but the latest report shows that figure to be more around 117 million! That was posted this week, in high profile attacks.

    https://blog.knowbe4.com/scam-of-the...-your-password

    Thanks to Black Oracle

    piggzy (29th May 2016)  


  6. #6
    DF VIP Member
    Lou_smorals's Avatar
    Join Date
    Nov 2002
    Location
    UK
    Posts
    2,320
    Thanks
    743
    Thanked:        599
    Karma Level
    446

    Default Re: Hacking Question

    Hi
    My Friend was hacked through his forum (which I believe you are expert on from another of your posts), by the The Equation group, with Greyfish they were in his Imac, his Iphone and his DDRT router firmare, from which they kept re -infecting attached devices. My friend went to authorities, Kaspersky Labs and various other places for help but got little.
    In the end I took over forum and converted to Xenforo and he got rid of most of his tech and just accepts that they are there in background.
    LS
    Dear Lord, please grant me the ability to punch people in the face over Standard TCP/IP

  7. #7
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,540
    Thanks
    3,063
    Thanked:        1,553
    Karma Level
    371

    Default Re: Hacking Question

    Quote Originally Posted by Lou_smorals View Post
    Hi
    My Friend was hacked through his forum (which I believe you are expert on from another of your posts), by the The Equation group, with Greyfish they were in his Imac, his Iphone and his DDRT router firmare, from which they kept re -infecting attached devices. My friend went to authorities, Kaspersky Labs and various other places for help but got little.
    In the end I took over forum and converted to Xenforo and he got rid of most of his tech and just accepts that they are there in background.
    LS
    I assume he once was in circles that he now wished he wasn't ?!?!?

  8. #8
    DF VIP Member
    Lou_smorals's Avatar
    Join Date
    Nov 2002
    Location
    UK
    Posts
    2,320
    Thanks
    743
    Thanked:        599
    Karma Level
    446

    Default Re: Hacking Question

    Hi
    Well its a long story, but not really, they thought he had something they wanted (about satellite tv) and were trying to find that, but both him and me were surprised what they could do and without any consequences.
    Thanks
    LS
    Dear Lord, please grant me the ability to punch people in the face over Standard TCP/IP

    Thanks to Lou_smorals

    piggzy (29th May 2016)  


  9. #9
    DF MaSter Black Oracle's Avatar
    Join Date
    May 2016
    Location
    Mars
    Posts
    86
    Thanks
    42
    Thanked:        95
    Karma Level
    0

    Default Re: hack1ng Question

    Quote Originally Posted by Lou_smorals View Post
    Hi
    My Friend was hacked through his forum (which I believe you are expert on from another of your posts), by the The Equation group, with Greyfish they were in his Imac, his Iphone and his DDRT router firmare, from which they kept re -infecting attached devices. My friend went to authorities, Kaspersky Labs and various other places for help but got little.
    In the end I took over forum and converted to Xenforo and he got rid of most of his tech and just accepts that they are there in background.
    LS
    Hacking through forums is very much possible these days, it is surprising just how easy it really is to do such an attack. All they need is the IP of the user, which with most forum software this can be 'pulled' out of the database.

    You can use custom 'Transforms' from this point, to get the MAC address of the cable modem or ADSL device, from there they stay connected via the MAC address. They do not use IP addresses because some ISP's still use dynamic IP's and not 'static'.

    From doing the aforementioned, re-penetration can be done very easily via the MAC addresses that they already have.

    But it can be done another way!

    Let's say you are online in a forum and your username is showing, most people know that this also shows the memberID as well.

    The attacker does not need your memberID to start with, all they do is create a graph and put your website on it. Then they run a few standard 'Transforms', this not only shows them the websites NS addresses, even if they are hidden behind a CDN like CloudFlare, their NS addresses will still show up (webmasters think using CDN's will block the 'real' Nameserver IP's (this is a myth).

    When using penetration 'mapping' a website you basically have access to everything, you can see what scripts are installed, from there it does not take much to grab the entire database or just a certain field or fields, depending on the script.

    Many of the latest forums are now deploying encoding or encryption to guard such tables which could easily find a specific user.

    Kaspersky Labs, I would put them in the top 5 of security Antivirus programs, but if you want to stay ahead of attacks from 'Ransomeware' then you need an Antivirus program that is 'bulletproof' - there is only one that offers 'Zero-day attacks' and that is F-Secure. Which is what I use, with some added extras, the chances of me being hit are low!

    The ironic part of antivirus companies comes to something when you actually know the ex-CEO's! The stories are insane.. One day I was working on a custom vBulletin style, the guy I was working for turned out to be the ex-CEO of Symantec, we had quite a long chat, then I asked him which Antivirus he used from the Norton range, he said there is no way he would install any Norton product on a computer or device!

    Firstly, my 'digital-footprint' is never shown to any website - I can actually see any website that is tracking me, but they are blocked anyway. I can see Yahoo is tracking me on here, but that is part of vBulletin using Yahoo (a read only repository in javascript!).

    I use various browsers but not IE or Edge, neither can be trusted. I am using Windows 10 Rev 1.0 (Rev 2.0 is due out in July 2016) and Firefox, I know many turn their noses up at Firefox, but if I could get all of the FREE addons for other browsers I probably would change.

    There was an additional paragraph I wrote in this post, but I thought twice about posting it, so I deleted it - I don't want it crawled by Google! On a public forum!

    6 Thanks given to Black Oracle

    beerman (29th May 2016),  JonEp (31st May 2016),  Lou_smorals (29th May 2016),  Northernbloke (29th May 2016),  Over Carl (29th May 2016),  piggzy (29th May 2016)  


  10. #10
    DF VIP Member
    Lou_smorals's Avatar
    Join Date
    Nov 2002
    Location
    UK
    Posts
    2,320
    Thanks
    743
    Thanked:        599
    Karma Level
    446

    Default Re: Hacking Question

    Hi
    I can see you are going to fit right in here with us geeks lol, well as per original post they drove my friend to almost mental breakdown by messing with his childrens phones etc.
    Since I took over forum and changed software we have not had them - maybe that is Xenforo or maybe its just I am too boring for them.
    LS
    Dear Lord, please grant me the ability to punch people in the face over Standard TCP/IP

  11. #11
    DF MaSter Black Oracle's Avatar
    Join Date
    May 2016
    Location
    Mars
    Posts
    86
    Thanks
    42
    Thanked:        95
    Karma Level
    0

    Default Re: Hacking Question

    lolz..

    There is a lot to know about hacking, what sort of setup you need to use, how to hide your 'real' IP. When I was working in Web Hosting, I was the guy that was called in to fix hacked websites, normally using advanced MySQL queries, then checking for backdoors, etc. Tracing these hackers was far too easy, they used their 'real' IP addresses, no proxies or even a VPN, and you can guarantee these were 'script kiddies' - the teens that used stupid useless tools, that just re-wrote header code and cause PHP not to parse correctly.

    But there was one thing that really 'bugged' me about fixing these hacked websites, bearing in mind some were just cookie rewrites or javascript in the footer template changes, and that was how to 'rip' off customers that asked for their websites to be fixed. I was told that I must put at least a 2-3 hour charge on the job! This wasn't cheap, because you were looking at around $100 an hour! Many people can't afford prices like that! I mean editing a bit of code takes a few minutes if that, even if it is base64 encoded, I was taught Advanced MySQL, so I knew how to fix or even destroy websites, but that's a different story! But, they expected me to put the website or forum offline for a few hours to look like it was being worked on - then invoice the customer once back online. I did this for awhile, then left them, and dropped all contact with everyone associated with them. I received many emails after offering me custom work, I never took any of the jobs!
    It is things like this that get you a bad reputation online.

    I've never really looked at Xenforo, I've installed it many times, same for vBulletin and IP.Board and all Applications. I know Xenforo is supposed to be light-weight compared to other forum software.

    I also do a lot of beta-testing of new equipment for my ISP, at the moment I'm testing 1Gb Powerline Adaptors by Netgear - I'm not a fan of Netgear equipment at all, eventhough my ISP decides to re-badge all their products from Netgear!

    @Lou_smorals - I see your running vBulletin 4.2, it's pretty stable at the moment, but with vB5 - well, I would not even run it either! I still have two vBulletin Licences, one is vBulletin 3.x and the other is vBulletin 4.x - I never bought vB5, because to me its a piece of useless coding, that never took off.

    So, Lou you are the main Admin of this forum? I havent looked at any WHOIS or other places of where website information is stored. I did check the server before joining though, some servers are setup really badly. Am I correct in assuming you have other categories that are not publicly 'visible' - I don't want to post something, even abiding to your rules that Google may crawl.
    There is a lot of knowledge I can share, but not publicly - it would attract too much attention, and besides that I don't want to post anything that you think is 'outside' your limitations, so I will probably PM you first before doing certain posts. There is a reason for this, a lot of what I know, which other students were interested in the same University course as me, were mesmerized at what I knew and about all the attack types, that were not even listed on the course. I did end up with many followers and other students asking me questions, some information I couldn't even share. Some of that information even frightened some people, but I wrote 3 resource tutorials in the course so people could see for themselves that everything I was putting in comments were correct and backed up by other security websites.

    ATB.

  12. #12
    DF VIP Member
    Lou_smorals's Avatar
    Join Date
    Nov 2002
    Location
    UK
    Posts
    2,320
    Thanks
    743
    Thanked:        599
    Karma Level
    446

    Default Re: Hacking Question

    Hi M8
    thanks for your advice, no I am a mere VIP minion here, my forum has 55,000 members and was UBB threads when hacked, I took over and reformed it using Xenforo.

    LS
    Dear Lord, please grant me the ability to punch people in the face over Standard TCP/IP

  13. #13
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,540
    Thanks
    3,063
    Thanked:        1,553
    Karma Level
    371

    Default Re: Hacking Question

    What is your forum Lou ?? Unless it is against rules to mention it ?!?!

  14. #14
    DF VIP Member
    Lou_smorals's Avatar
    Join Date
    Nov 2002
    Location
    UK
    Posts
    2,320
    Thanks
    743
    Thanked:        599
    Karma Level
    446

    Default Re: Hacking Question

    Hi
    PM sent
    cheers
    LS
    Dear Lord, please grant me the ability to punch people in the face over Standard TCP/IP

    Thanks to Lou_smorals

    piggzy (29th May 2016)  


Similar Threads

  1. redirect question
    By Psychoschiz in forum Web Hosting & Domain Names
    Replies: 2
    Last Post: 26th September 2002, 04:09 PM
  2. Quick Saturn question
    By doughboy in forum Old Skool Gaming & Retro
    Replies: 1
    Last Post: 16th September 2002, 02:19 AM
  3. Xbox DVD Rom question
    By nims076 in forum Microsoft Consoles
    Replies: 12
    Last Post: 1st September 2002, 04:21 PM
  4. Decorating Question
    By Roty in forum The Dog and Duck
    Replies: 6
    Last Post: 28th August 2002, 11:36 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •