I'm Arik, welcome to my weblog

Calendar

August 2008
S M T W T F S
« Jan    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

May 29th, 2005

Trojan horses abound

Filed under: Computer Security, Privacy — arikb @ 8:16 pm

The press calls it ‘The Trojan Horses Scandal’. I’ll include a few links to Israeli press below.

To make long stories short, I’ve summarized the information I got from the press and my personal insights, sort of blended in. My information came mainly from the press, and I’ve extrapolated in places, so don’t take anything for granted:

  • A list of very prominent Israeli companies were infected by a trojan. Foreign companies may have been victims as well, but names of those were not provided.
  • The trojan was targeted specifically at those companies by the perpetrator, and more specifically at key people in those companies and PR companies working for those companies.
  • The trojan was targeted at Windows machines.
  • The attack vector was social engineering, using e-mail and CD-ROMs sent to the victims as ‘a business proposal’.
  • Data proliferated from some of the infected machines includes (but is not limited to) the ‘My Documents’ folder and screen captures.
  • The stolen data was sent to “FTP servers” both out and inside Israel. The protocol used for the actual transfer was not disclosed.
  • The trojan was never detected within the infiltrated companies until the police looked for it.

  • The first lead into the case came from a writer, Amnon Jacquont, whose pre-published book was found on the net.
  • The writer has been the target of identity theft in the past months, by someone who apparently wanted to cause him harm. Activities included posting to various forums with his identity, using his network account and writing disparaging entries in the Hebrew branch of Wikipedia and forums of Israeli book stores.
  • The writer’s wife, a known Israeli radio personality, finally talked him into filing a complaint with the police. When asked by the police if they have a suspect, the couple pointed a finger at their ex-son-in-law, Michael Haefrati. The divorce was ugly and involved a lawsuit that Michael has lost.
  • The police computer crime unit inspected Amnon’s computer, and located a trojan. They traced the data to an “FTP server”.
  • Upon inspection of the data on the server, the investigators discovered internal documents belonging to the aforementioned prominent companies.

  • After around 6 months of investigation, the police has a comprehensive list of victim companies and of the companies that benefited from the information.
  • The deals were brokered by three private investigation firm, and Michael was the technical contact that executed the attacks in person.
  • Come Sunday the 29th (today), a large police force accompanied by computer experts confiscated a large amount of equipment from a comprehensive list of companies and private residences. A few suspects have been arrested.
  • As expected, the suspect companies blame the investigation companies for any illegal act, and Michael (who was apprehended in the UK) claims his software was not meant to be used illegally. Investigators are sure, however, that Michael has made target-specific adaptations to the software.

My take on this:

  • It was bound to happen sooner or later. I know I’m a pessimist, but I suspect this is currently going on unchecked on a very large scale worldwide.
  • Being computer-smart is not enough. If you want to be a successful and free cracker, you have to be real-world smart too: Michael was caught because he used his software to execute a personal vendetta against his ex-father-in-law. Had he not done that, these activities could have remained hidden to this day.
  • Moreover, from what I gather (although it is not stated specifically) the reason the investigators cought up with his commercial enterprise is because he has left the Jacquont files on the same server as files from his other activities.
  • This is not the last we are going to hear about this type of attacks.

Stay safe.

Some media links:

Haaretz: Top Israeli execs held in industrial espionage case
Haaretz: Haephrati’s arrest “was like music to our ears,” says couple who sparked probe
Haaretz: Analysis / Trojan horse violates more than one law
Globes: YES, Pele-Phone, Cellcom execs arrested for computer espionage
YNetNews: Scandal shocks business world
IsraelInsider: Trojangate: Top Israeli execs arrested for using virus to spy on each other
DEBKAfile: Two Suspected Israeli Computer Hackers Face Extradition from London
Boaz Gutman’s site

Too much comment spam made me cancel comments for this post.

• • •

May 22nd, 2005

Can you hack my Yahoo! account? Please?

Filed under: Computer Security, Privacy — arikb @ 5:33 pm

A chat log I had with a person I never talked to before. I’ve XXX-ed her identifying details, and cut some irrelevant stuff out.

I don’t usually engage in these types of conversations, and I turned her down mostly, but that’s my take on security:

(19:13:52) XXXXXXXXXX: hey
(19:30:37) Arik B: Hello
(19:31:22) XXXXXXXXXX: wow ur on finally lol
(19:31:43) Arik B: Yes; Who are you?
(19:32:42) XXXXXXXXXX: um well i just was at the hackers group because this mean person took my yahoo email and i was hoping some1 could help me get it back, im XXXXX
(19:33:18) Arik B: Did you receive email into that yahoo account?
(19:33:23) XXXXXXXXXX: yea
(19:33:33) Arik B: Do you know the hacker?
(19:33:52) XXXXXXXXXX: no its some guy who i talked to and then he just got mean
(19:34:22) Arik B: Did you tell him your username and password?
(19:34:34) XXXXXXXXXX: no he just got in somehow
(19:36:33) Arik B: Okay. Go to yahoo.com, and if you are signed-in, click ’sign out’. Then click sign-in. You will be asked for your yahoo ID and your password. Instead, click below that on ‘Forgot my ID or password’. Fill in the information requested, and you will be able to set a new password.
(19:37:00) XXXXXXXXXX: i tried he must have changed the zip code or something i cant get in to it
(19:39:27) Arik B: Oh okay. Well, if he has changed that as well, your only recourse is to contact Yahoo! support, and tell them the story. They might ask for some ID or proof that you had the account. If that fails, I suggest you contact all your friends and tell them not to send mail to that address anymore, and give them a new address. If you want I can send you a GMAIL invitation so you can open a 2G GMAIL account.
(19:40:02) XXXXXXXXXX: ok thats fine with me and screw it yahoo is never any help
(19:41:38) XXXXXXXXXX: well do u know of any1 who can help me get back in my yahoo?
(19:41:39) Arik B: Okay. What was your password to the old account? Was it very simple?
(19:41:57) XXXXXXXXXX: it was XXXXXXX i just picked a cool word
(19:43:34) Arik B: Well, XXXXXXX is a bit too easy. If you want it to never happen again, choose a more difficult password. My passwords are usually abbreviations of songs, for example I can choose “Hit Me Baby One More Time” so my password is “hMb1mt”… you see the connection? This way no one can guess it but it’s very easy to remember.
(19:44:19) Arik B: It is very hard to get into Yahoo accounts without the password, I suggest that you contact support. None of the hackers I know will risk their good name to try and illegaly hack into a Yahoo account.
(19:44:19) XXXXXXXXXX: yea i shoulda picked a harder one i know it sux now but like i said do u know any1 who could help me?
(19:44:33) XXXXXXXXXX: oh ok
(19:45:10) Arik B: Hackers are not the ones that hack into accounts. These are called “Crackers”.
(19:45:23) Arik B: (because they crack accounts and computers)
(19:45:27) XXXXXXXXXX: i thought so i was just out of ideas
(19:45:43) Arik B: I would say, pick your battles.
(19:45:51) XXXXXXXXXX: well do u know of any1 that could teach me?
(19:46:01) Arik B: How to crack?
(19:46:18) XXXXXXXXXX: yea just really teach me anything that could get me back to my yahoo
(19:47:04) Arik B: Listen, XXXXXX, how important is that account really? If you had a dollar value (I don’t know where you’re from, but let’s say dollars), what would it be?
(19:47:39) XXXXXXXXXX: maybe its just a little thing but not to me i had it for 3 years
(19:48:20) Arik B: Let’s say you still had it, for the sake of this argument. How much would I pay you to give it up? $100?
(19:48:53) XXXXXXXXXX: i dont think i would give it up unless it was to some1 i can trust real good
(19:49:20) Arik B: No, I mean I want to buy it off you, you won’t use it ever again. Would you sell it to me for $100?
(19:49:50) XXXXXXXXXX: no way i liked that email i have alot of stuff there
(19:50:38) Arik B: How much? Everything has a price.
(19:50:57) XXXXXXXXXX: maybe $250 i dont know
(19:51:08) XXXXXXXXXX: but i really miss it
(19:51:44) Arik B: Okay. So it’s a $250 value. The amount of time and money you invest in this must not exceed $250, would you agree?
(19:52:16) XXXXXXXXXX: well i honestly have no idea i never thought about it but it sounds right
(19:53:43) Arik B: This is how you need to think about it. No emotions, cold hard math. If you are going to invest $300 of time and effort to get that $250 value, you shouldn’t.
(19:54:32) XXXXXXXXXX: no i just had my mail and all my pictures and several drafts of just about every poem ive ever written
(19:55:53) Arik B: Hm.
(19:56:35) Arik B: Do you have a backup for the pics and poems? because most likely the cracker erased what you have there.
(19:57:01) XXXXXXXXXX: i dont have a backup but its worth a shot to try
(19:57:26) Arik B: The photos - were they shared?
(19:57:51) XXXXXXXXXX: no they were just pictures of my old bf and some friends
(19:58:45) Arik B: I mean - were they shared in your Yahoo account with other people? Yahoo lets you share your photos.
(19:58:46) XXXXXXXXXX: do you know of anyone that can help me?
(19:58:57) XXXXXXXXXX: they werent shared
(19:59:00) Arik B: No I don’t.
(19:59:21) XXXXXXXXXX: oh well your helpful atleast
(20:02:34) Arik B: What I suggest is that you do the following:
1. Contact yahoo support and try and convince them.
2. Contact all your friends and tell them your email address has changed. I can still give you a 2GB GMAIL account. Or you can open another account.
3. Try to contact the cracker, and convince him to let you into your account. Remember, if he is asking for something - don’t agree to anything over $250.
If he does agree to let you have your account back for money, agree on the sum. Then agree on the payment method.
Then print the entire chat log with him, AND GO TO THE POLICE AND FILE AN EXTORTION CLAIM!
(20:03:08) Arik B: Where do you live? (country, state)
(20:03:11) XXXXXXXXXX: lol good idea
(20:03:22) XXXXXXXXXX: XXXXX in the united states
(20:03:23) XXXXXXXXXX: u?
(20:04:28) Arik B: Hadera, Israel. Although I’m relocating to SF bay area in a short while. In the US there is a big fad of cyber-terrorism. Try to ride that, and tell the police he may be using the extortion money to finance his terrorist activities.
(20:04:36) Arik B: Is he also an American?
(20:04:59) XXXXXXXXXX: yea he says he lives in california
(20:05:10) Arik B: That’s good. Do you have chat logs?
(20:05:31) XXXXXXXXXX: nope
(20:07:33) Arik B: Set up Yahoo! Mesenger to keep logs from now on. Try to engage him. THE MOMENT HE IS ASKING YOU FOR MONEY, HE IS EXTORTING YOU, which is a serious felony. Don’t offer money, because that’s entrapment, but plead with him and ask him what he wants and what can you do to make him give you access for that account. Then print those logs!
(20:07:46) XXXXXXXXXX: ok
(20:08:04) XXXXXXXXXX: the problem is he wont talk to me either
(20:08:13) Arik B: I would also suggest that you have a computer professional go over your computer and remove any suspicious software that he may have out there.
(20:08:41) XXXXXXXXXX: too expensive i got no money
(20:08:42) Arik B: Well, try emailing your old account :-S
(20:08:51) XXXXXXXXXX: ok i will
(20:09:18) Arik B: Dont’ forget Yahoo Support before you start cracker-hunting.
(20:09:45) XXXXXXXXXX: yea i tried once but so far no response
(20:10:01) Arik B: From Yahoo suppurt?
(20:10:29) XXXXXXXXXX: yep
(20:11:22) Arik B: Don’t email them, call them.
(20:11:45) XXXXXXXXXX: oh i never thought of that
(20:11:53) Arik B: Also, http://help.yahoo.com/help/us/security/security-02.html
(20:12:15) XXXXXXXXXX: ok cool ill check it now
(20:13:03) XXXXXXXXXX: my sis wants to go online i gotta go for a few thanks for your time and help
(20:13:23) Arik B: No problem, take care.
• • •
« Previous Page
This work is licensed under a Creative Commons License Powered by: WordPress • Template based on work by: Priss Creative Commons License