|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISN] Three Minutes With Hacker 'Fosdick'
From: Jonathan Rickman (jonathan
XCORPS.NET)
Date: Fri Apr 06 2001 - 23:07:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Normally, I just ignore this kind of thing. This one had me laughing so
hard I had to respond.
> Fosdick, who goes by various names online, is a 27-year-old hacker who
> works as a programming engineer. He began hacking at age 10 after his
> father, a prominent judicial official in the East Coast city where he
> grew up, bought him his first computer. Within five months of
> receiving it, Fosdick hacked into a bank. From there he progressed to
> phone companies, utilities, and government systems. Most of the time,
Hacked into a bank at age 10. Let's see...that would be...1983-84???
> Fosdick: I mostly looked around at FedEx transfers, wire transfers,
> bank account information. I didn't want to screw anything up. The
> thought, of course, entered my mind to change data, but I couldn't
> have if I wanted to back then--it was an operating system I wasn't
> familiar with ... just a jumble of impressive-looking numbers.
FedEx transfers huh? Pretty advanced for that timeframe. I'll bet they
even used that Gatekeeper thingy, like in the movies. What OS was it???
HAL2001???
> PCW: Why did you pick the bank?
>
> Fosdick: It was down the street from me.
I'll bet he even used a Mac in a phone booth...then got out just in time
to avoid getting nuked by the kernel intruder alert packet diagnostic
utility worm source decoder robot.
> That summer I started getting much more hard core ... and I dialed my
> first BBS [bulletin board service--the precursor to Usenet groups,
> where hackers would share tips about exploiting systems]. At that
> Fosdick: Not until years later. One night he had had it with me
> sneaking down in the middle of the night and using the phone line; he
> put two and two together, found my hidden files, printed them out, and
> yelled at me.
Guess the old man's skillz were too "hard core". Couldn't keep those
files hidden.
> Fosdick: Yes. In 1994 and 1995 I wrote some code that would do it. It
> was just for amusement, to protest AOL. Their mail servers were having
> lots of problems for a while [as a result]. But it was just a game. I
> never took [AOL] down, out of respect. Someone could get fired, and in
> general I don't like hurting people.
Really...that's hard to believe, 'cause you're killin' me.
> PCW: How much time do you spend hacking?
>
> Fosdick: Anywhere from 20 hours a week to nonstop for three to four
> days at a stretch, with maybe a few hours sleep here and there. But
> those latter times are getting rare. I'm getting old.
Really? 17+ years of this and you haven't managed to either take over the
world, or get caught? Now, that's impressive.
> Fosdick: I think ignorance is the real danger. What's dangerous are
> hackers who are out there doing this stuff because it's cool but don't
> have the knowledge to give it respect.
I agree. Ignorance in the media is dangerous. It's what allows garbage
like this into print. It's what has re-defined the term "hacker". Fosdick,
you are not a hacker. You're either a liar, a cracker, or a figment of
Kim's imagination. I'd love to see the IRC transcript this came from.
> Fosdick: It's dangerous that corporate America thinks that the hackers
> making noise are the danger. [Because] while [these hackers are]
> getting attention, anybody who really wanted to could just ...
>
> PCW: Do what?
Here comes the l33t wardialing session...
> Fosdick: You'd be surprised how many modems are still out there to
> dial into. How many companies depend on their partners' security to
> provide them with security. For instance, you can link through four
> Department of Defense contractors straight to the Pentagon right now.
> It shouldn't be that way, but it is.
Really? I know a few SIPRNET operators who would be interested to know
this. Of course, you know all about that though...as much time as you've
spent "hacking into government computers".
> Fosdick: They haven't forgotten. I've worked at a Department of
> Defense contractor ... [they have] firewall after firewall, machines
> kept in locked rooms with TEMPEST-proof walls.
DoD contractor...interesting.
> The DoD contractors try [to maintain security], but there's always a
Including yourself, of course.
> need to exchange data with other companies. Say you're Lockheed
> Martin. You're working on one part of an airplane, and another company
> is working on the radio, and another the flight control software. All
> these huge CAD files have to be exchanged so that everything will work
> together. That cannot be done by e-mail. So you need a dial-up or an
> FTP.... It's nobody's fault, really. It's just the way business works.
All those huge CAD files over dial-up...in an environment where T3
connections are commonplace. Shame it can't be done with email,
'cause we all know that's much more secure than FTP.
> Fosdick: It's usually not. But you'd be surprised how many modems are
> still available to dial into. [A modem] might be connected to a
> computer that's connected to a computer that's connected to a computer
> that has the single point of entrance into some "forbidden" network.
"Forbidden"??? You must mean the SIPRNET. You obviously don't have the
foggiest idea what kind of incredibly anal precautions are taken to
protect this network. Classified data might find it's way onto a NIPRNET
system, but trust me...YOU will not find YOUR way into a SIPRNET
system...PERIOD. I spent a number of years on active duty and I can't
recall ever seeing anything like this, other than systems that allowed
inbound calls from within the DSN network (with the speaker volume wide open)
and even then it was usually a temporary solution frowned upon by most and
monitored 24 hours.
> Fosdick: Microsoft is a big target, but it's less likely to be
> Trojaned than, say, Napster, or any of a dozen popular Net plug-ins
> like Winamp or mIRC. Big companies tend to have more sophisticated
> processes and better source-code control. Hacks there are more likely
> to get noticed. But small companies tend to be more careless.
Bugs more likely to be noticed at Microsoft??? Can you say "netscape
engineers are weenies"? Don't bother. In fact, say no more...I smell a
fraud. Great job PC World!!!
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]