Secur

ityi
nas
eri
ousway

The
Hacker
News Sept
ember2012,I
ssue14

ht
tp:
//
magazi
ne.
thehacker
news.
com
 S
ecu
rit
yinas
eri
ouswa
y
Aut
hor:Mohi
tKuma
r(Edi
tor
s-i
nChi
ef&Founde
r)

Thismo n t
h, Th eHac ke
rNe wsi stakingab ird’
seyev iewo fsecur
ity
, wh ati
t i
s ,whatisre-
qui
redo fth ein di
vidualuseran dhowt ob estsecur
eo urpe rsonalinf
o rmationo nthei nt
er-
net
s.Mo sto fu sareawa r
et hatthereares omev eryr ea
lt hreat
sint hewi ld,targeti
ngt he
dat
ao fc orpora t
ea ndhomeu sersali
k e
.Ma nyofus ,whof o l
lowt echn ews,h avere a
dt he
name so fsomek nownthreatsa ndwh a
te nti
ti
esh aveb ee nthema int arge
tso fatt
acki n
re
cen tmo nths .Mo stofusru na nt
i-malwa r
ea ppl
ica t
ions,a ndweb u i
ldap e rsonal,albe
it
aut
o ma t
ed,d ef e
nses t
rat
egy.I stheresome thingmo retha twec and o?Wh a tinformation
wil
lh elpu stou ndersta
ndth ethreatsinsuchawa yt ha
twec and efe
n dag ai
ns tthem?Asa
commu nit
yo fu s
ers,res
identso fthec yberlands
ca pe,wen eedtok no wwh atthet hr
eats
ar
ea n dh owt od efendo ur
selvesa gainstt
h em.Th et e
chn o l
ogyb ehindthet h r
eatsgrows
morec omp lex ,andthea r
chitectsofma lwa r
e,incr
e asi
ngly ,appeartob eprof essi
onal,co-
ordi
n at
edu n i
ts ,
somee vena ppea r
ingmi li
taryintheirta
ctic a
lb e
ha vi
or.Mi l
itaryUn i
tsare
t
raineda ndo rganiz
e dtoattacks olidtarget
s.Un ito nun itwa r
fareist hen a meo ftheir
game .Wh atth eyh a
v efai
ledtor eal
izeisthatwh ent he
yre leaseav er
ys ophis t
icat
edp iece
ofma lic
iou sc ode,toservea sana tta
cko na ne nemyt ar
g e t
,thecod ed oes
n ’tjustretr
act
i
ntoo bscurityo ncetheo pe
rationisc omp l
ete.

Theint
ernet
,aswek nowi t
,wa sd e
signedtob eapowe rf
ulplat
formo fi
nformati
ons har
-
i
ng.Anythingputfor
th,i
ntoanyo ftheinte
rli
nkednetworks,wil
lremainthe
re.Thereisno
del
etekey,thi
si nf
ormati
onh asp assedthroughma nyn odes,int
ernet
workedtog e
ther.
Onceit
’soutther
e,iti
spartofnume r
o uscaches
.No wthisweaponisinthehandsofma ny
peopl
e,andcanberepurpose
dtos ervenewa genda
s.Asar esul
tofthi
s,wenowh aveso me
ext
remelynast
yb ugsfl
oati
nga r
ou ndou rcommu ni
ty.Sinc
et hi
scodewa sdesi
gnedtob e
undet
ect
ablebyanys t
andardme ans,andextre
me l
yd if
fi
cultt
or e
mo ve,wearefacedwi t
h
somenew, ver
yseri
ouschallenge
s .

Wen ee dtol ooka tsecuri

tyi nas eri
o uswa y.Ho w mu c
hi nf
orma t
iondoy ouh ave
floa
tingaroun dthecyb erla
n ds
ca pe?Na me, phot
o ,fa
mi l
ya ndfrie
ndslist
s,banki
ngi nfor
-
ma t
ion,phy si
caladdressa ndco ntactinf
orma t
ion,p er
sona lcorr
espondence,t
helistgoes
ona sfarasth ehuma nc ondit
iona ll
o ws,andthatma kesitalonglist
.Wea l
lhaves ome-
thi
ng t op r
o t
ect
,o uri denti
ty,o urfamily,o urfinancialwe ll
-bei
nga ndo urp ersona
l
thoughts.
Wes tandtolosemo ret hanmo ney,butac ategor
ic a
lli
sti
ngo fal
ltheelemen t
sin
ourlivesthatma keu swh owea re.Weh a
v ealota tsta
k e
.Th eg oa
lofTh eHa ckerNe ws
istoh e
lpc reat
eas afere nvi
ronme ntforallusers.Th einformati
ona vai
labl
etop eopleas
theresul
to finte
rnetwo r
k i
ngh asch angedthewo rldfortheb ett
er,
butthed ar
ksideo ft
h a
t
avail
abili
tyo finf
o r
ma ti
o nisthatwea reallatri
sko flosingtoomu cho fourpri
vatelives
.
Pleasejoi
nu si nourjo urneyofl e
a r
n i
nga ndteaching,h e
lpu stoma ketheg ol
dena geof
infor
ma ti
onas af
eron efora l
lusers.
1THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 TooGoodToBeTrue=ALi
e
Aut
hor:J
ohnShi
nabe
rry(
Ass
ist
antEdi
tor
)

Wea l
lknowwh enano f
feri
sjusttoogood
t
ob etr
ue.Yet
,somewhereins
ideofeachof
usi
sap at
hol
ogic
alneedtofi
ndo ut
forsure.
Wek nowtha
tnobodyisgivi
ngawa yanex-
pens
ivetabl
etcomputerandtherea reno
f
reetr
ipst
otheFrenc
hRi vi
era
,butourwish
t
hatsuchthi
ngsweretrueissostr
on gtha
t
wetakechanc
estoatlea
stprol
ongth efa
n-
t
asy.

Thisisama j
orprobl
emo nt heinter
nets
.
Ma r
keti
ngp eopl
ek nowthischaract
eri
st
ic
ofhuma nnatur
ea l
ltoowell.Theyexploi
t
uswiththeirmarket
ingprowess,andthei
r
t
echp e
op l
etaketheoppor
tunit
ytoexploi
t
ourcomp ut
ers
.Clicki
ngana dvert
is
er’
slinkt
ake
syoudi
rec
tl
yint
othe
irwor
ldwhe
re
t
heyh avecont
rol.

Theywi llaskf orinformationabou ty ou,o btrusiveandi nappropri

ateq u est
ionsa bout
whoy o ua re,
wh e r
ey oua r
e,h owtoc o ntacty ou.Theyd ot hi
sintheg uiseo faf i
rstst
ep
t
owa rdo b t
ainingy ourpriz
e.Ifyouf o l
lowt h rougha ndpro vi
dethemwi llallofy ourin-
for
ma ti
o n,theyp ushitfart
her,theywa nttok nowj usthowmu c
hy oua rewi ll
ingtog i
ve
upinp ur sui
to fyo urdesir
e.Ofc ourse ,theywi lltrytose l
ly ousome thing,a s
ky ouf or
moren a me sa ndinforma t
iono ny ou rasso ciat
es.Allth ewh il
e,thes it
ei tselfismo st
l
ikel
yav i
rtuallandmi neofma li
ciou sc ode. Man yoftheses i
tesinst
allscriptsontoy our
sys
temt h atservemo reappli
cati
on stoy ouwi thouty ourk nowledge,e.g.d own l
oaders,
Troj
an s,RATs , browserands ear
che n gineh i-j
acks.Wewi l
ln everg eto urfreei t
em.
Thereisn ofreeitem.Weh avetof i
n dawa ytor ewireou rbrai
nsi nawa yt hatwewi ll
acce
p tthef actthatevenas hinyscami ss t
illjustascam.I ntheinternetag e,adverti
ser
s
ar
ea ffordedn ewl evelsofc ont
rolov erc ons ume r
s,andth eycana ndwi llu seeveryu n-
et
hicaltrickinth ebo oktotakeeveryth i
ngt heyc anfromy ouonceth eyha vey ouintheir
world.Th emo stseveree f
fectofthisp roble mo no urinternet
sist hefactth atma l
wa r
e
spr
ead slikewi ldfir
ef romthe s
es i
tes. Ad verti
sersa r
eth eb i
ggestma rke tforb ot
s,and
t
heywi lla lmosta l
wa ysserveyouwi t
hma lwa rewh ic
hwi llshanghaiy ours ystemintoa
botnetwo r
k.Th eseb otsareama jorp robl
e m.Th eb iggertheyg etthemo red angerous
t
heya ret oo urcy berwo r
ld.Wh il
ei tma ys e eml i
keap e r
so na
lissue,cha ncesa r
ewh en
wein fecto ur
s el
veswi thma lwarefro ma na dve r
ti
serssite,wea r
ep r
omo t
ingt hev i
ral
spr
eado fma li
ciousc odeacrossthee ntiren et
wo rk.
2THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Thewa ytoa voi
dt hi
sisv erysimp l
e.I ton l
yr equi
resth atweu seo urcommo nsense
whe nwer eadad ve
rtis
eme nt
so nl
ine.Ift headi soffer
ings ome thingthatistoog oodto
betrue,itisnottr
ue.Iftheya r
ewi ll
ingt olietoy outog e tyout ocli
c kalink,theyare
will
ingtoe xpl
oityouino t
herwa yson ceyo ugetthere.
Ad sfromwe l
l-
k nownc omp ani
es
of
feringg ooddeal
s,b ut
clear
lyno ttoog oodtob etrue,shou l
db etakeno nacaseb ycase
basi
s.Wes houl
dtakec ar
etos e
ewh erethelinkleads.Ifthea dverti
seme ntsa
ysCh evr
o-
l
et,butthel i
nkleadstoist
ealfr
omu .ru,y oukn owi t
’snott aki
ngy outoGe ner
a lMo t
ors
t
os hopfo ranewv ehicl
ecolor.I
no rdertos lowt hespr
e ado fma lware,wemu stb ereal
-
i
sti
ca nda ware(withah eal
thydo seofs kepti
c i
sm)wh e nr eadi
nga dverti
semen tsonthe
i
nternets
. Wec anst
o pasignif
icantamo u ntofma lwarefro ms preadingbys i
mp lyb e
ing
vi
g i
lantinthisarea.Awarenessistheg reatesttoolinou ra r
senala gai
n s
tma l
wa r
e,and
withalitt
leeffor
twec anp utman yoft hesema lic
iousc ode r
sou tofbu si
ness.

Youc
anr
eac
hJohnShi
nabe
rryatFac
ebook:ht
tps
:/
/www.
fac
ebook.
com/
shi
nabe
rryj
j

3THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Thegood and t
hebad of
theDeepWeb
Aut
hor:Pi
erl
uigiPa
gani
ni,Se
cur
it
ySpe
cia
lis
t

Int
r oduction
TheDe epWe b(orI nvi
sibl
ewe b)istheseto finf
ormati
onresource
so ntheWo rl
dWi de
We bn otrepor
tedbyn orma ls
earche ngi
nes,accor
dingarawe sti
mati
ono fsomes ec
urit
y
expertscle
arwe breprese
n t
sonlyas mallport
ionoftheover
allwebcontent
,ther
ema ini
ng
par
tisu nknownt othema jori
tyofwe busers.
Ordinarywe busersarelit
eral
lyshockedwh enu nder
sta
ndtheex i
st
enceoftheDee pWe b,
anetwo rkofinter
conne c
tedsyste
ms ,notindexed,havi
ngasizehundredsofti
me shighe
r
tha
nt hec ur
rentweb ,a
round5 00times.
Toe xp l
ai
nt heDe epWe bIu setoc i
tethed ef
init
ionprovi
dedb ythefounderofBright
-
Pla
n et,MikeBe rgman,th a
tco mparedsearchi
n gontheInte
rnettodaytodraggi
n gan e
t
acr
o s
st hesurf
aceo ftheocean:agreatdealma ybecaughti
nth enet
,butthe
reisawe alt
h
ofinf
o rmati
ont ha
tisd eepandtherefor
emi ssed.

Whoandwhycouldbeint
eres
tedt
otheDe
epWe
b?I
stheDe
epWe
bther
eignofc
ybe
r-
c
rime
?Isitl
egals
urfinanonymit
y?

Prof
essi
onal
shavese
ver
ala
dva
ntage
stosurft
hroughDeepWe
bandthec
onvi
cti
ont
hati
t
re
prese
ntsapar
all
elwor
ldf
ori
ll
ici
tact
ivi
ti
esispr
ofoundl
ywr
ong.

4THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Dee
pwe bgi
vesagr
eatoppor
tuni
ty
,tha
t’
swhyCit
ade
l’
sa ut
hor
swi
llpr
oba
blymi
gra
tet
o
t
hehidde
nweb,t
ryi
ngtoavoi
dthecont
rol
sofl
awenfor
cement
.

Thene
edtor est
ri
ctt
heaudienc
eo fprospe
cti
vecust
omerscoul
drest
ri
ctt
hegloba
lbusi-
ne
sspr
eservi
ngi t
svi
tal
it
y.Thea nonymit
yisaneedforc
y be
rcri
minal
,wehaveassi
ste
d
t
otheprol
if
e r
ati
onofencrypt
edinst
an tmess
agi
ngcommu ni
cat
ionsandofVPNs er
vice
pr
ovi
ders
,alltoavoi
dtobespiedon.

Cybercri
mei scha
ract
eri
zedbyate
chni
c a
lsoul
tha
tispushi
n gt
heimple
me nt
ati
onofnew
hi
ddens e
rvicesdepl
oyedinthedarkweb,wea r
ea s
sist
ingtotheconsol
ida
ti
ono fthe
bl
ackma rket
,broke
rscanset
upauct
ionst
osel
lnewma lwareandz
e r
o-da
yv ul
nera
bil
it
ies
ens
uringtheanonymit
yo ft
hepar
ti
es.

DeepWe b… apo we r
fulanal
ysi
stool
Weh avesee
nt ha
tDe e
pWe bthankst
oa nonymi
tya
n di
tsdi
mensi
onsre
pre
sent
sagr
eat
oppor
tuni
tyforcybe
rcrimi
nalbus
ines
siti
sa l
soapower
fula
nal
ysi
stool
.

TheTo rMe t
ri
csPo rt
algivesas etofu s
e f
ultheinstrumentstomo ni
torsthewo rkloadof
t
heTORn etworks,i
tproposesac omp let
ec ol
lect
iono ftool
sa nddocumentationsforst
a-
t
ist
icalanal
ysi
sreg a
rdingthea cti
v i
ti
eso frel
aysa ndb r
idges.Thesemetri
csc oul
da lsobe
use
df orint
ell
igencepurpose,fo rexamp leanalyzingprinc
ipaln e
tworkme tr
icsitisp os
-
si
bletoinves
ti
gateonthea pplicati
ono fmo nit
oringsysteminsideacountr
yf orcensorshi
p
pur
p ose
.Re c
entl
yi nma nyare ao ft
h eplanetsimila
rs yst
emsh avebeenu sedtos uppre
ss
mediaprote
standtop e
rsecut
ed i
ssidents,avoi
dingthec i
rcul
ationofunconf
o r
ma bleinfor
mationouts
idethecountry
.Itish appen edforexamp leinSyri
aa ndinIran,
c ountrywh e
re
t
hec ontr
olofthewe bisama jo rconcerno fthego vernment.
Th esesi
tuat
ionsa r
ee xpres
-
si
ono fapoli
ti
calsuff
eranceo fac ountryandc oul
dg iveafurtherel
emen tofevaluat
ionto
t
hea nal
ysts
.

Analyz
ingthenumbe
ro facces
stotheTorNe t
workovert
h et
imeithasbe
enp os
sibl
efor
exa
mp let
odisc
overhowTh eEthi
opia
nTe l
ecommu ni
cat
ionCorpor
ati
on,
uniquete
lecom-
municat
ionser
vicepr
ov i
derofthec ount
ry,hasdepl
oyedfortest
ingpurpos
eaDe ep
Pac
k e
tInspe
cti
on(DPI)ofallI
nter
nettr
aff
ic.

Usi
ngthemet
ri
csi
twa spos
sibl
etoi
dent
if
ythei
ntr
oduc
ti
onoft
hef
il
te
rings
yst
ema
sdi
s-
pl
ayedi
nthef
oll
owinggraphs
.

13THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
I
t’
ssi
mp l
etonotet
hatinthel
astweekofMaytheTorNet
wor
kwa snotacc
ess
ibl
efrom
t
hecount
ryeve
nwi t
htryi
ngtou s
eb r
idge
dacc
ess,e
vide
nceoft
hepr
es e
nceoffi
lt
eri
ng
s
yst
emforDeepPacketIns
pec
tion.

DeepWe bisno tthehe l

l
Afterthi
so ver
viewId e s
iretoe xpl
aintotherea
d er
sthatdespi
tetheDeepWe bp r
ovidean
envir
onme nttop r
otecttheirprivacyther
ea r
ese ve
ralcondi
ti
on sanddiff
erentt
ypeo fa
t-
t
ack sthatcoulde xposeu ser’
si dent
it
y.Go ver
n mentsareincreas
ingthei
rc apa
bil
ityto
mon it
ortheh i
ddenn etwo r
k ,ma i
n l
ytryi
ngt oinfi
ltr
ati
ngthem wi t
hsp yi
ngs e
rvic
es.In
moret ha
no neo ccasi
onweh avereadofseveralU.S.cyberunitst
otal
lydedica
tedtothe
mon it
ori
ngiftheDe epWe b.
Weh a
ves ai
dthatDe epWe bisac rea-
t
ured esi
redb yg overnmen tstoa l
low
t
oo perat
ei nt otal
lya no nymity,o f
coursethisaspecth asb eena lsoe x-
pl
oitedbyc ybercriminals,ha c
k t
ivi
sts
andn or
ma lp eop l
et hatd esir
et o
def
e ndthei
rprivacy,forthi
sr easonin
st
it
u t
ionsanda genciesofe veryc oun-
t
rieshavep r
omo tedpro j
ecttod evelop
new mo nit
ori
n gsy s
temsa n da tsame
t
imet heyh aves t
artedami sinfor
ma -
t
ionc amp a
igna gai
nstthet hisparall
el
andh i
ddenwo rld.

Theg overnmentswa ntyo us t

ayf ar
fr
omh i
ddenwe b,becaus
et he
yc annot
spyony ou,
thecrimeispresenti
nd e
ep
weba sinthec l
earwe bofc ours
ethe
anonymitygrant
edb ydeepwe bc oul
d
encoura
gea ndf aci
li
tat
ec ri
mi na
la c-
t
ivit
iesbutatsametimeitrepres
entan
obst
acletothecri
minalthatfor
examp l
edesir
etos t
ealse
ns i
bleinf
ormati
onoft
heus
ersors
pyont
hem.

Mean wh i
leont hecle
arwe bwea reabletofindma nyreport
sp roducedb ysecurit
yfir
ms
oncyb ercri
mi na
l a
cti
vit
iesandrel
atedearnings
,wek nowr el
a t
ivel
yl i
tt
leabo ut
thep r
ofi
ts
r
elat
edt otheDe epWe bthatwer e
me mb ertobeofsizeandtu r
no verdramatica
llygreat
er
t
hanth edarkwe b.Ifyoudesi
retoan a
lyzethedeepwe bu nderpers
p ect
ivesneverfaces,
if
you'
reth i
rst
ytok nowa boutoneofthemo stcont
rover
sialt
o pi
csa ndifyouwa nttou nde
r-
st
andwh atistheDe epWe bDon o tmisstheu pc
omi ngbo ok"Th eDe epDa rkWe b"b y
RichardAmo r
es&Pi erl
uigiPaganini
I
nt heme antime… d on’tbel
ievetothosethatsayyo uthatDe epWe bist herei
g nofthe
evi
l,be ca
u s
et heyaretr
y i
ngsimp l
ytod efendthei
rs ec
retsk e
epingy oua wayf romthat
pl
ace.
14THN-Magazi
ne|
August2012 www.
thehacker
news.
com |I
ssue13
 Let
’sstar
ttowiththeconsi
der
ati
onthati
ll
ic
itac
tivit
ie
saredail
yarr
ange
do nclea
rweb
suc
ha sintheDeepWe b,i
nma nycas
eweh aver
e a
do fpl
atf
ormsuse
dtosprea
da nds
ell
malwareintheordi
nar
ywe bandwea l
lknowthatisqui
tesi
mp l
etofi
ndanykindofob-
j
ects
,alsoil
lega
l,onthecl
earweb.

Bu t
wh a
tpr
imarydis
ti
n gui
shthecl
earwebfr
omt heDeepWe b?Ofcoursewhenwespeak
ofhidde
nwebwec anthinktoad ar
kwo r
ldcha
racte
riz
edb ythepos
sibi
li
tyt
os ur
f,unde
r
speci
fi
ccondi
ti
ons,i
nt ot
all
yan onymi
ty
.Thisaspec
tma keverydesi
rabl
etheDeepWe b
f
o rcybe
rcr
iminal
sthati
ns hor
tti
mea r
emo vi
ngallthei
racti
vit
ie
sinthedar
kwo rl
d.

Butconside
ral
sotha
ttheDe epWe bisthepr
ivi
lege
dc hanne
lusedbygovernment
stoex-
changedocument
ssecre
tly
,forjour
nali
stst
ob ypa
ssc e
nsors
hipofs
ev e
ralst
ate
sandals
o
di
ssi
de nt
stoavoi
dthecont
rolofauthor
it
ari
anregi
me s… andthe
searejus
tfewsampleof
noti
ll
icitus
eofther
e s
ourcesofdeepwe b.

Ho wi sposs
iblethatresource
slocate
do ntheweba renotv i
si
bleandwhi c
ha rethe
contentofthehidde nweb?
Ordinarysear
che ngine
sus esof
twarecal
le
d" c
rawler
s"tofi
ndc ont
entont heweb,they
ar
ec omp ute
rp rogra
mst hatbr
ows est
heWo rl
dWi deWe biname thodi
cal
,a ut
oma t
ed
ma nnerandaremainlyuse
dt ocr
e a
teacopyofal
lthevis
it
edpagesforla
terproces
singby
asearchenginethatwil
lindexthedownloa
dedpagestoprovi
defas
ts e
arches
.

Thistechni quei sine f

fectivefo rfindingt hehi ddenr es
o urcesoft heWe bt ha tcould
beclassifi
edi ntothef o l
lowingc ategories:
• Dy na micc ontent:dyna micp ageswh i
cha reret
urnedinr es
po ns
et oas ubmittedquery
oraccessedo n l
yt hr
o ughaf orm,e spe ci
all
yi fopen-domaini nputeleme nt
s(su chastext
fi
el
ds)a reus ed;suchf i
e l
dsa reh ardton avigatewithoutdoma i
nk no wledge.
• Un linkedc on t
ent:p a
g eswh icha ren otlinkedtob yotherpa ges,wh i
chma yp r
event
Webc rawl i
n gp rogr
a msf roma ccessingthec ontent
.Th i
sc ontentisreferr
edt oa spages
wit
hou tback l
ink s(orinli
n ks)
.
• Pr iva t
eWe b:sit
e sthatrequirer egist
rati
o nandlogin(passwo r
d-p r
otect
edr esource
s).
• Co ntextualWe b: pageswi thc ontentvary i
ngfordiff
erentaccessc ont
exts(e.g.
, r
anges
ofcl
ientI Pa ddresse
so rp revi
o usn avigati
ons equence).
• Li mi teda ccessco nte
n t
:s i
testh atlimitaccesstothei
rp agesinat e
chnicalwa y(e.g.
,
usi
ngt heRo botsEx clusionSt andard ,CAPTCHAs ,orn o-cachePra gmaHTTPh e
aders
whichp rohibitsearche nginesfromb rows i
n gthema ndcreati
ngc achedc opi
es).
• Sc r i
p t
edc on t
ent:pa gesthatareo n l
ya ccessi
blethr
o ughlinksprod uc
edb yJ avaScri
pt
aswella sco nte
n tdyn a
mi call
yd o wn l
o adedfromWe bserversviaFla s
ho rAjaxs olut
ions.
• No n-HTML/ te
xtc o nt
en t
:te xtualc ontentencodedinmu lt
ime dia(ima geo rv i
deo)
fi
le
so rsp ecif
icf i
lefo r
ma tsnoth and l
e dbys earchengines
.
• Te x tcon t
e ntusingt heGo ph erpro t
o c
o landfil
esh ost
edo nFTPt hataren otindexed
bymo sts earche ngi
n es.En gi
n essu cha sGo o gl
edon otindexp ageso ut
sideo fHTTPo r
HTTPS.

5THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 TheTorNe twork,howtopr e
ser
vetheano nymi
ty?
Tori
stheac
ronymo f"Theoni
onrout
er"
,asystemi
mp le
me nt
edtoenabl
eonl
ineanonym-
it
yaspartofaproj
ectspons
oredt
heUSNa valRe
searchLabora
toryf
rom200 4t
o2 005
ands
uccess
ivel
ysupport
edbytheElec
troni
cFront
ierFounda
tion.

Act
uall
ythesof
twar
eisunderdeve
lopmentandma i
nte
nanc
eo fTorPr
ojec
t.Ause
rtha
t
na
vigat
eusi
ngTori
t'
sdif
fi
cul
t t
otr
aceensur
inghi
sp r
iva
cybeca
u s
etheda
taaree
ncr
ypt
ed
mult
ipl
eti
mespass
ingt
hroughnodes
,Torrel
ays,oft
henet
work.

Torc
lie
nts
oft
warerout
esInt
erne
ttra
ffi
cthr
oughaworl
dwidevol
unt
eerne
twor
kofs
erv-
er
shidi
nguse
r'
sinf
ormati
oneludi
nganyact
ivi
ti
esofmoni
tor
ing.

Howdo e
sTorne t
wo rkwor
ks?
I
magineatypi
calsc
enari
owher
eAlic
edesi
retobec
onne
cte
dwi
thBobus
ingt
heTorne
t-
wor
k.Let’
sseeste
pb yst
ephowiti
spos
sibl
e.

Shemake
sanunencrypt
edc
onne
cti
ont
oac
ent
ral
iz
eddi
rec
tor
yse
rve
rcont
ai
ningt
hea
d-
dr
ess
esofTornode
s.
6THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
Aft
errece
ivi
ngtheaddr
essli
stfr
omthedirec
tor
yser
vertheTorcl
ientsof
twarewillcon-
nec
ttoarandomnode(t
hee nt
rynode
),thr
oughanencr
ypt
e dconne
ction.
Th eent
ryn ode
wouldmakeanencr
ypt
edc onne
cti
ontoarandomse
condnod ewhi
chwo uldintur
nd othe
sa
met oconne
ctt
oar a
ndo mthir
dTornode.Thepr
oces
sg oesonunti
litinvol
vesan ode
(
exitnode
)conne
ctedt
othed es
ti
nat
ion.

Consi
dertha
tdur
ingTorr out
ing,ineac
hc onne
cti
on,t
heTornodearera
ndomlychos
en
andthesa
men odecannotbeusedtwiceinthesamepat
h.Toensur
eanonymit
ythecon-
nect
ionsha
veafixeddurat
ion.Ev e
rytenminut
estoavoids
tat
is
ti
calana
lysi
stha
tcoul
d
compromi
setheuse
r’spr
ivacy,t
h ecl
ients
oft
warechange
stheent
rynode

Uptonowweh aveconsi
dere
da ni
deals
it
uat
ioninwhic
hau se
rac
cess
esthenet
workonly
t
oc onne
cttoanot
h e
r.Tofurt
hercompl
ica
tethedis
cuss
ion,i
narealsc
enari
o,thenode
Ali
cecouldint
urnbeu s
edasan odef
orrout
ingpur
poseswit
hot
herest
abli
she
dco nne
c-
t
ionsbet
we e
notheruse
rs.

Amal
evol
entt
hir
dpa
rtywouldnotbeabl
etoknowwhichconne
cti
onisi
nit
ia
teda
saus
er
a
ndwhic
hasnodemakingi
mp os
sibl
ethemoni
tor
ingofthec
ommu ni
cat
ions
.

Ever
yday,a
llourwebact
ionsl
e a
vetrac
esofour
sel
vesandofourwayofli
fet
hroughthe
st
ori
ngofmass
iveamount
so fpers
onaldat
aindat
abas
esinint
erne
t,a
llt
hes
einf
orma t
ion
compos
eourdi
gita
lide
nti
ty,ourrepr
ese
ntat
ioni
nthecybers
pace.

Use
rsar
e"enti
ti
es"i
nth ecybe
rspa
ce,bui
ltals
owit
hthecorr
ela
ti
onofdat
athati
ncr
eas-
i
ngl
yescape
sthecont
roloft
heo wner
,anyonecant
heor
eti
cal
ly"e
xpr
opr
iat
e"ofourdi
gi-
t
ali
dent
it
y.

Toda
ytracki
ngusera
cti
vit
iesonint
erne
tareoneoft
hepri
mar
yint
ere
stsf
orpr
iva
tec
om-
pa
niesandGo ve
rnment
s,busi
nessandpol
iti
calmot
iva
ti
onsa
repus
hingont
hedeve
lop-
mentofmonit
ori
ngandsurvei
ll
ancesys
tems.

Anonymouscommunica
tionshavea
nimporta
ntpla
ceinourpol
it
ic
alandsoc
ialdi
scour
se,
manyindi
vidua
lsde
sir
etoh idet
hei
ride
n t
it
ie
sbecaus
etheyma ybeconc
ernedaboutpo-
l
it
ic
aloreconomicr
etr
ibut
ionh a
ras
smentoreve
nthre
a t
stot
heirl
ive
s.

Anonymi
tyisder
ivedfr
omtheGreekwordanonymi
a,me ani
ng"withoutaname"
,inthe
commonusagethet
ermrefe
rstot
hest
ateofanindi
vidua
l'
sp e
rsona
lidenti
ty
,orper
son-
al
lyi
dent
if
iabl
einfor
mati
on,be
ingpubl
ic
lyunknown.

I
ninte
rnettheanonymit
yisguar
ante
edwhenIPaddre
sse
scannotbet
racke
d,duethi
s
r
eas
oni thasbe
ena ssi
st
edtothecre
ati
onofAnonymi
zings
ervi
cessuc
ha sI2P-The
AnonymousNet
wo r
ko rTora
ddres
s.

7THN-Magazi
ne|
August2012 www.
thehacker
news.
com |I
ssue13
 Theanonymizingser
vic
esarebase
do ntheconce
ptofdist
ribut
ionofrout
inginf
ormati
on,
dur
ingat r
ansmiss
ioninfacti
snotknownp ri
orthepathbetweensourc
ea nddest
inat
ion
andeverynodeo fthenet
wo r
kma na
g eminimalinf
ormati
ont orout
ethep ac
ketstothe
next
hopwi thoutc
onser
vinghis
tor
yont hepat
h,t
heintr
oductionofenc
rypt
ionalgor
it
hms
makeimp os
sibl
ethewiret
appi
ngoftheinfor
ma t
ionandtherecomposi
ti
ono ft
heo r
igi
nal
message
s.

TheSu pr
emeCou r
toftheUni
tedSta
tesha
srule
drepeat
edl
ythatt
heri
g htt
oanonymous
fr
ees pee
chisprote
cte
db ytheFirs
tAme ndment
.A much-c
it
ed1 995Supre
meCo urt
rul
inginMcInt
yrev.OhioEl
ect
ionsCommissi
onreads
:

Prot
ecti
onsfora nony
mo usspee
c harevitaltodemo c
rat
icdisc
ourse.Al
lowi
ngd is
sent
ers
t
os hi
eldthe
irid e
ntit
iesfr
eesthemtoe xpresscri
ti
calminori
tyvi
ews...An onymityi
sa
shi
eldfr
omthet yrannyofthemajori
ty....Itthusexempl
if
ie
sthep ur
p os
ebehindtheBil
l
ofRight
sando ftheFirst
Ame ndmentinp art
icul
ar:topr
otectunpopul
arindi
vi
du al
sfr
om
ret
ali
ati
on...a tthehandofanin t
ole
r antsoci
et
y .

Manyins
ti
tut
ionsandfounda
tions
,suchasTheEl
ect
ronicFr
ont
ierFounda
ti
on,ar
espe
nd-
i
ngagreate
ffor
ttoprot
ectt
heright
stoonli
neanonymit
y.Asonecour
tobser
vedinac
ase
ha
ndle
db yEFFa l
ongwi t
htheACLUo fWashi
ngt
on :

"
[T]hef
reee
xchangeofide
asontheI
nterne
tisdr
ive
ninl
argepar
tbyt
heabi
li
tyofI
nte
r-
ne
tuser
stocommunic
a t
eanony
mo us
ly.
"

USFir
stAme
ndme
nts
ett
ledt
hatt
her
ightt
ospe
aka
nonymous
ly,t
heSupr
emeCour
tha
s
he
ld,

“Anony
mityi
sas hie
ldfr
omthety
rannyoft
hemajor
it
y,
”that“e
xempl
ifi
est
hepurpos
e”
oft
heFirs
tAme ndment
:“topr
otec
tunpopul
ari
ndi
vidual
sfr
omret
ali
ati
on.
..
att
hehand
ofani
ntol
erants
ociet
y.
”

Cour
tpronunc
iat
ionsest
abl
isht
h edut
yforgove
rnment
toguardaga
ins
tunduehi
ndr
anc
es
t
opoli
ti
calconve
rsati
onsandtheexcha
ngeofidea
s,avi
gil
antre
vie
wt ha
t

“mus
tbeunde
rtak
enandanal
yze
donac
ase
-by
-cas
ebas
is”.

USlawsest
abli
s hrightt
oSp ea
kAn onymousl
yo nt heInt
erne
ta ndal
sori
g htt
oRe ad
Anonymous
lyont heInt
erne
tensur
ingt
heprinc
ipl
eo ffr
eeint
erneti
deol
ogi
calconf
ront
a-
t
ionandt
herighttofr
eemo vementofi
nfor
ma t
ion.

“Peopl
ea r
epermit
tedt
oi nt
eractpse
udony
mo us
lyanda nony
mouslywit
heac
ho t
herso
l
ongasthos
ea c
tsar
en otinvi
olati
onoft
helaw.Thisabi
lit
ytospe
ako ne
’smi
ndwithout
t
heburde
no ftheot
herp ar
tyknowingal
lthefact
sa boutone
’si
denti
tycanf
ost
eropen
c
ommu ni
cat
ionandrobustdebat
e.”

8THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Thetec
hnologi
caldevelopmentsofre
centyea
rscaus
edhi
ghatt
ent
iontothele
gala
nd
t
echnol
ogica
lpo s
sibi
li
tytoma int
aint
heonlinea
nonymi
tyes
peci
al
lyinthefa
ceofthe
mult
ipl
ica
tionofres
ource
si nt
erne
tmonit
ori
ng.

Theright
toint
erneta
nonymit
yisalsocover
e dbyEur
opeanlegi
sl
ati
ontha
tre
cogniz
e st
he
funda
me nt
alr
ighttodatapr
otec
tion,fr
eedomofexpres
sion,f
ree
domo fi
mpress
ion.The
Europea
nUn i
onCh arte
rofFundame nta
lRight
srecogni
zesinArti
cl
e.8(Ti
tl
eII:"Fre
e-
doms")ther
ightofever
yonetoprot
e c
ti
ono fpe
rsona
ldataconce
rni
nghim.

Theri
ghtt
op r
iva
cyisnowe s
sent
ial
lyt
hei
ndi
vidua
l'
sri
ghtt
oha
vea
ndt
oma
int
ainc
on-
t
rolove
rinf
ormat
ionabouthi
m.

Sail
ingint hedark
Aftert
h i
sn eces
saryparent
hes
isonTorn e
tworkrou t
ingwea rereadyt
oe nt
ertheDeep
We bsi
mp lyu s
ingtheTorsoft
waref
romt heoff
ici
alwe bsit
eoftheproj
ect
.Torisabl
eto
worko nalltheexis
ti
ngp l
atf
ormsandma nyadd-onsma kesi
mp l
etheyint
egr
ati
oninex-
is
ti
n gappli
c at
ions
,incl
udingwebbrowsers.Despi
tethen et
wo r
kh asbee
np roj
ect
edto
prot
ectuser’spri
vacy,t
obereall
yanonymousit
'ssuggest
edtog othr
oughaVPN.

Abett
ermo detonavi
gateins
idethedeepwebistouset
heTa i
lsOSd i
st
ribut
ionwh i
c his
boot
abl
ef r
oma nyma chi
ned on'
tlea
vingatra
ceo nt
hehost.OncetheTorBu ndl
ei sin-
s
tal
ledi
tc omeswit
hitsownp or
tabl
eFiref
oxvers
ion,
ide
alforanonymousnaviga
tiond ue
a
na ppr
opriat
econt
rolofins
tal
ledplugi
ns,i
nthecommerci
alvers
ioninf
actcommo np lu-
gi
nscouldexposeouride
nti
ty.

Wellonc
einsi
det
hedee
pwebwemu s
tunde
rst
andtha
tthena
viga
ti
onisqui
tedif
fer
ent
f
romo r
dina
ryweb,e
ver
yre
sea
rchi
smo r
ecomple
xd uet
heabse
nceofinde
xingofthe
cont
ent
.

Au s
erthatstarti
t'
snavi
gati
oni ntheDe e
pWe bhavetoknowt hatacommo nwaytoli
st
t
hecontentistoadoptc
olle
cti
ono fWi ki
san dBBS-li
kesi
teswh i
chhavethemai
np ur
pose
t
oa ggr
eg a
teli
n ksca
tegor
izi
ngthemi nmo resui
tabl
egroupsofconsul
ti
ng.Anot
herdi
ffe
r-
e
ncethatu s
erh ast
otakeinmindi st
h a
tinstea
do fcl
ass
icextens
ions(e.
g..c
om,.
gov)the
domainsintheDe epWe bgeneral
lye ndwi t
hthe.oni
onsu f
fi
x.Fo l
lowingashor
tli
stof
l
inksthathavema defa
mo ustheDe epWe bp ubl
is
hedonPa s
tebi
n

Cle
anedHi dde
nWi kishoul
dbeaa
lsoagoods
tar
ti
ngpointf
ort
hef
ir
stna
vigat
ions
.Be
ca
reful
,someco nt
ent
arela
bele
dwi
thcommonus
edtags
uchasCP=c
hil
dporn,
PDi spe
-
dophi
le,s
tayfarfr
omthem.

TheDeepWebisconsi
der
edtheplacewhereever
ythi
ngisposs
ibl
e,youcanfindeve
ry
ki
ndofmat
eri
alandser
vic
esforsal
e,mo s
tofthe
mi l
lega
l.Thehidde
nwe bof
ferstoc
y-
be
rcri
megr
eatbus
ine
ssoppor
tuni
ty
,ha c
kingse
rvi
ces,mal
wa r
e,s
tol
enc r
edi
tca
rds,wea
p-
ons
.

9THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Weallknowthepot
enti
ali
tyofthee-
comme r
ceinordi
n a
rywebandit
simpr
ess
ivegr
owth
i
nlastc
oupleofye
ars,wel
ln owimagi
netheDeepWe bma r
kett
hat
ismoret
han500t
imes
bi
ggerandwherethe
reisnol ega
lli
mit
sontheo ddstosel
l.Wear
efaci
ngwithamazi
ng
bus
ines
scontr
oll
edbyc ybercr
imina
lsor
ganiza
ti
ons.

Theda rkbusiness
Assaidthehiddenwebiscons
ider
abl
eawi demarkedcover
edbya nonymit
y,acondi
ti
on
t
hatma keita
ttr
acti
vefort
hecyber
cri
meindust
rytha
t i
smo vi
ngit
sbusines
sinaregi
ono f
cybe
rs pac
ewh ereisr
eall
ydi
ffi
cul
ttotr
acesel
ler
sanda c
quir
es,
wh at
evergoodst
heye x-
cha
nge.

Major
it
yo fDe epWebk nowisjustbecausethe
yhavere
adabouttheposs
ibil
it
ytoacqui
re
weapons
,ma lwareanddrugsintota
lsecuri
tyavoi
dingt
hecont
rolofl
awe nfor
cementand
f
arfr
oma n yk i
ndoflimit
ati
ons.Ineffec
tinsever
almarke
tplac
ep re
sentintheda
rkwe b
i
tispos
sibl
etoa cqui
reil
legal
o ddsandthepres
shasmadegre
atadvert
is
ingonthi
saspect
,
t
hati
sthety peofnewsthatpeopleloveto.

Oneofthemos
tfamousdarkmarketi
swi t
houtdoubtSil
kRo adwebsi
te,anonlinemar-
ke
tpl
acewher
ethema j
ori
tyofproduct
sarederi
vedf r
omi l
le
galact
ivi
ti
es.Ofco ur
seit
's
nott
heonlyone
,ma nyot
herma r
ketsaremanagedtoa ddr
essspe
cif
yp roduc
ts,bel
ieve
me,manyoft
hema r
eter
ri
fying.

10THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Mostt
rans
acti
onsontheDeepWe bacceptBit
Coincurr
encyforpaymen t
sall
owingthe
pur
cha
seofanykindofpr
oductspre
servi
ngtheanonymit
yofthetr
ansac
tion,e
ncour
agi
ng
t
hedevel
opmentoftr
adeinres
p e
cttoanyk i
ndofil
lega
lacti
vit
ies
.Wea refac
ingwit
han
a
utonomoussys
temthatadvant
agetheexerci
seofcri
minalact
ivi
ti
eswh il
eensur
ingthe
a
nonymit
yo ft
rans
act
ionsandtheinabi
li
tytotr
ackdownthecrimina
ls.

Rece
n t
lytheCarne
g i
eMe l
loncompute
rs ec
urit
yprofes
sorNic ol
asChrist
inpubl
is
heda
r
esea
rcho nSil
kRo adan dit
sb us
ine
ssmo del
,itseemsthatthema r
ketisabl
etoreal
ize
$22Milli
onInAnnu a
lSa l
eso nl
yrel
ate
dt othedrugmarket.Totalr
evenuema debythe
se
ll
ershasbeenes
timatedaroundUSD1 .9mill
ionpermo nt
h,anincredi
blebus
ines
sals
o
f
ortheSil
kRo adoperat
orsthatr
ecei
veaboutUSD1 43,
000p e
rmo nthincommissi
ons
.

Thee xper
tsh avee xaminedo ve
r
24,
400s epa
rat
ei temss ol
do nthe
popul
arsit
ed e
mo nstr
ati
ngthatSil
k
Roadi s ma i
n l
yu s
eda sd r
ugs
market
,v er
yi nt
eres
ti
nga lsothe
composi
ti
ono ft hesell
erstha
tfor
obvi
ousn e
edsl eave
s wi t
hin a
coupl
eofwe eksthesi
tetoappea
rin
se
condtime.

Thes
tudyha
sa na
lyze
dtheevol
uti
onofthemarke
tinthel
astmont
hsde
monst
rat
ingthei
n-
cr
eas
ingofthebusi
nessmaybeo bt
aine
da l
sothankstothea
uraofmys
ter
ytha tmany
medi
agivet
heDe epWeb.

Thenumbe
rofsel
lersofanykindofdr
ugsispa
sse
dfr
om300i
nFe
brua
ryt
oar
ound570
i
nAugusta
srepor
tedinthefol
lowi
nggraph:

Wh i
cha r
ethemo stsol
dp r
oducts
?
Thes t
udyh asgroupedthep r
oduct
incategor
iesandh asrevea
ledthat
the"mostwa nt
ed"itemsared r
ugs,
fol
lowingisproposedthel
istofthe
Top2 0categor
iesinter
mso fit
ems
avai
labl
e.

Mo stselle
rsleavet hesitef a
irl
y
quickl
y,b utacoreo fabout4%o f
the
mh avebeenonth es
it
efo rt
he
ent
ir
ed urat
ionofo urst
udy,themajor
it
yo fs
ell
ersar
eo nl
yont hesit
eforl
esstha
ntwo
months,mayb eb e
causethe
yl ea
vethesi
teoncesol
dtheproductsorbec
aus
etheymove
"i
ntostea
lthmo deassoonastheyhavees
tabl
is
hedalargeenoughcust
omerbase
".

1
1THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Theexpert
sandl a
we nf
orcemen tar
ec onsc
ioustha
tarefacingwit
hana nomalousma r
ket
whereident
it
iesar
ehidden,pa
y me nt
sdiffi
cul
ttotr
ace,whe r
en oadve
rti
si
ngisma dea nd
wheretheacce
s st
othe"marketp l
ace"i
mp li
esanonymizi
n gtools
uchasaTo rcl
ient.De-
spi
teallthi
sco ns
ide
rat
ionthes tudyha sreve
aledas t
ri
n gg r
owthoftheb usi
n e
ss,the
marketappe
arsinexpans
ionan dnumb erofsel
ler
sthatuseitisdr
amati
call
yincrease
d .

Chr
ist
inde
cla
re I
d:“t’
sas
tabl
emar
ket
plac
e,andov
eral
lit
’sgr
owi
ngs
teadi
ly
.”

Butma nyus
ersonthesi
tehavewo rr
iedforposs
ibl
einfi
ltr
ationma debylawenforc
eme nt
,
anot
hersour
ceofconcernsistha
tsev e
ralofi
tshigh-
profi
lesell
ershavedisa
p pe
ared.The
pos
sibi
lit
ytoinf
ilt
rat
eas imila
rma rketisconcr
eteandma r
ketp l
acesuchasSilkRo ad
r
epresent
sinmyo pi
n i
onamo der
ateris
ksfortheworldwidec ommu ni
ty.
Th emo s
tprob-
l
ematicaspe
ctsofsi
milarbusi
nessisthatt
heyarecontr
oll
e dbyc ri
minalorga
nizat
ionbut
t
hefigurepr
oposedarefarfromtoju s
ti
fyama ssi
veGo vernmen ti
nte
rvent
ion,theprob-
l
emi showmu chhiddenservi
cesli
k ethi
sareinthedar
kwe b?

ButDeepWe bisa
lsofamousbec
auseisthepla
cewh e
reisr
ela
ti
vesimpl
etoacqui
remal
-
wareandsimil
aragent
storea
liz
ec yberf
raud,oneofthemostr
eques
tedar
ti
clearebot
age
n t
stobeablet
oc ompos
eab ot
netwithoutpar
ti
cul
arknowl
edge.

Recent
lyIreadofabotne
to f
fer
in gfr
o mthedeepwebd es
cri
besma nyint
ere
sti
ngtechni
-
calcha
ract
eri
sti
cs.Wi
thjust$8000a ndthr
eeIPaddr
essesi
tispossi
blet
osetupC&C, and
getapers
onal
izedcopyofthebo ttha
thasah a
rdcode
d/obfus
cate
dma xof1 0kzombies
.I
havenoideaistheof
feri
sr e
albu ti
sh i
ghp r
obabl
ethatsi
milaroff
ersar
ed a
ilyavai
labl
e
ondeepwe b,wecanimagi
n etheimp ac
tonthiswaveofma l
wa r
einthecyberspac
e.

Weh aveexpl
aine
dsevera
lti
methatan e
wmo de
lo fbus
ine
ssisgrowingaroundmalwar
e
s
ell
s,oldst
il
ec r
iminal
sarei
nves
ti
ngi ntec
hnologytoexpa
ndtheirac
tivi
ti
es,t
h e
yarere
-
ques
ti
ngs uppor
ta ndmater
ialt
or eal
izecomplexf r
auds
,Ii nt
roducedtheterm C2C
(
cyberc
rimetocyberc
rime)t
odes
cribethephe
nome nonofsuppor
tprovi
dedbyn ewcybe
r
cr
iminal
it
yt oordi
narycr
ime.

Oneofthemo stfamousma l
wa reso l
dinc l
earwe bwh ichis“migra
ting”t
othedeepwe b
i
stheCit
adeltr
o ja
n,basedont heZe usexperie
nceh ase vol
vedbecomingoneofthemost
i
nte
rest
ingcybercrimina
l pr
oject
.Se cur
ityexpert
shav efoundanexcell
entcus
tomerre
la-
t
ions
hipmana gement(CRM)mo delimplementedbyi tscre
ator
s.Thanksama l
wareevo-
l
uti
ondict
at
e db yma r
ketneeds,thetroj
anh asevolve
di ntime,manyinsta
nceshavebeen
de
tect
edwithdiffer
entpowe r
fulfeature
sd evel
opedfo rspeci
fi
cclie
nts.

Thecreat
orsoftheagenthavest
ruct
uredaneffi
ci
entser
vicesfort
hesel
l(withsale
sp r
ice
ofnea
rly$2,500)andthesuppl
yo fi
mp r
ovementser
vice
sf ort
hetr
ojant
h r
oughsocial
n e
t-
workplat
forms.
Bu tjus
to neoft
h est
rengt
hsofthemodel,t
h eoppor
tuni
tytogetintouch
wit
hthec reat
orsofthevirus
,paradoxi
cal
ly,c
ouldst
opthes pr
eadofthedrea
dedma lware.
Sohowt op rot
ectanon ymit
yo fthecrea
tor
sma int
ai
ningama l
warea sser
vicesel
ling
model?
12THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 I
’verecei
ve dalotofr eques
tslat
ely
,howd oIh ackthisorh owd oIg ai
na cces
stoth a
t.I
knowthatp eopl
ea r
ec uri
ous,wh e
nt he
yh earthetermh acker
,theywa nttoknowh o wit
a
llwo r
ks.Itisnaturaltowo nder
,andIk nowt hatwi t
ha na i
rofse cr
ecysu r
roundingthe
s
ubject
,itisallt
hemo reent
ici
ngtotheinqu i
ri
n gmin d.Thef a
ctis,wh a
tthesepeopleare
a
skingfora retool
s.To ol
scanb eusedforma n ydif
ferentthings
,s ometi
me stheycanb e
us
edtote s
tt hese
cu r
ityofas i
teorappli
cation,otherti
me stheyca nbed i
ssect
eda ndthe
c
odeu se
da sapartofal i
brary
.Stil
lothertimes,peo pl
el ookforthesetool
sinth e(most
of
tenmisguided)hopet ha
tbyu si
ngas cr
iptwritte
nb yso mewe ll
-knownh acker
,theywi l
l
ha
veg ai
neds omep owe roverothe
ru s
ersont heinte
rnets.

No t
hingc oul
db efurt
h e
rfromt hetruth.Wh athacke
rsdoisveryspecifi
ctoth eirown
goal
s.Th e
yd ono twrit
ec omp l
exc ode,e l
oquen t
lysi
deste
ppingsecurit
yme as
u resa nd
f
indi
ngn ew,c r
eati
v ewaystoa pproa
cho ldp r
ob l
emsina neff
orttoma keiteasi
eri nte
rnet
r
eside
n t
stostealfromo neanother
.Th esugg e
sti
ont ha
tsome onemightdothatisinco nsi
s-
t
entwi t
hthef act
s.So meonewh oistune din,usingAT&TAs sembl
e rtod i
ssectwh ata
pi
eceo fcodei sactual
lyd oi
nginme mo ry,i
sd oingthi
sforas peci
ficap pl
ic
ati
o n.Th at
sa
meh ackerc an’
tsendy ouhiswo r
kf orotherpurposes
,itwasspeci
fi
ct ohisneed. Hed i
d
t
hewo rk,hes olvedtheproblem,heg etstou seh i
ssolut
ion(andma ybeo cca
sion al
lyh e
wil
lme etsome onewh oneedstos ol
vet hesamep robl
emo nthesames yst
e mtype ,thenit
mayb eusefultopa s
sthatcodealong).

Theideathatalotofpeopl
eseemtohaveist
hatonc
eweg ai
ntheg ol
denkey(li
kewe
ar
ep l
ayi
n gsomek i
ndo fr
oleplayi
nggame)wewi l
lbehacke
rs.
Thereisonlyonegolde
n
keyintheworldoftheh a
ckersoma nyofyoucl
aimy ouwisht
ob e.Howmu cha r
eyou
wil
li
ngtol e
arn,how mu chofy our
sel
fareyouwill
ingtoputint
ot hi
s?Thek eyisthe
knowle
dgeg ai
nedthroughstudy,t
ri
alanderr
orandputtousebyav eryser
iousandfo-
cus
edmi nd.

Wh a
t Iamd oi
ngh er
eisnot ana t
temp t
tod i
ssua
d ewouldbehackersf
romr ea
chingfor
t
heirloft
yg o a
lofbecomingo neo fthel33t.Iamo nl
ya t
te
mp t
ingtog i
veitsomes c
ale,
an
i
ntr
o duct
io ntoanin t
roduc
tion.Th einter
netsareav er
yb i
gplace,andtherelat
ive
lylow
numb e
ro fh i
ghp r
ofil
eatt
ackstakingp l
a c
e(b e
yondDDOS, whichisnotr
e al
lyahack,but
moreo fano r
gani
zedp r
otes
t)g i
veu sani deaofjusthowfewa ct
uall
ye l
itehacker
sther
e
ar
ei nthewi l
d.Therearen’
tma ny ,becausetheskills
etandthec ommitmen ta
resod e-
manding,it’snotsomethi
ngmo s
tp eopleareupfor.

15THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 So,wh enyous aytha tyouwa nttob eah ack e
r,orevenwh e
ny ouj us
ta skso me oneh owto
hacksome t
hingsp ecific
,trytor e
me mb erthatwhat youareaskingisamu chg r
e at
eru nder-
ta
kingthany ouma yr eal
ize.Wea llwe nttos choolato neti
meo rano t
her,howmu chd i
d
wel ear
nwh enwec o piedsome one’sma thh omewo rk?Th eotherq uest
ion,h owo ftend i
d
copyingwo r
ko ut?Mo s
tp eopled i
d n’ttryittooma nyt i
me s
,b ecausetheyg otcaug htt
he
fi
rstti
meo ut.Wh eny ouc opyt hewo rko fah ac
k er
,n otonl
ywi l
litb eb l
atantlyo bvious
whe r
ey ougotit,b uttheo verwh el
mi ngp oss
ibi
lit
yi sthati
two n ’
two rka nywa ys.Id on’t
usetheter
m“ s
c r
ipt-kiddie”,Ib e
lievet hatifyouc anu s
eap ie
c eofc odewi thoutwr it
inga
newo ne,youh av es aveds omet imea ndk eyst
rokes,a ndthatisav e r
yh a c
ke rtypeo fa
goal.Thed er
o gat
o r
yt e
rm“ scri
pt-kiddie”a ct
uallyme ansthaty oufo undas cri
p tsome -
whe r
e,someo nelinke dit
,y oun oti
ce dthef i
lename ,wh at
everb r
ou ghtyout oit.Yo uwe nt
andp i
ckedupt hisscript,withoutan ya t
temp ttolearnsome t
hinga boutito run der
standit,
youtrie
dtou seit
. Thisisc onsi
d ere
de xt
reme lybade t
iquett
eamo ngha c
k er
s( andth es
ea r
e
peoplewh obelie
v eins haring,asar u l
e),b eca
usewh enyouta kenop artinthewo rk,you
ta
ken or es
pon si
bili
tyf ortheo ut
co meo frunningt hescri
pt( i
tb ec
o me sthef aultofthe
hackerwh owro t
ei t
), anding eneraly ouc omeo ffli
k eama j
o rasshat
.

Please,don’tb ea na sshat
.I fyouwa nttob eah acke r
,b eo ne.Re adab ookr ightnow,
covertoc overo nal an guaget hatwillh el
py oucommu nicatewi thy ourc omp uter,usinga
comp il
er.Ci sav eryp o pularch oi
ce,b uttherea r
ema nyo t
h ers,C++, Jav a(requiresav ir
-
t
ualma chi
n etoru n,b utisv eryp opularacro s
sma nyp l
atforms ),Py t
hon ,Ru by,Pe r
l,PHP
andma n yo t
he r
s.Re adi tfronttob ack,wh etheryo uu nders
tan dito rnot,k eeprea di
n g.
Do
ali
ttleresearchintoth ep ar
tsy oud i
dn’t unde r
standan dthenr eadi t
a gai
n .Dot hisu nt
ilyou
cand emo nst
rateap pli
e dk nowle dgeofth elang ua
g e.Onc eyo ule ar
nt osp eaktoy ourc om-
puter,youc anstarttol earntolistentoita swe ll
.Yo urco mp ut
e rwi l
ltelly ouma n ythings,
buto f
teny ouh avetog etpastth elanguageb a
rrie
r( wh a
teverla ng uagey ouc hosetol ear
n)
andl ea
rntou sead ebu ggertod isasse
mb l
ewh atyou rcomp uteri sdo i
nga tthelo we rle
v el
ofme mo rya ddre
ss esa ndmo vesfroms tackt ostack.On cey oul earntheset hi
ng s,youwi ll
haveaa chievedth era nko f“ notad umb ass”.Co ngratul
ations!!!Yo ua r
eo nyourwa y.Jus
t
re
me mbert ha
t yourb rainiswh a twillma key ouah acker,soy ouwi l
l ha
v etotak esomes e
-
ri
ou sti
mea ndf eedi tso mer ealinforma ti
o ntog etitru nningr ight.Fromt her
e ,yo ucan
st
arttryingtoo ut
sma rte veryon ethatc ameb efor
ey ou,youc anb eah acker.Th isisthe
onlywa y,script
swo n’th elpyo ua ndco nversati
onswi thh ackerswi llon l
yh elpy oui fyou
knowt her ightque s
tionst oa nswe r
.Ge tab o ok,read,learn,rep eat
.Co d e,ma kemi stakes,
fi
xy o urmi st
akes,r epea t
.Yo ug e
tthei dea ,youa ren otjoiningt hec ircush ere,y oua r
e
t
rainingy ourmi ndtowo rki nne wwa ys. I
t willt
akes omet i
me ,bu ti
fitisy ourca l
ling,you
willenjoye verylastp roblemy ouruni ntoa longthewa y .

Sugge
ste
d Fir
st Readi
ng( t
houghthe
rea r
e ma nyg r
eatti
tl
est oc hoosef
rom)
ht
tp:
//
www.amazon.
com/Ha
cking-
The
-Art
-Expl
oit
at
ion-
Edi
ti
on/
dp/1593271441

16THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Wat
cht
heWat
cher
s
Aut
hor:JohnShi
naber
ry(
Assi
st
antEdi
tor
)

An ewkindofwa rseemstob ebrewingontheInterne

ts.It
’snotawa rbetweentechteams
orpoli
ti
calri
vals
.It’
sawa ro ninf
ormati
onitsel
f.Itseemsthat,evenintoday’swo r
ldo f
2012,westi
llfi
nditdiff
iculttoprovi
defreespee
c htoeveryonea ndfre
edomt othep re
ss,
t
od oitsjob,forthec i
ti
zen sofp l
aneteart
h.Th etact
icsthatIa mr efer
ri
ngt oa swa r
(
b e
causeIbeli
evetheya r
ewa rl
ikesta
ncesonthei ss
ueo ffre
es peech)
,arethosethatare
c
o mingfr
o mthee nt
ert
ainme nti
ndust
ry(andtheirassoc
iatedlobbi
e s
)intheformo ftake-
downrequest
s(onli
neformst oremovep ot
ent
ial
lyp at
entedwo r
k sofart
)forhugeamo unts
ofmater
ialfr
oms erver
satGo ogl
e,Ama z
ona ndo t
hers.

Thep r
o bl
emforthoseofuswh oju s
twa ntanopena ndfre
ee xcha
ngeofinf
ormati
on,
whichtheint
ernetagehasgi
venu s,isinthenat
ureoftherequest
s.Thes
ereques
tsare
comingatrec
ordn umbe
rs,n(Gizmodo)andma nyareai
me datcomplet
el
ylega
lma t
eri
al
(unde
rj usta
bouta nyint
ernat
iona
llyrecogni
zedlaw).Ifwel ookatthet
rendh er
e;
ht
tps:
//www.googl
e.
com/t
rans
p ar
encyrepor
t/
removal
s/c
op y
right
/

Weg etaveryc learvie

wo fthenumb eroftake
d ownr equestsp e
rwe ekcli
mb i
ngatanex-
pl
o s
iverate.No tev e
nb otsarethatfas
t,sothetakedo wnsarea utomatedfi
ltr
ati
onofalis
t
ofkeywo rdst hathasclearlygo t
tenl
argerinthep a
s tcoupleo fmo nt
hs.Wh yarethe
reso
ma nytake
do wnr eq ue
stsno wthantherewerebe f
ore?Th eon l
ytwop ossibi
li
ti
estha
tIcan
seeareeit
he rtheau t
o-neth a
sg ot
tenlesssel
ect
iveab outwh atitconsi
derstobeinfr
ingi
ng
content
,orth e
reisawh ol
el otofdupl
icati
oninreques t
s.Idon ’
t knowho wGo ogl
ehandl
es
absolut
edup li
cations,butwi t
hv i
deolinki
ngv i
d e
o ,samp l
ingv ideoorarecordedmoment
i
nt i
me ,spl
iceita l
ltogethertocreat
essome t
hingnewa ndyo ug etanewtakedownrequest
i
fthe r
eisas ongo rp opularimageinan ypartofthatediti
ngp rocess.

Idon’tknowe xactl
ywh ythec ont
enttake
downn ot
icesa reseei
ngsuchariseinnumb er
s,
butthefactisthattheyare.Thiscannotbetoler
ate
d ,theya r
emi s
usingat oolt
h a
twa s
meanttohelpthemd e
fendthemselvesandhavetur
nedi tint
oa noff
ensi
vewe apono nour
Int
ernet
s.Wen e
edt obewa tc
h i
ngthesenumb er
s,andp ayingatt
ent
iontowh omi sdoing
t
hema j
ori
tyo fthereques
ti
n g.I
fitco nt
inue
stotrendth ewa yitha
sinr e
centmo nths
,it
mayre qui
retheinterve
nti
ono ftheinte
rnetcommu ni
ty.Wewi l
lneedtoputas toptothe
wholesal
ecens or
shipofma ss
ivebodiesofinfor
mati
on ,ifwec anhopetoma i
n t
ainafree
andop e
nc ommu nit
y.

Sugge
ste
d fir
str eadi
ng (t
hough many wi l
lh ave ot
her ti
tl
es f or you)
;
ht
tp:
//
www.a
ma zon.
com/
Hac
king-
The-
Art
-Expl
oit
at
ion-
Edi
ti
on/
dp/
1593271441

17THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 TheRa
pidRi
seOfThe
ftsi
nCybe
rSpa
ce
Aut
hor:AbhiMa
nyuVa
rmaDa
tla

I
nter
netSecuri
tyissomethi
ngthatha
sg r
ownt obeama i
nc once
rnamo ngsoci
ety
.Com-
pa
nieshavecomeo utwithIdent
it
yTheftpre
ve nt
ions
ervi
ces,butoft
en,bythet
imeyou
ge
tthose,i
tisalr
eadytoolateordoesn’
thelp.Thepurpos
eo ft
h i
sguideist
oh el
pyou
t
ryandd eve
lopsafeint
ernethabi
tsandtokeepy ouassaf
ea spossi
blefr
omu nwant
ed
pr
oblemsrel
ati
ngt oyourpers
onalse
curit
y.

Manyofy ouprobabl
yh earonthenews,everysooften,“Ap opul
arwebsi
tehasb een
c
omp r
omisedandma nyp eopl
ehavehadthei
rp er
sonaldat
astol
en!”Wh enawe bsi
teis
c
omp r
omised,
itputst
hou sa
ndsatri
skforoneofma nypossi
blet
ypesofident
it
yth e
ft.
It
i
srar
ethatasi
teishackedtothi
sextent
:usual
ly,t
hedataiscol
lect
edthr
oughlooka l
ike
s
it
es,t
hroughspyware,orthr
oughothe
rme a
n sofcol
lect
ion;mostofwhic
hh appe
no na
s
ingl
e-us
erbasi
s.Itmake smanypeoplener
vo uswheng i
vingoutpers
onalinf
orma t
ion
t
oanyoneonli
neb e
causetheyarenotsur
ewh atca
nre a
ll
yh appen,
andtheydon othave
a
llt
hefacts
.

Ther
earet
woimpor
tantt
erms
,whi
char
eve
ryc
ommonl
ymi
sus
edAr
e:
Hac
ker&Crac
ker

Mo s
tpeopl
ethinkst
h a
thac ke
rsarecomp ut
ercr
iminal
s.Theyf
ailtor
ecogni
zethefact
t
hatcri
minal
sandh acke
rsa r
etwot ot
all
ydiff
ere
ntthi
ngs.Medi
aisres
ponsibl
eforthi
s.
Hacker
sinrea
lit
ya r
eactuall
yg oodandextr
emelyint
ell
ige
ntpe
op l
ewhob yusingt
heir
knowle
dgeinacon s
truc
tivema nnerhe
lporgani
zat
ions
,compani
es,gove
rnment,et
c.t
o
se
curedocument
sa ndsecr
etinfor
ma t
ionontheint
erne
t.

Cra
ckeri
sat e
rmthati
sn’
tusedmuchouts
ideo ft
hesecuri
tywor
ld.
Acrac
kerissomeone
whoexploi
tshol
esinaprogra
mf ormal
icioususe.Forexampl
e,t
hepeopl
ewh ocre
ate
ga
mek eygensar
ecracke
rs,meani
ngwh att
he ydoisill
egal
.Forc
ont
inui
ty,Iwil
lref
er
t
ob ot
hh ac
k e
rsandcrac
kersashacke
rs,unlessad i
sti
ncti
onnee
dst
ob ema de;most
pe
oplethi
nko ft
het
woa sthesame.

YouMa yBeThi nkinHo wThi sHac ki

ngCa mei nt
oEx i
stance
Unti
ltheearl
y1 980s,hacki
ngh adnotbeenaho us
eholdter
m. Pri
ortothi
stime,thePe
r-
sona
lCo mputerwa snotawidelyava
i l
abl
eo rf
e a
sibl
eo pt
ionformo s
thomeu s
ers
.Most
oft
hec omputerma rke
tc ons
ist
edofmi l
li
ond oll
armainfr
ame sthesi
zeo fawa re
hous
e,
whichonlygovernme ntandma j
orcorpor
a t
ionscoul
da f
ford.Fina
ll
yi ntheMi d-
1980s
,
per
sonalcompu t
ersfi
na l
lybecameaffor
dabletomo s
tu s
ers,andbegantofindthei
rway
i
ntothehome .

18THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 I
n1 983,amo vi
ec a
lled“WarGame s
”p or
tr
ayedateenagerwhocoul
dhackjus
tabout
anythi
nginthewo r
ld.Hewa sabl
etoh a
ckthroughh i
ss c
hool
scomput
ernet
work,a
s
wellasmanyotherma l
ici
oust
asks
.Thismoviecaughttheima
gina
ti
onofthet
eena
ger
s
whos awi
t,andspar
ke danevol
uti
onofhacker
s.

Thisshi
ftcaughtthecomputi
ngindust
rybysur
pri
se,s
otheywereu npr
epar
e dtot
akeon
t
hen ewb r
eedofh acke
r.Withti
me,thete
enage
rsgai
nedexper
ienceandman ygang-
li
ke
gr
o upsofhackersfor
me d.
Th e
ys t
art
edtosha
rethei
rexpl
oit
swithfri
endsinthegroup,
andwo rdgotar
o undquic
k.Almo s
toverni
ght
,hac
kingca
met othefore
frontofpe
rsona
l
compu t
eruses
.

Atfi
rst
,hacker
sma i
nlywishedtog ai
na cces
stos yst
ems,nott
od amag ethe
m. Thefi
rst
hac
kertobeprose
cutedint
heUn i
tedState
swa sPatRiddle
.Patha
db eenk nowntoregu-
l
arl
yg ai
nunauthor
izedacc
esstoU. S.De par
tmentofDe fe
nsecomp ut
ers;amajorprob-
l
emt othesec
urit
yoftheUn it
edSta t
es.Hewa sa r
res
ted,butc
ouldn otbechar
g e
dwi t
h
anyt
hingrel
at
ingtoh ac
king,becauseatthetime,therewerenoan t
i-
h acki
nglaws.He
wascharge
dwi t
ht he
ftofph oneservi
c eins
tead,putt
inghiminjailforav er
ylimit
ed
per
iodofti
me .

Topre
v ents
imil
arprobl
emsint
h ef
utur
e,t
heCo mputerFra
uda ndAbuseAct
waspa
sse
d
in1984.Itprovi
dedalega
lme anst
op ros
ecut
eh ac
ke r
sforcerta
inthi
ngsBac
kinthe
daysoftheDoD( Depar
tmentofDefe
nse)int
erne
tsystem,thei
n t
erne
twasonl
yanex-
tr
emel
ys mallfr
acti
onofwhati
tistoda
y.

Today,ther
ea relit
erall
ymi lli
onso fcomputersconnect
edtogether
.Wi ths ea
rche ngi
ne
te
chnologyb eingrefinedandp erfect
ed,aswe l
lasthepopularit
yo fo nl
ineinfor
ma ti
on
dat
abases,it
isn’ttoohardtof i
ndinformati
ono nanyone.Aqu i
cksearchwi l
lgiveyouthe
addr
essa ndp honenu mberofa nyp ubl
icl
ylis
tedp er
sonTh i
sisn’ttoob igofap r
o bl
em,
unti
lstal
kersc omei ntoplay.Thema j
orproblemiswh enp eopl
ef i
n dmo red e
tai
lthan
youcareforthemt ok now,suchasy ourSoci
alSe c
urit
yNu mb e
r,Ban kAc countInf
orma-
ti
on,passwords,ore venCred i
tCa r
dn umber.
Wh e
ns omeonesteal
sth i
stypeo finf
orma-
ti
onan dusesit,i
tisca l
ledIdenti
tyTh ef
t.Whato f
tenhappensisah ackerst
ealspersonal
inf
orma t
ionb yc at
ch i
ngu nsuspecti
ngu ser
so ff-
guardandma kesp urchas
eso rd oi
ng
thi
ngsintheirname .Thiscausesma nyprobl
emsi ntheindus
try,becausether
eh avetobe
saf
eguardstoh el
pc oun t
ertheissue–s a
feguardswhichoft
enle a
dt oc us
tome rhassl
e.
Ma nyp e
op l
ewo nderiftherearewa ystop r
o t
ectthemsel
vesf r
omI denti
tyTh ef
t.The
tr
uthis:ther
ei snof ull
-proofway.Ma nyh avetri
ed,andfai
led,tostayo utofther e
ach
ofhackers.

Alt
houghthe
reisnope
rfe
ctwaytosec
ureyourdat
a,the
reares
eve
ralwaysyouca
npr
o-
t
ectyour
sel
f–a ndmakei
text
remel
ydiff
icul
tforha
ckerst
oreadyourda
taLi
mitt
heI
n-
f
ormat
ionAv a
ila
ble
.

19THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Thi
sisthemostobvious
,yett
hemo stef
fect
ive
,wa ytokee
ps af
efromhacker
s.Obvi
-
ous
ly,t
heles
sinformat
ionavail
abl
e,thele
ssinfor
mationhac
kershavetoworkwit
h.
Ther
earesomec a
seswh enthi
sme t
hodisnotpossi
ble–wh e
nl i
keorde
ringpr
oduc
ts
onl
ine–soi
twillnotworkinever
ycase.

I
fitisnotp os
siblet
olimitthei
n f
ormati
ony ougiveouto ve
rtheinter
net,
itisext
remely
wisetoreadthepriva
cyp ol
ici
esofthewebsit
ey ouar
eg ivi
nginformati
onto.Oft
en,sit
es
r
eselluserinformati
ontot hi
rdp ar
ti
es,wh i
chs pa
m,h ar
ass,orother
wisea nnoyyou.
Wh et
herap art
icula
rsit
ed oe
sthisornot,ca
nb efoundi nthecomp a
ny’spri
vacyp ol
icy
.
I
tiso f
tenlinkedtoatthebott
omo fthewe bpage
.Ify oucanfindnop r
ivac
yp ol
icy,you
shoul
dv i
ewi tlikeyouAsIfy ouareprepa
ringdinnerduri
ngr us
hh our
.

Priva
cyPo l
icie
sc anb etri
cky–o f
tenwo r
dedi ncomplex,conf
usi
ngle
g alte
rms.They
canbequ i
telar
g etoo:5-10p a
gesa r
ec ommo n.Mostpla
ce st
hinkt
hatbyu s
ingcompli
-
cate
dwo rdi
ngi np r
ivacyp ol
ici
es,cust
ome r
swo n’
treadthema ndt
heyareright
.Thi
sis
oneofthebiggestmistakesyoucanma keasac ons
ume r
.Th os
eextr
a10min ut
esofre
ad-
ingcoul
ds aveyo ulot
so fmo neyandh e
a da
chesinthelongrun.

I
ng e
nera
l,Ire
comme ndyouusewhatIcal
ltheBus
inessCardRu l
e.I
ftheinf
ormat
ion
youar
egivi
ngoutwouldnotgoonabusi
nesscar
d,donotgivei
toutunenc
rypt
ed(more
onthi
slat
er)
.Ifyouarerequir
edt
og iveexc
e s
sinfor
ma t
ionoutonl
ine,iti
srecom-
mendedt
hatyoudoitonl
yo ve
rasec
u r
ed(SSLorsi
mi l
ar)conne
cti
on.

UseTr
ust
edSi
tes
I
tiswi
set
oonl
yuset
rus
teds
it
eswhe
ngi
vingoutpe
rsona
linf
orma
ti
on.

Anotheri
mp or
tantaspectofse
curi
tyisatt
ent
iontodet
ail
.Likereadingthefi
nep r
inton
acont
ract,
readi
nge verythi
ngonap agebef
oreyouagre
et osomethingi
se xt
remelyim-
por
tantandcansav eyouf r
oms er
iousprobl
ems.Alt
houghmo s
tu s
ersar
eg uil
tyofthe
“hur
rymo de”,c
licki
ng“ IAgree
”wi t
houtre
adingwhatt
h eyareagree
ingto,i
tshouldbe
vi
eweda sanextr
e melyb a
dh a
bit
.Youc oul
db esi
gni
nga wayy ourhomewi t
houtnoti
c-
i
ngad iff
erenc
e.Pa yi
nga tt
ent
ionisextr
emelyimpor
tantusuall
y,youcanp uttwop l
us
t
wot oget
herandd eci
dewh ati
sfraudul
entandwhati
slegiti
ma t
e.

Reme mber
,mostcompani
eswi
llnotcol
le
c tpe
rsona
linf
ormati
onfromyouove
re-mai
l
soifyougetane-mai
laski
ngyouf
o ryourpass
wo r
dto“the
ir”si
te
,itc
angener
all
ybe
consi
der
edfra
u dul
en.

20THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Wi
ndo
wsUs
er:Kn
owY
ourE
xte
nsi
on
Aut
hor:JohnShi
naber
ry(
Assi
st
antEdi
tor
)

Wh a
tareextensi
ons?Wh yd owen eedtoknow?Ih a
vea nanswerforbothquest
ion sfor
you,s
od on’
tb ot
herwithGo ogle
,forthemo ment
. Anextens
ionisa“suffi
xtothena meo f
acomputerfil
e,desi
gnedtos howitsformat”
-Wikipedi
a.Inotherwords,t
hethreeo rfour
l
ett
er/
numb erfi
leexte
nsiontell
sourcomp ut
erwh att
od owit
hthefil
e.Ifweg i
veo urco m-
put
erafil
ewi t
ha. j
pge xt
ension,i
twillaut
oma t
ic
a l
lyopenthedefa
ultappli
cat
ionforh an-
dl
ingthatf
il
etyp e
.Ifweg iveourcomp ut
eran.exefi
le,wearetel
li
ngwi ndowstotr
e atthe
appl
ica
tionasa ninstal
lero ranap pl
icat
ionrequir
ingspecia
lp er
missiontoWi nd ows.
Wh e
nwes eeafil
eint heformatofsay,example.
jpg.
mo v.
exe,onl
yth elas
tlet
ter
sc ou nt
,
af
terthel astd otint hef i
len ame.Yo urc omp ut
erwi llreadi ta sfil
en ame:
exa
mp l
e.j
p g.
mo v.
exe,f
ileextens
ion:.
e xe

Thisisp recis
e l
ywh aty oud o
notwanta sac onscient
iousu ser
ofthei nternets.We n eedt o
makes ureweu nder
standwh at
wea retell
ingo urcomp uterto
do.Ifwe a r
ee verind oubt,
Googlei sth eo nlyfrienda nd
Wizard we n eed t o k now.
Googlethen a
mea nde xtensi
on
ofeveryfil
ey o uob t
aino nyou r
WindowsMa ch i
ne,iti sy ou r
machine,de mandt ou nderst
and
whatiti sd oing!Le arns ome -
thi
ngn ewe verysingled ay,by
act
uall
yr ea di
ngal it
tleb ito f
whaty ourc omp ut
eri sd oing.
Wa t
chy ourf il
ef ormats,ma k e
sur
ey oua relo oki
nga tth elast
ext
ension,ifthereismo rethan
doi
ng.Wa tchy ourfil
ef or
ma ts,makesureyouar
elooki
ngatt
helaste
xte
nsion,i
fthe
reis
morethano ne.Payc l
osea t
tention,
andyouwill
behelpi
ngeve
ryoneonyouri
nter
net
ssta
y
ali
tt
lesafer,becauseyo uwi l
lb ehel
pingcur
bthespr
eadofmalwa
re.

Themorefami
li
arweb e
comewi t
htheba
sicope
rat
ionofourmachi
ne,a
ndI’
mrefe
rri
ng
t
oaWind owsOper
ati
ngSyst
emo naPC,t
hemo r
ecomfort
abl
ewewi l
lbe
comewi
thallof
t
heava
ilabl
eopt
ionsi
nWi ndows
,andcus
tomi
zati
oncanbealotoff
un.

21THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 WebJ
ack
ing:
Hi-
jac
kingofawebs
it
es
Aut
hor:Hi
mans
huCha
udha
ry

WebJ ac
kingatta
ckisa nanot
herkindofphishi
nga t
tac
k,asinphis
hingattac
ka t
tacker
s
makeac l
oneo fl
egit
imatewebsit
es,s
imil
arl
yinwe bjackingat
ta
cker
su sesamethodfor
cr
eati
ngaf akewe bs
it
eo ryoucansayc l
oneoflegit
imatewebsi
teandwh eneve
rv i
cti
m
wil
ltrytoopenal egi
ti
ma t
ewe bs
it
e,apagewi l
lappearwithamessagethatwebsi
tehas
bee
nmo vedfromc urr
entpla
cetonewp l
aceforwh i
chuserhavet
ocli
cko nsomelink.As
soonasv i
ct
im willcl
ickont ha
tlink,he
/shewillre
dire
ctedtosomef a
keo rmalici
ous
websi
te.

Ho wwebjacki
ngwo rks
?
Backt
rac
kalrea
dyh a
vethismet
hodwhi
chatt
ackerc
ana
ppl
yve
rye
asi
lybyf
oll
owi
ng
someveryba
sicst
eps.
Thesest
epsa
rea
sfol
lows:

Fir
stopenaSETa ndsele
cto pt
ion2st
ati
ng“websi
teat
ta
ckvector
s”outofal
lot
herop-
ti
ons,a
sallothe
ropt
ionsar
ed edi
cat
edtoot
herdomai
ns.
We b-
jac
kc ome
sun de
rawebs
it
e
at
tacktha
t’swhyopt
ion2h astobesel
ect
ed.

Manyo pt
ionswil
lappe
araf
terse
lec
tingopti
on2.Allopti
onsar
ev ar
iouskindsofwebap-
pl
icat
ionat
tackswhi
chhavedif
fer
enttec
hniqueandg oa
ls.Wearet
a l
kingaboutweb-j
ack
at
ta
c k,
soIwi l
lonl
ydemonst
rat
eh oweasil
ywe b-
jackatt
ackcanbeapplie
d.Afterge
tti
ng
ali
stofnume r
ouski
ndsofat
tac
ks,opt
ion6h ast
ob esel
ecteda
sitissayi
ng“we bjac
king
at
ta
c kmethod”.

22THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Af
ters
elec
tinga6opt
ion,3opt
ionswi
lla
ppe
ar:
• We btempla
tes
• Sit
ec l
oner
• Cu s
tomimp or
t

Opti
on2“ Sit
eCloner”isano pt
iont
ob esel
ecte
d .Bys e
lect
ingthi
so pt
ionfi
rstini
ti
ati
on
ofat
tac
kh asbeenst
arte
d .Sit
eClone
rop t
ionwillclonethel
egiti
ma t
ewe bs
it
ea tat
tacke
r
ser
veroratcont
rol
ledwe bpage.
Cloni
ngalo gi
np ageofalegi
timatewebsit
eisoneo ft
he
i
mp or
tantt
asksasma i
ng oalofaweb-j
ackatt
acki stost
ealusercrede
nti
als
.

23THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Soa sIh a
vetold,2ndo pt
ion“ Si
tecloner”hastob esel
ect
edforcloni
n galegiti
ma tewe b-
si
tea tama l
ici
ouslocati
on.We b-
jackatt
acku s
e sacredent
ia
lharves
terme thodfo rselec
t-
ingo rfet
chingoutu s
erscrede nt
ial
ssucha suse r
namea ndpassword.Soc loni
n gal ogin
pagei sanimp or
tantre
quireme ntforthi
satta
cka swithoutthi
sste
pwe bjackingwi llnot
wo r
k .Asyouc anseeb el
ow,t hatwea r
eu s
ingf acebookpageasatargetpa gebec auseof
it
’spo pul
ari
ty,whichma kesitvulnera
bletothisatt
ack.Vulner
abil
it
yi snotbecaus eoffa-
ceboo kfa
ult
,it’
sb e
c a
useus e
ra cces
sf a
cebooke verydaysomanytime sthatuserma yc an
forgettocheckafacebookURL.

Aft
ert
hisatt
ackerwil
lsendmali
ciousli
nkwi
thit
’sI
Paddr
esst
ovic
ti
msa ndwillt
ryto
t
ri
ckav i
cti
mf orcl
icki
ngo nt
hisl
ink.Themostc
ommonwa yi
stosenda
na l
ertsa
ying
“l
inkha
sbeenmo vedtosomenewp l
a c
e”.

So,assoo nasvict
imwi llc
lic
ko nthi
slink,
afakec l
onedpageofface
booklo gi
np agewill
appearwh ic
hv ict
im willconsi
derasal e
git
imatep a
g eandwillent
erhi
s/herc r
edentia
l.
But,unfortunat
elythatpageisnotal e
git
imatepagei t
’sama l
ici
ousfakep agewh i
c his
runni
nga tatta
cker’sserver
.So ,allthelogininformati
onwi l
lb egettingstoreda t
at
tacker’
ss er
v e
ra ndwh i
chma yb eabl
etoleadintoah ugelos
s.Seebel
o w,wh ereface-
bookp ageh asbeenu se
da sas our
ceforste
ali
ngu sercre
dent
ials
,soitwillfetc
ha llthe
cr
eden t
ialwh i
chu s
e rwil
lenterduri
ngconside
ringfakepageasalegi
ti
ma teone.

24THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Anotherapproachforperfor
mingawe bjackatt
ackisasfol
lows:
Comp ut
ersdon’
trecogni
zeh uma
nb ei
ng,onlyi
tfoll
owss omeset
so fi
n s
truc
tions
.Al-
t
houghtodaytec
hn ol
ogyhavemadeeveryt
hingsonat
ura
lthati
tlooksl
ikeitf
ollowinga
humaninstr
uct
ionbutitalwaysf
oll
owsas etofins
tr
ucti
onswrit
teninma chi
neu nder
-
st
andabl
elangua
ge.

Sofo rlogin,machineonlyu nder

sta
nd sau sername sandp a
sswo r
ds.Thewe bserverwi l
l
grantcon t
rolofthewe bsi
tetowh oms oe ver,wh oe nt
ersthecorrec
tpasswo rdan du s
er-
namec o mbinati
on.The r
ea r
ema nywa ysinwh i
c hhackerma ygettokno wap asswo r
d,
themo stcommo np ass
wo rdcrac
kingme thodi stog ues
sap ass
wo r
db ypasswo rdcracking
att
acks.Pa sswordc r
ackinga t
tac
ksa remo stc ommo nlyoftwot ypes.Th ef i
rsto neis
knowna sdicti
onaryatt
ack.Inthistypeo fattackthes of
twarewillat
temp tallthewo rds
contai
n edinap r
edefi
nedd ict
iona
ryo fwo rds
. An dontheb a
sisofma t
chingitwi l
latte
mp t
tologin.Dicti
onarynorma l
lycontai
nsmo stc
o mmo nusedpasswordsbyu sersbyth ehelp
ofga t
heredi nf
ormationfromp revi
ousa t
tacks .Hu manh aveatendencyfo rusinge asi
ly
rememb erp ass
wo r
ds,inwh ic
htheya lwaysfo rgetaboutre
qu i
redleve
lofs ecuri
ty.Wh ich
alwaysma kesthe
irpasswo r
dsb i
tvuln e
rablea ndi nthi
sc a
sed i
cti
onarya t
tackwo rks
.It
doesn’tma t
teriforgani
zati
onh avehasheda llthep ass
wo r
ds,att
ackeronlyn eedtok now
hashingme thoda ndthenh ecana ppl
yd ict
io narya t
ta
cka gai
nb yh a
shinga llthestored
wo r
dsi nad ict
iona
ry.

25THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Forexamp l
e,itma ytryspi
d e
rman,jo hn,st
eve,pa55wo r
d ,lukeetc,allthe
sewo rdsare
ver
yc ommo np a
sswo r
dswh ic
hh uman susesmo s
tofthetime .Thesetypesofdicti
onari
es
ar
er ea
dilyavail
ableo ntheInter
net.Theo t
herformo fp ass
wo rdc r
a c
kingisb yu s
ing
‘br
utefor
c e
’.Inthi
sk indofatt
ackthes oft
wa r
etrie
stog uessthep asswordbytryingout
al
lpossibl
ec ombinat
ionsofnumb er
s ,symb ol
s,l
ett
ersti
llthec or
rectp as
swo r
disf ound.
Soit’
sjustapermu t
ati
ona ndcomb i
na t
ion.Forexamp l
e,itma ytryo utpass
wo rdcomb i
-
nat
ionsli
kea bc123,
acbd5679,sdj
#%^ ,we uf*(
-)*.
So meso ft
wa r
e,av a
ilabl
eforpassword
cr
ackingusingthebrut
ef or
cetechni
q ue,cancheckah ugen umbero fpasswordcomb i
na-
ti
onspersecond.Wh encomp ar
edwithad i
cti
onaryatt
ack,ab rut
efo rc
ea t
tacktakesmore
ti
me,butitisdefi
nite
lymo resucce
ssful

So,thi
sish ow webjacki
nga t
tackworks
.Myma ingoaloft
hisdemo ns
tr
ati
onwa s
n’t
aboutteac
hingy outhi
sa t
tac
ka sanyonec a
ng at
h e
rmo r
ei nf
ormati
ono nthi
sfrom
Google.Onlyt
hingwhichIwa ntt
oshowistheeasi
nessi
nperf
ormingthi
satt
ack.
Itonl
y
re
quire
ss omecoupleofst
epsa ndat
tac
kerwillbeonh i
sway.Soit’
sveryimport
antt
o
le
arnhowt oprot
ectour
sel
vesfromthi
sa t
ta
ck.

Solutions:
• An alyseURL’ s
:Al thougha n alysi
nge veryURLi sah e
c t
ictask,bu tthiscanb eao ne
oftheb asica ndmo res e
c urep reventi
ves olution.Us er
ss houlda nal
y see veryURLo fa
we bsi
teth eyarea ccessi
nga n dtryt ofi
ndo ut i
fan yma li
ciousa ct
ivit
yi sgo i
n gon .Careful
analysi
so fURLi sve r
yi mp ortanta snowh ackersa rev eryintel
ligenta ndk nowv arious
wa ysfort ri
ckingau ser’
s.Su cha stheyca nma k eaf akep ageo fwww. pay pal
.comb ya
nameo fwww. PayPal.como rwww. paypa1.co mo rwww. paypall
.come tc
.
• Do n’tclic
ko nl i
n k’s
:Al wa yse nte
rsal i
n kofth ewe b si
teb yyo ur
se l
fin st
eado fclick-
ingo na nyg ivenl i
nk .Asb yc lick i
ngo nlinky o uc an notbe1 00%s ureth atyo uared i-
re
c t
edt oas e
cu r
ewe bsit
e.Soa l
wa yspref
ert oen t
e ran ameo fthewe bs i
teb yy ours
e l
f.
• Po pUpb locking:Po pu pbloc kinginbro wsersc a nbeap reventiveme a sure,asitwill
notallowo peningan ewwe bsiteb yits
elf.Oru sersc anu seafreeo rpaidp opb lockertool,
wh i
chwi llh andleev eryt
h i
n gb yi tsel
fb asedo nt h ep ref
e r
en c
eso fu s
ers .Bu talwa ys
down loada nyt oolfr
o mt rusteds ourcebecau seitma yco nt
a i
nTr ojanini t
se l
f.
• Sp y wa r
er emo val:Alwa ysd oama nualsecurityc heckb yc hecki
n gu nwa nt
e dinstal
la-
ti
onf romAd d/Re mov esoftwa r
e ’
si ncontrolp anela ndremo veu nwa ntedo rs us
p ect
edi n-
st
allat
ion s.Ors i
mp lyy ouc anu sef reeorp aidspy wa rescan nerandr emo ve r
.Bu talwa ys
down loada nyt oolfr
o mt rusteds ourcebecau seitma yco nt
a i
nTr ojanini t
se l
f.
• Us el imitedu sera ccount:Ma kea not
h eracco un tforwe bb rowsin go rfora ccessi
ng
non-trust
a blesou r
ces.Yo uc ans imp l
yma kean ewa ccountf r
o m ac ontrolp ane
la nd
assi
gnr estri
ctedp ri
vilegesfo rno texecuti
ngc o dea ta r
bit
rarylo c
a t
ioni nyo urma chineo r
fornotd own loadinga nyma li
ciou sthi
ng.
• r egedit:Simp lyc hangeab ro wsersett
ing sinr eg i
str
ya ndr emo vea llu nwa nt
eda nd
ma l
iciousi nst
all
a t
ionsf r
omr egistr
y .
Afterremo vin gc ontentfromar eg is
tryma c hi
newi ll
re
mo vee veryma lici
o uscod efromy ourma ch i
ne.
• I DS:I ntrusi
ond etecti
o nsys t
e mc anplayama jo rroleinp rohi
b i
tinga ndr emo vi
n gal-
re
a dyin s
ta l
ledTr oj
an s
, s
p ywa res&a dware’s.

26THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Wh
ichDi
st
ro?
Aut
hor:J
ohnShi
nabe
rry
,As
sst
antEdi
tor
Once we h aved e c
idedt og i
vea
GNU/ LinuxDi stroas pi
n,c hoosi
n g
onec ans eeml ikead aunti
ngt ask.
Afterall
,thewh oleideaistogived e-
vel
o per
sthefreedomt otrynewt hi
n gs
andc r
eateinno vat
ivewa ysf orust o
i
nteract witho urd i
gita
ld e vi
ces.
Thesea r
emu ddywa t
ers,indeed.So
man yc hoi
ces,wh e r
et oe vens t
art?
Wec a
ng ot oaf o rumo rinter
acti
v e
boardforhelp,butthatalmo s
ta l
wa ys
boi
lsd ownt oane picfanboyfa nt
asia
ofo rchest
rate
di magerya ndn ame
ca
lling.Th er
eh astob eab ett
erwa y,
andluckyfory ouI’mh eretogiveyo u
ac oupleo fo pti
onswh enitc ome s
downt odecisi
o nti
me .
Th efirs
to pt
ioni s,forme ,ma ybeal it
tletooau t
oma t
edandn otp e
rsonalenoughfor
ma kingsuchad ecis
ion.Iwo uldber emissinmyd ut
iesasano pt
ionlistguyifIdidn’
t
me nti
onit,though.Att hi
ssit
e, youstar
ta tama i
np agewhichtakesyouthroughaser
ies
oflinks(choosey ouro wna dventurest
yle )
,youa ns
we raut
oma t
edq uest
ionsandinthe
end, i
tspi
tsout t
hee xactdis
tri
buti
o nyous houldbeusi
n g.
Keepinmi nd,Iamn otpr
omis-
ingy ousuccessusingthismethod,bu t
thisisthei
deab ehi
ndthesit
e.Withoutfur
the
rado,
your a utoma ted d is
tri
buti
o n s elec
tor i s a va
il
ab l
e r i
ght h ere
htt
p :
//
www. zeg eni
estudi
o s
.net
/ldc/

Theothe
ro pt
ion,andmyp ers
o nalf
avor
it
eistodoyourownrese
arch.
Yo ucanGo ogl
e
t
ermsyouareunfamili
arwithasyousea
rchthr
ought
heava
ila
bledi
str
oflavor
s,andcome
t
oa ni
nformedd ec
isi
on,basedsolel
yontheswornt
est
imonyo ft
hesurvi
vors
,an dpi
ck
yourc
orrec
tdist
roathttp:
//
dis
trowat
ch.
com/

Thema i
nthingtorememberistoha vesomef unwit
hit.Experimentwit
hn ewideas,t
ry
di
ffe
rentapproa
chestov a
rioustas
k sands eewh i
chon ewo rksbesti
ny our
,p er
sonal,
workf
low.Weh avesoma nyop t
ionsthatthedevel
opmen tc
o mmu ni
tyhasti
rele
ssl
ya nd
t
hankle
ssl
ywo rkedsohardtog i
veus,let
’sgivethe
ms omer espec
tinre
turnanda c
tuall
y
re
adsomeo fthe
irdocument
ati
o nandp r
essrel
eases
.Themo reresea
rchwed oindeci
d i
ng
whatourpers
onalint
erf
acewillbewitho urcomput
er,
themo rerewardi
ngwi l
lbetheex-
per
ienc
eo fusi
ngthedevice
.Ha ppyHu nti
n g!
!!

27THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Du
de,wa
tchy
ours
tuf
f
Aut
hor:J
ohnShi
nabe
rry
,As
sis
tantEdi
tor

Al otofne wc omput ersare

showi ng up a tdor mitori
es
thist imeofye a r
.Note very
stude ntwhobuysane wc om-
pute rfors c
hooli sputtingthe
thoughtt heyshoul di ntose-
curingt hei
rne wi nves t
me nt.
Af tera l
l,ma nyne wc omput-
ersc omepr e-i
ns ta
lled with
thel a te
s tanti
-virusa pplica
-
tions,wha tmor edoe sone
ne ed t o be c oncerned
¬¬a bout ?
Thef ir
stthingtothi
n kaboutisthef acttha
ty o uno wha veanexpensivepiec
eo fequi
p-
men tthatthepawns hopsarenoty etsatur
atedwi t
h.Youh avean e
we rmo del
,elec
troni
c
device,peoplearegoingtowa nttowa lkoffwi thit
.Do n’tgi
vethemt hechance.Wea l
l
l
iket ofeelsecur
eino urenvironmen t,
wewa nttob e
li
ev etha
tatouru ni
versi
tyorwo r
k-
pl
ac e,peoplesi
mp lyd on’
tstea
l.Th isisnots o,itisneverthecase
.Ev erywhereyougo,
t
herei sac hancethatther
ei sathiefn ear
by ,ma yben otaclass
ma t
eo rac ol
league
,but
some onelookingforeasypickingsatal ibr
a r
yo rca f
ete
ria.Wh e
ny oumo vearoundwith
yourn ewd evice(comp ut
er,ta
blet,p hone),ke epitwiththesamep recauti
ony oukeep
yourc as
h .Don’tfl
ash,don’tle
av eitlayinga r
o undwh ileyougoh aveaco nver
sat
ionor
l
oo kfors omethi
ng( t
hatyous houldh avefo undo nli
ne)
.

Pasttheord i
narythieve
slieth ereal
lys ki
lledtechnici
anso fs t
e a
lingth i
ng sthatdon’t
bel
o ngtoth e
m.He rey ouhavet hehordsoff aken amesarou ndthei nte
rne tcl
aimingto
beh a
c ke
rs.Ofc ourse
,asar ul
e,realhackersg e
ts otunedintowh attheyared oing,t
hey
ra
relysociali
ze.Jus
t f
romtha t
p oi
nt,wek nowwea r
enotreallyde ali
ngwi thh a
ckers,but
ra
therwi t
hp eoplewh ohaves t
olenhackertechn ology
,an dtheirintenti
oni stou sei
tto
st
ealmo re
. Youd on’
twan t
tob esuscept
ibl
et othisjuveni
lebe havior,soi
t’sb es
ttoinst
all
agoo dfi
rewa l
lrightaway,gowi t
hCo mo doFr eeFirewall,Go ogleit.It
’sde ce
ntp r
otec
-
ti
onfromas tr
ongc ompany,buttheg oodpa r
tofi ti
s,youc anse tittosafemo de.Itwill
askyo ueve r
yt i
mea nyc ompo nentony oursystemr equestsprivileges
.Th i
sisag ood
thi
ng,youwa ntt
ok eepyourp ri
vil
egesy ourveryo wn.Th esea ret wos imp leti
p sthat
wou l
ds a
veal otofgri
efissome onereadsthema ndtrie
stoa dheretot hei
rsimp li
cit
y.Just
watchy ourstuf
f,it
’sajungleoutthere
.
28THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 I
T’SMAGI
C
Aut
hor:
AnnSmi
th(
Exe
cut
iveEdi
tor
)

Il
ovehacker
s.Hacki
ngiswell
,ma gi
c.Hacki
ngmagi
cal
lyt
ransmi
tss
ome one
’sfe
eli
ngs
t
owardsapers
on,a
no r
gani
zat
ion,agove
rnment
,orac
orpor
ati
on.Gener
all
y,thef
eel
ing
be
ingexpr
esse
dis“Fuc
kYo u.
”

AsaFa
cebooke
r,Iha
vema defri
endsanda
cqua
int
anc
eswi
thqui
teafe
wh a
cke
rs.Iha
ve
ha
dafi
rstr
ows e
att
oc ount
les
s“TangoDowns
”inever
yfi
el
dimagi
nabl
e.

It
hinkthemostmagic
althi
ngaboutha
ckingi
sthatt
hep e
opl
edoingevili
ntheworl
dar
e
sudde
nlyatt
heme r
cyofagroupofmo t
iva
tedandethi
cal
lyr
espons
ibl
eme nandwomen.
Mena ndwome nwhoaregrowi
nginrabi
dn umber
sandtaki
ngovertheint
erne
tasi
tha
s
neve
rb e
enseenbef
ore.

Jus
ttoday
,ins
uppor
tofJul
ianAss
ange,ha
cker
swe r
ewre
akingha
vocwithBri
tai
n’sgov-
er
nme nta
ndlawenf
orce
me ntwe
bsit
es.Theyeve
ntookdownScotl
andYar
d!Ah hh,t
he
magicofit
!

I
tisa
boutt
imethepeopl
eofthewo r
ldha
dsomepower
.Foryea
rsal
lwecoul
ddoi
swiel
d
t
hepois
onpenorta
ketothes t
ree
ts.Now,wehaveanewandeve
rimpr
ovi
ngmethodof
s
endi
ngame ss
agetocorrupt
ionandimmor
ali
ty
.

EnterXlegi
onHacke
rs.Ag r
oupo fyoung,bri
ghtandonther
eadyt
oma keli
femis
era
ble
forpeopl
eengage
dinc or
rupt
ion,chi
ldporn,unf
airbus
ine
sspra
cti
ces
,scammers
,spam-
me r
s,andjus
tpl
aini
diot
s.

I
tsl
eade
r,Ant
honySmi
th,mar
che
sh i
str
oopsi
ntoke
yboa
rdba
tt
lewi
the
xpe
rte
ffi
cie
ncy
,
a
cti
ngassmoot
hasbut
tera
nddea
dlyaspoi
son.

Takeamomenta
ndcli
ckonthi
sPast
ebi
nandpe
rus
ethes
eemi
ngl
yendl
essl
is
tofhi
svi
c-
ti
ms.ht
tp:
//
www.pa
ste
bin.
com/u/
xL3gi
0n

And,youknowwh a
t?Theworl
dneedspe
opl
eli
keAnthonySmith.Kidswhoar
epoli
ti
-
ca
ll
yawa r
e,unde
rst
andt
hatt
hei
rfut
uresa
reats
takea
ndab horwhati
shappe
ningt
othe
goodc
iti
zensoft
heworl
d.

Government
s,cor
ruptcor
porat
ionsandpeoplewhot
akeadvant
ageofothe
rsneedt
opay
at
tent
ionandbeafra
id.Ve r
ya f
rai
d.Ac t
inginwaystha
td e
gra
delivi
ngandremovet
he
chanc
eforthes
ekidstosuccee
dinlifeandpros
peri
sgoingtogetyouadef
ace
dwe bs
it
e
anddest
roye
drecords
.Yo ucancountonit.

29THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Forusnon-
tec
hnicalpeopl
e,wegett
heple
asur
eofse
eingsomethi
ngweha
vewant
edfor
al
o ngt
ime.Just
ice.Itismagi
calj
ust
ic
ethatt
he“l
it
tl
ep e
rson”nowha
savoi
cet
hrough
he
ro’sl
ikeAnthonySmith.

Iwon ’t
arguethel
egalque
stionofhacki
n g.Thepeopl
eh avebeendup e
d,use
danda bus
ed
atthehandso fgove
rnment,corpor
ati
onsa ndot
he rgr
oup se
nga ge
di nthemosthei
nous
il
legalact
ivi
ti
es.Everyda
yp eopledi
ea tthehandsofthe
s ec
riminalswhorunfre
ewh il
e
thegoodp eopl
eaddre
ssi
ngthe i
rdir
tydeedsruntheri
sko far
restandhara
ssment
.

VivaLaXLe
gionHa c
kersa
ndtheAnt
honySmi
thsoft
hewor
ld.Wene
edyou.Yougi
ve
usavoic
ewecannotspe
akour
sel
ves
.

Ant
honyisalwayslooki
ngforgoodc
ybe
rsol
die
rsa
ndyouc
anr
eac
hhi
m a
t
f
ace
book.
com/
xl3gi
0nha
cker
s.
gov

Af
tera
ll,i
tisa
llf
ucki
ngma
gic
!

Iwascuri
ousa
swh atwha
tyounghacke
rswer
et hi
nki
ng.
..
.he
reisashor
tint
ervi
ewwi t
h
some
onewh ohasjoi
nedt
her
an ksoft
hephenomenoncal
le
dAn onymous.Hisnameis
Anon.
kidandhere
pres
ent
swhati
shappeni
ngi
nt hemove
me nta
ndwh e
reiti
sgoing.

Q:Howdidyoubecomeint
eres
tedinHac
kingandinternets
ecuri
tyiss
ues?
A:Iha
d2c ousi
nswh o'
spr
ofes
sionwasne
twor
ks ecur
it
y,theyshowedmewh a
tthe
y
whe
redoi
nga
ndt ookmeunde
rther
ewingandt
aughtmee ve
ryt
hingt
h e
yk ne
w.

Q:Ho wlonghaveyoubee ni
nv ol
vedinHa cki
ngandhadaninter
esti
ntheint
ernet
?
A:Iha
vebeenint
ere
stedi
nitforabout
3a ndahal
fye
arsbut
didnot
useanyt
hingIl
ear
ned
t
oeff
ectot
herwebsi
tesunt
ilaboutayeara
g o.

Q:Wha ti
mpa c
tdoy outhi
nkwec anhaveonthewor
ldthr
ought
heuseofhac
king?
A:Wen ee
dt oexpa
ndo urknowl
edgeofwhatacomput
erca
ndoinor
dert
oh el
pwith
t
echnol
ogi
calde
vel
opme nti
nthef
utur
e.

Q:Wha tarey ourt hought so nthes t

a t
eofpo li
ti
csg l
oba l
lya ndwha twouldy oulike
toseehappe nint hefutur eint ermso fhowy ouwa ntg overnme ntstoact
?
A:AsIs eeit,theg overnme nt
sa r
etwisti
ngthewo rdsofthec onst
itut
iontobene
fitthe
m-
sel
vesanda llthe
yd oi sgeto urh ope
su phighe
ra ndhigherjusttobetosse
dintot
h ewind.
Iwo ul
dliket oseetheg overnme ntl
ist
entothep e
o pl
emo re.Atl e
a s
ttr
ytoco meu pwith
abil
lthatwillbenefiteveryone '
sn ee
dso rgi
veu sopti
onso fwh atwec a
nd otooma keour
l
ivesandou rfamilie
sl i
vesb et
te randhaveab r
ighterfut
ure.Iwo uldli
ketoseenothaving
ajobn ot
hingt owo rryabo uto rmi s
singoutono neh ous
ep ay mentwo n'
tmakey oulose
you'
rehome .

30THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14
 Q:Whydoy out hinkyoungpe opl
ea resoatt
racte
dt othei nt
ernetandha cki
ng ?
A:We l
l ,Ibel
ievesincecomputer
sco nt
inuet
oa dva
ncejo bswewi l
lalwaysbeo penforit
andthatdrawsalo tofat
tent
iontoit
.Wi t
hthousa
ndso fnewwe bs
it
esbeingposte
de very-
day,t
hatma kestheh acke
rindema ndcausenoonewa ntstolosemon e
y/cust
ome r
scau s
e
t
heyg oth a
ckedan dpriva
teinf
ormationwasst
oleniftheya c
tirr
esponsi
bly
.

Q:Doyoufearget
ti
ngc aughtandwha twoul
dy oudoift hathappened?
A:Somet
imesIthi
nka boutit
.No tal
ltha
tmuc hthough.Thef ir
stt
h i
ngIwo ul
dd oi
s
dema
ndalawyert
odefendmyc ase
.IfIknewforsur
etheywh e r
egoingtocomea f
terme,
Iwoul
ddest
roymyc omputerandgetr
idofanyt
hingtha
tl e
a dstomeb rea
chingnetwor
k
se
cur
it
y

Q:Wha ttypesofhacki ngdoy ouparti

cipateina ndho wa sitma deadiffe
rence?
A:It
allre
allydependso nwh oIamwo rki
ngwi th.
Ifitisagroupo fnewbi
eswh ojust
wa nt
t
ota
ked ownawe bs
it
e, Iwillt
ellt
hemtojustuseaDo S.Besidesthat
,myfavori
teisusi
ng
amaninthemiddleatt
a cktoobta
ininf
orma t
ion.Aloto ft
heh acksIhavebeendoi
nglatel
y
i
spas
swo r
dc rac
kingtog ai
na cc
essint
owe bsi
tesforOp era
tionAs s
angeandIthi
nkittake
s
ahi
tonc omp a
niesthatwea tt
ackandshowst hemt hatthelawst he
ya r
ed e
fendi
ngma ke
NOsenseandt he
ircustome r
sarenothappywi t
hwh a
tt he
ya redoing.

Q:Wha tisthefutur eforhacking?Wi l

litincreas
e?Wi llitma keahug eimpac t
?
A:Ib el
ieveitwillcon t
inuetoshowp e
opleth a
tgivi
ngc ompa ni
estheiri
n f
ormat
ionisnot
assafeasyout hi
n k.
Ib el
ievepeoplei
nthen earfut
urewil
lrea l
izethatanyt
hingyoudoo n
yourcomp ut
e rcanb emo nit
oredanduseda sblackmailfrom ah acker
.Itwil
lsoonma ke
peoplet
h i
nkt wicebeforetheyusethecredi
tc ar
dtob uysome thi
ngo ffEbayoranyo t
her
si
tes.Also,i
twi llwak eupco r
ruptbus
ines
se sandgovernmen t
sthatthep e
oplea
relist
en-
i
n gandwa tc
h ingandt hei
rwe bsi
teswil
lbet akendownu nle
s stheystar
tacti
ngrespons
i-
bly.

Q:Wha tareyourpas
sionsandg oalsfort
hefuture?
A:Ienjoyl
ear
ningaboutcomp ut
ersandhowtheywo rkandsha
ringitforot
her
stose
e.I
hopetha
tIwil
lgett
obeag oodg uyinthecybe
rwo r
ldandusewhatIh a
velear
nedtohe
lp
ot
hersouta
ndkeepinf
ormationsafe.Fornow,I
'mjustenj
oyi
ngwh atIknow.

31THN-Magazi
ne|Sept
ember2012 ht
tp:
//
magazi
ne.
thehacker
news.
com |I
ssue14