'lulzsec' Episodes

Topiary: You Cannot Arrest An Idea

     11/18/2019

You Cannot Arrest An Idea Welcome to the History of Computing Podcast, where we explore the history of computers. Because understanding the helps us handle what’s coming in future - and maybe helps us build what’s next, without repeating some of our mistakes. Or if we do make mistakes, maybe we do so without taking things too seriously. Todays episode is a note from a hacker named Topiary, which perfectly wraps feelings many of us have had in words that… well, we’ll let you interpret it once you hear it. First, a bit of his story. It’s February, 2011. Tflow, Sabu, Keila, Topiary, and Ryan Ackroyd attack computer security firm HBGary Federal after CEO Barr decides to speak at a conference outing members of then 7 year old hacking collective Anonymous with the motto: We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us. As a part of Anonymous he would help hack Zimbabwe, Libya, Tunisia and other sites in support of Arab Spring protestors. They would go on to hack Westboro Baptist Church live during an interview. But that was part of a large collective. They would go on to form a group called Lulzsec with PwnSauce and AVunit. At Lulzsec, the 7 went on a “50 days of Lulz” spree. During this time they hit Fox.com, leaked the database of X factor Contestants, took over the PBS news site and published an article that Tupac was still alive and living in New Zealand. They published an article on the Sun claiming Rupert Murdoch died rather than testify in the voice mail hacking trials that were big at the time. They would steal data from Sony, DDoS All the Things, and they would go on to take down and or steal data from the US CIA, Department of Defense, and Senate. The light hearted comedy mixed with a considerable amount of hacking skills had earned them the love and adoration of tens of thousands. What happened next? Hackers from all over the world sent them their Lulz. Topiary helped get their haxies posted. Then Sabu was caught by the FBI and helped to out the others. Or did he. Either way, as one could expect, by July 2011, all had been arrested except AVunit. Topiary’s last tweet said “You cannot arrest an idea.” The British government might disagree. Or maybe counter that you can arrest for acting on an idea. Once unmasked, Jake Davis was in jail and then banned from the Internet for 2 years. During that time Topiary, now known as Jake Davis, wrote what is an exceptional piece of writing, to have come from a 20 year old. Here it is: “Hello, friend, and welcome to the Internet, the guiding light and deadly laser in our hectic, modern world. The Internet horde has been watching you closely for some time now. It has seen you flock to your Facebook and your Twitter over the years, and it has seen you enter its home turf and attempt to overrun it with your scandals and “real world” gossip. You need to know that the ownership of cyberspace will always remain with the hivemind. The Internet does not belong to your beloved authorities, militaries, or multi-millionaire company owners. The Internet belongs to the trolls and the hackers, the enthusiasts and the extremists; it will never cease to be this way. You see, the Internet has long since lost its place in time and its shady collective continues to shun the fact that it lives in a specific year like 2012, where it has to abide by 2012’s morals and 2012’s society, with its rules and its punishments. The Internet smirks at scenes of mass rape and horrific slaughtering followed by a touch of cannibalism, all to the sound of catchy Japanese music. It simply doesn’t give tuppence about getting a “job,” getting a car, getting a house, raising a family, and teaching them to continue the loop while the human race organizes its own death. Custom-plated coffins and retirement plans made of paperwork… The Internet asks why? You cannot make the Internet feel bad, you cannot make the Internet feel regret or guilt or sympathy, you can only make the Internet feel the need to have more lulz at your expense. The lulz flow through all in the faceless army as they see the twin towers falling with a dancing Hitler on loop in the bottom-left corner of their screens. The lulz strike when they open a newspaper and care nothing for any of the world’s alleged problems. They laugh at downward red arrows as banks and businesses tumble, and they laugh at our glorious government overlords trying to fix a situation by throwing more currency at it. They laugh when you try to make them feel the need to “make something of life,” and they laugh harder when you call them vile trolls and heartless web terrorists. They laugh at you because you’re not capable of laughing at yourselves and all of the pointless fodder they believe you surround yourselves in. But most of all they laugh because they can. This is not to say that the Internet is your enemy. It is your greatest ally and closest friend; its shops mean you don’t have to set foot outside your home, and its casinos allow you to lose your money at any hour of the day. Its many chat rooms ensure you nao longer need to interact with any other members of your species directly, and detailed social networking conveniently maps your every move and thought. Your intimate relationships and darkest secrets belong to the horde, and they will never be forgotten. Your existence will forever be encoded into the infinite repertoire of beautiful, byte-sized sequences, safely housed in the cyber cloud for all to observe. And how has the Internet changed the lives of its most hardened addicts? They simply don’t care enough to tell you. So welcome to the underbelly of society, the anarchistic stream-of-thought nebula that seeps its way into the mainstream world — your world — more and more every day. You cannot escape it and you cannot anticipate it. It is the nightmare on the edge of your dreams and the ominous thought that claws its way through your online life like a blinding virtual force, disregarding your philosophies and feasting on your emotions. Prepare to enter the hivemind” I hope Topiary still has a bit of funsies here and there. I guess we all grow up at some point. He now hunts for bug bounties rather than Lulz. One was addressed in iOS 10.13.1 when you could DoS an iOS device by shoving a malicious file into CoreText. That would be CVE-2017-7003. Hacking solutions together or looking for flaws in software. It can be like a video game. For better or worse. But I love that he’s pointed that big ugly Victorian ASCII humble boat in the direction of helping to keep us betterer. And the world is a more secure place today than it was before them. And a bit more light hearted. So thank you Topiary, for making my world better for awhile. I’m sorry you paid a price for it. But I hope you’re well.


Clifford Stoll and the Cuckoo’s Egg

     12/3/2021

A honeypot is basically a computer made to look like a sweet, yummy bit of morsel that a hacker might find yummy mcyummersons. This is the story of one of the earliest on the Internet.

Clifford Stoll has been a lot of things. He was a teacher and a ham operator and appears on shows. And an engineer at a radio station. And he was an astronomer. But he’s probably best known for being an accidental systems administrator at Lawrence Berkeley National Laboratory who setup a honeypot in 1986 and used that to catch a KGB hacker.

It sounds like it could be a movie. And it was - on public television. Called “The KGB, the Computer, and Me.” And a book.

Clifford Stoll was an astronomer who stayed on as a systems administrator when a grant he was working on as an astronomer ran out. Many in IT came to the industry accidentally. Especially in the 80s and 90s.

Now accountants are meticulous. The monthly accounting report at the lab had never had any discrepancies. So when the lab had a 75 cent accounting error, his manager Dave Cleveland had Stoll go digging into the system to figure out what happened. And yet what he found was far more than the missing 75 cents.

This was an error of time sharing systems. And the lab leased out compute time at $300 per hour. Everyone who had accessed the system had an account number to bill time to. Well, everyone except a user named hunter. They disabled the user and then got an email that one of their computers tried to break into a computer elsewhere.

This is just a couple years after the movie War Games had been released. So of course this was something fun to dig your teeth into. Stoll combed through the logs and found the account that attempted to break into the computers in Maryland was a local professor named Joe Sventek, now at the University of Oregon. One who it was doubtful made the attempt because he was out town at the time.

So Stoll set his computer to beep when someone logged in so he could set a trap for the person using the professors account. Every time someone connected a teletype session, or tty, Stoll checked the machine. Until Sventek connected and with that, he went to see the networking team who confirmed the connection wasn’t a local terminal but had come in through one of the 50 modems through a dial-up session.

There wasn’t much in the form of caller ID. So Stoll had to connect a printer to each of the modems - that gave him the ability to print every command the user ran. A system had been compromised and this user was able to sudo, or elevate their privileges. UNIX System V had been released 3 years earlier and suddenly labs around the world were all running similar operating systems on their mainframes. Someone with a working knowledge of Unix internals could figure out how to do all kinds of things. Like add a program to routine housecleaning items that elevated their privileges.

They could also get into the passwd file that at the time housed all the passwords and delete those that were encrypted, thus granting access without a password. And they even went so far as to come up with dictionary brute force attacks similar to a modern rainbow table to figure out passwords so they wouldn’t get locked out when the user whose password was deleted called in to reset it again.

Being root allowed someone to delete the shell history and given that all the labs and universities were charging time, remove any record they’d been there from the call accounting systems. So Stoll wired a pager into the system so he could run up to the lab any time the hacker connected. Turns out the hacker was using the network to move laterally into other systems, including going from what was ARPANET at the time to military systems on Milnet. The hacker used default credentials for systems and leave accounts behind so he could get back in later.

Jaeger means hunter in German and those were both accounts used. So maybe they were looking for a German. Tymenet and Pacbell got involved and once they got a warrant they were able to get the phone number of the person connecting to the system. Only problem is the warrant was just for California.

Stoll scanned the packet delays and determined the hacker was coming in from overseas. The hacker had come in through Mitre Corporation. After Mitre disabled the connection the hacker slipped up and came in through International Telephone and Telegraph. Now they knew he was not in the US. In fact, he was in West Germany. At the time, Germany was still divided by the Berlin Wall and was a pretty mature spot for espionage. They confirmed the accounts were indicating they were dealing with a German.

Once they had the call traced to Germany they needed to keep the hacker online for an hour to trace the actual phone number because the facilities there still used mechanical switching mechanisms to connect calls. So that’s where the honeypot comes into play. Stoll’s girlfriend came up with the idea to make up a bunch of fake government data and host it on the system. Boom. It worked, the hacker stayed on for over an hour and they traced the number.

Along the way, this hippy-esque Cliff Stoll had worked with “the Man.” Looking through the logs, the hacker was accessing information about missile systems, military secrets, members of the CIA. There was so much on these systems. So Stoll called some of the people at the CIA. The FBI and NSA were also involved and before long, German authorities arrested the hacker.

Markus Hess, whose handle was Urmel, was a German hacker who we now think broke into over 400 military computers in the 80s. It wasn’t just one person though. Dirk-Otto Brezinski, or DOB, Hans Hübner, or Pengo, and Karl Koch, or Pengo were also involved. And not only had they stolen secrets, but they’d sold them to The KGB using Peter Carl as a handler.

Back in 1985, Koch was part of a small group of hackers who founded the Computer-Stammtisch in Hanover. That later became the Hanover chapter of the Chaos Computer Club. Hübner and Koch confessed, which gave them espionage amnesty - important in a place with so much of that going around in the 70s and 80s. He would be found burned by gasoline to death and while it was reported a suicide, that has very much been disputed - especially given that it happened shortly before the trials.

DOB and Urmel received a couple years of probation for their part in the espionage, likely less of a sentence given that the investigations took time and the Berlin Wall came down the year they were sentenced.

Hübner’s story and interrogation is covered in a book called Cyberpunk - which tells the same story from the side of the hackers. This includes passing into East Germany with magnetic tapes, working with handlers, sex, drugs, and hacker-esque rock and roll. I think I initially read the books a decade apart but would strongly recommend reading Part II of it either immediately before or after The Cukoo’s Egg.

It’s interesting how a bunch of kids just having fun can become something far more. Similar stories were happening all over the world - another book called The Hacker Crackdown tells of many, many of these stories. Real cyberpunk stories told by one of the great cyberpunk authors. And it continues through to the modern era, except with much larger stakes than ever.

Gorbachev may have worked to dismantle some of the more dangerous aspects of these security apparatuses, but Putin has certainly worked hard to build them up. Russian-sponsored and other state-sponsored rings of hackers continue to probe the Internet, delving into every little possible hole they can find. China hacks Google in 2009, Iran hits casinos, the US hits Iranian systems to disable centrifuges, and the list goes on. You see, these kids were stealing secrets - but after the Morris Worm brought the Internet to its knees in 1988, we started to realize how powerful the networks were becoming.

But it all started with 75 cents. Because when it comes to security, there’s no amount or event too small to look into.


(OldComputerPods) ©Sean Haas, 2020