Stealing the Network: How to Own the Box

"Steal This Network" is not another of the countless hacker books out there, but an edgy, provocative, attack-oriented series of chapters written in a firsthand, conversational style. World-renowned network security personalities present a series of 25-to-30-page chapters written from the point of view of an attacker who is gaining access to a particular system.







Synopsis
"If you want to hack into someone else's network, the week between Christmas and New Year's Day is the best time. I love that time of year" (from Chapter 1, "Hide and Sneak"). Written by a team of network security professionals, this volume contains a series of fictional short stories demonstrating the techniques commonly used by criminal hackers. The appendix provides an overview of the "Laws of Security" and discusses ways to mitigate many of the attacks detailed in the book. Annotation © 2004 Book News, Inc., Portland, OR

Annotation
"Steal This Network" is not another of the countless hacker books out there, but an edgy, provocative, attack-oriented series of chapters written in a firsthand, conversational style. World-renowned network security personalities present a series of 25-to-30-page chapters written from the point of view of an attacker who is gaining access to a particular system.

Stealing the Network: How to Own the Box is a book about breaking into computer systems by various means, ranging from obtaining physical access to network intrusion. There are lots of books on computer security and on breaking into computer systems. What is unusual about this book is that it is composed of fictional stories based around various "exploits" to gain access to computer systems. The book has nine authors: Ryan Russel, Tim Mullen, FX, Dan Kaminsky, Joe Grand, Ken Pfeil, Ido Dubrawsky, Mark Burnett and Paul Craig. Each wrote a chapter, except for Ryan Russel who edited the book and wrote two chapters. All of the authors are involved in computer security or computer intrusion (or perhaps both at differing points in their lives).

The fictional nature of the book makes it readable, although Stealing the Network is not exactly Neuromancer. Most of the chapters revolve around a different fictional character using various methods for gaining unauthorized access to computer systems. These include "social engineering" - obtaining information or physical access by gaining the confidence of people at a company. Some are attacks are sophisticated. One vignette involves a beautiful woman hacker who specializes in hacking into printers.

One of the objectives of the authors of Stealing the Network is to get you to think about computer security in new ways. Before reading Stealing the Network I had never thought of printers as possible targets for intrusion attack. Printers have evolved into full network devices that run some form of operating system, which supports the network stack software. Although printers are increasingly powerful computers, they started out as dumb devices (raise your hand if you remember the old "chain" printers) so there is a tendency keep thinking of them as the dumb devices. This means that the network security on a printer may be non-existent. Since the printer can communicate with the rest of the network, it can serve as a platform for attack (as a network proxy if nothing else).

Although the characters in Stealing the Network are fictional, the techniques and software tools are real. The attack described in each chapter also includes a description of the software tools used (in some cases including the web site that publishes the software). The details of the attack are also broken down. Unless you have a real passion for the fine details of computer security and intrusion, these accounts can become tedious in places.

The appendix of Stealing the Network is titled Laws of Computer Security which attempts to summarize some of the issues raised in the stories. Stealing the Network is a valuable reference for those who want to understand current security exploits. The usefulness of the book as a reference is harmed by the fact that it does not include an index.

We wouldn't have to spend so much time, money, and effort on network security if we didn't have such bad software security. Think about the most recent security vulnerability about which you've read. Maybe it's a killer packet that allows an attacker to crash some server by sending it a particular packet. Maybe it's one of the gazillions of buffer overflows that allow an attacker to take control of a computer by sending it a particular malformed message. Maybe it's an encryption vulnerability that allows an attacker to read an encrypted message or to fool an authentication system. These are all software issues.

Bruce Schneier, from the forward to Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw, Addison-Wesley, 2002

Computer security is viewed by many people as "cool". Case, the cyberspace cowboy in Neuromancer hacking into computer systems. The mirror of Case is the computer security guru who protects the system with their vast store of knowledge. Some computer security "gurus" have even gained their fifteen minutes of media fame (can you say Satan). The truth is that network computer systems are vulnerable because of human limitations. While computer security is important, it may come as a shock to those who attend conferences like Black Hat to learn that computer security is not as cool as they think it is.

The design and implementation of secure computer networks, or at least networks that will not fall to most of the attacks described in Stealing the Network are not waiting for new results from computer science research or software engineering. As Bruce Schneier points out above, the problems that are encountered in computer security are frequently the result of well understood issues. For example, many of the computer network attacks that are described in Stealing the Network are buffer overflow attacks. Methods for avoiding buffer overflow problems have been known for something like 30 years.

There are two major historical factors that have lead to the poor state of computer security that prompts me to read books like Stealing the Network. These are:

Susceptibility to buffer overflow attack (as noted above)

The C/C++ programming languages have been used to implement every major operating system in use today (e.g., Windoz, UNIX and Linux). This includes the operating systems that run on network routers, like Cisco's IOS. Most, if not all, of the buffer overflow attacks result from the lack of compiled range checks in C/C++.

A range check allows buffer (array) overflows to be caught at runtime. For example, a potential buffer overflow problem exists in the code below (which calls the POSIX function gets).

#define SIZE 80
char buf[SIZE];

while (! gets( buf )) {
....
}

In this code a stream of text, terminated by a newline character, is read from the POSIX standard input (which might be connected to a TCP/IP socket). If the stream of text is longer than 80 characters, it will overwrite data which is stored following buf. A text stream of just the right size may overwrite the return address for a function (possibly the function that called the current function), allowing the attacker to insert and execute their own code.

Compilers for languages like Pascal and Java insert code that checks that an array (buffer) access is within the bounds of the memory allocated for the array. If there is an access beyond the end of the array, a runtime error will result. The software will fail, but the intruder will not gain access to the system.

The equality between arrays and pointers in C makes it very difficult, if not impossible to compile range checked into C. The designers of C (Kernighan and Ritchie) might have designed the language differently if they had realized that it would become the lingua franca of software. C was designed so that it could be efficiently translated into the Digital Equipment Corporation PDP instruction set. This allowed C to be used as an efficient vehicle to implement operating system software (e.g., the early versions of UNIX). The extra code generated by the compiler to support range checks was anathema to the concentration on efficiency in C.

Since every operating system in wide spread use has been implemented in C (or C++), the historical decisions in the C programming language resulted in many of the computer network vulnerabilities that exist today.







Microsoft Software

The most commonly attacked and penetrated computer systems run various versions of Microsoft's Windows operating system. The original root of the security problems in Windows based operating systems comes from the fact that Microsoft's model for computation is a computer system, running Microsoft Windows, on every desktop, joined by a network that supports simple operations like printing. Unlike UNIX, which evolved on systems joined by the Internet, the Internet was not part of Microsoft's world view until it exploded into popular culture. In Microsoft's view, computers running Windows would only communicate with other computers running Windows within a corporate network. The Web did not exist in this world view and computer networks where not heavily connected to the outside world. As a result, network security was not an issue Microsoft considered much.

Microsoft implemented features like OLE (Object Linking and Embedding) which allows a Microsoft Word document to include a spread sheet constructed with Microsoft Excel. By clicking on the spread sheet you can bring up Excel and make changes in the spread sheet. By allowing code execution to be started from a document, which could be sent via e-mail, Microsoft laid the foundation for security holes which are probably still not fixed.

All this is old history with Microsoft and a larger question exists: Why did Microsoft not take action to re-architect their software when it became obvious that the foundation for their design view was wrong? The fact that viruses have exploited vulnerabilities in Microsoft e-mail for years is simply inexcusable.

As Stealing the Network points out, there is no way to build a computer system that cannot be successfully attacked by some means. If nothing else, high levels of security make computer systems difficult to use. UNIX was designed in reaction to the secure, but difficult to use, MULTICS operating system. Systems that are difficult use to may be compromised as their users open holes to make their jobs easier.

While recognizing the limitations of computer security, it is still obvious that computer security could be greatly improved if people simply applied the knowledge that engineers and computer scientists have had for many years. Many of the vulnerabilities exploited by the characters in Stealing the Network would not exist if this happened. Firewalls and network intrusion detection systems exist to protect against problems that could have been avoided.

A Note on Terminology
The computer security/hacker community, like any community, has developed their own set of jargon. Some of this is generally familiar in the software world. The one term that I found unfamiliar was the term "0-day exploit". I did not find an explaination for this term in this book, but I later found that it means an exploit with 0-days of warning before the attack.

For example, it frequently happens that a vulnerability is announced for Microsoft operating systems. An attack does not appear for some number of days, so there is some chance to install software to protect the system.

In a 0-day exploit a previously unknown exploit becomes known only as a result of a successful attack. Those who manage the computer system have 0-days of warning. The security research community hopes to keep ahead of those who attack computer systems. But as the potential profits from system attacks increase 0-day attacks become inevitable.

Credit to Ian Kaplan

Stealing the Network: How to Own the Box is a couple years old, and is the first in a series of books that provide information on computer and network security by combining fictional narratives with genuine techniques. It is not written as a "how-to" guide, which makes it an easier read for a non-geek, though there is enough real technical information contained in the short stories to give a sysadmin or security enthusiast something to go on.

The book is divided into ten chapters (and an appendix that non-geeks may take a pass on), each one of which gives a short story dealing with some aspect of security. While there are clear roles associated with the protagonist in each story -- some white hat, some black -- overall the book does a nice job of presenting the information in a useful way without imposing morals on the reader. The stories give a wide variety of scenarios, which include:
- a general "break into a network" hack
- worm analysis
- hardware hacking
- printer security
- hacking without hacking (relying on the general laziness of users)
- wireless security
- social engineering
- forensics and post-incident analysis

The narratives are all more or less easy to follow (though a couple are somewhat long and dull), and help to illustrate good security by showing just how powerful poor security can be in the hands of an attacker. By riding shotgun on several different scenarios, you can spot the weak points and see where exactly vulnerabilities can be exploited. It shows that many networks, even those with SOME security in place, can often still be compromised relatively simply. Although it has been repeated to the point of being cliche, it is true that a chain is only as strong as its weakest link -- and many times, the weakest link is plain human laziness or ignorance.

This book is a quick read; I finished it in a little over a week. However, the effect it has had on me will be much longer-lasting. Although it is a bit dated by modern standards, there is enough real information to serve as a reminder that, while it is easy to talk about security on a web forum, true security is found only when you roll up your sleeves and get your hands dirty. It is not always enough to assume you are secure simply because you know a thing or two about firewalls and Windows Update. Security is a process, and it ends up being a process that is never truly finished.

I would like to close by sharing a quote from the book that, for some reason, has stuck with me:

What's funny is that I've never needed to resort to some fancy theoretical exploit that security researchers talk about, because the script kiddy stuff usually works just fine. I've seen administrators go to great lengths to prevent man-in-the-middle attacks. But I've never actually used such an attack myself, I don't know anyone else who has used one, and I don't know anyone who was ever a victim of one.

I highly recommend this book to anyone with a real interest in the guts of security. The dead tree edition retails for around US$50, though you can probably find a cheaper one used, or if you don't mind reading electronic copy (or if you have a printer that can handle it), you can download the eBook.

From the Publisher
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.

Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions








Table of Contents
Chapter 1: Hide and Sneak--Ido Dubrawsky

Chapter 2: BabelNet--Dan Kaminsky

Chapter 3: The Worm Turns--Ryan Russell and Tim Mullen

Chapter 4: Just Another Day at the Office--Joe Grand

Chapter 5: h3X's Adventures in Networkland--FX

Chapter 6: The Thief No One Saw--Paul Craig

Chapter 7: Flying the Friendly Skies--Joe Grand

Chapter 8: dis-card--Mark Burnett

Chapter 9: Social (In)Security--Ken Pfeil

Chapter 10: The Art of Tracking--Mark Burnett

Appendix: The Laws of Security



Read an Excerpt
From Chapter 5, The Thief No One Saw
This is my story. My name is Dex. I'm a 22-year-old systems administrator. I live in an upper-class apartment in New York's CBD. My apartment is lined with computers, coffee cups, and cables. I work eight hours a day for a small online e-commerce site, mostly managing servers and security.

In my free time, I run my own contract development company, writing mostly C/C++. I also moonlight as a "Rent a Thief" for a black market media "distribution" company based out of Taiwan. On demand, I hack into companies and steal whatever is required. Usually, it's a new, highly anticipated game or a large, expensive CAD (computer-aided design) software package. Once, I was even asked to steal software used to design a nuclear power plant. I don't ask questions. This thievery doesn't stop at software, though. There is big money in commercial plans, financial data, and customer contact lists, as well.

I do this because I enjoy the rush and the feeling of outsmarting someone else. I never tell anyone else about a hack, and to date, only a few companies I've hit even suspected that they had been hacked. I am not a part of the typical hacker community, and I always work alone....

Slashdot.org
Stealing the Network is a refreshing change from more traditional computer books. The authors have created fictional stories based on non-fictional concepts that could really happen to our computer systems today. The realistic fiction approach makes the book much lighter to read and actually entertaining. I also believe this approach makes the true methods behind the fictional stores much more memorable then memorizing thousand page textbooks.

Wired
Stealing The Network: How to Own the Box, a compendium of tales written by well-known hackers, is a perfect summer read. The stories are fictional. The technology and techniques described are very real … At 328 pages, Stealing the Network is a summer blockbuster without the nonsense that packs the pages of most warm-weather reads. It's entertaining, but it won't leave your brain gagging on an overdose of fluff.

Amazon.com
Stealing the Network is a book of science fiction. It's a series of short stories about characters who gain unauthorized access to equipment and information, or deny use of those resources to the people who are meant to have access to them. The characters, though sometimes well described, are not the stars of these stories. That honor belongs to the tools that the black-hat hackers use in their attacks, and also to the defensive measures arrayed against them by the hapless sysadmins who, in this volume, always lose. Consider this book, with its plentiful detail, the answer to every pretty but functionally half-baked user interface ever shown in a feature film.
One can read this book for entertainment, though its writing falls well short of cyberpunk classics like Burning Chrome and Snow Crash. Its value is in its explicit references to current technologies--Cisco routers, OpenSSH, Windows 2000--and specific techniques for hacking them (the heroes and heroines of this book are always generous with command-history dumps). The specific detail may open your eyes to weaknesses in your own systems (or give you some ideas for, ahem, looking around on the network). Alternately, you can just enjoy the extra realism that the detail adds to these stories of packetized adventure. --David Wall


Product Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT another one of the countless Hacker books out there. So, what IS it? It is an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book portrays the "street fighting" tactics used to attack networks and systems.

Not just another "hacker" book, it plays on "edgy" market success of Steal this Computer Book with first hand, eyewitness accounts
A highly provocative expose of advanced security exploits
Written by some of the most high profile "White Hats", "Black Hats" and "Gray Hats"
Gives readers a "first ever" look inside some of the most notorious network intrusions

Download Description
"Stealing the Network: How to Own the Box" is NOT intended to be a "install, configure, update, troubleshoot, and defend book." It is also NOT going to be another one of the countless Hacker books out there now by our competition. So, what IS it going to be? "Stealing the Network: How to Own the Box" is going to be an edgy, provocative, attack-oriented series of chapters written in a first hand, conversational style. World-renowned network security personalities will present a series of 25 to 30 page chapters written from the point of an attacker who is gaining access to a particular system. This book will portray the "street fighting" tactics used to attack networks and systems. --This text refers to the Digital edition.

Book Info
(Syngress Publishing) Combines fictional stories with real technology. Provides a glimpse into the creative minds of some of today's best hackers. Softcover.

From the Publisher
In the real world, hackers go after the "low-hanging fruit." They take the least risk and go for the greatest reward. They often act alone or in small groups. They don’t have government funding or belong to world criminal organizations. What they do have is spare time and a lot of curiosity, and believe me, hacking takes a lot of time. Some of the best hackers spend months working on one exploit. At the end of all that work, the exploit may turn out to not be reliable or to not to function at all! Breaking into a site is the same way. Hackers may spend weeks performing reconnaissance on a site, only to find out there is no practical way in, so it’s back to the drawing board.

In movies, Hollywood tends to gloss over this fact about the time involved in hacking. Who wants to watch while a hacker does research and test bugs for weeks? It’s not a visual activity like watching bank robbers in action, and it’s not something the public has experience with and can relate to. In the movie "Hackers," the director tried to get around this by using a visual montage and some time- lapse effects. In "Swordfish," hacking is portrayed by drinking wine to become inspired to visually build a virus in one night. One of the oldest hacking movies, War Games, is the closest to reality on the big screen. In that movie, the main character spends considerable time doing research on his target, tries a variety of approaches to breaking in, and in the end, is noticed and pursued.

But what if …? What would happen if the attackers were highly motivated and highly skilled? What if they had the guts and skills to perform sophisticated attacks? After a few drinks, these authors of the book you are holding in your hands are/were quick to speculate on what would be possible. Now, they have taken the time and effort to create ten stories exploring just what it would take to own the network.

About the Author
Dan Kaminsky, also known as Effugas, is a Senior Security Consultant for Avaya's Enterprise Security Practice, where he works on large-scale security infrastructure. Dan's experience includes two years at Cisco Systems, designing security infrastructure for cross-organization network monitoring systems, and he is best known for his work on the ultra-fast port scanner, scanrand, part of the "Paketto Keiretsu," a collection of tools that use new and unusual strategies for manipulating TCP/IP networks.

FX of Phenoelit has spent the better part of the last few years becoming familiar with the security issues faced by the foundation of the Internet, including protocol based attacks and exploitation of Cisco routers. He has presented the results of his work at several conferences, including DefCon, Black Hat Briefings, and the Chaos Communication Congress.

Mark Burnett is an independent security consultant, freelance writer, and a specialist in securing Windows-based IIS Web servers. Mark is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3).

Joe Grand is the President and CEO of Grand Idea Studio, Inc., a product design and development firm that brings unique inventions to market through intellectual property licensing. As an electrical engineer, many of his creations including consumer devices, medical products, video games and toys, are sold worldwide. A recognized name in computer security and former member of the legendary hacker think-tank, The L0pht, Joe’s pioneering research on product design and analysis, mobile devices, and digital forensics is published in various industry journals.

Ido Dubrawsky (CCNA, CCDA, SCSA) is a Network Security Architect working in the SAFE architecture group of Cisco Systems, Inc. His responsibilities include research into network security design and implementation.

Paul Craig is a network administrator for a major broadcasting company in New Zealand. He has experience securing a great variety of networks and operating systems. Paul has also done extensive research and development in digital rights management (DRM) and copy protection systems.

Ken Pfeil is a Senior Security Consultant with Avaya's Enterprise Security Consulting Practice, based in New York. Ken's IT and security experience spans over 18 years with companies such as Microsoft, Dell, Identix and Merrill Lynch in strategic positions ranging from Systems Technical Architect to Chief Security Officer. While at Microsoft, Ken co-authored Microsoft's Best Practices for Enterprise Security white paper series, was a technical contributor to the MCSE Exam, Designing Security for Windows 2000 and official curriculum for the same.

Timothy Mullen is CIO and Chief Software Architect for AnchorIS, a developer of secure enterprise-based accounting solutions. Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles. Also known as Thor, he is the founder of the "Hammer of God" security coop group.

Ryan Russell has worked in the IT field for over 13 years, focusing on information security for the last seven. He was the primary author of Hack Proofing Your Network: Internet Tradecraft (Syngress Publishing, ISBN: 1-928994-15-6), and is a frequent technical editor for the Hack Proofing series of books. Ryan founded the vuln-dev mailing list, and moderated it for three years under the alias "Blue Boar." Ryan is the Director of Software Engineering for AnchorIS, where he's developing the anti-worm product, Enforcer.