The Ethical Hacker Network - New Member

Emerson12

Guest

« on: February 25, 2009, 09:08:20 PM »

Hi …

I’m looking for research info for the purposes of a fictional novel and not sure if I’ve ended up in the right place. If not, I’m hoping someone could point me in the right direction.

I’m told that any system can be hacked into so based on that premise here is my scenario.
Someone is hacking into an Alarm company system after they have installed alarm systems in homes or business then drops in a virus that tells the system if there is an emergency (fire, break in etc.) not to respond. After the system malfunctions same person drops in another virus to delete the first virus so there are no record of the malfunction.

Therefore, the system looks/appears to be fine and everyone at the alarm company scrambling trying to find the hacker.

Question:
1) Is this scenario possible?
2) If so, can someone give me a general idea of how it can be done?
3) What kind of educational background would someone need to do this?
4) How would they catch the hacker?

Thanks....


	Logged

jason

Hero Member

Offline

Posts: 1012

Re: New Member - Looking for Information

« Reply #1 on: February 25, 2009, 10:19:42 PM »

1) Potentially, but it would be difficult without inside knowledge of the monitoring software used by the alarm company.

2) This would likely involve some sort of custom malware to subvert the monitoring software, as well a policing up any logs that the software kept. No need for multiple items of malware, the original should be able to delete itself if needed.

3) Programming to write the malware, likely some admin experience with the systems in question. Possibly some hacking or pen testing (maybe social engineering) experience to get things in place cleanly.

4) Some sort of flaw in the malware that caused it to misbehave and call attention to itself, and/or some sort of unintentional residual information left behind in the system.


	Logged

timmedin

Sr. Member

Offline

Posts: 469

Re: New Member - Looking for Information

« Reply #2 on: February 25, 2009, 10:48:43 PM »

1,2) He would either need to have inside knowledge or have a copy of the software. He could hack in and get the source code for the software. Might make your bad guy a little more ominous.

3) There are a lot of smart IT people that don't have a college background so this could vary quite wildly.

4) If he published the source code (see milw0rm.com) it could be traced back due to his mistake in not using a proxy and hiding his IP address. Could also be traced handle/tag/nick (whatever you call it) if he got cocky and used that name.


	Logged

twitter.com/timmedin | http://blog.securitywhole.com

Emerson12

Guest

Re: New Member - Looking for Information

« Reply #3 on: February 27, 2009, 04:42:37 PM »

Thank you both for the info. It was helpful. It gave me a starting point to my research.


	Logged

jason

Hero Member

Offline

Posts: 1012

Re: New Member - Looking for Information

« Reply #4 on: February 28, 2009, 09:20:07 PM »

Np, let us know how it goes.


	Logged

Jhaddix

Sr. Member

Offline

Posts: 317

Re: New Member - Looking for Information

« Reply #5 on: February 28, 2009, 10:31:10 PM »

Quote from: Emerson12 on February 25, 2009, 09:08:20 PM

This also depends on the communication channel the alarm software uses. Every alert system uses different means to contact the company, varying from an private telephone line, to a private network connection.

Most of the time, these alarms are set to go off if the software or settings are changed, or if the communications line is cut.

I would man in the middle the connection, by reverse engineering the software and finding where it dials to, then putting an inline device changing the alarm responses as they go across the wire...

This would take a good few months to engineer though :/


	Logged

GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/

jason

Hero Member

Offline

Posts: 1012

Re: New Member - Looking for Information

« Reply #6 on: February 28, 2009, 10:37:34 PM »

Hrmm it sounded to me like he was talking about putting false info into the monitoring end of the system. I imagine that there are several ways that this be approached though...


	Logged

Jhaddix

Sr. Member

Offline

Posts: 317

Re: New Member - Looking for Information

« Reply #7 on: February 28, 2009, 10:45:13 PM »

Quote from: jason on February 28, 2009, 10:37:34 PM

Hrmm it sounded to me like he was talking about putting false info into the monitoring end of the system. I imagine that there are several ways that this be approached though...

In a fictional sense, the attackers want to disable security for what reason? To rob some banks? houses? corporations?

Which is easier for them?

Crack the perimeter of what is most likely a hardened computer network, to mess with their servers, software, risk being caught, logged, etc?

Do the above without any direct attacks against the company network, but must have access to the physical locations they are attacking?

It all depends on the context =)


	Logged

GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/

jason

Hero Member

Offline

Posts: 1012

Re: New Member - Looking for Information

« Reply #8 on: February 28, 2009, 10:49:58 PM »

Yup, it would depend on the ultimate goal. If you were doing it to compromise the security of a few or a single location, it would make more sense to tweak things at the site(s). If you were going to do this over many sites in order to do something like discredit the monitoring company, it would make more sense to go after the servers.


	Logged

Pages: [1] Go Up

« previous next »