Friday, January 21, 2005
Busted!
The thrill of being the secondary supervisor had almost disappeared six months later. The job of deleting unwanted files became more and more boring and I decided to delegate responsibility. I could tell Bond to do this whenever disk space got scarce. Bond was my best friend, one of the original hackers. He was extremely tall and emaciated. There was a joke that God had used 2D CAD to design him and that was why nobody could see him from the side. Bond was probably the only guy who didn't have a single enemy in the whole world. The greatest thing about Bond was that he could write a program to do anything you tell him to, eventhough only he could figure out how it worked. He had a compulsion to replace the first vowel of every variable with an underscore. After taking some advice from Anjum, he kicked this habit. He had written some wonderful programs, one of which looked like DOSSHELL slightly enhanced and another which was a mailing system on Novell. Bond knew about DIAGS. I had told him that in case he wanted SUPERVISOR access, he could ask me to login to DIAGS. I granted all rights except parental to all volumes except OFFICE, which contained
sensitive administrative information and SYS, which everybody had only read access anyway. I told Bond that he should delete unwanted files when real estate prices increased. Later I also told it to Spasm and Anjum.
A week later, when I logged into HACKERS, I found that the password had changed. We had a system for letting other hackers know about changed passwords. We would encrypt the new password using the old password as the key and store it in a file called NEWPASS. The file's name and location was standard, placed in the Hackers' TOOLS directory, which had read access to everybody. Thus anybody could see the encrypted password, but had to know the previous password to decrypt the new password.
I logged in to CS8, a general account for eigth semester Computer Science students and tried to decrypt the new password. I got garbage. I found out that whoever changed the password had forgotten to update NEWPASS. I looked at my watch. The time was 7:45am. I would have to wait until one of the other guys come. The hackers began to come one by one but no one knew the password. I thought I could simply login to DIAGS and fix the problem, but decided against it. We all went to the admin to request a change of password.
Bond said: "Ma'am, we can't login. One of us must have changed the password and-"
"I know. It was I who changed the password," she interrupted, "You have access to everything in the network. How did you get it?"
"Not all ma'am, all except OFFICE and SYS volumes," I wanted to clarify but I kept quiet. Better to act innocent until proven guilty beyond doubt. "What rights ma'am?" I asked with as an innocent expression as was possible.
"I checked your access rights and saw that you had rights to the entire LAN. I immedeately changed your password."
"We don't know anything about it."
"Then how did you copy that package?"
"Package? What package?" I asked, totally confused.
Bond suddenly started talking. "Ma'am, we logged in to CS8 and granted rights from there. That was how we could copy the package."
I realized that this was something I didn't know, it was better for me to remain silent and let Bond explain everything. Bond and Anjum explained how they logged into CS8, granted rights to HACKERS, logged into HACKERS, copied the package, replaced it with a dummy executable and gave Read/Open/Search rights from the copy. They clearly stated that the rights she was talking about were absolutely unneccesary to do what they had done.
"But how did you get the rights?"
"Only the supervisor can grant rights ma'am. Am I right?" I asked
"Yes."
"Then one of the people who has the password must have given it."
"But only I and one other person know the password and neither of us have done it."
"Then it obviously means that someone else has the SUPERVISOR password." I said with an air of certainity, in the manner of making a brilliant deduction.
"Impossible, there are no leaks."
"Ma'am, is there any sign of damage? Any files missing or altered?" I asked.
"Doesn't look like it, but we are checking."
"This problem has a simple solution ma'am," I said "REVOKE the offending rights and change the SUPERVISOR password. And that way everybody's happy."
She then went on to explain that they had a lot of sensitive information on the LAN and they trusted thier students. We should not take advantage of this, etc. etc. (The entire speech is beyond the scope of this book.) She changed our password and we went back to work.
I called Bond aside and asked him "What was all that about some package?"
Bond giggled and told me what had happened. Somebody (possibly one of the staff) had brought some package and wanted to work on it. Since the SUPERVISOR password was not known, it was installed in CS8, which was a general account. Now it so happened that Anjum came across it and was surprised to see it installed in a general account, liable to get deleted when disk space became scarce. He decided to move it to the HACKERS account and give access from there. He also wrote a dummy program and put
it in place of the original. On the first execution, the dummy package would print a message like "Are you crazy to install this in a general account? Run again to execute." Subsequent executions would load the original file. Anjum had reasoned that the one who put there would definitely read the message.
It so happened that whoever had installed it was surprised to see the message and even more surprised to see that the program worked perfectly the second time onwards, although there was only one batch file in the directory. This strange behaviour was reported to the admin who began to search for the original files. They found it in our directory and wondered how we had copied across accounts. They checked our rights and found that we had rights everywhere. Our password was immediately changed.
Now the admin had been alerted and started checking all accounts for offending rights. If they went through all the accounts, they were sure to find out who had given HACKERS their rights. I could have removed the SUPERVISOR equivalence of DIAGS. This would keep it above suspicion but it would turn into yet another account. I might never become SUPERVISOR again. Unless the password of FOCUS is unchanged. I tried to login to FOCUS but the password had changed. Not surprising, since the password I knew was six months old. I decided against changing DIAGS. After all, they
might only be looking for rights, not equivalences. And maybe it would be better for them to find DIAGS, fix it and forget it. Otherwise, they would keep on searching, always on alert. It might cause problems if I became SUPERVISOR again. When there is no apparant security breach for a long time, people tend to become less careful.
A couple of days later Bond came and told me that he had heard the admin talking about DIAGS.
"What exactly did you hear?" I asked him.
"I overheard the admin talking. They had loaded SYSCON, I could see the screen. They said something like 'DIAGS wasn't here before...' I'm not exactly sure."
I knew that DIAGS had it's days numbered. True to my fears, they soon changed it's password. I thought that it didn't matter, since I rarely used it. A few days later, there was no account by name DIAGS. I did not feel a need for it, except on an emotional level.
I buried myself in a network game I was writing and tried to forget about DIAGS.
sensitive administrative information and SYS, which everybody had only read access anyway. I told Bond that he should delete unwanted files when real estate prices increased. Later I also told it to Spasm and Anjum.
A week later, when I logged into HACKERS, I found that the password had changed. We had a system for letting other hackers know about changed passwords. We would encrypt the new password using the old password as the key and store it in a file called NEWPASS. The file's name and location was standard, placed in the Hackers' TOOLS directory, which had read access to everybody. Thus anybody could see the encrypted password, but had to know the previous password to decrypt the new password.
I logged in to CS8, a general account for eigth semester Computer Science students and tried to decrypt the new password. I got garbage. I found out that whoever changed the password had forgotten to update NEWPASS. I looked at my watch. The time was 7:45am. I would have to wait until one of the other guys come. The hackers began to come one by one but no one knew the password. I thought I could simply login to DIAGS and fix the problem, but decided against it. We all went to the admin to request a change of password.
Bond said: "Ma'am, we can't login. One of us must have changed the password and-"
"I know. It was I who changed the password," she interrupted, "You have access to everything in the network. How did you get it?"
"Not all ma'am, all except OFFICE and SYS volumes," I wanted to clarify but I kept quiet. Better to act innocent until proven guilty beyond doubt. "What rights ma'am?" I asked with as an innocent expression as was possible.
"I checked your access rights and saw that you had rights to the entire LAN. I immedeately changed your password."
"We don't know anything about it."
"Then how did you copy that package?"
"Package? What package?" I asked, totally confused.
Bond suddenly started talking. "Ma'am, we logged in to CS8 and granted rights from there. That was how we could copy the package."
I realized that this was something I didn't know, it was better for me to remain silent and let Bond explain everything. Bond and Anjum explained how they logged into CS8, granted rights to HACKERS, logged into HACKERS, copied the package, replaced it with a dummy executable and gave Read/Open/Search rights from the copy. They clearly stated that the rights she was talking about were absolutely unneccesary to do what they had done.
"But how did you get the rights?"
"Only the supervisor can grant rights ma'am. Am I right?" I asked
"Yes."
"Then one of the people who has the password must have given it."
"But only I and one other person know the password and neither of us have done it."
"Then it obviously means that someone else has the SUPERVISOR password." I said with an air of certainity, in the manner of making a brilliant deduction.
"Impossible, there are no leaks."
"Ma'am, is there any sign of damage? Any files missing or altered?" I asked.
"Doesn't look like it, but we are checking."
"This problem has a simple solution ma'am," I said "REVOKE the offending rights and change the SUPERVISOR password. And that way everybody's happy."
She then went on to explain that they had a lot of sensitive information on the LAN and they trusted thier students. We should not take advantage of this, etc. etc. (The entire speech is beyond the scope of this book.) She changed our password and we went back to work.
I called Bond aside and asked him "What was all that about some package?"
Bond giggled and told me what had happened. Somebody (possibly one of the staff) had brought some package and wanted to work on it. Since the SUPERVISOR password was not known, it was installed in CS8, which was a general account. Now it so happened that Anjum came across it and was surprised to see it installed in a general account, liable to get deleted when disk space became scarce. He decided to move it to the HACKERS account and give access from there. He also wrote a dummy program and put
it in place of the original. On the first execution, the dummy package would print a message like "Are you crazy to install this in a general account? Run again to execute." Subsequent executions would load the original file. Anjum had reasoned that the one who put there would definitely read the message.
It so happened that whoever had installed it was surprised to see the message and even more surprised to see that the program worked perfectly the second time onwards, although there was only one batch file in the directory. This strange behaviour was reported to the admin who began to search for the original files. They found it in our directory and wondered how we had copied across accounts. They checked our rights and found that we had rights everywhere. Our password was immediately changed.
Now the admin had been alerted and started checking all accounts for offending rights. If they went through all the accounts, they were sure to find out who had given HACKERS their rights. I could have removed the SUPERVISOR equivalence of DIAGS. This would keep it above suspicion but it would turn into yet another account. I might never become SUPERVISOR again. Unless the password of FOCUS is unchanged. I tried to login to FOCUS but the password had changed. Not surprising, since the password I knew was six months old. I decided against changing DIAGS. After all, they
might only be looking for rights, not equivalences. And maybe it would be better for them to find DIAGS, fix it and forget it. Otherwise, they would keep on searching, always on alert. It might cause problems if I became SUPERVISOR again. When there is no apparant security breach for a long time, people tend to become less careful.
A couple of days later Bond came and told me that he had heard the admin talking about DIAGS.
"What exactly did you hear?" I asked him.
"I overheard the admin talking. They had loaded SYSCON, I could see the screen. They said something like 'DIAGS wasn't here before...' I'm not exactly sure."
I knew that DIAGS had it's days numbered. True to my fears, they soon changed it's password. I thought that it didn't matter, since I rarely used it. A few days later, there was no account by name DIAGS. I did not feel a need for it, except on an emotional level.
I buried myself in a network game I was writing and tried to forget about DIAGS.
Subscribe to Comments [Atom]
