Network Security Specialist Iain Sims tells David Darmanin how easy it is to crack into some networks
British network security specialist Iain Sims says he was surprised to learn that amateurs were behind the passwords theft at MITTS, although cracking Microsoft systems is relatively easy.
“Cracking Microsoft systems is a very diffused practice around the world and it’s relatively easy. It is up to the people responsible for a network to ensure that the necessary precautions are taken for third parties not to penetrate a system,” he says.
The Cairo mystery
Agreeing that the finding of hacking software installed on a computer in Cario’s Malta embassy seems peculiar, Sims said: “There could be several possibilities on why the software ended up there, but it could be that Cairo was cracked into and the programme was uploaded remotely. This could have happened for one of two reasons. First of all, offenders tend to use far off units in order to deflect attention so as to prevent getting caught. Secondly, the offenders could have come across a PC with weak security to create a pathway into the entire network, so they could have used Cairo as a hopping board. The second reason I can think of is that the system in Cairo could have been more vulnerable, with weaker security and therefore more susceptible to illicit entry.”
Passing through firewalls
Many times, cracking into a network over internet would primarily entail the creation of a path through its security system, more commonly called a “firewall”.
“A firewall is like a gate protecting your computer. Some gates are more vulnerable than others, so they would be easier to break open,” he explained. “But when a path is created through a firewall this is usually due to the irresponsibility of the users rather than the proficiency of the hackers. Let me give you an example. Have you ever been tempted to download a moving screensaver with pictures of some cute kittens? Well, the programme enabling the screensaver software could very well carry a Trojan, or a similar virus, which when activated will create a path between the cracker’s system and yours, through your firewall. It could be that a fourteen-year-old boy on the other side of the world created this as a prank and accessed thousands, if not millions of random computers. Who am I to rule out that three MITTS computers could have got infected through the same source? Out of curiosity, the prankster may have accessed the government’s network and stolen the passwords.”
Deciphering passwords
Just by breaking through a firewall, offenders will not be able to transfer software onto the victim’s computer. A username and password is required.
“Getting through this next stage is not difficult at all,” he said. “From the web, one may easily download a guide on how to crack a password.”
Producing a printout of one such guide, Sims also outlined the list of software needed to overcome the username and password hurdle.
“One example of accessing a system illicitly is by what we call ‘brute force attack’,” he explained. “On the Malta government system, I know that I am likely to find a username called ‘administrator’, so I’m already half way in. With regards to passwords, there are entire lists available on internet wherein the most common passwords are compiled. Commonly, passwords are the same as the username, or are dictionary words or proper names. In a good number of cases, the password could be simply ‘password’. Again, on internet, you will be able to find lists with tens of thousands possible passwords compiled purposely for this process. After getting hold of this list, you will need to download another programme. This programme is intended to take in the possible passwords featured on the list as ammunition and literally bombard the victim’s computer until the right one is matched.”
Service exploits and RDP hacking
Another way of breaking into a network is by means of what is termed a “service exploit”.
“A lot of programmes are not perfect, they would have subtle defects which although its publishers could find a way to arrange, not all users bother to upgrade and repair the problems,” he said. “Again, there are guides on the net which indicate what these vulnerabilities are – similar to a reviewer stating that a specific car, of a specific year, would have its wheels drop if a corner bend is taken at 60mph. Offenders will drive the programme to its defective points if they want these defects to come out. Once these vulnerabilities are exposed, offenders will get in ‘through the window’. It is perfectly possible to see what programme a remote computer is using. All you need is to work a telnet connection available on every modern Microsoft package.”
By using Remote Desktop Protocol, again a common standard feature on modern computers, one may access directly the username and password window of another computer.
“This way, you can have direct access to the victim’s screen, and literally control his PC from yours,” he said.
Internal breaches
Judging from Austin Gatt’s speech in parliament, the MITTS security breach is likely to have originated internally.
“Ultimately, the responsibility lies on whoever allowed this to happen,” he said. “MITTS have very strict security policies, but setting a policy is one thing and ensuring that people respect them is a completely different story. It has been reported that MITTS staff overheard usernames and passwords being exchanged, and this is a big no no. I am sure MITTS are aware that 80% of security breaches occur internally. All you need is a disgruntled employee, a curious one, or one who doesn’t give a toss. Whatever happened, one can safely say that whoever did this, did not care about getting caught, or had no idea of how to smoothly crack into a system. A professional, who would be contracted to enter a system maliciously will usually make sure not to get caught.”
ddarmanin@mediatoday.com.mt
PRINT THIS ARTICLE
