Archive for October 2017

Charting Hacker Hangouts From BBS To Slack

Where have all the grey hat hacker forums gone?

Grey hats were always a valuable part of the hacker community. They may sometimes cross ethical lines, but unlike black hats they’re in it to learn, not to make money. A black hat might intend to steal credit cards and resell them online. A grey hat is just interested in smart new ways to gain network access.

Back in the day, before you could buy Hacking for Dummies at your local Indigo store, even basic hacking knowledge was a valuable commodity. There were places online, where grey hats would hang out and trade it. They were forums dedicated to the pursuit of knowledge, where the more advanced would mentor newcomers in the finer arts of system manipulation. They were places like The Works BBS.

The Works was a bulletin board system that started purely as an exchange board for text files, but which eventually allowed tech enthusiasts to talk to each other. It was here that Chris Wysopal, SecTor speaker and co-founder of l0pht, met his crew.

“I met the soon to be l0pht people there and cDC [Cult of the Dead Cow] folks there. It was a real community.  It morphed into the 2600 meetup community where we would meet up once a month in Cambridge, then later Boston,” he says.

Early hacker BBSs had their faults. They only had so many connections, meaning that participants might find themselves dialing a telephone number several times as they competed for time on a host machine. Despite that, the BBS movement had its cultural advantages.

“The early hacking BBSs were more of a tight-knit community because they were area code-based,” says Wysopal. “It cost money to make long-distance calls, but most people had unlimited plans for local numbers. “Phreakers could call long distance for free, but they still would hang out at a local BBS with their community. People used to call their neck of hackerdom by the area code.  I was a 617er.  NYC folks were 212s.  A famous early band of hackers was the 414s.”

Brian Bourne, co-founder of SecTor, spent a lot of time on BBSs in the early days. They were often invitation-only, and were therefore a haven for grey hats eager to exchange ideas, he says. Then, there was Internet Relay Chat (IRC).

“Law enforcement had no idea what a BBS was, never mind IRC!  So even though IRC channels were a bit harder to police membership and keep unknown folks out, we would share ideas with impunity,” he says.

Full article at source:

‘The nail in the coffin’: Russia’s top cyber-firm may have made a ‘catastrophic’ mistake

Investigators believe that software from Russia’s top cybersecurity firm, Kaspersky Lab, was involved in a theft of top secret National Security Agency intelligence outlining how the US hacks its adversaries, The Wall Street Journal reported Thursday.

And depending on what was stolen, the breach could spell catastrophe for the company.

According to the Journal, an NSA contractor stole and downloaded onto his personal computer highly classified details about how the US penetrates foreign computer networks and defends itself against cyberattacks. (The Washington Post reported the person was not a contractor, but an employee working for the NSA’s elite hacking division known as Tailored Access Operations.)

Russian hackers then stole that intelligence by exploiting the Kaspersky antivirus software the contractor had been running on his computer.

The breach wasn’t discovered until spring 2016, according to the Journal and The Washington Post — nearly one year after the hackers are believed to have gained access to the intelligence.

Kaspersky has denied any involvement in the theft, and it is unclear whether the hackers stole code or documents from the contractor. The latter would prove far more damning for Kaspersky, experts say, especially as it stands accused by the US government of being a tool of the Kremlin.

“Ultimately, this will come down to what was stolen from the computer,” said David Kennedy, a former NSA intelligence analyst who founded the cybersecurity firm TrustedSec.