Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
Vranesevich
countered by getting the cooperation of Internet backbone providers
to trace the attacks back to their source and cut the perpetrators
off from the Internet. (We aren't making public the identities
of the owners of the attacking computers because in many, perhaps
all cases, they were unknowingly hosting the criminals who ran
the attacks.)
Vranesevich was outsmarting the criminals - whoever they were
-- at every turn. It was becoming obvious that computer crime
was not the way to run Vranesevich out of business.
Enter Brian Martin. "Martin, who admits to some malicious
hacking in his past but says he has been an above-board security
consultant for years, is a member of Attrition.org,
a hacker group that has spearheaded an effort to discredit Vranesevich."
- "Tracker of Hackers
Goes from Friend to Foe," Matt Richtel, New York Times,
October 8, 1999
Martin was soon to prove himself a master of social engineering.
At first he had tried simply posting elaborate allegations against
Vranesevich on his Attrition.org web site. When this didn't seem
to harm him, Martin came up with something novel. He put up links
to Antionline from his Attrition.org web site. But these were
no ordinary links. Following is an example of these links:
http://www.antionline.com/cgi-bin/phf-is-really-ereet/../
this_is_friendly_greetings_from_ATTRITION.ORG/../giving_you
_the_link_you_deserve/../visit_www.attrition.org/negation/
../pass_us_some_hacker_profiler_$DATA_please/../and_have_a
_nice_day/../how_do_you_like_them_apples_mr_vranesevich?/
../and_it_always_amazes_us_that_the_href_buffer_is_so_big_
because_only_monkey_sites_use_urls_this_long/../phf_php_
search_dig_campus_faxsurvey_wguest_guestbook_anyform_cgitap
_query_cgiwrap_glimpse_lasso_dbadmin_nph-test-cgi_www-sql_
count.cgi_man.sh_info2www_web.sql_and_textcounter.pl_are_all
_vulnerable_cgi_programs_you_should_be_searching_for/../imagine_
each_click_through_adding_a_full_1k_to_your_logs_this_would_
make_a_fun_web_harassment_program--there_you_go_your_next_claim
_to_fame_since_you_like_DoS_attacks/../no_hard_feelings_i_hope
--i_just_wanted_to_link_to_your_site_so_people_could_use_your_
security_portal_and_this_beats_mailing_you_about_it--consider_
this_like_stealth_communications_or_something/../before_i_forget
_my_cat_says_meow--he_doesnt_really_like_you_though--the_world_
antionline_makes_him_bite_me_as_if_it_is_poison_to_his_ears/..
/but_i_bet_youll_use_ereet_border_router_technique_to_filter_
attrition_traffic_since_we_are_a_temple_of_hate_you_plagiarizing
_fool/../if_you_havent_already--shoot_yourself_in_the_head_and
_save_us_from_your_crappy_editorials/../oh_and_one_more_thing--
lay_off_the_drugs_you_fucking_criminal/../confessing_to_crimes
_on_a_public_warez_site--we_still_cant_get_over_the_stupidity_
of_that/../of_course_you_can_add_all_this_to_your_profile_of_
the_attrition_thugs_that_you_will_sell_the_feds_you_narcbait/
../second_war_in_heaven<--from_a_movie_im_watching/../oh_the
_healing_power_of_nachos_lemme_tell_you/../its_amusing_being
_right_and_watching_someone_else_be_wrong--you_end_up_laughing
_at_them_a_whole_lot_kinda_like_we_do_with_you/../--/hope_all
_your_dates_with_meinel_went_really_well_too--just_dont_get_
married/../dipshit.html
The above URL was all one line. So every time people clicked
on it, they got both a no such URL message, and the entire long
URL was added to Antionline's security logs as a hack attempt.
The URL also contained strings such as nph-test-cgi, which trigger
intrusion detection systems. These had the effect of running
the CPU usage to near 100% on the intrusion detection computer.
Several other hacker web sites, such as Ken Williams' former
site at http://packetstorm.genocide2600.com,
also set up these links.
More on social engineering -->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to
Ask --->
