Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: True tales of (mostly) white-hat hacking

Roger A. Grimes | July 23, 2013
Stings, penetration pwns, spy games — it's all in a day's work along the thin gray line of IT security.

Within a few hours, I had successfully tracked and documented the new vulnerability. I sent a copy off to Microsoft and a few of my antivirus friends for more analysis and response. I lost any chance of getting any sleep before my vacation, and I remember driving way more tired than I should have.

The incident didn't end there. I contacted the originator of the email and gave him some ill-achieved props. I had noticed he was bragging about his exploit on an IRC hacker channel and spreading his creation to dozens of websites. I told him that Microsoft was working on a fix and all the AV companies were releasing signatures. Needless to say, he wasn't happy.

He then tried to hack my personal computer network, having acquired the IP address from his initial backdoor Trojan. He launched every malicious attack anyone could think of at the time, including DDoS attacks. When he couldn't break into my network, he began attacking people and companies I did business with, using my IP address. For example, the hacker was successful in getting Apple to ban my IP address from connecting to its networks, preventing me from picking up new music from iTunes. No amount of emails with Apple would fix the problem, and eventually I was forced to get another IP address from my ISP.

I investigated the hacker, reading emails he had posted in a few hacker forums and on legitimate websites. What I found was that he was an overly zealous high school kid in the Midwest who thought he was a better hacker than he really was. Even "his" zero day was created by someone else. He just passed it along and claimed credit.

After a few more weeks of computer attacks, I sent him an email asking him to stop. He was surprised I had his email address. I responded with his real name, high school, and mailing address. I politely asked that he stop hacking me. He responded by launching even more attacks and attacking more companies using my new IP address. He was getting annoying. It was time to turn the tables.

I figured out what firewall he used to protect himself. I remembered having seen that it had recently had a remote buffer overflow announced in a public forum. This next step probably isn't legal, but I used the buffer overflow to break into his computer. I created a batch file with commands that would format his hard drive the next time he rebooted, except I remarked out (REM'd) the lines so they would not take affect. I then sent him an email and told him of this "kill" batch file that I had placed on his local hard drive.


Previous Page  1  2  3  4  5  6  7  8  Next Page 

Sign up for Computerworld eNewsletters.