[107759] in Cypherpunks
Trojan Horse tcp_wrappers, USIA hack, etc.
daemon@ATHENA.MIT.EDU (Ryan Lackey)
Fri Jan 22 14:05:26 1999
Date: Fri, 22 Jan 1999 14:42:36 -0400
From: Ryan Lackey <ryan@venona.com>
To: cypherpunks@algebra.com
Reply-To: Ryan Lackey <ryan@venona.com>
I think the recent trojan horse replacement of tcp_wrappers is a promising
(disturbing) sign that hackers are finally deciding to mount more
subtle attacks.
The recent attack on the USIA site, where it was replaced with a splash
page saying "Crystal, I love you -- Zyklon" is perhaps a good example of
the old style of hack. Obvious, easy to remove, etc. Even planting
a trojan horse on the site to recreate the damage doesn't make it that
much more effective -- it occurs at a time when the administrators are
unusually wary, and will soon replace the system from backups.
A more insidious attack, such as the replacement of a program with a slightly
modified version, if it can be done subtly enough that no one notices for
a while, or the modification of a news or information site's content. If
a stock ticker were compromised so it gave inaccurate data to users from
some sites (perhaps AOL), but not to the administrators of the site or
places likely to be able to debug the problem, it might go unnoticed for
weeks. Particularly if the error were somewhat random.
I'm somewhat surprised such attacks have not been more prevalent. Perhaps
the latest tcp_wrappers modification is the beginning of a new era.
What enables the wise sovereign and the good general to strike
and conquer, and achieve things beyond the reach of ordinary men,
is foreknowledge...
-- Sun Tzu
Ryan
