Reply to post: Re: A decade of poor configuration

College PRIMOS prankster wreaks havoc with sysadmin manuals

Alan Brown Silver badge

Re: A decade of poor configuration

"You could also trivially run your prank from another computer again to leave a false trail in case someone investigated: a local area version of the CIA routing an attack to come from China or Russia."

Try explaining THAT to a journalist and you get blank stares. They very much work on "XYZ says the attack came from russia, therefore it must be so"

In one case I got mixed up in, the culprit was a spotty overgrown 14yo (he was actually in his mid 20s, just never grew up) who would bounce attacks all around the world so that he couldn't be traced - forgetting that if you don't want to be traced, you don't behave like an ass in other areas (mainly IRC) and get the direct attention of the organisations you're targetting. (yes, there was a lot of monitoring of the "hacking" channels to see who was boasting of what and it doesn't matter if you bounce through a bunch of proxies when certain orgs keep logs, watch where you first started showing up on the net from and note social network structures (these always giveaway name changes eventually) plus language syntax (it's hard to fake your origins for very long))

IRC was a great educator as to how attacks were being performed (including social motivations) and a good canary of what was coming down the pipeline.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020