Interesting Hacking Techniques

Interesting hacking techniques of different well know/hidden hacking

groups

Atiya Sharf 10/2/17 Penetration Testing

Interesting Hacking Techniques
Jonathan James
The story of Jonathan James, known as c0mrade, is a tragic one. He began hacking at a young age,
managing to hack into several commercial and government networks and being sent to prison for it
all while he was still a minor. James eventually hacked into NASAs network and downloaded enough
source code assets equalling $1.7 million to learn how the International Space Station worked.
NASA had to shut down its network for three entire weeks while they investigated the breach,
costing an additional $41,000.

In August and October 1999, c0mrade entered the computer network run by the Defense Threat
Reduction Agency, whose mission is to reduce the threat from nuclear, biological, chemical,
conventional and special weapons to the United States. By entering through a router in Dulles, Va.,
and installing a back door for access, he intercepted DTRA e-mail, 19 user names and passwords of
employees, including 10 on military computers.

Source: http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-happened-
to-them/

Hackers Cripple Twitter

Hackers slowed Twitter to a standstill early on Aug. 6, frustrating millions of users. For the culprits,
all it took to snarl the popular social-networking site was one of the oldest tools in the Internet
hacker handbook: the distributed denial-of-service attack (commonly shortened to DDoS.

DDoS attacks are surprisingly low tech. Using a network of computers (dubbed zombies) controlled
by a single master machine, the hacker tries to overwhelm a website's servers. It's a brute-force
approach the network of hacker-controlled computers floods the server with requests for data
until the server overloads and comes crashing down. Graham Cluley, a computer security
expert, likened the attack to "15 fat men trying to get through a revolving door at the same time."
The attacks do no lasting damage user data aren't compromised, and the site isn't down for long.
Once the fat men stop rushing the doors, everything returns to normal.

Source: http://content.time.com/time/business/article/0,8599,1915003,00.html

Indian hackers 'release details of 1.7 million

Snapchat users' after app's CEO is accused of
calling India a poor country
Anonymous Indian hackers claim to have posted the personal details of 1.7 million Snapchat users
on the deep web, in response to the app's CEO allegedly calling India a "poor country". A
spokesperson claims to have uncovered "wide-spread, systemic failure in Snapchats internal
controls over its user data," meaning the company inflated figures such as its number of active users.

Source: http://www.independent.co.uk/news/world/asia/snapchat-hackers-india-poor-country-
release-data-ceo-claim-users-account-information-a7687651.html
The Ukrainian Hacker Who Became the FBIs Best
WeaponAnd Worst Nightmare
In 2004 there are so many breaches had hacked in the ukrainians hacker from VMwares karnel
code, that was used in hacking the code of vmwares instead of they access the FBIs mailing account
and hack some important mails. The hacker use this code for bargain. He demand $30,000. EMC
the vmware copany had quietly made a deal with Popov in 2005, he said, paying him $30,000 by
wire transfer and promising a second payment, of $40,000, in four years if the stolen VMware source
code didnt leak. He kept his part of the bargain. The code never leaked, and the fact that the
sensitive blueprints for VMware were in the hands of overseas hackers remained a secret from
customers and shareholders alike.

Source: https://www.wired.com/2016/05/maksym-igor-popov-fbi/

Albert Gonzalez (OPERTION GET RICH OR DIE

TRYIN)
Gonzalez started off as the leader of a hacker group called ShadowCrew. He stealing and selling
credit card numbers, ShadowCrew also fabricated fraudulent passports, health insurance cards, and
birth certificates for identity theft crimes. He paved his way to internet fame when he collected over
170 million credit card and ATM card numbers over a period of two years. He then hacked into the
databases of TJX Companies and Heartland Payment Systems to steal all of their stored credit card
numbers as well.

While in Kearny he was accused of being the mastermind of a group of hackers called the
Shadowcrew group, which trafficked in 1.5 million stolen credit and ATM card numbers.[5]Although
considered the mastermind of the scheme (operating on the site under the screen name of
"CumbaJohnny"), he was not indicted. According to the indictment there were 4,000 people who
registered with the Shadowcrew.com website. Once registered they could buy stolen account
numbers or counterfeit documents at auction or read Tutorials and How-Tos describing the use
of cryptography in magnetic strips on credit cards, debit cards and ATM cards so that the numbers
could be used.[6] Moderators of the website punished members who did not abide by the site's
rules, including providing refunds to buyers if the stolen card numbers proved invalid

Source: http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-
happened-to-them/

https://en.wikipedia.org/wiki/Albert_Gonzalez#ShadowCrew

Kevin Poulsen
Kevin Poulsen, also known as Dark Dante, earned his 15 minutes of fame by utilizing his intricate
knowledge of telephone systems. At one point, he hacked a radio stations (KIIS-FM) phone lines and
fixed himself as the winning caller, earning him a brand new Porsche. According to media, he was
the Hannibal Lecter of computer crime. He got himself onto the FBIs wanted list when he hacked
into federal systems and stole wiretap information. He was later captured in a supermarket (of all
places) and sentenced to 51 months in prison and a bill for $56,000 in restitution.

Source: http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-
happened-to-them/
Gang Cyber Crime Arrested For Infecting Over 1
Million Phones With Banking Trojan
The Russian Interior Ministry announced on Monday the arrest of 20 individuals from a major
cybercriminal gang that had stolen nearly $900,000 from bank accounts after infecting over one
million Android smartphones with a mobile Trojan called "CronBot." The gang even inserted the
malware into fake mobile apps for popular pornography websites. Once victims downloaded and
installed these fake apps on their devices, the apps added itself to the auto-start and the malware
hidden inside them granted the hackers the ability to phish victims banking credentials and
intercept SMS messages containing confirmation codes sent by the bank to verify the transactions.
"After installation, the program added itself to the auto-start and could send SMS messages to the
phone numbers indicated by the criminals, upload SMS messages received by the victim to C&C
servers, and hide SMS messages coming from the bank," writes Group-IB.

"The approach was rather simple: after a victims phone got infected, the Trojan could automatically
transfer money from the users bank account to accounts controlled by the intruders. To successfully
withdraw stolen money, the hackers opened more than 6 thousand bank accounts." The gang
usually sent text messages to the banks initiating a transfer of up to $120 to one of their 6,000 bank
accounts the group set up to receive the fraudulent payments.

The malware would then intercept the two-step verification codes sent by the bank to confirm the
transaction and block the victims from receiving a message notifying them about the transaction.

Source: https://the-real-hacker-news.blogspot.com/2017/05/gang-cyber-crime-arrested-for-
infecting.html#more

Robert Tappan Morris

Robert Tappan Morris picked up his knowledge of computers from his father Robert Morris, who
was a computer scientist at Bell Labs and later the NSA. Morris is credited as the creator of the
worlds first known computer worm. In 1988, he created the Morris Worm while a student at Cornell
University. The program was intended to gauge the size of the internet, but it had a flaw: computers
could be infected multiple times, and each infection caused the computer to slow down even more.
It rendered over 6,000 computers unusable.

Source: http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-
happened-to-them/

Operation Payback
It was a coordinated, decentralized group of attacks on high-profile opponents of Internet
piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation
to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to
launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on
major pro-copyright and anti-piracy organizations, law firms, and individuals.

Source: https://en.wikipedia.org/wiki/Operation_Payback

Hack PayPal Account in 2017

Hackers hack your PayPal account in 2017 with a phishing scam. The sent an email on your
registered account from paypal service and body of the email is your account has been limited until
we hear from you. when victim receive this email and try to login in Fake Paypal phishing
page then his Paypal login credential is in the Bad Hands it means he Has Been Hacked.!

Source: https://itechhacks.com/hack-paypal-account/

The Heartbleed Bug

Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols)
heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from
the server to the client and from the client to the server. Bugs in single software or library come and
go and are fixed by new versions. However this bug has left large amount of private keys and other
secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks
leaving no trace this exposure should be taken seriously.

Source: http://heartbleed.com/

Bypass Google's Two-Factor Authentication

Two-factor authentication is generally seen as the safest bet for protecting your Gmail account. But
a harrowing tale from indie developer Grant Blakeman, whose Instagram was hacked through Gmail,
reveals how not even two-factor authentication can beat every security threat. The attack actually
started with his cell phone provider, which somehow allowed some level of access or social
engineering into my Google account, which then allowed the hackers to receive a password reset
email from Instagram, giving them control of the account.

Source: https://gizmodo.com/how-hackers-reportedly-side-stepped-gmails-two-factor-a-
1653631338

Logjam
The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to
512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over
the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol
rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than
an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects
all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Source: https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html

Lenovo PCs ship with man-in-the-middle adware

that breaks HTTPS connections
Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions
and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to
carry out, security researchers said.

Source: https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-
in-the-middle-adware-that-breaks-https-connections/
Bibliography
https://www.dawn.com/news/1279013

https://www.documentcloud.org/documents/3031638-Select-Slides-FINAL-PMR-4-24-13-
Redacted.html

https://www.wired.com/story/hackers-gain-switch-flipping-access-to-us-power-systems/

https://qz.com/1084032/this-is-how-you-win-the-hearts-and-minds-of-colleagues-in-distant-time-
zones/

https://www.quora.com/search?q=Interesting+Hacking+Techniques

https://the-real-hacker-news.blogspot.com/2017/05/found-malware-uses-7-nsa-hacking-
tools.html#more

http://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-happened-to-them/

https://the-real-hacker-news.blogspot.com/2017/05/gang-cyber-crime-arrested-for-
infecting.html#more

https://thehackernews.com/2017/09/backdoored-hacking-tools.html

https://plus.google.com/u/0/+TheHackerNews/posts/Cv1ZoLdbbAd