Is your ISP well protected?
By Vladimir Golubev
Date: May 26, 2003
Quantity of web-servers grows, and companies taking service of a Web-hosting into own important information should to learn what protection means are used by this Internet-provider. All ISP (Internet Service Provider) assert that protect information reliably, however in actual fact used security means can be found not so reliable, and information of corporate Web-sites becomes property of hackers.
Who can track down and catch a hacker better, than the same hacker? A certain Internet-provider giving in rent Web-sites thinks so. So it has invited the hackers known under nicknames Mage and Weld, from the Boston group l0pht. They have been invited to analyze a case of illegal intrusion. So they have found out the following. A certain malefactor has found that in one of the companies which are included in list Fortune 1000 was the client of mentioned ISP and its default settings appeared badly configured. Thus hacker has used this vulnerability and put "trap" in a Web-server.
Hacker has tracked actions of the system administrator of a company-victim when he entered on a Web-server to check up some files. Hurrying up to return to a corporate local network, he has not used "logoff", and has typed password, having done "hole" in a firewall. With the help of program "Sniffer" the malefactor has provided electronic identity to himself, and got access to the main server of corporations.
It is not clear, what exactly was the purpose of a hacker - to steal the initial codes, the executed module of the program or just to enjoy "victory". It is obvious only, that his actions are the elementary script, which allows to avoid firewalls and other means of protection ISP. Mage and Weld think so and use own hacking experience in research and testing systems.
Compuetr Crime Research Center
^macro[showdigestcomments;^uri;Is your ISP well protected?]