-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Shawn wrote: > Watch the news in the next bit. There was a VERY significant hack > revealed DURING DefCon. In a nutshell, they > "hijacked the Internet - no really". It was significant enough that an > unscheduled presentation was put together for this. > > In the middle of DefCon, they were able to capture ALL, (seriously I > mean ALL!) traffic on the DefCon network, reroute it to go through New > York, and back to DefCon. Without anyone noticing. In an almost > untraceable manner. The traceable part would take an incredibly keen > eye to see the one or two hints in a trace route. > > Think about that. Approx 9000 hackers, actively stressing the network. > The most hostile network there could be. And not a single one of them > noticed they themselves were hacked in the midst of the event.... > > And it was all triggered by a single email message. (disclaimer - I > *think* that was the mechanism) No "exploits" needed.... and it wasn't > even a social engineering thing. > > The implications are kinda staggering. They chose to only affect the > DefCon network. They could have very easily done the same to say, > Google. MicroSoft, Dell, etc. And then blocked or modified any traffic > they wanted. > > That was a VERY cool thing to see. > > If the news isn't released before the next meeting, we'll give a few > more details. (we being one of the 4 of us who made it to DefCon this year)
Their upcoming presentation at NANOG (The North American Network Operators' Group) in October will have even more detail. The short short version. They changed the route to and from the Defcon network to pass through their New York office. They then simply captured the traffic with pcap/tcpdump. Unencrypted emails and the like were then easy to sift through. The "hack" was a combination of social and technical techniques that are not all that complicated, once you understand which organizations are involved and the technologies used. It should also be noted that this is not something that you can do from your basement (well you could, but you don't have the bandwidth to pull this off without getting noticed) and not something you can really defend against, apart from making sure all of your traffic is encrypted (though since they could easily capture all of your traffic, they could do an offline attack and brute force the encryption scheme, so high quality ciphers are a must). This presentation had John's name all over it. 'Tis a shame you were not able to make it. > > Shawn > > ps, hope I got the hints right... They were talking about networking at > a level I've rarely had the opportunity to hear about, never mind > implement. John, I think you know all the details needed to do this. > It's much closer to your level of work, I think. > > pss. hmmm. Now as I write this up, I'm beginning to wonder if this may > have been misdirection.... If nothing else, DefCon shows you that the > paranoid are not being paranoid enough!... lol > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIobTlwRXgH3rKGfMRAnyFAJ9vwvd3gkDwM9oOo0gk9NpJQCWSigCfe0dj mjJYUrM4osIlUr3uG1+T8Jc= =t8MR -----END PGP SIGNATURE----- _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
