Ever wondered what goes on in the mind of a hacker? Sten Kalenda reveals all
I wrote my first hack by accident. I was working as a programmer on a large mainframe, made a programming error and something strange happened. At the time I didn't understand just what had happened and as I was in hurry I corrected the program and finished my job.
Afterwards I took a look at the (old) buggy code. What had happened was a buffer overflow. A computer program contains code and data. The code is the instructions, like 'beep', 'print this line on the printer', and so on. The data is the program's input and output: name, address, for example. What I'd accidentally done was move some very long data into a limited memory space, overwriting the reserved data buffer and putting rubbish in the code area.
Usually a computer crashes the moment it tries to run code damaged by data, but by pure accident my data had contained two bytes of data that was executable code, so the computer executed two instructions I'd never coded... and immediately crashed. Realising I was able to execute instructions with carefully crafted data, I wrote an 'exploit' program.
As a programmer I had limited access to the test and development computer - a large mainframe virtually identical to the production box. My exploit program could fool it into thinking I had administrator rights. In other words, I owned the computer. If it had been a production machine I could have added several zeros to my salary! OK, so it wasn't a production machine, but, hey! I'd cracked a mainframe!
I did some checks to be sure I could do anything, then asked a colleague to log in. When he did I was able to kick him off the system. The feeling was amazing! It felt like driving a sportscar, controlling all that power by gently pressing the throttle. A hacker nowadays might say something like "Cool! Wow!" Back then I crowed "Yellow!" The sensation of owning a computer without knowing the password of the superuser was incredible.
After a couple of hours, a computer room operator sent me a console message to remind me to log off before the scheduled backup and maintenance routines took place. I sent a message back - which was when I made my mistake. When an ordinary user sent a message, it had to contain a username as recipient. I was so excited I forgot to add the recipient's name, and as I had superuser privileges my message went out to all users on the system.
It was then that somebody in the computer control room realised what privileges I must have had to do this. He came to my room and found me writing a report on what I'd found. He wasn't amused but explained that as the data was checked between every program run, if I'd changed, say, my salary, it would have been discovered. The checksums were kept offline, so even superusers couldn't alter them.
We reported the problem to the manufacturer, which came up with a patch that stopped my exploit program working. A few days later I started figuring out a new attack. The difference this time was I'd agreed to say when I was going to try and hack in. During my attacks, there was always someone else with me. For the last six years I've been an ethical hacker. But even after all these years, it still gives me a real buzz.
What I've learned is that a proper security policy, procedures and practices will always limit the damage hackers can cause. So:
- Have a good secure use policy
- Get someone to look closely at system logs
- Do checksums for important apps and data
- Install all relevant patches on your system
- Check your systems frequently for bugs
If you can tick off this checklist, you'll sleep easier at night.
Sten Kalenda is an ethical hacker at Dutch security specialist PinkRoccade Megaplex (megaplex.nl)