The Question and Answer Board

[Anthony M]

3 point shot....

http://www.gcwf.com/articles/journal/jil_sept00_1.html

Example of a "Root-Access" Hack

The objective of this hack is to obtain a higher system privilege than in a user-level attack, or in other words, to get the manager's "all access keys." The first part of the hack entails getting access to the password files. The second part is cracking the password or taking advantage of a server "bug" that will allow access to the more privileged "root" level. Once at the "root" level, the hacking goal can be achieved, whether it is planting a Trojan,93 obtaining sensitive files, downloading the system password files, stealing stored unencrypted credit card numbers, etc. The third part of the hack is covering the intrusion tracks and installing a "backdoor" that will allow future access. In this part, the system logs are modified to remove traces of the attack. Once these three steps have been achieved, the hacker is considered to "own" the system.


MORE INFORMATION...

[A]mends 18 U.S.C. § 1030(a)(4) to ensure that felony-level sanctions apply when unauthorized use, or use in excess of authorization, is significant. Hackers, for example, have broken into computers only for the purpose of using their processing programs, sometimes amassing computer time worth far more than $5,000. The bill would penalize those whose trespassing, in which only computer use is obtained, amounts to greater than $5,000 during any one year period. Companies should not be stuck with the bill for electronic joyriders. Although they may not damage or steal information, hackers who browse through computer systems are a significant liability to businesses who must pay for a new security system, and the expensive time the hacker used. 98





A. MarketFusion