The Art of Intrusion
eBook - ePub

The Art of Intrusion

The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

The Art of Intrusion

The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers

About this book

Hacker extraordinaire Kevin Mitnick delivers the explosive encore to his bestselling The Art of Deception
Kevin Mitnick, the world's most celebrated hacker, now devotes his life to helping businesses and governments combat data thieves, cybervandals, and other malicious computer intruders. In his bestselling The Art of Deception, Mitnick presented fictionalized case studies that illustrated how savvy computer crackers use "social engineering" to compromise even the most technically secure computer systems. Now, in his new book, Mitnick goes one step further, offering hair-raising stories of real-life computer break-ins-and showing how the victims could have prevented them. Mitnick's reputation within the hacker community gave him unique credibility with the perpetrators of these crimes, who freely shared their stories with him-and whose exploits Mitnick now reveals in detail for the first time, including:

  • A group of friends who won nearly a million dollars in Las Vegas by reverse-engineering slot machines
  • Two teenagers who were persuaded by terrorists to hack into the Lockheed Martin computer systems
  • Two convicts who joined forces to become hackers inside a Texas prison
  • A "Robin Hood" hacker who penetrated the computer systems of many prominent companies-andthen told them how he gained access

With riveting "you are there" descriptions of real computer break-ins, indispensable tips on countermeasures security professionals need to implement now, and Mitnick's own acerbic commentary on the crimes he describes, this book is sure to reach a wide audience-and attract the attention of both law enforcement agencies and the media.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Art of Intrusion by Kevin D. Mitnick,William L. Simon in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2009
Print ISBN
9780471782667, 9780764569593
eBook ISBN
9780470503829
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1
Hacking the Casinos for a Million Bucks
Every time [some software engineer] says, “Nobody will go to the trouble of doing that,” there’s some kid in Finland who will go to the trouble.
— Alex Mayfield


There comes a magical gambler’s moment when simple thrills magnify to become 3-D fantasies — a moment when greed chews up ethics and the casino system is just another mountain waiting to be conquered. In that single moment the idea of a foolproof way to beat the tables or the machines not only kicks in but kicks one’s breath away.
Alex Mayfield and three of his friends did more than daydream. Like many other hacks, this one started as an intellectual exercise just to see if it looked possible. In the end, the four actually beat the system, taking the casinos for “about a million dollars,” Alex says.
In the early 1990s, the four were working as consultants in high-tech and playing life loose and casual. “You know — you’d work, make some money, and then not work until you were broke.”
Las Vegas was far away, a setting for movies and television shows. So when a technology firm offered the guys an assignment to develop some software and then accompany it to a trade show at a high-tech convention there, they jumped at the opportunity. It would be the first in Vegas for each of them, a chance to see the flashing lights for themselves, all expenses paid; who would turn that down? The separate suites for each in a major hotel meant that Alex’s wife and Mike’s girlfriend could be included in the fun. The two couples, plus Larry and Marco, set off for hot times in Sin City.
Alex says they didn’t know much about gambling and didn’t know what to expect. “You get off the plane and you see all the old ladies playing the slots. It seems funny and ironic, and you soak that in.”
After the four had finished doing the trade show, they and the two ladies were sitting around in the casino of their hotel playing slot machines and enjoying free beers when Alex’s wife offered a challenge:
“Aren’t these machines based on computers? You guys are into computers, can’t you do something so we win more?”
The guys adjourned to Mike’s suite and sat around tossing out questions and offering up theories on how the machines might work.

Research

That was the trigger. The four “got kinda curious about all that, and we started looking into it when we got back home,” Alex says, warming up to the vivid memories of that creative phase. It took only a little while for the research to support what they already suspected. “Yeah, they’re computer programs basically. So then we were interested in, was there some way that you could crack these machines?”
There were people who had beaten the slot machines by “replacing the firmware” — getting to the computer chip inside a machine and substituting the programming for a version that would provide much more attractive payoffs than the casino intended. Other teams had done that, but it seemed to require conspiring with a casino employee, and not just any employee but one of the slot machine techies. To Alex and his buddies, “swapping ROMs would have been like hitting an old lady over the head and taking her purse.” They figured if they were going to try this, it would be as a challenge to their programming skills and their intellects. And besides, they had no advanced talents in social engineering; they were computer guys, lacking any knowledge of how you sidle up to a casino employee and propose that he join you in a little scheme to take some money that doesn’t belong to you.
But how would they begin to tackle the problem? Alex explained:
We were wondering if we could actually predict something about the sequence of the cards. Or maybe we could find a back door [software code allowing later unauthorized access to the program] that some programmer may have put in for his own benefit. All programs are written by programmers, and programmers are mischievous creatures. We thought that somehow we might stumble on a back door, such as pressing some sequence of buttons to change the odds, or a simple programming flaw that we could exploit.
Alex read the book The Eudaemonic Pie by Thomas Bass (Penguin, 1992), the story of how a band of computer guys and physicists in the 1980s beat roulette in Las Vegas using their own invention of a “wearable” computer about the size of a pack of cigarettes to predict the outcome of a roulette play. One team member at the table would click buttons to input the speed of the roulette wheel and how the ball was spinning, and the computer would then feed tones by radio to a hearing aid in the ear of another team member, who would interpret the signals and place an appropriate bet. They should have walked away with a ton of money but didn’t. In Alex’s view, “Their scheme clearly had great potential, but it was plagued by cumbersome and unreliable technology. Also, there were many participants, so behavior and interpersonal relations were an issue. We were determined not to repeat their mistakes.”
Alex figured it should be easier to beat a computer-based game “because the computer is completely deterministic” — the outcome based on by what has gone before, or, to paraphrase an old software engineer’s expression, good data in, good data out. (The original expression looks at this from the negative perspective: “garbage in, garbage out.”)
This looked right up his alley. As a youngster, Alex had been a musician, joining a cult band and dreaming of being a rock star, and when that didn’t work out had drifted into the study of mathematics. He had a talent for math, and though he had never cared much for schooling (and had dropped out of college), he had pursued the subject enough to have a fairly solid level of competence.
Deciding that some research was called for, he traveled to Washington, DC, to spend some time in the reading room of the Patent Office. “I figured somebody might have been stupid enough to put all the code in the patent” for a video poker machine. And sure enough, he was right. “At that time, dumping a ream of object code into a patent was a way for a patent filer to protect his invention, since the code certainly contains a very complete description of his invention, but in a form that isn’t terribly user-friendly. I got some microfilm with the object code in it and then scanned the pages of hex digits for interesting sections, which had to be disassembled into [a usable form].”
Analyzing the code uncovered a few secrets that the team found intriguing, but they concluded that the only way to make any real progress would be to get their hands on the specific type of machine they wanted to hack so they could look at the code for themselves.
As a team, the guys were well matched. Mike was a better-than-competent programmer, stronger than the other three on hardware design. Marco, another sharp programmer, was an Eastern European immigrant who looked like a teenager. But he was something of a daredevil, approaching everything with a can-do, smart-ass attitude. Alex excelled at programming and was the one who contributed the knowledge of cryptography they would need. Larry wasn’t much of a programmer and because of a motorcycle accident couldn’t travel much, but was a great organizer who kept the project on track and everybody focused on what needed to be done at each stage.
After their initial research, Alex “sort of forgot about” the project. Marco, though, was hot for the idea. He kept insisting, “It’s not that big a deal, there’s thirteen states where you can legally buy machines.” Finally he talked the others into giving it a try. “We figured, what the hell.” Each chipped in enough money to bankroll the travel and the cost of a machine. They headed once again for Vegas — this time at their own expense and with another goal in mind.
Alex says, “To buy a slot machine, basically you just had to go in and show ID from a state where these machines are legal to own. With a driver’s license from a legal state, they pretty much didn’t ask a lot of questions.” One of the guys had a convenient connection to a Nevada resident. “He was like somebody’s girlfriend’s uncle or something, and he lived in Vegas.”
They chose Mike as the one to talk to this man because “he has a sales-y kind of manner, a very presentable sort of guy. The assumption is that you’re going to use it for illegal gambling. It’s like guns,” Alex explained. A lot of the machines get gray-marketed — sold outside accepted channels — to places like social clubs. Still, he found it surprising that “we could buy the exact same production units that they use on the casino floor.”
Mike paid the man 1,500 bucks for a machine, a Japanese brand. “Then two of us put this damn thing in a car. We drove it home as if we had a baby in the back seat.”

Developing the Hack

Mike, Alex, and Marco lugged the machine upstairs to the second floor of a house where they had been offered the use of a spare bedroom. The thrill of the experience would long be remembered by Alex as one of the most exciting in his life.
We open it up, we take out the ROM, we figure out what processor it is. I had made a decision to get this Japanese machine that looked like a knockoff of one of the big brands. I just figured the engineers might have been working under more pressure, they might have been a little lazy or a little sloppy.
It turned out I was right. They had used a 6809 [chip], similar to a 6502 that you saw in an Apple II or an Atari. It was an 8-bit chip with a 64K memory space. I was an assembly language programmer, so this was familiar.
The machine Alex had chosen was one that had been around for some 10 years. Whenever a casino wants to buy a machine of a new design, the Las Vegas Gaming Commission has to study the programming and make sure it’s designed so the payouts will be fair to the players. Getting a new design approved can be a lengthy process, so casinos tend to hold on to the older machines longer than you would expect. For the team, an older machine seemed likely to have outdated technology, which they hoped might be less sophisticated and easier to attack.
The computer code they downloaded from the chip was in binary form, the string of 1’s and 0’s that is the most basic level of computer instructions. To translate that into a form they could work with, they would first have to do some reverse engineering — a process an engineer or programmer uses to figure out how an existing product is designed; in this case it meant converting from machine language to a form that the guys could understand and work with.
Alex needed a disassembler to translate the code. The foursome didn’t want to tip their hand by trying to purchase the software — an act they felt would be equivalent to going into your local library and trying to check out books on how to build a bomb. The guys wrote their own disassembler, an effort that Alex describes as “not a piece of cake, but it was fun and relatively easy.”
Once the code from the video poker machine had been run through the new disassembler, the three programmers sat down to pour over it. Ordinarily it’s easy for an accomplished software engineer to quickly locate the sections of a program he or she wants to focus on. That’s because a person writing code originally puts road signs all through it — notes, comments, and remarks explaining the function of each section, something like the way a book may have part titles, chapter titles, and subheadings for sections within a chapter.
When a program is compiled into the form that the machine can read, these road signs are ignored — the computer or microprocessor has no need for them. So code that has been reverse-engineered lacks any of these useful explanations; to keep with the “road signs” metaphor, this recovered code is like a roadmap with no place names, no markings of highways or streets.
They sifted through the pages of code on-screen looking for clues to the basic questions: “What’s the logic? How are the cards shuffled? How are replacement cards picked?” But the main focus for the guys at this juncture was to locate the code for the random number generator (RNG). Alex’s guess that the Japanese programmers who wrote the code for the machine might have taken shortcuts that left errors in the design of the random number generator turned out to be correct; they had.

Rewriting the Code

Alex sounds proud in describing this effort. “We were programmers; we were good at what we did. We figured out how numbers in the code turn into cards on the machine and then wrote a piece of C code that would do the same thing,” he said, referring to the programming language called “C.”
We were motivated and we did a lot of work around the clock. I’d say it probably took about two or three weeks to get to the point where we really had a good grasp of exactly what was going on in the code.
You look at it, you make some guesses, you write some new code, burn it onto the ROM [the computer chip], put it back in the machine, and see what happens. We would do things like write routines that would pop hex [hexadecimal] numbers on the screen on top of the cards. So basically get a sort of a design overview of how the code deals the cards.
It was a combination of trial and error and top-down analysis; the code pretty quickly started to make sense. So we understood everything about exactly how the numbers inside the computer turn into cards on the screen.
Our hope was that the random number generator would be relatively simple. And in this case in the early 90’s, it was. I did a little research and found out it was based on something that Donald Knuth had written about in the 60’s. These guys didn’t invent any of this stuff; they just took existing research on Monte Carlo methods and things, and put it into their code.
We figured out exactly what algorithm they were using to generate the cards; it’s called a linear feedback shift register, and it was a fairly good random number generator.
But they soon discovered the random number generator had a fatal flaw that made their task much easier. Mike explained that “it was a relatively simple 32-bit RNG, so the computational complexity of cracking it was within reach, and with a few good optimizations became almost trivial.”
So the numbers...

Table of contents

  1. Title Page
  2. Copyright Page
  3. Dedication
  4. Preface
  5. Acknowledgements
  6. Chapter 1 - Hacking the Casinos for a Million Bucks
  7. Chapter 2 - When Terrorists Come Calling
  8. Chapter 3 - The Texas Prison Hack
  9. Chapter 4 - Cops and Robbers
  10. Chapter 5 - The Robin Hood Hacker
  11. Chapter 6 - The Wisdom and Folly of Penetration Testing
  12. Chapter 7 - Of Course Your Bank Is Secure–Right ?
  13. Chapter 8 - Your Intellectual Property Isn’t Safe
  14. Chapter 9 - On the Continent
  15. Chapter 10 - Social Engineers — How They Work and How to Stop Them
  16. Chapter 11 - Short Takes
  17. INDEX