Chick Virus Writers

I read this interview with a female hacker. She writes viruses and is a freelancer. She goes by the handle hh86. Credit to SPTH for the original interview.

So hh86 says that her friends really don't know she is a virus writer. Incognito. Nice. She is hard core in that she writes her viruses in assembly language. Writing with compiled languages is restricting for her.

Shrug for the 64 bit Windows platform is a virus she admires. She is author of the Delae family of viruses. These are ones with names that start with w32.

One of hh86's techniques is to obscure the entry point of her viruses. Unlike other virus authors, she does not do IRC much. She is in contact with antivirus peeps.

Look for a new zine to be released by hh86 next month.

Find Your Foe

Continuing from my last post, I learned a few tricks by watching some video from DefCon 18. Everyone has a web browser. You can use the browser to deliver software to users.

FaceBook has a feature where the client checks whether a user's friends are online or not. This is just an HTTP request to FaceBook. Good stuff to know.

Here was the finale of the talk I watched. Create a web page with malicious code. Have a piece of JavaScript that inquires the MAC address of the user's router.

The MAC address is set in hardware. It cannot be changed. Once you have the user's MAC address, you can send it to Google. Then Google will tell you where the router is located geographically. Bamm. You can track the people who come to your web paged. Owned.

Cracking the FaceBook Session

Just watched a 3 part series on YouTube. It was from DefCon 18. Dude was looking to exploit another guy on FaceBook. He noted that FaceBook uses PHP. And PHP is open source, including its session management code. When you log into FaceBook, you get a session which is nothing more than a random string.

The session string is stored as a cookie in your browser. PHP session creation uses a 160 bit string. It would take millions of year to brute force such a string. However you can study the properties of the string to narrow down the possible values it might contain. Then you can narrow down the bits that are truly random, and break down the door.

One part of the string is the IP address. You can grab this by sending a person to your web site. Another piece of the string are two random number seeded with the web server start time. Cause the server to reboot, and you will approximately know when the start time is.

So after narrowing down the cookie, our friend managed to narrow the random bits down from 160 to 20. Now 20 bits can be cracked in a few seconds. He measured that it takes on average 500k attempts to guess 20 bits of random numbers. Good stuff. Getting back to FaceBook, they actually use a modified version of PHP called Hip Hop. And after our boy figured out how to crack the session cookie, PHP was patched to make it harder to crack.

Maybe next time I will also go over how this dude can figure out where you are geographically located by hacking your router. I love it.

Phony Checks

I just read this doozy of a story. It was from way back in 1995. A dude got a piece of junk mail with a $95,000 check in it. The check had the words non-negotiable written in the corner. So the guy goes to his ATM and deposits the check. 10 days later, the money is still in his account. A teller from the bank says the money is his since it has been over 10 business days and the check had not been returned. This is a synopsis of the Midnight Deadline.

The dude did some researching on check validity. The authority on this subject if the banking book by Brady. It states what a check needs in order to be valid. Just because a check has the words non-negotiable on it does not make it invalid. So the guys thinks about trying to get the $95k out of his account in cash. But that is a big process because banks usually don't dole out so much cash. Instead he gets a cashiers check.

Over a month later, a security officer from the bank accuses the guy of fraud. However all checks are initially assumed to be valid. The bank must server the depositor a notice of dishonor in a timely fashion. This was obviously not the case with this guy (it had been over a month). The guy decides he wants to get the Wall Street Journal to do an article on him. It takes a long time for that article to make it to print.

The guy decides to put the story on his own web site. His bank account gets frozen. His ATM card gets confiscated. He tries unsuccessfully to reach the president of the bank. In the end, he winds up negotiating with senior counsel from the bank. He can't get any photographers in the bank on the day when he hands the cashiers check back to them. It is too bad he did not try to keep the money in the end. He had a good legal ground to stand on. If he did not want the money himself, he could have given it to charity.

Prison Break

Let's talk about getting out of prison. No. I am not talking about breaking out. I mean serving your time and being released. If you remain on good behavior, you will accrue 54 days off per year. These can add up if you spend many years in the slammer.

You can normally serve the last portion of your sentence in a Community Corrections Center (CCC). This is a house out in the city. You get to work a job. But you must spend nights and weekends back at the house.

Do well at the CCC, and you may be able to serve the very end of your sentence under house arrest. After you are out, you must report to your probation officer frequently. Try to stay out of trouble. Sooner or later things will lighten up. Ok. I have been going over the highlights of what I know about the big house. Time to return to more hackology like coding mad apps.

Prison Life

Here are a bunch of tips to guide your life behind bars. Don't threaten other prisoners. If you want to make an impressive, be like Nike and just do it. You know what they say. Actions speak louder than words.

When you do have a beef with another prisoner, don't involve the guards. That makes you seem like a snitch. Nobody likes a snitch. If your problem involves a guard, then you can submit a complaint.

Complaints against guards or other prison employees will take a long time for resolution. To maximize the chance that your complaint will be effective, keep it short and specific.

Finally let's talk about solitary confinement. You get put into "the hole". It is a small area. Most everything is concrete, except your toilet and bed, which are steel. It is cold in there. The food you get fed is minimal and also cold. Normal punishments get you into the hole for 1 week.

Federal Bureau of Prisons

There are a whopping six different levels of security in the federal prison system. A designator at the prison will figure out what level you start out at. Let's get into the different levels.

1. Minimum - This is for short sentence convicts. There is no fence to keep you in. If it is your first time, you will probably wind up here unless you were convicted of a violent offense.

2. Federal Correctional Institution - You are fenced in here. You got sharp stuff at the top of the fence to prevent you from climbing over.

3. Medium Federal Correctional Institution - There are extra guards on duty here. Inmates are serving long sentences. You don't get to move around as much compared to the lesser security prisons.

4. High Federal Correctional Institution - More oversight by guards. Less movement by inmates. Very long sentences served by inmates.

5. United States Penitentiary - The real bad guys are kept here. You cell mates will be murders and such. They don't use a fence to keep you in. There is a very high brick wall surrounding the prison. If you make it in here, you may get roughed up bad by other prisoners.

6. Supermax - Also known as Max. You are always stuck in your cell. If you need a shower, you get a sponge and some water. If you must leave your cell, you are cuffed and escorted by a lot of guards.

Surveillance and Defending Yourself

If the Feds need hard evidence on your, they can do a wiretap. This requires a court order. It is also expensive to operate. There are some devices you can buy that detect whether you are under surveillance.

Before sentencing you meet up with a probation officer. That title is a bit misleading. Their job at this point has nothing to do with probation. They write up a report which is supposed to be a comprehensive profile of you. Make sure you have your lawyer present during this interview.

Lawyers cost a lot. If you cannot afford one, your best bet is to study up yourself. This is good advice even if you must rely on the public defender. Buy a couple of the great books such as The Prisoners Self Help Litigation Manual. You should also pick up Federal Sentencing Guidelines, as well as Federal Criminal Codes and Rules. You got to lean the rules of the game before you can play ball.

Jails and Sentencing

Not all jails are created equal. County jails are rough. You might spend some time there before you get sentenced. State prisons are also hard core. In general it is better to go to federal prison.

Here is the trade off. If you do serve time at a tough state prison, you will most likely serve a shorter sentence. The federal prisons are better to be in, but you will probably spend more time there.

Let's switch gears and talk about how to handle yourself when you are charged. Don't say anything. Speak only with your attorney. Anything you say will only count against you.

If people do snitch, the only ones that benefit are usually the first ones to talk. So if you are going to be a rat, do it early. I don't recommend it though. Providing useful information to the FBI might get you a sentence reduction. Hope for upwards of half your sentence eliminated. In reality you will only get about a third of your sentence chopped.

Bail and Sentencing

Much of your court success will depend on the skills of your attorney. Here is a hint. You should not use the public defender. Instead you got to hire your own lawyer. The problem is that they will cost you a whole lot of cash. We are talking $100k or more.

It is good to know a lot about the laws and court yourself. Here are some tips if you are going to sign a plea agreement. Try not to sign away your right to an appeal. Later you might find a way to lesson your sentence. Have a list of issues you can appeal ready during your sentencing. Bring these issues up at sentencing. Follow through by filing a notice to appeal. Do this quickly after your sentencing.

There are some factors that might extend your sentence. If you are highly skilled, and your used those skills to hack, you get extra time. Now let's talk a little about bail. You get locked up as soon as they come to collect the evidence and yourself. In general, you do not get released on bail. That is a low probability event. If you do make bail, it can take weeks to process the bail papers.

Prison Guidance

I just read a huge file on what to do when you get arrested for hacking. It was written by a dude who served 42 months in the pen. Some advice was common sense. For example, try not to pick enemies. However there was some advice that shows true insight. You should not join a group or gang. It will only count against you.

Get ready for the press to lie about you. Trust no one. You are probably being arrested because you allowed somebody else to know what you were doing. If you do get caught, you had better have studied up. It might reduce your sentence by half or more.
After you have been convicted of some crime(s), they will calculate the duration of your sentence. Here is the freaky thing. The length of your stay will not only depend on the crimes you have been convicted of. It might might also include other crimes that were not even brought forth against you.

Get a lawyer. The best bang for your buck will be one that specializes in sentencing. It would be best if you knew the United States Sentencing Guidelines (USSG). Don't put your hopes in beating the Fed. They have a 95% conviction rate. Try to minimize the damage and your time in the slammer.

Doomsday File

Scotland Yard has arrested Julian Assange. He is cofounder of Wikileaks. Britain plans to extradite Assange to Sweden, where he is wanted for sexual misconduct crimes. Assange is an Australian citizen. The judge in Britain says this has nothing to do with Wikileaks. However the Wikileaks servers are located in Sweden. Hmmm.

What I find most interesting is Assange's "insurance policy" against being apprehended. He has widely distributed a doomsday file. The file is named "insurance.aes256". It supposedly contains a bunch of secret info that has not been released to the public yet.

Assange warns that if he gets detained, the password to this file will be distributed and chaos will ensue. The file itself is 1.4G large. Who knows what goodies are in there. The way things are going with his Swedish case, I bet we are about to get the next large dose of Wikileaks mania.