Introduction | DOS Attacks | Social Engineering | Why You May Get Hit | Get into a Hacker War | Protect yourself

Social Engineering

As we saw in the GTMHH on how to break into computers, social engineering usually consists of telling lies that are poorly thought through. But a skilled social engineer can convince you that he or she is doing you a big favor while getting you to give away the store. A really skilled social engineer can get almost any information out of you without even telling a lie.

For example, one hacker posted his home phone number on the bulletin board of a large company, telling the employees to call him for technical support. He provided great tech support. In exchange, he got lots of passwords. If he had been smart, he would have gotten a real tech support job, but then I can never figure out some of these haxor types.

ISP Hostage Taking

A favorite ploy of the aggressor in a hacker war is to attack the victim's Internet account. Then they trumpet around about how this proves the victim is a lamer.

But none of us is responsible for managing the security at the ISPs we use. Of course, you may get a domain name, set up a computer with lots of security and hook it directly to an Internet backbone provider with a 24 hr phone connection. Then, checking account depleted, you could take responsibility for your own Internet host. But as we learned from the AGIS attacks, even Internet backbones can get taken down.

If you point this out, that you are not the guy running security on the ISP you use, bad guy hackers will insult you by claiming that if you really knew something, you would get a "secure" ISP. Yeah, right. Here's why it is always easy to break into your account on an ISP, and almost impossible for your ISP to keep hackers out.

While it is hard to break into almost any computer system from the outside, there are vastly more exploits that will get you superuser (root) control from inside a shell account. So all your attacker needs to do is buy an account, or even use the limited time trial account many ISPs offer, and the bad guy is ready to run rampant.

You can increase your security by using an ISP that only offers PPP (point to point) accounts. This is one reason that it is getting difficult to get a shell account. Thanks, cybernazis, for ruining the Internet for the rest of us.

But even an ISP that just offers PPP accounts is more vulnerable than the typical computer system you will find in a large corporation, for the simple reason that your ISP needs to make it easy to use.

********************************************************
Newbie note: A shell account lets you give Unix commands to the computer you are on. A PPP account is used to see pretty pictures while you surf the Web but in itself will not let you give Unix commands to the computer you are logged into.
********************************************************

Because it is easy to break into almost any ISP, haxor d00d cybernazis think it is kewl to take an ISP hostage by repeatedly breaking in and vandalizing it until the owner surrenders by kicking the victim of the attacks off. This was the objective in the assaults on Succeed.net in Oct. 1997.

*******************************************************
You can go to jail warning: I usually fubar the names of ISPs in these guides because so many haxor types attack any computer system I write about. Succeed.net is a real name. If you want to attack it, fine. Just remember that we have boobytrapped the heck out of it. So if you attack, men in suits bearing Miranda cards will pay you a visit.