Archive for mitnick

ZOMG! World’s Greatest h4x0r!!!

Posted in security with tags , , , , , on February 14, 2009 by hellnbak

Today Fox News an “article” about how the “worlds greatest hacker” would compromise President Obama’s Blackberry.  If you want to waste some time you can read the full article here:,2933,492705,00.html

Lets take a look at some of the FUD in this article.  First the headline itself, “Worlds Greatest Hacker”.  Where to start withthat one.  Was there some sort of competition recently where every hacker in the world got together to prove their skills?  Did we have the Hacker Oscar Awards and hand out trophies?  Regardless of who’s name is associated with this title, it is in fact extremely silly but as you will see required to build the level of fear uncertainty and doubt which is no doubt required in order to read this article.

Despite warnings from his advisers, the president insisted on keeping his beloved PDA, which now has specially designed superencrypting security software.

Superencrypting security software?  Thats right.. not just encryption but SUPERencryption. Encryption so SUPER it can leap buildings and give homeless people houses in one swoop. 

But even this SUPERencrypting software has it’s Lex Luthor.  But this time it is none other than Kevin Mitnick and according to this article Kevin is full of.. ummm.. Kryptonite.

But that just makes cracking into it more challenging — and, yes, it can be done, says the world’s most famous hacker.

“It’s a long shot, but it’s possible,” Kevin Mitnick told “You’d probably need to be pretty sophisticated, but there’s people out there who are.”

Mitnicksaid someone with access to Obama is much more likely to be targeted by hackers because their networks, particularly those used at their homes, would be much less secure than those used by the commander-in-chief.

Once armed with Obama’s coveted e-mail address, a hacker could theoretically send an e-mail to Obama in an attempt to lure him to a Web site that has previously been breached in order to transfer “malicious code,” Mitnick said.

This make sense obviously, I mean it doesn’t take the world’s greatest hacker to understand that a social engineering attack is really the way to go in this case.  Send the device an email from a “trusted” address and hope that they are naive enough to open the attachment or click on the link.  BUT, we are talking about a Blackberry device here meaning your run of the mill malware is not going to work and you had better have some skills and knowledge around the RIM platform.  Considering the target, this is not beyond the realm of possibilities.

Although again considering the target one would assume that some pretty heavy security awarness training has been given.  So far the article isn’t actually that bad but then Fox News decides to ignore technical accuracy with this gem:

Chris Soghoian, a student fellow at Harvard University’s Berkman Center for Internet and Society, agreed that the most likely route to Obama’s BlackBerry would be to trick the president into visiting a pirated Web site.

Pirated web site?  You can pirate web sites now?  I suppose I could make some room on my hard drive between all of the pirated software, movies and music for some pirated web sites.  Pretty sure they meant compromised web site in this case.  Doesn’t that seem like a lot of work?  I mean, first identify a web site your target is likely to visit it then “pirate” it.  There are other, much easier was to do this.

These are attacks when you visit a Web site, and within seconds, it hacks into your computer and forces it to download viruses,” Soghoian said. “In many cases, people get infected by using out-of-date browsers.”

Soghoian said he suspected that the likely culprit wouldn’t be a hacker who targets computers for notoriety or fiscal gain, but rather a foreign government looking for classified information.

OMG.. within seconds you get hacked just by visiting a web site!!  Obviously we have all seen examples of this sort of attack but to me the wording sounds like nothing more than fear mongering.  But note they said “outdated browsers”.  Last time I checked (just now) the options for a web browser is very limited on a Blackberry.  Mine runs both the built in RIM supplied browser as well as Opera Mini.  So, sure there is an attack surface there but that is assuming they allow Mr. President to surf the web from his device which to be honest sounds pretty far fetched.  In fact, I would bet that the device Obama uses is very limited in what functions it performs and is in fact locked down to the point that the web browser is removed as well as other basic functions like installing software.  But that is just a common sense guess.

But wait, all of this focus on Blackberry devices by the media and we do not even know for sure if that is what the device in question is.

“Nobody has really said with certainty what device he is actually using,” said Randy Sabett, a partner at Sonnenschein Nath & Rosenthal LLP and a former NSA employee. “That right there is an important subtlety. The less information known, the better.”

So here we have an article based completely on an assumption of what device the President may be using.  While I suppose it is a good assumption based on various photos it is still an assumption and while we all know that security through obscurity does not work and something tells me that it is only a matter of time before we all know for sure what the device actually is.

So does a BLOG post about an article that is about nothing actually exist?

Seeing how the big bad well funded Fox News cannot get things right, I reached out to Kevin and got his permission to publish the following from an email:

I did not pick the title so don’t blame me!

Second, I told this reporter numerous times that I don’t believe Obama uses his Blackberry device for anyclassified communications– that should be a no brainer, right?

I did, however, share some attack scenarios that are feasible. One example below I used to surveill the FBI when playing the fugitive game– which would likely work today.

Objective: Identify Obama’s current cellular phone number (SIMPLE)

1.  Compromise his past provider (he’s likely to be using the same one).
2.  Obtain past (3 months) billing records (call detail records)
3.  Compromise (current) provider and perform terminating number searches for any mobile device that has dialed or received calls from the same numbers on Obama’s past billing records.
4.  Maintain a list of suspect devices (mobile handsets) for further analysis
5.  Analyze each suspect device’s call detail records looking for a similar pattern of call traffic (incoming /outgoing)
6.  Narrow the list of devices down to similar call patterns
7.  Pull the subscriber data (billing name, address, contact #, device info (IMEI, SIM info) or (ESN if CDMA provider)
8.  Use mobile operator’s intelligent network to find where the device is registered (in real time)… Is Obama near that location?

Once Obama’s cellular number is identified the attacker can acquire his text messages by compromising the smsc (orable db) at  the provider, determine his location via cell tower registrations, and his capture call traffic ( via real time CDR).
Objective: Obtain Obama’s email address. (SIMPLE)

1.  Identify Obama’s close circle of friends and family.
2.  Compromise these target systems (phishing, wifi, etc) and install a trojan
3.  Steal authentication credentials stored on target system or via keylogger (web based email)
4.  Watch email communications.. eventually the attacker may hit pay dirt.

As far as compromising his BB device, I said it would be difficult but not impossible depending on whether he uses BB’s browser. The possible attack scenario I explained to the reporter was:

1.  Identify vulnerability in BB’s browser that allows execution of arbitrary code.
2.  After compromising his provider, identify what sites Obama visits on his BB (this can be logged by an attacker in the providers intelligent network.)
3. Identify the sites visited that are not so popular (minimize the potential victims) and compromise these targets.
4. Plant exploit code to execute payload– whatever that is…
5. Wait… and see what happens.

I brought up some others but the article omitted most of what I discussed… go figure…

Anyway, Happy Friday the 13th…


All of what Kevin said above is of course plausible but far be it for Fox News to care if they get anything right vs. just publishing some oversensationalized article.  Besides, as another friend of mine pointed out, isn’t the Blackberry Enterprise Server (BES) a more juicy target with a much larger attack surface?