Hir 7-3 Mobile Hacking part III By Asmodian X As always, Mobile hacking is an enormous subject so i suggest you read up on Mobile Hacking parts one and two. In this section I hope to cover A bit more on devices, software and go over physical security a bit. Part 1 Physical Security Well to put it simply, the company with the most cash has the best security. So heres a general chart that deals with countermeasures on a per location basis. Location | Rent-a-pigs | Company Cops | feds | Video Survalence | ---------------------------------------------------------------- Retail strip mall yes ---------- stand alone yes maybe maybe (*recorded) retail ---------- small yes maybe maybe (*recorded) business park ---------- warehouse yes yes (CCD) ---------- corporate yes yes (ccd,recorded) office ---------- Corporate yes yes (ccd,recorded) HQ (big guys w. guns) ---------- Govt. office yes yes, yes, yes (*Don't go near fed. offices*) I can imagine you saying now, "Geez asmo, what are we talking about Burglary" To that I would have to emphatically say NO! The point here it to rummage through what they already don't care about. Ie the Garbage cans. Yes, the entire point of this section is about trashing. Taking the saying, "another mans trash is another mans treasure," to heart. You see our government has grown so entangled with laws and regulations, that it has become impossible for a company to just GIVE stuff away. There's mountains of paper work to just GIVE stuff away, therefore its cheaper to pay Defenbaugh to take everything away for you.. out of sigh out of mind right? Well Generally, company's still care (*for some dumb reason or another*) about their garbage. A few company's even feel that it requires armed guards to keep those (*evil people*) out of their stuff . So thats the main intent of this article, how to avoid trouble when going through some one else's garbage. Legally speaking, if all your doing is trashing, the most you will ever run into is tress-passing charges. Which isn't really worth prosecuting so they just tell you never to come back. In my table above, I listed some locations and in general terms what external security those locations would probably have. Keep in mind that the more important the location, the better the defenses. Rent-a-pigs: Privately owned security officers who's job is to patrol a large area and keep it free of disturbances. They usually don't make a habit of hanging around the dumpsters. Company Cops: Security Officers who are hired for the specific purpose of patrolling a single company. They are more common amongst larger installations, and are less privy to intruders. Avoid these people. Feds: If your dealing with feds.. please format your drive now... if your that stupid... We never met... Happy Nachos to you and say hi to Kevin Mitnick for us. Cameras: Well there's two uses for cameras, 1.) To look at after the fact and identify suspects. 2.) To watch everything from a central point and then direct your boys to hot spots. Ie.. there's a bunch of kids trashing.. go get 'em J.D. If your going to go up against some security, don't just run in. Do some planning.. Part 2 Mobile Electronics. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Item Attack platform|Server|dial-out|Term. | TI-Calc* no no no yes Old Laptop no no yes yes Palmtop yes no yes yes Laptop yes yes yes yes Desktop yes yes yes yes -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= If you need gather information, chances are that you need to some kind of electronic device to access the net. Well heres some more thoughts on mobile computing. To start off, id like to give honorable mention to the TI calculators. TI calculators have been one of the more popular requirements for algebra classes everywhere. Because of this, there have been more programs and doo-dads made available for it than macintosh For instance, there is a terminal emulator program available for TI-8x series of calculator which turns the calculator into a dumb term, of course you would need the serial cable. Specs for the Serial cable can be found at HTTP://www.ticalc.org, you will also find a large software archive for the TI-8x series of calculators. It is not too hard to find a cheepo 286 lappie. Just something with a screen, some ram, and form of storage media, and a floppy drive. A battery is always a plus, although you can always substitute a UPS. Typically this configuration provides an ideal dumb terminal or a dial out if you can get ahold of a modem. If you have the cash, you might even consider an upper end PDA or Palmtop computer. These handy devices are usually self contained with display keyboard and battery's, plus some internal storage. The newer ones use an operating system called Microsoft Windows CE v. 1.x or 2.x. And its pretty easy to find utility's for it at HTTP://www.hpc.net For more information on HPC's see some of my previous articles on HPC's at HTTP://www.hir.home.ml.org/. I consider Windows CE as an attack platform because Windows CE have a TCP stack, and PPP dial-out capability's. Not to mention it has a built in PCMCIA card slot, so you can use just about anything on it. bare in mind that WIN CE 2.0 is the only version as of date that supports NIC(*Ethernet*), cards. Ahh, the laptop! All the whole-grain goodness of a desktop crammed into an itty bitty proprietary case. Typically a full powered laptop has about 3 hours of un-plugged use before you need to re-charge the battery. With a newer laptop, you will have dual PCMCIA card slots, complete with the usually Parallel and serial slots and maybe even an IR port and a USB port. Laptops make decent Servers and exelent attack platforms. A desktop can run just about anything but simply lacks portability. So it could be considered a Server or an Assault platform. In general, a person could hack with a plastic spork and a rubber ducky, but its probably easier if you stick to using something technological. Part 3 Operating systems Now you got your Slash Bang 2000 486 laptop, now what do you run on it. PC (80x86 or pentium) Opperating Systems Device Dos Win 3x Win 9x Win NT Linux BSD SCO ---------------|-------|-------|-------|-------|-------|-------|------ old Laptop yes maybe* no no maybe* maybe* no newer Laptop yes yes yes maybe* yes yes yes Desktop yes yes yes yes yes yes yes ------------------------------------------------------------------------------ Please note the first four entry's are all made by Micro$loth(tm). There are generic versions of Dos, like DR. Dos, Free DOS and a few others. Free DOS is a GNU MS/PC 3.x DOS compatible OS, more information can be found at HTTP://www.freedos.org/. The Latter 3 are Unix derivatives and are generally free, except SCO Unix. SCO Unix is a commercial implementation however there are free Non-commercial licenses available. Linux and Free BSD are free, and covered under the GNU free software policy. Free/PC/MS/DR DOS Plus: The version you might want to shoot for is MS-DOS 5.0 compatibility. There are more dos productivity applications available than ANY OTHER OPPERATING SYSTEM. Not to mention dos runs on ANY PC based computer. You can find dos drivers for DOS MUCH easier than with the Unixes. They also have much better commercial support in general. cons:: Dos is a Single user, Single processing operating system. Any Multitasking is done on the application level. Memory management is Horrid, if not non-existent. Its a 8 bit operating system thats impossibly archaic. Windows 3.x: plus: It utilizes the 386 instruction set and performs multitasking. Has an *easy* to use GUI, and there are many applications available for it. It runs on pretty much any 386 class CPU with a video adaptor. Cons: Runs on-top of dos... inherently unstable. See DOS for rest of complaints. Windows 9x: plus: Every one uses it now. much better memory management. Does not rely on DOS to run. network capability is much better than win 3x. Much more stable than Win 3.x. has multi user capability and some security features con: Every one uses it now. Multi user Wanna be. Marketed to be several things it wasn't. Windows NT: plus: Stabler than windows 95, has Multi user, high speed file system. Multi user. Runs windows dos/3x and win 9x programs. Full 32 bit os with multi processing support yadda yadda.... cons: In the way of networking and being a *SERVER*, it isn't very secure. A person would need to install a great deal of Patches and bug-fixes before I would even bother to use it as a server. Its protection mechanisms are dwarfed by Novell netwares permission setup and file permission setup.. not to mention that it costs WAY too much. And when NT says it CAN use up to 32 processors it does not mention that you OUGHT to use 32 processors.. because the Opperating system it self is so huge that it requires a monster computer to run it as a server, under a typical network load. Linux: Pros: Linux can run on any 386 class Intel compatible processor, you can run it with as much as 4 megabytes of memory, but generally requires a swap file to load correctly. Linux is FULLY POSIX compliant and is SYSTEM V compliant. It is a full FREE implementation of UNIX, and is one of the most popular non-Microsoft operating systems. Is also a full development environment. There is also a plethora of support available on the net. A person can even run a GUI, such as XFree86. When set up right, Linux can out gun any NT server in the way of speed and services. Cons: Unix environment is Complex, and generally more text based. Because of this, only people that have intermediate to expert level of knowlage about PC-based computers should consider using Linux. There is also NO commercial backing, if the server crashes, there's no one to sue but your self. there are also a limited amount of drivers available for devices and virtually no support for proprietary devices such as PDA interfaces, some digital cameras and other peripheral devices. Linux is a MULTI USER system which means that it dose not make a very good Home, desktop Multimedia PC. If your looking for an Assault platform and you don't want to get into the nitty gritty details of setting up Linux, then forget it and use Windows 9x. BSD: pluses: BSD is more like a heavy duty UNIX distribution, it has Better memory management than Linux and is generally more stable. The actual code under goes more over seeing and is generally cleaner than Linux. In fact, a great deal of Linux software was ported from BSD. Generally, if your going to run a server, do it with BSD. BSD will also Run some Linux binarys. Cons: Bsd is slower to release new software and drivers, consequently hardware drivers are harder to find. PCMCIA support is known to Lag, and for that reason, I don't not recommend BSD for a laptop. * Writer note: When I was at las Vegas at DefCon 6.0, the NetBSD people had to go around begging for another brand of PCMCIA NIC card because the card services were on the Fritz. The Linux people had no problems what-so-ever. SCO UNIX pluses: SCO Unix is a commercial implementation of Unix which means there's support available for it, not to mention that every driver disk I've ever looked at has SCO drivers. In addition you actually have some commercial ports of software like MS-WORD and WORKS and stuff for it. cons: SCO does not have the open software background, which means its a bitch to patch. Typically the free Unixes are patched faster then the commercial ones because its a huge communal effort versus a centralized commercial effort.