Aftermath...The Investigation Continues

Previous page
Table of content
Next page

Aftermath The Investigation Continues

After The Don s heavy involvement with Knuth and his operations throughout Africa, The Don was now under a considerable degree of covert surveillance. As the agent now responsible for the surveillance of The Don s activities in relation to Knuth, it was my task to observe The Don as he made his way to Def Con, the annual hacker conference held at the Alexis Park hotel “ Las Vegas. As I arrived at the Alexis Park hotel (supposedly the only hotel in Vegas without some kind of gambling) I reminded myself of last year when an agent from our organization fell foul of the yearly spot the fed competition “ a fate which I was eager to avoid. This year, The Don was sharing his hotel room at the Alexis with an individual named Sendai “ an individual, who our sources inform us, is an extraordinarily skilled cracker, who has written a number of private kernel root kits and exploits codes in his time.

On the Saturday evening of the conference, Sendai and The Don were observed in a secluded vodka bar located in a more seedy area of Vegas, several miles from the strip itself. Thanks to the audio monitoring equipment we had been given for the purposes of this operation, we were able to hear almost every word of their conversation. By then, both The Don and Sendai had had far more than their fair share of flavored vodka drinks and had become considerably more loose-lipped than they would have otherwise been. Although we were unable to pick up all of their conversation, The Don was caught describing a new client who had paid him extremely well for the manipulation of telecommunication equipment . From my studies of the hacker community, I have learned that many crackers/hackers/blackhats/ [insert media buzz word here], call them what you like “ have a tendency to be extremely entrepreneurial. Sendai, being no exception, saw the opportunity and enquired about The Don s new client and his need for a highly skilled cracker. In spite of The Don s reluctance to provide Sendai with additional information, a promise was made to Sendai that his information would be passed over to his client “ With a good reference . With that, the two disappeared off to one of the few strip joints in Vegas which sold both alcohol and promised a full showing.

Although we were aware that Knuth was not the only client that The Don had ever had, we were pretty sure that he was his only current client, leaving a pretty good chance that the new client The Don referred to was indeed Knuth. Given the possible severity of Knuth s projects this information proved more than sufficient to have a covert observation warrant signed for young Sendai. Sure enough, the following Tuesday evening, Sendai received a phone call at his current place of residence (his parent s house) from an individual claiming to be a Bob Knuth . During the conversation, the two agreed to terms under which Sendai would carry out a compromise of three Internet based hosts “ one of which was operated by the Defense Information Systems Agency (DISA). Over the following weeks, our surveillance team made every effort to monitor the activities of Sendai, attempting to monitor the attacks against both DISA and two other systems hosted outside of the United States. Through our monitoring of Sendai and the information which our behavioral science unit continues to send our way, I have written the following capability and motivational analysis of Sendai. 

 After a careful analysis of the attacks initiated by the individual who is known to his friends as just "Sendai", I have drawn the following conclusions regarding both his capability and motivation to execute tasks, which in this case are contrary to the Patriot Act of October 2001. For the sakes of keeping this report short and to the point, the attack case study I have chosen to use is that of the attack initiated against a system owned and operated by the Defense Information System Agency (DISA). Attack Inhibitors: Consequences of attribution given detection (C(A)/D). Due to the system concerned being the property of the United States government, the consequences of attribution given detection for Sendai could range from 25 years imprisonment to, in extreme cases, the death penalty. Although in previous cases Knuth has made use of unwitting agents, we have no reason to believe that Sendai was an unwitting agent and believe that he was fully aware of his actions and the potential consequences if he were to be detected and attributed to the attack. To this end, after a careful analysis of Sendai's financial history, we believe that a lack of finances motivated Sendai into performing a task which in the past, he may have turned down due to the risks associated with the attack. Further to this, he did not make any attempt to utilize resources to reduce the consequences of attribution given detection  rather neglecting the consequences of attribution given detection due to the significantly influential "attack driver" or motivator  the bounty he would receive on successful completion of the tasks Knuth had assigned to him. Perceived Probability Of Attribution Given Detection (PP(A)/D) Although not overly elaborate  Sendai went to considerable lengths to ensure that if his attacks were to be detected, at the worse case scenario, his attacks would be traced back as far as a neighbors wireless internet connection. If his attacks were to be detected they would at very least be traced back to the "psyche.ncrack.com"  a host compromised by Sendai to leverage his attacks against his three primary target hosts. This is a typical example of how adversaries are able to leverage a resource (in this case the resource being another compromised system) to being the inhibitors associated with an attack to an acceptable level. In this context, an acceptable inhibitor level is the point at which an attacker is "happy" that as far as he or she can see the attack conditions are in their favor. Perceived Probability Of Detection Given Attempt (PP(D)/A) Leveraging his considerable skill (a technological resource) Sendai wrote a customized "root kit" to install on all hosts compromised during this particular project. The root kit significantly reduced Sendai's probability of detection, again bringing the inhibitors associated with the attack to an acceptable level through the use of resources. Perceived Probability Of Success Given Attempt (PP(S)/A) As we have already noted, Sendai is an individual who holds a substantial technological resource and therefore capability, against most target hosts. This resource was used in a measured manner in all observed attacks, utilizing privately written proof of concept codes to exploit flaws in software to achieve his objective  once more, leveraging his resource to bring what may have otherwise been an attack inhibitor to acceptable level. His exploitation of kernel level flaws (an activity which if performed incorrectly can result in the failure of the information system attacked due to the possibility of it being rendered unstable) also demonstrates that he is either highly reckless, or (and I suspect this is the case given that such a flaw was exploited with his own proof of concept code) extremely sure of what he is doing. Perceived Consequences Of Failure Given Attempt (PC(F)/A) From an analysis of the intercepted phone call made by Knuth to Sendai, it is clear that Sendai is somewhat frightened of the possible consequences if he were to fail in the execution of the tasks given to him by Knuth. This in itself acts as a motivator, and is worth noting that in this case the value of PC(F)/A may have resulted in Sendai being more neglectful of other variables such as the consequences of attribution or a low probability of success. To summarize, Sendai is an individual who is so well resourced and under the correct conditions  motivated that in his mind, no single, conceivable attack profile will consist of adverse attack inhibitors that are such that are not counter-able by the resource to which he has access. In laymen's terms  if motivated to do so, there are few, if any targets that Sendai will decline to engage due to any adverse conditions which may exist. If now under the full command of Knuth, which given past actions, I would suggest he is  Sendai poses a somewhat greater threat than his counterpart The Don and should be monitored carefully as Knuth's yet-unknown project develops.


Previous page
Table of content
Next page
Stealing the Network. How to Own a Continent
Stealing the Network. How to Own a Continent
ISBN: 1931836051
EAN: N/A
Year: 2004
Pages: 105
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Crystal Reports 9 on Oracle (Database Professionals)
Certified Ethical Hacker Exam Prep
Oracle Developer Forms Techniques
C++ How to Program (5th Edition)
Information Dashboard Design: The Effective Visual Communication of Data
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy