General discussion

  • Creator
    Topic
  • #2140985

    Have your encountered hackers at your place of work on the network?

    by picherg ·

    I am using tripwire program to protect Ubuntu server from intrusions.
    Please, if you have any leads about hackers or experience with
    programs such as: packet capture, controlling traffic, IDS.
    Those who have encountered something similar at work can share
    here with my experience.

You are posting a reply to: Have your encountered hackers at your place of work on the network?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

  • Author
    Replies
    • #2419517

      For a time, all of us were hackers.

      by rproffitt ·

      In reply to Have your encountered hackers at your place of work on the network?

      I won’t tell much about it but due to no IT support our team took to what some may call hacking to get back to work.

      Here’s the biggest lesson we learned.

      -> Without physical security there is no security.

      Example. Without exception we’ve been able to boot most “servers” from some USB stick to add a new account, copy out data and more. Even if we couldn’t boot we could always use what is called a Rubber Duck from Hak5.

      Look at the prior leaks and attacks and you find that this happened inside the company and for us it was performed directly on the servers.

    • #3939135

      For a time, all of us were hackers.

      by rproffitt ·

      In reply to Have your encountered hackers at your place of work on the network?

      I won’t tell much about it but due to no IT support our team took to what some may call hacking to get back to work.

      Here’s the biggest lesson we learned.

      -> Without physical security there is no security.

      Example. Without exception we’ve been able to boot most “servers” from some USB stick to add a new account, copy out data and more. Even if we couldn’t boot we could always use what is called a Rubber Duck from Hak5.

      Look at the prior leaks and attacks and you find that this happened inside the company and for us it was performed directly on the servers.

    • #3938975

      Yes… Indeed

      by avandor ·

      In reply to Have your encountered hackers at your place of work on the network?

      Yes, I encountered a hacking issue at my workplace. I went home one night about six months ago and tried to log in again to my workstation.

      I could not remember the password, so I used my Knoppix live CD (version 8) to reset the password. It booted up like normal, but when it got to the desktop, I saw that some windows were opened which were unfamiliar to me. These windows showed very strange stuff like “an error occurred while creating shadow copy” or something of that nature. I immediately shut down my computer because it didn’t look right.

      I took the Knoppix CD out and decided to check things out.

      I noticed that some files (My Documents, desktop and some system .DLLs) were missing on the hard drive. I also found an unknown Linux partition on my computer’s hard drive which had about 1GB of space. It was like a hidden partition on my C: drive (C: is my Windows root). I wasn’t sure what it was at first, so I opened up a command prompt and checked for this new Linux partition by typing “dir c:” and saw that there was indeed a new Linux-type directory appearing in c: which did not belong there before.

      So, I rebooted again and put another live CD called Backtrack 3 in. I turned on the computer and it took me to a command prompt instead of Windows this time. Again, it booted up fine, but when I got to the desktop, all that showed up was a big blue screen with green text on top of it. It looked very similar to what you’d see if you were running “top” in Linux (the command prompt).

      I tried logging in by typing my password which I knew at this point, but the login failed because the account had been deleted from the system. This makes sense though because many people are hacked at work through brute force methods where they try every possible letter/number combination until they find one that works.

      So, pretty much knowing what happened here I opened up my Norton Internet Security and did a full scan of the system.

      It took about an hour before it was finished, but I was surprised when I saw that it found like 2,500 viruses on my computer! All of these viruses were “heuristic” and they were automatically quarantined by Norton. Pretty sweet! Norton also showed me all the remote connections to my system that were attempted. There had been many attempts from Russia, China, South America, and Romania to connect to my computer in the past few months. Hmm… how strange?

Viewing 2 reply threads