**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.03 (April 8, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.03 / File 2 of 6 *** *************************************************************** From: "CHRISTOPHER J.D. SELINE - CJS@CWRU.CWRU.EDU" Subject: Hacking in the 90's-the move from active invasions to passive listening To: tk0jut2 I've been thinking about the future of hacking lately. Where is it going to go. What will it be like in a few years. Without taking a poll, I think hacking is going to move toward obtaining information through more passive eavesdropping rather than active invasion of systems. Of course, the active invasion could be preceded by a long passive invasion used to obtain passwords and operating procedures. Basicly, my argument is this: hackers who invade systems are being detected; once detected they are often tracked down through the electroinc network (phone, internet, whatever) and apprehended. Hackers will try to avoid detection by using "passive" systems to obtain information. These passive systems will be either simple line tapping and network eavesdropping, or the interception of compromising emanations (ELINT/CE). ELINT/CE circuit schematics are available through the underground and for less than $200 a hacker can produce a "box" that will "see" what someone is typing on their terminal from several hundred meters away. ELINT/CE doesn't require the physical invasion of an office to place a tap. It is completely undetectable and relatively unknown. Because it is unknown there are _no_ countermeasures in place (except for government activeities with national security information, many FBI terminals, and many DEA terminals). Since it is passive, undetectable, and there are no routinely used countermeasures ELINT/CE represents an extremely safe way to obtain lots of information. For the more adventurous there is always phone line tapping and serial line tapping. The only drawback here is that the connection to someone's phone line does requires (often) a bit of trespass, which makes it more likely the hacker will be caught. And, of course, there is network tapping. With an ethernet is this very very easy (just put your ethernet board in promiscuous mode). This often requires legitimate access to the network, but once a hacker has this physical access there is little information he can not capture. Since most networks don't monitor for "new" ethernet boards attached to the cable, an unauthorised connection can be made with an ethernet net tap. These are all "old" techniques. The intelligence agencies have been using them for a long long time. All of these techniques all the gathering of a great deal of information without the associated risk of directly invading someone's computer. I think that they will be "the hacking of the 90's" as more and more hackers are apprehended using the old methods. Christopher Seline cjs@cwru.cwru.edu =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+