Hackeo

Lun Dic 6 18:44:01 CLST 2004

Miguel Oyarzo O escribió:

>
>
> Estimados,
>
> Solo es un tema de conversacion... quizas resulte interesante:
>
> Policia del cibercrimen  de Chile (Investigaciones) llegó a Punta 
> Arenas a revisar una denuncia de delito
> de hackeo contra un servidor publico.
>
> El hacker borró toda la información en su PC y formateó el equipo 
> desde donde atacó y reinstalló todo
> desde 0. Esto lo hizo para poder dormir en paz, pues nadie lo pillaría 
> asi.

Capaz que dejo huellas, te dejo la siguiente info de algun articulo que 
tengo sobre el tema, disculpa que no lo traduzca pero creo que es 
bastante entendible para cualquiera que sepa un poco de ingles.

Forensic recovery techniques normally consist of making a mirror image 
of a hard disk and searching it for compromising words. These techniques 
are available to anyone with physical access to your computer (i.e., 
just about anyone who really wants to). Deleting a file is not safe in 
this respect, because all the data contained in the file remains on the 
hard disk (see following point).

Data that has been deleted and overwritten several times on your hard 
disk can still be recovered, although this involves the use of advanced 
facilities (clean-rooms similar to those used for semiconductor 
manufacturing, as well as special electronic equipment). In other words, 
here we are talking about NSA, FBI, KGB, the security services of most 
developed countries, major technological industries, and a few of the 
most advanced universities (updated information: a modified atomic-force 
microscope can be used for this purpose, at a material cost probably not 
exceeding US$ 50,000, which puts this operation within the reach of 
small laboratories and determined individuals). I shall not discuss here 
the technology involved. Just how many passes (i.e., successive 
overwritings) can be regarded as safe is impossible to tell. A single 
pass effectively prevents the application of techniques normally used 
for forensic recovery. Four passes are known to allow an easy recovery 
through special techniques. Eight passes are recommended by the Pentagon 
for low-security erasing. Data recovered after 22 overwriting passes has 
been used as court evidence against computer-related crimes in the 
United States. Thirty passes or more should be safe, unless the opponent 
is exceptionally motivated to recover the data. Physical destruction of 
a hard disk, through a complex procedure (involving high temperature and 
grinding to dust the whole hard disk with abrasives), is required by the 
Pentagon for hard disks used to store sensitive data.

There are several file and disk wiping programs available. I recommend 
two: BcWipe (available as freeware from Jetico Corp 
<http://www.jetico.sci.fi/>.) and PGP file and disk wipe, which is part 
of the PGP package (available from the manufacturer 
<http://www.pgp.com/> or the replay server 
<ftp://ftp.nl.monster.org/pub/crypto/pgp>). I use both, because neither 
of them does everything I need. You must use these programs 
intelligently, and be aware that they do not automatically provide 
privacy. In particular, you must be aware that sensitive information may 
be contained on several locations of a hard disk, in addition to a file. 
In particular, remember these locations:

    * temporary files created automatically by word processors and other
      programs
    * free disk space resulting from the automatic deletion of the above
      files
    * the swapfile
    * the file slack at the end of each file
    * the cache of web browsers

Disk encryption programs are especially useful, because they create 
encrypted partitions or encrypted virtual drives on a physical drive. 
You cannot encrypt your whole hard disk, because the operating system 
cannot boot or operate from such a disk (it could if it were designed to 
do so, but so far there has been no interest by the software industry, 
because of likely opposition by the authorities). Nonetheless, the use 
of an encrypted virtual disk is a considerable help toward privacy. The 
programs I have tested and found to work on Windows NT are Sentry 2020, 
Encryption 4 Masses (which is freeware), BestCrypt 
<http://www.jetico.sci.fi/> and PGPdisk <http://www.pgp.com/>. I use 
PGPdisk.

An interesting characteristic of disk encryption is that you don't have 
to worry about overwriting the data occupied by deleted files, because 
all the contents of an encrypted disk - including unused areas and 
unused directory entries - are encrypted. The pagefile is still a 
security concern, however, unless it is also stored on an encrypted disk.

Typing on a keyboard generates electromagnetic pulses which can be 
intercepted from a distance of several tens of metres and through 
building walls. The necessary equipment can fit in a suitcase (in other 
words, no particular need to park a large van right under your window). 
I would expect that a broadband generator of radio noise is an effective 
countermeasure, but I have no concrete information on this. Having a few 
computers close to each other and running simultaneously, as frequent in 
office environments, might also provide some protection (as long as they 
all use the same screen resolution and refresh frequency, see below).

Computer monitors emit electromagnetic radiation that can be intercepted 
and used to reconstruct the picture displayed on the screen. I don't 
know whether this applies to LCD screens as well, but would expect so. 
The equipment and possible countermeasure are similar to those described 
under the preceding point. The military and security agencies use 
so-called Tempest terminals, which are shielded against electromagnetic 
emissions (in case you wonder, a home-made Tempest shield for your 
computer is unlikely to be effective).

Special fonts, called Tempest fonts, have been developed for reducing 
the above problem. Instead of having sharp edges, they are "fuzzy" (in 
particular, their higher harmonics have been eliminated through a 
two-dimensional FFT transform), so that their potential for generating 
radio emissions is substantially reduced. From normal reading distance, 
these fonts are perfectly readable. Later versions of PGP provide the 
option of using a "secure reader" that employs this technology when 
decrypting text messages.

A related technology adds high-frequency harmonics to video signals in 
order to generate a display that looks normal but generates large 
amounts of radio signals. These signals can be used to transmit 
information (e.g., file contents or keystrokes) to a remote listener 
without the knowledge of the computer user.
=============

Bueno no se que tecnologia tendria a mano el cyberpolicia en cuestion, 
pero un simple formateo por lo que te mostre no es muy seguro, ademas 
fijate todas las otras posibilidades que existen para compromoter la 
seguridad de la informacion que hay en una pc. Yo me inclino para una 
instalacion de alta seguridad por un sistema de archivos 
criptograficamente seguro, el uso de monitores LCD llamadados Tempest 
terminals, con Tempest fonts, todo dentro de una jaula de Faraday para 
empezar, y la configuración de los archivos temporarios de todas las 
aplicaciones en ram o en particiones criptograficamente seguras aunque 
se pague con caida de performance.

>
> El policia, tipo joven y bien preparado, solo sonrió, saco unos 
> programas confeccionados
> especificamente para la institución y a modo de pelicula en camara lenta
> reprodujo todas las digitaciones de teclas que el atacante habia dado en
> las ultmas semanas. La evidencia fue abrumadora en su contra y suficiente
> para acusarlo de delito.
>
> Segun las palabras del detective:  TODO queda en el computador, sea 
> Linux o Windows y por largo tiempo.
> Solo hay que saber como armar los pedazos como un rompecabezas.
>
>
> Saludos
>
> ========
> Miguel Oyarzo
> INALAMBRICA
> Punta Arenas
> Chile
>
Guillermo O. Burastero
Bahia Blanca, Argentina.

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.289 / Virus Database: 265.4.6 - Release Date: 05/12/2004