Hackers. Bust. Prison. Oh, my!

Two female students have been sentenced each a year in prison for breaking into one of their professors’ system, assigning grades to nearly three-hundred students, and using professor’s personal information to send empty CDs and magazine subscriptions to the professor’s home. Interesting!

It reminded of a brief conversation I had with a then-friend and now colleague over breaking into public systems.

Colleague: “Don’t you break into systems?”
Me: “No. The most I do is attempt a thorough network reconaissance, and that’s it.”
Colleague: “Why not?”
Me: “Because I’m afraid.”
Colleague: “Why? Afraid of being caught?”
Me: “Yes!”
Colleague: “Haha. Nothing happens. No-one gets caught. I have been breaking into public systems in the past four years and I have yet to get caught.”
Me: “Lucky you! I don’t quite feel comfortable breaking into a system, knowing full well that I don’t completely and precisely know the ways to remove one’s tracks.”
Colleague: “:-)”

Often, the excitement and thrill gets the better of most wannabe hackers. It is not like they play ignorant to the fact that breaking into systems without consent is illegal and considered a crime. They are well aware of that. It is the frivolous attitude and irresponsibilty that acts as the Achilles heel for them.

Sure, if a system is left open and is as easy to break into as it is to steal a candy from a baby, it is a sure bet that once the system has been broken into, the administrator would either not notice the break-in, or would get alerted to it way too late, and even if so, would not have the required expertise to perform a proper forensics analysis of the incident or would not care enough to give it a second thought about it. In such cases, you get away with it with impuntiy. It is only a matter of time, though.

I agree: If you break into a system, cover your tracks, keep everything hush-hush and get out, there is a great likelihood the break-in will hardly get reported or noticed. But when you are too cocky to consider the consequences of your actions, and too eager to show-off your escapades to your peers, you are treading on thin ice. Wannabe hackers are prone to just those: cockiness and the desire to boast off their accomplishments to peers. And that is exactly why it gets all so dangerous. If you keep everything quiet, no-one will suspect a thing. Not any sooner any way. The moment you either make it blatantly obvious that a system has been shagged by explicitly posting mock comments just about everywhere in the system, or you disrupt normal functionality and operability of the system, you’re stepping on the sleeping lion’s tail. Even then, wannabe hackers get away with it. I attribute it to sheer luck and to the inability of the attacked system’s administartor to track what happened. Nevertheless, I never let a chance pass to advice friends against breaking into systems, or at most, not damaging the systems they break into. You never know when the ball will rebound and hit you in the back.

You can’t deny that almost 80% of network/system administrators are barely security conscious and vigilant. However, remember that, breaking into systems is still a crime punishable by law, and that it merely takes a single mistake, a vigilant system administrator, and a handful of attorneys to have men in suits knock at your door the next morning.

Disclaimer: Just because people consider me a hacker does not make me one. I am not a hacker, and I surely don’t break into systems that I can’t find a way into.

Packeted, again!

Argh! I got engaged in a senseless, heated argument with an asshole a couple of nights back. I seemed to have managed to piss him off pretty bad. Acting out of sheer anger, he flooded my puny dial-up communications line with garbage. The incoming garbage inundated the link, and after capturing data for an upwards of a quarter of an hour, I disconnected, and leased a new IP. Immediately, I foolishly taunted him again and found myself at the receiving end of his wrath once more. Having collected incoming data for another fifteen minutes, I logged off and went for dinner.

I did some initial manipulation on the collected data. During the time the IDS was busy detecting threats it marked as “possible DoS attempts”, the IDS saw anomalous traffic from almost about four-thousand unique IPs. I have some 500-KB worth of compressed packet headers and payload data to analyse, but I am not sure when I’ll be able to squeeze out some time to do it.

Unlike last time’s flood, this one was targetted at me with a clear-cut malicious motive. I bet that wimp had a good laugh or two that night. Sheesh!

listps: Detecting hidden processes.

listps detects hidden processes on *nix-based operating systems which support the /proc filesystem. It is important to clarify what is meant, here, by hidden processes. If a process, in any defined process state, on a system is hidden from view of the standard ps utility, it is, in effect, a hidden process.

listps detects hidden processes in an awfully simple way. It exploits several features of the /proc filesystem to its advantage to determine whether a process is hidden or not. The /proc filesystem maintains separate directories for each process existing in any of the defined process states. The name of these directories correspond with the process IDs (PIDs) of the corresponding processes. listps loops through the range 1 to 33000, inclusive, and for each number in that range, it tries to discern whether the /proc filesystem has a directory entry corresponding to that number. Having found an existing directory, listps descends into the directory and reads the name of the process from two files, “cmdline” and “stat”. At the end of the loop, listps lists down all the processes it found as having a directory entry in the /proc filesystem heirarchy, highlighting those that are hidden.

Nothing fancy!


I snapped, withholding my emotions, “Honey, I have done all the crying I had to. I am not going to shed a single tear.”

The letters on the small, luminous screen of the cellphone turned blurry. A tear rolled off the left eye. Then another. And another. With eyes glistening with tears, I pressed the send button, and pushed the cellphone into a dark corner of the desk.

Whoever said men are born emotionally strong and indifferent should be taken out and shot point-blank.

It is just not possible, I’m afraid …

It is nature’s way of saying, “I am sorry. I know you two love each like nothing, and that if you were to get together for the rest of your lives, you would lead a wonderful, beautiful life, loving and cherishing each other. But, I am afraid, it is just not possible.”

I don’t know why I so desperately wanted to say this.

Parking annoyances!

The office where I work is situated along the main Shahrah-e-Faisal road. This road is one of the longest running roads in Karachi, stretching the maximum distance. It connects the posh areas of Karachi together with the rest of city, including almost all of the three-, four- and five-star hotels. It also passes through most governmental institutions and government houses, as well as the airport. If you get to look at a route map for Karachi, you would find this road depicted as the skeleton of the city.

It is no wonder every time there is a high profile government entity landing at the Karachi International airport, the entire run of this road is cleared off in the name of security measures. It makes sense to tighten up the security, given the number of assaults on political leaders and the likes soaring in the city of late. But for the common man, these security measures amount to nothing but nuisance. Pure annoyance!

Shahrah-e-Faisal connects together countless offices. On a daily basis, it sees a rush of traffic comprising people going to work and coming back. If the arrival of a high profile entity is scheduled in the morning, then people find themselves reaching offices hours late. If the entity is coming during evening time, people get awfully late before they reach their homes. If you have ever driven a car in Karachi, you would know that one of the most annoying things to suffer from is to get stuck on road for hours at ends. Nothing beats that!
There is a service lane next to the building in which the office where I work is situated. People park their cars along that service lane. Yesterday, as I slowed down to manouevre a turn into the service lane, I noticed it was barricaded with thick metal pipes. A couple of law enforcement officials — calling them law enforcement officials leaves behind pretty impression, which is, actually, pretty far from the fact — were sitting besides the barricade. In hopes of finding a turn right ahead into the service lane, I moved along, only to realise that the entire service lane had been marked off limits. Reason? Some high profile entity was to pass through the side of the Shahrah-e-Faisal that is adjacent to the service lane. There is another service lane across from the office where I sometimes park. I decided to move there, but realised that there were turns to switch to other road. I had to drive another 30 minutes to get to that other service lane to park the car. I stepped into the office 30 minutes late.

Today, nearing the office, I to go straight past the first turn I usually take and head for the for the service lane where I parked yesterday. As I switched roads, I was shocked to find that service road blocked this time. I cursed under my breadth. I stepped on the axel and … after 30 minutes of fruitless, tiring hunting for a place to safely park the car, I found myself turning into the first service lane eventually to find a place to park the car RIGHT outside my office building. Sigh!