Manifesto from the "Mitnick Liberation Front"

The Manifesto
The Reality
The Sessions

The Manifesto

Greetings and Salutations from the Mitnick Liberation Front

It seems that once again, that slanty-eyed chink Tsutomu has made another dollar at the expense of a hacker, Kevin Mitnick.

In reality, Kevin Mitnick had no skills.

But we do.

Tsutomu's Kung-Foo is _still_ no good.

Maybe we should read his book to be "skilled" in the art of Unix security?



The Reality

The machine the oh-so-powerful-and-skilled "MLF" representative(?) broke in to was a "bait" machine (like the one Bill Cheswick referred to as "the jail" in his classic paper An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied).

This machine is part of our early-warning system: by leaving vulnerabilities of various levels, we can better judge the cluefullness (or lack thereof) of the attacker. This particular machine is behind two filtering routers to protect the rest of the world from it after it's been captured.

Note: Only bait machines use conventional passwords for external access. They are used by people who are not so concerned about security that they want to deal with having to use more secure password mechanisms. Most of the files on this machine are hardware write-protected.

Most intruders figure out quickly that there is nothing that anyone is trying to protect on these machines; this intruder seems to have been so caught up in self-aggrandizement that he totally missed this.

This set of sessions should dispel the frequent claim that system "crackers" are harmless and only want to look around, for their own edification. Had this been a commercial system, the losses would have been very significant.

The Sessions

* Early Warning System

Start: 1996 Feb 10 14:18:21
Total Run Time: 4:13

From raptor.lanl.gov to azazel.sdsc.edu.

Congratulations! You've just tripped level 1 of our anklebiter early-warning system by coming in from Los Alamos National Laboratory using a sniffed password belonging to Brosl Hasslacher.

** "this iz f0r kdm u fuq1n ch1nk"

Start: 1996 Feb 10 14:33:52
Total Run Time: 89:17

From raptor.lanl.gov to azazel.sdsc.edu.

The program won't compile - the flags to the C compiler are set for a different kind of machine. If he understood the script at all, he could have fixed this. Indeed, the options are for a years older version of the Sun workstation. The attacker tries many different ways to upload his cracking tools, but he never can figure out how to compile his C program. Eventually, he FTPs the binary from somewhere else.

Eventually, he manages to get root.

You scored 34 out of a possible 350 using 514 turns.

You are obviously a rank amatuer. Better luck next time.
To achieve the next higher rating, you need 2 more points.

Note: The window is resized in mid-session; some of the transcript looks weird after that.

* Thrash, thrash

Start: 1996 Feb 10 16:34:00
Total Run Time: 33:04

From raptor.lanl.gov to azazel.sdsc.edu.

He still can't figure out how to use tools that aren't already compiled. Thrashes a lot.

**** "Greetings and Salutations from the Mitnick Liberation Front"

Start: 1996 Feb 10 17:10:04
Total Run Time: 29:17

From raptor.lanl.gov to azazel.sdsc.edu.

All this work, and he still hasn't found a way into Tsutomu's real workstation. Frustration mounts. He seems to have a lot of difficulty typing words and composing sentences. He types in his carefully thought-out manifesto over and over again, never quite sure that he has it right.

Having finally completed the manifesto, he tries to send it to various mailing lists (firewalls, sun-managers, eff) and the major networks (NBC, CBS, FOX, CNN) anxious to prove to the world that he's hacked the bait machine and avenged his hero, Kevin Mitnick.

To make sure that everyone understand his great accomplishment, he also sends a listing of Tsutomu's directory, which must contain lots of private, important, and confidential information.

It does indeed have files of great significance and value, such as:

the xmodem manual page and program
a several-year-old public-domain PPP implementation
the Free Software Foundation's GNU news reader
a copy of the publically-available security tool COPS.

He clearly hasn't figured out that this is a bait machine that Tsutomu doesn't really use. Will he ever?

Having fallen for the trap, delivered his manifesto, and inflated his ego, he turns destructive, just as the infamous Berferd did, and issues the same command as his well-studied predecessor:

	rm -rf /* &

Just to make sure the job is done well, he then goes into a frenzied spate of destruction, issuing a host of "rm" commands. Finally, he attempts to deny us use of our own hardware by changing the password that must be given when the machine is turned on to "ch1nkb0y" and halting the machine.

Another "harmless" system cracker, eh?


Copyright © 1995 Vicious Fishes Web Design and Dan Meriwether. All rights reserved.
Contact: webmaster@takedown.com