"The Dutch Hacker Video"
"The Dutch Hacker Video" Screenshot | |
Format | Video (VHS?) |
---|---|
Genre | Documentary |
Origin | USA |
Language | English |
Release Date | 1 September 1994 |
Running Time | ?? min |
Production | |
Created by | Emmanuel Goldstein |
Directed by | Emmanuel Goldstein |
Produced by | Emmanuel Goldstein |
Written by | Emmanuel Goldstein |
Screenplay by | NA |
Distributed by | Emmanuel Goldstein |
Narrated by | NA |
Starring | Emmanuel Goldstein |
Music by | NA |
Cinematography by | Emmanuel Goldstein |
Edited by | Emmanuel Goldstein |
Production Company | NA |
Location(s) | ?? |
Original Channel | NA |
Additional Information | |
Based on | NA |
Topics | Technology, Computers, Hacking |
Follows | NA |
Precedes | NA |
Associated Video | NA |
Website | NA |
The Dutch Hacker Video is a video recording produced by the 2600 Magazine which shows a complete hack of a United States military computer performed by an anonymous Dutch hacker sometime in the late July, 1991. As described by the film's author, Emmanuel Goldstein, the goal of showing this information to the public was to expose shameful security in military computers and to force their owners to do something about it.
Synopsis
The target for the attack was a Xenix machine on the domain tracer.army.mil. The machine had an open telnet port, so the hacker tried several default Unix credentials to get in. Unfortunately this attack vector was not successful.
Next the hacker tried a now classic FTP privilege escalation exploit which allows him to read and write to arbitrary files on the machine as root. For details of the vulnerability check out Improving the Security of Your Site by Breaking Into it by Dan Farmer and Wietse Venema or CA-1988-01 Cert advisory.
At this point all that is left to do is to upload a modified passwd file containing a known user with a blank password and telnet in as that user to gain shell. A nice login banner is displayed warning remote users not to process classified information over this insecure terminal.
With a shell access to the machine, the hacker elevates his privileges on the system to root and starts pillaging machine's contents. At one point the hacker is looking at an email discussing THREATCON Alpha condition and possibility of hostilities in the Persian Gulf. At last the attacker runs a password cracker and finds plenty of easy to guess passwords.
The video was originally recorded to expose security weaknesses in highly sensitive computers of its time. However, this film offers an even more interesting lesson to today's audience about the relevance of exploitation techniques used in the film to modern day systems. Unpatched software and reliance on easy to guess passwords continue to be commonly exploited weaknesses even twenty years later.
Downloads
Film | User | Format | Link | Notes |
---|---|---|---|---|
"The Dutch Hacker Video" (1991) | NA | [ Archive.org] | ||
"The Dutch Hacker Video" (1991) | NA | DivX | thesprawl.org |