"The Dutch Hacker Video"

From Anarchivism
Jump to: navigation, search
"The Dutch Hacker Video"
Hackvid.png
"The Dutch Hacker Video" Screenshot
Format Video (VHS?)
Genre Documentary
Origin USA
Language English
Release Date 1 September 1994
Running Time ?? min
Production
Created by Emmanuel Goldstein
Directed by Emmanuel Goldstein
Produced by Emmanuel Goldstein
Written by Emmanuel Goldstein
Screenplay by NA
Distributed by Emmanuel Goldstein
Narrated by NA
Starring Emmanuel Goldstein
Music by NA
Cinematography by Emmanuel Goldstein
Edited by Emmanuel Goldstein
Production Company NA
Location(s) ??
Original Channel NA
Additional Information
Based on NA
Topics Technology, Computers, Hacking
Follows NA
Precedes NA
Associated Video NA
Website NA

The Dutch Hacker Video is a video recording produced by the 2600 Magazine which shows a complete hack of a United States military computer performed by an anonymous Dutch hacker sometime in the late July, 1991. As described by the film's author, Emmanuel Goldstein, the goal of showing this information to the public was to expose shameful security in military computers and to force their owners to do something about it.

Synopsis

The target for the attack was a Xenix machine on the domain tracer.army.mil. The machine had an open telnet port, so the hacker tried several default Unix credentials to get in. Unfortunately this attack vector was not successful.

Next the hacker tried a now classic FTP privilege escalation exploit which allows him to read and write to arbitrary files on the machine as root. For details of the vulnerability check out Improving the Security of Your Site by Breaking Into it by Dan Farmer and Wietse Venema or CA-1988-01 Cert advisory.

At this point all that is left to do is to upload a modified passwd file containing a known user with a blank password and telnet in as that user to gain shell. A nice login banner is displayed warning remote users not to process classified information over this insecure terminal.

With a shell access to the machine, the hacker elevates his privileges on the system to root and starts pillaging machine's contents. At one point the hacker is looking at an email discussing THREATCON Alpha condition and possibility of hostilities in the Persian Gulf. At last the attacker runs a password cracker and finds plenty of easy to guess passwords.

The video was originally recorded to expose security weaknesses in highly sensitive computers of its time. However, this film offers an even more interesting lesson to today's audience about the relevance of exploitation techniques used in the film to modern day systems. Unpatched software and reliance on easy to guess passwords continue to be commonly exploited weaknesses even twenty years later.

Downloads

Film User Format Link Notes
"The Dutch Hacker Video" (1991) NA [ Archive.org]
"The Dutch Hacker Video" (1991) NA DivX thesprawl.org

References

External Links