Posted Monday 16th February 2009 19:11 GMT
One would hope that the New Most Powerful Man In The World (TM) would be smart enough to not click on links in emails.
And the previous model presumably had trouble opening (or, indeed saving) emails, so not such a big issue there.
Posted Monday 16th February 2009 19:11 GMT
Did anyone not know it was possible to hack the messiah's CRACKberry?
Posted Monday 16th February 2009 19:11 GMT
@ "Once the address was obtained, perhaps after breaking into the PCs of Mitnick's confidants, a targeted email could be sent to Obama. This email would direct Obama to a website hosting exploit code, the scenario suggests."
Hardy hi-tech now is it? Sounds like a typical targeted spam hack attack and relies on luck as opposed to any technical genius. Is this the best that the infamous Mitnick could come up with?
/Me thinks the social engineering master has seen better days.
Posted Monday 16th February 2009 21:10 GMT
According to what I read elsewhere, his CrackBerry is in retirement as he is using a Sectera Edge - $3500US each.
Posted Monday 16th February 2009 21:16 GMT
Does anyone really believe it's not already been hacked by China, Russia or one of the US's major allies? They'd all be crazy not to be trying.
Posted Monday 16th February 2009 21:16 GMT
"Of course, the greater risk of attack against such a prime intelligence target comes from a well-resourced foreign intelligence agency rather than a common-or-garden computer hacker."
More likely his own spooks moonlighting for the previous bunch of <put your own expletive here>!
Posted Monday 16th February 2009 21:22 GMT
I expect that the email address is suitably obfuscated and known only to the people who forward the emails from the public address. The blackberry is likely to be one of a handful which are identical and moved around so anyone tracking the devices would have trouble working out which one is the right one and I would also expect that RIM have made some special allowances in terms of hardware and software as requested by the secret service. At the very least the web browsing will use the BES to ensure it goes through the same malware controls as the whitehouse internet access.
It isn't going to be an off the shelf BB like you or I have.
Posted Monday 16th February 2009 21:22 GMT
OK, as far as cunning approach'es go this is very much so old that it was current even when Mitnick hadn't even heard of prison soap.
First of you could do a elimination scan, ie rule out all other cell's by a process of elimination. Then you could home in on the cells signal, and from there work on breaking the encyption, or just force it to login to a spoofed cell. But thats if you have the time/resources to actiuon such a plan.
Personaly if I was doing a design for a president I'd have the GSM parts located elsewere with proprietry band hopping wireless from there to the handset for a start.
I'd then have everything inhouse, but lets face it - cellphones tend to need basestations which need providers, oh wait if we ran our own then we could negate all aspects of it.
Also if any browing it would be only approved (pre-vetted) sites and then you would be daft not to have a human controlled proxy in the middle, hell he's the president could employ 100 peeps to vet every page he wants to see in almost realtime :).
I'd also have some funky cpu that had say ew a encrypted instruction set which means only code encypted for that chip would actual run on it, avoiding any injection issues and taking signed code that step further.
But what would you actualy want to get at, well in all honestly it would be the emails themselfs, lets face it that would be it. Now how would you do that remotely, well you could do many things but lets keep it simple, why not use the laws of the land to actualy get a copy of said emails, perish the thought.
Posted Monday 16th February 2009 21:25 GMT
I'd say Mitnick is right on this count. Given the Sectera is apparently a dual-PDA, one with an unknown (but I'm sure quite secure) OS, and the other Windows Mobile... I would guess any old (well, new at least) Windows Mobile attack could affect the Sectera. But... 1) I'd assume given the concerns the Sectera omit GPS hardware, so "they" would be unable to track it even if "they" got GPS tracking software on it. 2) The photos I've seen, the secure side apparently even has a seperate little LCD display, I'd guess the WinMo and secure PDAs are electrically seperate, so any amount of screen grabs, "key" logs, etc would not show a thing from the secure side. 3) As Mitnick says, the heat would be too intense. Anyone would be a moron to even try it.
Posted Monday 16th February 2009 23:52 GMT
""The government would go after them full force," Mitnick said."
Eh, we've been hunting bin Laden "full force" for how long now?
Posted Monday 16th February 2009 23:52 GMT
All that has to happen is one of his friends or close associates get a virus or some other harvesting malware, and the rest is history.
Paris, history.
Posted Monday 16th February 2009 23:52 GMT
It's possible that they want to see if this can in fact be accomplished. I also agree with Kevin. See a common "hacker" would obviously not have the resources available to pull off this task.
It would take one of the following methods to really achieve something of this magnitude and the hard working folks over in Ft. Meade agree.
First, it would require a huge source/pool of cash and equipment. Simply disabling the Web browser on the RIM device is not going to "secure" the equipment. Disabling the bluetooth device, wifi, etc.. isn't going to secure the phone.
Physical access to the device with a JTAG cable and a notebook would be needed. Clone the image on the eeprom. Clone the SIM card.
Another option would be to break into the secure server at RIM where the updates are pushed out (I'm pretty sure they have a special server for his device) so not likely. However, if one were cunning enough or had inside assistance they could push out a rouge image, module or a java app that would run in the background. Something similar to a rootkit. If the firmware on the device was reversed and updated remotely the attacker could easily change the address of the remote host that the phone communicates with for updates thus allowing complete control over anything running on the device at the application layer.
Who would want to do this anyway? The guy is awesome and loved by more than many. Not all of us agree with everything he done so far, but he has been the most transparent U.S. President we have ever had. He smokes a cigarette every once and while, drinks coffee, loves to chat with average people, loves technology, promotes new ideas, loves innovation, civil liberties for everyone not just one race or two or his. He believes in equality and wants a better America and a better world. If you hack Barack your pissing on a better world. The guy is amazing and it's because of him that we are moving in a direction which makes us more competitive to the Chinese and the Russians. There are other more important things on the table then discussing vulnerable blackberry devices. Everyday we have thousands of attacks on our defense networks from foreign "entities". We need to be more focused on protecting our defenses, commercial, ideas, creativity, technology and most of all our economy.
Do yourself a favor and hack your mind into the right way of thinking. Get into college, get a job and raise a family. There is a much better reward in seeing your face on the news with hacker next to it and something you used those 1337 skills for to help people or make a difference in the world, technology or even humanity.
Real hackers get themselves into school and find jobs. You wan't a tough challenge break into life. Trust me it's a bitch and it's the greatest challenge you will ever face.
Good article though.
Posted Monday 16th February 2009 23:52 GMT
My title says how convinced I am of this. Despite the fact that the NSA will have done the locking down of the crackberry, they will be treating it as an unsecure device. No national security stuff will be going through it and as pointed out, GPS is disabled - so there would be nothing to gain (other than embarassment).
Not to mention that the company I work for which has only a fraction of the securiy requirements has web disabled - entirely for this reason.
Pfff again is all I can say
Posted Tuesday 17th February 2009 01:13 GMT
I've yet to see an exploit of that kind for the BlackBerry, especially as the BB has JavaScript *disabled* by default.
Anyway, as some of the others have pointed out (and the article's author as well), Obama may not be using his BB at all, but the Sectera Edge. I just hope it isn't the Windows version he's using. Oh man, a Windows box with SIPRNet access is a worse thing than having Obama use a Blackberry...
Posted Tuesday 17th February 2009 01:13 GMT
Leaving aside whether or not el Prez is using a Blackberry or not, come on then, Mitnick, where is the proof of a properly-secured Blackberry being compromised?
::crickets::
(It might happen one day, but it hasn't happened yet... and sure, anything is possible. Duh.)
Posted Tuesday 17th February 2009 01:13 GMT
Then what? It's not like Mr. O is going to have an outgoing email saying, "OK, General, you have my approval. Nukes for Pyongyang, and make it snappy!"
Probably the worst thing you could manage would be to publish his suit measurements and embaras^H^H^H^H^H^H^Hembarrass the White house.
Posted Tuesday 17th February 2009 05:08 GMT
"web disabled"
That will interfere with Obama's little-known hobby of posting as SexyDude976543210.2 on internet forums. Don't ask me how I know ;)
Posted Tuesday 17th February 2009 05:08 GMT
I did not pick the title so don't blame me!
Second, I told this reporter numerous times that I don't believe Obama uses his Blackberry device for any classified communications-- that should be a no brainer, right?
I did, however, share some attack scenarios that are feasible. One example below I used to surveill the FBI when playing the fugitive game-- which would likely work today.
Objective: Identify Obama's current cellular phone number (SIMPLE)
1. Compromise his past provider (he's likely to be using the same one).
2. Obtain past (3 months) billing records (call detail records)
3. Compromise (current) provider and perform terminating number searches for any mobile device that has dialed or received calls from the same numbers on Obama's past billing records.
4. Maintain a list of suspect devices (mobile handsets) for further analysis
5. Analyze each suspect device's call detail records looking for a similar pattern of call traffic (incoming /outgoing)
6. Narrow the list of devices down to similar call patterns
7. Pull the subscriber data (billing name, address, contact #, device info (IMEI, SIM info) or (ESN if CDMA provider)
8. Use mobile operator's intelligent network to find where the device is registered (in real time)... Is Obama near that location?
Once Obama's cellular number is identified the attacker can acquire his text messages by compromising the smsc (orable db) at the provider, determine his location via cell tower registrations, and his capture call traffic ( via real time CDR).
Objective: Obtain Obama's email address. (SIMPLE)
1. Identify Obama's close circle of friends and family.
2. Compromise these target systems (phishing, wifi, etc) and install a trojan
3. Steal authentication credentials stored on target system or via keylogger (web based email)
4. Watch email communications.. eventually the attacker may hit pay dirt.
As far as compromising his BB device, I said it would be difficult but not impossible depending on whether he uses BB's browser. The possible attack scenario I explained to the reporter was:
1. Identify vulnerability in BB's browser that allows execution of arbitrary code.
2. After compromising his provider, identify what sites Obama visits on his BB (this can be logged by an attacker in the providers intelligent network.)
3. Identify the sites visited that are not so popular (minimize the potential victims) and compromise these targets.
4. Plant exploit code to execute payload-- whatever that is...
5. Wait... and see what happens.
I brought up some others but the article omitted most of what I discussed... go figure...
Anyway, Happy Friday the 13th...
Kevin
Posted Tuesday 17th February 2009 09:29 GMT
Wow, that brought a tear to my eye. You need to get this into wider circulation. You could really make a difference. You really are a ray of hope to us europeans, who just thought the americans liked spending money on lawyers to find out who owns a fart.
Posted Tuesday 17th February 2009 10:38 GMT
I will leave it to Kevin Mitnick to try this one out first. Let's see if that get's him as far as it did with the bell companies. Uber Hacker?? Giving a little to0 much credit to someone that spent years in prison for getting caught not even hacking.
Anyway, As the President's blackberry is only allowed to dial certain numbers and recieve calls from certain people. Do you really think that President Obama and the secret service is going to allow for viagra adds and spam to show up on his blackberry??? Come on!!
I have more chance of Kevin Hacking socially engineering my shorts than Obama does of receiving spam.
Ridiculous!!!
Posted Tuesday 17th February 2009 10:38 GMT
....at least he is a "hacker" "smart" enough to go after the weakest link. Isn't this how he succeeded the "first" "time"?
And that's to find the dumbest person allowed to email Obama and exploit them. Now I wonder if the NSA or *whomever* allowed those few people to stick with their gmail/hotmail/whatever accounts?
Posted Tuesday 17th February 2009 10:39 GMT
in a statement from barrack obama i quote word for word
"dont hack me bro dont hack me"
Posted Tuesday 17th February 2009 14:18 GMT
This whole "location awareness" thing is being overblown.
For one thing, the President of the United States works from home, so chances are most times you'll find him at 1600 Pennsylvania Ave. As an American, I'd be upset if you took a crack at that house, but hey, that's where the man lives. It's public record.
Furthermore, just because he uses a BlackBerry doesn't mean the service has to initially run through RIM servers. I'm sure there's a nice dedicated box at a certain compound in Virginia whose sole existence in life is to happily NAT the *real* device.
Hopefully the No Such guys have a sense of humor, and leave some of the dummy-but-actively-broacasting gadgets in fun places like Yemen, Euro Disney, or a variety of "burlesque" establishments operating conveniently near the aforementioned domicile.
I could just see the hacker's face when he thinks he's found the Prez based on his IP, and it turns out to be someplace, as Messrs. Chapman, Jones, Idle, et have said, "completely different"...
Posted Tuesday 17th February 2009 16:07 GMT
president@whitehouse.gov
but i really need paris's
Posted Tuesday 17th February 2009 16:32 GMT
the only part of the article i would disagree with would be the title "elite hacker" bestowed on mitnick for two reasons:
1) mitnick was more of a elite social engineer than cracker (hacker)
and
B) how elite was he considering he was caught....
Posted Tuesday 17th February 2009 22:09 GMT
Going after a hardened target like this is way beyond the resources of some dweebie hacking Sarah Palin's Yahoo account. We are talking nation state level resources here.
There are numerous ways to go about this from a technical security standpoint. I won't even speculate on all the ways it could be done.
Here is the rub...
Would BHO even know his BB had been compromised? If a nation state is ballsy enough to go after this target, they sure are not going to publicize it. They will leech information and not tell anyone. Heck, if there was ever a crisis (think of the confusion in the first hours of 9/11), they could even use the compromised BB to insert *misinformation*. VERY scary!
I personally think it is irresponsible for BHO to continue using consumer grade communications. He has the best communication technology available to him and he needs to set down his BB until 1/20/13.
Posted Wednesday 18th February 2009 17:00 GMT
@3rd Anonymous Coward, "/Me thinks the social engineering master has seen better days."
Mitnick was never as great as he wanted the world to believe. This quote is just another example of his social engineering skills covering limted technical expertise.
Why does he assume that Obama's Blackberry has no effective ACL protecting it? why does he assume that the image is not digitally signed with various hashes and reviewed frequently? Why does he assume that there are no content filters implemented on the connections it uses?
Try turning it around. Assume the guys protecting it are at least as good as you are, Kev. They may have thought of every attack you have, and taken countermeasures. They may even have thought of stuff you haven't, and forestalled that as well.
@Marty McFly, would BHO know if he was compromised? Yes, you can consider it a safe assumption that there are ways to detect a compromise. Many of us could invent one, so we should not expect anything less from the resources devoted to protecting the President of the most powerful nation-state in today's world, should we?
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
