Why are the programmers (if I may call them that) who write attack tools so incredibly, mind-numbingly, jaw-droppingly stupid? It must be some sort of inherent deficiency in the mental functioning of the sort of miscreants who feel compelled to create tools whose sole purpose is to attack other people's computers. I mean, if they are going to bother doing it at all, why the hell don't they do it right?

Here are three things that are utterly brain-dead about today's attack tools as used by today's script kiddies.

Too much logging
For some reason every time some script kiddie installs a packet sniffer on a box they've rooted they feel this need to have it log absolutely every packet that carries a username/password combo. They end up with a master list of usernames and passwords for the box they've cracked. Unfortunately for them, the sysadmin of the box also ends up with the master list of every account that the stupid script-kiddie has compromised. Now guess which accounts the sysadmin is going to change the password on?

A much better strategy for the clueless cracker would be to log only some of the compromised data. Maybe if they'd say this-

   if(!(++cracked_account_count % 5))
       mail_bad_guy_the_goods(user, passwd);
   else
       log_it_just_to_fuck_with_the_sysadmin(user, passwd);
      
they'd actually be able to do something interesting with the hijacked accounts.

Trojan Binaries
Ok, just who is the absolute Einstein who came up with this gem? Just about the first thing that any sysadmin does upon bringing up a new system is run Tripwire (or one of its many proprietary competitors). After that, Trojan attacks are not only not useful, they're actually detrimental to the luser's efforts. As soon as the modified binaries are detected, the box enters a period of intense scrutiny as the now pissed-off administrator goes filesystem spelunking looking for other signs of damage.

The better strategy here is to modify the .profile of most of the stolen logins to do something nefarious with some brand-new software (which won't trip most file integrity software) installed by the cracker. Don't worry though, the black hats appear to be too stupid to figure this out.

Resource hogs
Attention K-Mart crackers, repeat after me: "If my program hogs all of the disk space, if it gobbles all of the cpu time, if it overflows memory or swamps a network interface it will be noticed and removed. After it is removed, it will no longer run. Software that doesn't run, isn't useful."

Just think about how Mother Nature does it--the most successful parasites don't kill their hosts, they just make them a little less healthy.

From my understanding, this comes down one thing basically - most of the script kiddies arsenal starting life originally as something else. Most of the time as something that actually had a legitimate use as a defence or analysis tool eg Packet Sniffer.

And if it's not the original product that they're using then it has most likely hacked up by somebody who doesn't really have any idea what they're doing and consequently ends up screwing the nice piece of software that someone else spent a lot of time on.

On the other hand, do you really want script kiddies to have access to real software used for this purpose? Of course not! But what they've got makes them feel special, but keeps them from causing any real trouble.

Log in or registerto write something here or to contact authors.