0 comments Thursday, February 24, 2011

Yeah! You read it right. Someone is trying to hack me!

While you'll be reading it as "HACK me", I'm still thinking "hack ME".

----------------------------
Dear Attacker,
I don't have anything interesting enough for you to break into my machine and steal it.

a) I don't have anything related to national security on my laptop which you can make use of
b) I'm not a billionaire that you can scoop off something, rather people know I'm as broke as any other average guy :)
c) Info about my clients & future plans goes somewhere else & no traces of that will be found on my laptop/phone/home network

----------------------------

Although I used to get gmail password reset request atleast twice a week, but this is a real good one & the attacker deserves a round of applause for it. The amount of time & knowledge he has put in here, I can offer him a very lucrative job with handsome salary (are you listening Mr AV?, we got a candidate). And with this much dedication he can break into corporate or even more secure networks.

For the knowledge & food for thought of my readers, this is how it all looks like.
As far as I know/understand, this started in the beginning of Feb 2011. My personal laptop has enough protective layers (antivirus, patches, firewall, blah blah) and as anybody would guess I keep it more up-to-date compared to many people out there.

So the attack (when I detected) was done using Metasploit, a wonderful attack/security testing framework by @hdmoore and the attacker caught me on CVE-2010-0840 which is a Java runtime vulnerability allowing remote code execution. It was sent to me via some malicious web page which I might have stumbled somehow. (I'm pretty much into exploring lot of garbage online). I know my JRE was 2 subversions older which made this attack possible.

I felt something fishy when on my home broadband (not a shared LAN) I started getting
SSL errors. Thanks to stubbornness of Google Chrome, it didn't allowed me to ignore it & made me think twice. When scanned my RAM, I found "meterpreter" running in my explorer.exe (pretty neat dude). This was the time when I knew someone is deliberately trying to get into my machine & it can't be a work of a malware.

Damn you attacker, you forced me to change 83 passwords in total.

Moving ahead I started keeping a (more) vigil eye on my machine for the attack to re-occur, I also created a honeypot with a lot of legitimate looking traffic to lure him. But seems like the attacker understood that I have found his meterpreter trick & have killed the session once. So now his attack strategy changed and looking at the strategy used further, I'm not sure if it is work of a single guy or bunch of them together or even individually. If it's by a single guy, I seriously have a good job for him waiting.

This time the attacker seems to have got access to the firmware of my home router or wifi access point (I'm still to investigate my firmware). I started getting SSL warnings even on my phone when connected to wifi at home but not on my GPRS. Now this can't be done with access to my machine only, for this the attacker needs access to the network infrastructure. More interestingly the SSL warnings are only for some specific sites (gmail/twitter/facebook).

The attacker presented me a fake SSL certificate for api.twitter.com and this is what he did wrong. He created a fake certificate with validity of 10 years. In no good senses , twitter will buy a certificate from verisign (twitter actually uses equifax) for 10 years in one go. This fake certificate was encountered on my phone, when I rechecked actual certificate of api.twitter.com (this time using my USB internet dongle) it is issued by equifax and for one year only. See images below & click them for enlarged view.


There are few more screenshots & reverse trace reports but I'm not posting online for legal reasons. I'd need them to be produced as evidence.

I've spent enough time on this attack, reported it to appropriate authority & want to keep my hunt on to find my well wisher. The only problem is I have a life to live & a lot of work to do, which seems like the attacker doesn't have.

----------------------------
So dear attacker,
Go and get a life, you won't find anything more juicy on my machine/phone/network. If you wanted to prove it to the world that you can "Hack Rohit", I think I have done your work easy with this blog post.

----------------------------

An open letter to all my friends, family & followers,

If you receive some garbage mail or tweet from my side (@rohit11, @_rohit11, @clubhack) be assured that it wasn't me. You can still expect garbage videos shared on my facebook wall & you know that I keep sharing those stupid videos there :)


Wish me good luck & good life to the attacker(s)

PS - If this can happen to me, this can happen to you too. I'd again request you all to be little more careful online. As in "brand new days" song, STING said "It could happen to you - just like it happened to me. There's simply no immunity - there's no guarantee"


PS - I have used "he", "his", "him" to address the attacker but I'm not being gender biased. I don't think I have a "my super ex-girlfriend" kind of ex who would take so much of pain to attack me. Having said that, I'm still not under estimating the skills of female attackers.


PS - I used word "hack" cause that's what 90% of this world understand :)

3 comments Saturday, February 19, 2011

I remember in good old days when I was in school & I heard this music band called "Misty Rhythms".
The album was called as "Aye Laila" & had one song with a music video which got somewhat popular due to fresh born MTV in India those days. (Can anyone point me to the actual music video of that song?)




I had the "cassette" of this album but slowly with death of tapes, I lost this album. I searched online many times to buy a CD/DVD version but never got one till date.

Finally today I searched again and found that someone has uploaded the mp3s on rapidshare. I know its a crime to listen to this MP3 version but I'm ready to pay (double or more) if anyone can get me the legitimate CD/DVD


I found the songs & my day is made.

Now you must be thinking what's SO great about this album which has this crazy song & why does it deserves a blog post. So let me tell you this is one of the finest music I have loved. If possible go ahead and listen to other songs of this album. "Aye Laila" is the only one which is funky, rest all are so melodious & wonderfully written that I'm sure many of you would love it.

Its a wonderful fusion of Classical + Reggae + African + God knows what. Its really a hypnotic music album. I'm not a music expert or have sat for any session of music appreciation but still this whole album is very close to my heart.

# Songs like "Big Blue Eyes", "Far far away", "Cuckoo" & "Voice from Stone" has magical lyrics.
# Songs like "Dancing raindrops" & "Dance of Shiva" have the wonderful Indian classical music touch
# Song "Hand in Hand" always reminds me of Bombay theme music


That's not all, there are interesting facts about the band members

Ramana Gogula - Was MD of Sybase India & Co-founder of Liqwid Krystal, an IT startup in bangalore. Then moved to South Indian film industry as music director

Kush Khanna - is a BS graduate and CEO of Bazaar of India Imports, the largest importer of ayurvedic product and musical instruments into the USA.

Ramana Gogula and Kush Khanna, both were based in the US and had formed a musical collaboration and named their band as Misty Rhythms

Sources - http://www.expressindia.com/ie/daily/19980626/17750734.html


Before I end this post, another song @ youtube which you can enjoy




Ramana, Kush
Wherever you are, my best wishes to you & would love to get more of such music.