That time when I caught a 'hacker' breaking into a Linux box at the Law Library
Sometime in early ‘94 at the Law Library, we had an ( then ) experimental Linux box. It was a Dell PC with an early version of Slackware installed. It was in the office, and I was just sitting there playing around. At the time, I was still learning UNIX commands. So I was playing with the infamous finger command. And then I noticed someone logged in that was NOT authorized.
Now, I say I “caught” a “hacker”. But back then, Slackware had some pretty dumb ass security holes that were actually pretty well documented. And, at the time, I was unaware of those holes, nor had the person who built the server plugged them.
But, I was familiar with Kevin Mitnick and had read Knighmare’s book on the secrets of a super hacker ( anyone on the internet knew about those back then - it was just the way it is ). And I knew that social engineering was the way to beat them. So, using the talk command, I struck up a conversation. He was pretty forthcoming about how he got in, and even who he was. I also had the foresight to save the output of a who -u so I had the IP address he logged in from. I printed out that output, plus the chat logs from the talk program, and not really knowing what to do, I gave them to my boss.
Needless to say, a pretty ugly shitstorm followed. I had to have a meeting with the dean, and the head of IT, and some people from security, and try to explain what just happened. Hell, I barely understood it myself at the time. The "hacker" almost got kicked out of school, but he was close to graduation, so they just let him graduate, and cut off all his access to campus computers - I guess he wouldn’t need them to graduate? Don’t really know what ever became of him. I actually felt kind of bad at the time, as I had no idea what to do, or what would happen. But, I say that, but I’m not sure I’d do anything differently today. But then, I work on systems with much higher-stakes now.
Of course, now, I completely understand what was going on and why, it was as dumb as it was. Heck, I’ve had some fun adventures breaking into a few Linux boxes myself over the years. All legally. Once even for the FBI - but that’s a story for another time.
The dumb ass security hole, you may be wondering about. There was a default account, UID=666, username is satan, and there was NO FRAKKING PASSWORD on the account! How buggered up was that? But those early Linux distros were weird like that. Just imagine if someone shipped an OS today with an account with NO password set!