3. Remember the 80’s ?
1980
John Lennon shot
Pac-Man
Super Trouper
Empire Strikes
Back
4. Remember the 80’s ?
1980 1981
John Lennon shot JR Ewing shot
Pac-Man Rubik's Cube
Super Trouper Super Freak
Empire Strikes Raiders Lost Ark
Back
5. Remember the 80’s ?
1980 1981 1982
John Lennon shot JR Ewing shot Reagan shot
Pac-Man Rubik's Cube Trivial Pursuit
Super Trouper Super Freak Don’t You Want
Me
Empire Strikes Raiders Lost Ark
Back Tootsie
6. Remember the 80’s ?
1980 1981 1982 1983
John Lennon shot JR Ewing shot Reagan shot My knees shot
Pac-Man Rubik's Cube Trivial Pursuit Cabbage Patch
Kids
Super Trouper Super Freak Don’t You Want
Me Thriller
Empire Strikes Raiders Lost Ark
Back Tootsie War Games
7.
8. Spark That Lit The Fire
Sales of modems
increased by a factor
of 500 within 3
Public
months of the release
of the film “War
Games”
Private
10. Super Phreaky – Yoaw!
Phreak = "phone" + "freak".
"Phreak", "phreaker“= names for people
who participate in phreaking
Phreaking = studying, experimenting with,
or exploring telecoms systems,
equipment or systems connected to
telephone networks. Linked to hacking
when networks went computerised.
Now called the H/P culture
(Hacking and Phreaking).
11. War Dialer Process
1. Obtain exchanges
2. Configure & run dialer
3. Analyse carriers & identify
devices
4. Connect to carriers identified
5. Brute force if prompted
6. Access granted
12. Functions of a Modem
• Dial-Out access – allows
someone to subvert the
firewall to get out
• Dial-In access – allows
remote access to an internal
system via the PBX
13. Dial-Out Access
Desktop devices, faxes, scanners, PCs
Primarily user internet-related activity
Use of unauthorised modems to circumvent firewall
rules - access blocked internet material
Risk exposure is user-dependent and localised
Think data leakage
Risk commensurate with access privileges
Most organisations do not have a requirement for it
14. Dial-Out Risks
Firewall
Unauthorised
Material Your Organisation
Network
Trojan Horses & Configuration
Server
Modem
Viruses Workstation
Business
Data
Databases
Information
Server
Leakage
15. Dial-In Access
Business systems – servers - not PC-based
Think 3rd party managed devices
Increased likelihood business-critical system
Permits targeted rather than opportunistic attack
Time to map & exploit the system
System can remain compromised after the hacker
disconnects
Likely to be untraceable
Most organisations have at least some requirement
for dial-in access
16. Your View
1. Bandwidth Manager
2. Exterior Router
3. Bastion Host (Firewall)
4. Interior Router
5. Network Switch
6. Application Servers
7. Network Storage
8. PBX
9. Voicemail
10. Modem Bank
11. RAS Server
12. Authentication Server
13. UPS
14. Air Conditioning
15. Building Access Control System
17. Phreaker’s View
1. Bandwidth Manager
2. Exterior Router
3. Bastion Host (Firewall)
4. Interior Router
5. Network Switch
6. Application Servers
7. Network Storage
8. PBX
9. Voicemail
10. Modem Bank
11. RAS Server
12. Authentication Server
13. UPS
14. Air Conditioning
15. Building Access Control System
18. Scale of Dial-In Threat
Large organisations: 1.5% – 2.5% of all
telephone extensions provide dial-in access
(up to 25 extensions per 1000 )
Small organisations: 2% - 3% of telephone
extensions provide dial-in connectivity (up
to 15 extensions per 500)
19. Prevailing Opinion…
"...most large companies are more vulnerable
through poorly inventoried modem lines than via
firewall-protected Internet gateways"
Hacking Exposed: Network Security Secrets and Solutions. McClure,
Scambray & Kurtz. Osborne,2008
“While remote access is not the only route that
hackers use to attack networks, they often cite it as
the easiest route in”
Information Security Breaches Survey 2010: Remote Access.
UK Department of Trade & Industry
20. And yet….
DTI’s Information Security Breaches Survey
cited it in 2004 by stating that …
• Less than 2% surveyed checked for unauthorised modem
access
…but not since
21. Managing Dial-Out Risk
Non-PC based:
• Configure dial-out under application control
• Modem configured for “dial-out” only
PC-based:
• PBX monitoring – outbound call logging (restricted to
DDI line logging)
• Host-based solutions – anti-virus / host monitoring /
configuration lockdown
General:
• Effective policy – user education, policing &
enforcement
24. Todays’ War Dialer
• WarVOX, Linux-based freeware available on
Dark-Hack
• Uses VoIP services to make up to 10,000
calls in an 8 hour period
• Spoofs caller ID
• IDs admin interfaces to PABX and IP based
devices
• Finds and copies/strips stored audio files
and archives
26. Some things never die,
they just go out of
fashion…
Phreaking is the founding
methodology of hackers.
What makes you think its
dead?
Still the most dependable
backdoor into a system.
27. 26 Dover Street,
London , W1S 4LY,
United Kingdom
+44 (0) 203 586 1025
www.orthusirm.com
info@ orthusirm.com
Editor's Notes
First hacker movie – set the mould. Established the archetype Based on a true story 16 year old broke into Pentagon systems Original screen play written in 1979 Stephen Falken = Stephen Hawking To have been played by John Lennon Made it cool to be a geek
War dialer = term coined from movie
War dialer = term coined from movie
Old news Like …… never fades away – gets re-worked