Zero-Day Exploit
暫譯: 零日漏洞利用

Description:

“So much of our critical national infrastructure hinges on technology, which is so fragile, that a zero-day bug in the wrong hands could lead to any equally bad attack. I'm not, for a moment, going to speculate on what or how that attack may come, but suffice to say that the potential is there; the threat is real.” David Litchfield, Managing Director, NGSSoftware

A realistic and downright scary tale of cyber-terrorism
Zero-Day Exploit: Countdown to Darkness is this season’s must read cyber-thriller. From the casinos of Las Vegas to the slums of Manila to FBI Headquarters, the adrenaline never stops pumping as an elite team of security hotshots race to stop Islamic terrorists from crippling the economies of the Western world. Written by some of the world’s leading counter-terrorism experts, the story is all the more chilling for its authenticity.

Tagig, The Philippines: Tuesday, October 21st, 5:19 PM, 2003
The challenge for Lualhati was to target only installations in North America. Since the list of IP addresses available for use is broken down by region, Lualhati focused only on ranges allocated to ARIN and other groups known to be associated with the United States, so as to limit impact on any infrastructure in the Islamic world. The pair had developed a relatively clever two-stage attack. Their main target was the petrochemical infrastructure, but they realized that they needed to create a secondary effect that would in some way slow the reaction to the first attack. They settled upon ZFon as the target of choice, given the breadth and criticality of its deployment within the federal law enforcement community. What truly delighted them was the discovery of just how easy it was to break into ZFon’s software. It took the excited young men only a week to discern how to root the gateways and develop shellcode that would accomplish their aims. What remained was the scanning, which was already in progress.

 

Table of Contents:

Contents
xiii
Foreword—by David Litchfield . . . . . . . . . . .xix
Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . .1
Prologue
“That’s wicked cool.”
Reuben and his friends looked at the design on the screen,
astounded at the result of their hard work. A dragon, complete
with chunkily-animated fire spouting from his mouth, filled the
small video screen of the computer.They sat for a minute in
front of the Apple II+ computer, just watching the fruits of their
labor.
Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . .9
DefCon in Las Vegas, 2000
The brutal desert heat wasn’t too easy to bear in standard
DefCon clothing. Black was the order of the day, and despite
the low humidity, Reuben was looking forward to getting
inside, back into the air conditioning. He looked around the
pool area and wondered if anyone else was feeling the same
way; if they were, it didn’t show. Most perplexing of all were a
couple of the members of Phenoelit, the German hacker thinktank,
who were wearing not just black, but black leather pants.
Reuben could feel the sweat under his backpack, and wondered
xiv Contents
what it must feel like under those pants. Phenoelit was wellknown
for their understanding of (and ability to poke holes in)
various networking protocols, especially those used for communication
between devices like routers. FX, one of their members,
was a talented researcher and speaker with regard to router
vulnerabilities, and had the ear of Cisco when it came to fixing
problems.
Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . .55
The DoJ Project,
Washington DC, 2001
“Alright, let me see if I understand you correctly.You’ve been
burned in the past by consultants saying ‘yeah, yeah, we know
how to do that’, and then after a few weeks of work they give
you a deliverable that’s big on words but doesn’t really say much
in terms of analysis; they don’t boil it down and give you anything
useful or coherent, right? And that’s what you’re afraid of
this time?” Reuben talked calmly into the speaker phone in his
boss’ office at the Vigility Corporation.
Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . .81
The Arrival of MadFast
Reuben waited patiently at the exit in Baltimore Washington
International airport, watching for MadFast to emerge. Since
September 11th, it was no longer so simple to pick people up.
Everyone from all the different gates seemed to come out
together. It was tough to search through such a crowd for one
person he’d only seen once before in his life. But soon enough,
the face he was looking for emerged, and saw him as well.
Contents xv
Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . .131
ZFon Vulnerability
“Are you sure you set it up right?” John was one of the ZFon
programmers, and already Reuben didn’t like him. He tried to
remember that this was a guy who was being told that his work
wasn’t good enough, and now his company either had to fix the
mistakes or probably go out of business. But there was something
more than that, some kind of arrogance behind it all that Reuben
perceived. It wasn’t just that he was on the defensive because of
the situation, he actually seemed to think that he was the only
person in the room with half a brain. Boy, is he in for a rough time,
Reuben mused to himself as he smirked internally.“Well, why
don’t you take a look at it and let us know?” he suggested.
Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . .155
Scanning the System, 2003
Looking at the front page of the Internet Storm Center was a
daily routine, like looking outside to see what the weather was
like before going outside or choosing what to wear. From time to
time there were interesting things, like a sudden spike in scanning
for a service that might indicate that there’s a new vulnerability.
But this time, it was different.“Upward Scanning Trends:TCP
port 1734, unknown.” It was the same port as used by the ZFon
software.
xvi Contents
Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . .181
Zero Day
“It is time, brother.” Lualhati and Agpalo looked at each other
before they separated and went in different directions down the
street.This morning, they would walk into different Internet
cafés, log in, and start issuing the commands that would trigger
the first attack.
Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . .207
Exploit Impact
The tanker approached the docking port at the facility. Slowly
and carefully, the tug helped maneuver it into place, and enormous
hoses were winched up to mate with connectors on deck.
It was a lazy morning.The calm voyage had made the workers
on deck somewhat sluggish for lack of any significant challenges
over the previous weeks. Eventually everything was connected
and tightened up, and the Captain informed the control room
that he was ready to start pumping gasoline onshore.
Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . .239
Damage Control
It had been a long, trying, and unproductive day.There had been
no progress in acquiring a copy of ZFon’s VPN for testing.
Without the software they needed, MadFast and Reuben spent
the day double-checking everything to make sure they were
ready, discussing concepts and definitions of computer security
with Jane, Paul and Mark to pass the time.
Contents xvii
Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . .281
Recovery
The pair stood in the control room, looking around.The various
workers looked at them strangely, wondering why these two
guys in t-shirts rated an FBI escort and a tour of the plant.The
two seemed pretty bright, though, and definitely picked up on
the computer-oriented aspects of the tour faster than everything
else.They mostly seemed interested in the servers of the
SCADA master, and how it was interconnected with the rest of
the plant.They were awfully serious for people their age, and
sure didn’t say much aside from some whispers to each other
from time to time.
Appendix . . . . . . . . . . . . . . . . . . . . . . . . .305
The Laws of Security
This book contains a fictional account of a zero day exploit,
demonstrating criminal hacking techniques that are used every
day to exploit vulnerabilities. While this story is fictional, the dangers
are obviously real. As such, we’ve included this appendix,
which discusses how to mitigate attacks, such as the one described
in this book. While not a complete reference, these security laws
can provide you with a foundation of knowledge to prevent
criminal hackers from hacking your network and exploiting your
vulnerabilities…