The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services

Posted by Xavier Ashe on September 30, 2007


Convicted hacker Robert Moore, who is set to go to federal prison this
week, says breaking into 15 telecommunications companies and hundreds
of businesses worldwide was incredibly easy because simple IT mistakes
left gaping technical holes.

Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to
commit computer fraud and is slated to begin his two-year sentence on
Thursday for his part in a scheme to steal voice over IP services
and sell them through a separate company. While prosecutors call
co-conspirator Edwin Pena the mastermind of the operation, Moore acted
as the hacker, admittedly scanning and breaking into telecom companies
and other corporations around the world.

“It's so easy. It's so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you've got that many computers at your fingertips, you'd be surprised how many are insecure.”

Ha… these Cavemen folks are getting a bad rap these days.

Moore said what made the hacking job so easy was that 70% of all the
companies he scanned were insecure, and 45% to 50% of VoIP providers
were insecure. The biggest insecurity? Default passwords.

“I'd say 85% of them were misconfigured routers. They had the default
passwords on them,” said Moore. “You would not believe the number of
routers that had 'admin' or 'Cisco0' as passwords on them. We could get
full access to a Cisco box with enabled access so you can do whatever you want to the box. …
We also targeted Mera, a Web-based switch. It turns any computer
basically into a switch so you could do the calls through it. We found
the default password for it. We would take that and I'd write a scanner
for Mera boxes and we'd run the password against it to try to log in,
and basically we could get in almost every time. Then we'd have all
sorts of information, basically the whole database, right at our
fingertips.”

Yup, I agree.  A caveman could do that. Read the full article at Information Week.


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: