FIGURE 11-1: A Keystroke logger can record everything you type.
No matter how well you've hidden your data or how many times you may have encrypted it, there's always a chance that someone somewhere will be able to find and read what you have written.
So if you really want to get information about other people or learn how to protect yourself from others trying to get into your computer, keep reading. The secrets inside your computer can be pried open easier than you think.
You have several methods of attack any time a computer requires a password, and you don't know what it is:
Disabling or circumventing a password Often you will need a password to access someone's computer system. There are two common ways that computer systems are password-protected:
For the really devious, try assigning a new password instead of disabling password-protection. To do so, keep the Password-protected check box checked and click on the Change button. Then type in a new password for the screensaver. Now anyone who tries to access this computer will be locked out unless he or she can guess the new password you registered.
Another way to break into a password-protected computer is to avoid loading security or opening menu programs that may run on start-up and lock you out of the computer. To avoid loading these programs, reboot the computer and press one of the following keys as soon as you see the "Starting Windows 95/98" message on the screen:
You probably won't be able to circumvent the better security programs by rebooting the computer. To get around these sophisticated programs, boot from a floppy disk to load MS-DOS, and then use MS-DOS commands to copy, move, or delete files on the hard disk at your leisure. If a third-party security program still blocks your access even after rebooting, you may have to resort to stealing the password to the security program.
Still can't find that pesky password? Try one of these:
NOTE All of these programs require that you have access to the victim's computer so you can install or run the programs without the user's knowledge.
While many loggers were originally written for legitimate purposes, people have found creative ways to use them. (The program WinWhatWhere was originally written as a time and billing tool.) Remember, though, if you use one on someone's computer without permission you could be breaking Federal eavesdropping laws, punishable by up to five years in prison and $250,000 in fines.
Keystroke logging programs tend to be fairly small, so they're easy to hide on a victim's computer. Hackers have written and posted some simple keystroke logging programs with names like Playback, KeyTrap, or Phantom, but many companies have released shareware versions of keystroke loggers too, which you can find at sites like Download.com or Rocketdownload.com. Some of the more popular shareware and commercial keystroke logging programs include KeyKey (http://mikkoaj.hypermart.net), Keystroke Recorder (http://www.campsoftware.com/camp), and Stealth Keyboard Interceptor (http://www.geocities.com/SiliconValley/Hills/8839/index.html).
Some keylogging programs, such as SureShot Ghost Keylogger (http://home.swipnet.se/~w-94075/keylogger) and Stealth Activity Recorder and Reporter (http://www.iopus.com/), can secretly email you the recorded keystrokes. Parents or employers may legitimately use a keystroke logger to see what their children or employees are doing. Hackers, though, may use keystroke loggers for less than legitimate puroposes, such as capturing valuable information such as passwords without having to physically access the targeted computer.
D.I.R.T. can secretly record keystrokes and email the captured keystrokes to another computer. That way law enforcement officials can capture evidence as the suspect types it in. If someone is secretly recording and reading your captured keystrokes, even the best encryption won't protect you. The Peeping Tom who is looking into your computer will already have the password you used to encrypt your data, as well as every keystroke you typed before encrypting your file.
Spying with a desktop monitoring program Desktop monitoring programs (see Figure 11-2) are slightly more sophisticated than keystroke loggers. Like a computer surveillance camera, they secretly record the programs a person uses, how long the person uses each program, the Web sites viewed, and every keystroke. Many monitoring programs can store days of recordings, and some can be set to record at designated times only, when certain applications are run, or when a user logs on to the Internet.
Like keystroke loggers, many desktop monitoring programs were designed for legitimate use. Many people use them to protect their computer from abuse or to monitor their children's computer (see Figure 11-3). Desktop monitoring programs are also perfect for less-than-legitimate uses, such as spying on another person's computer. If you do, be sure to use the stealth mode so the user won't know that the program is tracking their actions. Then, when the person leaves, go back to the target computer to retrieve the captured data.
Like loggers, you can find several shareware versions of desktop monitoring programs at sites like Download.com. For specific programs, try these sites: AppsTraka (http://appstraka.hypermart.net), Desktop Surveillance (http://www.omniquad.com), WinWhatWhere Investigator (http://www.winwhatwhere.com), Security Officer (http://www.compelson.com), or WinGuardian (http://www.webroot.com).
There are many shareware versions of password recovery programs. Look for 007 Password Recovery (http://www.iopus.com), Password Recovery Toolkit (http://www.lostpassword.com), or Revelation (http://www.snadboy.com).
Besides blocking access to a program, passwords can also block access to files like WordPerfect documents or Microsoft Excel spreadsheets (see Figure 11-4). To retrieve or crack password-protected files, get a special password-cracking program from one of these companies: Access Data (http://www.accessdata.com), Alpine Snow (http://www.alpinesnow.com), Crak Software (http://www.crak.com), ElCom (http://www.elcomsoft.com), Password Crackers Inc. (http://www.pwcrack.com), or Passware (http://www.lostpassword.com).
You can also find plenty of free cracking programs on hacker Web sites or through Crak Software or Access Data's Web sites. Many provide the source code too so you can see how they work. Surprisingly, their source code is short and relatively simple, revealing the incredible weakness of the encryption algorithms used by Microsoft Word or Lotus 1-2-3. By studying the source code, you can learn how to crack open password-protected files yourself or even how to write your own password-cracking program.
If you need to retrieve passwords from a computer running Windows NT, grab a copy of the L0phtCrack program from the L0pth Heavy Industries Web site (http://www.l0pht.com). Windows NT encrypts user passwords-the L0phtCrack program simply studies these encrypted passwords and attempts to decrypt them.
Password-cracking programs take each word from a dictionary file and type it into the program as a password until it finds one that works or runs out of words. If the password works, you have access to the program you want. Of course, if it runs out of words in its dictionary file, you can try other dictionary files until you find a valid password or run out of dictionary files. If a password is an ordinary word, it's only a matter of time before a dictionary attack will uncover it. To foil a dictionary attack, sprinkle some random characters (such as symbols and numbers) in your passwords or use a special password-generating program such as PassGen (http://www.noodlesoft.co.uk) or Quicky Password Generator (http://www.quickysoftware.com), which can create truly random passwords of varying lengths.
You can create your own password lists for use in a dictionary file with a dictionary-making program; these programs create random word combinations, words consisting of all uppercase or lowercase, words with random symbols mixed in, and so on (see Figure 11-5). (Dictionary attacks are most useful when you don't have to worry about being spotted, as when you're breaking into a remote computer through a phone line or the Internet.)
To find dictionary files, use a Web search engine to search for "dictionary file" or "word lists." You can find a number of shareware and password crackers at Download.com, with names like Ultra Zip Password Cracker, CracPak, and Password List Recovery.
Conveniently (for both hackers and system administrators), most UNIX systems store the list of account names and passwords in the /etc/passwd file. To provide a small degree of security, UNIX encrypts each person's password using an encryption algorithm (also called a hash function), usually using the Data Encryption Standard (DES).
To gain access to UNIX computers, hackers copy the /etc/passwd file to their own computer so they can run a dictionary attack that tries common passwords from a list of words encrypted with DES. If it finds a match between an encrypted word on its list and an ecrypted password in the file, then it knows it has found a legitimate password. At this point, the hacker can use that password to gain access to that unlucky person's account.
To increase the chances of finding a valid password, UNIX password-cracking tools like John the Ripper or CrackerJack not only try commonly used passwords, but also variations of those common passwords (typing them backwards or adding a 1 or 9 to the end or beginning). While this slows down the overall cracking process, it does make sure the dictionary attack isn't fooled by a simple variation on a common password.
Steal This Computer Book 2 is available from No Starch Press (800-420-7240, www.nostarch.com) for $24.95.
Wally Wang is a regular contributor to Boardwatch magazine ("Notes From the Underground") and frequently appears on radio and TV programs to talk about hackers and computer viruses. He performs stand-up comedy regularly in Las Vegas and has appeared on the nationally syndicated television show, "A&E's Evening at the Improv." He currently lives in San Diego, California.
For more information on the Tulsa Computer Society click here