Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: DEF CON 19 - hackers get hacked!
From: "Eric McCann" <nuclearmistake () gmail com>
Date: Wed, 10 Aug 2011 14:54:53 -0400

<-- got pwned

I spent 90% of the time with my Windows (I like koolaid. deal with it) laptop on a 4g My-Fi up in my room, and had my 
droid 2 global on 3G most of the time.

Saturday-ish, I noticed alot of "hey, what's your password again?", and said "NO YOU" to most of them, but didn't 
really have a sense that they were suspect until I read this thread.

Saturday around noon I got this email in my gmail inbox... FROM "MYSELF".

"""
Hello, Eric. I have your laptop, and it won't let me log off your account. I was wondering if you could tell me? 
Anytime I go on to my account, it always directs me to yours. Do you mind informing me on how to log off your account 
for good? I have no intention of hacking or sabotaging your account. Thank you,
  Aislyn

P.S. I fixed your laptop. I believe you left it at the dump.
"""

I promptly responded with something along the lines of, "Describe my laptop...... and go ________ yourself", closed all 
existing google sessions, changed my password a few times, and enabled 2 factor authentication.

The only ongoing issue I've noticed is my feeling of regret that whoever sent the email will never be able to respond 
my reply. :-(





On Wed, 10 Aug 2011 14:17:25 -0400, coderman <coderman () gmail com> wrote:

lots of misunderstanding...

On Wed, Aug 10, 2011 at 2:21 AM, coderman <coderman () gmail com> wrote:
... some characteristics:

- full active MitM against CDMA and 4G connections from Rio to carriers.

802.16/ClearWire/Sprint4G

did not have LTE to test with.



how to tell if you *MAY HAVE* met the beast at Rio:
..

of course many of these seem innocuous or unrelated. that's the point
and why attacking via these methods was effective.

there are situations where signal and link would be bad just given
congestion and noise floor.

however i am speaking to particular effects when the MitM was taking
over a connection from target to the carrier and redirecting through
itself. this was done in a manner that causes some effects described.



sorry media, no inquiries. i bet you can find people to talk to; try
reddit and twitter:
  http://www.reddit.com/r/netsec/comments/jeis7/full_disclosure_def_con_19_hackers_get_hacked/
  http://twitter.com/?q=defcon+cdma#!/search
  http://twitter.com/#!/search/defcon%204G

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
Eric McCann
    University of Massachusetts, Lowell
    Department of Computer Science
    One University Avenue
    Olsen Hall, Room 304
    Lowell, MA  01854
Lab:               978.934.3385
Email:           emccann () cs uml edu
Homepage (lab):  www.cs.uml.edu/robots
Homepage:        www.emccann.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault