| You can read http://www.wired.com/science/discoveries/news/2002/07/54040?... While it is unlikely that this will actually happen you are still far from correct saying that this is virtually impossible, for certain this is possible. If anyone here recalls the blackhat heydays pre-2003 you may have/have not recalled a group known as "Fluffy Bunny" that broke into (at the time) what were thought to be the some of the most secure box's on the net, a few to name were VA software, UU.net(efnet), (cross site scripting) securityfocus.com, sans.org, (even a site dedicated to making fun of and host mirrors of defaced websites) attrition.org. Getting back to the original point I was trying to make, one of their most notable hacks was breaking into multiple Akamai servers. No remote exploits were used against Akamai servers, every computer they had access to at Akamai was gained through a patch version of ssh which recorded all users password before encryption and placed it in a log file within a hidden directory on the system, this patch was installed on every box they exploited, they got lucky when a user from the uu.net box logged into an Akamai box using the compromised ssh client. So they have Akamai, now what? The group further infiltrated their way into Akamai's intranet and gained access to other computers on their network through social engineering. Finally they located the development server that stored the source code that Akamai used to update some 12,000+ high bandwidth servers they used. The plan was to patch the update software they used to automate the patching process to also include a rootkit&DDoS client. With this they would be able to control a ridiculously large botnet, joined with their already amassed 4000+ DDoS net from other compromised computers this would have effectively timed out all 13 top level root name servers. More then likely you can tell what happens after that. If you were interested to know, these guys were caught out out of the stupidity of this guy.
http://articles.latimes.com/2000/sep/22/local/me-24959
Whom was drunk and instead of hanging up decided to curse out a field technician that came onto the centrex line(thanks AT&T) they used to communicate through. This resulted in the tech recording the line 24/7 and eventually handing the information over to the authorities. |