Question about hacking

ChewyLewey

Hi guys,

I apologise if this is in the wrong forum. Was wondering if anyone could help me with something.

I'm writing a story and I want to know if it is possible/plausible for a talented computer hacker to access the search history from a laptop or IP address? Would this be possible without access to the machine itself?

For example if a hacker was given just the name and address of a person (a normal everyday person, no one of great importance) and told to 'dig up dirt' on said person, could they view their full search history, even if they had used incognito windows etc...?

Thanks in advance for any replies

brianwalshcork

Are you really writing a story OP or are you just very paranoid!

If you had the name and address, but no access to the machine, then the next best place would be the person's ISP.
The talented hacker would still need to know what IP was assigned to the user's edge device (so USB modem, or DSL modem), so they'd need that in addition to the user's name, to get this, they'd need the MAC address from the modem.

Once they have that, they could then trawl proxy logs if the connection was being proxied, if not, then they could probably only sniff live traffic, so no access to historical search data.

I don't know for certain, but I'd imagine that ISPs do retain IP address assigments for a longer period of time, I don't think that any proxy logs would or should be retained for very long.

This assumes that the person always access the internet with his laptop from home, and not through a public wireless access point, that would be another task for the talented hacker.

You could go off into fantasy land, and say that the hacker broke into one of those Echelon systems, and you can endow the Echelon devices with a recording function which records all traffic. This would give you all the access to the information you need.
Ignore any annoying questions about the unfeasably large amount of storgae that would be required for this - and if you want to make it believeable make sure the hacker is using a Mac :-)

Khannie

Let's say someone paid me a lot of money and gave me a name and address....here's what I would do:

Go and try to gain access to their home network over wifi. Last time I checked (which was a loooong time ago), this just required some patience and sitting in range of said wifi point.

Once on the network I would attempt to identify the IP address of their laptop (straightforward), possibly packet sniff, attempt to identify their OS, attempt to identify known vulnerabilities in such an OS. Now if the user was paranoid and cleaned up afterthemselves (fnar fnar!) I think at that point you're screwed unless you have access to any historical logs at the ISP level. Gaining that might just require some cash for a tasty bribe.

Cuddlesworth

Khannie's would be the most realistic way. Going down the ISP route would be horrific to the extreme. Although in most areas sitting outside the house with a laptop will get you noticed.

Stky10

There's also the way of sending them an email with a trojan file attached, phrasing the email in a way that makes them likely to click on it. Once the trojan is inserted, you could connect in as long as you wanted (as long as the target is online).

ChewyLewey

Thanks very much for replies. This is an area I'm more or less clueless on.

Khannie can you clean up what you mean by this for a non-techy person:

'possibly packet sniff, attempt to identify their OS, attempt to identify known vulnerabilities in such an OS.'

OS??? Packet sniff??

If you had access to the machine, would an access to the search history be relatively easy (even if the owner has used incognito windows)? If this was a far more plausible way of accessing information then I think it could be a better way to go.

Again, thanks for the replies, very helpful!

Sid_Justice

Search history ~= google search history

once you had their gmail password they could get access to what google has stored on your search history.

mach1982

best way would to install a keylogger, there a episode of the Real Hustle where they to it it .

Khannie

ChewyLewey wrote: »

Khannie can you clean up what you mean by this for a non-techy person:

'possibly packet sniff, attempt to identify their OS, attempt to identify known vulnerabilities in such an OS.'

OS??? Packet sniff??

OS = Operating System. Windows XP, Linux, MacOs are examples. Different operating systems have well known vulnerabilities (this is why you use windows update for example).

Packet sniff - When data is sent over a network, it is sent in chunks called packets. You can consider these conceptually similar to an envelope containing data for simplicity sake. It is possible for anyone on the network who can see those packets to examine the contents of them and reassemble them intelligently.

ChewyLewey

Cool, again thanks for replies.

I think I may go for Sid_Justice's idea, as in the story I need the information to be gotten by the character pretty quick, like in a day or so.

I was reading a bit on Wiki about hacking and password cracking, and it seems that if its just a fairly normal password with no upper cases, numbers etc..., a password can be cracked in a relatively short amount of time, like a few hours.

Would this be correct?

Therefore the gmail account could be hacked and the search history would be stored in the gmail account right? The guy wouldn't bother deleting it because it's stored only in his email account and not his computer. And there you have it. Plausible?

U_Fig

one way I know of hacking as I've done this (did it to a mate who dared me to hack them once) was using a custom backtrack 3 config..hacked the WiFi WPA capturing the handshake and using rainbow tables to crack the pass...once connected to the router (eircom default pass) i could see his computer and shared folder (he uses network sharing) and took a program there and copied it to my comp planted a remote vnc in the exe and waited till he opened it then...i connected to the vnc after setting up port forwarding in the router to allow it and connected and played around a bit... now this took time but it wasn't that hard setup took maybe 30 mins but i waited for 2 days for him to open up the file..checking periodically to see if he had...his WiFi was in range also..

now that's just one way that i exploited the fact that he knew enough to set up home sharing but not enough to properly secure it..

Khannie

ChewyLewey wrote: »

I was reading a bit on Wiki about hacking and password cracking, and it seems that if its just a fairly normal password with no upper cases, numbers etc..., a password can be cracked in a relatively short amount of time, like a few hours.

Would this be correct?

Once you have the encrypted password (the hard part) a weak password could be compromised in minutes with a good graphics card (they are well suited to brute force attacks).

ChewyLewey wrote: »

Therefore the gmail account could be hacked and the search history would be stored in the gmail account right? The guy wouldn't bother deleting it because it's stored only in his email account and not his computer. And there you have it. Plausible?

Not so much, because you don't have access to the encrypted gmail password. If you used the same Windows password for gmail, then presto.

Hijpo

Khannie wrote: »

ChewyLewey wrote: »

I was reading a bit on Wiki about hacking and password cracking, and it seems that if its just a fairly normal password with no upper cases, numbers etc..., a password can be cracked in a relatively short amount of time, like a few hours.

Would this be correct?

Once you have the encrypted password (the hard part) a weak password could be compromised in minutes with a good graphics card (they are well suited to brute force attacks).

ChewyLewey wrote: »

Therefore the gmail account could be hacked and the search history would be stored in the gmail account right? The guy wouldn't bother deleting it because it's stored only in his email account and not his computer. And there you have it. Plausible?

Not so much, because you don't have access to the encrypted gmail password. If you used the same Windows password for gmail, then presto.

Iv read of another tactic to gain access to wifi network by sending de-auth requests to the AP. The AP closes all connections and when the user tries to log back onto the network the attacker can sniff the key. Or something along those lines.

ChewyLewey

So just to clarify, Khannie, it would be pretty implausible for someone to manage to access a search history within, say, a weekend, unless they were in a close enough location to hack into their wireless network?

To set out what I need for the story is:

- The search history/emails to be obtained quickly (within a couple of days).
- The history/mail to be past information (i.e. it's not much use to me if the network is hacked and the hacker has to wait for the user to visit websites that would compromise his reputation. I need the sites to have already been visited.)

Thanks again for replies!

kippy

Hi,
Does the laptop have to be on a home network?
Do you need a "hacker" to do the job?

If not the any PC that connected to the internet via a corporate network that uses a webfiltering/firewall solution would generally have logs of websites accessed that would be accessible by a number of staff within the organisation if required.

(perhaps it will fit in with your story "easier" than the home user scenario)

ChewyLewey

kippy wrote: »

Hi,
Does the laptop have to be on a home network?
Do you need a "hacker" to do the job?

If not the any PC that connected to the internet via a corporate network that uses a webfiltering/firewall solution would generally have logs of websites accessed that would be accessible by a number of staff within the organisation if required.

(perhaps it will fit in with your story "easier" than the home user scenario)

Hi, thanks for suggestion Kippy.

It kind of has to be a home network, because the guy is a Garda and has been looking at dodgy porn sites, so it wouldn't really be plausible that he would be doing this at work. Although the guy who wants 'dirt' on this guard is also a guard and works with him, so could be potential there to hack into his personal email just by finding a password written down or something. This way I could maybe leave out a 3rd party and a hacking angle altogether.

It doesn't have to be a hacker, but it wouldn't really fit in with the character who wants the information to be very skilled at that sort of stuff (wrong generation, type of person etc...)

Hijpo

ChewyLewey wrote: »

kippy wrote: »

Hi,
Does the laptop have to be on a home network?
Do you need a "hacker" to do the job?

If not the any PC that connected to the internet via a corporate network that uses a webfiltering/firewall solution would generally have logs of websites accessed that would be accessible by a number of staff within the organisation if required.

(perhaps it will fit in with your story "easier" than the home user scenario)

Hi, thanks for suggestion Kippy.

It kind of has to be a home network, because the guy is a Garda and has been looking at dodgy porn sites, so it wouldn't really be plausible that he would be doing this at work. Although the guy who wants 'dirt' on this guard is also a guard and works with him, so could be potential there to hack into his personal email just by finding a password written down or something. This way I could maybe leave out a 3rd party and a hacking angle altogether.

It doesn't have to be a hacker, but it wouldn't really fit in with the character who wants the information to be very skilled at that sort of stuff (wrong generation, type of person etc...)

Doesnt adobe store cookies of flash players. All you need is te users email address and password to log into there adobe account on the adobe website and see a history of what they watched.

harney

I can't access this due to my stupid work proxy blocking hacking sites (it is not a hacking site ) so I am not sure how suitable it might be for you (it's been on the to do list for some time to read the book), but, this link is to a hacking story written by the person who created nmap a free and very powerful tool that your hacker will most likely be using (the tool was used in movies like The Matrix, one of the Bourne movies, Die Hard http://nmap.org/movies.html .

http://insecure.org/stc/

If the link does not work, just google "Fyodor stealing the network"

The idea of the books is that they write a hacking story using actual techniques that will work in real life. The story may be quite technical in parts, but it will give you an idea of what a hacker can do and how quickly.

harney

ChewyLewey wrote: »

Hi, thanks for suggestion Kippy.

It kind of has to be a home network, because the guy is a Garda and has been looking at dodgy porn sites, so it wouldn't really be plausible that he would be doing this at work. Although the guy who wants 'dirt' on this guard is also a guard and works with him, so could be potential there to hack into his personal email just by finding a password written down or something. This way I could maybe leave out a 3rd party and a hacking angle altogether.

It doesn't have to be a hacker, but it wouldn't really fit in with the character who wants the information to be very skilled at that sort of stuff (wrong generation, type of person etc...)

Just have the dirt digging person pass him a usb stick with some sort of malware on it that runs when he plugs it into his home pc and allows the attacker to take control on it has run. Or have him set up a fake website that will download something onto his pc when he browses it, and send an email saying check this out.

ChewyLewey

Just reading this thread on another forum http://www.boards.ie/vbulletin/showthread.php?t=2056478209

Would this be a plausible way of him getting into his email account? Lets say he's nicked his wallet or passport and has more personal information to back things up if he gets a phone call...

EDIT: Of course he would have to steal his phone too

Khannie

ChewyLewey wrote: »

To set out what I need for the story is:

- The search history/emails to be obtained quickly (within a couple of days).
- The history/mail to be past information (i.e. it's not much use to me if the network is hacked and the hacker has to wait for the user to visit websites that would compromise his reputation. I need the sites to have already been visited.)

The easiest way to do this, by far IMO, would be to gain physical access to the computer for an hour, copy the contents of the hard drive, then put it back to examine your copy at your leisure. This is assuming the contents of the hard drive aren't encrypted (like mine ).

kippy

ChewyLewey wrote: »

Just reading this thread on another forum http://www.boards.ie/vbulletin/showthread.php?t=2056478209

Would this be a plausible way of him getting into his email account? Lets say he's nicked his wallet or passport and has more personal information to back things up if he gets a phone call...

EDIT: Of course he would have to steal his phone too

Well even if you had all that info, all you are getting is their email. You still dont have browser history.....
Physical access really is the easiest way.

Kells...

Or a secret partition somewhere :P

ressem

Not the easiest way...
Probably the easiest way would be something like using the Eircom predictable wep keys from a few years back. A google search will have youtube videos on it.

And a hacker could use a decent quality directional wifi antenna to try and connect from a couple of hundred yards.

After that, the wifi router will typically log the last few DNS queries (web address lookups). Or he could access the file system through a windows admin share if the windows firewall was switched off (to allow a games console to get music / video) for example.

Hijpo

ressem wrote: »

Not the easiest way...
Probably the easiest way would be something like using the Eircom predictable wep keys from a few years back. A google search will have youtube videos on it.e.

but he needs porn sites not youtube.
To see what videos hes watched getting into his adobe account is the easiest if he has his email.

ressem

Hijpo wrote: »

but he needs porn sites not youtube.
To see what videos hes watched getting into his adobe account is the easiest if he has his email.

No.

The only people with Adobe accounts are people that purchase software from Adobe.
And I have one, and it is not sending and storing my browsing history with Adobe. Browsing history and flash cache is kept locally on the computer.

The youtube videos I was referring to are in relation to displaying the vulnerability of the netopia modems with eircom's password choices in the past.

Hijpo

ressem wrote: »

Hijpo wrote: »

but he needs porn sites not youtube.
To see what videos hes watched getting into his adobe account is the easiest if he has his email.

No.

The only people with Adobe accounts are people that purchase software from Adobe.
And I have one, and it is not sending and storing my browsing history with Adobe. Browsing history and flash cache is kept locally on the computer.

The youtube videos I was referring to are in relation to displaying the vulnerability of the netopia modems with eircom's password choices in the past.

Totally miss read your post, sorry.

I wasnt talking about browser history i was talking about flash cookies, isnt this what remebers things like volume control on flash videos etc??
your right it would have to be accessed from the users computer either way.

Tazium

The PC could be a laptop, the suspect could mostly carry it with him to protect his stash of dodgy sites. But in doing so, decides to use it in a public location to check email or sites like boards. Sitting there over his coffee and reading his email he wouldn't know that another laptop user nearby has compromised his computer.

How?

Few methods, firesheep, nmap, metasploit, will uncover information from the computer and use known vulnerabilities to attempt remote exploits. Once exploited the computer is in control of the attacker and the regular browser history is obtainable.

Ingotnito, or private browsing information is not stored after the session. For example, if he opens a private session and has not closed the browser then the attacker can discover the history, but once the browser is closed the history is deleted.

To get the history then would require attacking or obtaining information from the service provider, even private browsing sessions are logged at that level.

Coffee shop and laptop situation provides plausibility to your story.

humbert

If it was me I'd trawl the internet with the information I had (address, name, telephone number) to find an email address (if I didn't already have it). Then you could spoof an email from Amazon/eBay/their work/etc with a link to an image hosted on a site you control. In many cases and depending on browser vulnerabilities at the time that could be enough to get arbitrary code execution and the data required.

AlmightyCushion

Not very hackerish but the easiest way to do this would be to put a brick through their window and steal the laptop.

dvpower

ChewyLewey wrote: »

So just to clarify, Khannie, it would be pretty implausible for someone to manage to access a search history within, say, a weekend, unless they were in a close enough location to hack into their wireless network?

To set out what I need for the story is:

- The search history/emails to be obtained quickly (within a couple of days).
- The history/mail to be past information (i.e. it's not much use to me if the network is hacked and the hacker has to wait for the user to visit websites that would compromise his reputation. I need the sites to have already been visited.)

Thanks again for replies!

For the purposes of your story, can you just have the hacker obtain (or even guess) the person's google password and access their google search history (and their email history)?
No talented hacker required and makes the 'story' much easier.

ANSI

Khannie wrote: »

Let's say someone paid me a lot of money and gave me a name and address....here's what I would do:

Go and try to gain access to their home network over wifi. Last time I checked (which was a loooong time ago), this just required some patience and sitting in range of said wifi point.

Once on the network I would attempt to identify the IP address of their laptop (straightforward), possibly packet sniff, attempt to identify their OS, attempt to identify known vulnerabilities in such an OS. Now if the user was paranoid and cleaned up afterthemselves (fnar fnar!) I think at that point you're screwed unless you have access to any historical logs at the ISP level. Gaining that might just require some cash for a tasty bribe.

with wpa?

ANSI

AlmightyCushion wrote: »

Not very hackerish but the easiest way to do this would be to put a brick through their window and steal the laptop.

very practical

ressem

A colleague of the protagonist phones up pretending to be a "Microsoft Computer Support person"?

http://www.boards.ie/vbulletin/showthread.php?t=2056164852
http://www.irishtimes.com/newspaper/ireland/2011/0128/1224288458489.html

No point in going overboard describing how to hack.

ChewyLewey

Lots of great ideas here thanks.

I had actually decided in the last few days that the hacking angle is just too complex and I honestly don't know enough about it to put it in a story convincingly.

So brick through the window or obtaining the password in some way is easier and actually makes a lot more sense in relation to the characters.

Still, thanks a lot to all those who replied, much appreciated.