How they caught me
Inspired by the story "How I caught a hacker . " I was not so dynamic, but I want to share how not to do it.
Well, how pleasant it is to catch intruders, only the one who caught them knows. But ask those who came across, what is it to them? And I will tell you, and share my thoughts about it. If they seem to someone for granted, I will only be glad.
It happened in 2002. Then I was still a student, I studied in the second year of the shipbuilding department.
Even then, slowly I began to prepare for a diploma, before you sit down - before you leave. Thesis was from the series “Design a ship on a computer”. And, because, in the auto-cadre you never do this, the appropriate software was used.
')
The university then had a purchased license for the profile software product SeaSolution (it builds a 3D model of the ship hull, the possibilities of the mat kernel were just crazy for those times). The software product with the help of the license file was tied to the corresponding machines in the computer center, where I hung after the pairs until the evening. I'd add that it was really interesting - to model the ship with all the bulkheads and mechanisms, after a few months the model grew to 500 MB, I had to beat her into pieces and then combine them back.
The project was almost ready when the terrible happened.
One day, all copies of SeaSolution'a in the EC said
All work got up. Then it turned out that the great institute men did not invent anything better than to buy a time-limited license. To buy the full version, as I understood later, no one was going to, exactly like to extend the existing one.
The project was killed for half a year almost daily classes. It all got cancer. Let me remind you, it was only the second course, you could start anew, use other software, in general, there were several options. I was desperate.
But I had one trump card up my sleeve - at that time I had been interested in the crack scene for a couple of months. Knowledge was a minimum, but I decided to try to break the program. I could not buy it anyway - the cost of a license of 3 kilobax was somewhat higher than my scholarship, the “student” version did not fit - export to IGES did not work, without which there was no way. Kryakov, of course, nebylo. Therefore, I downloaded it on a USB flash drive and took it home.
I tried to open it for more than a month, the lack of necessary knowledge affected. Paradox: in fact, the success of the event would guarantee me a red diploma, because The topic “automated design of ships” in the context in which I was implementing it, had not been raised before by anyone at my institute, which was directly told to me by the head. And the ill-fated software with an expired license, was one of its links.
All day long I had to sit under SoftIce, delving into 5 megabyte assembly code. A lot of paper was written with all sorts of displacement addresses and other HEX-crap. Friends, this is a terrible headache, and later I left the crack-community - for me it is too difficult.
But the software still succumbed - the serial number was hard-wired into the code and several checks were removed. I got out, though a new feature - now until you disconnect the network connection, nothing worked. And she began to fly out sometimes. But the patient was more alive than dead. I was able to continue further work.
Without hesitation, I just brought the retail version back to the EC. During laboratory work, the network was disconnected and the people worked in a junk program (I did not use it alone). Everyone just thought that I had “repaired” it, that the program did not work, and I repaired it, well, wasn’t it great? To bring this stuff back to college was the most stupid of decisions.
Then I corresponded with the support SeaTech (the developer of this program) for licenses. They had an idea at what school I study. Representatives of the company actively collaborated with the university, and could easily find out that some kind student brought a broken version of their brainchild. This is what happened.
The email almost immediately received the following message:
A cross inquiry to google gave me the giblets .
UPD: The request now gives me and Habr with the guts.
I did not answer, maybe blow over. Began a tedious wait, what will happen next. And the prospects were very unruly - a criminal case could be brought against me and expelled from the university. What did I feel then words can not convey. Worse could not be.
However, it could. Less than a week later, the hellish caller sent me another letter, where, without unnecessary comments, my home address was simply specified with an accuracy of an apartment. So, the cell slammed shut, I thought, and crossed myself. Now there were not many options. What now waited for me only God knew. To say that it was scary to say nothing.
By that time, summer had come, the session had safely surrendered, and there was an occasion (some other) to get out of town for a month or two. By that time, incomprehensible calls began to be heard at my home address with a request to invite me to the telephone. Judging by the printouts, calls from Nizhny Novgorod, damn it . I did not take the tube.
To my luck, I had a place to go, and I rested for 1.5 months and did not know grief. This whole nightmare was gradually forgotten. But when I returned, they told me that some people had repeatedly come (two in civilian clothes) asked me. On the question of home "why?", Answered shortly: "We need to talk, he is in the know." But I was not aware. Unlike the employees of the bodies, it is even less likely that the lads became interested in me.
A couple of weeks, I did not venture to appear at home. As time went on, summer was coming to an end, and hiding forever was pointless. Everything has its end, I thought, returned home, and went to surrender, do not shoot the prisoners?
But first, I made the last attempt to rehabilitate. I wrote the most honest letter to the support of SeaTech, about who I was and why I did it, explained the situation. And a miracle happened. Either they were in a good mood, or an understanding support was caught, but in response I received a letter asking when I have a diploma defense. I replied that I had as many as 3 years, to which I was sent a license file for this period to my home computer. I told you that I would not do it again. This is how aUFO flew in and saved me . Yes, yes, it happens, I did not think that such situations are simply resolved.
Surprisingly, exactly at this place the story ends. No calls, no more people. I suppose that they simply wanted to intimidate me, and my home address could be obtained at the institute. What it was was completely incomprehensible. The school year began, no one said a word about what happened. As if there was nothing. And I got a diploma.
I was lucky, I would make a slight fright. Now, without a smile, you can not remember those adventures, but then, believe me, it was not a joke. A few rules:
Rule 1. Do not break.
Rule 2. Try not to conduct open discussions on your hacker activity on the Internet. Lead them from another nickname / e-mail at least.
Rule 3. If you break, hide as much as possible.
Rule 4. If it is clear that you have been calculated, and there are prerequisites, it is better to repent, maybe later it will be too late.
UPD: Rule 5. If something is broken, do not tell anyone (thanks to XaocCPS ).
Take a look at the list. At the very beginning of the article, I noted that these things may seem self-evident. But pay attention to Rule 1, when you decide to punish the unfortunate programmer of a site. Think about it - perhaps the result will be a criminal record and a ruined career .
Thanks for attention. I sincerely hope that someone will draw the appropriate conclusions from my history.
UPD Transferred to "Information Security".
Well, how pleasant it is to catch intruders, only the one who caught them knows. But ask those who came across, what is it to them? And I will tell you, and share my thoughts about it. If they seem to someone for granted, I will only be glad.
It happened in 2002. Then I was still a student, I studied in the second year of the shipbuilding department.
Even then, slowly I began to prepare for a diploma, before you sit down - before you leave. Thesis was from the series “Design a ship on a computer”. And, because, in the auto-cadre you never do this, the appropriate software was used.
')
The university then had a purchased license for the profile software product SeaSolution (it builds a 3D model of the ship hull, the possibilities of the mat kernel were just crazy for those times). The software product with the help of the license file was tied to the corresponding machines in the computer center, where I hung after the pairs until the evening. I'd add that it was really interesting - to model the ship with all the bulkheads and mechanisms, after a few months the model grew to 500 MB, I had to beat her into pieces and then combine them back.
The project was almost ready when the terrible happened.
One day, all copies of SeaSolution'a in the EC said
% username% my license is expired
All work got up. Then it turned out that the great institute men did not invent anything better than to buy a time-limited license. To buy the full version, as I understood later, no one was going to, exactly like to extend the existing one.
The project was killed for half a year almost daily classes. It all got cancer. Let me remind you, it was only the second course, you could start anew, use other software, in general, there were several options. I was desperate.
But I had one trump card up my sleeve - at that time I had been interested in the crack scene for a couple of months. Knowledge was a minimum, but I decided to try to break the program. I could not buy it anyway - the cost of a license of 3 kilobax was somewhat higher than my scholarship, the “student” version did not fit - export to IGES did not work, without which there was no way. Kryakov, of course, nebylo. Therefore, I downloaded it on a USB flash drive and took it home.
I tried to open it for more than a month, the lack of necessary knowledge affected. Paradox: in fact, the success of the event would guarantee me a red diploma, because The topic “automated design of ships” in the context in which I was implementing it, had not been raised before by anyone at my institute, which was directly told to me by the head. And the ill-fated software with an expired license, was one of its links.
All day long I had to sit under SoftIce, delving into 5 megabyte assembly code. A lot of paper was written with all sorts of displacement addresses and other HEX-crap. Friends, this is a terrible headache, and later I left the crack-community - for me it is too difficult.
But the software still succumbed - the serial number was hard-wired into the code and several checks were removed. I got out, though a new feature - now until you disconnect the network connection, nothing worked. And she began to fly out sometimes. But the patient was more alive than dead. I was able to continue further work.
Without hesitation, I just brought the retail version back to the EC. During laboratory work, the network was disconnected and the people worked in a junk program (I did not use it alone). Everyone just thought that I had “repaired” it, that the program did not work, and I repaired it, well, wasn’t it great? To bring this stuff back to college was the most stupid of decisions.
UFO came out in a month
Then I corresponded with the support SeaTech (the developer of this program) for licenses. They had an idea at what school I study. Representatives of the company actively collaborated with the university, and could easily find out that some kind student brought a broken version of their brainchild. This is what happened.
The email almost immediately received the following message:
You have already lit up in various online parties. Calculate your current location is a matter of near time
A cross inquiry to google gave me the giblets .
UPD: The request now gives me and Habr with the guts.
I did not answer, maybe blow over. Began a tedious wait, what will happen next. And the prospects were very unruly - a criminal case could be brought against me and expelled from the university. What did I feel then words can not convey. Worse could not be.
However, it could. Less than a week later, the hellish caller sent me another letter, where, without unnecessary comments, my home address was simply specified with an accuracy of an apartment. So, the cell slammed shut, I thought, and crossed myself. Now there were not many options. What now waited for me only God knew. To say that it was scary to say nothing.
By that time, summer had come, the session had safely surrendered, and there was an occasion (some other) to get out of town for a month or two. By that time, incomprehensible calls began to be heard at my home address with a request to invite me to the telephone. Judging by the printouts, calls from Nizhny Novgorod, damn it . I did not take the tube.
To my luck, I had a place to go, and I rested for 1.5 months and did not know grief. This whole nightmare was gradually forgotten. But when I returned, they told me that some people had repeatedly come (two in civilian clothes) asked me. On the question of home "why?", Answered shortly: "We need to talk, he is in the know." But I was not aware. Unlike the employees of the bodies, it is even less likely that the lads became interested in me.
A couple of weeks, I did not venture to appear at home. As time went on, summer was coming to an end, and hiding forever was pointless. Everything has its end, I thought, returned home, and went to surrender, do not shoot the prisoners?
But first, I made the last attempt to rehabilitate. I wrote the most honest letter to the support of SeaTech, about who I was and why I did it, explained the situation. And a miracle happened. Either they were in a good mood, or an understanding support was caught, but in response I received a letter asking when I have a diploma defense. I replied that I had as many as 3 years, to which I was sent a license file for this period to my home computer. I told you that I would not do it again. This is how a
Surprisingly, exactly at this place the story ends. No calls, no more people. I suppose that they simply wanted to intimidate me, and my home address could be obtained at the institute. What it was was completely incomprehensible. The school year began, no one said a word about what happened. As if there was nothing. And I got a diploma.
I was lucky, I would make a slight fright. Now, without a smile, you can not remember those adventures, but then, believe me, it was not a joke. A few rules:
Rule 1. Do not break.
Rule 2. Try not to conduct open discussions on your hacker activity on the Internet. Lead them from another nickname / e-mail at least.
Rule 3. If you break, hide as much as possible.
Rule 4. If it is clear that you have been calculated, and there are prerequisites, it is better to repent, maybe later it will be too late.
UPD: Rule 5. If something is broken, do not tell anyone (thanks to XaocCPS ).
Take a look at the list. At the very beginning of the article, I noted that these things may seem self-evident. But pay attention to Rule 1, when you decide to punish the unfortunate programmer of a site. Think about it - perhaps the result will be a criminal record and a ruined career .
Thanks for attention. I sincerely hope that someone will draw the appropriate conclusions from my history.
UPD Transferred to "Information Security".
Source: https://habr.com/ru/post/86394/
All Articles