
CBS confirms reporter Sharyl Attkisson’s computer breached - rpm4321
http://www.washingtonpost.com/lifestyle/style/cbs-confirms-reporter-sharyl-attkisons-computer-breached/2013/06/14/321b77f0-d504-11e2-a73e-826d299ff459_print.html
======
tumblen
A couple months ago I turned VNC on quickly, without a password, just to test
out an app that turns my iPad into a trackpad for my computer. Of course,
forgot to turn off VNC after learning the iPad trackpad wasn't a great
solution for me.

A couple days later as I was working, my cursor kept getting pulled away from
me and I figured there must be some tracking issue with the mouse, not giving
it a second thought.

I started reading something at my desk and looked up - a tab had been opened
in Chrome to some .ru domain name and someone was clicking a 'Pay with PayPal'
link on the page.

With my PayPal password auto-filled, they would have had easy work of getting
into my account to pay a large, arbitrary amount to themselves.

Luckily, I caught it just in time. They were so good at keeping control of the
mouse that I had to run to unplug my router.

Point is, VNC is a really easy vector to gain access to a computer and there
are apparently people or bot constantly port scanning everything to find
what's unsecured.

Was definitely a wake up call for me and I wouldn't be surprised if this is a
similar case.

~~~
vardyr
If someone was able to initiate a connection to your desktop behind a router,
and you did not manually set up port forwarding, it sounds like you have UPnP
enabled. I strongly suggest turning that off.

This would not happen behind any home router I know of with UPnP disabled,
unless you have malware on the machine.

------
tptacek
The dumbest script-bound teenagers will appear "sophisticated" to the
Washington Post. How you know this attacker wasn't sophisticated: the
Washington Post "detected" them.

 _Note: as was pointed out downthread, I 'm being sloppy; CBS "detected"
them._

~~~
pdeuchler
Who profits from this breach?

I have a hard time believing any sort of script kiddy would risk major jail
time and a high profile arrest for hacking into a journalists laptop for no
profit.

The NSA/Gubberment however, does have quite a bit to gain from this
information/deletion

~~~
dkokelley
The thing with script kiddies is that they are not necessarily mature enough
to realize and properly weigh the risks associated with their illicit hacking.
It's fun and it gets them "cyber cred". Gangsters are often the same way. They
risk jail time for flashy stunts that earn them respect from their peers.

~~~
jivatmanx
A script kiddie would do as much damage / steal and leak as much information
in as dramatic and public fashion as possible. That indeed doesn't seem to be
the case here.

~~~
tptacek
No, also not true of "script kids". They do that when it suits them. You're
naive if you think the only systems they break into are the ones that land on
Pastebin.

------
cientifico
I am curious why this information appears now. Is this in reference to
Microsoft given exploits to the government?

If that is the case, could this problem be solve by installing linux? I am not
a linux fan, but the point of the source code being open and review by
millions of people starts making me feeling more secure.

~~~
tptacek
Microsoft doesn't give "exploits" to the government. Microsoft doesn't have
the in-house expertise to write many of those exploits. It provides
information about verified security vulnerabilities (different from exploits)
before they're patched, because their patch schedules are elaborate and
necessarily create a window of unpatched vulnerability. Microsoft also gives
the same information to many commercial vendors, so they can write antivirus
and IPS signatures.

NSA does not need Microsoft's help to break into computers.

~~~
kunai
This is going to sound dickish, but technically it's " _the_ NSA," not just
"NSA".

"National Security Administration doesn't need Microsoft to break into
computers." vs "The National Security Administration doesn't need Microsoft to
break into computers."

Too much of a tangent, perhaps?

~~~
dfc
Tangent or not I'm interested. I think its less settled than you think. In
fact I was always on the opposite team; its "NSA/DoD/DoE did x" just like it
is "IBM did x" and not "the IBM did x."

I did enough research to conclude that it was not a settled issue. Its clear
that if the initials were lower case and referred to a generic agency that
deals with national security it would be "the national security agency"
similar to the "the fishing tackle section of a sporting goods store." On the
other hand a gander at DoD's style guide[1] makes it clear that they do not
like the "the."

I'd love to see why you think its opposite. That's not dickish, that's a
desire to answer a question that's been nagging me for a long time.

[1]
[http://www.dtic.mil/whs/directives/corres/writing/Writing_St...](http://www.dtic.mil/whs/directives/corres/writing/Writing_Style_Guide.pdf)

From the english.SX:

"Is it proper to use “the” before the name of a government organization?"
[http://english.stackexchange.com/questions/76976/is-it-
prope...](http://english.stackexchange.com/questions/76976/is-it-proper-to-
use-the-before-the-name-of-a-government-organization)

"Using the definite article with acronyms and initialisms"
[http://english.stackexchange.com/questions/30596/using-
the-d...](http://english.stackexchange.com/questions/30596/using-the-definite-
article-with-acronyms-and-initialisms)

"Definite article with proper nouns, titles followed by a common noun"
[http://english.stackexchange.com/questions/2327/definite-
art...](http://english.stackexchange.com/questions/2327/definite-article-with-
proper-nouns-titles-followed-by-a-common-noun)

"The definite article usage with objects that have names"
[http://english.stackexchange.com/questions/16988/the-
definit...](http://english.stackexchange.com/questions/16988/the-definite-
article-usage-with-objects-that-have-names)

"Capitalising the definite article in names"
[http://english.stackexchange.com/questions/84288/capitalisin...](http://english.stackexchange.com/questions/84288/capitalising-
the-definite-article-in-names)

~~~
hga
Maybe it is clearer if we note this as proper usage: "the IBM _corporation_."

Similarly, "the _Department_ of Defense", "the National Security _Agency_ ".

~~~
dfc
Frankly that does not make it any clearer to me. Which could be because I am
bad at the nitty gritty of english syntax. But most importantly, with all due
respect you are not Strunk and White. I am looking to a clear definitive
reference and in the future I cant say "I know it is written this way because
hga said so."

~~~
hga
Well, you can start here for a well referenced treatment of these nouns:
[http://en.wikipedia.org/wiki/Proper_noun](http://en.wikipedia.org/wiki/Proper_noun)

~~~
dfc
The reason your comment did little to clear things up is because it relied on
spelling the agencies/organizations names out. It is clear that the rules
change for acronyms and abbreviations.

------
brown9-2
How can you detect what commands were run on a laptop by someone months ago?

If you assume the OS is Windows, is it normal to even log those?

~~~
kunai
Well, if you're on any arbitrary Unix system with bash installed, just open up
a terminal emulator and keep hitting the up arrow key. It should give you a
full history of all commands entered. Unfortunately, there's no date tagging
to my knowledge, so you'll just have to remember when you entered a command
and if you see any anomalies.

~~~
ben1040
>It should give you a full history of all commands entered.

Commands entered by that user, in a shell, assuming the shell's history file
wasn't cleared. So maybe you'd get a history of what someone did if they sat
down at your computer and typed things while you were away refilling your
coffee.

Your shell history isn't going to show a trace if someone actually remotely
roots your computer and starts executing commands.

~~~
kunai
If it was done through a root account, then

    
    
      sudo su
    

and accessing a shell history should do the trick, right? Please correct me if
I'm wrong.

~~~
ben1040
It would IF they obtained a root shell and started typing commands into it
like they were at the console, and that they didn't just go ahead and delete
the history file right afterwards.

But if someone's used a privilege escalation method on some vulnerable
software and injects code that makes system() calls as the root user, that's
not going to show up in root's shell history.

Shell history is just a convenience for the user typing things in the shell;
it doesn't log everything that goes on in the box as that given user, and
isn't an audit trail.

------
steven2012
Is your computer waking up in the middle of the night a sign that it's being
accessed? I've seen this with my laptop often, I have Windows 7, and I didn't
think twice about it. Now I'm thinking twice...

~~~
socillion
Windows Update is, I believe, scheduled for 3am by default. If connected to
AC, it can wake up your computer to install updates. You can look into this
more with the powercfg command (from an Admin console).

    
    
        powercfg -lastwake
    

"Computer waking up" is meaningless without controlling for updates and other
factors, including dog/cat/mouse bumping into a mouse cable.

~~~
epochwolf
If your desk isn't level or if you have a fan on, the mice could move enough
to wake the computer. :)

------
rubbingalcohol
This was right around the time when there were numerous other attacks on press
and US industry networks by Chinese IP addresses. There's not enough info here
to draw any conclusions, but I certainly wouldn't jump on the NSA bandwagon
just because they're up in our netz (they probably wouldn't need to compromise
her specific computer anyway).

