Quantcast

Pwned by the Owner 4: Lessons Learned

At the end of his fantastic Defcon talk, Andrew ‘Zoz’ Brooks takes some time to provide more details about the thief’s identity, and lists the lessons learned.

Who is Melvin Guzman? The Close-Up

The thief’s Facebook profile

The thief’s Facebook profile

Well, Melvin Guzman is the kind of person who spells his own name wrong on his Facebook page (see snapshot). His main activity is taking photos of himself for online dating sites, and when he saves those pictures he just mashes on the keyboard. So, my stolen computer, my beloved Mac is being used by someone less competent than a typewriting chimp. But, you know, maybe if he’d stolen infinite number of computers, he might figure out if the complete works of Shakespeare could fit in a Mac OS filename.

But thanks to a self-portrait obsession, I hereby present the many sexy faces of Melvin Guzman (see photos below). I’m sure the ladies love some of those. And all the ladies out there: this man is available, contact me if you would like his phone number.

Facebook page main photo

Facebook page main photo

Ladies must love this one

Ladies must love this one

Wink-wink

Wink-wink

 

Melvin in shower

Melvin in shower

Now I’m sorry to anyone who wanted to see the full monty here (see image on the left), but after I originally submitted the slides the Defcon stuff told me that they might have trouble when they put the videos of this talk on their CDs that they have for sale afterwards, and they may have some trouble with the A/V company if I left it in. So I had to search for something to cover up the weiner here, if you like.

Making love to the camera

Making love to the camera

But let me just say that when I searched for Defcon logo images on Google Images I only had to search for icon size. If you’ve ever wondered what photographers mean when they say: “Make love to the camera” – that’s what they mean (see collage on the right). Having made love to the camera he doesn’t mind cuddling it afterwards.

But this seems to work, alright, because the sexy ladies of the Internet responded and it worked out for him, so here’s what he was receiving back (see pics below). So, at last he found the ‘phat’ booty he was looking for, I assume so.

Melvin is popular!

Melvin is popular!

She doesn’t mind dating Melvin

She doesn’t mind dating Melvin

Found it!

Found it!

 

Why type different messages?

Why type different messages?

I don’t know a lot about online dating techniques, but I noticed when I was looking at the keylogger that there were a lot of Ctrl+V’s. And I found out why that was from watching in VNC. This guy would write a message once and then copy and paste it to literally hundreds of women. I think this used to be called the ‘shotgun approach’, but I don’t think they make shotguns that can hit 200 targets at once. So maybe we should call it the ‘nuke from orbit approach’.

Surprisingly, Melvin is a wannabe criminal justice expert

Surprisingly, Melvin is a wannabe criminal justice expert

And finally, an interesting bit of info considering that this is a guy using a stolen computer: he’s taking an online course for criminal justice. I think he’s enrolled in my online course for criminal justice.

After I handed all the address information I was able to give them, the police were able to go and recover the computer, and I think they did it the day after I submitted these Defcon slides after the deadline.

Lessons Learned

Conclusions to draw

Conclusions to draw

It taught me some lessons that I thought I would share with you. First of all, obviously, my security of the machine in the data security sense, in terms of not encrypting the hard disk and letting it boot in single user mode – was shithouse. But if I had better security, then I would never have been able to recover the computer: if the guy couldn’t log into it, if he had to wipe the drives, if he couldn’t reconnect it to the network – same deal.

So I actually recovered the hardware and I did recover some of my data; some of it had been erased but I got a little bit of it back and I set up rSync scripts every time it was online to pull in more and more of the stuff. I often wonder if he was paying for bandwidth as well, because every time it would connect I’d be sloping gigabytes of stuff back down his dial-up.

The second lesson is a lot of these services are potential vulnerabilities against a trained threat. Like, everyone here is thinking: “Oh yeah, you’re running VNC, and if you’re not tunneling it over SSH, you’re totally making a mistake,” especially also having a daemon that tracks the IP addresses wherever this machine moves, especially if this was a mobile platform. You know, if I was running a DynDNS update on my laptop, people would know where I was all the time. So that would be bad against a trained threat, but very good against a low-tech threat. So it’s all about, sort of, threat modeling and remembering to buy that 20-dollar deadbolt.

The final lesson learned: don’t fuck with a hacker’s machine!

Another thing: the Keychain1 versus key logs. I’m one of those guys that never really trusted the keychain, because it’s a single point of failure, it’s got everything in it. What if you could get into it? But it’s actually an interesting defense against the keyloggers, which is something you’re more likely to have on your machine from spyware and stuff.

There are more sophisticated keyloggers; there are ones that log mouse movements and clicks and things like that; but for a very basic keylogger, having forms and passwords just fill themselves in automatically when you’ve logged in once – you know, it’s potentially protective.

And then finally, having my serial number was great, like, being able to give that to the cops, file the police report meant that the hardware could be recovered; without that serial number there’s no way. So write that down somewhere.

And then, the final lesson learned, of course, I’m sure you all know: don’t fuck with a hacker’s machine! Thank you!

 
1 Keychainpassword management system in Mac OS.

 
Read previous: Pwned by the Owner 3: VNC, Browser Cookies and Keylogger to the Rescue

Like This Article? Let Others Know!
Related Articles:

One comment

  1. John Smith says:

    You shouldn’t be posting the images of the woman. She isn’t a part of stealing your computer. Why are you posting naked pictures of her online?

Leave a comment:

Your email address will not be published. Required fields are marked *

Comment via Facebook: