Information Security & US & Life & Love & Fashion & Hacking & Passion

Once intruders have successfully gained administrator access on a system, they try to cover their tracks to prevent detection of their presence (either current or past) on the system. A hacker may also try to remove evidence of their identity or activities on the system to prevent tracing of their identity or location by authorities. To prevent detection, the hacker usually erases any error messages or security events that have been logged. Disabling auditing and clearing the event log are two methods used by a hacker to cover their tracks and avoid detection.

The first thing intruders do after gaining administrator privileges is disable auditing. Windows auditing records certain events in a log file that is stored in the Windows Event Viewer. Events can include logging into the system, an application, or an event log. An administrator can choose the level of logging implemented on a system. Hackers want to determine the level of logging implemented to see whether they need to clear events that indicate their presence on the system.

Hacking Tool Auditpol is a tool included in the Windows NT Resource Kit for system administrators. This tool can disable or enable auditing from the Windows command line. It can also be used to determine the level of logging implemented by a system administrator.

Intruders can easily wipe out the security logs in the Windows Event Viewer. An event log that contains one or just a few events is suspicious because it usually indicates that other events have been cleared. It's still necessary to clear the event log after disabling auditing, because using the Auditpol tool places an entry in the event log indicating that auditing has been disabled. Several tools exist to clear the event log, or a hacker can do so manually in the Windows Event Viewer.

Hacking Tools

The elsave.exe utility is a simple tool for clearing the event log. It's command line based.

WinZapper is a tool that an attacker can use to erase event records selectively from the security log in Windows 2000. WinZapper also ensures that no security events are logged while the program is running.

Evidence Eliminator is a data-cleansing system for Windows PCs. It prevents unwanted data from becoming permanently hidden in the system. It cleans the Recycle Bin, Internet cache, system files, temp folders, and so on. Evidence Eliminator can also be used by a hacker to remove evidence from a system after an attack.

Understanding Steganography Technologies

Steganography is the process of hiding data in other types of data such as images or text files. The most popular method of hiding data in files is to utilize graphic images as hiding places. Attackers can embed any information in a graphic file using steganography. The hacker can hide directions on making a bomb, a secret bank account number, or answers to a test. Any text imaginable can be hidden in an image. In Exercise 4.3 you will use Image Hide to hide text within an image.

Hacking Tools ImageHide is a steganography program that hides large amounts of text in images. Even after adding bytes of data, there is no increase in the image size. The image looks the same in a normal graphics program. It loads and saves to files and therefore is able to bypass most email sniffers. Blindside is a steganography application that hides information inside BMP (bitmap) images. It's a command-line utility. MP3Stego hides information in MP3 files during the compression process. The data is compressed, encrypted, and then hidden in the MP3 bitstream. Snow is a whitespace steganography program that conceals messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs generally aren't visible in text viewers, the message is effectively hidden from casual observers. If the built-in encryption is used, the message can't be read even if it's detected. CameraShy works with Windows and Internet Explorer and lets users share censored or sensitive information stored in an ordinary GIF image. Stealth is a filtering tool for PGP files. It strips off identifying information from the header, after which the file can be used for steganography.

EXERCISE 4.3: Hiding Data in an Image Using ImageHide To hide data in an image using ImageHide: Download and install the ImageHide program. Add an image in the Image Hide program. Add text in the field at the bottom of the ImageHide screen. Hide the text within the image using ImageHide.

Steganography can be detected by some programs, although doing so is difficult. The first step in detection is to locate files with hidden text, which can be done by analyzing patterns in the images and changes to the color palette.

Countermeasure Tools Stegdetect is an automated tool for detecting steganographic content in images. It's capable of detecting different steganographic methods to embed hidden information in JPEG images. Dskprobe is a tool on the Windows 2000 installation CD. It's a low-level hard-disk scanner that can detect steganography.

PepsiCo (NYSE: PEP  )
This great company could be a good addition to any portfolio. Of course, it has the whole battle-for-Olympus thing going on with Coca-Cola (NYSE: KO  ) for dominance in the fizzy beverage world, but it also has a giant snack-food arm that has provided significant growth. However, the company's quality hasn't escaped many investors, and the stock's current valuation suggests pretty middle-of-the-road returns ahead. For investors playing defense, that could be just fine, but it's not enough to make PepsiCo my next buy.

Home Depot (NYSE: HD  )
It's easy to be a Home Depot hater. Maybe a little too easy. The economy is sluggish, the housing market is still pretty much in shambles, and chief competitor Lowe's (NYSE: LOW  ) has made up significant ground on it in recent years. However, the company's CEO Frank Blake has been at the helm for a little more than four years now, and I think he's moving the company in a good direction. And with few investors particularly bullish on a home-improvement retailer during a prolonged housing slump, the stock also has a pretty attractive valuation. That said, retailing is a tough business, and I'm not sure I'm sold on the durability of Home Depot's competitive advantage.

Exelon (NYSE: EXC  )
There's a lot to like about Exelon, and high on the list is the stock's 5% dividend yield. The power company also has a very significant amount of nuclear generation assets. Though nuclear took a hit on the PR front this year after the disaster in Japan, most reasonable people still consider it a very viable solution for lower-emission energy generation. But as I noted in my write-up, I'm not crazy about the offer that the company made for Constellation Energy, so that knocked the stock down on my list.

Aflac (NYSE: AFL  )
It was very tough for me to not put Aflac in the top spot. I think there's the potential for very significant returns from the stock going forward. I like the dividend, I like the management, I like the business, and even without Gilbert Gottfried (or maybe especially without Gottfried?), I like the duck. Above all, I like the future potential. There are some big question marks for the health care systems in both the U.S. and Japan, which could mean more business for a supplemental insurance provider like Aflac. So why didn't it get the top spot? Because I liked another stock just a bit more.

ArcelorMittal (NYSE: MT  )
How did ArcelorMittal make it all the way to the top of my list? In four simple words: It's ... so ... darn ... cheap. As I noted last month, its price-to-earnings ratio based on average 10-year earnings -- a measure that value investor Ben Graham was a fan of -- was a mere 7.3. A commenter on one of my articles also pointed out that the stock trades at just a hair above half of the company's reported book value. But it's not just a "this is really cheap" thesis. This is also a really great company and a global leader in the steel business. Better still, it was built, is run, and is 41% owned by Lakshmi Mittal, a fellow who I think is a very savvy steel man (not to be confused with Iron Man). Finally, I should also point out that my personal portfolio is light on materials companies, so ArcelorMittal also got a boost because it would increase my portfolio's diversification.