For a few minutes, try thinking like a computer criminal. A few months ago, you were fired from Big Whammix, the large smokestack employer on the other side of town, and now you’re working for a competing company, Bigger Bammers. Your job at Bammers is corporate espionage; you’ve spent the last month trying to break into Big Whammix’s central mail server. Yesterday, you discovered a bug in a version of the web server software that Whammix is running, and you gained privileged access to the system.
What do you do now?
Your primary goal is to gain as much valuable corporate information as possible, and do so without leaving any evidence that would allow you to be caught. But you have a secondary goal of masking your steps so that your former employers at Whammix will never figure out that they have lost information.
Realizing that the hole in the Whammix web server might someday be plugged, you decide to create a new back door that you can use to gain access to the company’s computers in the future. One logical approach is to modify the computer’s SSH server to accept hidden passwords. Because the source code for sshd is widely available, this task is easy.
You want to hide evidence of your data collection, so you also patch the /bin/ls program. When the program is asked to list the contents of the directory in which you are storing your cracker tools and intercepted mail, it displays none of your files. You “fix” the computer’s MD5 utility so that it detects ...