Not only that: "Kaspersky analyst Dmitry Bestuzhev cracked the hash for the password Sept. 17 just hours after Symantec put out a public request for help"
How is it possible to crack 900gage!@# in a few hours?
Unreal that he was able to crack it so fast.. a little scary really! He might have access to precomputed password hashes in a database. For example, you create a massive password list and compute all the hashes, save them in a database, why would you compute these hashes and throw away the results each time. You might just say "select plain_text from results where hash = '27934e96d90d06818674b98bec7230fa';". Just a guess though.
there are crackers that work with templates, so that they reduce the amount of space to search. the trick is to have good templates. for example, in this case, they probably had a template that was 3 digits, 4 lower-case letters, 3 symbols. the idea being that people are more likely to do that than 9#gag0e!0@, for example.
so it's a combination of luck, computing power (they probably have a farm of gpus), and careful selection of templates (probably guided by analysis of known passwords).
Google's web search by date works by parsing dates on pages, not by loading actual historical search data, so it's possible to backdate information with it.
Do people still think this was created by the NSA? It seems extraordinarily unlikely that they would use such a weak password, one that you would expect to fall to a rules based engine. The only way I could even imagine that happening is as a bit of misdirection, and there must surely be misdirection you can do that doesn't compromise your security.
Presumably, the operators accessing it are using other compromised servers as proxies to connect to the C&C servers. Their initial connection from HQ is probably to an overseas VPN that has been setup by an IC shell company (shell being a front, not computer shell).
Am I right in reading the Symantec C&C report and seeing that the servers were on Linux machines? Were the hiding the activity from themselves in case they were compromised? I assumed that they were infecting machines and using them as servers. Was there a linux vulnerability too?
[+] [-] WestCoastJustin|13 years ago|reply
Full Analysis of Flame's Command & Control servers by Kaspersky Lab Expert http://www.securelist.com/en/blog/750/Full_Analysis_of_Flame...
[+] [-] vinhboy|13 years ago|reply
[+] [-] xal|13 years ago|reply
What? How did they crack this if brute force failed? That's scary as hell.
[+] [-] miles|13 years ago|reply
How is it possible to crack 900gage!@# in a few hours?
[+] [-] WestCoastJustin|13 years ago|reply
[+] [-] andrewcooke|13 years ago|reply
so it's a combination of luck, computing power (they probably have a farm of gpus), and careful selection of templates (probably guided by analysis of known passwords).
[+] [-] shawndellysse|13 years ago|reply
[+] [-] jayfuerstenberg|13 years ago|reply
Cracking a hashed algorithm computed in SHA-512 or even BCrypt is a different story from MD5.
[+] [-] ck2|13 years ago|reply
More likely they used a table of known existing passwords and variations on the them?
[+] [-] Steko|13 years ago|reply
http://www.google.com/search?q=900gage!%40%23&hl=en&...
{restricted date to before a few days ago}
[+] [-] bcoates|13 years ago|reply
[+] [-] emmelaich|13 years ago|reply
Google search result says that that appeared on 21 Nov 2010.
See it here from google's cache: http://goo.gl/Yctw3
[+] [-] luu|13 years ago|reply
[+] [-] WestCoastJustin|13 years ago|reply
[1] http://www.nytimes.com/2012/06/01/world/middleeast/obama-ord...
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] madsravn|13 years ago|reply
[+] [-] gknoy|13 years ago|reply
[+] [-] YZF|13 years ago|reply
[+] [-] ianhawes|13 years ago|reply
[+] [-] TomAnthony|13 years ago|reply
[+] [-] superuser2|13 years ago|reply
[+] [-] YZF|13 years ago|reply
[+] [-] drivebyacct2|13 years ago|reply