Google Answers: Hiring "White Hat" Hacker

View Question

Q: Hiring "White Hat" Hacker - how and where? ( No Answer, 3 Comments )

Question

Subject: Hiring "White Hat" Hacker - how and where?
Category: Computers > Security
Asked by: pcventures-ga
List Price: $12.00

Posted: 28 Jan 2003 16:56 PST
Expires: 27 Feb 2003 16:56 PST
Question ID: 149716

Greetings: I'm a computer consultant. I've been helping a client harden her PC and attempt to ferret out hacking attempts against it. It looks like the attacks continue to this day. Unfortunately, I've reached the limits of my computer security knowledge. My client would like to hire a "white hat" hacker to further harden her machine and/or catch the intruder. I do know enough to install firewalls - I have both a hardware firewall/router and a software firewall protecting her machine. I have no contacts in the local computer security community. (My client and I agree that if we hire another expert, it should be someone in the immediate geographic area.) Can anyone reading/answering this question suggest a way to find a local expert who can help?
Request for Question Clarification by tar_heel_v-ga on 28 Jan 2003 17:01 PST Where are you located?
Clarification of Question by pcventures-ga on 28 Jan 2003 17:08 PST The client and I are in Westchester County, NY, a suburb directly adjoining New York City.
Request for Question Clarification by duncan2-ga on 28 Jan 2003 19:51 PST What kind of system is this (which OS version)? Windows? Linux? Macintosh? And what kind of hacking are you seeing? What evidence do you have that it's actually a hacking attempt as opposed to malware or spyware being installed unwittingly by the user (i.e. with software bundled with Kaazaa, for example). Or just automated probes from worms and virii? While it's conceivable that you could find a security expert willing to examine this, if it's a home machine with Win 95/98/ME, it seems unlikely that it would be worth the expense to hire outside help. Are you running the latest patches (for instance, are you current with security updates from Microsoft's Update service?) and have recent Virus protection installed?
Clarification of Question by pcventures-ga on 28 Jan 2003 21:06 PST What kind of system is this (which OS version)? Windows? Linux? Macintosh? Win98 Second edition. And what kind of hacking are you seeing? What evidence do you have that it's actually a hacking attempt as opposed to malware or spyware being installed unwittingly by the user (i.e. with software bundled with Kaazaa, for example). Or just automated probes from worms and virii? Not entirely sure. We're using BlackIce as the software firewall, and it's recording various http attacks and finger probes. I put programs on there that detect and flush spyware, but they didn't turn up anything that looked overly suspicious. While it's conceivable that you could find a security expert willing to examine this, if it's a home machine with Win 95/98/ME, it seems unlikely that it would be worth the expense to hire outside help. My client needs reassurance from someone with expertise beyond mine that there are either serious intrusion attempts from a particular person, or random hackers out to sniff out broadband connected PCs. She trusts me implicitly, and isn't looking to replace me as her tech, but I have run out of knowledge. It's a very complex situation, and I would have to brief this person with a lot of details. Are you running the latest patches (for instance, are you current with security updates from Microsoft's Update service?) and have recent Virus protection installed? Not really, to the former, and yes, to the second one.

Answer

There is no answer at this time.

Comments

Subject: Re: Hiring "White Hat" Hacker - how and where?
From: sycophant-ga on 29 Jan 2003 00:32 PST

My feelings about your problem, as an IT consultant with a fairly good
knowledge of security, is this: Due to the limited nature of Windows
98 SE remote access options, there is little or no serious risk of an
actual comprimise, assuming the following:
1) You are not running any poorly secured 'remtote desktop' software
(eg. PC Anywhere)
2) You are running good anti-virus software with up-to-date
signatures.
3) You are running personal firewall software.

Windows 98 SE, out of the box, with updated patches, is not known to
offer any remote vulnerabilities. Therefore, unless there is software
waiting for a connection (ie. a trojan or 'remote desktop' software),
it is safe to say that an attack cannot be successful.

The point of the anti-virus software is to stop trojans becoming
installed on the system. And the firewall should actually stop any
incoming connections being received, even if trojans are present.

If you are seeing seemingly unconnected probe attempts from the
outside, to various known trojan ports, then the fact is that you are
connected to the internet. These connection attempts are almost
impossible to avoid, as some script-kiddies simply scan IP ranges, and
in other cases machines infected with some trojans will probe random
IPs to build a map for possible infection.

If you have access to a Linux system you should be able to do a remote
inspection as comprehensive as any white-hat is likely to offer, with
the 'nmap' tool.

In your case, it is probably a good idea to get the Win98 service
packs, but the firewall and virus protection are really your first and
best lines of defence.

If you still want to find someone like this, I might suggest your
local Linux Users Group as a source of helpful geeks, however, rather
than post directly to a mailing list or something, I suggest you
contact a representative and see if they can suggest someon.

Good Luck,
sycophant-ga

Subject: Re: Hiring "White Hat" Hacker - how and where?
From: djuti-ga on 31 Jan 2003 20:11 PST

To answer the question of how first I will post for you the website of
a hacker magazine (http://www.2600.org).  2600 has local chapter
meetings (mix of black and white hat hackers there) in every state. 
For your are the closest meeting would be in Citigroup Center, in the
lobby, near the payphones, 153 E 53rd St., between Lexington & 3rd.
Check the meeting page to make sure it hasn't changed before you
leave:
http://www.2600.com/meetings/mtg.html

Be polite and upfront when you ask them for help.  Inform them that
your computer has possibly been penetrated and you'd like their
assistance.  Bring as much physical evidence as you can carry to show
them.  If you bring the computer with you (may be difficult to find a
power supply but I'll assume the group will know where one is) then
they will undoubtedly all sit down and help you right then and there.

Subject: Re: Hiring "White Hat" Hacker - how and where?
From: ndone2many-ga on 03 Feb 2003 13:01 PST

Based on your evdience that the machine is infact being hacked, have
you tracerouted the ip addressed that black ice is detecting?  More
often than not, frequented sites like hotmail, yahoo, amazon, kazaa
(software), etc.. will continuously ping to ip addresses that connect
with them.
I'd still try to verify that you are being hacked, just because you
seem to have take all preemtive measures, the next step would be to
find out who it is and what they are using your client's pc for.  Once
we have that information , we can take the next precautionary steps.
-ag

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy