From: Mark (Mookie) <mark@zang.com>
Date: Fri, 12 Jan 1996 07:13:05 +0800
To: cypherpunks@toad.com
Subject: Mitnik and Shimomura
Message-ID: <199601112238.MAA04861@zang.com>
MIME-Version: 1.0
Content-Type: text



>Shimomura had almost complete packet traces of the break-in, which
>allowed him to reconstruct the attack.

>It was a trap.

It was not a trap. Shimomura was caught with his proverbials down. His
arrogance made him complacent and as such he didnt take the most basic
steps to keep the attack out.

According to Tsutomo's own account of the incident he was only able to
decipher what happened because the attacker(s) didnt clean away the info
off the hard drive when they were finished. They rm'd sure but he dd'd
the raw disk to another drive and worked through the blocks until he
found the two tools that were used to effect the intrusion. He was also
able to recover the tcpdump logs that were erased.

If the intruder(s) had rm'd the data and THEN done a mkfile that filled the
disk with 0's then most of what we know today would not be available.
As mentioned a week or two back, filling the unused portions of blocks with
0's would probably also be necessary.

As to wether Mitnik is capable of effecting the intrusion, that is yet to
be ascertained. He claims no involvement in it and based on whats known of
his cracking prowess there is a certain truth to it. He's infinitely better
with a phone than a keyboard.