• On GameSpot: Secret new peripheral in Guitar Hero 4?
advertisementAT&T Tech Support 360

November 13, 2007 6:56 AM PST

Microsoft exec calls XP hack 'frightening'

By Tom Espiner
Special to CNET News.com

Microsoft exec calls XP hack 'frightening'
Related Stories

U.K. police: We're overwhelmed by e-crime

 January 26, 2007

Jailed ID thieves thwart cops with crypto

 December 18, 2006

The A to Z of security

 November 27, 2006
A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."

The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

The SOCA officials wished to remain anonymous. One of them, "Mick," remained behind a screen while carrying out the hack into the unpatched computer of a fellow officer, "Andy."

"It's easy to connect to an unsecured wireless network," said Mick. "You could equate Andy with being in his bedroom, while I'm scanning for networks outside in my car. If I ordered or viewed illegal materials, it would come back to Andy."

Mick used a common, open-source exploit-finding tool he had downloaded from the Internet. SOCA asked ZDNet UK not to divulge the name of the tool.

"You can download attack tools from the Internet, and even script kiddies can use this one," said Mick.

Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialog box. He deduced the IP address of Andy's computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.

Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them. Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload that would exploit the flaw within a couple of minutes.

Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy's unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes.

"If you were in (a cafe with Wi-Fi access), your coffee wouldn't even have cooled down yet," said Sharon Lemon, deputy director of SOCA's e-crime unit.

Mick then went into the My Documents folder and, using a trivial transfer protocol, transferred the document containing passwords to his own computer. The whole process took 11 minutes.

A SOCA representative said that the demonstration was "purely to point out that, if a system hasn't had patches, it's a relatively simple matter to hack into it." SOCA stopped short of recommending small businesses move to Vista; a SOCA representative said that applying Service Pack 2 to XP, with all the patches applied, and running a secured wireless network is "perfectly sensible way to do it."

Nick McGrath, head of platform strategy for Microsoft U.K., was surprised by the incident.

"In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer," said McGrath. "But the computer was new, not updated, and not patched."

McGrath said that having anti-spyware installed was not as important as having the software updated. He added that Microsoft works closely with original equipment manufacturers to encourage the preloading of antivirus and anti-spyware on a 30-day trial basis. McGrath also said that Service Pack 2 for XP had a firewall and that Vista was not as "accessible to the average hacker" due to "operating system components."

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
hack, wireless network, demonstration, anti-spyware, service pack

Add a Comment (Log in or register) 181 comments (Showing first 20 comments)
We've known this for years.
by Penguinisto November 13, 2007 7:12 AM PST
An unpatched Windows box has a very short lifespan when
connected live.

And yet it takes how long to get updates from Windows, on-line,
when you first build one?

(clue: if you can manually hunt down all the "net distribution"
versions of those patches and download those beforehand to
another computer before building your Windows box, you stand
a better chance of survival. Good luck finding them all if you're a
typical user, though...)

/P
Reply to this comment View all 2 replies
Ridiculous Story
by Freezeman32 November 13, 2007 7:18 AM PST
This is a really silly story. What new information does it provide?
How is the fact that a non-firewalled, non-updated, non-protected
Windows machine on an insecure network can be hacked a real
story?

In this situation, you should include all kinds of machines. They
are all pretty "hackable" given these constraints.
Reply to this comment View all 6 replies
VERY unrealistic demo - VERY stupid
by john55440 November 13, 2007 8:10 AM PST
"a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen."

Microsoft doesn't even support SP1 any more. To get security updates, you have to have SP2 installed. I bought my computer way back in 2002, and am running SP2.

Anyone who runs WinXP with "no antivirus, firewall, or anti-spyware software" is a complete idiot.

And no, I don't store my passwords on my computer in a convenient, non-pasword-protected file, called herearemypasswords.txt -grin

If you build a house with no doors you might get robbed - frightening!
Reply to this comment View all 4 replies
gasp!
by satayboy November 13, 2007 8:12 AM PST
Gasp! I guess we had all better upgrade to Vista right away!
Reply to this comment View reply
Even more frightening...
by Neo Con November 13, 2007 8:16 AM PST
The security experts then came to my house and demonstrated that if I leave my front door wide open with no alarm on and a wallet full of money on the table by the door, they could reach in and swipe it in a matter of seconds! Scary.
Reply to this comment
Duh!
by PortVista November 13, 2007 8:21 AM PST
How can a Microsoft executive be surprised by this? Old version of windows, no security software, unsecured network. Duh. If any one of these were fixed the hack would not work.
Reply to this comment
Another Dopey Story Out of London
by roger.d.miller November 13, 2007 8:21 AM PST
CNet needs to beef up its London Bureau.
Reply to this comment
Don't be a dummy
by Andy kaufman November 13, 2007 8:34 AM PST
don't have an unsecured wireless network, use at least WEP if not WPA.

Install the latest service packs and updates.

Always run your antivirus, firewall, and antispyware software.

Turn off your computer when not in use.
Reply to this comment View all 2 replies
just a promo
by AdamsAdams November 13, 2007 9:14 AM PST
This impels you to think that Vista should be better, but the reality is that it is still insecure but with the huge added discomfort of not actually being able to control your computer to your liking. Vista sucks BIG time, and in my experience is more unstable than Millennium. Better stick to XP SP2 until something better comes, if you are lucky to find a PC whose manufacturers have not been intimidated to discontinue XP support...
Reply to this comment
Hardly proves anything
by jscott418 November 13, 2007 9:29 AM PST
All this proves is that idiots who don't run any kind of security
run a high risks of data theft. No kidding! Really! Wow I would
not have known that. If your that stupid then even if someone
proves to you that it can be done. Those people probably don't
know how to activate the security anyway. I am sure the same
can be done for Vista and probably OS 10 and Linux if given
enough time. Let's have them try it with a fully secure system
and see what happens.
If they can break a fully secure system then I will consider it a
problem.
Reply to this comment
Vista Anybody?
by real_bgiel November 13, 2007 9:38 AM PST
Guess MS recommends upgrading to Vista, of course, the Windows ME of the 21st century.
Reply to this comment View all 2 replies
The problem is...
by akuehnemund November 13, 2007 9:52 AM PST
... that MOST people will not patch their systems or will pay for an
antivirus software subscription or know how to install a free
alternative like freeav.
We all pay the price for that. Knwoing that MOST people won't keep
their computer updated and secure, it's the OS manufacturer's
responsibility to create a safe and secure operating system that
requires little if any additional actions from the user. That's where
Microsoft fails miserably.
Reply to this comment
The undisclosed attack tool
by AndrewRich November 13, 2007 9:54 AM PST
is almost certainly the Metasploit Framework. From the description of the tool and its use, I doubt it's anything else.
Reply to this comment
You'd be surprised
by pfrabott November 13, 2007 9:56 AM PST
You'd be surprised how many people do not patch their computers. My business provides several technical services including consumer technical support. In my experience I have found about 60% of the customers I work on are not using updated versions of the OS. They believe that having updated anti-virus, firewall and anti-spyware is enough. They do not understand how OS updates can impact a a system. Furthermore, I have a few customers that argue with me over it. It's sad but, you would be very surprised at the numbers. Now that this article is out I will be able to refer them to it for more research. (thanks CNet)
Reply to this comment View reply
Fast
by pfrabott November 13, 2007 9:58 AM PST
I think they were surprised at how fast it was.
Reply to this comment View reply
Informal surveys needed?
by Phillep_H November 13, 2007 10:02 AM PST
Like, someone with a bit of know how checking this out where they are and getting back to us?

I don't mean actually cracking the computers, just rattling the door knobs. Or, is that illegal in it's self?
Reply to this comment View reply
Pre-SP2
by pfrabott November 13, 2007 10:02 AM PST
I think that Microsoft (pre-SP2) didn't realize how many people would not turn automatic updates on be default. When they realized this they forced it on as default in SP2. Vista is pre-installed with it on (unless OEM vendors specifically choose not to have it on). Microsoft got it right eventually IMO. Your right though, they didn't get it at first.
Reply to this comment
MS Media Plant - CNET accomplice.
by duggerdm November 13, 2007 10:23 AM PST
Let's see - if I had spent years and a train load to develop a new program - we could call it something totally innocuous like say... Vista - and if it was so user abusive that most businesses continue to use an older existing programs let's for the sake of discussion call that one say... XP - that wasn't great, but less abusive than my new one - wouldn't it be logical to promote fear stories of the older program to try to drive people to the new program? Even if the story scenario was lame to start with - XP with no patches and no protective software. The only real news here is that CNET is so gullible - or so biased that they carried the "story" at all.
Reply to this comment
That's not hacking
by Thomas, David November 13, 2007 10:52 AM PST
Accessing an unsecured wireless network isn't hacking. It's
walking in the front door.

Now I'm not sure of what I should be more wary of, the "hack", or
the executives proclaimed fears. Or is this a yellow flag banner for
people to move over to Vista?
Reply to this comment
Just Plain Silly
by Toulinwoek November 13, 2007 11:03 AM PST
And the Microsoft exec calls this stupid "test" enlightening? Frightening?
I can remember when Microsoft at least TRIED to hire folks with more "on the ball" than an inflation valve!
I mean, given the criteria for this laughable demonstration, I'd expect my wristwatch to be hacked in a few seconds!
Reply to this comment
 See all 181 Comments >>
Powered by Jive Software

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET