Cyber Eye: Hackers might play games with you

William Jackson

One presentation that drew attention at this summer's Black Hat Briefings in Las Vegas was on an obsolete Sega Dreamcast game console used for so-called 180-degree hacking.

It's called 180-degree because it's the reverse of hacking into a network. Also called phone-homing, it means planting an intelligent device on a target network and then waiting for it to call the hacker.

In theory, breaking out of a network is easier than breaking in. Chris Davis of RedSiren Technologies Inc. of Pittsburgh said networks 'have a hard, crunchy outside and a soft, chewy center.'

Davis helped develop phone-homing with Aaron Higbee of Foundstone Inc. of Mission Viejo, Calif. The two men do penetration testing, which means companies pay them to break into networks and find security holes that should be plugged.

Phone-homing can work through almost any kind of device that can be smuggled onto a network'a notebook PC or Compaq iPaq, even a bootable CD-ROM if somebody can be persuaded to put it into a slot and run it.

But the Dreamcast caught everyone's attention. Although it has only 16M of RAM and no writable storage, it does have a CD drive and a keyboard, and with some effort it can be programmed to find its way out of a network.

'It's innocuous, it looks like a toy,' Higbee said. 'Nobody is going to say, 'Look at that attack tool!' '

Physical access is essential to phone-homing, Higbee said. Once inside a facility, he plugs the modified Dreamcast machine into the network, plugs in the power cord, turns it on and waits for it to connect to his computer outside.

No word yet on whether the black hats are playing games with this technique, but devices intelligent enough to phone home are small in size and getting smaller.
There are three lessons here:
  • Pay attention to all the devices on your network. Why would you allow a discontinued game console in the office?

  • Watch the traffic leaving your network as well as the traffic arriving there.

  • Look to physical as well as logical access in your agency's security policy.

'One of the easiest ways is to take advantage of the smokers outside a building,' Davis and Higbee advised. Smokers will 'give you a cigarette, give you a light and open the door.'

One more reason to give up smoking.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.