September 13, 1996
Morning ritual - check mail, download tcpdump logs, run the pre-processing stuff, get a cup of coffee, and settle down to read.
They were doing lots of IRC, email, some probing, some exploits.
They used SSH and PGP
- Through telnet sessions
- Sent passphrases for private keys via telnet
- Sent private keys via FTP and IRC
In one conversation in IRC, XXX was discussing the importance of not using plain text sessions (e.g. telnet). "I never login through telnet, I always use ssh." He was logged in through telnet, of course.
They sometimes used ssh and pgp. Fortunately, they usually telnet'd to the box that they'd run ssh and pgp from, so I had copies of *everything* - their password for that account, passphrases for their ssh and pgp private keys, etc. Had copies of severa
One guy was fairly savvy - always used ssh, and always encrypted his email. Fortunately, we could read what "our" crackers said to/read from him, since they usually cc'd each other and we could read the email in their telnet sessions after they had decry