Interview with Konrad Jędrzejczyk — Hacking doesn’t require too much computational power or a specific piece of hardware
In this article, we had the pleasure to interview Konrad Jędrzejczyk, Cyber Threat Hunter at PepsiCo and Information and Security expert. Konrad Jędrzejczyk also conducted the Incident Response Investigations across Europe, the Middle East and Africa (EMEA) for leading global corporations.
Wearing various hats, Konrad plays key roles in the Amstelveen data center exit programme within The Royal Bank of Scotland Group and in the migration of IT security monitoring from Belgium to Poland within the ING Group. Konrad is an expert in investigations related to cybersecurity threat hunting, forensic analysis, e-discovery, malware infections, and intellectual property theft. He is also very known as a conference speaker that has a comprehensive background in IT Security Incident Response, IT Security Risk Assessment, IT Forensics, and general infrastructure security.
No wonder that Konrad will be present this autumn at the eighth edition of DefCamp, the most important annual conference on Hacking & Information Security in Central Eastern Europe, taking place in Bucharest on November 9th-10th. At DefCamp 2017, Konrad will hold a presentation on how modern computers with modern systems can be hacked with the help of an Ethernet card and a Commodore 64 computer, from 1982 running with 64kB of RAM.
1. Konrad, please tell us how is it possible to exploit a modern operating system or a server with such a low computational power (Commodore 64)?
Commodore 64 was designed in 1982 as a fully-fledged home computer. It has a full keyboard, I/O ports, video, and audio support and full access to memory and CPU over the expansion port. We have to remember that hacking usually does not require great computational power or very specific hardware support. Some of us still remember how to generate DTMF signals on public phones in order to get “free minutes”.
Times are different but simple methods still work.
When we think about what we really need in order to “hack” something (assuming that we know what we are doing) it comes to very basic requirements. What are the requirements to attack a web server? Basically, you need to have a web browser and the server needs to be reachable. That is all. What are the requirements to hack a PLC?
Photo copyright: Wikimedia Commons
In real life, you usually need to connect to a thin client using default credentials in order to start messing up with things. Of course, it is easier to just run some of the auto-scanning frameworks but more gratifying is to work out one quality solution.
2. Given the fact that the Commodore 64’s network card has only about 10 Mbit speed and a processor that has the maximum speed of 1MHz, we can’t rely on exploiting techniques such as brute forcing our way into a system or using dictionary attacks that require a big amount of local storage. What are some modern security flaws that are an easy target for a Commodore 64?
In most cases network speed is irrelevant. Has anyone recently checked how much traffic Medusa or Hydra generates while attacking a target outside of the LAN? Another great example where you do not need a strong processor or network could be the exploitation of databases or buffer overflows. Brute force, dictionary attacks or combo are 100% within the reach of Commodore 64. Again, we need to focus on the essentials.
Basic wordlist can be stored on external floppy drives. You can connect up to 4 drives without any hardware tinkering and each of them has its own CPU and RAM that can be utilized for compression or data processing. As for the brute forcing process, the results of hash reversing competitions have shown that the team with most limited hardware usually achieves the highest password retrieval ratio, which proves that in order to achieve your objective you need to spend more time designing your rules than paying for additional clusters.
Pure wordlists are only used for default passwords and they can be easily handled by Commodore 64. The same goes for a true combo attack where you generate a password on the fly and there is no need to store the output of unsuccessful attempts. There is no string poking rule that could not be implemented on Commodore even in pure, unexpanded BASIC 2.0 version (which was written by Bill Gates — the one and only).
3. Did you have to write your own software on the Commodore in order to make any of those things possible?
Some of it yes, as according to my knowledge, no one has ever been interested in such a project before. But some of the most needed tools such as browsers, web servers, FTP, and terminals are already available, mostly due to the great support of Contiki distribution that made it much easier to work with the Ethernet.
Today you can compile almost every lightweight program for Commodore 64!
The Commodore scene is still alive and has a huge support in Western Europe. New demos, games, and software are presented each year and there is a huge hardware development. Judging by the volume of sold equipment reaching thousands per year, even I am surprised that so many people still have an active interest in breaking next barriers on Commodore 64. Some of these people do so for nostalgia’s sake, some want to show off their perfect coding skills and others want to present their artistic talents (which can be truly impressed by the way).
I personally believe that Commodore is a great machine capable of many things and I want to explore its potential in the security-related area, as according to my knowledge no one has ever attempted this before. I also hope that my efforts will add value to the Commodore community and I hope that it will inspire others to follow.
4. What are some of the big challenges that you encountered during your experiment with the Commodore while exploiting modern day systems?
Multimedia and web pages relying on heavy scripting might be a challenge for an unexpanded Commodore 64 to hold the ground. I solved the modern scripting problem and multimedia is the thing I am still working on. The second major problem is the encryption. There are ways to handle that but the challenge is to achieve satisfactory results on the unexpanded hardware and my personal objective is to be successful at it using the hardware that was produced when Commodore 64 was on the market.
