In early 2012 a group of 3 hackers were caught when a mainframe at Logica was no longer running as expected. This was the first warning that hackers had penetrated the once unpenetrable IBM mainframe z/OS. Through some simple and some ungodly technical hacks the attackers were able to gain shell access to the mainframe, harvest accounts and got access to some very private data. The mainframe that was breached was responsible for Swedish police, banks, SPAR (SSN equivalent), Infortorg etc. SoF was able to obtain the detailed investigation to the attack and some extras that weren’t in the report. This talk will go over how the attack when down, what was successful and what wasn’t, how they were caught and investigated and tools that exist today (which didn’t exist at the time of the attack) to perform the same type of pentest on your mainframes. If you learn anything from this talk it will be just how unsecure these mainframes really are when in the wrong hands.
Ever since the late 90s SoF has been obsessed with the idea of mainframes but it wasn’t until last year that a few things fell in to place. One, until recently you couldn’t emulate a mainframe computer, this is no longer the case. As a result SoF was able to get his hands on a mainframe and start exploring the OS, but he lacked the fire to persue it, that is, until, two, he was paired with an older mainframe engineer. It was at this time that SoF realized the massive gulf between IT security experts and mainframe security experts. Using his dwindling free time and what he knew of IT security he set out to try and claw back mainframes in to the security fold instead of being the out of scope, ‘legacy’ systems. With that fire and his emulator he’s contributed to projects such as NMAP, Ettercap and John the Ripper, released his own custom tools, and presented the topic of mainframes and mainframe security at Thotcon, BSides and Shmoocon. Being the only person who is exploring mainframe penetration testing puts him in the unique position of being able to talk in depth about the Logica breach.