ITACS 5211: Introduction to Ethical Hacking
Wade Mackay
Hello everyone,
I have attached my executive summary, powerpoint, and embeded the video of the presentation below. I apologize, for some reason the Webex recording did not capture my camera, so only my audio is available. If anyone is having trouble viewing any of my documents, please let me know and I will promptly resolve the issues.
Thanks!
sungard-executive-summary-word
https://youtu.be/gX7dN4YD0Vs
A recent research provided from Imperva explained that one in every fifty employees is a malicious insider. This reaffirms Gartner’s research that the insider is not just disgruntled employees leaving the organization. Departing disgruntled leaving an organization is often anticipated, but the article warns that attention should also be rendered to current employees who sells information as a secondary source of income.
Impreva’s research, reviewed 140 security incidents and quizzed 250 UK based IT professionals which showed that these insider threats can have severe impacts on the organization. These events include theft or dissemination of confidential data, indemnity theft, loss of productivity and damage to equipment and facilities. The study showed that the biggest threat to enterprise security is the people that’s already on their payroll.
It also provides some mitigation and detecting techniques such as proper data classification, storage, and processes involving sensitive data.
Source: http://www.infosecurity-magazine.com/news/1-in-50-employees-a-malicious/
Volkswagen has teamed up with an Israeli group to launch a cybersecurity company. This company is called Cymotive and will be headquarted in both Israel and Germany. The Cymotive chairman said:
“Together with Volkswagen we are building a top-notch team of cyber security experts. We are aware of the significant technological challenges that will face us in the next years in dealing with the cyber security threats facing the connected car and the development of the autonomous car.”
Now that cars are becoming ‘smarter’, security for the connected cars is becoming top priority. I wouldn’t be surprised if more car companies start some kind of cyber initiative similar to this one. I just hope that the car companies collaborate together in terms of research and development to improve the security of these cars.
link: http://www.zdnet.com/article/volkswagen-launches-new-cybersecurity-firm-to-tackle-car-security/
Getting a head start. intro-to-ethical-hacking-week-3
First let me say that I have no right or wrong answer for this, just want to see each of you weigh in.
In light of the news around an Israeli company developing malware to facilitate the UAE snooping on human rights activists, how far would you be willing to go if you ran the IT Security company that created this malware?
Here’s a link to the story in case you don’t recall. http://foreignpolicy.com/2016/08/25/the-uae-spends-big-on-israeli-spyware-to-listen-in-on-a-dissident/
This article is about two executive orders President Obama signed to strengthen The United States government defensed against cyber-attacks and to protect the personal information the government keeps about the citizens of the country. The article also include information about how a budget was passed to upgrade the country’s technology, one example was how one social security department system were still using COBOL. The article also mentions that President Obama created two new entities, Commission on Enhancing National Cybersecurity, made up of business technology, national security and law enforcement leaders and Federal Privacy Council, which will include chief privacy officers from 25 federal agencies. These moves will be used to help the private and public sector deal with the increasing cyber security threats that companies and government deal with every day.
http://www.usatoday.com/story/news/politics/2016/02/09/obama-signs-two-executive-orders-cybersecurity/80037452/
Security firm, Sophos, discovered a malware named Mal/Miner-C, a software written in a scripting language (NSIS- NullSoft Scripting Install System) used to create Windows installers, on computers and NAS servers. The malware used these systems as leverage to mine Monero. Monero is an open source secure, private untraceable currency and it doesn’t require a huge amount of processing power, hence easier to mine. So this malware was using the infected system resources to do the mining and with so many systems, the Monero can add up pretty quick. But in order for it to work the user/client has to run the malware, which comes to them as a file that needs to be downloaded and with a little social engineering things can get a little hairy. What’s interesting is Mal/Miner-C abused FTP servers using software components that randomly generates ip addresses and attempts to connect to them using stored usernames and passwords. Once the malware was in the server, like a worm it copied itself into underlying folders and so on until every folder in the server contains the malware. Mal/Miner-C has also been affecting NAS storage devices, specifically Seagate Central. Although Seagate is not the target, it did expose a risk. Seagate allows remote access to private and public folders and if enabled, allows users to access their private folders remotely but also allows anybody to access and write to the public folder. Even further, the public folder cannot be deleted, so to be safe users has to forgo accessing their files remotely altogether.
http://www.securityweek.com/nas-devices-used-spread-cryptocurrency-mining-malware
https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf?la=en
https://getmonero.org/home
This article talks about how Yelp is offering up to $15,000 in a new “Bug Bounty” program for security researchers. Any of the Yelp owned sites is part of this program. Yelp is particularly worried about vulnerabilities that result in ” ..sensitive data disclosure, data injection/exfiltration, insecure session management, etc,” These types of programs are very interesting. The company not only provides an incentive to researchers if they find a critical bug, but it also allows the researchers to legally try to penetrate the site, which might satisfy their desire to test out their skills. This also gives an opportunity to raise awareness for cyber security among the public. I hope more companies employ tactics like this in order to combat vulnerabilities.
http://www.securityweek.com/yelps-new-bug-bounty-program-promises-15000-payouts
A Russian researcher, Dark Purple, along with a Hong Kong-based technology manufacturer is selling a USB thumb drive called USB Kill 2.0 for $49.95. The thumb drive is design to send a power surge to a computer that it’s plugged into, frying major computer components and making data retrieval impractical.
The company claims that the thumb drive wasn’t design to erase data, but depending on the hardware configuration (SSD vs. HDD) the USB Kill 2.0 may damage the controllers enough to make access to data on the computers difficult. It also claims that the device was designed for companies to test their security against USB Power Surge attacks and to prevent data theft via “Juice Jacking.” The device can be set to use with only authorized computers and if it’s plugged into an unauthorized computer, the device will discharge 200 volts DC power over the data lines of the host machine.
Although the company did not design the device for malicious intent, people will now have another way to attack organizations. The device could be used maliciously by disgruntled employees by using the devices to take out critical servers and computers by simply plugging in the device. Cyber criminals could also use the device to fry their own computers to keep data away from law enforcement.
http://thehackernews.com/2016/09/usb-kill-computer.html
There’s also a demonstration of the device provided with the article.
911 could face its own emergency: Hackers
The latest research released this week by Ben Gurion University in Israel reveals the findings of 911 systems been potentially in danger that could overwhelm a complete state’s 911 system with endless calls, by using a network of hacked smartphone, and shutting out a great portion of legitimate callers, also known as a denial of service attack (DOS attack).
According to this article, researchers replicated North Carolina’s model based on its 911 network, with the knowledge that all emergency response systems are run at the local or state level, and the assessment determined that if hackers compromised 6000 smartphones with malicious software, they could make calls to 911 and block out half of all legitimate callers using cell phones in North Carolina.
Those results were shared to the US Department of Homeland Security says the Washington Post, and remarks of this type of danger have been made in the past of denial of service attacks on emergency response infrastructure.
The solution proposed was to change phone infrastructure completely, and stop using old fashion analog phone switches to route emergency calls, and instead use provide internet-like network called managed IP Networks, however there was no mentioned of how much money this would undertake in this article.
http://www.cnet.com/news/911-could-face-its-own-emergency-hackers/