Week 6 Presentation
Annai-senpai – Mirai botnet comments and design
After reading Jason’s post on the Mirai botnet I decided to look up the source code to get an idea of the coding involved with a botnet. They have it posted on GITHUB, and the link below is to Forum.txt, a post which was allegedly made by the botnet designer, who goes by the handle Annai-senpai. The comments are interesting, particularly when he comments on the lack of skills of his adversaries. He also gives a description of the setup used to administer and control the botnet.
Recording Keystroke Sounds Over Skype to Steal User Data
We’ve discussed the need to cover up a webcam with tape for fear of those being compromised during VoIP sessions. This new vulnerability only needs to be able to hear a conversation to figure out what you are typing. The researchers were given the information on what keyboard and some information on typing style of the end user. From there, they were able to get 91.7% accuracy in figuring out what was being typed on the keyboard. This can happen during a regular Skype call without the need to plant any malware to compromise your target’s computer. Skype and other voice messengers are often left on for long periods of time since unlike phones VoIP doesn’t charge by the minute so there is no need to hang up. Multi-taskers may enter passwords or fill out forms while staying on Skype.
There are a few ways around this, such as using push to talk, a method which only sends audio when you hold a certain key down, preventing unnecessary sounds. Touch screen keys do not make the familiar keyboard sounds so those are safe from this method as well. I think using an external microphone as well, one not situated near the keyboard will lower the chances of this attack in general. Without a profile on the end user, the accuracy only drops to 42%, but I wouldn’t rely on this as it may eventually be possible to compare sounds against multiple profiles and pick the most accurate.
“Public Wi-Fi Use Grows, Despite Security Risks”
People expect public Wi-Fi at nearly all the places we go and expect to be connected all the time. Wi-FI users regularly connect to Wi-Fi in their homes, but they require mobility. According to the survey of Xirrus, a Wi-Fi tech company, 49% of them connect to public Wi-Fi at least three times a week, and 31% connect everyday. 89% of users connect to more than one network a day because people would switch to home and work Wi-Fi networks which are private, safe and only accessible to selected users. In addition, 70% of users are even willing to change hotels for better connection and security, but the need to be connected overcomes security concerns. Few public Wi-Fi networks encrypt and protect our data when we connect. This means private information are at risk of being stolen every time a person connect to a public Wi-Fi. Although 91% of the respondents admit that public Wi-Fi is insecure, 89% use it anyway. That means most of users are aware of the security risk of public Wi-Fi, but most of them decide to ignore it. The good news is that most public Wi-Fi networks holding by restaurants, airports or hotels are required to upgrade to provide better security for customers. Over public Wi-Fi, 83% of users access their emails, 68% of users access social medias, and 18% even log in for online banking. Although most of users know phishing, but there are still 30% of users unfamiliar to ransomware that is a malware installed on a victim’s computer, executes attacks to encrypt or access to your data and demands a payment to decrypt it or not publish it. The number of victims and the amount of demanded payment keeps increasing. 85% of users would blame themselves for. hacks, while only 32% would blame Wi-Fi vendors and 24% would blame the venue. Wi-Fi users have to take the burden because most business do not educate their employees or provide necessary tools to help them stay safe. 46% of employees said that they didn’t receive any security training, and only 39% said they received one to two trainings in the past year. Companies should have their employees educated and trained regularly to ensure that they are always aware of the importance of security and won’t put their personal or work-related information under the risk of being exposed. However, there is still a large gap between employers encourage secure behavior and those do not. 47% employees are encouraged to use VPN for working when they are traveling for business. The good news is that most public Wi-Fi networks holding by restaurants, airports or hotels are required to upgrade to provide better security for customers.
Link: http://www.darkreading.com/cloud/public-wi-fi-use-grows-despite-security-risks/d/d-id/1327206
Trump’s Email Servers!?!?!
A security researcher recently discovered that the some of the email servers linked to Mr. Trump’s organization (including hotels and other businesses) has some serious security flaw. One of the biggest issue is that the email servers are running Windows Server 2003, an operating system that Microsoft hasn’t supported since July of 2015. Even worse, the email servers are not patched. Also an issue is the use of out-dated software, in this case Microsoft IIS 6.0. IIS version 6 is a web server that comes with MS Windows Server 2003, so it is also unsupported by Microsoft. And to add to all that, the servers use one factor authentication. What’s interesting is the researcher got all this from doing what we’ve done in class in regards to reconnaissance. He searched through public info and he didn’t run any advanced scans. Isn’t ironic how Mr. Trump talks about the lack of security in Mrs. Clinton’s email servers but has the same issues with his own servers.
Links:
The OPM breach report: A long time coming
This article discusses the breach of OPM (Federal Office of Personal Management), this breach leaked information about roughly 22 million current and former employees became public in mid-2015. It took close to another 15 months for Congress to complete a report on it. Hackers, said to be from China, were inside the OPM system starting in 2012, but were not detected until March 20, 2014. A second group, who worked as a third-party contractor was also able to get access to OPM’s system, and it was not discovered until May 2015. I was employed with the federal government in May 2014, so there was a chance that my information was apart of this 22 million names that were sent out. I received several e-mails and letters in the mail informing me about the breach. Below is a list of what the inspector general found about the security in place at OPM.
An inspector general’s report from November 2014 was blunt about a lack of basic security measures including:
- A lack of encryption
- No two-factor authentication for workers remotely accessing the system
- No inventory of servers and databases
- Lack of awareness of all the systems connected to its networks
Article Link:
Android banking Trojan tricks victims to submit a selfie holding their ID card
A dangerous banking Trojan, named Acecard, asks android users to send a selfie holding their ID card.This threat tricks users into installing the malware by pretending to be an adult video app or a codec/plug-in necessary to see a specific video.The moment the app is executed by the user, it hides itself from the home launcher and then asks for device administrator privileges, in an attempt to make its removal, difficult and tedious.Once validated, the phishing tactic asks for super-personal information such as the cardholder’s name, date of birth, phone number, credit card expiration date and CCV as well.
http://www.dnaindia.com/scitech/report-android-hack-malware-acecard-selfie-id-card-2264336
Encryption: A Backdoor For One Is A Backdoor For All
This article talks about how important encryption is in today’s internet-driven economy. Any attempt to circumvent encryption measures will eventually leave systems vulnerable to unwarranted attack by malicious actors. Companies, organizations, ethical hackers, and software developers who leaves back doors in their systems or programs are potentially giving the threat agents another vector to attack the system.
Read More on the Article here: http://www.darkreading.com/attacks-breaches/encryption-a-backdoor-for-one-is-a-backdoor-for-all/a/d-id/1327177?
To The Next President: Get A National Cybersecurity Strategy
In the upcoming election on November 8th neither Hillary Clinton or Donald Trump have presented their cybersecurity initiative for their administration. When asked during the first debate regarding cybersecurity the candidates shifted blame to Russia and China and that they were responsible for the most recent attacks. Shifting blame to other countries and not addressing the real issues behind cybersecurity can effect the overall security of our country. Attacks on election systems can effect how the next presidential election will be played out. Russian hackers have already been found to hack into power grids in Ukraine disabling power to over 1.4 million people for over 6 hours. This is a concern for our critical infrastructure in the US. With our GDP relying almost 100% on information technology the next president needs to have policies in place to prevent catastrophic hacks from happening in the future.
Aviation Officials Step Up Cybersecurity Checks of Older Messaging System
This article discusses the system, Acars, which is a decades old air-traffic messaging system, in need of a possible upgrade. Acars is used by airplanes to provide information on the status of aircraft components during flights. Although the information that is sent using Acars isn’t considered “safety critical”, Government and industry officials, as well as European safety regulators are worried about the possibility of vulnerabilities around this system. There hasn’t been any hacks aimed at the Acars system, but it seems like officials are worried that there might be vulnerabilities due to the lack of safeguards, which are available in newer networks (Acars system built in 1980).
It’s good to see officials take a pro-active step against cyber security, however, it’s also worrying that it doesn’t seem they know the exact vulnerabilities around this system. It looks like they are only trying to upgrade it because it is not “new” and from the 1980s. They need to do a better job at figuring out the vulnerabilities before blindly going in to upgrade to a newer system.
Article: http://www.wsj.com/articles/aviation-officials-step-up-cybersecurity-checks-of-older-messaging-system-1476556582