Ethical Hacking

Wade Mackey

Ethical Hacking

MIS 5211.001 ■ Fall 2019 ■ Wade Mackey

Andrew P. Sardaro

Kali Linux version 2019.4 now offers a Windows theme for the discreet hacker in all of us.

by Leave a Comment

Offensive Security, creators of Kali Linux, released a new version of that can change your standard Xfce desktop environment into a Windows environment.

The theme is named ‘Kali Undercover,’ and was created for work in public places where discretion is required. I imagine that penetration testers, security researchers or hackers would find this theme beneficial.

Other updates included in this release version:

  • PowerShell Support —Execute PowerShell scripts directly on Kali.
  • Kali NetHunter KeX –Android device connectivity (HDMI and Bluetooth) for Kali desktop support on your smartphone.

https://thehackernews.com/2019/11/kali-linux-undercover-mode.html

 

The Department of Homeland Security Will Teach You Computer Hacking For Free

by Leave a Comment

I Found this article on military.com, under Veteran Jobs. The Department of Homeland Security (DHS) will provide cybersecurity training to all veterans through a program called Federal Virtual Training Environment (FedVTE).

The program offers 800 plus hours, including topics such as Ethical Hacking and surveillance, Malware analysis, and Mobile Forensics. The program will prepare veterans for industry-standard certifications such as the CISSP and are free.

This is a great initiative, gets more people involved in the cybersecurity field, and helps veterans obtain a skillset to secure a position in the civilian workforce.

https://www.military.com/veteran-jobs/federal-government-will-teach-you-computer-hacking-free.html

Data storage issue reveals breach

by Leave a Comment

IT provider InfoTrax Systems is being sued by the FTC for failing to detect 20 hacking intrusions over a 22-month period. 22 months!  Hackers went undetected and were able to access data for 1 million consumers including full names, SSNs, physical and email addresses, phone numbers, and credentials for InfoTrax accounts. The breach was only discovered by InfoTrax due to the hacker maxed out their cloud storage system.

The following article outlines the FTC complaint against InfoTrax. It lists InfoTrax’s unreasonable security practices (lack of controls and processes) https://www.ftc.gov/system/files/documents/cases/162_3130_infotrax_complaint_clean.pdf

  • Not taking inventory and deleting personal data (data retention policy)
  • Not conducting code review of its software and testing the security of its network
  • Not detecting malicious file uploads
  • Not adequately segmenting its network (protect critical business assets)
  • Not implementing security safeguards (IPS/IDS)to detect suspicious activity on its network

https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/

Rogue TrendMicro Employee Responsible for Data Breach

by Leave a Comment

While many companies are spending a significant amount of their IT budget to protect assets from external attacks, many companies fail to recognize that internal attacks can be just as damaging as external attacks. An internal threat can be an employee holding a sensitive position that may act with malicious or unwitting intent.

In this article, we have an internal threat acting with malicious intent.

Trend Micro announced a security incident where an employee gained access to the personal data of thousands of its customers and sold it to a malicious third-party tech support scammers.

Per Trend Micro,  68,000 of the company’s 12 million customers were impacted by this internal attack, and the stolen data contained customers’ names, email addresses, Trend Micro support ticket numbers, and phone numbers.

Trend Micro became aware of the breach in August 2019 when customers reported receiving calls by criminals who purchased the stolen data and were impersonating Tren Micro employees.

https://thehackernews.com/2019/11/insider-threat-data-breach.html

Russian Hackers Breach Network using IoT devices

by Leave a Comment

Per Microsoft, Russian state backed hackers have been using IoT devices to breach certain networks. The attacks were discovered in April when some common IoT devices (VOIP Phone, Office printer) were found to be communicating with servers associated with “Strontium,” a Russian state backed group better known as Fancy Bear.

The devices were able to be compromised due to default passwords in use, and old firmware being used with know vulnerabilities.

From the article:

“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server”

Microsoft has notified the IoT vendors to address the vulnerable devices.

Securing IoT devices can be a challenge as the device may have a proprietary OS that cannot be managed like Windows 10 IoT. Many IoT devices are configured using the set and forget method, leaving them in a vulnerable state. More education around securing IoT devices is needed prior to purchase.

https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/

Small and Medium-sized businesses at risk of E-Skimming attacks

by Leave a Comment

https://cyware.com/news/fbi-issues-warning-to-smbs-about-e-skimming-attacks-a251120c 

The FBI is warning SMBs and government agencies about the risk of e-skimming attacks for businesses that take credit card payments online.

E-Skimming, also known as Magecart attacks, occurs when malicious code is injected into a website’s POS system disguised as payment card skimmer scripts. Once the POS is compromised, hackers can then steal customers’ payment card information.

Hackers gain access to the POS server through a phishing attack, third party vendor vulnerability. Once they have access they act as a silent man in the middle and steal user credit card information to sell for profit.

The FBI recommends standard mitigation measures to protect your business from E-Skimming.

Patch Patch Patch your systems.

User education to avoid falling victim to phishing attacks

Remove any default login credentials

Segment networks to avoid easy hops for hackers

Here is an article which breaks down Magecart attack and its evolution: https://www.csoonline.com/article/3400381/what-is-magecart-how-this-hacker-group-steals-payment-card-data.html

 

Facebook Bounty Program

by Leave a Comment

Facebook is looking to step up its application security through a bounty program aimed at identifying vulnerabilities in third-party apps. This move is in addition to their Data Abuse bounty program launched last year which rewarded testers who identified 3rd-party apps collecting data and passing it off to non-authorized parties.

Facebook security has taken a hit in the past year due to improper use of collected data and account hacking. Well, Mr. Zuckerberg looks to be making a public relations and financial effort to curtail the recent security issues by enticing third-party developers to design apps with security and set up a vulnerability disclosure programs. He will pay white-hat researchers to identify third-party apps with vulnerabilities, even if app developers don’t have a bounty program.

https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html

Hack the Army’ Bug Bounty Challenge

by Leave a Comment

I posted earlier this month How the US Air Force at this year’s Defcon conference brought along an F-15 fighter jet data system to be evaluated for vulnerabilities. The US Air Force is changing the way it looks at cybersecurity and is embracing external cybersecurity experts to assist in securing military technology. They also agreed to allow a number of researches to attempt to hijack an orbiting satellite. https://www.wired.com/story/air-force-defcon-satellite-hacking/

Well, another branch of the US Military is changing its way of working in a silo and embracing external input. The Department of Defense (DoD) , the Defense Digital Service (DDS), and HackerOne are launching the second Hack the Army bug bounty challenge. The bug bounty challenge allows external hackers to attack 60 plus public web assets to determine if vulnerabilities exist and improve the DoD’s cyber defenses. Hackers participating in the bug bounty challenge are individuals invited by HackerOne and active U.S. military members and government civilians.

From the article, “It is our duty to ensure our citizens are protected from cyber threats, and finding new and innovative ways to do so is vital,” said Romero. “Our adversaries are determined and creative, so we must be every bit more of both. This latest HackerOne Challenge allows us to continue to harden the Army’s attack surfaces with the talent and diverse perspectives of HackerOne’s vetted hacker community.”

https://www.meritalk.com/articles/second-hack-the-army-bug-bounty-challenge-underway/

Hacking back, a not so dangerous game?

by Leave a Comment

Interesting read here. A recent study shows that nation retaliatory hacking may not escalate as we thought. The Obama administration had a stance to not retaliate against counties that launched cyberattacks against the US, and they would implement sanctions for fear it could lead to a military conflict. The study shows just the opposite, it is rare that a cyber conflict will go tit for tat, or escalate to a military conflict.

The article speculates that these findings may benefit the Trump administration as the US has recently launched cyberattacks against Russia, China, and Iran to retaliate or intimidate.

An additional finding of the study shows that retaliatory hacking does little to stop adversaries from launching additional attacks. I have this vision of rival nations launching cyberattacks against each other and being wary to not cross that threshold for Military escalation. I assume all nations involved know each other’s thresholds? A very dangerous game being played here.

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/10/02/the-cybersecurity-202-hacking-back-may-be-less-risky-than-we-thought/5d939824602ff14beb3daacc/

From Zero to Yahoo

by Leave a Comment

A former Yahoo software engineer, Reyes Daniel Ruiz, turned hacker was charged with hacking 6,000 plus Yahoo accounts, which included his friends and colleagues. Ruiz abused his role as a reliability engineer to access internal Yahoo systems to steal passwords and hack accounts.

Ruiz admitted to making copies of images and videos of users that he compromised and stored them at his home on personal systems. He didn’t stop there, after gaining yahoo access, he compromised other accounts, like Facebook, Gmail, iCloud and DropBox for additional media. I assume that users Gmail and Facebook password reset emails were sent to their Yahoo accounts to conceal the hack. Here is a case where two factor authentication would have tipped users off to their accounts being compromised.

I question what controls Yahoo had in place to audit Ruiz’s system access and operations.

https://thehackernews.com/2019/10/yahoo-email-hacking.html