Sunday, January 17, 2016

Good Old Grandpa Tor and the HORNET's Nest

I’ve been focused on the attacker side of information security for a while now, and have stumbled upon a rival to Tor. As security gets tighter on the Internet, the deep web is simultaneously thriving.  The new adversary is called High-Speed Onion Routing at the NETwork Layer, a.k.a. HORNET. As it’s name implies, it works like Tor through onion networks, only it’s much much faster and can be scaled to a size comparable to the Internet. They’re claiming it can reach speeds of up to 93 gigabits per second. It also works at the Network layer so a VPN can be used with it. You should look at this article if you want to see how it works, but I want to focus on the implications of it. The rise of HORNET (Hail Hydra?) is the start of another deep web. Tor has always been known as the dark web, and I expect it to grow for many years to come, but I’m starting to think that Tor will eventually be remembered as the grandfather of the anonymous online underworld. It lays down the foundations for the future. When most people think of Tor, one of the first thoughts that comes to mind is “slow”. Tor is notoriously slow to a crawl. It averts many users from exploring the deep web, for example computer hobbyists that are always racing to build bigger badder machines to reach high network speeds. The HORNET network is the newest answer to that problem. The way I’m looking at it, in the coming years, competitors to Tor will come into the light, building new systems that will offer advantages to all the drawbacks Tor has, with Tor pushing as hard as it can to keep up for many years to come. We’ll see many deep webs come and go, and the user base on them will continue to rise right alongside simplicity and ease of use.

Right now there is a large market for hackers selling virus’ as a service as well as rootkits to low-skill or no-skill would be criminals. Compromised information is a hot commodity. There are even high skilled hackers that sell their expertise to clients. The more users learn how to be script kiddies, the larger the potential impact on information security. The more people are armed with tools to attack, the easier it is to obtain the tools, and the easier it is to use the tools, the more attacks there will be.

Wednesday, January 13, 2016

Social Engineering in Portland

I decided to make a stop at Pioneer Square on my way to class to see if I could come up with any ideas about social engineering to fulfill the requirements of a school assignment.

While I did not find many, I did come up with some easy ways to gather information. As I stepped off the train and set foot on the square, a paper was waved in front of me to catch my attention. A man was asking me to sign a petition. Wearing headphones, I waved him away with a hand gesture. (Headphones are magical devices). And there it was. Within seconds, I saw the first way I could collect data from people. Have them sign a petition. Print out some fancy looking papers and ask people to fill them out. Name, address, email, done. I could even include a few extra "optional" fields for them to fill out. With that in mind, I walk down the block and a man reaches out his hand to hand me a card. 20160113_140050.jpgA card with one link. I figured I could easily hand out similar cards with a link to a website I hosted with malware to infect the machines of anyone who dare find salvation. I walked to a corner on the square and just observed the passersby for a while, wondering what sort of information I could gather from just looking. How could I gather anything useful like date of birth, full name and address from just looking at people? That question was answered in less than two minutes when a woman passed by, literally wearing her I.D. (drivers license) around her neck, most likely a tourist tired of pulling out her identification every time she walked into a local bar (or had gotten used to being harassed by police in other less friendly foreign countries she visited).

I watched people and cars go by for a little while, and didn't see anything of interest except for a girl standing in the middle of a square with a journal, people watching and writing about them. Perhaps drawing up characters for a book or looking for fashion trends, or she could have been a hacker, you never know. 360 degrees of people to observe around her, and who would ever guess that she would be writing about anything other than her tourist trip to Portland.

Only a short time, maybe five or ten minutes since I had stepped off the train had passed. I started walking in the general direction of the bus I had to take to get to Sylvania campus. I kept my eyes focused on how I could gather information. My first thought was installing a camera inside one of these newspaper dispensers. 20160113_132119.jpg The second was to leave a sticker with a link to a malicious website on the back of a pole. 20160113_132141 (1).jpg
I wasn't sure what I could do in this next location, but it seemed interesting. 20160113_132421.jpg Two payment machines in two corners, and two elevators. Perhaps someone could stand in the elevator and take pictures of payment exchanges made on the machine? It didn't really seem like a very effective method. I moved on, to find perhaps the best security hole on this little trip. I was standing on the sidewalk looking down at TJ Maxx.
20160113_132545 (1).jpg
Jackpot. With a better camera, you could take pictures of everything going on here, everything on the employee's computer, any cards passed from the customer to the employee, even the contents of the customers bags, just from observing. 20160113_132602.jpgThe last thing of interest that I saw was a man window washing. Capture.PNG
The only credentials he needed?
This sign.
You could see into people's houses with a camera attached to your helmet with this method. It would be most effective if you had already targeted a specific person and wanted to gather more details about them from where they lived.
Assuming you don’t have a fear of heights.

I made it to the bus stop and still had plenty of time to kill, so I continued looking for anything of interest on the block. I took a picture of this locked door, and was going to write about how easy it would be to watch someone enter the number in the keypad and walk in, but I decided it was too boring.

Ironically, as the camera was focusing to take the picture, a guy walked by me to the door, entered the number and walked inside.
Another ten minutes had passed. I found myself wandering into the Cascade building. I ignored the elevators, they didn't seem to lead anywhere interesting. On the opposing side of them, I spotted an old letter box.
It probably hadn't been opened in ages.
I took a peek inside to find some old building plans, nothing special. Directly in front of me were two double doors with no label.
I stepped through it to find mailboxes, no security cameras or anything guarding them, might be good for dumpster diving.
I continued through the next door ahead of me that led to a stairwell.
I opened up what looked like a fuse box, to my disappointment I only found a few wires (not sure if they could be modified to tether into any of the buildings networks). I continued roaming through the stairwell and rooms, finding random equipment like this,
locked doors like these,

and eventually found an old hallway that lead to a door. I forgot to take a picture of it. It was titled something like "MIT Data Storage" or something similar. If you were an attacker looking for data to breach, this would be it. How to get into a place like this with social engineering? Well, it isn't as if they would lay out contact information for who to convince to get access.
20160113_134043_HDR (1).jpg
Unless they leave that info on the door. This was the big finale of this trip so it’s pretty much the end of the story.

I figured I had spent enough time here, so I started making my way back to the bus stop. Right next to the stop was the Exchange building. I was just looking at it, but these guys were holding the door open. One asked me if I was coming in, I declined, and then thought about it and said why not. 

Next to the elevators was this door.
It looked a little harder than most to break into, though to the right of it (not in the picture) was a scanner for a keycard. I figure all you'd need to get in would be to cheat the scanner. I stepped into the elevator, it wouldn't move without a key, but one could just call for help and convince them to let you up.
Last thing I spotted was this hidden in the wall, but I didn't try to open it.
I went back outside and caught the bus.   

Maybe I didn't find anything all that interesting. Perhaps I'm an idiot with a camera. But this exercise was a good way to get my mind started thinking about how an attacker might work with "no-tech" methods. It's interesting that even though people saw me taking pictures in odd places, no one bats an eye. When I was walking around the block people watching, there was an older woman with a badge hanging out, and I was paying attention to it and her clothing trying to determine what kind of job she had, which translates to 4-6 seconds of more eye contact than glancing at someone, breaking the social rules of the sidewalk. Because I came to a full circle around the block, I actually ran into her again on accident, and gave her the same amount of eye contact to get a second look. She didn't notice. In the city, everyone's doing something always preoccupied. No matter what you're doing, it's likely not even going to be an afterthought to anyone. You're invisible. In less than an hour, I found plenty of security holes doing nothing but walking around. 

What's next for now, I've decided to start looking into Kali Linux's penetration tools to see what I can do with them.