Putin and the BLM verses the Power of the Internet

•April 15, 2014 • Leave a Comment

Vladimir Putin has been trying very hard to convince the world that he needs to intervene in Ukraine to “protect” Pro-Russian citizens. Half way around the world, the Bureau of Land Management has tried to convince the US that it is protecting endangered turtles from trespassing cattle in Nevada. Both causes have been undermined by the power of the internet.

Reports have been flooding out of Ukraine of captured Russian intelligence officers, troops operating inside Ukrainian borders with identifying unit patches and tags removed, and even of a Russian bank making $200 and $500 daily payments to Russian “terrorists” working to destabilize the Eastern region of Ukraine.

This video allegedly shows a Russian Army Lieutenant Colonel giving orders to police officers in the Ukrainian town of Horlivka:

Pro-Russian forces have stirred up riots, taken over police and government buildings and have even attacked an airport. All the while about 40,000 Russian combat troops are hanging near Ukraine’s border. This has put Ukraine in a catch-22, either they let the unrest continue and risk civil war, or move against the trouble areas with force risking an invasion by Putin to “protect” Russian citizens like he did in Crimea.

Other than what some call Putin’s propaganda machine, the Russian Times (RT.com), no one is really falling for Putin’s cause. The internet has been saturated with anti-Russian social media posts, revealing pictures of what appear to be Russian troops in Ukraine, and reports of captured Russian operatives.

The outcome has been dramatic. Tens of thousands are protesting in Moscow and the UN even released a report claiming ethnic Russians in eastern Ukraine falsely claimed assault.

Closer to home, the US Bureau of Land Management (BLM) sent a mini-army of a couple hundred enforcement agents, contract workers, K-9 units and snipers into Nevada to “protect” endangered desert turtles. BLM claimed trespassing free roaming cattle from Clive Bundy’s ranch was putting endangered animals at risk. So they sent a large force in to confiscate the cattle.

Within days the internet was filled with images like this:

 bundy ranch 1st amendment

Apparently the BLM set up fenced in areas for reporters. Well this didn’t go over very well – no one used them and pictures again flooded the internet of the “First Amendment Area” signs with another sign added underneath saying, “The First Amendment is not an Area”. The fenced in areas were removed shortly thereafter.

Report of abuse by Federal officers also flooded the internet. One scuffle ensued between BLM officers and Bundy family members & supporters. A statement to the press by the BLM stated that the scuffle started when a K-9 dog was kicked. But again, this video flooded the interwebs showing that the real story might be different:

You can see from the video that at 23 seconds, a federal agent tackles a 50 year old lady from behind and seems to throw her to the ground. At 1:04 a K-9 officer appears to give both verbal and visual command for his dog to bite, and then again at 1:06.

The protestor seems to kick the dog after he tried to bite him.

Social Media exploded comparing the events in Nevada with Waco Texas and Ruby Ridge. The effect was immediate. People from as far away as New Hampshire began flocking to Nevada to stand in the gap with Clive and his family. This included armed members of several state militia and veteran groups.

The BLM has since stood down and has decided to fight the battle out in court. But again more reports have surfaced via the internet that the BLM wants to remove the cattle so that a Solar Power plant can be installed by a Chinese company, and that it has nothing whatsoever to do with trying to save turtles.

Some websites are claiming that the solar power plant report isn’t true, but it is very odd that the Federal Government would send in such a strong force to protect some turtles from cows. Especially when our southern border which needs additional help seems to get none.

But the truth is that in both cases presented here, the conflict in Ukraine and the BLM’s actions in Nevada, social media has had a huge impact of both public opinion and public action.

Amazing Real Time Cyber Threat Map by Kaspersky

•April 10, 2014 • Leave a Comment

Kaspersky Real Time Map Globe

Kaspersky has created an interactive Cyber Threat Map website where you can track statistics of it’s security product results in real time. And it is amazing!

The picture above shows the Global view, but you can also view the display as a flat map:

Kaspersky Real Time Map

You can also move the map around and click on any country to see it’s current statistics, as seen below:

Kaspersky Real Time Map Poland

I know it just shows one company’s results, but wow what a slick representation of what is going on in the world. I honestly found myself a bit entranced while viewing it, somewhat like watching a campsite fire.

And to think that these are malware results from around the world. Just stunning!

I can foresee a lot of companies displaying this on large monitors in their security centers.

Great job!

 

OpenSSL “Heartbleed” – Whose Vulnerable and How to Check

•April 9, 2014 • 1 Comment

** Updated 4/9/14 9pm **

The internet is plastered with news about the OpenSSL heartbeat “Heartbleed” (CVE-2014-0160) vulnerability that some say effects up to 2/3 of the internet. Everything from servers to routers to smart phones could be tricked to give up encrypted data in plain text. Let’s take a quick look at the vulnerability, see who’s affected by it and how you can check.

What is Heartbleed?

Basically, OpenSSL is an encryption library used in HTTPS communication – You know the online stores and banking websites that give you that little lock icon in your browser bar when you visit them.

OpenSSL uses a “heartbeat” message to echo back data to verify what was received was correct. In OpenSSL 1.0.1 to 1.0.1f, a hacker can trick OpenSSL by sending a single byte of information but telling the server that it sent 64K bytes of data.

And the server will respond with 64K bytes of information – from it’s memory!

The Register has a nice image of the process:

OpenSSL heartbleed

The data returned is randomly pulled from the server’s memory and can include anything from Usernames, account passwords or sensitive data.

The vulnerability is remedied in the latest update of OpenSSL, but the problem is it could take years for all the affected devices to be found and patched. And some embedded and proprietary devices may never be patched!

There are a plethora of tools and exploits flooding the internet right now to check for and exploit Heartbleed.

Who is Vulnerable?

Yesterday the top 10,000 websites on the web were scanned for the vulnerability and the results can be found here. Many big named websites (as of yesterday) are vulnerable. But many listed, including Yahoo! have already fixed the vulnerability.

But if you read down the list you will see familiar websites including technology sites, financial institutions, game websites and popular forum/ social media sites.

But it just not limited to these sites.

Many home routers and even smart devices use OpenSSL.

How to Exploit/ Check?

I received a note today from Tenable (see Blog Post Here) that Nessus will now detect the Heartbeat vulnerability:

“Tenable Network Security® released plugins for the detection of the OpenSSL heartbeat vulnerability (aka the “Heartbleed Vulnerability”) on the 8th of April for Nessus® and the Passive Vulnerability Scanner™ (PVS™). A plugin for detecting the vulnerability in Apache web server logs has also been added to the Log Correlation Engine™ (LCE™) and available for reporting in SecurityCenter™ and SecurityCenter Continuous View™.”

And a quick Google search will return multiple different ways to check to see if websites are vulnerable to the attack. I have even seen a Firefox add in floating around:

foxbleed

There are a couple exploit programs available on the web. Rapid7 has created an exploit module for Metasploit and it is available on Github:

heartbleed ruby

I didn’t see it available in the latest msfupdate, but I am sure it will be added to Metasploit Framework very soon.

As always, use any Heartbleed tools at your own risk, use extreme caution when using random programs to check for vulnerabilities, and never use these tools to check websites that you do not own or have permission to test or to access.

Update any of your systems that are using the old version of OpenSSL, and change your passwords on any effected servers.

Pro-Russian Forces Break into Ukraine Govt Buildings – Steal Servers

•April 8, 2014 • Leave a Comment

Donetsk Pro-Russian Intruders

Cyber attacks can be a troublesome thing, there are firewalls to ease past and layers of defense to bypass. And then if you do find a way through, your exploit is not always guaranteed to work. But there is another option… You could just break into the target building and steal the servers.

With Russian troops massed on Ukraine’s border many analysts are saying that they could attack at any moment. But it would seem Russia might be content at the moment to foment unrest in Ukraine’s Eastern areas where there is a strong pro-Russia sentiment.

As Russia sent troops with no unit insignias visible into the Crimean Peninsula to confiscate warships and surround bases, they are now sending security forces into border providences to seed unrest from the inside.

Organized groups of several hundred people representing Russian security agencies have arrived in eastern Ukraine from neighboring Russia,” said Yulia Tymoshenko, former Ukrainian prime minister

On Monday night masked pro-Russian protesters looted the Donetsk Province government administration building and were seen removing servers from the building.

But why would they take file servers?

With Government servers in hand, it would not take long to recover all the information from them. It would be much quicker than trying to siphon the data over long distance network lines.

In most cases, physical access equals total access. And once the data is obtained, the attackers would then have a plethora of personal information, account information and important data including sensitive Government documents and communications.

This information would be invaluable to an occupying force as it would most likely reveal which individuals in the government are for your cause and which ones are against it. They could also recover credentials from the servers that could be used to attack other government systems.

It would seem that the server hard drives will end up in Russian intelligence hands very soon, if they are not already.

 
Follow

Get every new post delivered to your Inbox.

Join 246 other followers