Hard Drive Hacking – Hardware Backdoor even if Drive Wiped!

Hard Drive Hack

With all eyes on the Vegas security conferences, some amazing news comes out of OHM2013, a security conference in The Netherlands. At the show a security researcher demonstrated how a hacker could re-program the firmware on a hard drive to maintain a backdoor, and apparently the attack would still work even if the hard drive was erased and reformatted!

This week at a European security conference a security researcher demonstrated an attack that would allow a hacker to access and modify the Flash Firmware on a hard drive and program it to protect his access.

Firmware is code stored on a special flash-able chip on the drive. The built in code tells the drive how to work, how to read and write data. It is flashable (can be reprogrammed) so the manufacturer can release updates to the firmware. Most people never re-flash or update their hard drive firmware.

At the security conference, the presenter demonstrated how the attack works. He ran the program to modify the firmware on a drive. He pretended his access was detected and the administrator password was reset.

The firmware was programmed to look for a special trigger code, a special website address perhaps, that once the hard drive cache sees, it grabs the password file the next time it is accessed and changes the password back to what the hacker set it to.

And it worked!

So basically, if the hard drive firmware is compromised by a hacker, they could change it to allow them to have access to the compromised system again, even if the entire drive was erased and re-formatted.

Crazy stuff.

For more information, including a step by step explanation and proof of concept code, check out Spritesmods.com.

Advertisements

The Jester’s Site back Online – Questions Remain

The Jester Webpage

The Jester’s site is back! After being redirected to a DHS “Domain Seized” webpage for a couple days, The Jester’s site is now unceremoniously back.

All well and good, but here is the kicker. From what I have seen, the ICE has denied seizing it and, well, it is back online already. So it probably wasn’t the Feds.

Rumors abound, some say that from his Tweets he seemed to be at the Vegas security conferences (Black Hat, and Defcon) and maybe wanted some additional press, so he did it himself. Some are saying he was hacked and the DNS record changed and his internet provider restored the original DNS record back. And some are saying that aliens did it.

Whatever the case, it’s back online now and so far the Jester has been completely silent on the whole issue.

Kazakhstan Pentagram on Google Earth actually an old Russian Park

Google Pentagram

The interwebs are a buzz with a Google Earth find of a large pentagram located in rural Kazakhstan. This has led many to wonder who created the Satanic symbol and what it really means.

But people are getting all worked up over nothing, the site is just an old Soviet park that was created in the shape of the Soviet star.

Fire up Google Earth and fly to  52°28’46.04″N  62°11’9.20″E and you will see what is causing all the stir.

It does, in fact look like a huge Satanic Pentagram carved into the landscape. But this is no Satanic ritual site, or alien landing zone, just an old Soviet Union era park.

A commenter on Doubtful news pointed readers to this Russian website (Google Translate Version).

According to the website the star is a remnant of an extensive Soviet Era park was went under in the 1970s. So no Satanic rituals, and no aliens. Just the remnants of the old Soviet Bear.

The Jester’s Website Seized by the DHS ICE

Jester Seized

Popular Patriot Hacker seems to have had his website seized by the Government. Anyone surfing to his website today (http://www.jesterscourt.cc/) were greeted with the message above.

According to the notice, the website was seized by the Immigration and Customs Enforcement (ICE) – Homeland Security Investigations division.

According to their website:

“The ICE Homeland Security Investigations (HSI) directorate is a critical asset in the ICE mission, responsible for investigating a wide range of domestic and international activities arising from the illegal movement of people and goods into, within and out of the United States.”

That sounds pretty odd, but you would think the next paragraph would seem more pertinent:

“HSI investigates immigration crime, human rights violations and human smuggling, smuggling of narcotics, weapons and other types of contraband, financial crimes, cybercrime and export enforcement issues. ICE special agents conduct investigations aimed at protecting critical infrastructure industries that are vulnerable to sabotage, attack or exploitation.”

But the kicker is the message about “Willfull copyright infringement”. That is rather odd. Not sure how that corresponds to his website, other than he was selling “Jester” themed merchandise from it through the Zazzle store.

Going to the Zazzle store and clicking on any of the Jester Shirts produces an error message saying the shirts are no longer available or have been deleted:

Jester Zazzle

Haven’t seen any mention of the seizure on the Jester’s Twitter page, though it seems from his posts that he is currently at the Black Hat conference in Vegas.

Wow, copyright infringement, how odd. Not at all how I imagined the feds coming after the Jester.

** Update ** Jester’s Page back online, Questions remain