As the old saying goes, “One man’s junk is another man’s treasure”. One favorite technique of hackers is to “Dumpster Dive”. Yes, this literally means to dig through your trash.
You would not believe what has been recovered from dumpsters from professional security teams who, while performing a test of a company’s security, dug through the trash.
Trash from banks and health care facilities in particular provide a plethora of sensitive information that hackers look for. Names, addresses, phone numbers, social security numbers, and financial information are the most obvious targets, but what are some of the less obvious? Old software disks from system updates tell the hacker what software you are using. A bill from your utilities or even your computer support company can give away vital information to a hacker who is willing to disguise himself to gain physical access to your building. Though most hackers will not want to risk physical entry to your system, trash recovered from security tests have provided everything from administrator level passwords to layouts of your internal network.
Also, physical machines discarded often offer a wealth of information. The most obvious is hard drives left intact inside the machines. But, also, the outside of the system can provide information too. You have corporate asset tags that tell exactly what company owned the machine. Corporate Network ID tags sometimes have the network name and internal IP Address listed, this information could also be used. Some people even tape passwords to machines and monitors.
Just a side note, many large companies use network ID tags. Great idea, but could you make them smaller, or place them on the back or bottom of the machines? Or, just limit the information on them. They stick out like a sore thumb to any visitor walking through the building.
Continue reading “Cyber Defense: How to Protect Against Hackers – Recon Defense, Part One”
According to a news article on Government Computer News, federal agencies can and may already be using attacker’s malware code against them. Security expert Andrzej Dereszowski demonstrated how this would work at the recent Blackhat Europe security conference.
Andrzej analyzed the source code of a .pdf Trojan. He then compared the source code to known Remote Access Toolkit programs and found a match. He then took the toolkit and ran exploit attacks against it until he found an error in the program. It was a buffer overflow.
Then, analyzing the buffer overflow, he created his own exploit to work against the Trojan. Using a Metasploit shell, he was able to connect back to the malware command and control server using its own communication techniques. He was then able to fully access the Command and Control malware server, effectively hacking the hackers.
The connection back to the server would be hard if not impossible to detect, because it would appear to just be another malware infected client checking in. This type of counterattack theoretically could be used against the majority of current threats. All that would be needed would be the technical experts like Andrzej to decompile and reverse engineer the source code.
Currently, it is against federal law for civilians to counter attack a hacker. But, one could assume that federal agencies are already using these techniques. Now, what would be very interesting is if the next version of Einstein (The Government’s automated virus protection system) had a database of exploited malware code. When the system detected an attack, it could analyze the incoming attack, determine what malware the attack is based on and automatically execute the reverse attack, all on the fly and in real time.
Cool stuff, a PowerPoint of Andrzej’s presentation can be found on Blackhat Europe’s website.
*** Check out Rsignia’s new offensive cyber weapon. It can jam hackers, capture data from hackers and change it before resending it and best of all, it can install code on bot net Zombies attacking your network and turn them against each other!