Israeli Cyber Defense Interview

Cyber defense war room [llustrative] Photo: Reuters and Marc Israel Sellem
IDF war room [llustrative] Photo: Reuters and Marc Israel Sellem

Not sure if anyone has seen this yet, but Al-Monitor/Israel Pulse has a great interview with two members of the Israeli Defense Force Cyber Security Team.

In the article, “IDF Hackers Test Israeli Preparedness For Cyberattacks” Lt. Col M. and Capt. A. discuss what it is like being on Israel’s crack team of cyber ninjas. They cover several key topics including thoughts on current threats and the current hot button topic, NSA spying.

Lt. Col M. and Capt. A. lead opposing teams in red team drills. They practice constantly to hone and perfect their skills, but also teach and train those under them to think out of the box in cyber security.

How will the IDF cyber team deal with increasingly sophisticated attacks from Islamic countries and are they concerned about NSA espionage practices?

Our job is to monitor the goings-on and keep track of the technological developments, and we need to know what the threats and risks in cyberspace are. In any event, to protect strategic assets, encryption systems that we develop ourselves in-house, rather than off-the-shelf products, are customarily used,” said Lt. Col M.

The best hackers and security teams create their own programs and work on developing their own exploits. But where would the IDF look to find exploits or weaknesses?

Security holes can be found anywhere. The point of hacking is to find the system vulnerability and leverage it to undermine the entire system,” says Lt. Col. M.

The best way to break into a system is not by running head-on into it. Rather, the most sophisticated attacks, the ones that you can brag about, are those that take advantage of a hidden security hole,” added Capt. A.

It is a very good article and well worth the read as it offers a glance into the security mindset of our Middle East allies.

Check it out!

How to Surf the Web Without being Tracked

Great video from Tinkernut.com.

I’ve played with the services that the video recommends and am fairly impressed.

The Ghostery plug-in is great! If you are familiar with NoScript (You use that right?) it works fairly similar. When run it shows all the tracking programs that the website you are viewing is using. You have the choice to block them all or individually.

GhostVPN seems to be a quick and easy to use VPN service that offers a bandwith limited free account and claims that they do not track you at all.

If you are concerned about your internet privacy, check out the video above!

Chinese Hackers use NSA PRISM Monitoring for Malware Campaign

The interwebs were set afire with the news of the NSA monitoring program when whistle blower Edward Snowden released information on Prism. Well, never missing a good opportunity to exploit people, it seems Chinese hackers have jumped into the fray using the NSA monitoring scare as a source for a malicious e-mail campaign dubbed “CIA Prism Watchlist”.

When former NSA employee Edward Snowden exposed the US government’s large electronic monitoring program called “Prism“, some called him a hero, and others a traitor and a spy.

To me the jury is still out on him, yes what the government was doing was very wrong and violates constitutional rights. But Snowden turning to the Chinese for help has left many scratching their heads. If someone was looking for a country that supports and defends free speech, I don’t think China would be on the top ten of any list.

And again, though I don’t support what the government was doing, many people simply hand over personal and very intimate details about their lives to perfect strangers on a daily basis to feed our social media addiction.

Well, never one to miss an opportunity, it seems Chinese hackers are taking advantage of the government monitoring scare that has swept across the nation. According to The Register, the Chinese hacker group behind the NetTraveler attacks is using the opportunity to spread malicious e-mails titled “CIA’s Prism Watchlist”.

Attached to the badly worded e-mail is a Word Document named ‘Monitored List 1.doc’, “containing malware designed to exploit the same vulnerability (CVE-2012-0158).”

For more information, check out the 9bplus blog that originally discovered the e-mail in an VirusTotal upload.

Scouring the Web for Insecure Systems using Shodan-Fu

Shodan

Shodan – “The computer search engine”, seems to be one of the most (if not the most) controversial search engines on the internet. Shodan searches for computer systems and not people or things. According to reports from major media it would seem that you can search for vulnerable power plants on a whim and control traffic lights with ease. But is it really that easy?

Well, yes and no.

I remember when Shodan first started offering it’s search engine publicly. One highly respected security guru said that it would be shut down in a week. Well, it has been quite a while and Shodan is still up and running. Granted if you know what to look for you can find vulnerable or completely open systems with a few simple search terms. But you can also do the same with Google if you know how to craft the search terms.

I don’t think it’s Shodan that is as much the problem, as it is that people keep putting completely insecure systems on the internet!

Or they leave very outdated systems out on the internet that haven’t been patched or updated in years!

For example a quick Shodan search for “IIS/2.0” returns about 90 systems that are still live on the internet! That Microsoft Web Server version is over 16 years old!

Here are some more:

  • IIS/3.0 returns over 600 systems
  • IIS/4.0 about 14,000
  • IIS/5.0 about 500,000!

And IIS/5.0 is so much newer than 2.0, heck it was released with Windows 2000…

You can search for operating system versions too. How about “Windows NT 4.0”?

This returns about 900 systems.

“Microsoft-Windows-NT/5.1” Returns about 1800 systems. These are basically Windows XP systems running a web server – What could go wrong with that?

And that is just operating systems, you would be surprised how many wide open printers you will find out there. A quick search for network print server names will return  thousands of printers many which have the security disabled.

And that is very sad as on many network print servers, turning on security is literally just a mouse click or two.

You can even refine your searches on Shodan using commands like port, country or even city.

But is it really that easy to find open security systems and SCADA systems as main media makes it seem? No, not really, you need to know very specific search terms to find these. But if you do know these terms, then it is a different story.

But sometimes these search words are very obscure, and of course they are not advertised.

But if you do know the terms you can find a lot of systems, like these overseas Wind Farm systems:

Wind Farm

Wow, that is a lot of power and that is just one wind farm!

No worries though, the summary is a gimme, you are not allowed to change anything with these wind farm system without logging in. I hope they use complex passwords…

You can find some pretty funny stuff too doing Shodan searches, like this one:

Shodan Funny

I believe that Shodan is a critical tool for security specialists. With it you can search for your company and see what is actually out there. Many large companies have public facing systems that they have completely forgotten about. These systems may be exploitable and could allow an attacker into your internal system.

You can also check to see if you have public facing devices that are wide open. For example, what if your network administrator set up a print server and left it completely open on the internet. Do you really want someone from a different company or country going in to your print server and telling it to e-mail a copy of everything printed to them?

As usual with all security tools, some people will use Shodan for evil purposes. That is why it is critical that security departments use it first to check out their own company. Also make sure that login credentials for any publicly facing system has a long complex password.

A little bit of security goes a long way!

(When using Shodan remember, do not attempt to log in to a system that is not yours or try to access information that does not belong to you. Doing so is highly illegal and you could end up in jail.)