https://theitgeekchronicles.files.wordpress.com/2012/05/scapyguide1.pdf
Monday, September 21, 2015
Build Your Own Scary Surveillance Jeep For Under $5000 With This Hacker's Guide
http://www.forbes.com/sites/thomasbrewster/2015/09/15/diy-stingray-jeep/
If you could turn your car into a surveillance vehicle capable of intercepting telephone calls, jamming communications and manipulating electronic systems run by critical infrastructure providers, would you do it? What if it cost less than $5000?
This is possible thanks to cheap kit and open source software, says security consultant and pro hacker from Coalfire, Drew Porter. He’s kitted out his own 2008 Jeep Grand Cherokee Overland with nearly $5000 in radio, computing and power hardware so it can snoop on all kinds of information as he drives around. And Porter will teach others how to create their own covert spy car at the upcoming DerbyCon conference in Louisville, Kentucky later this month.
Porter has taken “war driving” – hacking on wheels – to the extreme to prove a point: as legal battles over NSA snooping and police use of phone-tracking Stingrays are waged, anyone can carry out similar surveillance with minimum effort and funding. “It started as a hidden project, mostly to hide it from my wife,” Porter joked. “It worked really well for three months. So it’s definitely spot on with the covertness.”
His own stealth mobile comes with two low-profile Ultra Wideband antennas collecting signals between the 700MHz-2700MHz bands of spectrum, and two more for capturing signals in the 125MHz-630MHz range. Along with the 7-inch HD monitor, a keyboard and mouse, they’re the only things that make the Jeep look a little different.
Everything else is hidden. Under the boot (pictured below) are two power converters to keep the operation running, a mini computer (Porter changes between an AMD BRIX and an Intel INTC +0.00% NUC) to handle all the data constantly coming in through the antennas, two power amplifiers and two low noise amplifiers to pick up weaker signals. There’s also the most expensive piece of kit, the USRP B210, a software-defined radio (SDR) that’s responsible to tuning into the various signals in the surrounding area. SDRs are remarkably useful for hackers of all ilks, as they can be quickly tinkered with to pick up on signals from different frequencies, whilst feeding the data back to linked software. They can be incredibly cheap, as $120. The USRP B210 cost Porter $1100. In total, he spent $4419 of his own money.
All of that hardware is managed by Porter’s bespoke software, dubbed
Redz SIGINT (for signals intelligence). It allows him to view and
interact with the surrounding spectrum at any time. It comes with
various tools that form a veritable Swiss army knife for on-the-go
hackers: a signals jammer to interrupt communications, analysis software
for “unknown signals of interest” and a tool for replaying captured
signals.
One of the “offensive” parts of Redz SIGINT is the IMSI capture tool. Such technology is built by a range of manufacturers, government contractor Harris HRS +0.00% Corp being the most famous, as it created the Stingray used by various police forces in the US. Stingrays essentially trick phones in a nearby area to connect to it. Combined with other software, they can be used to collect location data, phone information and the content of calls and texts. They’ve become a subject of controversy in recent years due to the FBI’s deployment of them without a warrant. A US Department of Justice announcement this month affirmed that warrants had to be obtained before a Stingray was put to use.
A 2008 price list obtained by Public Intelligence indicated Harris’ Stingray started at $75,000, though the additional software and antennas would have pushed the price up by tens of thousands of dollars. A Stingray 2 cost $148,000 on its own. But Porter was able to create a cheap and cheerful version of a Stingray by altering OpenBTS, an open source technology that is traditionally used to create cellular network access points.
“There was a whole bunch of news about Stingray. Everyone was like, it costs so many hundreds of thousands of dollars and … it’s very noticeable. I was like, I have a similar system that doesn’t cost hundreds of thousands of dollars that isn’t really noticeable,” he told FORBES. “Obviously police have different capabilities and they have greater capabilities … but this is generally what can be done with relatively cheap equipment.”
Porter was keen to point out he only used his personal Stingray, jammers and other “active” intelligence gathering tools in controlled environments with willing participants; only passive surveillance of open information was harvested in public environments.
What use might the spy Jeep be to more malicious war drivers? Outside of straight-up spying on people’s phones, they could look at disrupting critical infrastructure. Porter says he has regularly worked with companies managing America’s power. In one case, he found a firm responsible for running a water power plant used one signal to open and close water gates. He collected this signal, analysed it and discovered he could simply replay it to activate the gates. “That’s one example of using a software-defined radio that could be quite devastating for a critical infrastructure environment,” he added.
At DerbyCon, he will release the alpha version of Redz SIGINT and a PDF guide, “Build Your Own Covert SIGINT Vehicle”. Porter hopes his stealth Jeep will prove just how cheap and easy it is for anyone to surveil. “The hardware is cheap enough, the equipment is good enough to do real signals intelligence which can be scary. I’m sure there are a lot of people who don’t want civilians to go signals intelligence, but it is a fact of our life, where everything in our life has to be connected now and really this Jeep takes advantage of that.”
We could all be Big Brother if we wanted.
If you could turn your car into a surveillance vehicle capable of intercepting telephone calls, jamming communications and manipulating electronic systems run by critical infrastructure providers, would you do it? What if it cost less than $5000?
This is possible thanks to cheap kit and open source software, says security consultant and pro hacker from Coalfire, Drew Porter. He’s kitted out his own 2008 Jeep Grand Cherokee Overland with nearly $5000 in radio, computing and power hardware so it can snoop on all kinds of information as he drives around. And Porter will teach others how to create their own covert spy car at the upcoming DerbyCon conference in Louisville, Kentucky later this month.
Porter has taken “war driving” – hacking on wheels – to the extreme to prove a point: as legal battles over NSA snooping and police use of phone-tracking Stingrays are waged, anyone can carry out similar surveillance with minimum effort and funding. “It started as a hidden project, mostly to hide it from my wife,” Porter joked. “It worked really well for three months. So it’s definitely spot on with the covertness.”
His own stealth mobile comes with two low-profile Ultra Wideband antennas collecting signals between the 700MHz-2700MHz bands of spectrum, and two more for capturing signals in the 125MHz-630MHz range. Along with the 7-inch HD monitor, a keyboard and mouse, they’re the only things that make the Jeep look a little different.
Everything else is hidden. Under the boot (pictured below) are two power converters to keep the operation running, a mini computer (Porter changes between an AMD BRIX and an Intel INTC +0.00% NUC) to handle all the data constantly coming in through the antennas, two power amplifiers and two low noise amplifiers to pick up weaker signals. There’s also the most expensive piece of kit, the USRP B210, a software-defined radio (SDR) that’s responsible to tuning into the various signals in the surrounding area. SDRs are remarkably useful for hackers of all ilks, as they can be quickly tinkered with to pick up on signals from different frequencies, whilst feeding the data back to linked software. They can be incredibly cheap, as $120. The USRP B210 cost Porter $1100. In total, he spent $4419 of his own money.
Recommended by Forbes
A host of computing, software defined radio and battery power kit, hidden in the back of Drew Porter’s stealth Jeep.
The Redz SIGINT software for on-the-move surveillance, or “war driving”, will be released later this month.
One of the “offensive” parts of Redz SIGINT is the IMSI capture tool. Such technology is built by a range of manufacturers, government contractor Harris HRS +0.00% Corp being the most famous, as it created the Stingray used by various police forces in the US. Stingrays essentially trick phones in a nearby area to connect to it. Combined with other software, they can be used to collect location data, phone information and the content of calls and texts. They’ve become a subject of controversy in recent years due to the FBI’s deployment of them without a warrant. A US Department of Justice announcement this month affirmed that warrants had to be obtained before a Stingray was put to use.
A 2008 price list obtained by Public Intelligence indicated Harris’ Stingray started at $75,000, though the additional software and antennas would have pushed the price up by tens of thousands of dollars. A Stingray 2 cost $148,000 on its own. But Porter was able to create a cheap and cheerful version of a Stingray by altering OpenBTS, an open source technology that is traditionally used to create cellular network access points.
“There was a whole bunch of news about Stingray. Everyone was like, it costs so many hundreds of thousands of dollars and … it’s very noticeable. I was like, I have a similar system that doesn’t cost hundreds of thousands of dollars that isn’t really noticeable,” he told FORBES. “Obviously police have different capabilities and they have greater capabilities … but this is generally what can be done with relatively cheap equipment.”
Porter was keen to point out he only used his personal Stingray, jammers and other “active” intelligence gathering tools in controlled environments with willing participants; only passive surveillance of open information was harvested in public environments.
What use might the spy Jeep be to more malicious war drivers? Outside of straight-up spying on people’s phones, they could look at disrupting critical infrastructure. Porter says he has regularly worked with companies managing America’s power. In one case, he found a firm responsible for running a water power plant used one signal to open and close water gates. He collected this signal, analysed it and discovered he could simply replay it to activate the gates. “That’s one example of using a software-defined radio that could be quite devastating for a critical infrastructure environment,” he added.
At DerbyCon, he will release the alpha version of Redz SIGINT and a PDF guide, “Build Your Own Covert SIGINT Vehicle”. Porter hopes his stealth Jeep will prove just how cheap and easy it is for anyone to surveil. “The hardware is cheap enough, the equipment is good enough to do real signals intelligence which can be scary. I’m sure there are a lot of people who don’t want civilians to go signals intelligence, but it is a fact of our life, where everything in our life has to be connected now and really this Jeep takes advantage of that.”
We could all be Big Brother if we wanted.
Operation Iron Tiger, hackers target US Defense Contractors
http://securityaffairs.co/wordpress/40199/cyber-crime/operation-iron-tiger.html
The experts speculate that the Iron Tiger Operation was carried out by the China-based group dubbed “Emissary Panda.”
In August 2015, researchers at Dell discovered that the Panda Emissary group used Watering hole attacks as the attack vector, they compromised websites popular with a target organization’s personnel.
The Panda Emissary (also known as TG-3390) targeted high-profile governments and organisations searching for defence aerospace projects.
The group is active at least since 2010 targeting organization in APAC, but since 2013 it is attacking high-technology targets in the US.
The experts consider the Panda Emissary a “highly competent and sophisticated group“, Trend Micro revealed to have seen them steal up to 58 GB worth of data from a single target.
Trend Micro published a detailed report on the Operation Iron Tiger, the investigation allowed the experts to analyze the TTPs (Tactics, Techniques and Procedures of the threat actor.
Below the key findings of the report:
Pierluigi Paganini
(Security Affairs – Operation Iron Tiger, cyber espionage)
Experts at Trend Micro uncovered the Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors.
Security experts at Trend Micro have uncovered a new targeted attack campaign dubbed Operation Iron Tiger. Threat actors behind the Operation Iron Tiger have stolen trillions of data from defense contractors in the US. Stolen data include intellectual property, including emails and strategic planning documents and many other highly confidential information that could be used by attackers to destabilize an organization.The experts speculate that the Iron Tiger Operation was carried out by the China-based group dubbed “Emissary Panda.”
“Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of data from defense contractors in the US, including stolen emails, intellectual property, strategic planning documents—data and records that could be used to destabilize an organization.” states a blog post published by Trend Micro.
In August 2015, researchers at Dell discovered that the Panda Emissary group used Watering hole attacks as the attack vector, they compromised websites popular with a target organization’s personnel.
The Panda Emissary (also known as TG-3390) targeted high-profile governments and organisations searching for defence aerospace projects.
The group is active at least since 2010 targeting organization in APAC, but since 2013 it is attacking high-technology targets in the US.
The experts consider the Panda Emissary a “highly competent and sophisticated group“, Trend Micro revealed to have seen them steal up to 58 GB worth of data from a single target.
“The Iron Tiger actors can be skilled computer security experts but sparingly used advanced techniques, given their weakly protected target networks. They do not follow a specific schedule when it came to launching attacks. Instead, they prioritize attacks based on a list of chosen targets.” states the experts.The attackers used spear-phishing emails to carry on the attacks, the experts at Trend Micro analyzed in detail the accounts used by the hackers and the composition of the email messages (i.e. subject, language, message).
Trend Micro published a detailed report on the Operation Iron Tiger, the investigation allowed the experts to analyze the TTPs (Tactics, Techniques and Procedures of the threat actor.
Below the key findings of the report:
- The group’s use of exclusive hacking tools and malware, such asdnstunserver, PlugX, Gh0st, to name a few
- The threat actor group’s use of public resources as Blogspot™ and the Google Cloud Platform™
- The group patched one of their compromised servers to avoid being hacked
- Key identification elements leading to at least one individual physically located in China
- The use of code-signing certificates of Korea-based security company SoftCamp Co., Ltd.
- The group’s list of targets, which include military defense contractors, intelligence agencies, FBI-based partners, and the US government
- Their use of a unique method to intercept Microsoft Exchange credentials
Pierluigi Paganini
(Security Affairs – Operation Iron Tiger, cyber espionage)
Share On
Thursday, August 13, 2015
Lenovo Caught Using Rootkit to Secretly Install Unremovable Software
http://thehackernews.com/2015/08/lenovo-rootkit-malware.html
Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns.
Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware.
One of the most popular Chinese computer manufacturers ‘Lenovo’ has been
caught once again using a hidden Windows feature to preinstall unwanted
and unremovable rootkit software on certain Lenovo laptop and desktop
systems it sells.
The feature is known as "Lenovo Service Engine" (LSE) – a piece of code presents into the firmware on the computer's motherboard.
If Windows is installed, the LSE automatically downloads and installs
Lenovo's own software during boot time before the Microsoft operating
system is launched, overwriting Windows operating system files.
More worrisome part of the feature is that it injects software that
updates drivers, firmware, and other pre-installed apps onto Windows
machine – even if you wiped the system clean.
So even if you uninstall or delete the Lenovo's own software programs,
the LSE hidden in the firmware will automatically bring them back as
soon as you power-on or reboot your machine.
Users at a number of online forums are criticizing Lenovo for this move
and suspecting that the Chinese computer maker has installed a "bootkit"
that survives a full system wipe-and-reinstall.
The issue was first discovered and reported by users back in May when using new Lenovo laptops but was widely reported Tuesday.
What these Unwanted Program Does?
For Desktops:
In case of desktops, Lenovo's own description states that the software
doesn't send any personally identifying information, but sends some
basic information, including the system model, date, region, and system
ID, to a Lenovo server.
Moreover, the company claims that this process is done only one-time,
sending the information to its server only when a machine first connects
to the Internet.
For Laptops:
However, in case of Laptops, the software does rather more. LSE installs
a software program called OneKey Optimizer (OKO) that bundles on many
Lenovo laptops.
According to the company, the OKO software is used for enhancing computer performance by "updating the firmware, drivers, and pre-installed apps" as well as "scanning junk files and find factors that influence system performance."
OneKey Optimizer falls under the category of "crapware". The worst part is that both LSE as well as OKO appears to be insecure.
Back in April, security researcher Roel Schouwenberg reported some
security issues, including buffer overflows and insecure network
connections, to Lenovo and Microsoft.
This forced Lenovo to stop including LSE on its new systems that built
since June. The company has also provided firmware updates for
vulnerable laptops and issued instructions to disable the option on
affected machines and clean up the LSE files.
Among others, many Flex and Yoga machines running an operating system
including Windows 7, Windows 8, and Windows 8.1 are affected by this
issue. You can see the full list of affected notebooks and desktops on
Lenovo's website.
Lenovo has since released an official statement, which notes that the
systems made from June onwards have BIOS firmware that eliminates the
issue, and it's no longer installing Lenovo Service Engine on PCs.
Expert way! How to Remove Lenovo Service Engine (Rootkit)
In order to remove LSE from your affected machines, you have to do it manually. Follow these simple steps in order to do so:
- Know your System Type (whether it’s a 32-bit or 64-bit version of Windows)
- Browse to the Lenovo Security Advisory, and select the link for your specific Lenovo machine.
- Click the "Date" button for the most recent update.
- Search for "Lenovo LSE Windows Disabler Tool" and Click the download icon next to the version that matches your version of Windows.
- Open the program once it downloads. It will remove the LSE software.
Saturday, August 1, 2015
Announcing the Second FLARE On Challenge
https://www.fireeye.com/blog/threat-research/2015/07/announcing_the_secon.html
The puzzles start with basic skills and escalate quickly to more difficult reversing tasks. At FLARE we have to deal with whatever challenges come our way, so the challenge reflects this. If you take on the challenge you might see puzzles involving Packers, Mobile platforms, steganography, obfuscated .NET, and so on.
The FireEye Labs Advanced Reverse Engineering (FLARE) team is
hosting its second annual CTF-style challenge for all reverse
engineers, malware analysts, and security professionals.
The first FLARE On Challenge was a huge success with over 7,000
participants and 226 winners! If you missed it last year, we invite
you to compete and test your skills again. The challenge runs the
gamut of skills we believe are necessary to succeed on the FLARE team.
We invite everyone who is interested to solve the challenge and get
their just reward!
The puzzles were developed by many different members of the FLARE
team and lead by Nick Harbour. Nick is an expert in reverse
engineering and computer forensics, with a specialty in
anti-disassembly techniques. Nick has created industry security tools
such as Red Curtain, dcfldd, IOCe, tcpxtract, and pe-scrambler. He
also wrote Chapter 15 of Practical Malware Analysis.
The puzzles start with basic skills and escalate quickly to more difficult reversing tasks. At FLARE we have to deal with whatever challenges come our way, so the challenge reflects this. If you take on the challenge you might see puzzles involving Packers, Mobile platforms, steganography, obfuscated .NET, and so on.
The Second FLARE On Challenge will open at July 28, 2015 20:00EDT
and close on Sept. 8, 2015 20:00EDT. You can finish any time before
Sept. 8 to qualify for a prize.
Nick is hosting a
webinar on Wednesday, July 29, to help kick off your challenge
experience.
After completing the final challenge, you’ll be contacted by a FLARE team member. Once you provide a mailing address we’ll ship you your prize. Last year, the prize was a coin and this year we have something new and special for the winners ;). The full details can be found at: www.flare-on.com.
After completing the final challenge, you’ll be contacted by a FLARE team member. Once you provide a mailing address we’ll ship you your prize. Last year, the prize was a coin and this year we have something new and special for the winners ;). The full details can be found at: www.flare-on.com.
So on behalf of the FLARE team, I say Happy Reversing!
Subscribe to:
Posts (Atom)