hyper island - 2012

FOR FUN AND PROFIT!

EVIL DATA MINING

Contents

● Web Scraping

● Quick and Dirty SQL Injections

● iPhones, WiFi and Evil Twins

● Hacking Neighbours

● Port scanning on Steroids

Introduction

● Fredrik Nordberg Almroth (@Almroot)Head application engineer and co-founder @ detectify.comIT-security guyHacked Google. Twice.

● Johan Edholm (@norrskal)Server administrator and co-founder @ detectify.comWorked with IT security analytics and anti-scrapingStudied system and network management in Linux

What is Detectify?

Detectify is an automated vulnerability scanner.

● You sign up using beta code.

● You press start!

● Detectify emulates a hacking attack.

● You get a report regarding your vulnerabilities.

● Detectify is currently in closed beta!

● You may try it for free using the beta code: HyperMine

● http://detectify.com/

● We love feedback! :)

What is data mining?● Data mining is mostly associated with statistics and machine learning.

● ...or discovery of patterns (intelligence) in large datasets...

● No fancy algorithms! Just real life examples.

Web scraping

● Grab content from websites

● Host somewhere else

● Study the data

● Sell the data

Web scraping

● Manual copy-paste

Web scraping

Web scraping

● Googlebot

Web scraping

● Bad scrapers○ Downloadable or online tools

○ Homemade scripts

○ HTTP rewriters

Web scraping

● Homemade scripts○ Made for one site/purpose○ No hacking○ May be against ToS○ Probably legal

Web scraping

● Sosseblaskan.se○ Copy of aftonbladet (rewrite)○ A joke○ Not ads for aftonbladet○ Not phishing○ Illegal

SQL

● Structured Query Language

● Used to talk with databases. MySQL, PostgreSQL, etc...

How it's used

● Websites use databases to maintain data.

● The SQL queries often contain user-data.

● You search on a website for a few keywords.

● The odds of it being done by some SQL dialect is huge.

What could possibly go wrong?

● User supplied data may alter the SQL query.

● Example:SELECT title FROM blog WHERE title = '$search_keywords';

● If the searched data contain a quote, the SQL query will break.

● Attackers may gain other data than just the "blog title".

● Usernames, passwords, emails, credit-cards...

SQL Injections

● Devastating attack.

● Worst part. It's really common.

● Remember Sony last year?

● Victims 2012.○ eHarmony○ last.fm○ Yahoo!○ Android Forums○ Billabong○ Formspring○ nVidia○ Gamigo○ ...List goes on...

● Thousands of sites attacked daily.

● Incredibly easy to get going.

● Loads of guides and tools on the internet.

● Devastating for the vulnerable organizations.

(This is the time we'll stand here and struggle with the equipment.)

LIVE DEMO!

Fun with WLAN

● Create an evil twin

● Jasager

Evil twin

● You connect to eg. "espresso house free"● iPhone will save and remember that network● When you come back it will automatically

connect

Evil twin

● Someone creates a network called "espresso house free"

● Your phone will automatically connect

What if the attacker don't know which networks you've been connected to?

Jasager

Fun with WLAN

● Works on everything○ Windows, linux, Mac, Android, iPhone etc

● Can be monitored○ See which networks you are looking for and in which

order

Fun with WLAN

WiGLE.net

IT-Security @ Home

● Devices on local networks.○ Routers○ Printers○ Heat Pumps○ Laptops○ PC's○ Tablets○ Cellphones○ XBOX'es○ ...etc...

Telecom operator ComHem provide "Tre-hål-i-väggen"

● Routers may act as switches

● IP Forwarding

● You can see your neighbours devices

● Portscan!

● A port scanner finds open services on IP-addresses.

● nmap

● Find vulnerabilityor

● Weak (default) passwordor

● No password!

Protip:http://www.routerpasswords.com/

GAME OVER

Conclusion

You can with ease gain access to your neighbours data.

Speaking of portscanning...

● Spring 2010, the "spoon" project.

● Got interested in packet crafting.

● 3000 packets/second

● Sweden got 25.000.000 allocated IPv4-addresses.

● ...Results in a timeframe of 2 hours and 20 min to scan.

● Resolve all servers on a given port in a Sweden.

● Could of course be applied to any country.

● Early 2011, "spoon2".

● 30000 packets/second. Ten times as fast!

● From 2½ hour, to approximate 15 minutes.

● Same result.

● Imagine a company. Like ACME Corp.

● 10 servers running "spoon2".

● Get a fresh map of Sweden every 90 second.

● 100 servers, every 9'th second second.

● ACME Corp got potential to become a global "pingdom".

● Results in large scale data mining.

● Would require loads of clever algorithms and infrastructure to maintain it all though.

shodanhq.com

● The firm shodanhq already crawls countries for open services.

● Identified ~438.000 web servers in Sweden alone.

● Mostly devices found on local networks.(routers / printers).

● No security. Loads of vulnerable devices.

● Eavesdrop your neighbour? No problem.

● Why bother?

● Can be applied to a whole country.

Summary

● Web Scraping

● Quick and Dirty SQL Injections

● iPhones, WiFi and Evil Twins

● Hacking Neighbours

● Port scanning on Steroids

Q & A

http://detectify.com/

Hack the planet!

References● http://www.theta44.org/karma/aawns.pdf

● http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet

● http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/

● http://nmap.org/6/

● http://www.ietf.org/rfc/rfc793.txt

● http://www.ietf.org/rfc/rfc791.txt

● http://www.ietf.org/rfc/rfc1323.txt

● http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/