hacking the company : risks with carbon-based lifeforms using vulnerable systems
TRANSCRIPT
$ whoami
Curious Hacker (eg. I like to break things apart and rebuild them!)Maker (eg. I like to make things)RC-Geek (eg. I like to fly radiocontrolled devices)Chief Security Officer @Crosskey Banking SolutionsSocial Media Twitter: @khalavak, G+: Kim Halavakoski, G+ communities: Security De-Obfuscated, PCI Jedis...
"Innostunut ja taitava tietokoneen ohjelmoija tai käyttäjä"
hacker as defined in RFC1392: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. The term is often misused in a pejorative context, where "cracker" would be the correct term. See also: cracker.
VulnerabilitiesYoung padawan, don't forget: Lack of focus leads to sloppiness, sloppiness leads to misconfiguration and bugs, and misconfiguration and bugs leads to compromise.
Who uses these vulnerable vendors anyway?
We all keep our systems patched? All the time? Almost? Sometimes?Example of vulnerable vendors: Microsoft, Apple, Oracle, Sun Microsystems, Cisco, Mozilla, Linux, Hewlett Packard, Adobe...
Ever used any of these vendors?
Who uses these vulnerable products anyway?
We all keep our software products patched? All the time? Almost? Sometimes?Example of vulnerable software: Linux, Firefox, Mac OS X, Google Chrome, Internet Explorer, Seamonkey,Solaris, Thunderbird
Ever used any of these softwares?
Browser market shares
According to the previous statistics with vulnerabilities in Internet Explorer, Firefox, Chromeit seems like 92.61% of the browsers used on the Internet are vulnerable.
46 vulnerabilities in 201248 vulnerabilities in 2013 (and it's only March!)of which 26 vulnerabilities with CVSS score 10.0 in 2013 until now
Patching is CriticalSecurity is as strong as the weakest link.
If you take security seriously then making sure everything is up to date is more important than ever.
Social engineering works. People are easily tricked. Really.Tap into psychological factors that are part of human natureAbuses trust frameworks that we are used to in real life.
A good presentation needs a cat picture to soften the audience.
On a side-note, cybercriminals know that we like cute and funny pictures and videos,so they are using our eagerness to click on cute things to hack your computer...
So even if supercute, think before you click!
Oleg Nikolaenko24 year old hacker who ran the Mega-D botnet back in 2010Mega-D was sending 30-40% of the spam on the Internet
Vladimir TsastsinVladimir ran Estdomains and later Rove Digital, which ran "Operation Ghost Click" which was behind the infamous DNSChanger malware that caused havoc all over the world.
FI:2829
Top 10 values num % Helsinki 411 14.528% Tampere 406 14.351% Hämeenlinna 176 6.221% Jyväskylä 117 4.136% Turku 87 3.075% Vanda 85 3.004% Espoo 71 2.51% Pirkkala 63 2.227% Lahti 63 2.227% Oulu 59 2.086%
From the 2829 IP-addresses in Finland I did a quick statistical analysis of the whois and DNS data and found:
most of the IPs are end-customers with ADSL, GPRS connections from Sonera, DNA, Nebula, Local Telephone companies, etc.59 whois records that seem like companies37 DNS records that looks like companies
...some small, some bigger and some of them even "security" companies and some in public services and even government use...
RSA -> Lockheed Martin RSA was hacked, allegedly in order to get into Lockheed MartinTwitter Twitter was hacked using recent Java-vulnerabilitiesFacebook Facebook was hacked using recent Java-vulnerabilities through a third-party site iphonedevsdk.comMicrosoft Microsoft was hacked using recent Java-vulnerabilities through a third-party site iphonedevsdk.comApple Apple was hacked using recent Java-vulnerabilities through a third-party site iphonedevsdk.com
US National Vulnerability Database hackedMalware planted on 2 webservers...Undiscovered for 2 months...
"Hacking the NVD and planting malware on the very place where we get our vulnerability information,that is just pure evil!"
Matt Honan – Senior Editor at Wired Gadget LabsSecurity flaws in Apple and Amazon customer service systems lead to hackers gaining control over his account and deleting files on his Mac.
MetasploitPenetration testing tool.Developed by HD Moore back in 2003.Bought by Rapid 7 in 2009.Opensource verion still available.
Social Engineer ToolkitGreat tool for performing social engineering attacks: phishing, web-attacks, malware infecter USB sticks, etc.Developed by Dave Kennedy & Co
Demo
Fictious company with the following network setup:firewall, mailserver, webserver, DNS-server, Internal Windows 7 workstation...
Carbon based lifeformsHumans are the weakest linkUsing age-old social frameworks in a modern connected worldEasily tricked into clicking, opening links, attachments and programsMake errors, repeadetly
Computer softwareAre programmed by humansHave bugsUsed by humans
Hacking toolsReadily availableEasy to useDeveloped by proffessionals
CybercriminalsCybercriminalsHacktivistsNation States & Governments