Posts Tagged ‘Hacker’

Newer Entries »

Cyberwarfare manual sounds alarm on hackers

October 26th, 2010
Share

A new Air Force manual for cyberwarfare describes a shadowy, fast-changing world where anonymous enemies can carry out devastating attacks in seconds and where conventional ideas about time and space don’t apply.

Much of the 62-page manual is a dry compendium of definitions, acronyms and explanations of who reports to whom. But it occasionally veers into scenarios that sound more like computer games than flesh-and-blood warfare.

Enemies can cloak their identities and hide their attacks amid the cascade of data flowing across international computer networks, it warns.

Relentless attackers are trying to hack into home and office networks in the U.S. “millions of times a day, 24/7.”

And operating in cyberspace “may require abandoning common assumptions concerning time and space” because attacks can come from anywhere and take only seconds, the manual says.

The manual — officially, “Cyberspace Operations: Air Force Doctrine Document 3-12” — is dated July 15 but wasn’t made public until this month. It is unclassified and available on the Internet.

It dwells mostly on protecting U.S. military computer networks and makes little mention of attacking others. That could signal the Pentagon wants to keep its offensive plans secret, or that its chief goal is fending off cyberattacks to keep its networks up and running, analysts said.

“Their primary mission is in some ways defensive,” said James Lewis, a cybersecurity expert and a senior fellow at the Center for Strategic and International Studies.

Lewis said the government still hasn’t decided whether offensive cyberwarfare is the province of the military or intelligence agencies.

“Who gets to do it? Is it a military operation? … An intel operation?” Lewis said. “They’ve made a lot of progress in the last year but they’re still sorting out the doctrine.”

Noah Shachtman, a contributing editor to Wired magazine and a fellow at the Brookings Institute think tank, said even the limited mention of offensive operations in the manual surprised him.

The manual cites one example of a cyberwar objective as “shutting down electrical power to key power grids of enemy leadership.”

“That’s usually not the kind of thing we talk about doing to others,” Shachtman said. “The offensive stuff is supersecret.”

Much of the manual is entry-level material, Shachtman said, citing an appendix listing 10 things Air Force personnel should know, including a warning not to open attachments in e-mails from unknown senders.

“The equivalent appendix would be like, ‘This is a gun. Guns are unsafe. Please do not point them at your face,’ ” Shachtman said.

The manual explains how dependent the military and civil society have become on computer networks for communication, banking, manufacturing controls and the distribution of utilities.

It also outlines the vulnerabilities of the Internet, including the relatively low cost of computers that could give an adversary a way to block, manipulate, damage or destroy a network.

It describes a 2005 incident when a hacker or hackers got access to personal information of more than 37,000 Air Force personnel.

The manual points out that much of the Internet’s hardware and software are produced and distributed by private vendors in other countries who “can be influenced by adversaries to provide altered products that have built-in vulnerabilities, such as modified chips.”

Defending the entire U.S. military network is unnecessary and probably impossible, the manual says. Just as the Air Force doesn’t try to defend every square mile of airspace around the globe, it won’t try to defend the whole of cyberspace.

“Whether used offensively or defensively … conducting particular cyberspace operations may require access to only a very small ‘slice’ of the domain,” the manual says.

Overall U.S. military cyberwarfare operations will be the job of the U.S. Cyber Command, which began limited operations in May. It will have components from the Army, Air Force, Navy and Marines.

The Air Force component — the 24th Air Force at Lackland Air Force Base, Texas — is part of the Air Force Space Command at Peterson Air Force Base, Colo.

Lewis said the Cyber Command had a hand in the content of the Air Force manual.

“I see it as the first step in assigning special missions to the services. It’s a division of labor among the services,” he said.

The Marine Corps’ cyberspace operation document is still in development, a spokeswoman said. Army and Navy officials didn’t immediately respond to AP questions about their planning.

Responsibility for civilian and government cybersecurity is less clear. Congress is debating between giving more power to the Homeland Security Department or the White House and the National Institute of Standards and Technology.

Homeland Security and the National Security Agency announced this month they would cooperate to strengthen the nation’s cybersecurity.

Source:http://www.airforcetimes.com/news/2010/10/ap-air-force-cyberwarfare-manual-sounds-alarm-on-hackers-102510/

Comments Off »

Posted in Hardware News

Tags:

Mark iPhone hacker discovers a new Jailbreaking exploit; to fix it, Apple must ship new hardware

September 8th, 2010
Share

The news is good for iPhone jailbreakers everywhere this morning — but for Apple? Not so much.
Just minutes after the iOS 4.1 update became available to all, iPhone hacker pod2g has revealed that they’ve discovered a new bootrom exploit, with all recently released iOS hardware seemingly being vulnerable. In less geeky words: the iPhone 4? the new iPod Touch? If it was built anytime before today, it’s theoretically jailbreakable — and there’s not a whole lot Apple can do to fix that.
You see, there are many dozens of components in any iOS product that can serve as a means for jailbreakers to get their tweak on. Most of the components that can potentially be exploited are stored in a rewritable state; if an exploit is discovered, Apple can simply push out a new firmware update, overwrite that rewritable chip, and bam, exploit patched. A very, very small handful of the potentially exploitable components, however, are not rewritable. If an exploit is discovered in one of these components, no one — not even Apple — can fix it on hardware that has already been shipped.
The exploit in question here seems to focus around the boot rom, which, as you might have guessed from the preamble, is one of these non-rewritable components. Apple can patch up this exploit in any new hardware before it leaves the factory (they’ve shipped revised hardware as a result of similar exploits in the past), but once that boot rom is flashed and the phone is assembled, it’s a done deal.
From here, the iPhone Dev Team and the rest of the hacking community should be able to churn out jailbreaking software for just about any recently shipped iOS device. Once the exploit is made public, Apple will almost undoubtedly begin shipping hardware with revised boot roms eventually (last time, it took seven months) — but until then, expect a whole lot of jailbreaking to go down.

Source:-http://www.mobilecrunch.com/2010/09/08/iphone-hacker-discovers-a-new-exploit-for-jailbreaking-if-apple-wants-to-fix-it-new-hardware-has-to-be-shipped/

Comments Off »

Posted in Hardware News

Tags:

Hacker builds $1,500 cell-phone tapping device

July 31st, 2010
Share

A computer security researcher has built a device for just $1,500 that can intercept some kinds of cell phone calls and record everything that’s said.

The significance of Chris Paget’s work is that it shows how cheaply such devices, which have been around for decades and are often used by law enforcement, can now be built by hobbyists with equipment easily found on the Internet.

Paget’s attack involves tricking nearby cell phones into sending their outgoing calls through his device, instead of legitimate cell phone towers. He can then route them using Internet-based calling technology, which allows him to log everything that’s being said.

Paget planned to show off his research during a talk at the DefCon hacker conference here. But he was reconsidering the demonstration, which involved intercepting conference attendees’ calls, after federal authorities told him it might violate wiretapping laws.

There are some caveats to his attack. One is that not all cell phones and wireless networks are vulnerable. Another is that recipients of intercepted calls might notice that the calls aren’t coming from familiar numbers. Paget claims it would be easy to upgrade the software he’s developed to also fool the recipients’ Caller ID.

Commercial versions of such “IMSI catchers,” which refer to the unique International Mobile Subscriber Identity numbers that phones use to identify themselves to cellular networks, can cost hundreds of thousands of dollars.

The devices act as rogue cell phone base stations and trick nearby phones into connecting to them by offering a stronger signal than towers that are farther away.

Paget’s attack only works on phones that use the GSM, or Global System for Mobile communications, standard, which is considered “second generation” cell phone technology, as opposed to third- and even fourth-generation technologies now being used. In the U.S., AT&T Inc. and T-Mobile USA are two cellular operators whose networks include GSM.

There are more than 3 billion GSM users and the technology is used in nearly three quarters of the world’s cell phone markets, according to the GSM Association, an industry trade group. A representatives for AT&T had no comment. T-Mobile and the GSM group didn’t immediately respond to e-mails Saturday from The Associated Press.

Paget said he hoped his talk would spur increased adoption of more secure cellular technologies.

“GSM is broken — it’s just plain broken,” he said.

Consumers can protect themselves from the type of attack he described.

His attack won’t work on calls that are sent over so-called 3G technology, for example. So if the 3G icon in your iPhone or other smart phone is displayed, your conversations will be protected. He also said BlackBerry phones have a layer of encryption on their calls that also thwart the attack. He warned though that many regular phones that don’t clearly specify the technologies they use are often vulnerable.

One security expert, Nicholas DePetrillo, said such devices haven’t been built as cheaply in the past because the hardware makers have closely controlled who they sell to. Only recently has the necessary equipment become available cheaply online.

Another security expert, Don Bailey, a GSM specialist with iSec Partners who also wasn’t involved in Paget’s research, called it “hugely significant” because of how much he brought down the cost of developing one of these devices.

“That’s a significant change for research — it’s a major breakthrough for everyone,” he said.

Source:http://www.google.com/hostednews/ap/article/ALeqM5jIZFBBMw-yczPqoL84DqS9Mw0-_wD9HA8PBO0

Comments Off »

Posted in Hardware News

Tags:

Wi-Fi Cracking Kits Make a Hacker Out of Anyone

May 7th, 2010
Share

Wi-Fi is not the most secure method of transmitting data. Like any other wireless transmission system, it’s relatively simple for a hacker to detect and intercept your data as it literally flies through the air. Cracking encryption systems, like WEP and WPA, which are meant to keep out uninvited Web surfers and data thieves, has proven elementary for those with moderate hacking skills. Now, the task is getting even easier as complete Wi-Fi cracking kits have started circulating in the Chinese market.

The kits, each of which include a USB Wi-Fi adapter and a specially packaged Linux live-CD loaded with wireless hacking tools, are selling furiously at electronics bazaars and computer shows, Network World reports. A detailed manual, which walks a user through the act of cracking a network key, is even included for the rock-bottom price of 165 yuan, or about $24.

These tools and instructions have long been available online, but this is the first time we’ve heard of a pre-packaged hardware and software kit being sold to the public. The kits are, of course, illegal, but there are few ways for the Chinese government to regulate their sale at these unruly, ad hoc markets.

Some solace can be taken in the fact that, while simple to use, the kits are not very efficient. Network World purchased one, and tested it against a network it had set up to hack. The included software took over an hour to crack a WEP network key (the weakest of Wi-Fi protection schemes), which had been associated with a simple, five-letter password. It was even less effective against WPA.

Source:http://www.switched.com/2010/05/07/wi-fi-cracking-kits-make-a-hacker-out-of-anyone/

Comments Off »

Posted in Hardware News

Tags:

Hackers use network card firmware to deliver payload

April 1st, 2010
Share

Cybercrime is often likened to a never-ending cycle: just when a security company believes they have found a way to combat one malware-installation method, hackers come along and find a new ways to attack a computer. Thus, it should come as little surprise that there is a new hack that attacks network card firmware: software specifically designed to control the network card.

This innovative hacking technique (dubbed the “Jedi Packet Trick”) works by sending infectious network packets to the network’s firewall, which needs to be running a vulnerable network card. Once an infected packet is received, malicious firmware is silently installed. The malicious update is then leveraged to seek out and attack a second vulnerable networking card, creating a firewall-free tunnel into the network.

Network Firmware Hack Particularly Troubling

This method greatly concerns security officials, since networking cards have direct access to the computer’s memory, which exposes the computer to other threats.

The “Jedi Packet Trick” is not the only networking card vulnerability currently making its rounds, however. Two researchers from the French Network and Information Security Agency have proven that bugs can (and most likely do) exist in an obscure remote-management feature in Broadcom’s NetXtreme cards. Fortunately, this proof of concept came in the form of a controlled attack performed by researchers.

The controlled attack gave the researchers a “back door” route onto a Linux computer. The virus can be modified to target any operating system. For the NetXtreme attack to work, however, the card must have enabled a remote management feature called Alert Standard Format 2.0.
Firmware Technologies Threaten Corporations

The purpose of raising this awareness is in an effort to entice large companies to put in some serious thought when they develop firmware-based technologies such as Intel’s Active Management Technology and Intelligent Platform Management Interface. The problem, according to one of the aforementioned researchers, is that “hardware is using too much embedded software.”

Long-term changes to hardware would be a step in the right direction, but security officials have a more pressing issue to combat in the interim: controlling the spread of an attack whereby a machine is infected without even noticing that it has been compromised.

Source:http://www.infopackets.com/news/security/2010/20100401_hackers_use_network_card_firmware_to_deliver_payload.htm

Comments Off »

Posted in Hardware News

Tags:

Hacker sentenced make sure your old wireless network is NOT wide open

March 27th, 2010
Share

It’s a good time to remind advisers, and everyone else for that matter, to take their computer security more seriously.

Hacker Albert Gonzalez, considered the mastermind behind the theft of more than 100 million credit card numbers, is being sentenced again today. I say again because he was already sentenced on Thursday to 20 years for a case he pleaded guilty to in Massachusetts. The sentencing today is supposed to be for crimes he pleaded guilty to last year and that had taken place in New York and New Jersey.

The computer break-ins occurred at many different companies and involved several different individuals. One mode of entry used to penetrate some of the computer systems was by tapping into unsecured WiFi networks.

Such systems are considered low-hanging fruit and easy marks, so now is a good time for you, or whoever you have handling your network security, to double-check your wireless network security settings.

If you are using a wireless router or access point that is more than five years old and relies on wireless equivalent privacy (WEP) you at the very least need to check your settings and make sure you are using it. More recent hardware uses technology like Wi-Fi protected access (WPA), which is more secure, but again, it has to be turned on to do you any good.

My former colleague David Stone put it well in a story he wrote back in 2004: “Using WEP instead of more sophisticated security schemes like WPA is a little like putting a padlock on a door. It won’t stop someone who is determined to break in, but it will discourage anyone who isn’t willing to make an effort.”

Check out these two stories to at least make the most of what you have in the way of wireless security: Making the Best of WEP and Wireless Security: WPA Step by Step.

Oh, and make sure your antivirus software and network firewall are up to date as well.

Just to help hammer all this home, the Internet Crime Complaint Center (IC3), a partnership between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI), takes complaints on Internet-related crimes and refers them to law enforcement. They also keep track of cybercrime and produce an annual report. In the 2009 edition they reported that they had received a total of 336,655 complaints, a 22.3 percent increase from 2008. Sadly, the even more impressive total regards the monetary losses linked to online fraud: $559.7 million, up from only $265 million in 2008.

Source:http://www.investmentnews.com/article/20100326/BLOG02/100329904

Comments Off »

Posted in Hardware News

Tags:

Jedi packet trick punches holes in Firewall

March 27th, 2010
Share

Hackers have hit on a new way to break into computers: by attacking the firmware used in networking cards.

Independent security researcher Arrigo Triulzi is set to unveil one such attack on Friday at the CanSecWest security conference. He calls his technique the Jedi Packet Trick. It essentially installs a clandestine virtual private network inside a firewall by hacking the firmware of the victim’s networking cards.

Using a little-known remote factory diagnostic mechanism used by certain Broadcom cards, Triulzi has developed a way of installing customized firmware that instructs the card to directly pass packets to another card without telling the operating system. “You trick the operating system into believing that packets going between two different network cards don’t exist,” he said.

Triulzi wouldn’t say what cards his attack works on, but he said that he has tried it on two similar cards, both of them about four years old.

He sends specially crafted packets to the network’s firewall, which must be running a vulnerable networking card. It receives the packets and then installs the malicious firmware. That update is then leveraged to seek out and attack a second vulnerable networking card, creating a firewall-free tunnel into the network.

Because networking cards have direct access to the computer’s memory, Triulzi is able to use his firmware to install code on the computer’s graphics card that he can then use as a virtually undetectable back door to his victim’s computer. The networking card doesn’t have enough memory to handle this kind of space, but today’s graphics cards are more than up to the job, he said.

Triulzi isn’t the only one looking at networking card vulnerabilities at the conference. Separately, two researchers from the French Network and Information Security Agency, Yves-Alexis Perez and Loic Duflot, developed an attack that exploits a bug in an obscure remote-management feature in Broadcom’s NetXtreme cards.

Their attack lets them install a back door on a Linux computer, though it could easily be modified to target any operating system, Duflot said.

For Duflot and Perez’s NetXtreme attack to work, the card must have enabled a remote management feature called Alert Standard Format 2.0. Broadcom has worked out a fix for the problem and has pushed that out through its OEM partners.

This work illustrates a new type of attack that can sneak right by traditional detection techniques, said Colin Ames, a researcher with Attack Research in Santa Fe, New Mexico, who is attending the conference. “This stuff is the scary stuff,” he said. “Because it’s low-level.”

None of the researchers at CanSecWest is releasing their code, so it’s unlikely that these techniques will be used in any type of widespread attack. However, with security professionals increasingly worried about professional, targeted attacks aimed at stealing state secrets and corporate intellectual property, they raise concerns.

Duflot said hardware companies should be thinking seriously about security, especially as they develop firmware-based technologies such as Intel’s Active Management Technology and Intelligent Platform Management Interface. “Nowadays, hardware is using too much embedded software,” he said.

That software, he explained, can lead to bugs that give the hacker a way in. And if the hacker comes in through the network card, “the machine itself cannot even see that it has been compromised.”

Source:http://www.pcworld.com/businesscenter/article/192635/jedi_packet_trick_punches_holes_in_firewalls.html

Comments Off »

Posted in Hardware News

Tags:

Get Adobe Flash playerPlugin by wpburn.com wordpress themes