Wednesday, January 14, 2015

Why You Need to Sweep for Bugs (TSCM) - Reason #4: CYBERSPIES

Your security efforts are IT focused. 
You diligently monitor your computer's front door, the network. 
Meanwhile these hack-vac bugs are sucking it all out your back door.

A TSCM bug sweep program can catch these.

Example 1:
"KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring."

Unit Cost for Parts: $10 - 80 depending on operation
Status: Operational, open source, open hardware, declassified.
Note: KeySweeper can be built into anything that uses mains power. (Think: power strips, clocks, lamps, legitimate wall warts (as pictured), radios, print centers, fax machines, etc.)

Example 2:
The Pwn Plug Academic Edition is a penetration testing drop box.

Wireless (802.11b/g/n) high gain Bluetooth & USB Ethernet adapters
Fully-automated NAC/802.1x/Radius bypass
One-click EvilAP, stealth mode & passive recon

The Pwn Plug Academic Edition acts as a penetration testing drop box that covers most of a full-scale pentesting engagement, from physical-layer to application layer. The Pwn Plug Academic Edition is controlled through a simple web-based administration and comes preloaded with an array of penetration testing tools and Wireless, Bluetooth, and USB Ethernet adapters.

Example 3: 
The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor.

Onboard high-gain 802.11a/b/g/n wireless
Onboard Bluetooth
External 4G/GSM cellular
Greatly improved performance and reliability The Pwn Plug R3 is a next-generation penetration testing device in a portable, shippable, “Plug-and-Pwn” form factor. With onboard high-gain 802.11a/b/g/n wireless, onboard Bluetooth, external 4G/GSM cellular, ruggedized case design, and greatly improved performance and reliability, the Pwn Plug R3 is the enterprise penetration tester’s dream tool.

Example #4:
The MiniPwner

The MiniPwner is a penetration testing “drop box”. You (or maybe a cleaner you’ve bribed) needs to plug it into an Ethernet plug in the target’s building, and then you can slurp all the data out of their network via a wifi link.

The penetration tester uses stealth or social engineering techniques to plug the MiniPwner into an available network port. (common locations include conference rooms, unoccupied workstations, the back of IP Telephones, etc.)

Once it is plugged in, the penetration tester can log into the MiniPwner and begin scanning and attacking the network. The MiniPwner can simultaneously establish SSH tunnels through the target network, and also allow the penetration tester to connect to the MiniPwner via Wifi.  

Example #5:
WiFi Pineapple Mark V
Slightly larger than a smartphone the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into a corporate’s IT networks through its wifi connections. It costs $100.

Example #6: 
USB Switchblade
"The goal of the USB Switchblade is to silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information, etc.

This gadget, which looks like a USB stick, has a program that swings into action when it’s inserted into the USB drive. It then begins its naughty work (without the user knowing) it by exploiting a flaw in USB autorun settings. How about dropping it in the car park of your target’s offices, seeing if someone will pick it up and plug it in to see what’s on it..."