Security Director Alert: USB Sabotage Kills Devices in Split-Second - Only $49.95

For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it.

Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it.

It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds.

On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware"...

The lesson here is simple enough. If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.

"Any public facing USB port should be considered an attack vector," says the company. "In data security, these ports are often locked down to prevent exfiltration of data, or infiltration of malware, but are very often unprotected against electrical attack."

Not every device is vulnerable to a USB Kill attack. The device maker said that Apple "voluntarily" protected its hardware. more


From USBKill.com...
USBKill.com strongly condems malicious use of its products.
The USB Killer is developed and sold as a testing device. Use of the device can permanently damage hardware. Customers agree to the terms and conditions of sale, and acknowledge the consequences of use.

In a nutshell, users are responsible for their acts.
A hammer used maliciously can permanently damage to a third party's device. The USB Killer, used maliciously, can permanently damage a third party's device.

As with any tool, it is the individual, not the manufacturer of the tool, responsible for how the individual uses the tool.

The USB Killer was used on our equipment
Please see above. We suggest pursuing the individual responsible, or reporting the act to the appropriate authorities.

This is only one spy trick. 
We know hundreds more.  
Call us for a TSCM / Information Security Survey.

Security Director Alert: 20,000 Printers Under the Siege

The notorious hacker and troll Andrew Auernheimer, also known as “Weev,” just proved that the Internet of Things can be abused to spread hateful propaganda.

On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer. 

Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.

Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more

Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.

Sony's Industrial Espionage Grand Slam

The Sony e-mail hack is too irresistible to ignore. The confiding messages trash stars like Angelina Jolie and Adam Sandler. The seven-figure salaries of studio execs, nearly all men, are underlined. Juicy remarks — all the more believable because of misspellings and bad grammar — kid about President Obama’s taste in movies. To top it off, North Korea might be behind it all.

Click to enlarge.

It’s the kind of tinsel town mess that is too good not to be true...

It was theft, a cyber break-in, that led to the disclosures. Hackers broke into the Sony Pictures Entertainment system and stole a boatload of private information: salaries, e-mails and personal data, with only a fraction trotted out so far.

It’s industrial espionage on a grand scale. Repairing Sony’s computer systems will cost tens of millions while some 30,000 Sony employees are left exposed... It’s a mugging, tech-style.

There are takeaways for the rest of us.  
• Never e-mail anything you can’t explain in public. 
• Think twice before hitting the send key. 
• Don’t assume anything remains secret after it’s typed out on screen. (more)

When Business Espionage Doesn't Work the Next Step is Sabotage

Real News or Business Sabotage? You decide...

The following "news story" was found in Yahoo News. It is filled with anonymous quotes, no proof, no substance, no follow-up with the side being attacked.

“Apple’s new operating system is making me nauseous and giving me a headache - just like when you try to read in the car,” says one user.

Others complain of “vertigo” when apps “zoom” in and out - and say that using iOS 7 devices has left them feeling ill for days.

Apple’s new iOS 7 operating system has been downloaded 200 million times - and some users are complaining that the animations make them seasick - or worse. (more)

To our clients... In addition to your TSCM bug sweeps and our other business espionage reductions, keep an eye out for business sabotage. Document it. Go after it.

If a tree falls in the forest, and nobody hears it...

Trees in Brazil’s Amazon rainforest are being fitted with mobile phones in an attempt to tackle illegal logging and deforestation.

Devices smaller than a pack of cards are being attached to the trees in protected areas to alert officials once they are cut down and the logs are transported. 

Location data is sent from sensors once the logs are within 20 miles of a mobile phone network to allow Brazil’s environment agency to stop the sale of illegal timber. The technology, called Invisible Tracck, which is being piloted by Dutch digital security company Gemalto, has a battery life of up to a year and has been designed to withstand the Amazonian climate. (more)

The Mysterians and Question Mark...or viceversa?

Worried about all those security cameras tracking your every move? Try rocking one of these visors and enjoy anonymity once again.

At least that's what Isao Echizen from Japan's National Institute of Informatics is trying to achieve with the Privacy Visor (PDF).

Developed with Seiichi Gohshi of Kogakuin University, the visor has a near-infrared light source that messes up cameras but doesn't affect the wearer's vision, according to the institute.

They're hardly fashionable, but the lights create noise that prevents computer vision algorithms from extracting the features needed to recognize a face. (more) (get the t-shirt) (sing-a-long)

Cautionary Tale - Unsafe Sex, USB Style

Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team.

Both infections were spread by USB drives that were plugged into critical systems used to control power generation equipment, according to the organization's newsletter... (more) 

(reiteration time) - "If you are not sure where it has been, don't stick it in." 
~ Kevin

Book Review - A Cybercop's Guide to Internet Child Safety

I am reading Glen Klinkhart's book, "A Cybercop's Guide to Internet Child Safety." After reading only two chapters, it is clear that this is a must-have book for every parent. 

The book begins with an Author's introduction. It sets the tone, i.e. Glen Klinkhart has not written this book to make a buck, he is on a much larger mission, and has the experience-clout to accomplish it. You see, when he was 15, his older sister was kidnapped, sexually assaulted and murdered. Since then, he made cyber-security his life. Having worked with his team, I know first-hand they are very good at it.

Patriculary impressive is the layout and organization of his advice and guidence. The headlines and sub-heads are clear and concise, as are the explanations which follow. It is an instant, easy-to-understand education for every parent, no matter what their previous level of Internet savvy.

Most parents will find this book is THE answer to, "What can I do?" A few may feel policing their child's cyber-activities is an Sisyphean task, and bury their heads in the silicon. But hey, who ever said parenting was easy, or that everyone was up to the task. At least, "A Cybercop's Guide to Internet Child Safety" now makes this part of parenting do-able. All of us no longer can use ignorance as an excuse. Isn't protecting your child worth $25.00?

How Cabbies Cheat the Fare Dispatch System

Australia - A Melbourne taxi driver has exposed a sophisticated scam that some operators are using to override taxi meters and stay at the top of the fare dispatch system. 

The Silver Top driver has told the ABC that some drivers are using remote electronic devices and radio frequency jammers to trick the cab companies into giving them work when they are not in the area.

The equipment is easily purchased at online sites like eBay.

Neil Sach from the Victorian Taxi Association fears hundreds of drivers could be in on the scam. (more with video)


The scam is likely being used by cabbies, truckers, police and others worldwide; wherever GPS tracking is being used. 

Note: eBay has recently policed the sale of these devices on their site, however, they remain available on other sites. 

Or, DIY...

Click to enlarge.

 

你好, 你好! Is anybody listening?

The Chinese government has “pervasive access” to some 80 percent of the world’s communications, giving it the ability to undertake remote industrial espionage and even sabotage electronically of critical infrastructures in the United States and in other industrialized countries.

The Chinese government and its People’s Liberation Army are acquiring the access through two Chinese companies, Huawei Technologies Co. Ltd and ZTE Corporation, telecommunications experts have told WND.

With this access, the sources say, the Chinese are working on the other 20 percent. The two companies give the Chinese remote electronic “backdoor” access through the equipment they have installed in telecommunications networks in 140 countries. The Chinese companies service 45 of the world’s 50 largest telecom operators. (more)

Business Espionage: "If we can't hack your voicemail, we'll hack your business."

Australia - Revelations that a secret unit within Rupert Murdoch’s News Corp promoted high-tech piracy that damaged pay TV rivals will increase fears of corporate espionage in boardrooms across Australia and around the world. A four-year investigation by The Australian Financial Review has revealed a global trail of corporate dirty tricks by a group of former policemen and intelligence officers within News Corp that devastated competitors. (more)

Australia - Senior Australian officials have expressed concern over allegations that News Corporation engaged in hacking and piracy in order to damage its commercial television competitors. The allegations suggested that the firm owned by Rupert Murdoch had set up a unit to sabotage rivals. The Australian Financial Review said this was done by making pirate copies of competitors' smart cards. (more)

Let the Drone Wars Begin

A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C.

Steve Hindi, president of SHARK (SHowing Animals Respect and Kindness), said his group was preparing to launch its Mikrokopter drone to video what he called a live pigeon shoot on Sunday when law enforcement officers and an attorney claiming to represent the privately-owned plantation near Ehrhardt tried to stop the aircraft from flying.

"It didn't work; what SHARK was doing was perfectly legal," Hindi said in a news release. "Once they knew nothing was going to stop us, the shooting stopped and the cars lined up to leave."

He said the animal rights group decided to send the drone up anyway.

"Seconds after it hit the air, numerous shots rang out," Hindi said in the release. "As an act of revenge for us shutting down the pigeon slaughter, they had shot down our copter." (more)

Security Alert: Time to Update Your HP Printers' Firmware

Not a real HP fire. Just shown to get your attention.

HP announced that the potential existed for a certain type of unauthorized access (info-theft, fiery sabotage, etc.) (more) to some HP LaserJet printers and confirmed it has received no customer reports of unauthorized access. HP has issued the following statement:

HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found at www.hp.com/support and selecting Drivers.

Additional printer security information is available at www.hp.com/go/secureprinting.

Cautionary Tale: Sabotage by Wiretap - What if it were your phone call?

Russia - Boris Nemtsov, one of Russia's main opposition leaders has accused Kremlin agents of illegally bugging his phone after a newspaper released embarrassing recordings of his private phone calls.

The material was potentially damaging for Mr Nemtsov, one of the principal organisers of a recent spate of anti-Kremlin protests, as he can be heard insulting his fellow opposition leaders in obscene terms and belittling his own supporters as "internet hamsters" and "scared penguins." 

A deputy prime minister in the 1990s and a founder of the opposition Solidarity movement, Mr Nemtsov claimed the release of the recordings was a cynical Kremlin attempt to sabotage a big opposition protest planned for Christmas Eve by triggering internal squabbling among its organisers.

"Parts of these conversations are really genuine," he wrote in his blog. (more)

Tip: Periodically check for bugs and taps. (more)

"How I lost three fingers making a cupcake bomb in the kitchen of my mom."

British intelligence agents have hacked into the online magazine of the Yemeni branch of Al Qaeda and sabotaged an article on bomb making, a government official said Friday. 

The English-language magazine Inspire had published an article last year titled “Make a Bomb in the Kitchen of Your Mom.” The agents, reportedly working for Britain’s eavesdropping agency, replaced the instructions with a recipe for cupcakes. (more) (cupcake cannon video)

Two CyberWar Hacking Stories. Just Coincidence? You decide.

China has admitted for the first time that it had poured massive investment into the formation of a 30-strong commando unit of cyberwarriors - a team supposedly trained to protect the People's Liberation Army from outside assault on its networks.

While the unit, known as the "Blue Army", is nominally defensive, the revelation is likely to confirm the worst fears of governments across the globe who already suspect that their systems and secrets may come under regular and co-ordinated Chinese cyberattack.

In a chilling reminder of China's potential cyberwarfare capabilities, a former PLA general told The Times that the unit had been drawn from an exceptionally deep talent pool. "It is just like ping-pong. We have more people playing it, so we are very good at it," he said. (more)

Lockheed Martin Cyber Attack: Routine, a Warning or a Possible Act of War?

Last Thursday, Reuters ran a story that the US defense firm Lockheed Martin was experiencing a major disruption to its computer systems because of cyber attack.

The Reuters story said that the attack began the weekend before and indicated that it involved the company's SecurID tokens which allow Lockheed's 126,000 employees "... to access Lockheed's internal network from outside its firewall."

As a result of the attack, Lockheed reset all of its employees' passwords.

Thought Wall Stickers:
• "You have no idea how many people are freaked out right now [about the SecurID breach] ... TASC is no longer treating the RSA device as if it were as secure as it was beforehand."

• As one military official in the WSJ article stated it: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."

A while back, I visited the new Cyber-war exhibit at the Spy Museum in DC. It was about just this sort of thing, and the consequences of remotely destroying electrical generators using code. The outcome is very scary. Glad to see folks waking up and smelling the coffee.

The hackers have done us a favor, this time. ~Kevin

Snidley Whiplash Visits the Home Security Store... by "Bob"

I know some pretty interesting people. Very talented. Very sharp. Very imaginative. I received the following from one of them this week. We'll call him "Bob". Bob's thought process is part Carnegie Mellon University's Computer Emergency Response Team (CERT) and part Snidely Whiplash. Enjoy... (emphasis below is mine)

"For about a year now I’ve been building this new office/shop/garage at my place. Being the engineer I am at heart I prewired it for video surveillance and alarm.

I found an online reseller with good prices and I purchased all the alarm components from them. www.homesecuritystore.com I installed each switch or sensor as a separate zone so later I can use this system as a whole house monitoring platform.

I decided it is time to add the video. They had good prices and I bought close to $2000 worth of quality cameras and a 16 Channel DVR.

Last weekend I started to bench test it and get familiar before I commit the installation. I noticed the box was repackaged.

Then I noticed it is still full of video. It was installed at a restaurant and then returned. Not sure if the restaurant did it themselves or they had a security professional help. In any case they gave me their weeks’ worth of video. Moreover Homesecuritystore.com didn’t verify the contents and in turn sold it to me.

I was hoping to find some incriminating footage or something to brag about. Fortunately for them it was pretty benign stuff.

Then I started to think of the possibilities of what could have happened and decided to write to them regarding their security practices.

See attached. I was surprised they just sent me a misspelled apology and are sending me a new unit. Totally dismissing my attempt to point out to them the underlying problem here.

I’m going to do a threat assessment of the linux kernel in this unit when I get a chance. These cheap DVR boxes with Dynamic DNS and internet reachability are a whole new potential platform for a hacker. A modern day Trojan horse even.

Take the following scenario for a moment:
1. I buy one of these units (or 100 each from a different internet vendor)

2. Change the linux kernel to add a few tools and backdoor username/passwords and maybe even a phone home daemon. Phone home would need to be a secure tunnel and internet proxy aware. So spoof the proxy on port 80 with ssl traffic embedded. Also use tools like Wireshark/tshark, or one of my all-time favorites: 


3. Return it to the vendor for a full refund.

4. In turn they sell the units to John Q Public or better yet a customer with other units already on premise just waiting to be exploited.

5. It gets installed and finds a routed path to the internet and updates its DNS record location dynamically.

6. Meanwhile back at the black hats cave: We see the DNS entries for these devices show up and / or our phone home packets arrived at home. The latter is riskier because it gives a deterministic home location, for that we run our APP in the cloud to obfuscate our location.

7. Login and start monitoring, gather content and exploit the target. Granted step 7 here is dependent on something good happening. I would beg to guess every video surveillance installation at one point in time or another captures illicit/illegal activity or some sort of blackmail material content.

8. The black hat could now also secure shell into the DVR over the phone home tunnel and use it as a spring board to then perform vulnerability scans internal to the video network thus finding other DVRs, IP cameras, and other trusted behind the firewall type devices. Once accessed install similar tool sets, rinse and repeat for all reachable devices.

9. Lastly a coordinated attack. You locate physical assets to steal. At a coordinated time perform a denial of service internal to their network and take out the security infrastructure. Use tools like NetCat or simple packet capture replays with tshark to confuse the lan devices and potentially crash them if not just deafen their abilities to report. ARP storms are great for this. Actually once an inventory of devise is determined fingerprint scan each and look for known vulnerabilities for those devie’s kernels. Move in and out all the while the systems are incapacitated. Ideally you want to have the devices perform self remediation on their own, avoid forcing a hang condition and do not require reboots for remediation to hide the existence that anything happened adding to the confusion of what happened and how.

Not far fetched to believe. And all from a simple buy and return to the store type activity.

"Bob, you got me thinking. All these items are made in China, right? Isn't it possible likely that secret code has already been planted in them for future use?"


On another subject:
Do you recall a police movie (maybe Beverly hill cop) where the cop submits into evidence a large permanent magnet and it takes out the surv. video evidence. Well take that same concept to data tape backups.

I recently toured an Iron Mountain Magnet tape vault and observed them picking and putting tapes in and out for customers. Much to my dismay not all customers co-locate their tapes next to their own. Many of the tapes are slotted into the next available slot intermingling them with other customer’s tapes.

They don’t even screen the boxes coming in and out for high levels of magnetic flux. So a passive magnet weighing similar to the tape that gets checked in and out over a long period of time could potentially be creating small magnet grenades to the data nearby. To be a bit more sexy make that an active magnetic device with a motion trigger. Wait for no movement with a 3d accelerometer also sense that it is not lying flat in the original box but upright as if it is in the library. I mocked up this accelerometer algorithm in a two chip device using a basic stamp.

Allow it to ‘Wake up’ and generate as large of an oscillating magnetic flux as possible and expend the batteries. If movement is sensed have it go dormant again. Cycle these rogue tapes in and out rapidly over time. To target an attack request your own tape vault location and try to steer it near your competitors location or just carpet bomb the library with multiple devices over time. Not as affective but very destructive in nature. Evil isn’t it.

Not that I would never ever do such a thing or advocate or assist anyone in this behavior. But, I can think of it and other ways to thwart simple best practices.

Just like when I was in college and I came up with the idea to use an IR laser to take out a security camera by shifting its AGC and blacking out the picture. Later in life I saw this applied in a movie. I was like HEY I thought of that a long time ago. The cameras I bought for my place have the Sony chip in them that knows how to black out bright objects selectively within the ccd field of view. Thus obsoleting this vulnerability a bit.

Well thank for your time. My mind wandered with possibilities when I realized I have that other customers video content handed to me.

Have a great day."

As you can see, "Bob" is smarter and more clever than I am. That's why I love hanging out with the "Bob's" of the world. Now I know what "Bob" knows... and now, so do you. ~Kevin

Are you thinking, "Gee, I wish I knew who this "Bob" guy was. I have a security consulting project for him. Does he do freelance work?" 

I don't know. You'll have to ask him. His name is Bob Blair and he is an engineer in Massachusetts.

SpyCam Spied at Berkeley's Cafe Med

CA - In a "revoltin development" the Med’s 50 year ban on tourist photography and ESPECIALLY an alphabet soup of spying agencies like F.B.I., C.I.A., C.B.S., N.B.C., O.N.I.--has sputtered... Call it big brother; call it the eyeball on high, call it Orwell.

Installers of the eye, Craig Becker, 59, the Med's owner and two university students with a hot business model put up the petite eyeball more than two weeks ago.

The students plan to install the geeky eyeballs in other Berkeley cafes and businesses so that students can spy on their friends.

But--FLASH: Big Brother is now blooie, victim of either chronic neck droop, a staff intervention, or customer sabotage.

Sabotaged, Blooie, blotto, or just plain broke. It now spends its once active filming life mis-aimed at the ceiling with what Berkeley's Poet Laureate, Julia Vinograd calls a "celestial stare." (more)

Gucci, gucci, goo... - LAN Man Gums Up Works

NY - A former Gucci America Inc. computer network engineer was charged with remotely taking over the company's computers, shutting down servers and deleting emails, Manhattan prosecutors said on Monday.

Sam Chihlung Yun, 34 years old, allegedly created an account in the name of a fictional employee and used it to access the company's network after he was fired in May 2010, prosecutors said. He allegedly caused more than $200,000 in diminished productivity, as well as remediation costs, prosecutors said. (more)

No, I'm not Mr. Rogers. I'm Mr. Rivard, your neighbor.

MI - The trial for a man who police said broke into his neighbor’s home 10 times over a four-month period continues. Paul Rivard, 36, is also accused of planting a baby monitor in the bedroom of his neighbor’s home to eavesdrop on them. Authorities said he also rearranged items in their home and torched their clothes... If Rivard is convicted, this incident will not be his first home invasion. State prison records show the 36-year-old was paroled in late 2008 after serving 10 years for second-degree home invasion. (more with video)