Hacker 10 – Security Hacker

Author: John Durret

  • Deceiving authorship detection with JStylo-AnonymouAuth

    Deceiving authorship detection with JStylo-AnonymouAuth

    Stylometry, the study of linguistic style, is a method used for authorship recognition, it has helped in numerous historical breakthroughs attributing documents of unknown authorship. The same technique can be used to identify an anonymous blogger or forum poster but a set of necessary conditions must be met for stylometry to succeed, like having a reduced number of suspects and a few hundred of available paragraphs that can be compared and analyzed by an algorithm.

    It is possible for a state sponsored agency to use their computers to scan similar forums to try and link a high target with his real identity by looking at the writing style alone, it is well known that spy agencies already have the capability of scanning Facebook for keywords, where people is using their real name, but due to the millions of users that Facebook has, an stylometry attack would not be feasible unless it is reduced to forums with just a few dozen users. Gathered evidence is still not a definite beyond reasonable doubt, but it can used as an extra intelligence tool pending confirmation.

    Adversarial stylometry JStylo-AnonymouAuth
    Adversarial stylometry JStylo-AnonymouAuth

    Manual adversarial stylometry techniques to circumvent authorship recognition:

    • Obfuscation: An author can deliberately camouflage his writing style, including punctuation and use the thesaurus to avoid being repetitive or briefly quoting someone’s else words.
    • Imitation: An author imitates someone’s writing style so that analysis will point towards that person or throw the algorithm off the trail with no conclusive result.
    • Translation: Automatic software can translate the text a couple of times to a different language and then back to the original.

    The Drexel University research team has also released an open source tool called Jstylo-Anonymouth, bundling together an authorship recognition analysis tool and authorship recognition evasion tool, the software is written in Java and will work in any operating system. When you use Anonymouth to circumvent authorship recognition you will be shown an analysis of text complexity, unique and sentence word count, average sentence length, letter space and reading ease score then you will be told if each feature is optimal for anonymity or it needs changing, this automated software is ideal to release long documents.

    Note: Software is an alpha release still in development.

    Visit JStylo-Anonymouth homepage

  • U.N. report reveals secret law enforcement techniques

    Buried inside a recent United Nations Office on Drugs and Crime report titled “Use of Internet for Terrorist Purposes” one can carve out details and examples of  law enforcement electronic surveillance techniques that are normally kept secret.

    The report includes real accounts of investigative techniques countering terrorist groups secure communication systems.

    Terrorist groups using computer security

    • Point 187: Members of the outlawed Turkish Revolutionary People’s Liberation Party-Front (DHKP-C) used steganography software called Camouflage to hide messages inside JPEG files and encrypted attachments with WinZip before emailing them. A joint Turkish and Italian police operation managed to decrypt the messages and arrest over a hundred people involved with the organization.
    • Point 194: An Alqeda affiliated webmaster managing a jihadist website from Brazil was specifically targeted by the police to grab him by surprise while he was still online to make sure that they would get his encryption keys thanks to which the investigators were able to open all relevant encrypted files.
    • Point 280: International members of the guerilla group Revolutionary Armed Forces of Colombia (FARC) communicated with their counterparts hiding messages inside images with steganography and sending the emails disguised as spam, deleting Internet browsing cache afterwards to make sure that the authorities would not get hold of the data. Spanish and Colombian authorities cooperated to break the encryption keys and successfully deciphered the messages.
    • Point 374: German citizens members of a group called Islamic Jihad Union used the dead email inbox trick to communicate in between them, the suspects did not send the email  to prevent wire tipping in transit, saving the messages to the draft folder instead for the other part to read and reply, coupled with accessing the Internet using insecure wireless access points of unsuspecting citizens with one of the suspects using encryption which forensics expert tried to access and failed.

    • Point 198: It explains how an investigator can circumvent Truecrypt plausible deniability feature (hidden container), advising computer forensics investigators to take into consideration during the computer analysis to check if there is any missing volume of data.
    • Point 201: Mentions a new covert communications technique using software defined high frequency radio receivers routed through the computer creating no logs, using no central server and extremely difficult for law enforcement to intercept.
    • Point 210: Explains how Remote Administration Trojans (RATs) can be introduced into a suspects computer to collect data or control his computer and it makes reference to hardware and software keyloggers as well as packet sniffers.
    • Point 228: Talks about a honeypot jihadist website created by the CIA and the Saudi Government to attract and monitor terrorists, leading to the arrest of jihadists before they could carry out their operations but finally having to dismantle their own website when law enforcement realised that it was also being used to plan attacks against US troops in Iraq.
    • Point 378: Explains how during an Alqeda case in Belgium and after an informal request without any kind of warrant within two weeks the FBI managed to provide Belgian authorities with a CD containing relevant emails data held in US servers voluntarily provided by Yahoo and Microsoft.

    Full report:
    http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf

  • Wipe files, folders and free space with Secure Eraser

    Wipe files, folders and free space with Secure Eraser

    Secure Eraser is a data wiping and cleaner program that makes files and folders impossible to recover overwriting them multiple times with standard data wiping algorithms. You can also use this program to completely wipe a partition or external storage device and overwrite free space in your hard drive where data that the user thinks was long gone is still recoverable with specialist tools if it hasn’t been written on with a new file.

    The program integrates within Windows right click context menu to  make it easy to wipe files and securely wipe Windows Recycle Bin content, or you can launch the program and manually select what file or folder you would like to wipe for good. Secure Eraser has a registry and system cleaning option to erase your Internet browsing tracks, only Internet Explorer and Firefox are supported. Another option is to securely wipe Windows temporary files, you should always run a Windows junk file cleaner once in a while even if you don’t care about your privacy you will possibly end up recovering lots of hard drive space. When I ran Secure Eraser in my computer it managed to find 4GB of temporary files that a software called Freemake Video Downloader had left inside the AppData/Local/Temp folder without me knowing about it.

    Secure Eraser file wiping software
    Secure Eraser file wiping software

    Five different wiping algorithms are supported, a low security and very quick data wiping method utilizing random data, a 3 pass US DoD 5220.22-M E, a 7 pass US DoD 5220.22-M ECE, a 7 pass data wiping with a German standard algorithm, and a 35 pass data wiping with Peter Gutmann algorithm. There is a log in the program that keeps a record of all erased files in .html format, this will open everytime you wipe something, it will show you the names of the files that have been wiped and it will highlight in red any possible error, program configuration options are minimum, limited to setting the logging report parameters and nothing else.

    The program is free for non commercial use, with a splash screen showing from time to time, the help manual is only available in German but I don’t think you will need to read it.

    Visit Secure Eraser homepage

  • Secure operating system Qubes OS

    Secure operating system Qubes OS

    Qubes OS is an open source desktop operating system from Polish security firm Invisible Things Lab, what makes this system more secure than other Linux distributions is that you can isolate components within disposable containers separating them from interaction with the rest of the OS. The distribution is based on Fedora Linux and runs virtualization software Xen Hypervisor to segregate applications assigning them to domains. The developers decided to use Xen over other virtualization software because its code is compact and easy to audit.

    The user can define temporary coloured virtual machines for specific applications, for example, your email (Thunderbird), terminal (xterm) and web browser (Firefox) can all be contained within a virtual box, with one or more tools running inside each sandbox (called domain), if malware infects any of them it won’t spread to the OS and the domain can be restored to its original form. Qubes comes with KDE desktop, after logging in you will be shown Qubes VM manager listing the dom0 virtual machine, a default privileged Xen domain, and other virtual domains managing your network like netvm and firewallvm. If your network card drivers were to be compromised it would not affect the rest of the system integrity because networking has been virtualized.

    Linux Qubes OS applications inside virtual machines
    Linux Qubes OS applications inside virtual machines

    Qubes OS is a new approach to fight malware through easy to audit code, application isolation through virtualization and an easy to use graphical interface to segment the OS based on personal needs. You could sandbox your Internet browser with Qemu yourself or use Linux chroot to contain malware infections, but Qubes OS goes further than that, it virtualizes the whole OS, including network connection, firewall and external storage devices, it allows for advanced networking set ups based on different domain policies and the OS has been optimized to run lightweight virtual machines, Qubes OS principle is security by isolation, not the applications but the domains where the application dwells. This is not a veritable Linux operating system because it uses virtualization as its foundation with applications all virtualized in different compartments.

    One downside to virtualization is that you will need a huge amount of RAM, Qubes OS developers advice a computer with a minimum of 4GB and a Solid State Disk which is faster to write and read than traditional drives albeit more expensive. Computer security is made up of layers and Quant OS does exactly that, it builds as many layers as possible to make an attacker’s life very difficult, this is a very powerful operating system for advanced users with a unique approach to computer security that should be implemented in any high security environment.

     Visit Qubes OS homepage

  • Review Windows keylogger HeavenWard LightLogger

    Review Windows keylogger HeavenWard LightLogger

    LightLogger HeavenWard is a keystroke monitoring tool marketed to parents to spy on their children computing activities. I was a little surprised that my Avast antivirus did not flag it as malware and allowed me to install it without any warning, only Comodo Firewall asked me for permission to execute the file and make some Windows changes but that is all. If you have administrator rights in the computer where you would like to install this keylogger there will be no problems, Windows uninstall menu did not show the keylogger program and the taskbar did not have any icon, but manually navigating to “Program Files” will show a folder named “HeavenWard/Lightlogger“.

    Screenshots are saved inside a subfolder of “ProgramData“, used by Windows to store application settings, it is not possible for a user to manually navigate there unless you directly enter the path in Windows Explorer toolbar. The keylogger main window can be brought back from hiding using a configurable shortcut, make sure that to install it in your Windows administrator account and not your target’s account, you will be able to spy on computer guest accounts from within your own.

    Windows keylogger HeavenWard LightLogger
    Windows keylogger HeavenWard LightLogger

    The program is very complete when it comes to gathering data, you can see the list of visited websites, typed keystrokes that will include passwords entered in secure sites like email services and social networks, pasted clipboard content, programs run and timed screenshots that can be configured in quality and intervals, captured data is appended with the precise date and time of the event.

    This keystroke monitoring tool could spy on your children’s computer activities as the developer says, the program could also be used against older people with a limited Windows account, but it can not be emailed to anyone, you will need physical access to the computer with administrator rights to install it and anyone with advanced computing knowledge and able to access an administrator account could see the traces left in Windows registry keys if they happen to like playing with it, the program makes no effort to hide its name (LightLogger) and the installation is done in the default Program Files folder.

    I think that you can safely use this keylogger on anyone in the same computer who is using an account without administrator rights and not able to access Windows system files, otherwise, it would be too risky.

    Note: This is not a free program, the trial version will show a pop up window every hour.

    Visit HeavenWard LightLogger homepage

  • OpenPGP encrypted Instant Messenger SafetyJabber

    OpenPGP encrypted Instant Messenger SafetyJabber

    SafetyJabber is a Jabber instant messenger with integrated encryption for Windows, Mac OS, iOS and Android. The messenger uses the XMPP transmission control protocol (TCP), an open standard developed by the Jabber open source community and compatible with any other of the bountiful IM clients supporting XMPP, this includes Google Talk, Jitsi, Pidgin, Trillian and Gibberbot, but not ICQ, Yahoo Messenger or Skype.

    After the installation you will be asked to create a new PGP keypair or to import your own, key length can be up to 2048 bit and the encryption keys password is optional. If you are familiar with PGP encryption everything will be intuitive, otherwise you can watch one of the video tutorials in the developer’s site or read the included help manual with screenshots, there is a user support forum too but everything appears to be in Russian.

    Before you can start chatting you will need to create a Jabber account first in any Jabber public server, a list can be found with a quick Internet search. Once you have registered for an account enter the given server settings in Accounts>Add, specifying to encrypt the connection with SSL or StartTLS, those details should be given to you during registration. The Advanced Setings button allows you to enter proxy details to connect to the server, this will hide your real computer IP from the Jabber server.

    Encryption OpenPGP messenger SafetyJabber
    Encryption OpenPGP messenger SafetyJabber

    The premium version version of this program removes an advertising banner, allows for bigger encryption keys of up to 4096 bit, comes with a portable version and a screensaver utility with hotkeys to lock your computer while you are away and to quickly shut it down during an emergency using the hotkey. The program features are simple but enough for all one needs, you get notified when contacts come online, conversations can be logged and there are smilies and a system tray icon with sound notifications, all of this can be configured within the settings. You can download SafetyJabber source code from the official website, checking that there is no backdoor and freely modify the code to add anything you want were you to have the skills for that.

    The most appealing thing from SafetyJabber for me is that you can look at the source code, very important for a security product, and they use an encryption standard like OpenPGP. This messenger will make sure that nobody can read the IM conversations with your friends, the private encryption keys always remain in your power and are not stored anywhere else, the only downside is that if you would like to send encrypted files you will have to pay for the premium version.

    Visit SafetyJabber homepage

  • OpenPGP webmail encryption with MailVelope

    OpenPGP webmail encryption with MailVelope

    Mailvelope is a browser addon for Chrome and Firefox compatible with OpenPGP encryption standards, it will not only encrypt your webmail messages but also read any encrypted email you receive from people using different OpenPGP encryption software like Enigmail. The addon integrates directly into the browser and it comes preconfigured for use with the following email providers: Gmail, Yahoo Mail, Outlook.com and GMX. However it can be customized to work with any other webmail service and it also supports the RoundCube email software, frequently found in hosting companies offering email services with your domain name.

    After installation you will be able to handle your public and private encryption keys, importing, exporting and generating keys. The user is always in possession of his encryption keys, no third party can be compelled to give them up and encryption is performed in your browser using javascript, the data never leaves your computer unencrypted. Using MailVelope interface you can send your public encryption key by email with a single click, or alternatively you could distribute your encryption key manually uploading it to a public keyserver. Encrypted emails can be composed in HTML or plain text, the feature that I liked the most is being able to send an encrypted email message to multiple recipients at once, for that to happen all that is needed is that the public encryption key of those who receive the email is available in your keyring.

    MailVelope encrypted message
    MailVelope encrypted message

    When you receive an encrypted message the addon will try and find the encryption key used to cipher the message in the keyring and prompt you for a password. Anyone familiar with the public/private key encryption scheme will find this addon a very easy way to encrypt and decrypt messages, it could also be used to post encrypted messages on any forum or Facebook if you want to. Being a browser addon means that it will work on any operating system and it can be added to a portable browser.

    There are other free tools to encrypt webmail messages but this is one of the few that is not specific for a service and it will work with any webamil, together with the fact that MailVelope is an open source project using compliant OpenPGP standards makes this addon worthwhile to consider for those worrying about their personal messages travelling through the Internet like a postcard.

    Visit MailVelope homepage