Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • Facebook alternative, the Social Number network

    Facebook alternative, the Social Number network

    Social Number is a networking site where people can create groups to discuss any issues they like without having to reveal their real identity and connect with like minded people from all over the world, not just friends and family. The signing up process requires you to create a number of in between six and ten digits, this will be your ID, enter a real email address that needs to be confirmed and tick a box to corroborate that you are over 18 due to the nature of some of the groups.

    Other information like profession, college, interests and location is all optional, if you enter this data it will help Social Number find suggested discussion groups and pals, otherwise you can find them on your own with the search box. Private messages can be sent to other people in the network knowing their Social Number decimal.

    Facebook alternative Social Number
    Facebook alternative Social Number

    At the time of writing the most popular Social Number groups are hacktivism and sex, there are also discussions about depression and health issues that would be impossible to talk about somewhere like Facebook with your real name and risk being stigmatized for ever due to a temporary lapse. On the downside, foul language can also be found around, but nothing stops you from blocking abusive members or report harassment to the administrators.

    Social Number is what Facebook should have been if they really cared about privacy. Computer IPs are logged and they will be given to the authorities in case of illegal activities but Social Number makes sure that nobody searching the Internet for your name will be able to link it to your personal posts unless you reveal too much information yourself. The site also has an encrypted SSL connection to stop third party eavesdropping. A similar site to Social Number is the Experience Project, with many more users since it has been around for longer, but in Social Number they have a much greater focus in connecting with others at a personal level.

    Visit Social Number homepage

  • German police testing FinFisher/FinSpy trojan horse tools

    German police testing FinFisher/FinSpy trojan horse tools

    A German ministry of the interior budget document leaked to Netzpolitik reveals that the Federal Criminal Police (BKA) is considering acquiring surveillance tools sold by British Gamma Group to monitor computer and Internet usage, German police is developing its own electronic surveillance tool called Spähtrojaner, at a cost of three million Euros but it will take more than a year to be finished and they need to deploy spying tools now, German magazine Spiegel quotes police sources confirming that they are already testing FinSpy trojan horses to eavesdrop in people’s computers.

    FinFisher/FinSpy espionage software is marketed as a crime fighting tool only available to law enforcement and it requires a UK Home Office export license to be sold outside the European Union, the software is of dual use and it has been launched in the past against political dissidents in Bahrain where security researchers managed to map suspected FinFisher Command and Control servers around the world.

    FinFisher/FinSpy trojan horse infrastructure
    FinFisher/FinSpy trojan horse infrastructure

    This government endorsed malware is normally installed in target computers using social engineering getting a user to open the trojan horse sending it through email, posting a file to a website for download, or getting physical access to the computer. A security researcher looking into a FinFisher trojan horse sent to political activists in Bahrain found out that the file was disguised as a .jpg written in Unicode Right-to-Left Override character with the .exe being found at the beginning of the file and not the end as it is usual, the exact trojan horse name was “exe.Rajab1.jpg” and it opened an actual cover-up photograph besides infecting the computer.

    According to that report FinFisher captured data was stored in a random Windows system folder called: C:\Documents and Settings\User\Application Data\Microsoft\Installer\{A69832D8-3F71-4241-7493-7551DB00C34C} prior to sending it to the command server.

    FinFisher toolkit Gamma Group
    FinFisher toolkit Gamma Group

    FinFly trojan horse can record VoIP conversations before they are encrypted by Skype or after they have been decrypted on the recipient’s side, it logs keystrokes and it can grab screenshots or activate webcams and microphones. A smartphone version called FinSpy mobile can wiretap Android, iPhone and Blackberry phones, antivirus software does not detect FinFisher tools, if you are afraid you can be targeted by it then consider virtualization of all of your Internet activities in VirtualBox or use a live DVD that has no permanent storage.

    Visit Gamma Group homepage

  • Brute force Linux encryption with LUKS volume cracker

    Brute force Linux encryption with LUKS volume cracker

    The Linux Unified Key Setup (LUKS) volume cracker utility is a Windows program built around FreeOTFE to launch a brute force attack against compatible Linux encrypted volumes like Cryptoloop, dm-crypt and LUKS, widely used Linux disk encryption schemes, with the later also ported to the Android phone.

    Operating LUKS volume cracker is very easy, select an encrypted volume first, select a dictionary you have, or build a custom one based on words likely to be used by the suspect and finally click on the huge “Crack” button, you will be given updates about the cracking process on the window below the program.

    LUKS volume cracker
    LUKS volume cracker

    The good news are that LUKS intentionally slows down password access to stop dictionary attacks and brute-force is not a real option unless a very easy password has been chosen or the attacker has a list of potential passwords. When you design a password do not get awed by its length, entropy (randomness) is a much more important factor in password security than the number of characters it is forged of, make sure special characters and blank spaces are present in it.

    If would like to destroy an encrypted LUKS volume there is no need to wipe the whole partition, erasing the header and keyslots is enough, by default, LUKS decryption keys are contained within the firs 2MiB of an encrypted LUKS partition. A salt value is also stored inside the header, it will be impossible for anyone to decrypt a volume without knowing it, not even if  the password is found out later on. Encrypted Solid State Disks and thumbdrives will still need full device wiping as wear levelling technology moving around data makes it impossible to securely overwrite an specific sector.

    To wipe the first 10MB of an encrypted LUKS volume (sda1) in Linux type:

    dd if=/dev/zero of=/dev/sda1 bs=512 count=20480

    Visit LUKS volume cracker homepage

  • Deceiving authorship detection with JStylo-AnonymouAuth

    Deceiving authorship detection with JStylo-AnonymouAuth

    Stylometry, the study of linguistic style, is a method used for authorship recognition, it has helped in numerous historical breakthroughs attributing documents of unknown authorship. The same technique can be used to identify an anonymous blogger or forum poster but a set of necessary conditions must be met for stylometry to succeed, like having a reduced number of suspects and a few hundred of available paragraphs that can be compared and analyzed by an algorithm.

    It is possible for a state sponsored agency to use their computers to scan similar forums to try and link a high target with his real identity by looking at the writing style alone, it is well known that spy agencies already have the capability of scanning Facebook for keywords, where people is using their real name, but due to the millions of users that Facebook has, an stylometry attack would not be feasible unless it is reduced to forums with just a few dozen users. Gathered evidence is still not a definite beyond reasonable doubt, but it can used as an extra intelligence tool pending confirmation.

    Adversarial stylometry JStylo-AnonymouAuth
    Adversarial stylometry JStylo-AnonymouAuth

    Manual adversarial stylometry techniques to circumvent authorship recognition:

    • Obfuscation: An author can deliberately camouflage his writing style, including punctuation and use the thesaurus to avoid being repetitive or briefly quoting someone’s else words.
    • Imitation: An author imitates someone’s writing style so that analysis will point towards that person or throw the algorithm off the trail with no conclusive result.
    • Translation: Automatic software can translate the text a couple of times to a different language and then back to the original.

    The Drexel University research team has also released an open source tool called Jstylo-Anonymouth, bundling together an authorship recognition analysis tool and authorship recognition evasion tool, the software is written in Java and will work in any operating system. When you use Anonymouth to circumvent authorship recognition you will be shown an analysis of text complexity, unique and sentence word count, average sentence length, letter space and reading ease score then you will be told if each feature is optimal for anonymity or it needs changing, this automated software is ideal to release long documents.

    Note: Software is an alpha release still in development.

    Visit JStylo-Anonymouth homepage

  • U.N. report reveals secret law enforcement techniques

    Buried inside a recent United Nations Office on Drugs and Crime report titled “Use of Internet for Terrorist Purposes” one can carve out details and examples of  law enforcement electronic surveillance techniques that are normally kept secret.

    The report includes real accounts of investigative techniques countering terrorist groups secure communication systems.

    Terrorist groups using computer security

    • Point 187: Members of the outlawed Turkish Revolutionary People’s Liberation Party-Front (DHKP-C) used steganography software called Camouflage to hide messages inside JPEG files and encrypted attachments with WinZip before emailing them. A joint Turkish and Italian police operation managed to decrypt the messages and arrest over a hundred people involved with the organization.
    • Point 194: An Alqeda affiliated webmaster managing a jihadist website from Brazil was specifically targeted by the police to grab him by surprise while he was still online to make sure that they would get his encryption keys thanks to which the investigators were able to open all relevant encrypted files.
    • Point 280: International members of the guerilla group Revolutionary Armed Forces of Colombia (FARC) communicated with their counterparts hiding messages inside images with steganography and sending the emails disguised as spam, deleting Internet browsing cache afterwards to make sure that the authorities would not get hold of the data. Spanish and Colombian authorities cooperated to break the encryption keys and successfully deciphered the messages.
    • Point 374: German citizens members of a group called Islamic Jihad Union used the dead email inbox trick to communicate in between them, the suspects did not send the email  to prevent wire tipping in transit, saving the messages to the draft folder instead for the other part to read and reply, coupled with accessing the Internet using insecure wireless access points of unsuspecting citizens with one of the suspects using encryption which forensics expert tried to access and failed.

    • Point 198: It explains how an investigator can circumvent Truecrypt plausible deniability feature (hidden container), advising computer forensics investigators to take into consideration during the computer analysis to check if there is any missing volume of data.
    • Point 201: Mentions a new covert communications technique using software defined high frequency radio receivers routed through the computer creating no logs, using no central server and extremely difficult for law enforcement to intercept.
    • Point 210: Explains how Remote Administration Trojans (RATs) can be introduced into a suspects computer to collect data or control his computer and it makes reference to hardware and software keyloggers as well as packet sniffers.
    • Point 228: Talks about a honeypot jihadist website created by the CIA and the Saudi Government to attract and monitor terrorists, leading to the arrest of jihadists before they could carry out their operations but finally having to dismantle their own website when law enforcement realised that it was also being used to plan attacks against US troops in Iraq.
    • Point 378: Explains how during an Alqeda case in Belgium and after an informal request without any kind of warrant within two weeks the FBI managed to provide Belgian authorities with a CD containing relevant emails data held in US servers voluntarily provided by Yahoo and Microsoft.

    Full report:
    http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf

  • Wipe files, folders and free space with Secure Eraser

    Wipe files, folders and free space with Secure Eraser

    Secure Eraser is a data wiping and cleaner program that makes files and folders impossible to recover overwriting them multiple times with standard data wiping algorithms. You can also use this program to completely wipe a partition or external storage device and overwrite free space in your hard drive where data that the user thinks was long gone is still recoverable with specialist tools if it hasn’t been written on with a new file.

    The program integrates within Windows right click context menu to  make it easy to wipe files and securely wipe Windows Recycle Bin content, or you can launch the program and manually select what file or folder you would like to wipe for good. Secure Eraser has a registry and system cleaning option to erase your Internet browsing tracks, only Internet Explorer and Firefox are supported. Another option is to securely wipe Windows temporary files, you should always run a Windows junk file cleaner once in a while even if you don’t care about your privacy you will possibly end up recovering lots of hard drive space. When I ran Secure Eraser in my computer it managed to find 4GB of temporary files that a software called Freemake Video Downloader had left inside the AppData/Local/Temp folder without me knowing about it.

    Secure Eraser file wiping software
    Secure Eraser file wiping software

    Five different wiping algorithms are supported, a low security and very quick data wiping method utilizing random data, a 3 pass US DoD 5220.22-M E, a 7 pass US DoD 5220.22-M ECE, a 7 pass data wiping with a German standard algorithm, and a 35 pass data wiping with Peter Gutmann algorithm. There is a log in the program that keeps a record of all erased files in .html format, this will open everytime you wipe something, it will show you the names of the files that have been wiped and it will highlight in red any possible error, program configuration options are minimum, limited to setting the logging report parameters and nothing else.

    The program is free for non commercial use, with a splash screen showing from time to time, the help manual is only available in German but I don’t think you will need to read it.

    Visit Secure Eraser homepage

  • Secure operating system Qubes OS

    Secure operating system Qubes OS

    Qubes OS is an open source desktop operating system from Polish security firm Invisible Things Lab, what makes this system more secure than other Linux distributions is that you can isolate components within disposable containers separating them from interaction with the rest of the OS. The distribution is based on Fedora Linux and runs virtualization software Xen Hypervisor to segregate applications assigning them to domains. The developers decided to use Xen over other virtualization software because its code is compact and easy to audit.

    The user can define temporary coloured virtual machines for specific applications, for example, your email (Thunderbird), terminal (xterm) and web browser (Firefox) can all be contained within a virtual box, with one or more tools running inside each sandbox (called domain), if malware infects any of them it won’t spread to the OS and the domain can be restored to its original form. Qubes comes with KDE desktop, after logging in you will be shown Qubes VM manager listing the dom0 virtual machine, a default privileged Xen domain, and other virtual domains managing your network like netvm and firewallvm. If your network card drivers were to be compromised it would not affect the rest of the system integrity because networking has been virtualized.

    Linux Qubes OS applications inside virtual machines
    Linux Qubes OS applications inside virtual machines

    Qubes OS is a new approach to fight malware through easy to audit code, application isolation through virtualization and an easy to use graphical interface to segment the OS based on personal needs. You could sandbox your Internet browser with Qemu yourself or use Linux chroot to contain malware infections, but Qubes OS goes further than that, it virtualizes the whole OS, including network connection, firewall and external storage devices, it allows for advanced networking set ups based on different domain policies and the OS has been optimized to run lightweight virtual machines, Qubes OS principle is security by isolation, not the applications but the domains where the application dwells. This is not a veritable Linux operating system because it uses virtualization as its foundation with applications all virtualized in different compartments.

    One downside to virtualization is that you will need a huge amount of RAM, Qubes OS developers advice a computer with a minimum of 4GB and a Solid State Disk which is faster to write and read than traditional drives albeit more expensive. Computer security is made up of layers and Quant OS does exactly that, it builds as many layers as possible to make an attacker’s life very difficult, this is a very powerful operating system for advanced users with a unique approach to computer security that should be implemented in any high security environment.

     Visit Qubes OS homepage