Hacker 10 – Security Hacker

Category: Other

Other computing tips

  • U.N. report reveals secret law enforcement techniques

    Buried inside a recent United Nations Office on Drugs and Crime report titled “Use of Internet for Terrorist Purposes” one can carve out details and examples of  law enforcement electronic surveillance techniques that are normally kept secret.

    The report includes real accounts of investigative techniques countering terrorist groups secure communication systems.

    Terrorist groups using computer security

    • Point 187: Members of the outlawed Turkish Revolutionary People’s Liberation Party-Front (DHKP-C) used steganography software called Camouflage to hide messages inside JPEG files and encrypted attachments with WinZip before emailing them. A joint Turkish and Italian police operation managed to decrypt the messages and arrest over a hundred people involved with the organization.
    • Point 194: An Alqeda affiliated webmaster managing a jihadist website from Brazil was specifically targeted by the police to grab him by surprise while he was still online to make sure that they would get his encryption keys thanks to which the investigators were able to open all relevant encrypted files.
    • Point 280: International members of the guerilla group Revolutionary Armed Forces of Colombia (FARC) communicated with their counterparts hiding messages inside images with steganography and sending the emails disguised as spam, deleting Internet browsing cache afterwards to make sure that the authorities would not get hold of the data. Spanish and Colombian authorities cooperated to break the encryption keys and successfully deciphered the messages.
    • Point 374: German citizens members of a group called Islamic Jihad Union used the dead email inbox trick to communicate in between them, the suspects did not send the email  to prevent wire tipping in transit, saving the messages to the draft folder instead for the other part to read and reply, coupled with accessing the Internet using insecure wireless access points of unsuspecting citizens with one of the suspects using encryption which forensics expert tried to access and failed.

    • Point 198: It explains how an investigator can circumvent Truecrypt plausible deniability feature (hidden container), advising computer forensics investigators to take into consideration during the computer analysis to check if there is any missing volume of data.
    • Point 201: Mentions a new covert communications technique using software defined high frequency radio receivers routed through the computer creating no logs, using no central server and extremely difficult for law enforcement to intercept.
    • Point 210: Explains how Remote Administration Trojans (RATs) can be introduced into a suspects computer to collect data or control his computer and it makes reference to hardware and software keyloggers as well as packet sniffers.
    • Point 228: Talks about a honeypot jihadist website created by the CIA and the Saudi Government to attract and monitor terrorists, leading to the arrest of jihadists before they could carry out their operations but finally having to dismantle their own website when law enforcement realised that it was also being used to plan attacks against US troops in Iraq.
    • Point 378: Explains how during an Alqeda case in Belgium and after an informal request without any kind of warrant within two weeks the FBI managed to provide Belgian authorities with a CD containing relevant emails data held in US servers voluntarily provided by Yahoo and Microsoft.

    Full report:
    http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf

  • Wipe files, folders and free space with Secure Eraser

    Wipe files, folders and free space with Secure Eraser

    Secure Eraser is a data wiping and cleaner program that makes files and folders impossible to recover overwriting them multiple times with standard data wiping algorithms. You can also use this program to completely wipe a partition or external storage device and overwrite free space in your hard drive where data that the user thinks was long gone is still recoverable with specialist tools if it hasn’t been written on with a new file.

    The program integrates within Windows right click context menu to  make it easy to wipe files and securely wipe Windows Recycle Bin content, or you can launch the program and manually select what file or folder you would like to wipe for good. Secure Eraser has a registry and system cleaning option to erase your Internet browsing tracks, only Internet Explorer and Firefox are supported. Another option is to securely wipe Windows temporary files, you should always run a Windows junk file cleaner once in a while even if you don’t care about your privacy you will possibly end up recovering lots of hard drive space. When I ran Secure Eraser in my computer it managed to find 4GB of temporary files that a software called Freemake Video Downloader had left inside the AppData/Local/Temp folder without me knowing about it.

    Secure Eraser file wiping software
    Secure Eraser file wiping software

    Five different wiping algorithms are supported, a low security and very quick data wiping method utilizing random data, a 3 pass US DoD 5220.22-M E, a 7 pass US DoD 5220.22-M ECE, a 7 pass data wiping with a German standard algorithm, and a 35 pass data wiping with Peter Gutmann algorithm. There is a log in the program that keeps a record of all erased files in .html format, this will open everytime you wipe something, it will show you the names of the files that have been wiped and it will highlight in red any possible error, program configuration options are minimum, limited to setting the logging report parameters and nothing else.

    The program is free for non commercial use, with a splash screen showing from time to time, the help manual is only available in German but I don’t think you will need to read it.

    Visit Secure Eraser homepage

  • Secure operating system Qubes OS

    Secure operating system Qubes OS

    Qubes OS is an open source desktop operating system from Polish security firm Invisible Things Lab, what makes this system more secure than other Linux distributions is that you can isolate components within disposable containers separating them from interaction with the rest of the OS. The distribution is based on Fedora Linux and runs virtualization software Xen Hypervisor to segregate applications assigning them to domains. The developers decided to use Xen over other virtualization software because its code is compact and easy to audit.

    The user can define temporary coloured virtual machines for specific applications, for example, your email (Thunderbird), terminal (xterm) and web browser (Firefox) can all be contained within a virtual box, with one or more tools running inside each sandbox (called domain), if malware infects any of them it won’t spread to the OS and the domain can be restored to its original form. Qubes comes with KDE desktop, after logging in you will be shown Qubes VM manager listing the dom0 virtual machine, a default privileged Xen domain, and other virtual domains managing your network like netvm and firewallvm. If your network card drivers were to be compromised it would not affect the rest of the system integrity because networking has been virtualized.

    Linux Qubes OS applications inside virtual machines
    Linux Qubes OS applications inside virtual machines

    Qubes OS is a new approach to fight malware through easy to audit code, application isolation through virtualization and an easy to use graphical interface to segment the OS based on personal needs. You could sandbox your Internet browser with Qemu yourself or use Linux chroot to contain malware infections, but Qubes OS goes further than that, it virtualizes the whole OS, including network connection, firewall and external storage devices, it allows for advanced networking set ups based on different domain policies and the OS has been optimized to run lightweight virtual machines, Qubes OS principle is security by isolation, not the applications but the domains where the application dwells. This is not a veritable Linux operating system because it uses virtualization as its foundation with applications all virtualized in different compartments.

    One downside to virtualization is that you will need a huge amount of RAM, Qubes OS developers advice a computer with a minimum of 4GB and a Solid State Disk which is faster to write and read than traditional drives albeit more expensive. Computer security is made up of layers and Quant OS does exactly that, it builds as many layers as possible to make an attacker’s life very difficult, this is a very powerful operating system for advanced users with a unique approach to computer security that should be implemented in any high security environment.

     Visit Qubes OS homepage

  • Review Windows keylogger HeavenWard LightLogger

    Review Windows keylogger HeavenWard LightLogger

    LightLogger HeavenWard is a keystroke monitoring tool marketed to parents to spy on their children computing activities. I was a little surprised that my Avast antivirus did not flag it as malware and allowed me to install it without any warning, only Comodo Firewall asked me for permission to execute the file and make some Windows changes but that is all. If you have administrator rights in the computer where you would like to install this keylogger there will be no problems, Windows uninstall menu did not show the keylogger program and the taskbar did not have any icon, but manually navigating to “Program Files” will show a folder named “HeavenWard/Lightlogger“.

    Screenshots are saved inside a subfolder of “ProgramData“, used by Windows to store application settings, it is not possible for a user to manually navigate there unless you directly enter the path in Windows Explorer toolbar. The keylogger main window can be brought back from hiding using a configurable shortcut, make sure that to install it in your Windows administrator account and not your target’s account, you will be able to spy on computer guest accounts from within your own.

    Windows keylogger HeavenWard LightLogger
    Windows keylogger HeavenWard LightLogger

    The program is very complete when it comes to gathering data, you can see the list of visited websites, typed keystrokes that will include passwords entered in secure sites like email services and social networks, pasted clipboard content, programs run and timed screenshots that can be configured in quality and intervals, captured data is appended with the precise date and time of the event.

    This keystroke monitoring tool could spy on your children’s computer activities as the developer says, the program could also be used against older people with a limited Windows account, but it can not be emailed to anyone, you will need physical access to the computer with administrator rights to install it and anyone with advanced computing knowledge and able to access an administrator account could see the traces left in Windows registry keys if they happen to like playing with it, the program makes no effort to hide its name (LightLogger) and the installation is done in the default Program Files folder.

    I think that you can safely use this keylogger on anyone in the same computer who is using an account without administrator rights and not able to access Windows system files, otherwise, it would be too risky.

    Note: This is not a free program, the trial version will show a pop up window every hour.

    Visit HeavenWard LightLogger homepage

  • Remove Gmail advertisements with Gmelius

    Remove Gmail advertisements with Gmelius

    Gmelius is a cross browser (Opera,Firefox,Chrome,IE) extension to enhance your Gmail interface, after installing it you will be presented with a long list of settings with check boxes to easily decide what your webmail should look like. Other customizable options are removing chat and status of chat contacts, colourize navigation icons, remove People Widget, make header autoexpandable, apply the same font to all inbox messages and add attachment icons, to tweak these settings you just need to check or uncheck a tickbox.

    Gmelius removes Gmail adverts
    Gmelius removes Gmail adverts

    This extension will not stop Google email scanning your messages but by removing the advertisements, besides getting a better Gmail experience, you can get back at Google by depriving them of revenue earned invading your personal privacy. Nearly all free email services display advertisements of some kind but only the most busybody services like Gmail go to the extra length of scanning people’s personal messages.

    If you care about privacy it’s best to use a different email service but if you are going to use Gmail because it has features you can not find elsewhere and you are not encrypting your messages removing advertisement will send Google a strong message about how relevant people think their adverts are.

     Visit Gmelius homepage

  • Computer forensics Linux distribution CAINE

    Computer forensics Linux distribution CAINE

    CAINE (Computer Aided INvestigative Environment) is an Ubuntu based Linux distribution targeted at computer forensic investigators, from law enforcement to private digital investigators. It comes with friendly graphical interfaces for most forensic tools making this OS a good choice for students and computer forensic amateurs, as well as professionals. There is a front end called XSteg for Stegdetect, a tool to detect messages hidden in  images (steganography), dd, a command tool to mirror and restore files can be used with a front end called AIR (Automated Image & Rescue) supporting dc3dd an enhanced dd version that includes features like hashing and zeroing files specially developed for digital forensics by the US Department of Defense Cyber Crime Center. The Sleuth Kit, a set of command line tools can be used in CAINE through Autopsy, a graphical front end that looks like a browser, a command based network scanner called nmap can be used with point and click thanks to zenmap.

    CAINE computer forensics distribution
    CAINE computer forensics distribution

    Once you have finished your work CAINE makes it easy to create a written report as .rtf or HTML. For those who don’t know, unlike .docx or .odf (Open Document Fortmat), .rtf (Rich Text Format), files, although Microsoft proprietary, they are widely supported by most software and do not include metadata.

    Computer forensics live CDs are widely used during investigations because they do not write anything to the host computer, however you should use a widely tested distribution to make sure that it works as expected and do not trust what a community or vendor distribution claims because only wide testing can find out unexpected bugs.

    When you boot this live CD you will be given the choice to install the OS in your hard drive, I would not advise you to use CAINE as your everyday operating system because it comes with very few applications that are not computer related and it won’t be of much for a home user daily entertainment activities. You should not confuse this distribution with a penetration testing operating system like BackTrack, there are no offensive tools included in CAINE and only a few network related tools (WireShark, Cryptcat and Zenmap), CAINE purpose is to perform a post-mortem of a machine after an incident and gather data.

    Home users can use this live DVD to reset a user’s password on a Windows machine with chntpw , recover corrupted data with ddrescue, partition a disk with Gparted, or monitor a hard drive health and temperature with HDSentinel.

    Visit CAINE homepage

  • Steganography and encryption with StegHide UI

    Steganography and encryption with StegHide UI

    StegHide UI is a GUI interface for Steghide, an open source steganography program to encrypt and hide data inside images (.jpeg, .bmp) and audio files (.wav, .au), it allows users to do everything Stegide can do with a point and click mouse saving you the command line learning curve. There is a tab where you can use this steganography tool in command line mode were you to feel inclined to do so, StegHide UI offers you the best of both worlds, a GUI and command line all in one program.

    There is no need for installation, administrator rights are only needed to change the program settings. You can change the default encryption method, an already secure AES128-bit in CBC mode, set the default output folder or change the command line background colour, font and font colour. The only included help manual consists of the command line tab where you can type “help” and get a list of possible commands. GUI operation is fairly easy, to hide and encrypt files go to the “Embed” tab, select the carrier image or sound where to hide the data and the file you would like to hide, enter a password and choose the encryption algorithm and method using a drop down menu.

    Steganography and encryption StegHide UI
    Steganography and encryption StegHide UI

    To decrypt an steganographic message reverse the process using the “Extract” tab, enter the password and choose the output file with resulting extension, you will need to know what type of file is hidden (.txt, .mp3, .jpg, etc) to get the extension right and be able to view it with the correct program. There is a wide range of encryption algorithms available, the safest are AES Rijndael 128/192/256, Blowfish, TripeDES, Twofish and Serpent, other low strength ciphers like Enigma, Gost, CAST128/256 and Arcfour are included too.

    If you would like to defeat steganalysis, the art of detecting hidden data inside files, make sure to securely erase the original file, comparing two files side by side and looking at their differences it is possible to see that data has been embedded in one of them making the extraction easier for an attacker, but encryption with a strong password should still stop adversaries.

    Visit StegHide UI homepage