Thursday, December 3, 2015

What are the best computer hackers able to do right now that most people are unaware of?

Top voted Reddit comments..
One thing most people don't suspect is Rogue Access Points, for wifi you set up an access point using your own insecure protocols and you put it at a mall and call it "Free wifi" or "Starbucks" and people when connect you can steal session cookies, personal information etc.
Most people just connect to any wifi point with the strongest signal or unprotected.
I got a "cyber security" briefing back in the day, two things that caught my attention.First was a guy did a real life demonstration where he hacked a car company manufacturer, and made it so a car's brakes would fail at a specified future time.
The second was a guy who figured out how to hack a pacemaker. that's even scarier IMHO.
Whenever people ask me what the danger behind hackers is, i bring up Stuxnet. This was a virus written by 'some' government agencies which was specifically developed to destroy certain centrifuges which were used to enrich radioactive material in Iran.
That on itself is not that impressive, anybody who can get some form of access to these centrifuges can tamper with them in one way or another to break them.
The impressive, and dangerous, aspect of Stuxnet is the way it got to the centrifuges and how it hid throughout the whole world, looming until it finally infected the right system and could jump into action.
It hid on thousands and thousands of systems, infecting more one by one, hiding for any kind of anti-virus system you could imagine, being controlled remotely and updated with new code through command and control systems. Again, on itself it is not that impressive, 100s of botnets do this. But i still find Stuxnet one of the prime example of Cyber warfare. It hid itself by thinking of every little detail. Any tool that could be used to detect file changes, was infiltrated and deliberately altered in such a way that whenever it checked a file that Stuxnet infected, it would return a valid ok reply instead of an error.
After infecting thousands of systems, it finally made it into the centrifuge control system (which was not connected to internet, btw) in Iran which used that specific version of centrifuges they wanted to destroy and did its thing (again fooling/avoiding any control mechanism which verified file/memory/... structure by injecting specific hacks in each control mechanism) and destroyed the centrifuges by just alternating the speed of the centrifuges by a tiny amount.
Eventually of course, it got caught and a lot of research has been done on Stuxnet. Showing us what a set of genius hackers can accomplish.
It is scary, it is dangerous, it should serve as a warning for anybody thinking IT security is ahead of the game. It is not, far from it. If it comes down to it, your systems are unsafe and open to whomever really want access. You are just lucky nobody, except for some simple criminals who are looking for some simple money or basic chaos, are really interested in your systems or information.
There are several white papers about Stuxnet (for instance the Symantec one ), and they are worth the read if you want to be amazed by what hackers can create.

4 comments:

bagoh20 said...

What's spooky is that a hacker can turn your phone's camera and microphone on, and that thing goes everywhere with you 24/7.

deborah said...

Even if you have your phone off? There are some sort of special baggies you can carry your phone in that foil locating you.

Now lessee, one pre computerization car, phone baggies...what else?

rhhardin said...

I used to break software as part of testing it. It just amounts to thinking outside the box that the guy who wrote it was in.

There's an unlimited outside the box no matter how big the guy thinks.

That was all unix/linux. I have no idea how windows works so have no particular intuition how to break it.

Methadras said...

I can say shit, but I won't. However, I do think stuxnet was absolute genius work. Now I don't know if you can still get it or not, but there was a script kiddie app back in the day called 'Satan' and it was fairly powerful stuff. Not sure anymore though.