Fri. Nov 22nd, 2019

Spotter Up

In Depth Tactical Solutions

Your Data and the “Hacker’s” Vantagepoint

5 min read

hacker-grenadeSecurity is usually the least considered item by most businesses and home users. Just think about what you consider when you go to buy a new home router or the brake ins with Walgreens or Home Depot. Most routers offer a Statefull Packet Inspection (SPI) Firewall. Though sophisticated compared to what the telco or cable company would provide, these devices are not as sophisticated as enterprise firewalls. Enterprise firewalls get updates to their packet inspection rules from regular updates. Conversely, most home routers do not get these updates.
What about your mobile device, social media accounts, laptops and tablets. With the plethora of devices we have at hand, we spill our data to them and, for the most part, treat them with some measure of ambivalence. These devices usually spill their data via their theft. Home networks are usually “secure enough” with WPA2 WiFi and a relatively decent consumer “router”. I say “secure enough” because the effort to reward ratio is heavy on the effort and low on the reward. It will take a fair amount of effort to decrypt WiFi pass phrases or circumvent the router with the reward being free WiFi or a few tax returns for one family. This would not be worth it from a effort to reward ratio for most of us; unless your last name is Gates, Buffet or you hold some position of power.

Most attacks on home networks are from scripts that hit every Public IP they can looking for a vulnerable machine to a specific exploit. When I look at the attack logs on my home firewall’s Intrusion Detection/Prevention System (IDS/IPS) the majority are attempts to take over a Windows based computer (which the firewall is not), and dictionary based brute force attacks against the root user over port 22 (ssh – secure shell). These automated attempts are be thought of in the same way a virus spreads through a vulnerable population; as most are from virus and malware infected computers.

The reason you see these automated attacks are because the commodity most desired by criminal hackers is the connected computational power of your computer; your tax returns and bank logins are a bonus. With hundreds and thousands of these infected machines, all doing the bidding of the owner of said virus, (called botnets) concentrated pockets of data such as Target, Lowes, or Equifax, can be attacked.

This serves a number of advantages for the hacker. It provides anonymity, massive computational power, fault tolerance, and distributed paths for attack. While doing a few demonstrations last year, some colleagues and I placed a few freshly installed Windows 7 computers directly on the internet and timed how long until they were taken over. The results were surprising, at that time we were seeing under 15 minutes to a fully compromised system that was participating in either a botnet or sending spam. Your milage may vary, and remember to completely wipe and reinstall any computer you do this test with.

I mentioned that your data would be a bonus. These botnet infections sometimes also come with keystroke loggers. Yes that is right, every keypress is recorded and sent to a predefined place, searched for keywords like bank names/urls and the url, usernames and passwords are harvested. This holds true for banking sites, social media accounts, etc. Hard drives are searched for .tax files; among others.DDoS

Physically, if I or some other determined computer knowledgable person has physical access to your phone or computer, there is a wealth of data that can be recovered; even if deleted. Your passwords can be subverted, data copied, malware installed; just by rebooting the computer to a usb drive or the CD with another OS; more on this in another article. The Department of Defense does not allow any storage that is based on solid state media for a reason as there  is currently no secure way to delete the data off of such media like thumb drives, SD cards, CF cards or SSDs. I have recovered files first written to CF cards from a number of formats prior. Encrypting the data on that media makes this recovery far more complex, and the recovery of the actual files inside the encrypted container difficult to impossible without the keys.

So how do you keep your data safe? I cannot answer that absolutely, but here are two main attack vectors to look at:

  1. Physical possession of your computer or device.
    • If someone has physical possession of your computer or device, access becomes much easier than that of over the wire access.
    • Use STRONG passwords. I cannot emphasize this enough to my clients. Follow these rules: a minimum of 12 characters, NO dictionary words (remember the dictionary attack I mentioned earlier?), use both upper and lower case letters, numbers and special characters (on your keyboard anything above numbers are usually safe). Instead of words, think in phrases, sayings and lyrics. Take the first letter or letters of each word and wrap them with numbers and special characters.
    • Encrypt the storage, you can do this on most all computers, phones and tablets. Microsoft Windows has Bitlocker, Mac OS X has Drive Encryption (through LUKS) and Linux has LUKS. For Phones and Tables both Google Android and Apple iOS have these features built in. For Android:  For iPhones: otherwise just google <os name here> encrypt drive.
  2. Network attacks (often called “over the wire attacks”)
    • Use a current and weekly updated Anti-Virus software like Sophos, ClamAV, BitDefender (Microsoft built in), or Avast.
    • Turn on your firewall. iOS and Android devices to this by default. Microsoft Windows will ask for a profile to configure, Mac OS X has two a network firewall (on by default) and an application firewall (off by default) see here:
    • Be careful when using free WiFi and stick to HTTPS sites and check the certificate to make sure its entries match the URL you expect to be. For instance’s certificate will say To view this click the lock icon or the green https and read about the certificate and the certificate itself. I will write more about this in a later article.

Picture from 





Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.