The Pwn Plug

The Elite Pwn Plug

The Pwn Plug is a wicked little white device that looks like a big power adapter. It is actually a mini-computer that is preloaded with a hacker's dream toolbox. It quickly allows an attack to plug into your network and walk away. Leaving this device to infect your network and allow him to have remote access. There is even an "elite" version that can connect to a mobile network and text message you when it is ready. The device even comes with decals to help disguise it as an air freshener or something equally as innocent.

These mini-hacking stations don't come cheap, $770 for the elite model, but that won't deter hackers looking to attack your company for profit. These devices are currently being used by Bank of America and several other banks to test their network security. The devices are winning handily. One bank that hired to inventor to do some penetration testing at their branches asked him to stop after he owned the first 4 branches without any resistance at all. He simply walked in dressed as a technician and said he needed to plug the device in to check for power fluctuations.

State sanctioned German "Quellen-TKÜ" (source wiretapping) trojan does more than listen in.

Image by Markusram

Ars Technica reports about the Chaos Computer Clubs analysis of the state sanctioned German source wiretapping trojan. They report than the malware has the ability to add new components remotely. This could allow German authorities to do any number of things from eavesdropping to completely controlling the infected machine. They also report that due to the poor quality of the malware these options are open not only to the authorities that put it there, but also to anyone able to connect to the infected machine.


You can read Ars Technica's full report here:
Impressed by FBI trojan, Germans write their own—and national scandal ensues

Anonymous, In it for the LuLz...

After all the damage anonymous caused HBGary you'd think they'd be done punishing them, but not just yet. HBGary was scheduled to speak at the RSA convention that took place February 14-18 in San Fransico. They arrived and set up their booth and left for the night to prepare their talks for the next day. They were going to unviel a new product called Razor, it was a computer / software combo that would be able to identify and analyze malware of all types, even code never seen before (so they claim). However, when they returned the next day to their booth they saw that Anonymous had been there.

Source: Ars Technica

They were disturbed by this physical act and felt stalked and not just embarrassed but threatened physically. Vice President of Services for HBGary Jim Butterworth told Ars "They decided to follow us to a public place where we were to do business and make a public mockery of our company. Our position was that we respected RSA and our fellow vendors too much to allow this spectacle to occur." They left this message behind:

Picture by ZDNet

Iranian's Deface American Websites

Voice of America websites and the websites of their affiliates have been DDoS'd and defaced with an image of the Iranian flag and a gun. These hacks have been claimed by the hacker group calling itself the Iranian Cyber Army.  VoA broadcasts radio and tv internationally and these attacks come along side the protests tearing through the middle east. 

Source: Ars Technica

It is believed that the attack's are an attempt to make all the protests look like American propaganda and help prevent Iranian revolts. There is a lot of interesting changes happening in the world right now, and we all need to keep an eye out of what's happening so we can be prepared for future attacks.

Quick Tip - Whole Disk Encryption

Today I wanted to give a quick tip about adding encryption to your whole harddrive, not just independent files. This is important for portable devices that hold low level sensitive data, like your search history, saved passwords, or just scattered files that are too many to round up and encrypt.

I'm going to focus on TrueCrypt because it is open-source and works on all the popular operating systems: Linux, Windows (NT based), and Mac OSX. TrueCrypt works by encrypting on-the-fly so that your harddrive stays encrypted even while in use and files are only decrypted as needed then encrypted again. You can encrypt virtual disks on the harddrive, the entire harddrive or thumb drive.

A really interesting feature I like about TrueCrypt is the ability to make a fake partition with a throw away password so that if you are somehow compromised and have to give up the password you can give them the throw away password and unlock a partition with less important data on it.

I personally use it on my thumb drives because I tend to drop them a lot. Instead of repeating the well done walk-through for installing TrueCrypt, I'll let their documentation do the work for me. Take a look at the documentation here.

Once you have say a thumb drive encrypted you will see it show up as a CD on your computer until you run TrueCrypt and mount the disk with your password. Only then does it even show up as being a thumb drive. It is extra steps to get to your files, but after you get used to mounting it it really is easy to use. Especially since it is all done on-the-fly you don't have to wait around for encryption and decryption of the entire disk every time, just file by file on demand.

What is most important though is picking a strong password, because that is the weakest point in your encryption armor. If you need pointers on choosing a strong password see my other post Quick Tip - Passwords. Make sure to make it memorable and if needed write down clues to your password while you are still memorizing it, but never write down the password. Remember, if you forget your password you'll essentially lose everything on the encrypted disk.

Of course, if you think that this is a lot of trouble and not worth your time, you could always purchase one of these thumb drives that come with hardware encrpytion.

Follow-up New Cyber Warfare

Source: http://arstechnica.com

I wrote recently linking to an article on Ars Technica about HBGary selling exploits to the government. It is a long article and I have been slowly working through it to give a summary of what it brings to light. I have a few every interesting things that have been going on.

These aren't really surprising, to me at least, but I find them very enlightening. HBGary worked along side other companies to put together demos to sell zero-day exploit tools to the government. Two government agencies specifically mentioned in the Ars article are the Air Force and SOCOM. HBGary claims to have many zero-day exploits and even to have sold many of them to others. Here is a list:

QuickTip - GnuPG On Windows and Linux

GnuPG is the GNU project's implementation of the OpenPGP standard. PGP stands for Pretty Good Privacy, and is a type of public key encryption. This type of encryption has been around for a very long time and relies on a private key and public key pair to work successfully. You encrypt something with your private key and it can only be decrypted using your public key. But it's just that, public so anyone can read your message encrypted with your private key provided they have acquired your public key from somewhere, like a keyserver.

This doesn't sound very secure I know, and it's not meant to be super secure. It is more meant to provide a way of proving it is a legitimate email from you, since only you hold your private key. To get a secure message to someone you use their public key to encrypt the message, and then sign it with your private key. When you encrypt something with a public key, it can only be decrypted by the private key. The reason you sign it with your private key again is the same as before, this verifies that  it is really you sending it.