Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for May 2009

What was it I was saying about the insider threat being the company or management itself?

leave a comment »

The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by Dallas FBI agent Robert Smith.

The Comanche Peak nuclear power plant in Texas.

Company logs showed that the VPN connection originated at Shin’s home IP address, Smith writes.

Oh yeah, that they were “the” inside threat. Well, case in point. These jokers walked him off premises but did not kill all his access. Gee, go figure that a disgruntled employee with intimate knowledge of the network would actually use their access to do something bad! Even more of a surprise that a company would not kill all their access right away.

Yeah.. Sorry to say that this is more prevalent than one might think. Good thing this guy didn’t do more damage.

Written by Krypt3ia

2009/05/31 at 01:25

The “Insider Threat” aka Your Companies Management

with one comment

Two stories on the internet today piqued my interest in the actual facts of this this issue of the “insider threat” as opposed to hack attacks from external sources. I would say that perhaps aside from “security theatre” that the real insider threat is the inaction and incompetence in some cases on the part of the companies out there who are insecure from basic lack of secure practices. This I would think is the larger issue that allows both insider attacks as well as outsider to be so successful.

Basic things like default settings on systems, printers, network appliances, applications, etc really make the work of the insider or outsider very easy. Once those low hanging fruit attacks are performed, the foothold actually can be in fact root on many systems because of these issues not being remediated at the time of install on many systems.

The first story I saw today had the headline of: Security Experts Raise Alarm Over Insider Threat and it espoused the common thread of late that all the layoffs today are making turncoats out of many and thus, those with the insider access are the biggest threat. On the one hand I agree with that assessment. However, if the company in question is actually following procedure, they should be able to mitigate the issue by closing accounts and changing passwords etc on key systems. This is of course to say that you actually lay this person off, and walk them out at that moment.

If instead your insider thinks that they are about to be laid off, well, they may use their access to steal data or perhaps even damage it before they get the ax. So sure, they may actually be a threat in this way, but, I think there is  a larger threat by their ethics being lax and someone coming along with some quick cash or a threat of blackmail. You see, I think that the insider threat must be approached from a HUMINT (aka spying) angle instead in this day and age.

The average disgruntled employee is the one that I would approach with quick cash after some time getting to know them and egg them on. Once you have them in the bag you just ask them to do the deed with the promise of money. Access can be bought these day if not easily tricked out of a worker with some low end social engineering. On the other hand, were I looking for some more long term and higher access I would go for the longer approach of coercion of an asset.

All this aside, either way you do it you, the company, make it easier for a non technical person or a technical APT to root your networks when you don’t follow the most basic of security principles of CIA. Which brings me back to the larger of the inside threats… Management.

In all my years of assessment, I have seen all too many places where the management just does not get security, does not care about security, and does not want to spend the time and money doing the due diligence for secure operations. Without a proper buy in from the top, then security becomes a non issue with the masses and thus nothing is carried out securely at company X. Default passwords, no passwords, poor passwords, sharing passwords etc all are very common in places without any security insight. Often too, these companies have no insight into what is happening on their networks to tell if indeed someone is attacking or exfiltrating data out of their networks through their own firewall… Never mind the guy with the 4 gig USB stick who just downloaded the “secret sauce” recipe and is walking out the front door as he smiles at the guard.

So, my take, the insider threat is a big one indeed and so easy to exploit.

And that brings me to the second article today: Simple information security mistakes can cause data loss, says expert wherein an eminent forensics investigator from Verizon has found through his assessments that the outsider attacks have been far greater. He does however in a backhanded way, have my opinion as to who that insider threat really is: Management.

However, as the article does not really cover this overtly nor the real insight I think about “who” these attackers are I will add to this a bit. I think that those spear phishing attacks that rely on very specific individuals being targeted also has an insider portion to it. After all, just where does all that data come from to target these individuals? The inside of course.

Intranet/internet websites are a rich data mining arena for the APT or the industrial spy. All too often the companies themselves give up all the details an attacker could ever need or want. Most of the time too no hacking need be done to get the information and often much more data than should be available is due to misconfiguration as any good Google hacker can attest. Add this to the whole lack of security posture and you have a deadly mix.

So, to bring it all together, I think that as a general rule “we” are our own worst enemy and the de facto “insider” threat when security is not applied.

Fringe Science Or Reality?

with one comment

Swine Flu May Be Human Error; WHO Investigates Claim

By Jason Gale and Simeon Bennett

May 13 (Bloomberg) — The World Health Organization is investigating a claim by an Australian researcher that the swine flu virus circling the globe may have been created as a result of human error.

Adrian Gibbs, 75, who collaborated on research that led to the development of Roche Holding AG’s Tamiflu drug, said in an interview that he intends to publish a report suggesting the new strain may have accidentally evolved in eggs scientists use to grow viruses and drugmakers use to make vaccines. Gibbs said he came to his conclusion as part of an effort to trace the virus’s origins by analyzing its genetic blueprint.

“One of the simplest explanations is that it’s a laboratory escape,” Gibbs said in an interview with Bloomberg Television today. “But there are lots of others.”

The World Health Organization received the study last weekend and is reviewing it, Keiji Fukuda, the agency’s assistant director-general of health security and environment, said in an interview May 11. Gibbs, who has studied germ evolution for four decades, is one of the first scientists to analyze the genetic makeup of the virus that was identified three weeks ago in Mexico and threatens to touch off the first flu pandemic since 1968.

A virus that resulted from lab experimentation or vaccine production may indicate a greater need for security, Fukuda said. By pinpointing the source of the virus, scientists also may better understand the microbe’s potential for spreading and causing illness, Gibbs said.

Possible Mistake

“The sooner we get to grips with where it’s come from, the safer things might become,” Gibbs said by phone from Canberra yesterday. “It could be a mistake” that occurred at a vaccine production facility or the virus could have jumped from a pig to another mammal or a bird before reaching humans, he said.

Gibbs and two colleagues analyzed the publicly available sequences of hundreds of amino acids coded by each of the flu virus’s eight genes. He said he aims to submit his three-page paper today for publication in a medical journal.

“You really want a very sober assessment” of the science behind the claim, Fukuda said May 11 at the WHO’s Geneva headquarters.

The U.S. Centers for Disease Control and Prevention in Atlanta has received the report and has decided there is no evidence to support Gibbs’s conclusion, said Nancy Cox, director of the agency’s influenza division. She said since researchers don’t have samples of swine flu viruses from South America and Africa, where the new strain may have evolved, those regions can’t be ruled out as natural sources for the new flu.

“This is how science progresses,” he said. “Somebody comes up with a wild idea, and then they all pounce on it and kick you to death, and then you start off on another silly idea.”

Well, this has not really made it to the “main stream” news but Bloomberg is close. Now, this story does answer some possible questions on the oddness of this disease. After all, it has traits of three different bugs within its code not just one particular type.

What’s even more interesting that this theory and paper by Gibbs has been accepted for review by WHO! So, we will see what they say as to the potential validity of this theory. Personally, I think it highly possible that this would be the way something like this would escape the labs out there where folks have been tinkering with the DNA of virus’

“Don’t fear the reaper….”

Remember “The Stand” ? Yeah….

Anyway, I am looking to procure the actual paper by Gibbs.. So once I locate that I will post it. Until then, think about this… Could this indeed have been an accidental release of a bug as byproduct of Tamiflu?

Maybe something more directed? Oh, there I go all Fringe on it….

Written by Krypt3ia

2009/05/21 at 10:58

The Lost Symbol

leave a comment »

The Lost Symbol, formerly known under the working title as The Solomon Key, is the title of an unreleased novel by American author Dan Brown.[2][3][3][4][5] The Lost Symbol will be the third book to involve the character of Harvard University symbologist Robert Langdon; the first two were Angels & Demons (2000) and The Da Vinci Code (2003).[2]

According to early reports, the book’s story will take place in Washington, D.C. and focus on Freemasonry.[6] The book has been in development for several years; originally expected in 2006, the projected publication date has been pushed back multiple times.[1] The book will be published on 15 September 2009 with an initial print run of 5 million copies, which will be the largest first printing in publisher Random House‘s history[7]. Brown’s US publisher Sonny Mehta described it as “a brilliant and compelling thriller” which was “well worth the wait”.[8][9]

Of course with all the hoopla over “Angels And Demons” I decided to see just when the new book would be coming.. And sure enough finally it comes this September! Anyway, lets divert a second back to Angels… With the Illuminati being the focus of this book/movie, the shortwave and am radio waves have been inundated with crazy Illuminati haters.

Dan, Dan, Dan, you REALLY have touched a nerve! Just wait til you get into the whole Mason thing! Yeesh! I look forward to it myself. Presently I am reading “The Secret Architecture of Our Nations Capitol” an interesting read indeed about the Masonic influences in D.C.

A review of the new film as soon as I see it this weekend upcoming…

Written by Krypt3ia

2009/05/15 at 01:29

The Game Is Afoot

leave a comment »

The Justice Department said that Fondren, 62, start providing business consulting advice to a Taiwan-born US citizen called Tai Shen Kuo around February 1998, about two years after he retired from the US Air Force.

Fondren continued the arrangement with his friend even after becoming a civilian employee of the Pacific Command in August 2001, where he held a “top secret” clearance with a classified computer in his cubicle.

Unbeknownst to Fondren, Kuo was working under the direction of a Chinese government official, the affidavit said without identifying the official. Kuo had introduced Fondren to the official in about March 1999, it said.

The official instructed Kuo to mislead Fondren into believing that his information was destined for Taiwanese military officials, it said.

FBI investigating agent Robert Gibbs wrote that wherever Fondren thought the information was ending up, it was clear that he broke US law by “knowingly” handing secrets to “an agent or representative of a foreign government.”

The Rest

Sure, we hear all the time about how the wiley Cinese are hacking our unprotected networks, but little of late have you heard of the old skewl HUMINT being carried out. Well, here you have it. This gambit by the Chinese is interesting in that perhaps this guy was “mislead” into believing that he was helping Taiwan in the process of committing a serious crime against the state. I am unsure that this was a motive, but, he did not make big money from the cutout, so it may well be “a” motivation.

Like I said, the game is afoot, and the Chinese are not the only players here. Don’t forget that the Bear is back too! All too many times people are too focused on the technical side of things since the advent of the firewall. It is no surprise now that many of the attacks in the hacking world actually hinge on social engineering as the human element is the weaker one. There is much to be said about HUMINT being used not only for nation state intelligence gathering but also for corporate espionage.. Which brings me to the next little gem from CICENTRE:

David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron’s rival, Texas-based AMX Corp., at the time.

“He was able to figure out what their default passwords were, which they never changed,” said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor’s Office.

The Rest

On the one hand this story says “DOH!” they have DEFAULT passwords on KEY SYSTEMS! Gee, who’da thunk it huh? But, this guy really worked it from a social angle too. He inserted himself into the community and worked the folks there to get what he needed. Quite the engineer really.

Moral of the stories? Just don’t focus on the technical.. Just because you have a firewall does not mean that the insider threat is removed from the picture.

CoB

When naming something you should really do your research…

leave a comment »

Marls (ziug. Say, assv chlsek Glnji lvcp oy, mvrl aycoapchlsy, Sates) deye hnjilna Rvmhn keptpet prvtlcaiug ahl hvuze hnk toe gamplf, toef wlrl a moym vf oobsfhosd noks.

Sayez wlrl pyezutee sous vf Teycbrf aud Saya, hnk dfepsy ceueyaaek bf aucpeut Yonanz torvunh zmhls saaauls, bsvalsy wua iu hpgoey psajez om tie hvuze, may fyot toe mlvoy, oy ewen vn ahl rvom (bbt zote zthtbet weye hlzo vn zote jrvsziugz og rohdz). Om toe Sayez pyowey, toese aye vnsy awv, aud ahly oak iuffrivr wodey. Ocey tpml, toepr woxer daz eetlnkek ocey hvuzez, cpunarf, sla, jiails, ltj., az toe Sases iejate joufsaaek wpto oahfr Rvmhn keptpez aud wrvtlcaiwe swiyias.

Written by Krypt3ia

2009/05/12 at 18:45

Star Trek 90210

with 2 comments

Well, I have seen the film twice and have to admit, it is classic “Trek” in many ways, however it gives the franchise new life! The two hours veritably flew by as I sat and zoomed along with the new cast and new ship. So, all in all, its a big win for Paramount I think and ST as a series.

Now, on to the fan at heart here. See, I was born on the day ST aired on tv. I turned 25 and 30 with Star Trek and I have to say to all those hard core “nerds” out there complaining: “Watch the above video” Enough said.

Sure, its different in some ways, but in others it’s the same thing! I mean, hell, this was basically Khan part III from a scripting perspective kids! Get over it! This reboot changes the paradigm in an very neat way. Time travel and alternate realities now make for a completely new take on this show! I LOVE that idea!

Added bonus? NO SYBOK in this alternate universe! YEEHA! Now that movie WAS a travesty!

Go see this film..

Written by Krypt3ia

2009/05/10 at 12:49

Posted in Movies

Alternate Realities…

leave a comment »

I believe that William Bell is in the alternate reality. He has made the shift and is sending back “The Visitors” to shape our reality against the coming storm…

The question is, is Walter also from that reality? It stands to reason that there are duplicates in each. Has the other Walter perished? Or, is this Walter the one from the other reality and thus, in transit lost his mind and memory?

Fascinating…

Oh, and who else out there yelled out loud “BURN THAT FUCKER” when the SAC got whacked by the pyrokenetic? Yeah… Sweet.

Written by Krypt3ia

2009/05/06 at 11:42

Posted in Fringe

The Stupid IT BURNS!

leave a comment »

Me: Sir, your *insert control machine name here* has a default admin password and login

Guy: It does huh? Is that bad?

Me: Yes, it is…

Guy: Why?

Me: Because I now OWN your *insert control machine name here*  I can do whatever I want with it.

Guy: Hmm well let me tell you the password I use to get in… *BLEEEP* Is that it?

Me: Yes.. We need to change this…

Guy: Oh, that’s going to be hard…

Me: Face+Palm+Head+Desk.

Written by Krypt3ia

2009/05/04 at 23:48

Posted in Hacking, Infosec

While I am on the subject of film..

leave a comment »

This week I intend to pick these up. I watched “A River Runs Through It” today off of the USB stick in my new DVD player here. Another fantastic film that won the Oscar for cinematography. Norman Maclean wrote some wonderful prose and his life and work should be more known to the masses.

I look forward to reading these works…

Written by Krypt3ia

2009/05/04 at 01:15