DEAD DROP 01 / USB ETHERNET HACK, RAMBLER BREACH, KALI, AIRGAP ATTACK
--

Welcome to Dead Drop number 1, a new series all about what's happening in the worlds of computer security and internet freedom.

There's so much going on, so many data breaches, new exploits found, and attempts to curb digital freedoms, that I think it might be useful to make a short round up of all these happenings.

OK, let's get on with it. All source links mentioned are below.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

BREACHES

Nearly 800,000 account details were recently stolen from the forum of porn site Brazzers. This was due to an attack on the vBulletin forum software used by 1000's of sites across the net. As of now, the site is offline, and Brazzers say they're taking steps to ensure the login details cannot be used.

http://www.bbc.co.uk/news/technology-37285715
https://motherboard.vice.com/en_uk/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack
http://www.brazzersforum.com/

A 2012 hack has resurfaced again, with Russian portal Rambler.ru reportedly having 100 million usernames and passwords leaked, all plaintext and unencrypted. It is thought to have been carried out by the same person who hacked Last.fm, also in 2012.

https://thehackernews.com/2016/09/russias-largest-portal-hacked-nearly.html
https://www.leakedsource.com/blog/rambler
http://rambler.ru

SOFTWARE

Kali launched the new 2016.2 version of it's security focused OS recently. There are now stand alone ISO images you can download to try Kali on various non-GNOME desktop environments, as well as other updates.

https://www.kali.org/news/kali-linux-20162-release/
https://www.youtube.com/watch?v=Fynh7oP9Lio

Wireshark also released version 2.2.0 of their network analysis tool this week. Link to full release notes are in the description.

https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html

CENSORSHIP

A report by Yoani Sanchez and Reinaldo Escobar has concluded that the Cuban government is automatically blocking text messages that contain words such as democracy, human rights, and hunger strike, amongst others. Reuters verified this, saying messages are confirmed as being sent locally, but never actually reach their destinations.

http://www.theverge.com/2016/9/7/12828202/cuba-filtering-blocking-text-message
http://www.reuters.com/article/us-cuba-censorship-idUSKCN11B265

WEB TRACKING

Princeton researchers carried out a massive, automated survey of the tracking capabilities for the top 1 million websites on the internet. Unsurprisingly, they found sites like Google, Facebook and Twitter had third party trackers in more than 10% of those sites, with an additional 80,000 third party trackers being present. They also found new fingerprinting techniques being used more, like the previously unknown AudioContext attack, WebRTC local IP discovery, device font lists and battery fingerprinting.

https://nakedsecurity.sophos.com/2016/08/03/massive-new-study-lifts-the-lid-on-top-websites-tracking-secrets/
http://randomwalker.info/publications/OpenWPM_1_million_site_tracking_measurement.pdf

USB

The USBKiller 2.0 has been announced, and is for sale for $50. When the user plugs in to a USB port, it takes the 5volts, puts it through a bunch of capacitors, then delivers 200volts back through the data pins, bypassing built in power protection, and frying computers.

https://www.usbkill.com/
https://thehackernews.com/2016/09/usb-kill-computer.html
https://www.youtube.com/watch?v=3hbuhFwFsDU

In other USB news, a team of Israeli researchers have found a way to extract data from airgapped machines. It does this by turning existing USB devices into RF transmitters, and all without any hardware modification. I've got a feeling these electromagnetic type attacks are going be a big deal in the future.

https://thehackernews.com/2016/09/usbee-airgap-computer.html
https://www.youtube.com/watch?v=E28V1t-k8Hk

MALWARE

Earlier in the year, researchers found the Mokes malware in the wild, with the ability to work on both Linux and Windows machines. Now the backdoor, which can steal screenshots, audio & video capture, keystrokes and more has been found on Mac OS X, making this sophisticated malware fully cross-platform.

https://securelist.com/blog/research/75990/the-missing-piece-sophisticated-os-x-backdoor-discovered/
https://securelist.com/blog/research/73503/from-linux-to-windows-new-family-of-cross-platform-desktop-backdoors-discovered/
https://thehackernews.com/2016/09/cross-platform-malware.html

HACKING

Hak5 made a really interesting video showing you how to use a USB Rubber Ducky to steal a username and password hash in about 2 seconds. Pretty fascinating to see how this stuff works.

https://www.youtube.com/watch?v=BH4M7djZfew

Another Hak5 team member, Rob Fuller, aka Mubix has found a way to steal login credentials from screen locked Windows and Mac systems. The attack uses a USB Armory that pretends to be an ethernet adaptor, and takes advantage of the implicit trust many operating systems have for these USB adaptors. The whole process takes about 13 seconds, and Rob has included all details in his writeup.

https://room362.com/post/2016/snagging-creds-from-locked-machines/
https://www.youtube.com/watch?v=Oplubg5q7ao

--
BY NODE