NSA Hacker Chief Provides Insight

During one of the most highly anticipated forums at the annual Usenix Enigma security conference in San Francisco, head of NSA’s Tailored Access Operations Rob Joyce explained how to defend against the snooping procedures of him and his NSA coworkers.

TAOAs he explained to a room full of security professionals and academics, the NSA operates by exploiting the login credentials of network administrators and others with high levels of network access and privileges that can open the door to monitoring private users.

Once inside a network, the NSA tries to find hardcoded passwords in software or passwords that are transmitted by old, legacy protocols.

“Don’t assume a crack is too small to be noticed, or too small to be exploited,” Joyce warned. “If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter. Those are the ones the NSA, and other nation-state attackers will seize on. We need that first crack, that first seam. And we’re going to look and look and look for that esoteric kind of edge case to break open and crack in.”

Among Joyce’s many revelations regarding the ways that the NSA hacks into private networks were through temporary network openings, Steam games, HVAC systems, and something called the Quantum insert code injection technique, which apparently allowed for the British spy agency GCHQ to hack the Belgium telecom Belgacom.

The number one way the NSA hacks into your device? Packet injection.

VEROEFFENTLICHUNG NUR NACH RUECKSPRACHE MIT CHEFREDAKTION

“We put the time in …to know [that network] better than the people who designed it and the people who are securing it,” Joyce explained. “You know the technologies you intended to use in that network. We know the technologies that are actually in use in that network. Subtle difference. You’d be surprised about the things that are running on a network vs. the thing that you think are supposed to be there.”

Joyce also listed ways to make the NSA’s snooping a little more challenging. He recommend that users make access to important systems a higher-privilege system so that only those who really need access are given it. He also recommended that users segment networks and important data to make it less accessible for hackers. Patching systems and implementing application whitelisting was said to be another good way to ward off cyberattacks, and hardcoding passwords and legacy protocols that transmit passwords in the clear was also deemed essential.

NSA also apparently hates “out-of-band network taps”, devices that monitor network activity and produce logs that can record anomalous activity. If you’re a smart administrator and you actually read through the logs and understand what they say, you’re likely to be able to identify if someone’s come snooping.

One of Joyce’s biggest surprises? The NSA doesn’t rely heavily on zero-day attacks, mostly because it doesn’t have to:

“[With] any large network, I will tell you that persistence and focus will get you in, will achieve that exploitation without the zero days,” he assured. “There’s so many more vectors that are easier, less risky and quite often more productive than going down that route.”

Gun Control Meets the Dark Web

In a tearful speech that has yielded media attention and an outpouring of arguments, U.S. President Barack Obama outlined a series of new executive actions aimed at curbing the rampant gun violence in America.

U.S. Attorney General Loretta Lynch claims that Obama’s actions will help to regulate the increasing number of guns are being sold over the Internet, specifically those being sold on the “dark web”. The dark web refers to heavily encrypted virtual spaces where users can anonymously browse and supply websites, communicates with one another, and buy and sell goods.

obama cryingThe anonymity of the dark web has allowed for a black market to develop in which the proliferation of illegal services are bought and sold. The most notorious of these marketplaces, a website known as the Silk Road, was shut down in 2013. Of course, the hydra-like growth of the internet ensured that multiple copycat websites swooped in to take its place.

Accordingly, illegal weapons are easily traded online using bitcoins, an anonymous and non-government-regulated form of currency that has been around since 2008. The bitcoin has a tumultuous past of sky-rocketing and nose-diving in value, but the need for anonymous trading has kept the currency alive.

Nicolas Christin acts as assistant research professor of electrical and computer engineering at Carnegie Mellon University. He worked with a team or researchers in a recent deep-dive analysis of sales on 35 marketplaces from 2013 to 2015. According to Christin, weapon sales on the internet are not as prevalent as the Attorney General may think.

“Weapons represent a very small portion of the overall trade on anonymous marketplaces,” he claimed. “There is some trade, but it is pretty much negligible.” The dark web’s black markets are more focused on illegal substance, with marijuana and MDMA sales accounting for around 50% of all trades.

mdma silk roadApparently weapons are lumped in with a hodgepodge of products that fall under the “miscellaneous” category, a group composed of electronics, Viagra, tobacco, steroids and drug paraphernalia that together only make up about 3% of the dark web’s economic activity.

The Silk Road even attempted to launch a sister site known as the Armory in 2012. Only a few months passed by before the Armory was shut down again due to lack of interest.

So why the lack of interest? It turns out that purchasing a gun illegally can actually be more precarious and difficult than just buying one the old fashioned way. Guns are much more difficult to ship discreetly and there are plenty of dark web scammers that are likely to take buyers’ money without delivering the product.

“Why would you go through the hassle of purchasing Bitcoin, logging into an anonymous marketplace, purchasing weapons from an online deals, and potentially going through the further hassle of reassembling various weapon parts chipped in multiple parcels to your house, when you can get these weapons legally, e.g. at a gun show- without much of a background check?” Christin asked.

Nonetheless, Lynch believes illegal sales are a major issue: “The industry is shifting and growing… If it does stop one act of violence, this will be worth it.”

The IoT Opens up the Door for Cyberattacks

The IoT (Internet of Things) is a movement towards what’s expected to be a hugely profitable industry; more and more technological devices will be connected the internet and remotely accessed by mobile devices and computers miles away from the actual source.

There is a lot to be gained from these upcoming services, but many are also worried about the connection of more and more devices to the internet; with the constant stream of terrorist attacks affecting large and often extremely secure companies all over the world, connecting even more devices to the internet makes a larger portion of our lives susceptible to malicious hackers (now called crackers, which I think is sort of an oversight).

According to some projections, by 2016 there will be around 6.4 billion devices connected to the internet. This number will increase by an astounding 5.5 million devices per day, until about 20 billion devices are connected in 2020.

In response to this rapid development, the FBI recently released a public service announcement that the Internet of Thing’s development will indeed make more users more vulnerable to cybercrime.

open garage doorIt listed the following devices as ones which could make civilians vulnerable once connected to the Internet: automated devices that remotely or automatically adjust the lighting or HVAC, thermostats, wearables like fitness devices, and smart appliances like refrigerators and TVs.

According to the FBI PSA, crackers “can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety.”

It’s without a doubt a creepy idea; a cracker/burglar that hacks into your IoT network could switch off the lights in your house, open any electrically-powered safes, and start using your personal coffee machine to make him or herself an espresso if he/she sees fit .

Especially creepy: because IoT devices are gradually expanding to include medical devices that dispense medication to people that are ill and tubed up, cybercriminals could even hack into someone’s medical device and mess with their prescribed medicine. Imagine if a murderous cracker were to hack into a patient’s medicine dispenser and give him or her a deadly dose of morphine, for example. That’s terrifying.

Federal Bureau of Investigation (FBI) Washington, DC

People have had even more horrible ideas such as criminals hacking into baby monitoring systems at home and in day care centers to watch young children, hacking into automated home devices like garage doors and security devices to gain access to a home, and even hacking into gas pumps that have joined the Internet of Things to “cause the pump to register incorrect levels, creating either a false gas shortage or allowing a refueling vehicle to dangerously overfill the tanks, creating a fire hazard, or interrupt the connection to the point-of-sale system allowing fuel to be dispensed without registering a monetary transaction.”

Plenty of companies have validated these risks by preparing for the potential attacks. Microsoft, for example, has announced new security efforts with its Windows 10 IoT Core, which focuses on offering enterprise-level security to private and public clients that use IoT devices, even those without screens.

How Do You Send a Message in Binary Code?

Everyone is familiar with the internet, but few have a comprehensive understanding of how it actually works. Perhaps you’re aware that the information stored on any electronic device can generally be broken down into megabytes, kilobytes, bytes and bits of binary code, and that that code is what’s transferred from one device to another. But then how is it sent physically?

Well obviously the amount of yes’s and no’s involved in even a single 3-minute song are inconceivable to human consciousness, but a machine can be programmed to take in all that information extremely quickly. Consider a machine that can make a light bulb flicker on and off much faster than any human hand pressing a button.

But how are those on and off orders conveyed in bulk at extremely fast speeds over long distances? We generally use copper wires. Let’s start by addressing a typical ethernet wire. They have a measurable signal loss/interference for these orders even just over the few feet of wire that they provide.

ethernetFor internet to be accessible and fast all over the world, humans need something that moves faster than electricity, so they use light. Using a fibre optic cable, we can send bits via light beams. A fibre optic cable is just a thread of glass specially engineered to reflect light. That means when you send a beam down a fibre optic cable, the light beam bounces up and down the cable until it is received on the other end. Because scientists have figured out how to determine the particular angle from which the bouncing beam of light is being received, we can send multiple beams of light through the cable and know which one is which on the other end.

Fibre optic cables supply by far the fastest and most accurate way of sending information over long distances, but its also extremely expensive and challenging to work with.

radiowavesSo we’ve talked about copper wires and fibre optic cables, but how do we send things wirelessly? Wireless bit sending machines typically use radios to send bits from one place to another. The machines have to transmit 1’s and 0’s into radio waves of different frequencies. The receiving machines then reverse this process, converting the waves back into binary code on your computer.

However, radio signals are prone to interference and cannot travel very far without getting garbled. That’s why you can’t generally listen to your favorite hometown radio station unless you’re in your hometown.

So then how are we constantly using wireless devices? The devices need to be close to either a wireless router which is then connected to the previously mentioned copper or fibre optic cables, or they need to connect to some kind of service providers’ larger-scaled satellite stuff that I don’t really understand.

Regardless, every single thing you see on the internet is made up of binary code, broken down and transferred via the presence or absence of electricity, the presence or absence of light, or the difference in frequency of radio waves. Pretty amazing stuff.

Recovery and Backup Solutions: Frequently Asked Questions

In order to keep your digital data safe you will want to make regular backups of it. Backups are copies of your data which can be used should something happen to your computer, smartphone or tablet. This article answers some of the most frequently asked questions regarding data backup and recovery.

Why Do I Need to Backup My Data?

Should anything happen to your computer, you could end up losing all of your data. Think about all the documents, photographs and music that you may have stored on your computer – all of this could be wiped within a second. By backing up your data you will have another copy of it which you can use in the event of an emergency.

How Can I Backup My Data?

There are several ways that you can backup your data. The most popular ways are to backup your data on CD or DVD, to use a flash drive, to use an external hard drive or to use an online data backup service.

CDs and DVDs provide an affordable way to backup data. You can copy data from your computer to the CD, but this process can take a while to copy depending on how much data you have. A disadvantage of using this method is that CDs and DVDs will only have a limited capacity, plus they can also get damaged easily. Make sure that you store CD and DVD backups in a safe and secure place.

Flash drives are another economical backup option. You can set them up so that data is automatically copied onto the flash drive as a backup. Flash drives come in a large range of sizes, so you can choose the right one for your needs. Flash drives are also small and convenient to transport.

External Hard drives have an extremely large capacity in comparison to DVDs, CDs and flash drives. They are slightly more bulky than the flash drive but they are still easy to transport, plus they are also extremely fast.

Perhaps one of the best options is to go for an online data backup service. This is where all of your data is stored on an off-site server. You can set it up so that all of your data is automatically stored onto the system. Online backup services will require a small monthly or annual fee, plus you will need to have a constant Internet connection.

What Is Data Recovery?

In some instances, such as when your computer malfunctions, you may be able to have some of your data recovered. This is where a specialist recovers the data stored within your hard drive.

As well as backup and data recovery services we are also able to offer computer repairs, instant support, premises wiring and installation and design services. A full price list can be found on our website, along with our contact details. If you have any questions then please contact us and one of our technicians will be happy to help. We look forward to hearing from you.

Simple Steps for a Faster PC

If you have a PC that runs on Windows and you have had it for any amount of time, you may have noticed it has slowed down, this can be because of numerous factors from a virus, to not enoughRAM. Whatever the reason some basic maintenance could be all it needs. Here are some simple remedies to your speed problem

Anti-virus

The first thing you should do is run an anti-virus program to make sure there is nothing hiding on your computer, and interfering with its running. It is actually better to run a couple of antivirus programs,nosingle anti-virus program will find all the viruses, worms and Trojans that are out there. There is a big selection of programs to choose from, and many people opt for the free versions as they are so good. It is probably best to read some reviews and pick one that has an easily understandable interface.

Spyware

Similar to the anti-virus, spyware detectors will find things on your computer that though not malicious, will certainly slow your computer down, and could feed information from your computer to outside parties.

Your registry

Your registry is vital to your computer as it controls its running and its settings. Most registry cleaners will be able to repair your registry and are also simple to use. They will scan your registry and look for errors such asnon-existent programs and broken links. After a quick scan they will recommend registry entries to remove or repair in the form of a list. The better programs will indicate ones that could be dangerous to delete, but they will usually come with a registry back up facility to use. Always use this as some registry values when deleted will destroy your computer.

Temporary files

These types of file can generally be removed with no problems at all, though if you use the internet you are constantly creating more. There are many programs to do the job, infact the program you use to fix your registry may well be able to sort out your temporary files as well. Again it is wise to create a backup before deleting anything off your computer, but this is normally a straight procedure.

Defrag

Your windows operating system will have this facility built into it, and you should use it every so often to make file retrieval that little bit faster. Your computer will become like a library with books strewn all over the tables, finding the right book will take time and effort. A defrag will put the books back in an orderlyaccessible way that makes finding them faster for the computer.

Startup

A check for which programs are starting up when you boot your computer is often included in computer maintenance programs and you should pay attention to it. It is much better to have as few programs running in the background as possible. Simply stop programs that you do not need. They will always start when you click on their icon.

What Happens if There Are Still Problems?

These easy, and possibly free, fixes can considerably speed up your computer. If they don’t then maybe a look at the hardware is needed. Bad sectors within a hard drive are one of the most common hardware problems found in computers, often leading to data loss. Even if your hard drive is by a reputable manufacturer, such as Seagate or Western Digital, they can still catch bad sectors due to many physical occurences such as drops, and moisture, leading to data loss. To recover data from Seagate hard drive, or any other harddrive, you should get in touch with a professional data recovery company in order to be certain

Consumers Beware- Computer Exploit is Legal and Lucrative

Making headlines is Zerodium’s $1 million bounty for “jailbreaking” iOS9.1, Apple’s latest mobile operating system.

Zerodium is a computer exploit merchant, meaning it buys and sells knowledge of how to tamper with software. It describes itself as “a privately held and venture backed startup, founded by cybersecurity veterans with unparalleled experience in advanced vulnerability research and exploitation.

iOS9.1

It offers a service called the “Zerodium Security Research Feed” (Z-SRF) through which Zerodium pays independent researchers for their zero-day discoveries and then “analyzes, documents, and reports all acquired security information, along with protective measures and security recommendations, to its clients”.

“Zero-day discoveries” refers to vulnerabilities that the software manufacturer both doesn’t know about and hasn’t fixed. These discoveries are worth a lot of money to professional hackers.

You may be asking yourself, how can this line of work possibly be legal? After all, Zerodium is publically paying people $1 million to figure out how to remove security protections built into Apple products with iOS9.1. From that point, hackers could potentially monitor the device, install malware, or otherwise use the device in ways it was never meant to be used. Furthermore, Zerodium is only accepting applicants who manage to do this from a separate web browser and in such a way that if their work remains effective regardless of whether the phone is connected to a computer or restarted completely.jailbrak

It turns out that in the United States, jailbreaking a new iPhone is completely legal and has been since 2010. Federal regulators believed that it fell within consumers’ rights to manipulate iPhones so that they could, for example, download apps from outside Apple’s very closed business model.

Unlocking, the process that enables an phone to be used with any wireless carrier despite whatever carrier with which it was sold, remained illegal until early August of last year.

What’s worrying is that the jailbreaking method is not meant for consumers to use on their own phones; it is clearly meant to be used by a third party, unbeknownst to the owner of the device.

According to Zerodium, one hacking team successfully created the jailbreak and that the information will be sold to “major corporations in defense, technology, and finance” seeking to protect themselves from a potential zero-day attack. Zerodium also admitted that it would be selling the hack to “government organizations in need of specific and tailored cybersecurity capabilities.”

Apple will not be listed in the variety of companies to which Zerodium plans to sell the jailbreak. It also obviously does not plan to release the information to the general public. That said, the entire process is pretty damaging to Apple’s reputation and disconcerting to most Apple users; companies are publically selling information about how to hack into their devices.

That said, Zerodium maintains that the ability to hack into Apple’s devices does not imply that the company is an unsafe option:

“Due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple’s iOS is currently the most secure mobile OS,” Zerodium states on its website. “But don’t be fooled secure does not mean unbreakable.”

Top 4 Tips To Prevent Computer Virus Infection

The computer is probably the most important piece of technology in today’s generation. It would be imagine how long this world would last if all of the computers in it would disappear all of a sudden. Computers are used for business, communication, entertainment, and other things. Millions of household in this world have at least a single computer set installed.

Every person who has a computer should make sure that it would not get infected with viruses. Viruses could cause a lot of damage to a computer. There are viruses which automatically deletes important files. There are those which make the computer run at a very slow pace. There are also those which cause damage so serious that the computer user would not be able to open his unit anymore.

Do you own a computer? Make sure it does not get infected with viruses with the following tips:

Use a powerful anti-virus program

Your first line of defense against a virus should be a powerful anti-virus program. Such a program would make sure that all of your files are uninfected. It would great a shield that would block all threats from entering your PC. Just make sure you get those anti-virus programs that are paid for. Free anti-virus programs are limited when it comes to virus protection capability. Sometimes, these free programs are not doing anything at all.

Scan removable items first

Do you remember the story where some Greeks hid inside a wooden horse so that they would be able to pass through the impenetrable walls of Troy? The story of the Trojan Horse should be a lesson for any computer user. Before you let insert any removable items such as USB flash drives and Micro SD cards, it is important to run some virus scans on them first. This is so that threats could be detected before it could start spreading all over your computer.

Do not download suspicious files

There are so many things that are offered in the Internet for free. However, not all of these are safe. Most of these downloadables are infected with various types of viruses such as worm and malware. Once you have downloaded these into your computer, you might not be able to stop them from causing havoc. Be careful when opening attachments which are sent to you through e-mail. If you think that an e-mail is spam, you should send it to the spam folder right away.

Avoid suspicious sites

Among the best ways to prevent your computer from getting infected with a virus is to simply avoid suspicious websites. You should only visit sites that are reliable. Try avoid going to pornographic sites, suspicious forum sites, and other dark corners of the Internet. Do not click a suspicious link because that might lead you to a virus-infected site or it may cause you to download and infected link.

If in case your computer gets infected, you might want to consider hiring the services of the Digital Ventures Corporation. Technicians are available to assist you with any problem you might be having with your computer.