We asked our regular contributors through e-mail, What are the best computer hackers able to do right now that most people are unaware of? We got many interesting response. Here are some of them. We have just copied and pasted their responses, not editing them in any way and most of the respondents have requested to stay anonymous, so no names will be published. Many of the words used by some of the respondents might not be clearly understood by a layman, but we guarantee it would be an interesting read and some of the people have even offered good security practices everyone should follow.
1-5 Things Hackers are able to do
01. One thing most people don’t suspect is Rogue Access Points. For wifi you set up an access point using your own insecure protocols and you put it at a mall and call it “Free wifi” or “Starbucks” and people when connect to your wifi, you can steal session cookies, personal information, etc. Most people just connect to any wifi point with the strongest signal or unprotected.
An even scarier rouge access point I’ve used (Pineapple) says it is whatever you computer wants it to be. If your computer has stored “myhomewifi” or “school” or “milesantorswifi” it says, “yes, I am that wifi” and your computer connects to it and has internet access, all the while I am watching all of your traffic. With this type of attack, basically setting up MIM you can sidejack(steal session cookies), urlsnarf(see all the websites your looking at), use SSL Strip(even view secure sites -https), Phish (control your DNS and send you to lookalike sites with fake logins then just redirect you to the actual site), run keyloggers to capture keystrokes, and much more.
Before the local University upgraded their wifi network, my friend set up a Pineapple to his laptop. He spoofed the Facebook website, and within 30 minutes had almost 10 combinations of emails and passwords. It blew my mind.
02. A good interpretation of “best computer hackers” would be the NSA (and possibly the best state sponsored Chinese and Russian groups as well).
Among the most recent revelations of the “Equations group” (NSA) was that they have malware that hides in the firmware of your Hard Drive. Not the regular place where files/folders are kept, but the internal storage of the device that tells your hard drive how to function and interact with the rest of your computer. On boot, it infects the operating system. So what happens if you reinstall your OS? You’re still infected. What if you try to flash your hard drive’s firmware back to something from the manufacturer? Well, the NSA’s firmware loaded on the device is responsible for accepting the update, so chances are it will ignore any attempts to change it. Basically, your hard drive is permanently a source of infection.
And while most people have heard of Stuxnet, it seems like the the follow-up malware written by the same authors haven’t received as much attention in the public. Duqu, Flame, and Gauss are in the same family, and they are pretty nasty. They have remote kill switches that will leave no trace, which is what you would expect of state level espionage. Gauss has an encrypted payload where the key is the target computer’s configuration – meaning that it won’t activate (and no one knows what it really is meant to do) unless it infects its intended target. To my knowledge, no one in the public knows what it will attack or what damage it has caused.
03. Any “smart” refrigerator, toaster or any smart device is hackable and due to space limitations (where the firmware is stored), possibly not entirely fixable.
04. My father was a vulnerability analyst for the DoD for two decades. I remember him telling me of one instance where DoD hackers accessed systems by using the EMF signals emitted from “secured” network cables that were lying close to unsecured network cables. Essentially, they were picking up the electro-magnetic signals (that all electronics emit) through a cable that was very near it, like a crude radio receiver. What’s even more interesting is that not only could they steal data from the secured system, they could transmit signal into the secured system and do all manner of things.
I’m not sure how it works (or how much of it is classified), but the DoD has some very sophisticated equipment and methods for hacking.
05. Computer security guy here. Typing from phone, so I’ll keep it short.
Gain full execution rights on your machine from a website by exploiting bugs in the browser or plugins. This can give them access to install malware and other nasty bits.
Create exploit kits to do #1 across all platforms with relative ease.
Do #1 and #2 from legitimate websites (even YouTube) by buying advertising space on them and embedding their exploit kits in the ads.
EASILY bypass Antivirus using packing and polymorphic code. Detection is dead, and attackers know it.
Do the same as #1, but from a document, spreadsheet, or PDF.
Persist across reformats using bootkits.
Propagate into virtual machines.
Propagate out of virtual machines.
There’s a ton more, but this is the main stuff that most people should be worried about.
6-10 Things Hackers are able to do
06. Whenever people ask me what the danger behind hackers is, I bring up Stuxnet. This was a virus written by ‘some’ government agencies which was specifically developed to destroy certain centrifuges which were used to enrich radioactive material in Iran. That on itself is not that impressive, anybody who can get some form of access to these centrifuges can tamper with them in one way or another to break them.
The impressive, and dangerous, aspect of Stuxnet is the way it got to the centrifuges and how it hid throughout the whole world, looming until it finally infected the right system and could jump into action.
It hid on thousands and thousands of systems, infecting more one by one, hiding from any kind of anti-virus system you could imagine, being controlled remotely and updated with new code through command and control systems. Again, on itself it is not that impressive, 100s of botnets do this. But I still find Stuxnet one of the prime example of Cyber warfare. It hid itself by thinking of every little detail. Any tool that could be used to detect file changes, was infiltrated and deliberately altered in such a way that whenever it checked a file that Stuxnet infected, it would return a valid ok reply instead of an error.
After infecting thousands of systems, it finally made it into the centrifuge control system (which was not connected to internet) in Iran which used that specific version of centrifuges they wanted to destroy and did its thing (again fooling/avoiding any control mechanism which verified file/memory/… structure by injecting specific hacks in each control mechanism) and destroyed the centrifuges by just alternating the speed of the centrifuges by a tiny amount.
Eventually of course, it got caught and a lot of research has been done on Stuxnet. Showing us what a set of genius hackers can accomplish. It is scary, it is dangerous, it should serve as a warning for anybody thinking IT security is ahead of the game. It is not, far from it. If it comes down to it, your systems are unsafe and open to whomever really want access. You are just lucky nobody, except for some simple criminals who are looking for some simple money or basic chaos, are really interested in your systems or information. There are several white papers about Stuxnet (for instance the Symantec one ), and they are worth the read if you want to be amazed by what hackers can create.
07. Due to a security bug and loophole that was found in android not long ago (I’m quite sure it got patched recently) a hacker could gain full access to your phone (from reading your emails and taking all your passwords to making it ring, changing settings, turning it off and back on etc.) by SENDING an MMS to your phone. All your phone had to do was receive the text and they had full access. It was called ‘StageFright.’
08. Do you know that you have two OSs running on your phone? The one you know (iOS, Android, etc) and an RTOS for all the radio and other low level stuff. This interacts with the main OS, and is able to do almost anything that you can if you rooted. These RTOSs are closed-source and any backdoors or vulnerabilities are known to a few groups.
If you had the know-how, you could craft an SMS or something else over a GSM control channel and dump the phone of someone sitting anywhere in the world. Not only that, but GSM’s encryption is not good. NSA has been decrypting GSM for a while now. There’s plenty of published work on how to crack A5/1 yourself, if you’ve got the resources. But, you don’t even have to do that. Build or buy an IMSI-catcher, and you have yourself a man-in-the-middle, with your own cell tower.
3G offers better encryption than plain old GSM, but not much better.
09. A few months ago in the news there was a white hat hacker, basically someone that tries to find bugs and let the company know about them before others with malicious intent can, anyway this gentleman was not getting the response he wanted from the company, or any response at all so to bring it to light he live tweeted from an airplane how he was able to get into the flight control systems and control the direction, and speed of the aircraft mid flight. Side Note: The FBI arrested him when they landed. Link Here.
You wanna see some really crazy sh*t? Watch this. Basically, a couple of years ago someone figured out how to remotely do basically whatever he wants to large commercial jets. Yeah, passenger jets. I don’t want to type out what that means, but you can probably figure it out. Has it been fixed? Nobody knows. Because that is how security in that industry works.
10. You can literally buy a idiot-proof tutorial in the darknet to prepare a usb-stick, walk up to a specific type of ATM (that is still used), stick the drive in the maintenance usb port and make it pay out whatever you want.