Tag Archives: hacking

Too Silo’d to React, Now Respond.

Ever think what would happen if you ever got hacked? Maybe you are wondering if the IPS guys or the HIPS guys are really doing their jobs? In corporate America it is real easy to overlook a lot of precautions and security because you’re just too leveraged. Today’s threats are evolving as bad actors continue to find ways inside. They utilize social sites and technology, human frailty of being needed, and work their way through with some advanced IPS and IDS and Anit-X evasion techniques. So what are you to do?

Looking at the problem in your cube doing your work on your piece of the asset. Your mind tends to think “OK this is what I have to do and I move on to the next asset and service on that asset.” That is all you can touch. You’re ethical hacking group is looking too busy or not too busy to assist and maybe they can or cannot really find all the holes in your security posture. How about a resident hacker just for that client or span of control of clients that you have. Where one can check the security by reviewing the vulnerability report made with hacking tools. However, the key difference here is not to pay for a once a year penetration test but make it so that you test regularly. Red team vs. blue team and then provide results to management. Also, just testing monthly to make sure patches and firewall rules are in place would be great. I think this would be one of the best security practices a company could get into. RedSeal is a software solution that provides visibility into an organizations security by analysing configurations and building out the network diagram. It can then import vulnerability reports and host information to really give you the what if scenario that you have been thinking about in your cube. It will also give you your list of objectives to test and make sure you that the holes found are true and need to fix.

Security is not something you buy or do once in a while. It’s a practice built by defined policies and procedures that are completed over and over again. If you think you are failing to practice the right procedures every day or that your vigilance is intermittent, then I think you are a good candidate for some building security into everyday operations 101. Yes, a bit wordy there but think about it, its not rocket science the hurdle is time, the silo, and the recognized concept.

In conclusion, the best security is a resident security expert allowed to do their job by proving tools and processes. If you cannot get a resident hacker or spend time doing this allow me to make some suggestions. Get a requirement opened from HR to fill this role or hire a service from a firm that understands vulnerability assessments and penetration testing.  Allow them to practice regularly providing results to you and maybe you can stay out of the news. Security awareness and training also helps prevent attacks because users bring the risk in from their computers. The biggest tools to get in are Adobe Flash & Reader, Java, and spear phishing.

If you have any questions or comments or looking for advice on services and where to go, feel free to contact me kevin@netwerkguardian.com www.netwerkguardian.com

Cyber Attack on Banks Imminent – 3 Different Stories +

Looks like we are about to see the rumors made true of an attack made on the banking institutions as solicited by global bankers.

Pete Santilli show reports the following here. They say a bank holiday could happen. This has been tested with MF Global incident with no one complaining. Jon Corzine isn’t doing time for his crime. It is reported that 30-40% being robbed form people’s accounts. Then the US is to give you US treasuries in exchange. Basically getting useless dollars in return to your legitimate hard earned money.

Another story reported by my colleague Pierluigi with PiceBOT hitting Latin American Banks. Now we have to evaluate the credibility of the attacks occurring. We can see that it is happening in Latin America.

Bill O’Reilly also states that the financial institutions and American dollar is about to collapse. Listen to it here. Government Accountability office release a report not reported by other news outlets.

“Federal Gov’t faces an unsustainable fiscal path.”

Look for the GAO report. More to come as this story develops.

************************ Story + **************

Another article reports hack an American Bank executive accounts. After hitting other government websites in response to Aaron Swartz death, Anonymous is full steam ahead.

Maybe it’s time you pulled your money out of the bank?

Council on Foreign Relations Hacked by Chinese Hackers…Why?

CFR Hacked…..

It has been reported that the attack was to target intelligence community and browser that support chinese character encoding. However, despite the drive by attack, the malware was remvoved by the attackers to thwart tracing the source code. What does the state sponsored attack from China stand to gain? What is the Council on Foreign Relations really about?

An interview on the talk show of Alex Jones and Dr. Steven Pieczenik said it best when he mentioned that brain power of the CFR and what mass destruction it has orchestrated.

The Council On Foreign Relations [CFR]: Transmuted Into The Center For Retirement of Crooks, Corporate Misdeeds and Intellectual Wastrels [CFRCCMIW]

Dr. Pieczenik finally resigned from the CFR last year 2012 saying nore dues, nor more looks, more retired has beens dirty books. The CFR aka Secret Government making decisions and actions that later turn into 9/11 or some cooked up story of capturing and killing Bin Laden in 2012 after he died in 2001. According to the article this defunct brain trust has been perpetrating crimes for a while and view it as success. So maybe just maybe someone from China heard the interview between Alex Jones and Dr. Steven Pieczenik …..no. I am sure that whatever course of action was demonstrated on the 26-Dec-2012 was an attempt to throw salt in the eyes of the corrupt and secretive government that Dr. Steven Pieczenik talks about in his article.

Anonymous #Project Mayhem 2012 – Is it going to happen?

Well earlier this year it was reported that Anonymous was going to hold the world’s governments responsible for their wars, greed, poverty, hunger, and failure to unite people and live in harmony. New flash Anonymous, you cannot please all people all the time and there will be no peace on earth until Christ returns. So why your ideals are good and means not good, there is nothing new under the sun.

Our question now is on the eve of December 21, 2012 will Anonymous do the following as they said they would and make all elected officials step down? Have they been hacking and social engineering their way into their lives for the past two years unsuspected by their own? No security detail, software solutions has seem to pick up on this if it has happened at all. Is Anonymous a real big paper tiger?

We shall see, as the clock ticks. Tic toc . Well we do know it is December 21, 2012 somewhere around the world and we are still here and I do not see any coup attempts any where else in the world.

#Project Mayhem 2012



SCADA Systems Vulnerable – WORLD WIDE

This article that was produced by SANS Newsbites stated that

Using information obtained online, hackers gained access to a New Jersey company’s internal heating and air conditioning system. The attackers exploited a backdoor in an older version of the Niagara AX Framework software, which is used by many organizations, including the Pentagon, the FBI, and the Internal Revenue Service (IRS). They were able to view floor plan layouts of the office. The “Niagara control box was directly connected to the Internet with no … firewall.” The incident was revealed in an FBI memo that was recently made public. The breach occurred in February and March 2012.

Read it here

Having some device facing the internet without a firewall is just plain stupid. What happened should have happened. Now maybe the company that suffered will learn to spend money on IT security measures. My advice is to have all systems offline with access unless physically on site. Unless there is some feature required to mediate catastrophic event, then create a VPN and make that as secure as possible.

Hypothetical DDoS – (Part 1 of 2)

The Yourtown University campus had on site computer labs to offer the local attending students. The University offer many supporting services for their students as they progress towards their degree. During the 2011 spring enrollment the web based class registration system had suffered a DDoS attack. The University network team found that the attack originated from the inside. The following explains how the attack occurred and the countermeasures required to circumvent this in the future.

Early in spring 2011 enrollment for the new term, Yourtown University online class registration system was not available during business hours and often into the evening hours. The IT Dept. had investigated the first week and determined that the web server kept crashing. Every few hours they had to restart the web server to recover the web services for online registration. An investigation had begun to see if the IIS server was failing from a bug or a patch. In the next week to follow the web server started crashing more and more and the outages started to increase. The network administrators had been capturing traffic during the first occurrence and noticed that there was a sniffer on the network in promiscuous mode listening to all traffic. They not only noticed one sniffer but multiple sniffers in different Computer Lab networks across campus. A decision was finally reached that someone had placed software based sniffers on different lab computers and was using an email relay service to send captures to a cryptic labeled email address.

During the next phase of the investigation the network administrators had tracked down the computers with the sniffers and removed them from service for analysis. The forensics team had discovered that the computers had as netcat installation on each box in the default admin share that allowed remote control of that computer. The attacker had gained access to the administrator username and password. The netcat server acted as the terminal server allowing more scripts for DNS poisoning and programs to be dumped on the offending machines. They also found a stripped down packet capture program that captured traffic and emailed text files in increments of 1.5 megabytes. Once the attacker could load files on the computer he had sent bots out that would send smurf attacks with the return answer to the class registration server. Also they discovered remnants of the Low Orbit Ion Cannon used for stress testing network devices.

Yourtown University called on the help of their super star student Kevin Pescatello to assist in providing countermeasures to safe guard against this threat from occurring. Kevin’s experience with the Trustwave NAC device came to mind and suggested the purchase will return the investment in up time and reputation of the school. It will allow the students to sign and purchase and pay for classes more consistently. This device performs network admission control and can be used on both hardwire and wireless networks. The device capitalizes on some unique processes that are under patent. The setup is to place the device on one the core switches and have it managed by one port while monitoring all the vlans in another port. Preferably two ports for monitoring that also allows mirroring and being inline like an IPS (Intrusion Protection System). One of the key features of the device is its ability to counter network traffic with a man in the middle attack (Trustwave, 2012). When a user joins the network they have to sign in and get scanned for compliance for antivirus and that updates are turned on. Once they meet those requirements and they can successfully log on. This allows the policing of the internal networks and reduces internal threats. The network administrator can customize the logged in profile to monitor each machine for more than twenty connections and for the number of devices they are scanning to be no more than ten. When these thresholds are met and exceeded the network admission control device steps in and moves the user to the underverse. In the underverse there is no Ethernet or internet. The violating user remains isolated for a period before being allowed to authenticate and play nicely. Notably, there is a feature called deception. Once deception is turned on the end user that scans addresses has his requests intercepted by Trustwave NAC and there is no response. The attacker’s goal is thwarted.

Yourtown University has contracted out with Netwerk Guardian LLC to install and train the network staff how to use such a device. This cost will be budgeted for in the next fiscal year. The return on investment as stated prior is continued uptime for network resources, reputation, and the lower administrative cost for IT and bursar’s office. This device will authenticate each student and make known who is coming from where. There are many features that are rather technical that describe what attack vectors can be thwarted. Among include DDoS, smurf attacks, IP spoofing, man in the middle, port scanning, and sniffing. Most of the aforementioned attack vectors or a variant was used in this incident.

Kevin Pescatello Earn’s His CHFI v4

Netwerk Guardian LLC is please to announce that Kevin Pescatello has added another skill set to his arsenal. February 6, 2012 Kevin earned his CHFI (Computer Hacking Forensic Investigator) certification. This test proves mastery concerning digital evidence, laws, ethics, and the first responder actions required to seal the scene and more. The test covers hardware and software data acquisition and analysis. Something that is not for the weak in discipline to endeavor. This adds more knowledge to how the world of IT is evolving and the threats on the horizon.

The carnage that is going to spew forth in the year 2012 will be lead by the influx of data. CHFI are a sought after resource to handle the influx as the world and the war between good and evil carries on. The DHS, NSA and CIA are to bolster their ranks with new hires.

Biased and Fabricated News Reporting?

Recently I cam across an article that seems to put a few things together in light of recent events. Remember when bills were introduced and backroom deals made over Cap and Trade and other spending bills? How about the recent post of Obama signing the NDAA 2012 bill on New Year’s Eve from Hawaii? What is the news media doing about the events for reporting? What are they really reporting and can you trust the 6:00 PM news? I though news was fair and unbiased, calling it right down the line?

A new link to a resource has reported that a lot of wars and incidents have been manufactured and without need. Some European friends of mine think that the wars are driven by greed or control of resources that lead to money. (2nd Irag War). The recent SOPA and PIP bills further demonstrate the weakness of those currently in power over the masses as they revert to doing away with constitutional freedoms. (Agreed piracy is bad thing and you should buy stuff) Something our forefathers did not want to see happen. Obviously the current administration and some legislators are sick of independence and want even more control. It’s this battle that is going to blow up in the face of those wanting bad change. Recent hacking events world wide lead me to believe that hacktivists do not tolerate this behavior. I fear 2012 will have far more reaching hacks which the gov’t might retaliate with far more restrictive laws.

Instead of listening to me babble on, please watch this clip and decide on your own how the picture if forming. I have the answer to the last days but will not post that here as that might be too much information for the weak at heart, earth bound, folks. I don’t know a day or hour I just have a good feeling about the big picture, the events leading up to it, and the personality of the Creator. Just focus on world events and the power struggle of the haves and have nots. Connect the dots and you will see something incredible. If you were not earth bound you’d have sight beyond sight into the things to come.

Media Reporting Fair and Unbiased Information?

So how does the mass media networks incorrectly report news on many occasions? Better yet why? The truth of this incorrect reporting was recognized by the audience or photographers as well as other people in the news industry. Check out the following linkFox News Fakes Moscow Protest. So what is really the truth the news as it is reported and recorded in history books or is it what really happens if you do not see? Also, look at the following link and decide for yourself

The reason this story is making my blog is the information that is being passed around and the responses to that information. What will those responses be like what form will they take? Recent events such as the signing of the NDAA 2012 bill on New Year’s Eve by Obama, and the push for this SOPA bill to be passed backed by Viacom CBS. Both of these bills seem to have a spin on them that the mass public will not accept. Both bills seemed to push the envelope and overstep the bounds of government in trying to correct problems. The reaction to this could be additional hacking events occurring at different companies around the world. The government is trying to get a handle on all these recent hacking events by controlling how the Internet is seen and used. This control can be an infringement of the first amendment right to free speech. The consequence of this bill will go far past controlling what is being uploaded are downloaded. It is also going to introduce censorship.

In addition, looking at the events of taken place over the past six months where you see banks crumbling and economies crumbling all over the world and it is all moving to push a one-world currency. The big picture is that the bailout of Wall Street the bailout of the companies that normally does not take place. In this capitalist society, money has shifted from the taxpayers to banks and government. The big picture says that this is supposed to take place and that big picture is far beyond the scope of what earthbound people can see and understand. The bigger picture shows the endgame happening in the near future. In order to get to that point, the events that are happening now must occur unfortunately. I would not like to see these events occur and I will do everything in my power to stop this from happening such as advising you with this blog. The passing of the SOPA bill should not occur and the NDAA 2012 bill should have been reported with better articulation so there is no question as to the coverage of the bill.

Looking at all the information that you see here do you think you can see where the United States economy is going, the direction of this government and what the effects will be? I am very surprised that businesses and investment firms can crumble and be bailed out. If this had occurred in 1988 it would not have gone very far in fact it probably never even when of occurred. Reason being is that in the me decade it was growing economy. When a bank or company that does not know what is doing would crash and fall by the wayside it is acceptable for that to occur. It no longer functions correctly to be able to compete with competitive products or services. Simple economics.

I suspect more hacking events to occur in 2012 and I expect when government will try and do some control on a technology it does not understand. Google, Twitter, and Facebook are thinking about pulling the plug for one day just to give the world a taste of what would be like if the SOPA bill is passed in the government continues down this path control.

If you care, if you want to make a difference, then you can. Contact your representative or senator for your state and let them know by phone call or fax that you do not agree with the SOPA bill and that it will do more harm than good. Please pay attention to what is going on in your world and not watch reality TV because we have enough drama going on in this country that you should never to watch another TV show except for the news ever again.

Reading is fundamental and it empowers. However you have to find a trusted source and hunger for the truth.

John 8:36 So if the Son sets you free, you will be free indeed.