by Shimon Sheves | Jul 22, 2018 | Cyber Security
No chance of early release from prison for Konrad Voits, the ex-hacker who hacked into the Washtenaw County Jail to secure the early release of at least one inmate. Voits pled guilty to the federal crime of hacking into a protected computer and is not set to serve a seven-year sentence in prison.
Fake Sites Used to Trick Officials
Voits used a fake website ewashtenavv.org instead of the official website at ewashtenaw.org and successfully convinced country officials to visit the fake site. This allowed Voits to install malware onto computers in the IT department eventually gaining him access to the entire system. Voits was able to access over 1600 personal addresses, search warrants, and the capability to alter jail records to secure the early release of prisoners.
Vigilance and Cyber Security
It was not any sophisticated anti-hacking software that alerted officials to the breach of cyber security at the county offices though. Cross checking release details of inmates against paper records alerted officials to the discrepancy which led to the involvement of the FBI and the eventual arrest of Voits.
How To Protect a System Against Malware
Unfortunately, to gain access to a system, malware must be physically installed on a device. This usually signifies a level of human involvement, to a greater or lesser degree our systems are only as secure as the people using them. A simple one-character change in a web address allowed Voits access to thousands of records. Many individuals are also at risk of hacking attacks and malware intrusions via links sent in emails, od social media and via messaging apps on cellphones. The best way to avoid security loopholes in systems is to remain vigilant, check all links that are visited to make sure they are directing to the correct site and don’t click on anything (link, image or video) that is unknown. For businesses this means having a strict code of online conduct for all employees.
by Shimon Sheves | Jul 15, 2018 | Cyber Security
An ex-employee of Israeli-based cyber-arms dealer and software company has been arrested for theft and attempting to sell a phone hacking tool on the Dark web for $50 million. The NSO Group is a well-known software and cyber security company that specializes in the development of technology that can be utilized in the fight against terror. No stranger to controversy, the company has in the past been accused of selling software that has led to attacks on human rights activists and journalists in politically sensitive regions of the world. Notably, the software was used to target activist Ahmed Mansoor in the United Arab Emirates in 2016.
High-Tech Malware Used to Hack iPhones and Android Phones
The NSO Group provides software to governments around the world that can crack the sophisticated security provided by mobile phones. The software can be used to spy on individuals and organizations, as well as used by law enforcement to stop criminal activity. However, the spy software manufacturer recently fell prey to a breach of security itself when an ex-employee stole proprietary software for the company’s product, Pegasus.
Pegasus, which operates as malware, targets vulnerabilities in iPhones and Android devices. Though both Apple and Google have been quick to patch and fix the supposed vulnerabilities, Pegasus is still considered one of the most powerful spyware software programs available for commercial use.
The employees stole the source code for Pegasus which was NSO Groups most powerful software and spyware. Allegedly, the 38-year-old employee was trying to sell the spy software on the dark web for around $50 million, payable in cryptocurrencies. The company noted that the selling price of $50 million was substantially higher than the regular licensing price of around $1 million per deployment. The indictment was handed down by Israel’s attorney general and detailed the crime by the employee who disabled standard McAfee Security software on his computer and brazenly copied the Pegasus source code onto an external hard drive.
Trying to broker a sale on the dark web proved futile as the potential buyer reported the sale and hack details to NSO Group which led to the arrest of the individual.
What Does This Mean for Cyber Security
Despite selling their own form of hacking software, the NSO Group has always maintained that their source code and software is only sold and used by reputable and approved government agencies, specifically in the fight against terror. The fact that the software could so easily be copied by the simple disabling of an out-of-the-box security program and put up for sale means that even the most secure facilities and systems are vulnerable to attack. Often, security threats stem from within organizations, where ironically, security is habitually the weakest. Making sure that employees and people with access to company software, especially potentially dangerous cyber weapons, is a crucial step in the development of any program. The risk that cyber weapons end up in the hands of people who would use them to perpetrate crimes against humanity is too great to be trusted to an antivirus package.
by Shimon Sheves | Jul 3, 2018 | Cyber Security, NEWS
Zip Slip is the name given to a critical vulnerability that, as the name suggests, is all about Zip files. The massive vulnerability was discovered and researched by cyber security firm Snyk who disclosed that thousands of projects may be affected by the vulnerability.
How Hackers Use Zip Slip
The most interesting (and alarming) thing about Zip Slip is its simplicity. Hackers can create Zip files that utilize path transversal to enable the overwrite of vital system files and either destroy or overwrite the code with potentially malicious alternative code. The Zip Slip vulnerability also gives attackers the ability to execute remotely in part of the system that are used on a regular basis, such as system files and even popular applications used daily.
What Is Affected?
According to Snyk, it is not a single operating system issue, nor is it a problem with the Zip file format. It is a small section of programming that has been repeated across many different projects and operating system ecosystems. Some of the programming ecosystems that have the bad sections include Ruby on Rails, Go, and .Net, however the most severely affected is JavaScript due to the lack of a central library that can offer high level processing of Zip, or archive files. This oversight, the lack of a central library, meant that handcrafted code had to be deployed and this code was shared between many different development platforms. A software library is a small section of code that is designed to work across other software projects. The Zip Slip vulnerability has therefore spread to many programming languages and projects. It’s a multi-step fix: the libraries need to be patched, as well as the software that uses the library.
Snyk has posted a list of projects and libraries with diagnosed vulnerabilities on GitHub and users should check to see if they are utilizing vulnerable software and download the patch to get your system fixed.
by Shimon Sheves | Jun 19, 2018 | Cyber Security, NEWS
Your New Friend Alexa May Have an Issue with Boundaries
Make sure to check your Amazon Echo to find out whether your helpful virtual assistant Alexa is not spying on you. There is no doubt that the dulcet tones of Alexa on the Amazon Echo can be a massive help around the home or office. Popular with millions of people around the world, Alexa is always ready to respond when you call, but recently researchers from a cybersecurity company have created a ‘hack’ that may allow Alexa to be a little too proactive.
Always Listening – That’s the Problem
Alexa is designed to stay in sleep mode, until voice-activated with the command, “Alexa!”. Cybersecurity experts, however, have designed a simple program that forces Alexa to remain always-activated, record conversations and then send those recordings to a third party. The malicious program was camouflaged as an app calculator that is activated when a user opens the app, or tells Alexa to open the calculator app. Once activated, Alexa is always listening, even when you think your Echo is off.
Hacking into Alexa
The device’s inbuilt security protocols should force the program to terminate the session once complete, or to request permission to continue the session. But the hack was able to bypass the protocols and force Alexa to continuously listen and record voices.
How to Protect Your Systems
This specific program was created purely to test the system’s security and was immediately reported to Amazon, which has since fixed the vulnerability. However, it is a sobering reminder of the potential dangers of such a system. What can you do to protect yourself from your Alexa? Just like any other online systems, computers and mobile phones, it’s important to check regularly for malware, unknown applications and small files that you know you did not install. Also, take a look at the little blue light every now and again. It indicates the Amazon Echo is activated. When you’re not using it, it should be off. If it isn’t there might be a problem.
by Shimon Sheves | May 10, 2018 | Cyber Security
While most people do take the time to evaluate videos and links posted on Facebook timelines by their friends, it can be confusing when one receives a link via Facebook Messenger. There is a new crypto-currency virus that is spreading via Facebook Messenger that is specifically targeted at users of cryptocurrency trading platforms with the intent of stealing their access details.
Facexworm – Spread Through Facebook Messenger
The malicious virus which is a Chrome extension first started making the rounds in August of 2017, but it is only in the last six months, with the massive increase in people signing up for cryptocurrency sites that it has become a big problem. The latest iteration of the Facexworm virus has been in circulation for a few weeks and has the potential to cause real damage.
Just one click on the ‘link’ or ‘video’ sent by a trusted Facebook friend will allow the extension to open and start working in the background of Chrome where it is able to unleash the capability to steal account credentials from cryptocurrency trading sites and further misdirect users to fake cryptocurrency sites. It is also able to inject miners into a host webpage to be used for mining cryptocurrencies without the owner’s knowledge. The virus is similar to ‘Digmine’ which was able to redirect users to fake video site with the potential to steal user account information. Once the fake site has the access via OAuth token from Facebook, it has access to all your details and those of your friends list.
Vigilance and Protection
Though Facebook and Chrome have been able to isolate and remove the viruses and put security protection in place, but the most important security measures start with the user. One must always check the authenticity of seemingly random links and videos sent via friends, not matter how enticing and interesting they look. When in doubt – delete the link without opening it!
