Cocoa Lounge
[Login ]
0 Members and 1 Guest are viewing this page
Go To Bottom
Printable Version | Subscribe | Add to Favorites  
Author: Subject: The internet is a dangerous neighborhood: Rise of the Hackers
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

[*] posted on 6.23.2015 at 07:25 AM
The internet is a dangerous neighborhood: Rise of the Hackers


Not nuclear weapons, not Weapons of Mass Destruction, but today's biggest threat is the keyboard. Hackers are devising ways to steal our money, our identities, our secrets. Not just lone hackers, but governments are in on it. The following info comes from the PBS program which gave an example of just how devious hackers can be:

A security expert who writes for Wired magazine was hacked. He realized it when his computer asked for a 4-digit pin, which he didn't have. He tried his IPad and it asked for a password. He typed it in and it didn't work. At that point he knew he was being hacked. In 45 minutes, every device, including his cell phone, had been taken over and completely deleted. Emails, pix, everything.

He went online to write about his experience and unexpectedly, the hackers got in touch with him. Upshot was he told the hackers he wouldn't press charges if they told him how they hacked his devices. He'd thought the hackers had brute forced his password with some crazy cracking program to hack into all his stuff, but they said that wasn't how they'd done it. The hackers had found a series of loopholes in the internet which, taken together, left him completely unprotected. Rather than crack his password, they "conned" their way into his security system by making them think an attacker was actually a customer.

How they did it:

A. Find a way to steal his identity from one of his many on-line accounts. Their way in was a simple phone call to Amazon.

1) they gave Amazon a fake credit card number, told them to add it to his account and hung up.
2) They then called back and told Amazon they were locked out of his account and gave them the credit card number they'd just added to his account
3) Amazon then gave them a temporary password to access his account.

With that deception, the hackers now owned his Amazon account.

B. But they didn't go on a shopping spree. What they were after were the last 4 digits of his credit card to pull off the next stage of their con.

1) Looking at his recent Amazon orders, they could see the last 4 numbers of the credit card HE used to pay for purchases.
2) At the time, Apple was using those last 4 digits as an identity verification method.
3)) Using those, Apple gave the hackers a password reset.

They now owned his Apple accounts so they could access pretty much all his digital life.

C. The security expert's Twitter account, the trophy, was next.

1) To keep their trophy, with a few clicks, they destroyed what was left of his digital life, i.e., his computer, IPad, cell phone.
2) They accessed, then deleted his Google account so he couldn't get back in there and kick them out of the twitter account.

They went from Amazon to Apple to Google to Twitter. The hackers knew the security flaws of the internet and used them, one after another to pull off the con.

The hackers? Teenagers having "fun." They didn't realize the consequences to the person being hacked of losing everything digital precious to him (pix) and important.

Note: Those loopholes have now been plugged.

Next up: Governments hacking the computers of other governments (specifically, the U.S. hacking into and disrupting Iran's nuclear facility).




View user's profile View All Posts By User U2U Member
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

[*] posted on 6.26.2015 at 11:40 PM
Stuxnet


Scientists are constantly working to improve the computer. Some are doing it with quantum physics (a mind-blower for us math-challenged!), others are trying to build the world's most advanced computer, etc. Whatever they're working on, they all have a common enemy - the hacker. In terms of government security, one lone hacker at a keyword can wreak the same damage as an army, as a WMD. Steal our money, identity, secrets, foul up a nuclear program, one talented hacker can do it all from his mother's basement. Not to mention government-backed hackers who eavesdrop on an epic level and have the capability even to launch cyber weapons at other nations. Which brings us to:

Stuxnet - The World's First Cyber Weapon


What is Stuxnet? It's a virus, a very crafty piece of malware.
Quote:



Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.


What makes Stuxnet different from run of the mill malware is that it contains a "zero day exploit," a weakness in a computer program or an operating system like Microsoft Windows. A weakness that not even the software maker knows about. It's extremely rare - Microsoft had only 12 "zero days" in all of 2010, and all of them were inside a Stuxnet code. It caught the attention of security experts because Stuxnet's code was written in a strange programming language. It was a sophisticated code and dense, i.e., every letter, number, combination of letters/numbers of the code did something to whatever computer system it infected. The experts who discovered it had no idea what it meant or its function. What they did know was that the code came from a PLC (Programmable Logic Controller). PLCs, some small enough to hold in one hand, are used to program small computers, factory equipment and things like power plants.

Quote:


A programmable logic controller, PLC, or programmable controller is a digital computer used for automation of typically industrial electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures. PLCs are used in many machines, in many industries. PLCs are designed for multiple arrangements of digital and analog inputs and outputs, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed-up or non-volatile memory. A PLC is an example of a "hard" real-time system since output results must be produced in response to input conditions within a limited time, otherwise unintended operation will result.



Every time the virus, Stuxnet, infected a computer, it would start hunting for PLCs. It would "fingerprint" them, then copy itself onto the PLC and just sit there for a while, doing nothing for up to a month, and just "observe" the normal activity of the targeted plant or facility.

When Stuxnet infects a machine (remember, it's a virus), it contacts a server to say it has infected the machine. The experts who discovered the malware watched Stuxnet watching the plant or facility (they traced it through printouts of Stuxnet's codes). At first, they thought the strange virus was some kind of industrial espionage trying to steal design documents from some sort of control facility until they realized.... NOT! Having gained access to the logs of the infected machines (hacked? ;) ) they realized the machines putting out the logs were located in Iran. Stuxnet had infiltrated and was watching Iran's nuclear facility.

Working on the code, the experts found 2 ID numbers which told them who launched Stuxnet at Iran. They're called "magic" IDs. Looking the numbers up (on the computer, of course :) ), they found out the virus was attached to and targeting (and were scared the crap out of the minds and their jaws dropped when they realized it!) a uranium-enriching nuclear facility in Iran. Stuxnet was designed to thwart Iran's plans to make a nuclear bomb. It did so by attacking the facility's centrifuging mechanisms. It would speed them up - the aluminum casings used to separate the elements/isotopes would vibrate so fast they'd burst and shatter - or slow them down to a crawl wherein the casings would begin to wobble fall over.

Quote:


A centrifuge is a piece of equipment that puts an object in rotation around a fixed axis (spins it in a circle), applying a potentially strong force perpendicular to the axis of spin (outward). The centrifuge works using the sedimentation principle, where the centripetal acceleration causes denser (heavier) substances and particles to move outward in the radial direction. At the same time, objects that are less dense (lighter) are displaced and move to the center. In a laboratory centrifuge that uses sample tubes, the radial acceleration causes denser particles to settle to the bottom of the tube, while low-density substances rise to the top.[1]

There are 3 types of centrifuge designed for different applications. Industrial scale centrifuges are commonly used in manufacturing and waste processing to sediment suspended solids, or to separate immiscible liquids. An example is the cream separator found in dairies. Very high speed centrifuges and ultracentrifuges able to provide very high accelerations can separate fine particles down to the nano-scale, and molecules of different masses.

Large centrifuges are used to simulate high gravity or acceleration environments (for example, high-G training for test pilots). Medium-sized centrifuges are used in washing machines and at some swimming pools to wring water out of fabrics.

Gas centrifuges are used for isotope separation, such as to enrich nuclear fuel for fissile isotopes.



Broken own, all hacking is a con. Some are simple, like Jr.Hagler talked about some woman he'd dumped who sent him an email containing a virus. He recognized it easily. Stuxnet, however, is an extremely clever, sophisticated con. Only by accident, almost, and the curiosity and expertise of people whose JOBS it is to detect malware was it discovered.

The information I've relayed here is from the PBS program, Rise of the Hackers. The above, however, is only the first "part" of Stuxnet's con(fidence game). Like I said, it's "clever." ;) Rest to follow. Like most reading this for the first time, it's new, heady and a lot for darn near computer-illiterate me, too!

Stay tuned!




View user's profile View All Posts By User U2U Member
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

[*] posted on 6.28.2015 at 02:29 PM
Second part of Stuxnet's confidence game


The preceding post was only the first part of the con job. I won't go into the details, but the second part came straight out of a heist film. You know how when the crooks have to work in an area where cameras are watching, they hack the cameras and put in old footage of the area. While the security guards are watching the ld footage being run over and over, they sneak in undetected, and steal whatever they want.

The Stuxnet was in a secure facility where everything was being watched - carefully and faithfully - so to infiltrate and do its damage, it hacked the PLCs for the security system. It then patched in fake computer logs while it went about attacking the centrifuge systems (speeding up and slowing down). It was only after the virus had completed its damage was the damage even discovered. In short, while Stuxnet was making the centrifuges spin at dangerous speeds, it was playing back old data on the facility's security computer logs, saying everything's normal.

However, the 'best' trick Stuxnet played on the security system was to guard against someone reading the computer logs, realizing something was wrong and trying to shut down the system before it could complete its damage. In anticipation, Stuxnet had infected the "shut down" PLC, thus when the "shut down" button was pushed, nothing would happen. The virus could continue mucking up the centrifuges without interruption. As a result, Stuxnet managed to ruin or destroy thousands of Iran's centrifuges and set back its uranium-enriching program by months.

Question: Who built Stuxnet? No nation has admitted to being behind a virus to stop Iran from enriching uranium with which they could build nuclear WMD. :whistle:

Stuxnet has opened the door to cyber-warfare. Nation to nation cyber-warfare that can control computers AND weapons (you press a "button" to launch a drone, ok?). Like no one knows.... for sure.... who built the virus Stuxnet, in today's digital world, no one knows who is hacking whom - disgruntled girlfriends, teenagers in their mom's basement (think of the movie "War Games"), criminals or governments. Which is why there is a whole new industry of people being paid by private companies and governments to seek out, guard against, and stay one step ahead of "the rise of the hackers."

Reads like a spy thriller, you say? Well, hang on. It's going to be a bumpy ride cause you ain't "read" nuthin' yet! ;)




View user's profile View All Posts By User U2U Member
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

[*] posted on 7.6.2015 at 12:40 AM
Encryption - codes and code-breaking


A definition of encryption which will be referred back to throughout the discussion:

Quote:


Encryption is the process of encoding messages or information in such a way that only authorized parties can read it.[1] Encryptiondoes not of itself prevent interception, but denies the message content to the interceptor.[2]:374 In an encryption scheme, the message or information, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted.[2] For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorised interceptors



Almost everything we do today uses a code. Every time you log onto an internet served like Twitter or Facebook with a password, or do internet banking, all that info is protected using an internet encryption (the encryptions are encoded in a series of numbers).

Quote:


encryption is the process of encoding messages or information in such a way that only authorized parties can read it.


Everything we do on the web is encoded by an encryption which is a "prime" number like 3, 7 or 13, 51, 35, 19, etc., numbers that can only be divided by themselves and the number "1". What makes them important to encryption codes is that when you take 2 prime numbers and multiply them together, you get a number called a "semi-prime." What's interesting about semi-primes is that it's really difficult to calculate/figure out the 2 numbers that could have been multiplied together to form them to get back to the original values/prime numbers.

11 X 13 (2 prime numbers) = 143. If you are given the #143 and told to figure out the original 2 prime numbers that formed it, the only way to find them is by trial and error. For ex., what are the 2 prime numbers that when multiplied together equals 143? 11 X 13 is easy to multiply, but hard to go backwards (from 143) and figure out the multipliers. This is the key to many internet codes. You can make a big semi-prime quickly, but to figure out the 2 primes it's made of takes a very long time. Easy one way, very hard the other.... or easy to multiply; hard find the multipliers. And the bigger the sum of the 2 prime numbers (like 1109 X 1327 = 1471643), the longer it takes.

According to 'Rise of the Hackers', it takes mere seconds to multiply 2 primes, but depending on the length of the semi-prime (could be hundreds, even thousands of numbers), finding the 2 primes could take thousands of computers millions of years to find the 2 primes that multiplied together, make up the semi-prime. For instance, 47007055167772603 is a prime number. It can be divided ONLY by the number "1" and itself (47007055167772603 ). No other 2 numbers can be multiplied together and get that figure.

Same for 18849555921538807.

Now multiply them together ....47007055167772603 X 18849555921538807.... and you get a semi-prime in the ka-ZILLIONS!

When we buy something on-line, an on-line store's website will take 2 secret prime numbers and multiply them which will result in a big semi-prime number which, in turn, is used to create a PUBLIC key. The website then uses this key to scramble your credit card data, encrypting them before they travel from your computer over the internet. If someone hacks that data in transit, it's meaningless. They can't UN-scramble your credit card info unless they know the PRIVATE key which is based on the original prime numbers assigned it. This key is private and secure, for as the narrator says, it would take longer than the age of the universe to figure it out. Again, easy to make (just multiply 2 prime numbers), but hard to figure which 2 prime numbers were used. It's like scrambling an egg - easy to scramble, but hard to UN-scramble.

This system of encrypting was created by, of course, 3 mathematicians and named after them - the RSA Algorithm, i.e., Rivest, Shamir and Adleman (RSA).
Quote:


Algorithm: A formula or set of steps for solving a particular problem. To be an algorithm, a set of rules must be unambiguous and have a clear stopping point.

Quote:


In an encryption scheme, the message or information is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm.


Quote:


RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key (NOTE: this is the PRIVATE key) which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who first publicly described the algorithm in 1977.

A user of RSA creates and then publishes a public key based on the two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime numbers can feasibly decode the message


Interesting. The definitions pretty much describe everything the program said.... which is a good thing ...lol. Continuing:

Without the RSA, internet banking, social media, nothing would not work... well. Our info would be too easily available to any hacker who wanted it. The RSA is designed to hunt for very large primes. The largest semi-prime created from these primes takes up 5,000 pages, i.e., 17.5 MILLION digits, divisible only by itself and the number "1."

Bigger computers, however, are being built to crack the codes (the big semi-primes). So far "honest" folk have stayed ahead of the crackers but - what one man can do, another can undo.... eventually. At any rate, we don't have to worry about the average hacker. However powerful PCs are today, they can only process one computation at a time (thousands of computers taking longer than the age of the universe to crack one of the big semi-primes, remember?) Thus, no fear - AT PRESENT - of your encrypted info being hacked.
Quote:


It is in principle possible to decrypt (find the 2 primes) an encoded message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required.


There are new computers being built now that harness some of the most complex physics in the universe which when/if realized, can break encrypted codes. But the "science" behind them is as dizzying as the PHYSICS is complex. It's futuristic and as MY physics is not all that hot, Imma gonna leave that portion of the program alone.


pssst! Passwords gleaned by a machine from YOUR subconscious mind, time travel, being EVERYWHERE at the same time, i.e., in the U.S.AND in Ghana at-the-same-time. You know, being in 2 places at the same time. :faint: :lol: (maybe if the program comes on again, I'll tackle it - fascinating if a little :wtf: mind-boggling).


Next up, well, BACK to the future: Stuxnet. You'll never guess what that clever little virus up to now. As we speak.

pssst! Think "Terminator: Rise of the Machines."




View user's profile View All Posts By User U2U Member
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

omg.gif posted on 8.22.2015 at 09:01 PM
Stuxnet has escaped and is in the wild!


Right now, we're in the grips of a new arms race: code makers and scientists - defenders of our digital life, on one side. On the other side, the hackers are becoming ever more devious. It's a battle that's constantly shifting. The greatest danger is from the giant network of inter-connected computers that run the most complex systems on the planet from power grids to water companies to banking, to land and transportation networks. Think about it - almost everything we depend upon is on a computer, i.e., computerized. These are vulnerable in an entirely new way.

There are 3 types of vulnerabilities:

1) people
2) processes
3) technology, encryption)

The most vulnerable of the 3 is, of course, people, i.e., what one human can put together, another can take apart. But the bottom line is that a person can circumvent any security layer by their actions. People are the weak link. Even when computers are cut off from the internet, hackers can find a way to get their viruses inside to introduce malware codes using a USB thumb drive (like the "FixIt" stick costing only a couple dollars). All they need is someone to attach it to a targeted computer. The PBS program gave 2 situations where you KNOW it's real, the truth:

2 Experiments:

1) At high noon (lunch break), a USB with a corporate logo on it was placed it in a public area (park, beach, downtown, skateboard arena, etc). 70 - 80% of the time, someone passing by saw it, picked it up and inserted it into a corporate network - their own corporate work computer.

2) Same time of day: When they did the same experiment with a CD ROM that had the year and pay and compensation tables written with just a sharpie on the disk, they had an almost 100% guarantee someone would see it, pick it up, take it to work, and insert the CD ROM into a computer, thus introducing whatever was on that CD ROM into the entire corporation's computer system.

The narrators feel that it was this (devious) tactic of using a removable USB device or CD ROM that may have launched one of the world's most powerful cyber weapons: Stuxnet.

Starting in 2009, the sophisticated virus, Stuxnet, struck at the uranium enrichment plant in Iran. The plant was in a highly secure environment cut off from the internet, but still vulnerable to someone bringing in a removeable device to the plant, e.g., a spy. They think that with one or more spies, and even some unwitting accomplices (picking up USB's from the ground at a "public place?") that's how the power of Stuxnet was unleashed on Iran's computers. It didn't have to break any encryption codes or security boundaries - once plugged in by a spy or a 'Nosey-Rosey', it sought out the communications capabilities of the network by going from computer to computer until it found what it was looking for, then sending back logs of everything going on while NOT interfering with anything - until it was time to screw up the works. Again, by telling/communicating with the computers that told the reactors how fast to turn the aluminum tubes and telling the computer which controlled the "stop" button to not do anything when pressed.

With all the explanations of how it was done, with all the safeguards its creators, either American or Israeli installed to direct and control the virus, it is as the narrator warns, nothing in the world of high stakes hacking is as simple as it seems for....

Stuxnet has escaped.

It has now been found outside its intended target (Iran). How? Where? No one knows.

Turns out Stuxnet didn't just target machines in Iran or the uranium plant. Stuxnet has the ability to spread to any machine, any Windows machine across the world. It has now infected more 100,000 machines.


Stuxnet was never intended to get into the world; it's purpose was limited to mucking up Iran's nuclear program. But once it did, it demonstrated a level of sophistication and capability that up to that point, no one had taken advantage of. This was truly a digital Pandora's box. Once it was open, you couldn't put the lid back on.

The sophisticated virus/weapon Stuxnet is out in the public domain and now. It offers a blueprint for cyber-warfare. A way to target computers that run machines, to control our water, distribution, our power grids, car transportation systems. In other words, the machines that run our world.

That it has escaped (once its job was done mucking up Iran, "spy" threw the USB into the ocean; it landed on another shore, was lying on the beach somewhere when someone came by, saw it and plugged it into THEIR work computer?) highlights the risks of creating these types of weapons, that they may indeed become uncontrollable and even be used against the nations that developed them.

The program ends with this warning:

There's nothing new about codes and trying to keep secrets, but the advent of global digital communications has created a new battleground... without borders. One where mischievous teens, nation states and organized criminals go head to head as equals. This murky world is set to become the defining battleground of the 21st century.





View user's profile View All Posts By User U2U Member
Tea_Honey
Cocoa Lounge Royalty
********


Avatar


Posts: 25125

Registered: 8.18.2006

Member Is Offline


Mood: One Happy Camper

[*] posted on 10.30.2015 at 10:51 PM
And the beat goes on....


TV News reported that a Chicago company did an experiment, well, they did the SAME experiment as in the OP wherein they left 200 shiny blue USBs on park benches in 4 cities: Chicago, San Francisco, Washington, D.C., and Cleveland.

20% of people who saw them, picked up USB and plugged it into their computers. Most who did so were in tech-savvy San Francisco..... proving that people are the weak link in cyber security.

Now do you see how Stuxnet has traveled the world and is loose in the wilds?




View user's profile View All Posts By User U2U Member


  Go To Top


Powered by XMB 1.9.8 Engage Final SP2
Developed By The XMB Group © 2001-2008
Black Female Celebrities
Modifications installed by XMB Garage © 2004-2008
[Queries: 19] [PHP: 98.3% - SQL: 1.7%]