yashrajkakkad Posted January 16, 2016 Share Posted January 16, 2016 I am supposed to participate in a science exhibition where I have to prepare a static/dynamic model on IT/Cyber Security. In other words, I have to find a gap in this industry, fill it and present it accordingly. So what do you think can be a good idea for this exhibition? Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 5, 2016 Share Posted February 5, 2016 There is a "gap" which no one as of yet is focusing on. Security systems for buildings, swipe card/chip access to authorise entry into a particular office or secure location. It is possible to infect a persons swipe card using a magnetic device reader/writer with malicious code that will pass onto the security system that the infected card has access to. This can do multiple things depending on what the "attacker" is really after. First off, it can pass the attacking code via the infected card to the security system of the building and tell the system to either disable access to one or all users, allow access to everyone or a particular person and even be used as a means to pass on the malicious code to other users of the same system (building) that are swiping or inserting their cards into. The code can then pass on and continue infecting other building's security systems until it reaches it's intended destination (building). At which point the malicious code can take effect and cause all kinds of havoc, especially if the security system is linked into the network of that building... It can steal information, change routes for specific traffic in the building to point to a purposely built "system" or web site to retrieve certain users passwords for whatever it is they wish to impersonate. This can easily be done by simply changing a computers DNS server address to point to a DNS server that has been crafted to re-route the computers DNS query to another infected system. That method is mostly used because of the lack of security checks any computer or network device uses when allowing a DNS change to occur. There are other ways to manipulate any computers internet (or local servers) traffic, which involve adding false/fake ARP entries into the O/S to route traffic to another source or even just to stop a user from accessing a particular site/service. The problem with building security systems (which control entry) is that they do not do "virus" checks, they are not updated frequently and have the coding checked by professionals, so they are a prime target of tomorrows hacker/attacker. All that is needed for this to work, is a similar security system or source code for that system available to you, so that you can figure out how to inject your malicious code or even what commands to issue via the magnetic code to allow or deny access upon swiping. I won't go further into this, but it is most definitely the "gap" with I.T. & Cyber Security. Let's just say this has already been done and proven... The security experts need to be trained & updated on this new threat... so far.... no one seems to be looking at or even thinking about it as a vulnerable entry point. Just an FYI: Did you know that humans can be controlled (altered) to some degree using part of the electromagnetic frequency. Humans have no defense against this, apart from sitting in an armoured vehicle or building designed to absorb this kind of an attack. We use this type of technology to purposely incite anger, violence, fear or confusion in either an individual or even a group of people. The affected person(s) will not be able to "hear" or "see" this attack, they won't know what's going on, we can even force them to the ground or make them become violently ill, even temporarily disrupt the signals coming from the brain through the spinal cord to disable them or kill them depending on our goal. There are some experiments going on in different parts of the world at specified times to see just how much we can affect the general population, to alter the way they think to some degree, using a much larger "machine" from either above or most commonly below the ground of the areas we want to affect/study. Link to comment Share on other sites More sharing options...
Sensei Posted February 5, 2016 Share Posted February 5, 2016 The Angry Intellect, is there a thing that you *really* know? I bet, if I would ask you to write DNS server C/C++ code, you would not have idea where to start.. Show me how are you making TCP/IP tunnel in C++ for a start.. Building magnetic card reader should allow only as much characters as is needed. Which means sending entire source code is not possible. Some badly designed systems might exists, but are minority. As it's easy to spot issue. Jumping from building security system to intercepting DNS - ridiculous. Link to comment Share on other sites More sharing options...
CharonY Posted February 5, 2016 Share Posted February 5, 2016 I doubt that is a card reader around that would do that. There is simply no point to make it more sophisticated whilst introducing vulnerability. Well, unless the reader was designed for something else and is just being used as dumbed down version, perhaps.. There are vulnerabilities to exploit, of course (esp. in cases where there some sorts of master keys put in). But it is a very different beast to actually introduce code is something else entirely. Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 5, 2016 Share Posted February 5, 2016 (edited) The Angry Intellect, is there a thing that you *really* know? I bet, if I would ask you to write DNS server C/C++ code, you would not have idea where to start.. Show me how are you making TCP/IP tunnel in C++ for a start.. Building magnetic card reader should allow only as much characters as is needed. Which means sending entire source code is not possible. Some badly designed systems might exists, but are minority. As it's easy to spot issue. Jumping from building security system to intercepting DNS - ridiculous. You never cease to amaze me, always talking about unrelated crap. The virus has already been created and tested, to show people that it is easier to do than you think. In the test, this particular person was able to infiltrate the security system and successfully spread the virus (malicious code) to other systems that came into contact with an infected swipe card. I can sit outside your house right now and "hack in" to your current modem/router and poison your ARP cache with false entries that redirect traffic. I can also send out a spoofed DHCP response to "update" the DNS server address of any device connected to your network which will point it to a DNS server controlled by me, where I can easily change the IP that a site like "Google" points to, which will make your computer visit the "Google" site on the system controlled by me, with a false web page that looks like the real thing, to obtain your information. The same can be done with banking sites, fake ones can be setup to have you enter your login & password information and capture that for later use. Nothing I mentioned is "ridiculous" - It has already been tried & tested, some of it in use by "hackers" and certain governments around the world and has been for many years now. You really do never cease to amuse me with your comments on anything in the forums, you ridicule others feedback without even understanding what is possible or had already been done, you have no prior knowledge on the subject but continue to say "I know C or C++ so I know everything". Programmers don't use C or C++, they use a combination of different programming languages available depending on the application. You would know this if you were a programmer as opposed to someone who might be "studying" it in a course. You're awfully full of yourself and contribute nothing to any of the threads posted by others. I hope the moderators can see this and your consistent "attacks" on me or others. I offered the original thread creator an idea as to what they could use for their project, and what I said is factual. I'm taking a wild guess none of you actually read scientific reports or tests that had been done, you can literally search for what I'm talking about and may even find a video of the person that successfully conducted these kinds of tests on security systems in buildings. Don't take my word for it, since it clearly means nothing to you, go look for yourself, please... Get to know what's possible first, learn the subject before responding to something, check to see if a study had already been done or if anyone had constructed such an experiment in relation to the subject that I am referring to. Don't just comment for the sake of commenting. Edited February 5, 2016 by The Angry Intellect Link to comment Share on other sites More sharing options...
Strange Posted February 5, 2016 Share Posted February 5, 2016 Security systems for buildings, swipe card/chip access to authorise entry into a particular office or secure location. It is possible to infect a persons swipe card using a magnetic device reader/writer with malicious code that will pass onto the security system that the infected card has access to. Do you have a reference to more information on how that can be done? Did you know that humans can be controlled (altered) to some degree using part of the electromagnetic frequency. Humans have no defense against this, apart from sitting in an armoured vehicle or building designed to absorb this kind of an attack. We use this type of technology to purposely incite anger, violence, fear or confusion in either an individual or even a group of people. And, although it is off topic, do have a reference for this, as well? Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 6, 2016 Share Posted February 6, 2016 Hi Strange, I do not have direct links or references for this particular piece of information regarding building swipe card access & the ability to infect it. However I am checking through the internet to try and locate the person who had originally proved this, I believe he even filmed it and explains what he did and how it could be done to other systems. Once I locate this I will post the link so that others can view it, the difficulty of locating such a piece of information that is not common or general knowledge is because of the fact it is so "new" there are very little or no sites with this information, however I asure you it is a real threat and had already been done as a demonstration, I will locate it, it's just taking me a little while longer. As for the references to the technology used to "alter" a person, this is not something I heard about, this was something I used to do as part of my role in the Army, Royal Signal Corps - Electronic Warfare Division. You may be able to locate some information regarding this online, but it is not something that I will provide any direct links or references to myself. The search terms to use would be something to the effect of "Electronic Warfare" "affect humans" "disrupt thoughts" "disperse crouds" etc. However you will not find some of the information I am talking about on any web sites in relation to some of the technology used to alter humans, I apologize that I cannot provide more information on the matter, just thought I would share this with everyone. If you give it another 30 or 40 years, it will become public knowledge, unless someone leaks the information to the public before hand. And as usual, I can see that Sensei is about to post something trying to contradict what I say or offer up another challenge, he never gives up, silly Polish man. Link to comment Share on other sites More sharing options...
Sensei Posted February 6, 2016 Share Posted February 6, 2016 (edited) 1) You're not doubt very articulated person. Which suggest that you're rather humanist than logically thinking mathematician kind of people. 2) Showing that proprietary security system of particular company has been compromised, does not mean entire world suffer for this. After revealing vulnerability their authors had time to fix issues. In your ignorance, you're expanding that if some virus existed in the past, it must work everywhere, and forever. 3) You cannot send me any such packet as you claimed, because simply I don't use DHCP.. 4) Intercepting DNS servers, compromising router/modem, replacing DHCP settings, is the easiest way to get in, but it's easy only on paper (that you read about subject). You're making assumption that every body in network use DHCP. That's not always the case. Only ignorant use DHCP. And you need your own *DNS server* (if you're professional), made in C/C++, which will be nothing alike standard DNS server exe (or you simply will have no real time access to what somebody is searching). 5) My "challenges", as you called them, have to show that you just looked up terminology in the Internet, without having the real experience in subject. You refused to perform any of them, because it would reveal my assumption. 6) Challenge (again): which Windows API C/C++ function you have to use for installing key-logger on somebody machine.. ? 7) Making fake banking website is months of planning, testing, and you have to start from creating your own bank account, to see how it even looks like. And replicate every page, every functionality. Claiming it's fast and easy, is ridiculous. Every bank has different security. Intercepting bank login and password, will just show you what money somebody has on it. You won't be able to use them the most likely. There are needed temporary security codes etc. To see what money somebody has on bank account you dont have to get login and password, just search his/her mailing box for per month send bank statement.. Couple banks here is using codes send to mobile, generated during transfer attempt. User has to enter code send to mobile (proprietary app) inside of banking account website. Others have codes on scratch card. Even user has no idea what are they, until revealing code. Try to bypass it. But you have no real experience, so you miss the all details. Mythbusters security system compromise episode: Edited February 6, 2016 by Sensei Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 6, 2016 Share Posted February 6, 2016 Sensei, I'll be honest, I did not read anything you said. After I got to the first part of your usual abuse trying to explain to me that "You're not doubt very articulated person. Which suggest that you're rather humanist than logically thinking mathematician kind of people." I stopped reading. You need to have a better understanding of the English language before trying to insult someone in English. You're missing a few key words, as you always do with your insults which just makes you come across as the exact thing you are trying to accuse me of being. It's amusing. You (as always) try to say that anything I have spoken about couldn't be done, and then when you realise that I do know what I'm talking about, you skip straight to other things like "it would take a lot of time and effort". I know how long something would take, I know what can & can't be done. and you are always incorrectly assuming that I could not infiltrate or "poison" your router because you have DHCP turned off. That is not the method I would use, having DHCP turned on just makes it easier for an "attacker" to locate your routers IP address as it announces the DHCP to all devices. Turning off the DHCP doesn't stop anyone from using 1 of 3 other methods to obtain the routers details and mess with it in some way. You always have a "smug" sounding response to any post I make because you think you have figured out how I would go about doing something, but as always, you are completely wrong in your assumptions. What your trying to do is impress me & others reading this because you post ever so slightly technical information which would suggest you know what you're talking about, but to anyone else with the technical knowledge & experience like I have, what your saying has absolutely no relevance to any part of what I said, you're just throwing out completely random bits of basic computer/software knowledge in hopes of impressing others. The more you post, the more you sound ignorant and in-experienced with the very things you talk about. You also come across as immature, more like a "student" studying these things and like most young people learning something new, they have an attitude problem and a misconception that the basic knowledge you recently acquired translates into absolute understanding of the very subject you're studying or have just completed studying. Experience in the real-world matters. I too could go about reading threads and just copy/pasting information from either Wikipedia or YouTube in hopes of "proving" to the readers that I know what I'm talking about. I don't do this because I don't need to, I know what I'm talking about, I have been dealing with technology for the past 25 years in the real-world, I am CCNA, CCNP, MCITP (various), MCSE, Security+, Symantec, Citrix & VMware certified in multiple areas. I run a few companies, half of which deal with corporate network management, deployment & projects. Another one of my companies provides I.T. Security consulting to some very large firms, we are contracted to fly to different countries to asses a network or to provide counter-hacking and packet inspection/dissection to figure out some serious cases of infiltration. I also spent 6 years working in the Army's Electronic Warfare (intelligence) division. The next time you decide to post anything in response to something I have said, I will completely ignore anything you have to say. I highly recommend others do the same with your comments. I offer assistance and insight into a particular thread that people create, you consistently cut & paste stuff from around the internet and "bullsh*t" your way into a topic. To the moderators that may read this, and also read every other post Sensei makes in response to anything I comment on, is there a "mute" button? Thanks for that Sensei, for the persistant clicks to make all my post show up negative 1, even I don't do this on any of your posts, you act extremely childish. -2 Link to comment Share on other sites More sharing options...
Sensei Posted February 6, 2016 Share Posted February 6, 2016 Thanks for that Sensei, for the persistant clicks to make all my post show up negative 1, even I don't do this on any of your posts, you act extremely childish. Pressing negative vote, means "we don't agree with what is said in post" (partially or totally), without going into senseless discussion "why it's wrong" (objectively) or "why in our opinion it's wrong" (subjectively). (As you ignore any reasonable argument or question. That's not blog, nor preaching zone. It's discussion forum) Reversely, pressing positive vote, means that somebody agrees with post. So far you have 19 negatives. 19 people disagree with you. Something like 16 of them are not from me. Unlike you, I have 390 positive votes. If you would be less "angry" (for whatever reason, you are acting like that), and didn't start with this ridiculous "I am the most intelligent organisms on the Earth", that was deleted and end up in trash, perhaps people would like to hear what you want to say. You missed your unique chance for making good the first impression. Not smart at all.. Link to comment Share on other sites More sharing options...
Sato Posted February 6, 2016 Share Posted February 6, 2016 Do you have a reference to more information on how that can be done? And, although it is off topic, do have a reference for this, as well? I'm not sure of the details in the case The Angry Intellect is referring to, but it reminds me of another security vulnerability that allowed hackers to manipulate city databases with their license plates. Their city's system involved street cameras taking photos of speeding cars, isolating their license plates, and extract the plate codes using an optical character recognition system. Not many details, I imagine it would then store each plate code/number in some variable, say, CODE, and send a command as follows to the database: SELECT first_name, last_name, address, license_status FROM plates WHERE plate_number=CODE to retrieve some information about the car owner. Using that information it'd do whatever's relevant like send a notification to the local traffic court and insert a record into the ticket's table of the database. What the hackers did is put something like "59bb1; DELETE FROM plates WHERE plate_number=CODE", or something similar on their license plates. The system would scan it in and run the selection command followed by the deletion command and erase notice of the violation. The details are probably different and my SQL is a bit rusty so.. excuse me, but I think that's the gist. I imagine something similar could be done with an RFID card, if the system checks the extracted code against a database. Even if the access code extracted is some number, not allowing strings of commands, they're probably embedded systems, largely programmed in low-level languages requiring manual memory management. This makes it sometimes easy for a "memory" vulnerability to slip in, where one might, for example, add a great amount more data to the card so that the data spills over into unsafe territory, where some of that spilled over data contains executable "shellcode' that'd be run along with the program. So, there are lots of ways like this it might be able to happen. Note, it's particularly easy to prevent that SQL command problem (SQL injection), you just cut out or replace any special characters given in user input, before you use them to form a command. 1 Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 6, 2016 Share Posted February 6, 2016 Sato, you are correct. The method this particular person used was almost exactly that, causing the system to retreive extended data/code from the card which "overflowed" into the systems memory, as to the exact code he used or how he knew the system would then process that memory and treat it as a command is not exactly known to me, but I know he did it and it worked, he did document this "trial" but I am having difficulty in locating the original footage or even any information relating to it. As for you Sensei, despite getting slightly confused as to exactly what I am talking about and offering information to try explain to me or to disprove what I was talking about, the information you responded with was correct, it has always been correct for what it is your talking about, but I believe you are missing the point with my posts, for instance with the different hardware available for a computer, I did not say there isn't thousands of devices, of course there is, many different brands and types etc. But what I was getting at is all these different brands and versions use a base design and very similar chipsets which are all made by only a hand full of companies. Using the driver from the "chipset" manufacturer would always work, even for hardware accelerated video etc. For example, If you purchase a Gigabyte video card, you do not have to use the Gigabyte supplied (customized) driver for that particular video card to work properly, including with full hardware acceleration. You could just use the NVidia or AMD generic driver directly from their web site to make the card work, it is also the same driver (installer) that would make almost all their other models work as well. Same with the motherboards, it doesn't matter what brand you use or what version/revision of their product, to enable the O/S to use all the on-board chipsets and thus hardware acceleration or correct CPU microcode, you can just install the AMD or Intel chipset driver (since that accounts for about 95% of all the boards). There may indeed be trillions or zillions of different devices available, but the underlying hardware design and chipsets that make them function mostly come from a small hand full companies, and with just a few different drivers, you can make all of them function properly. When making universal "Apps" for Windows 10, the developer does not need to know about all the different hardware types or configurations to have their App work, Windows it's self takes care of that and directs the output to the correct device. This will be true on all Windows 10 devices, despite what hardware the system runs on, the "universal" developed App should still work, even if the performance is lower. As for the my original thread that I created which immediately got "negative" or hasty feedback, that was all part of the plan, before I even posted it I already knew exactly what to expect and what certain people would say, even up until this very post I am doing right now, the way you and certain others responded despite what information I posted that was all true, you would disagree with it for some reason or another. From the very start of my first thread & posts to this exact one I am doing right now, everything has gone exactly as I had predicted. I did so as a demonstration for other people that are sitting with me here in this room. It may annoy you even further by visiting my blog now and seeing what I put up there the other day, but it was all part of a demonstration, an experiment which has gone precisely in the direction I knew it would. I started that thread and said the things I did for a reason, of course the first thread is not true, but I knew it would affect others and would continue to do so any time they saw me either create another thread or even comment truthfully on other peoples threads. I wasn't "trolling", I was just talking, and depending on the way I talked initially on the first thread, would depend how people react to anything else I had to say from then on, even if what I was talking about was perfectly true and accurate, certain people would continue to argue or come up with any reason they could to not agree with me on the subject. So for that Sensei, I apologize to you. Even though you go off in a random tangent and off topic, it's not your fault, you simply can't help your self around me, this is the reason for the initial demonstration or "test" thread. It's good to see you have a sense of humour, your private message response to mine had everyone here in the room laughing, nicely done! Link to comment Share on other sites More sharing options...
Strange Posted February 6, 2016 Share Posted February 6, 2016 (edited) I'm not sure of the details in the case The Angry Intellect is referring to, but it reminds me of another security vulnerability that allowed hackers to manipulate city databases with their license plates. Their city's system involved street cameras taking photos of speeding cars, isolating their license plates, and extract the plate codes using an optical character recognition system. Not many details, I imagine it would then store each plate code/number in some variable, say, CODE, and send a command as follows to the database:... Reminds me of: https://xkcd.com/327/ I don't doubt this is possible with ID cards. I was just interested in the details. Edited February 6, 2016 by Strange Link to comment Share on other sites More sharing options...
The Angry Intellect Posted February 6, 2016 Share Posted February 6, 2016 (edited) Strange, I'm going to give up looking for this now. I have searched through so very many web sites and search engines using different keywords all to no avail. I cannot locate or find anything what so ever in relation to the swipe card virus that could transfer into the buildings physical security system and then copy it's self onto other swipe cards. I know it's possible, I saw the guy do it on a documentary style video, he even explained how he did it and why the system would read the information and some how change that data into commands once in it's memory. But for some reason, the video I am searching for or anything like it, seems to be either well hidden or removed from the internet... I know this doesn't sound likely and it's driving me nuts not being able to find it, I spent many hours until this moment when I decided to finally give up. The guy was brittish, and he performed the test (successfully) on a large corporate building somewhere, you first need a valid ID/swipe card, the system must authorise the access to the building, and I can't remember the mechanism behind why it then reads the extended data and translates it into writable code/commands after it had been read into it's internal memory, but I watched him do it and even explain how he did it, but at the time I was just thinking "wow, thats actually possible?", I should have paid a lot more attention, because the video and any mention of it f***ing disappeared from the face of Earth! To pass the virus/malicious code onto other systems within the building, the physical security system had to be connected (which most of them are now) to the internal network or a server. Sometimes there is a separate computer that connects to the physical security access controller and is segregated from the rest of the network solely for ID card management purposes, so in that case all you can do is grant access to other ID cards or stop access, but you would not be able to then take control of any other internal systems. That kind of segregation is happening less & less now as external security & management firms login to the systems remotely & issue new cards or override access, this is what gives rise to the viruses effectiveness, when the system is connected to the internal network. I'm extremely sorry I could not locate the information for you, I assure you it's the truth and did take place as a real-world test, I now have a headache and I am going to sleep, I hate failure, not finding this is literally doing my head in. Edited February 6, 2016 by The Angry Intellect 1 Link to comment Share on other sites More sharing options...
Endy0816 Posted February 6, 2016 Share Posted February 6, 2016 I found where they hack it via the access port. Probably would be an idea to look at the more obscure hacks. IoT vulnurabilities could also be worth looking into. http://null-byte.wonderhowto.com/inspiration/digital-lock-picking-simple-arduino-hack-opens-millions-hotel-keycard-doors-0138312/ Link to comment Share on other sites More sharing options...
petrushka.googol Posted March 7, 2016 Share Posted March 7, 2016 Focus on OWASP security vulnerabilities and load testing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now