Covert Communications: Using Gaming Networks to Plot Terror

With all of the monitoring software that has been turned from legend into fact in the recent years, it can be perplexing that terroist organizations are still able to remotly plan and, as we have seen in recent days, execute attacks on high profile targets. However, officials in Belgum have come up with a way they were able to plan attackes such as Paris: using gaming networks such as Sony’s Playstation Network used on their Playstation 4

This is just the most recent in commercial networks and applications being used to plan terrorist activities. Before the use of the Playstation Network, terrorist organizations have been seen using a mobile application called WhatsApp, which uses the internet to send messages from person to person, and has been shown to be difficult to monitor due to its high traffic and method of sending messages.

The Playstation Network, however, has proven more difficult than WhatsApp when it comes to intercepting terrorist communications, due to their lack of ability to intercept peer-to-peer IP based voice chat. This would mean that a terrorist meet up could happen in something as simple as an online game, and authorities would never know about it.

This doesn’t mean that they haven’t tried to gain legal access to VoIP communications. In 2010, the FBI pushed to have all lanes of communication monitoried, though the FCC had declined to give them access to the network then.

The main issue, however, is beyond the legal scope. While we are able to profile potential terror affiliates based on their internet usage, it is very hard to do so based on their console usage (uless we already know a terror affiliate uses a certain account). This, along with the Playstation Network having over 110 million users (for scope, that would make it the 11th largest country in the world), makes it a really hard field to narrow down.

And that is just for voice communication. If you start thinking about it, there are even ways to conduct non-verbal communication over a gaming network, from in-game destructables to placing items to form words or symbols that could mean something, that would not be traceable later, as they would be reset according to the loading of the game.

With these in mind, communicating over gaming networks may be the next large step in clandestine communications between persons or bodies that do not want anyone listening in to their conversations, as there are currently no real steps to trace anything that might happen there. This could lead to governments and groups not being able to trace the traditonal methods of communication, and increases the likelyhood of an unexpected attack on a high profile target.

-Will G. Eatherly


Daily Mail article on topic:

List of Countries according to population:

Forbes article on topic:


Is your phone really locked?


Recently, new information has been discovered regarding lock screen vulnerability on certain Android products. “Google recently issued a patch for Nexus mobile devices to fix an Android Lollipop vulnerability that lets hackers bypass the lock screen and gain control of mobile devices. However, it could take weeks to months for manufacturers and service providers to roll out the patch for other Android devices.” University of Texas security researcher John Gordon was the person to discover this exposure of information.

Locking methods of the pattern or PIN lock do not provide a text field. The hack needs text pasted into that field to crash the lock screen so the safest thing to do is to use one of those two methods of securing your cell. “Lock screen security in general is iffy, lock screen vulnerabilities happen on all mobile operating platforms,” Lysa Myers, a researcher for Eset told LinuxInsider.

Many owners of these types of phones may ignore this recent news as they fell they have set a tricky password to crack but that is no deterrent to these hackers. “This is a major threat. Even when users feel confident about locking their phone with a strong password, if their device is exposed to this exploit, it does not really matter how strong the password is,” said Armando Leon, director of mobile at LaunchKey.

Overall, it could take many months for most users to receive the patches. As these patches are slowly getting out to the users at such a slow speed there is not any measures in place to stop these hackers from bypassing a persons lock screen and going straight to their home screen. This results in loss of personal data as well as huge inconvenience to the owner.


Lisa Ann Hornak

Visa Exploitation Gang Exposed!!!

FireEye dubbed gang name, FIN5, has been causing headaches by obtaining valid user credentials to exploit their targets.  They created their own malware dubbed RawPOS used to target point of sale machines.  In existence since 2008, FIN5, used target organizations Remote Desktop Protocols, Virtual Private Networks, Citrix, or VNC to gain access to their targets.  All of these things deal with networking computers in some form or another.  The interesting thing about this group is that they don’t use spearphishing or remote exploits.

One tool they use is the GET2 Penetrator.  This is a tool that searches, using brute force, for credentials.  These credentials can be hardcoded or remote access. They also use EssentialNet.  EssentialNet is free tool that scans networks for layouts.  As for the RawPOS malware it contains several components.   Duebrew keeps the malware installed on the machine.  FiendCry scrapes memory to steal credit card data.  Driftwood hides the stolen data from analysis tools.

This software works on a multitude of POS systems and is coded to evolve with new systems.  Something unusual about the RawPOS malware is that it is very well commented.  It is coded in an older Russian text.  Authorities believe this is to make the malware seem a legitimate program and for support as well.  Using Windows Credential Editor and the Active Directory, they access legitimate user credentials.  They also sophisticated tools that erase their tracks.

Among those struck by the hacker group are Visa, Goodwill, and an unnamed Casino in Las Vegas.  FireEye is partnering with Visa to create a threat intelligence service.  It will combat this group and others like it.

to see the full article visit:

-Brian Lustick

How the NSA broke trillions of encrypted connections

As technology has become more interconnected as we have advanced over the years security has become a major issue and many people have pushed companies and developers into ensuring and using encryption and other techniques to guarantee people’s data is safe and secure and only accessible by the people that own it. Diffie-Hellman Key Exchange is a method of generating a shared private key with which two computers can use to secure a previous insecure channel. The Diffie-Hellman Key Exchange method is used by many different protocols to encrypt the traffic like VPN, SSH, HTTPS. To break a key for something like this, which is normally 1024 bits, it can take up to a year and cost millions of dollars, the NSA doesn’t have the money or time to continually crack these keys instead they have just enough time to crack only two. The flaw in the Diffie-Hellman encryption that the NSA discovered that there are two commonly used primes that are used to calculate the 1024-bit key. NSA cracked one key and was able to decrypt two thirds of VPN connections and a quarter of all SSH server globally. The other key they generate allowed them the eavesdrop on about 18% of the top million HTTPS websites. The attack is effective only on IPsec and a fair amount of SSH but not all, PGP and iMessage are immune to this attack. There is also other information backing up this theory of the NSA cracking the two keys, in the files that Edward Snowden leaked there was claims that showed the agency being able to monitor encrypted VPN connections. The research team that discovered this recommend that websites move to 2048-bit Diffie-Hellman keys, but 3072-bit would be needed to be really impervious to this attack and SSH users upgrade to the latest OpenSSH which uses Elliptic-Curve Diffie-Hellman Key Exchange.


By Peter Carenzo

Government vs Corporations: The Battle of Security and Privacy

After Edward Snowden released information that the NSA was tapping into private companies servers and getting their information without their knowledge, corporations have made promises to customers and buffed up security on their servers immensely. Higher levels of encryption, no backdoors, and buffing up servers make it much harder for hackers to break into your sensitive information, but it also keeps the government out.

The United States is currently in or contemplating legal battles with large tech companies such as Apple, Google, and Microsoft to compel them to give them information, break encryptions, or leave them a way in to look at the data themselves. Specifically with Microsoft, the company refuses to hand over data to the government without an Irish warrant because the servers the data is stored in are in Dublin.  Companies aren’t willing to cooperate with the government on this because of the promises they made to their customers and the huge security breaches it could cause leaving possible holes for hackers to steal or tamper with data.

The UK is facing a similar issue where their MI5 is looking for more power from Parliament to keep up with technological advances, and Andrew Parker, Director General of MI5, recently said in an interview that companies have an ethical responsibility to to turn over the information the government wants to them.

Major corporations remain hesitant to readily give over information to the government for fear of backlash from consumers and the fact that the government has not really been truthful with them in the past.  This argument is definitely one that comes down to ethics and we must determine what point we sacrifice too much privacy for the sake of security.  We will have to see what the courts or Congress say on the matter.


– Quinn White