Baltimore’s Dispatch System Taken Down

Baltimore’s 911 dispatch system was breached Sunday, March 25th, shutting down automatic dispatching until Monday, March 26th, as well as halting call logs from 9:54 a.m. Sunday to 7:42 a.m. Monday.

A server running the city’s computer-aided dispatch (CAD) system was infiltrated around 8:30 Sunday morning, forcing caller information to be relayed manually for the remainder of the day into Monday. Under normal circumstances, caller information appears on a map and the nearest first responders are dispatched automatically. The attack effectively slowed this process and demanded that call center staff relay this information to dispatchers themselves.

The exploited vulnerability was a port that had been left open after an IT team attempted to troubleshoot a communications issue and in the process made changes to the firewall. City workers were able to take the affected server offline, conduct a thorough investigation, and successfully bring it back online by approximately 2 a.m. Monday morning. Later reports confirmed that the attack did involve ransomware, but neither the ransom amount nor the city’s response to the ransomware has been stated.

-Jordan Sullivan

Sources:

Advertisements

Crypto-jacking on Government Official Websites.

About a month ago it was discovered that there was a vulnerability being exploited on a browser plug-in called, Browsealoud. Browsealoud is a website plugin, developed by the company TextHelp, that adds speech, reading, and translation to websites, in an effort  to help those with dyslexia and other conditions.  Hackers injected a crypto-mining script on a Java file within the Browsealoud library. The script would mine the currency ‘monero’. Since the hackers attacked Browsealoud itself and not the individual websites, all the websites that were using Browsealoud (nearly 4000) were infected.  Some of the websites included  UK’s ICO (Information Commissioner’s Office) and NHS (National Health Service) and US’ federal judiciary. When someone visited a website using the plugin, the script would run and use the visitors CPU to begin mining.

Crytpo-mining is something to be wary about especially with the rise of Bitcoin and other cryptocurrencies. The hackers simply just wanted an easy way to mine more currency for themselves whether or not it was legally. There reason for doing this comes back to the acronym ‘MEECES’ which stands for money, ego, entertainment, cause, entrance, status. The attackers were just looking for some money in this case because as of now it is unknown who injected the script. It was very fortunate, with the information as of now, that no information of the users who used the website was stolen, and only were used to mine cryptocurrency.

Websites now should use more caution when implementing plugins to there website. Every company should have people testing for vulnerabilities within their services and should submit proof of this to their customers. In the future we need to become more aware of ways our websites and services can become vulnerable and the risks we take using them.

– Jordan Disciglio

Souces:
https://viraldocks.com/cryptojacking-attack-hits-4000-websites/

https://www.theguardian.com/technology/2018/feb/12/cryptojacking-attack-hits-australian-government-websites

‘Gray Hat’ Hackers Can Be Good

With the internet becoming available on just about any device one can get their hands on, the incidents of hacking can rapidly increase. Smartphones and computers have been the main devices being hacked by cyberhackers before the internet has quickly become available in other machines and technologies. The vision of the future is seen with flying cars and robots, but these things would have to be connected to the internet to function. If any of these things in the future are connected to the internet, then cyberhackers will have more options of technologies to hack. Devices and machines, like cars, coffee makers, and thermostats were once not apart of the internet and that was a beneficial thing in society. But, vast new forms of technology and electronics that were once around as another form, are now more modern with today’s devices that are connected to the internet. We can easily access our cars, televisions, and thermostats with our cell phones now since they are all connected online. These new ways of interacting with electronics may seem fascinating to many in society but they don’t realize that this only gives hackers more opportunities to hack innocent people and businesses.

In the article, a famous hacker and former cybercriminal, Samy Kamkar, helped demonstrate how easy it is for hackers to gain access to other people’s electronic property, by hacking into a car. First of all, Samy is a “gray hat” hacker, meaning he is a good and bad hacker that hacks into devices to search for its weak vulnerabilities only to share with others his findings so they can patch up those weaknesses. Coming from a cybercriminal to a hacker who helps the world with hacking, just shows how much we might need to rely more on people like Samy. The world is becoming more connected through the internet with normal appliances used by people every day, to being used by hackers as cyberweapons and a new way to gain access to a victim’s wallet. Samy was able to use his own gadgets to hack into a random smart car by duplicating the connection with car’s actual key with Samy’s gadgets to be able to unlock the car. Samy showed that we aren’t taking our security as seriously as we should be. People often have weak passwords that they usually use for more than one of their accounts and devices that create a greater advantage for cyberhackers. I believe the world needs more good “gray hat” hackers like Samy Kamkar that can help teach and show others where there are weak vulnerabilities in smart appliances and devices. The more vulnerabilities that are fixed, the less hacking we will hopefully have in the world.

Image result for gray hat hacker  Related image

Sources: https://www.npr.org/sections/alltechconsidered/2018/02/23/583682220/this-gray-hat-hacker-breaks-into-your-car-to-prove-a-point

https://es.paperblog.com/samy-kamkar-hacker-piratear-es-positivo-la-necesidad-de-entender-al-hacker-para-estar-protegidos-3567883/

http://96eb74f3955cce95f97e138c47dfde41.blogspot.com/2015/03/grey-hat-hackers.html

-Matt Aiguier

Russian Government Cyber Attacks Targeting Critical US Infrastructure

In this modern, technology-run day-and-age, the use of cyber hacking by one nation against another is an increasingly frequent method of attack. The United States Computer Emergency Readiness Team in joint with the DHS and FBI recently released a report outlining specific types of attacks they have identified being used by the Russian government targeting the U.S. government as well as “organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors”. They have also confirmed that these attacks have been ongoing since at least March of 2016.

One type of attack uses spear phishing emails containing Microsoft Word files loaded with a malicious script. These script first installs some credential-harvesting tools like Hydra and CrackMapExec. Then, it attempts to retrieve a file on a server via SMB request. By doing so—whether or not the file exists—an authentication request is typically prompted to the user before continuing. At this point, the script will capture the hash of the user’s credentials, and make an attempt to extract the full username and password using the aforementioned tools installed on the machine.

Another type of attack again used phishing to obtain credentials via a link in a falsified .pdf contract agreement. Users were directed to follow a link in the document to enter their email address and password in order to agree to the service contract. Once the credentials were in hand, attackers used them to attempt to gain access to the internal systems of these important infrastructure institutions. A back-door was installed to allow persistent access, and attackers could then modify firewall settings and Windows registry keys.

The release of this information is significant in two ways. First, it is just another example as to the extreme importance of vigilant cyber security awareness and practice. Both of these attacks rely on the ignorance and thoughtlessness on the side of the end-user to gain access into the system. Whether it’s opening unsolicited Microsoft Word documents or agreeing to unfamiliar (and unofficial) contracts, both scenarios rely on users divulging their credentials without suspicion as to whether the requesting source is legitimate.

Second, it is another example of the changing landscape of cyber security and cyber hacking as it continues to be used more frequently by governments as a weapon against other nations. Now more than ever is cyber security conversation and awareness important for all people as we enter an age of online warfare.

— Brendon Stowe
Student, R•I•T
Web & Mobile Computing


Source:
Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

Self-Replication in Neural Nets

A recent paper from Oscar Chang and Hod Lipson, a grad student and a professor of Columbia University, respectively, has made significant progress in neural network development by successfully building and training a self-replicating neural network.

Self-replicating machines has been long theorized and applied in technological advancements such as polymers and robotics, and despite being widely recognized as a prime objective for the development of a true AI (self-replicating is viewed as a precursor step to reflection and adaptation), no serious progress had been made until 2017 with the development of HyperNetworks. This paper continues a series of meaningful advances in the improvement of AI.

While its yet to have been implemented or public acknowledged as having been implemented, these self-replicating neural networks have the potential to greatly improve the quality of neural networks designed for computer security. The ability to self-replicate and reflect upon the self-replication could allow for much more intelligent and much more resilient defense algorithms, as it may be capable of repairing itself if an adversary was able to alter it or lock itself from being able to alter itself upon a certain condition whilst still being capable of executing.

However, while the results of self-replicating neural networks do seem promising, information regarding their actual effectiveness is scarce. This does raise some personal questions regarding how well a self-replicating neural network could handle a “day 0” alteration through a malicious adversarial examples attack. Either way, the advancement is very promising.

Scott Carlton

Chang & Lipson Paper: https://arxiv.org/abs/1803.05859

HyperNetworks Paper: https://arxiv.org/abs/1609.09106