WannaCry or GoingtoRelax?

On Dealing With Ransomware

A couple of weeks ago, a worldwide exploit stolen utilities from the National Security Agency were utilized to take down literally hundreds of thousands of computers, from hospitals, government, and large corporations.

For days people were freaking out and having a tremendous time securing their networks. Traditional methodologies failed. Traditional thought processes failed.

In the days and weeks since this attack, we have learned much. From the tools they use, to methodology and the exploits.

We Suffered No Incidents

At Triton Technologies, we were not affected at all. Not a single one of our clients’ computers, not a single compromise network, not even a rogue email. Not that we didn’t see a single remnant of it, but our technology, up dates and our near-religious security methodologies protected every single one of our clients.

That’s right, not a single person had a problem: business as usual. Just like with CryptoLocker.

Why We Weren’t Affected

The reason why? The exploits that were utilized by the WannaCry hackers dealt with old and unpatched systems. Every single one of our managed clients and their systems is patched daily and weekly. Every exploit mitigated, and every possible vector to enter into a network patched up.

We understand that has affected many businesses and many small business owners are freaking out. Not us. With the right managed plan and the right technology to head off potential disasters, issues like this will never affect the business. The proof is in the pudding, and not a single one of our clients is worried.

Managed IT services saves you money and protects your data. Contact Triton Technologies today and quit worrying about ransomware.

White Hat Hacking: Doing Wrong to Do Right

Over a month ago, Triton Technologies was given a challenge.

The challenge was simple: break our wireless network and you have our security contract. Sounds great in theory, but in reality white hat hacking is a quite complex method and time-consuming.

Security Penetration: Break Their Wireless Network

We had been trying to acquire this company for years and we knew their shortcomings, insecurity and data protection management. So we set out to do what we’ve been asked to do, break their wireless network.

So in order to protect something, you need to know what weapons your enemy is going to use. If you don’t know, you can’t protect against it and the battle is lost.

Here’s What We Did

Step 1. We acquired multiple Raspberry Pi 3 minicomputers with dedicated external wireless antennas. We installed Kali Linux and Aircrack-ng and linked them all through a cellular VPN to our Amazon cluster.

Step 2. Over a period of days, we captured thousands of packets that were transmitted by or their wireless access points. Utilizing known methods of breach and capture, we captured gigabytes of usable data.

Step 3. Utilizing our Amazon cluster of dedicated CPUs, we uploaded our packet capture data and began to crunch the code to retrieve the wireless information.

Step 4. And we waited. And waited.

Mission Accomplished

We came in over a long holiday weekend and found that the cracking utility found the password. So we drove out to the client, them unaware and we locked into their wireless network gaining access to their entire infrastructure.

A few days later we had a meeting with the client, presented our findings, and they have changed to us their managed IT services.

The Need for White Hat Hacking

What we did was known as white hat hacking, utilizing known methods of security penetration in a controlled environment to prevent any kind of serious breach in the future. This is extremely encouraged by our clients in order to test their defenses and test the reliability and dependability of their hardware and services.

Only Strong As The Weakest Security

Over a period of a few days, we discovered a lazy password methodology, unpatched systems, and that the firmware for the wireless access points was never upgraded beyond their defaults, all making their defeat easier than expected. It also reinforces the fact of having complex and long passwords within systems. You cannot control such as wireless access points or cellular devices. We cannot harp enough that complexity will help in security.

We replaced their wireless access points with ubiquity and are now monitoring their entire infrastructure on a minute by minute basis. Contact us to learn the weakness in your current system and what we can do to help.