March, 2015

now browsing by month

 

Light It Up Blue – Autism Awareness

On April 2, I will turn the background of the 556 Forensics page blue, in support of the Light It Up Blue autism awareness program that is put on by the Autism Speaks organization.

While I normally don’t get heavily involved with organizations and necessarily outwardly support them, I think autism awareness is a different story in my book. Not only because I have family affected by it, but because the awareness level of everyday people out in the world is so low. I’m not saying that most people are unaware that autism exists, I’m saying that people aren’t familiar with what it is, and how special the people that are affected by it are.

I will provide links below to aid you in discovering more about what autism and asperger syndrome is, and hopefully you to, will have the chance to meet a completely mind-changing person with one of these spectrum conditions.

Autism Speaks – Light It Up Blue campaign

Wikipedia: Autism

Wikipedia: Asperger Syndrome

United States Autism and Asperger Association

National Autism Association

Autism Society of America

Many more pages can be found through a general search through Google and other search websites as well:

Testing a theory – Attempting to troubleshoot a Fedora 21 install

Nothing is more frustrating, than a researcher, programmer, tester, or any other similar position attempting to document a bug, and when attempting to re-create the situation, you are unable to replicate. Testing a theory about a bad installer in Fedora 21 today, and just my luck, I was unable to reproduce the problem I was encountering on my desktop, in my virtual environment.

I spent this last weekend, attempting to install/re-install the latest Fedora Linux release. I have already backed up all my data, and done everything I need to do, in order to prep for the re-install. I figure my situation is not super unique, but probably a little more complicated than the average users’ install.

Read the rest of this page »

Excellent Support and Solutions

Nothing makes us happier than producing excellent support and solutions, whether it be through customers, online, or through open-source information exchange.

Today, I had a question, and I decided to fire-up a link to a very excellent resource at the StackExchange, more specifically, the SuperUser forums at StackExchange. After looking for the solution to my problem, and being unable to find it, I decided to log into my account, because it has been a little bit of time since I last visited the site. I was very interested to know, and open up a link to a previously asked question, and see very nice words spoken about a solution I provided an answer to.

This is what the user said about my response to a question:

I don’t care if you aren’t supposed to put “thanks” comments here, I just wanted to express my thanks and how much time and energy you saved me. Thank you so much! I’m using a company VPN to do some emergency work from a mall and could not get some of our sites working despite everything I thought of trying. I wouldn’t have been able to figure this out on my own, that’s for sure…

 

I have to admit, that receiving some feedback like that, from a user on a public forum was great to hear, and made me feel great about the support and solutions that I was able to provide. I’m very happy that the user found my comment and solutions useful, and I hope to make all my posts be as valuable as that single post was, to that user.

Report: U.S. did carry out cyber attack against North Korea

Source: Yonhap News Agency

According to this report by the Yonhap News Agency, the U.S. did conduct a cyber operation against North Korea, in retaliation for their alleged attack against Sony.

From the article:

North Korea’s Internet connections suffered outages for days in late December after U.S. President Barack Obama blamed the communist nation for the massive hack on Sony and promised a “proportional response.”

If this is true, it is actually quite a scary situation for everyone involved. If you consider that a U.S. company, like Sony, has the U.S. Government to do its bidding for it; it really makes you think. I’m not concerned that that the U.S. has a cyber operations center, we’ve known about it for quite some time; what we haven’t known, is how, when, or why it would lead an attack against a nation. Now we know, all your nation-state has to do, is attack a very large corporation in the U.S. and it will draw the eye of U.S. cyber operations.

What do you think? Do you think the U.S. should launch a full scale cyber assault on a nation because it was behind a supposed “attack” on a large corporation. What is the precedence being set here? If my small business gets attacked by a group in North Korea, will the U.S. launch a full-scale attack against them? What size does my business need to be, where the U.S. government will carry out a full-scale cyber attack against North Korea to defend my business?

CTF: Infosec Institute N00bs CTF Challenge

Source: Infosec Institute

I love participating in CTF challenges, no matter their challenge level, they always help in keeping skills current and fresh in my memory. A new CTF challenge was posted today, for the Infosec Institute N00bs CTF Challenge.

So, without further ado, please see below for answers to the Infosec Institute’s CTF “N00bs Challenge”.

(– SPOILER ALERT –)(– SPOILER ALERT –)(– SPOILER ALERT –)(– SPOILER ALERT –)(– SPOILER ALERT –)

Read the rest of this page »

Follow-up: Healthcare Industry Struck Again

Source: Courier Press

As a follow-up, to a previous article, written earlier today.

Shocked to hear more details about the hack that occurred; ok, not really. As I suspected, the attack came in from a phishing campaign.

Read more details from our own published article here, or from some more detailed information that Courier Press has acquired.

Healthcare Industry Struck Again – St. Mary’s Hacked

Source: Healthcare IT News

I don’t usually do this, but I’ll start of this post, with a quote from Health Care IT News:

Think healthcare is not a target for cyberattacks? Think again. Following a pattern of increasing attack frequency, one Indiana-based hospital is the newest target, after hackers swiped the personal data of thousands.

 

So, you look over the part of the sensationalism associated with this article, you know, the “Think healthcare is not a target for cyberattacks” portion, it really makes you wonder about that state of security in the healthcare industry. Why is the healthcare industry being struck again and again?

Having come from that field of work, I know the answer, in fact, I can 99% guarantee you, that I know the cause of the recent hacking of St. Mary’s Medical Center. Not because I have insider knowledge into the incident that occurred, but because I know the industry, I know where the weaknesses are, and I know that nobody is doing anything to combat these problems.

I’m not a betting man, but I would be willing to take a wager, that I know exactly what happened with this incident, here we go:

Hackers/Crackers/Attackers probably got St. Mary’s Medical Center on their radar from another hacked hospital/healthcare organization. Probably by scouring email from the attacked organization. I would wager that St. Mary’s did nothing to provoke the attack.

Once attackers got St. Mary’s Medical Center’s domain name, maybe a doctor or staff member’s name and email address; a little bit of simple recon occurred, scouring for more doctors and more administrator’s names and email addresses. Also, a little bit of scouting probably occurred on the website, with bad guys looking for VPN services, remote email, or something similar, that they could log into with the proper credentials.

Once a decent list of names and emails were collected, that is when the phishing attempts began. Maybe a phishing email about how to reset your password, or a phishing email offering a raise, and you need to enter your email information. They don’t need many submissions, they only need a couple, and with that, they can leverage more and more information.

Once they have working credentials for a user or two, the attacker is then able to leverage an attack into the infrastructure, by sending out emails, as a “trusted source”, requesting user’s visit a page to dish up their credentials; which leads to an avalanche effect, where they are able to gain more and more credentials.

Next revelation, will be a little bit shocking to most, but the Personal Health Information (PHI) data that was stolen, was most likely a “secondary” target of the breach. From my experience, I have seen that attackers are motivated by more substantial, quicker, and easier ways of getting money, rather than selling PHI data. What I believe the primary goal of the attackers, was to see if they could access the doctor’s HR files, and be able to modify the doctor’s direct deposit information, to a known bank account, where the attackers could take the money and run. PHI will provide some potential money for the attackers, however, the primary source could come from the doctor’s paychecks.

So, there you have it. There is my guess on what occurred at St. Mary’s. We may see, in the upcoming months what really happened, but that is my bet on what happened.

The only other option, is that St. Mary’s could hire some big name company to help them access the damage, and they could flip it around, to say it was a nation-state actor, who was trying to get there hands on super-secret formularies for a new breakthrough cure-all drug, that St. Mary’s, a 585 bed hospital bed is producing; but in the end, we all know that would be a lie.

Linux Showdown 8

Source: TrueAbility

I’ve always had fun competing in the Linux Showdown’s at TrueAbility. It is time for this year’s Linux Showdown, beginning on March 16, 2015! I really recommend this linux showdown if you have any interest in linux at all. First, there is the simple benefit of being able to compete, to see how your linux skills stack up, against everyone else’s (who doesn’t like some friendly competition every once in a while), and secondly, TrueAbility can and will get you a linux related job, if you are on the market.

It will challenge your linux ability, to determine where you stand among every other linux user in the world. So, if you’re up for a challenge, or up to learning more about linux, I definitely recommend that you check out the TrueAbility Linux Showdown #8, and make sure you sign up for the competition that begins on March 16, 2015!

From TrueAbility’s website:

The Challenge

Round One

Begins March 16th

For this challenge, you’re going to be using your scripting skills to implement a “sub par assembler” dubbed:  spasm

Instead of using memory, we’re going to use the filesystem to store and manipulate our data. Your task will be to create a program (in the language of your choice) called /usr/local/bin/spasm  that can handle some basic operations.

Those of you in the top 50 will be invited to the next round, the rest are.. 0xDEADBEEF. Round 2 we make things a little more advanced… so save your script!

Round Two

Begins April 1st

Welcome to the next phase of  spasm  development! You gained an invite to this round by successfully completing the last challenge, and hopefully you saved a copy of it because we’re going to add some functionality to it in this round.

Civilian Considerations on Getting Government Security Clearance

Source: Rapid7 – Security Street

I read this post on Rapid7’s Security Street today, and it made me think about all the hardships, and difficulty I’ve had working with clearances in the past. Not to mention the contractor -> civilian -> contractor -> civilian -> contractor messes I’ve seen in regards to clearances.

This article covers the very tip-top of issues associated with getting a US Government security clearance, and doesn’t dive much deeper than the wading pool of issues associated with getting a government security clearance.

So, with my past experience with government security clearances, here are my issues, with them, in no particular order; and these are all associated with either me, or close friends of mine.

1. Lack or reciprocity between clearances. For this example, I bring up something similar to the Department of Energy (DOE) Q clearance vs. the Depart of Defense (DoD) Top Secret (TS) clearance. On paper, and responsibilities, many similarities between the two, many say they are 100% reciprocal with one another. However, that is not the case. Many security officers in the DoD are completely unfamiliar with what a Q clearance is; and are completely unaware of any reciprocity that exists between the two clearances. But the big question is, why is there 2 different clearance systems associated with the U.S. government? Why is there not a single standard (I’m guessing since the Top Secret clearance in the DoD is much more well-known, that it would be the predominant one)?

Many might say, the access I have with a DOE Q is different than what I have with a DoD TS, which is true, however, there are many different categorizations of each of these individual clearances that a person must get cleared for as well (You can read more about SCI here).

Not only do you have the differences between the DOE Q vs DoD TS, but you have differences between TS clearances. Completely theoretical here, but if you have a TS clearance that you received as a DoD contractor and then you were to go work for the FBI, with your TS clearance, they would need to start the entire process over again, to get you vetted for your FBI TS clearance. I’m not even talking any of the SCI programs here, just clearances in general.

So, specifically relating to the article at Rapid7; if a person has their Q clearance (because their primary business role is associated with the DOE), and the FBI wants to talk to them, about a sensitive subject, that requires a TS, they would be unable due to differences in clearances. Same could also apply for a DoD contractor in speaking with the FBI or the CIA.

2. Time to get clearances. When I original got my clearance, it took well over 18 months for them to process the paperwork, do the background information checks, and everything else associated with my clearance. Why would it take so long? At some point, you are going to blame government bureaucracy; and you’d probably be right.

Time becomes a very critical issue when you’re dealing with computer threats, and if you need to wait any significant amount of time, in order to get vetted for what the government is going to tell you, then it’s already taken far too long.

3. How about all the issues needed to get a clearance in the first place. How easy is it, for a “regular” non-governmental business (or employees of) to get clearances? I’m going to go out on a limb here, and guess extremely difficult. I found it hard enough to get clearances when working for contractor, that required clearances, let alone, a business that doesn’t specifically require clearances. I can only imagine the entire vetting process for a business like this to get clearances would be pretty extreme.

4. After the Snowden revalations, the government began to cut-back on the number of clearances they issue. How does this affect “regular” businesses attempting to get clearances? You’ve began restricting clearances to those people that need them, through their direct work with the DoD or the DOE, and now you want to offer them to general businesses that may, or may not have direct ties to any government agency?

5. What are the actual requirements to get a clearance anyways? Who knows all the guidelines? If you want to see the official cases on why people are denied or granted clearances, you can check out this website: Industrial Security Clearance Decisions

Are these reasons for people not getting clearances acceptable in your mind, or are they too stringent. That’s not for me to decide, but should be something you think about when applying for a clearance.

Malware Investigator released

As of today, the FBI/U.S. Government’s own Malware Investigator tool has been released to a wider audience of people. I believe all members of Infragard, along with the select few people offered it before this wider release.

I’m going to be loading it up with some samples that I have, and test out the tool, and determine if it can assist with forming details about malware.

I will update the blog in the next couple of days, and provide details to my experience in using the Malware Investigator tool.