Can Blackhat Hackers Be Stopped

bobmc

Member

Reaction score: 47
Messages: 90

Stories about ransomware and malware corruption seem to be on the increase. They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million.

There is a story in Wired about a theft of RSA SecureID seeds from an air-gapped server. This event was blocked by non-disclosure for ten years.. now we know.

People continue to be sloppy with passwords. For example, "SolarWinds123". I am surprised that IT does not enforce some software discipline.

People issues aside, I am wondering what sort of server software these malware victims are using. Windows, Linux, BSD, other...
 

ralphbsz

Son of Beastie

Reaction score: 2,335
Messages: 3,233

Stories about ransomware and malware corruption seem to be on the increase.
Are they really increasing? Or are you noticing them more? I would rather say that major attacks are declining, and are more and more focusing on companies that try to do their own IT.

They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million.
Which proves that Colonial was (a) incompetent since their system had enough holes to let the hackers in, and (b) incompetent because they didn't have a plan for what to do when their systems become inoperable. And that the government should supervise infrastructure that is of national importance (such as fuel pipelines), since the companies are not competent enough.

There is a story in Wired about a theft of RSA SecureID seeds from an air-gapped server. This event was blocked by non-disclosure for ten years.. now we know.
We have known for the last "many" years that SecurID tokens had been cracked. I remember when suddenly they were all replaced or swept away by other technology. Furthermore, we have known since the "clipper chip" wars and the Ed Snowden disclosure that RSA (the company) was bought off by at least the US government, when they caved in to the clipper chip. And perhaps by others too. I haven't seen a SecurID in many years, nor any other RSA product in use.

EDIT: There were many stories published about that in 2011; it is possible that the full details have just become available, but "The Register" was full of this in 2011.

People continue to be sloppy with passwords. For example, "SolarWinds123". I am surprised that IT does not enforce some software discipline.
Yes, like the famous scene in Spaceballs: "12345 ... that's the same password as my luggage". No, in major companies IT first enforces reasonable passwords (no more 12345 or Password or new laptops shipping with password = New4You). And I think in the last ~10 or 15 years, I have not been able to log into my employers systems with just a password. It takes some form of 2FA, for example a trusted laptop (serial number recorded and checked, corporate supplied) first setting up a VPN with one password, then a login with a second password. Or hardware two-factor authentication, such as fingerprint readers. For example, at one employer people were given the advice to please configure their computer with fingerprints from both hands, so if they have a minor kitchen accident and have to have band-aids on the fingertip, they can still log in.

People issues aside, I am wondering what sort of server software these malware victims are using. Windows, Linux, BSD, other...
Statistically speaking, it is 99% likely that the OS on the servers is Linux, although Windows is still used some in industrial SCADA systems. But the OS itself doesn't matter much; security is about much more than the one OS.
 

gpw928

Aspiring Daemon

Reaction score: 237
Messages: 548

Regardless of the method used by the blackhats, it's clear that Colonial Pipeline had manifestly insufficient defences in place.

I once sat in the office of the CIO of a multi-billion dollar organisation and asked how he intended to bootstrap the recovery if every Windows machine was hit with something similar to the Anna Kournikova worm.

The proposal to force the Unix admins to use Windows on their desktops was abandoned. They got to keep Unix (the version of their choice), and connect to the Citrix servers when compliance with corporate standards demanded (calendar, email, ...).

Defence of the dark arts comes in many forms. Technical and social.
 

vigole

Daemon

Reaction score: 1,453
Messages: 1,266

bobmc
Can Blackhat Hackers Be Stopped
I hope not.
Not exclusively, but to some extend, they're the force behind technological advancement. Similar to wars. Somebody should write Worm.Win32.Blaster/2004 to show billy gates why do you make this possible ? Stop making money and fix your software!! otherwise we would have been XP-users forever. Beside, society without crime! ... Possible? No. Utopia is impossible. That's real life.
 

ralphbsz

Son of Beastie

Reaction score: 2,335
Messages: 3,233

Trihexagonal

Son of Beastie

Reaction score: 2,403
Messages: 2,930

Stories about ransomware and malware corruption seem to be on the increase. They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals.
I don't remember reading about FreeBSD being vulnerable to ransomware and my main concern are rootkits. I trained my clicking finger not to a long time ago and only install programs from the ports tree.

People continue to be sloppy with passwords. For example, "SolarWinds123". I am surprised that IT does not enforce some software discipline.
That's called "Learning the Hard Way".

I am wondering what sort of server software these malware victims are using. Windows, Linux, BSD, other...
See above.
 

kpedersen

Son of Beastie

Reaction score: 2,079
Messages: 2,940

Hah, I had a call from the County Password Inspector this morning. Nice chap, he was very understanding as I read out my passwords to him. He even gave me his email address to send a copy of my more complex passwords, in case he wrote them down wrong. Which of course I sent immediately after the call.

I wish all public services were as courteous and patient as the CPI. I am also impressed they are such hard workers as to work on weekends :)
 

PacketMan

Aspiring Daemon

Reaction score: 166
Messages: 958

"Can Blackhat Hackers Be Stopped"

A long time ago a smart man wearing a white hat said "Look what I have made, it is a lock, and you need the key to open it, without the key you cannot open it". One of the listeners was another smart man, but was wearing a black hat. He said to himself "hmmmm, if I can copy that key, or make a tool to emulate that key I can unlock that lock." And so he did. The white hat man was determined not to be defeated so he made his lock even better. The black hat man was determined not to be defeated so he adapted too. A couple hundred years later.....the same old story continues.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,267
Messages: 38,773

Stories about ransomware and malware corruption seem to be on the increase. They attack those who can least afford to restore from backup such as the Colonial Pipeline and hospitals. Colonial paid 4.4 million.
These are typically not done through remote "hacks" but by sending a large number of emails (targeted at individuals at those companies). These emails have attachments with fake invoices, fake resumes, or something similar. The PDF or Word document exploits a bug and the emails just try to entice anyone to open them. Bad filtering on incoming email, bad practices and old or unpatched software, and some really bad awareness of the people that open these emails does the rest.
 

Tieks

Well-Known Member

Reaction score: 116
Messages: 281

ralphbsz said:
And that the government should supervise...
Remember Bafin and Wirecard, I'm afraid that's not going to work either. As Ronald Reagan once put it: "One way to make sure crime doesn't pay would be to let the government run it.".
Read a story about a FreeBSD-based NAS where most files were encrypted. It happened to way SirDice just pointed out.
 

kpedersen

Son of Beastie

Reaction score: 2,079
Messages: 2,940

kpedersen And given the state of deep fakes, you shouldn't even trust your CEO on a video call.
Yep. Or in person... ;)

Actually, we did have a phishing attack semi-recently. The amusing thing is that the emails all came within working hours. Whereas pretty much everyone knew that our CEO works mainly at 1am and sends all emails around then. The impersonator didn't factor that in!
 

PMc

Daemon

Reaction score: 676
Messages: 1,357

These are typically not done through remote "hacks" but by sending a large number of emails (targeted at individuals at those companies). These emails have attachments with fake invoices, fake resumes, or something similar. The PDF or Word document exploits a bug and the emails just try to entice anyone to open them.
So that's the purpose of these. I get lots of them, they usually contain a pdf or zip which actually contains an exe. I was never able to get any of these to run on the Berkeley. Professional businesses seem to run on a very different skill level.
 

Crivens

Moderator
Staff member
Moderator

Reaction score: 1,646
Messages: 2,513

So that's the purpose of these. I get lots of them, they usually contain a pdf or zip which actually contains an exe. I was never able to get any of these to run on the Berkeley. Professional businesses seem to run on a very different skill level.
See? Shame on you. Even the most stupid CEO can get them running in a matter of seconds. Shame! *bing* Shame!
;)
 
  • Like
Reactions: PMc

fcorbelli

Active Member

Reaction score: 61
Messages: 189

Speaking of BSD I would say that all ransomware attacks can be resolved in a period of between an hour and a day, in the latter case by purchasing new hardware (disaster recovery == really start from scratch).
No particular investment is required, or even expertise.

You can easily spend a million euros on advertising, but not 10,000 on safety.

However, I must say that the average level of systems engineers (including multinationals) is minimal, really disheartening.

How many do an actual simulation of restoring an entire infrastructure from scratch?
I do it in all WEs.
And I certainly don't have the resources of a large company.
 

Jose

Daemon

Reaction score: 965
Messages: 1,169

And whoever did this pipeline thing - word goes he/she/it has annoyed the wrong kind of people. The kind with a high level of options and a low level of accountability.
Well, the cybercriminals behind this crack have shut down, allegedly:

The US Government claims they didn't shut them down:

It's possible that they just disbanded to lay low for a while, and will re-emerge once things have cooled down. It's possible the US Gov't did shut them down, but they don't want to disclose if or how to keep their methods secret. It's a cloak-and-dagger world.
 

Jose

Daemon

Reaction score: 965
Messages: 1,169

Remember Bafin and Wirecard, I'm afraid that's not going to work either. As Ronald Reagan once put it: "One way to make sure crime doesn't pay would be to let the government run it.".
Read a story about a FreeBSD-based NAS where most files were encrypted. It happened to way SirDice just pointed out.
Who would trust the government after Snowden and Crypto AG? Not me.

Edit: The Maersk hack was based on leaked NSA tools, too. Yeah, no thanks.
 
OP
bobmc

bobmc

Member

Reaction score: 47
Messages: 90

The previous place I worked had about 150 windows workstations and laptops. Everybody had a USB key in order to sign in on any machine. Nothing interesting happened to the network.

I use a Yubico key for my email accounts at home. I rarely use Windows. Linux and BSD are my preference.
 
OP
bobmc

bobmc

Member

Reaction score: 47
Messages: 90

But the OS itself doesn't matter much; security is about much more than the one OS
I agree. There is an effort to produce a microkernel based OS with a Rust language user layer. I hope they succeed because Rust is designed to resist hacking and programmer mistakes. It is a compiled language. The book is 500 pages which is much better than the 1500 page Python book. There are 2 main Pythons and Guido wants to double performance. I think that would tend to reduce security.
 
Top