A good write-up by Jeff addresses a problem that has existed for several years, but only recently is starting to get malicious. A few hackers demonstrated how the software running common internet modems and routers were vulnerable to attack. A few good-minded-souls even wrote code to scan the internet; find them; and exploit them to install the update.
Of course, there were those who used those same routers to mine for crypto-currency and others who created attack bot networks. The article highlights how these unprotected devices are hacked and allow for anyone passing traffic through them to be infected with malware on their machine.
A good article with rather excellent tips for mitigation at the end. Very much inline with several tips I drafted for How Not To Be Hacked, the book, and some tips that didn’t make it due to complexity. If you only skim it … be sure to make it to the end where the tips are listed!!!
For security professionals Jeff raised one point that I thought was a challenge to our industry, and highlighted it below:
Buy a new, quality router. You don’t want a router that’s years old and hasn’t been updated. But on the other hand you also don’t want something too new that hasn’t been vetted for firmware and/or security issues
via Welcome to The Internet of Compromised Things.
How ridiculous our world is sometimes … buy a new router, but not too new … but also not too old. HAH… That fails the How not to be hacked, Can you explain it to your grandma test (something I learned in the Head Game). It is valid though … and reflects the challenge of security professionals.
Ben Rothke, author of Computer Security: 20 Things Every Employee Should Know and a valuable contributor to the information security profession through sharing of research on Security Reading Room reviewed How Not To Be Hacked today. As in any moment when a person you respect reviews your work, I was struck with emotional anxiety and excitement when I saw the notification of the review. Ben’s review was honest, accurate, and I thought extremely helpful to anyone trying to uncover answers that will help their friends/family who do not hold 5+ certifications navigate the online world safely!
A snippet from his full review at RSA Conference Blog:
In How Not To Be Hacked: The Definitive Guide for Regular People, author James DeLuccia has written an extremely useful guide that offers 63 valuable tips on how and what users can do to avoid being hacked.
When the author says the book is written for regular people, he means those folks who don’t know a device driver from a digital certificate. The book is written with no techno-babble or jargon, which makes it an enjoyable read for the novice.
Posted again at How Not To Be Hacked: The Definitive Guide for Regular People | RSA Conference.
Thank you to Ben for taking the time to share his thoughts on the book!
Humbled and thankful,
The news is so full of the security failures and problems that it is worthwhile to pause and see the good. Ngo built a marketplace and sold identifying information about regular people – in packages that contained everything for an identity theft. He was caught and a number of his ‘customers’ in the U.S. were captured.
Details and full links below – if you were breached, consider the breach response task list from How Not To Be Hacked.
Ngo, 25, will serve 13 years in prison for hacking into U.S. business computers and stealing the information of approximately 200 million US citizens to sell to other people as so-called ‘fullz’, Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Donald Feith of the District of New Hampshire and Director Joseph P. Clancy of the U.S. Secret Service announced.
The IRS confirmed 13,673 U.S. citizens had their information sold on Ngo’s websites, with $65 million in fraudulent individual income tax returns filed thanks to his services.
source: Massive International Hacker Sentenced to 13 Years For Identity Theft Scheme | Hacked.
A high schooler could have done this, but these 2 didn’t get it done because of a NDA!? Sad and shows sometimes progress can be derailed by the smallest of things. Passion is finicky and when pursuing the development of new ideas they need to be nurtured in and between organizations.
The technology already exists, and I’d bet for less than $2k it could be made operational. Perhaps we’ll see these at DefCon just to show how feasible and fun they can be in real life?
Leaked emails between Italian spyware vendor Hacking Team and Boeing subsidiary Insitu revealed that drones carrying malware to infect targeted computers via Wi-Fi by flying over their proximity is close to becoming a reality.
Spyware-carrying drones were being discussed by Insitu, a division of Boeing and now-disgraced malware firm Hacking Team, according to leaked emails from the recent breach of the Italian company which have been posted on WikiLeaks, Engadget reported.
It was only the failure to come to terms over a non-disclosure agreement that kept Insitu and Hacking Team ‘teaming up’ together in order to create the malware infesting drone.
via Hacking Drones Close to Being Drawn up by Boeing and Hacking Team.
Ps.. I wrote a book to help Information Security professionals share Tips to the other 3.1 billion people in the world struggling to stay secure and safe online. I’d love for you to share the news and benefit from the book – How not to be hacked
Posted in Compliance
Tagged 2015, boeing, defcon, drones, hacking, hacking team, how not to be hacked, information security, insitu, malware, nda, wifi