Insights For Success

Strategy, Innovation, Leadership and Security

US bans use of Huawei technology through Defense Authorization Act

GeneralEdward Kiledjian

US President Donald Trump has signed the Defense Authorization Act into law. Section 889 ( PROHIBITION ON CERTAIN TELECOMMUNICATIONS AND VIDEO SURVEILLANCE SERVICES OR EQUIPMENT) bans use by government agencies and contractors of Huawei or ZTE technologies. 

The language of the act is ambiguous and doesn't clearly list what technology is or isn't covered by the prohibition. 

procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system

ZTE and Huawei should not be used to access government systems that display personal data, therefore it is safe to assume that most agencies and contractors will purge their networks of systems designed or that use these technologies.

I have not yet seen an official response from either of the tech complanies.

Stay tuned. 

OPSEC : What should I include in my bug-out bag

GeneralEdward Kiledjian

Search Google for "Bug-out bag," and you will get 137M results. YouTube has a 144K videos discussing it. A Bug-out bag (also called Go Bag, BOB, 72-hour kit, grab bag, a battle box, personal emergency relocation kit) is a small personal maintenance kit that would allow you to survive 72-hours when faced with an emergency. 

Most emergency agencies reconnect you prepare some kind of emergency kit. Emergency Preparedness Canada has a website dedicated to building basic bug-out kits. The US Department of Homeland security offers similar suggestions on their website

Without going overboard, the purpose of this article is to provide general guidelines for the average Joe interested in being better prepared (not for a survivalist or extreme prepper).

Where should I keep it?

Location, location, location... You Bug-out bag is useless if you cannot quickly grab it during an emergency and quickly leave the risk region. 

Your bug-out bag should be kept close to the main exit for your dwelling so you can grab it and go. 

An operational security expert will typically run several scenarios to evaluate possible calamities and what the best exits would be (it isn't always your front door). Spent some time thinking about this and place your bug-out bag close to the exit you are most likely to use (garage, front door, back door, bedroom windows, etc).

Basic bug-out bag items

In security, you can spend a little or a lot, it really depends on your level of paranoia. Most people don't need a 200lb bug-out bag that contains $500 of survival items. So here are the basic everyone should have in their kit:

Documents

  1. National identification documents (originals or copies). These can include drivers licenses, passports, medical identification cards, etc
  2. Keep a couple hundred dollars of cash money in different denominations (assume the electronic payment networks may be unavailable)
  3. A printed list of emergency contacts (local hospitals, police stations, family members, friends, etc) 

Personal Items

  1. A basic $20 first aid kit (from the pharmacy or Costco)
  2. A couple of litres of drinking water in sealed containers
  3. High calorie easy to eat snacks (that do not require preparation)
  4. Head covering (in case you have to walk in the sun, rain or snow), I keep a buff multiuse scarf
  5. Bug repellent
  6. Sunblock
  7. Prescription medication, glasses and contact lenses

Communication Gear

  1. A mobile phone (if possible an extra pre-paid SIM on a different network)
  2. Hand crank powered emergency radio 
  3. Small notebook, pen and pencil
  4. Printed local maps (street and topographic)
  5. A large (at least 20,000 mAh) external battery to charge your electronic gear. My battery of choice right now is the OmniChage Pro

General Gear

  1. A multipurpose knife (my choice is the Victorinox SwissChamp)
  2. Flashlight (ideally something that can be charged with your external battery via USB).
  3. "Normal" candle and weather resistant matches
  4. 550-lb paracord
  5. Handheld mirror
  6. Phrasebook if travelling abroad

The Pack

Talking about Bug-out bags is like discussing religion. Everyone has strong opinions about that the "best" bag is. My recommendation is to choose a backpack (since these balance the weight better and are easier to carry over long distances). 

My only recommendation is to choose something that is as light as possible while being resistant.

How to fix issues at hotels, airports and other public WIFI hotspots

GeneralEdward Kiledjian

A captive portal is the intercept page you see when trying to log into most free public WIFI hotspots (e.g. airport, restaurant, hotel, etc.) You are normally shown a page that collects your email and then asks you to agree to the provider's terms of conditions. 

As browsers adopt more secure protocols by defaults (iPhone, Android, Windows, Mac, iPad, etc.) there are situations when your device may not trigger the portal webpage correctly. The browser may block redirection to the portal page because it is typically transmitted using unsecured HTTP. 

In some cases, devices will attempt to detect and open an unencrypted webpage to allow the public WIFI router to inject a redirect URL. WirelessPhreak has a good technical article that discusses why new more secure tech is causing this issue. 

Each smartphone manufacturer uses a different non-SSL webpage to detect a captive portal:

  • Google Android: http://connectivitycheck.gstatic.com/generate_204
  • Apple iPhone & iPad: http://captive.apple.com/hotspot-detect.html

What do you do if that automated portal detection doesn't work? How to you trigger the captive portal?

Enter the webpage Never SSL. If you are connected to a public WIFI (that should work) but are not seeing the captive portal, open your browser of choice and navigate to http://neverssl.com/
 

This will fix your issue and you should be bathed in warm loving WIFI Internet. 

Fun with Shodan and IOT

Edward Kiledjian

Read this related article: Find phishing and malware with a simple search

Search engines have become a favourite starting point for threat actors, so it should also be your starting point. Beyond Google, there are a bunch of specialized search engines that are powerful and scary. This article talks a bit about Shodan. Think of this article as a gentle introduction.

What is shodan

Shodan is often called the world's most dangerous search engine. Shodan attempts to catalogue metadata about its targets and its targets are often Internet of Things (IOT) devices. Hackers and security researches use Shodan daily to find vulnerable webcams, open traffic light systems, SCADA in manufacturing plants and much more.

I'm going to assume you have a free Shodan account.

Browse the categories

If you visit the Shodan Explore section, you can find all kinds of interesting systems listed.

Unprotected webcam

For this example, I searched for the Axis 212 webcam which is known to have many vulnerabilities and a known default password.

As an example, the webcam I highlighted seems to be in a daycare facility and isn't even password protected.

I've blurred out the children and teacher.

Some are unprotected. Some have kept their default passwords (there are lots of default password lists like this one). Obviously many of these cameras are made by a handful of manufacturers in China and are never updated. Once you find a vulnerability on one model it is often workable on dozens of others.

Routers

You can search Shodan for common router brands like Belkin, D-Link, Netgear, etc and then try to log in using the default admin passwords. Above is an example of a Linksys router exposed to the internet without a password. Others are exposed with the default password.

Intel AMT Exposed to the internet

There is a major Intel AMT vulnerability but Shodan shows that 4,647 devices with AMT (on July 22) were connected to the internet.

If you search for "http intel active management" in Shodan, you will get a listing of these devices.

Other searches you can perform

Netgear device with port 80 open to the internet

Bitcoin servers

You can even use the Shodan ShipTracker dashboard to track realtime ship

ShipTracker is harmless on its own, but combined with data available from other sources and the knowledge that many ship systems use default passwords and it is a disaster waiting to happen.

There is a known vulnerability that allows a threat actor to steal or modify information from a Memcached server. This vulnerability was used to target GitHub with a massive DDoS attack. Not all Memcached servers are vulnerable ( I won't show you how to find the vulnerable ones) but how would you search for Memcached servers on the net? The answer is with a Shodan query.

 

Conclusion

Obviously, this is just the tip of the iceberg. A true threat intel specialist will be able to automate Shodan queries and then combine them with known vulnerabilities, exploits or default credentials. I am hoping this article created a bit of interest in you to learn more. 

For this article, I only chose examples that were exposed to the internet and were not password protected. Be careful as laws differ around the world. In some countries even testing default passwords could be considered "hacking". 

Find phishing and malware with a simple search

GeneralEdward Kiledjian

A very important function of any information security team is threat intelligence. Threat Intel can be a complicated and costly service in some cases but can be as simple a running a simple search in other cases. Here is a trick to get you started with the simple and cheap function.

Did you know you can find lots of "fun" phishing and malware links using nothing more than a simple VirusTotal search? Search VirusTotal for Google Storage API (precooked link). 

Go down midway on the results page and voila.

The one I highlighted above takes you to a dropbox phishing site

Some may not be fully formed yet. Some may already be taken down but you can find some interesting opportunities for research. 

Simple "script kiddy" level Threat Intel for you.