Week 4 Blog

The Hidden Lynx Hackers

The Hidden Lynx is a professional group of hackers who partake in many different forms of exploitation. (Zetter, 2013) “The group has targeted hundreds of organizations - about half of the victims are in the U.S. - and has succeeded in breaching some of the most secure and best-protected organizations” (Zetter, 2013). The Hidden Lynx hackers are extremely sleek and have outstanding hacking abilities. (Zetter, 2013) The Hidden Lynx hacker group uses many different approaches to taking down secure infrastructures. More specifically, “The Hidden Lynx group pioneered so-called ‘watering hole attacks’ whereby malicious actors compromise web sites frequented by people in specific industries so that their computers are infected with malware when they visit the sites” (Zetter, 2013). This was one effective technique that the Hidden Lynx group has employed. Another technique the group has used is dynamic DNS. (Zetter, 2013) The Hidden Lynx "Dynamic DNS rapidly switches command-and-control servers to hide their tracks and recompiles their backdoors frequently to keep a step ahead of detection. They also switch out zero-day exploits when one is discovered” (Zetter, 2013).

Another technique that the Hidden Lynx hacker group targeted was Bit9. (Zetter, 2013) The hackers attempted to, “resemble the hackers that penetrated RSA security in 2010 and 2011. In that case, hackers targeting defense contractors went after RSA security in an attempt to steal information that would allow them to undermine the RSA security tokens that many defense contractors use to authenticate workers to their computer networks” (Zetter, 2013). In addition, “Bit9, [. . .] provides a cloud-based security service that uses whitelisting, trusted application control and other methods to defend customers against threats, making it difficult for an intruder to install an untrusted application on a Bit9 customer’s network” (Zetter, 2013).

 

Moreover, “The attackers first broke into the network of a defense contractor, but after finding that a server they wanted to access was protected by Bit9’s platform, they decided to hack Bit9 to steal a signing certificate. The certificate allowed them to sign their malware with the Bit9 certificate to bypass the defense contractor’s Bit9 protections. The Bit9 attack, in July 2012, used SQL injection to gain access to a Bit9 server that wasn’t protected by Bit9′s own security platform. The hackers installed a custom backdoor and stole credentials for a virtual machine that gave them access to another server that had a Bit9 code-signing certificate. They used the certificate to sign 32 malicious files that were then used to attack defense contractors in the U.S. Bit9 later revealed that at least three of its customers were affected by the breach” (Zetter, 2013). I found it pretty ironic that Bit9 didn’t protect its own security platform. The Hidden Lynx definitely did their research on Bit9. Perhaps, Bit9 should have done its own research first in order to prevent being hacked. It just seemed like Bit9 was an easy open target for the Hidden Lynx to attack. My favorite technique that the Hidden Lynx used was signing their malware with the Bit9 certificate. This was just brilliant. Who would ever second guess Bit9's own certificate.

The Hidden Lynx has also hacked high profile stock trading firms. (Zetter, 2013) In addition, “The Hidden Lynx group has also gone after the supply chain, targeting companies that supply hardware and secure network communications and services for the financial sector” (Zetter, 2013). They have even compromised legitimate software driver websites so that the users download drivers with Trojans. (Zetter, 2013) It seems that this group’s motive concentrates around making money, stealing assets, and intellectual property. (Zetter, 2013) In addition, according to Symantec, they the Hidden Lynx has left fingerprints all over and this allowed Symantec to trace their activities and attacks. (Zetter, 2013) The group doesn’t seem to care about covering their tracks potentially because of the time and money involved. (Zetter, 2013) It seems like even the some of the best hackers also have their own weaknesses as well. I wonder who will exploit/uncover their weaknesses.

 

Reference:

Zetter, K. (2013, September 17). State-Sponsored Hacker Gang Has a Side Gig in Fraud. Retrieved September 17, 2013, from Wired: http://www.wired.com/threatlevel/2013/09/hidden-lynx/

Week 3 Blog

Hacking iPhone's Fingerprint Reader

Apple recently announced that its latest iPhone would have a fingerprint reader that will give the user a great and simple new way to secure their phone. (Schneier, 2013) This fingerprint reader will offer a new advantage to those who currently use their iPhone for practically every aspect of their lives. Since Apple is planning to utilize a fingerprint reader in their new iPhones, there are some problems to be aware of concerning this new addition. More specifically, can this fingerprint reader be easily hacked? Before answering this question, it is essential to understand how a fingerprint reader can initially fail to begin with. “There are two ways an authentication system can fail. It can mistakenly allow an unauthorized person access, or it can mistakenly deny access to an authorized person” (Schneier, 2013). Having this knowledge opens up obvious possibilities to how this new fingerprint reader can become hacked. For example, “Someone with a good enough copy of your fingerprint and some rudimentary materials and engineering capability - or maybe just a good enough printer - can authenticate his way into your iPhone” (Schneier, 2013). Obviously, this seems to be less of a worry because of the extreme procedures required to gain access to someone’s iPhone.

There are more concerns with the new fingerprint reader though. More specifically, “The final problem with biometric systems is the database. If the system is centralized, there will be a large database of biometric information that’s vulnerable to hacking. A system by Apple will almost certainly be local - you authenticate yourself to the phone, not to any network - so there’s no requirement for a centralized fingerprint database” (Schneier, 2013). Having a large database of biometric information would be a rather risky step to take. In addition, it would be even more of a security risk if your fingerprint were used to gain access to your iCloud account. (Schneier, 2013) More specifically, “The centralized database required for that application would create an enormous security risk” (Schneier, 2013). Therefore, while the fingerprint reader is an amazing idea for the new iPhone it does create security risks. Hopefully, Apple will find ways to mitigate these risks so that users can enjoy the new iPhone feature.

 

References

Schneier, B. (2013, September 10). If Apple’s iPhone Has Fingerprint Authentication, Can It Be Hacked? Retrieved September 11, 2013, from Wired: http://www.wired.com/opinion/2013/09/what-if-apples-new-phone-has-fingerprint-authentication/