Mutt
Professional
- Messages
- 1,157
- Reaction score
- 825
- Points
- 113
CHINA RECRUITS RUSSIAN HACKERS?!
Famous carder Sergey Pavlovich continues his conversation with Sergey Nikitin, deputy head of the computer forensics laboratory at Group-IB, the main Russian private fighter against hackers, carders and other cybercriminals, and in the ninth episode of the series we talk about viruses for hacking iPhones, protecting MacBooks, hacking Wi-Fi and Apple equipment, how to get a job at an information security company like the one created by Ilya Sachkov, and much more.
Enjoy reading!
Contents:
Is it possible to get into Group-IB if you were involved in whitehat hacking?
Pavlovich:
A question from the audience. You said in the third part that you use a polygraph to check if I am a planted Cossack, if I am a member of cyber groups, if I am involved in dirty tricks. But if a couple of years ago I hacked websites and networks, sometimes it came to deep access to 1C and accounting, whenever possible I informed the owners about the vulnerabilities I found, I did not sell the access, I did not participate in dirty tricks. That is, well, essentially, white hat, right? Is there any chance at all to get into your office?
Specialist:
I think so. Well, that is, you need to understand that this is not some kind of super-strict boundary. There, oh, you hacked something, and that's it, you are immediately a cybercriminal. A person's motivation is very important, his thoughts, for what purpose he did it, what he was pursuing. He informed them. Yes, yes, yes. That is, it is quite possible that... Let's say it is always individual.
The main idea is that we simply do not take cybercriminals with a cybercriminal mindset, that is, it is not necessary that they were convicted of something, maybe they got away with it, but a person's thinking changes in a certain way. I think that you yourself remember your time, when you were doing this, you probably thought differently than now. I mean the very way of thinking, motivation and so on and so forth.
And this is the idea, that is, we have a certain mission there, many people probably don't like it, but this is how it works. And we look for like-minded people first of all when we recruit people. If a person wants to fight cybercrime, he himself is not directly involved in something bad, why not? It always makes sense to send if he passes the security check, why not?
Pavlovich:
But I think in this case, before you got a job, you also hacked something there and so on. It wasn't always legal there, it's just that here, well, the goal is precisely something, well, yes, I hacked there, okay, I could, as if from the point of view of the law, if you were caught, it would probably be illegal of course and you would be prosecuted by someone, but you hacked it, you managed to tell the guys that you have a hole there, for example, and I think everyone has had something like that in their life.
About hacking Wi-Fi
Specialist:
Yes, in fact, I think that almost everyone there tried to hack some kind of Wi-Fi when it became a popular tool. It seems to me that many people got acquainted with Callie because of this. Or rather, before that it was called Backtrack. As far as I remember, Backtrack or something like that. I'm sure they will correct me in the comments. Naturally, this does not always carry some kind of super-destructive thing. Moreover, I repeat, many teenagers there may not understand that they are committing some kind of crime.
Hacking your neighbor's Wi-Fi. Yes, yes, hacking your neighbor's Wi-Fi. Like, well, I just need the Internet, and I have to pay money and so on.
Pavlovich:
I had a guy come to visit me, and he immediately hacked my neighbor's Wi-Fi, there were 1, 2, 3, 4, 5, 6, 7, 8, and that's it, he gives me the password, says, I say, so why the hell did you do that.
Speaker 1:
Did you do it?
iPhone hacking virus Pegasus
Pavlovich:
You have Internet at home, I have Internet at home, is the Internet not enough for you or what? Well, that's his habit and that's it, that is, in this way he hacked from my IP, yes, and he also set me up. So, the person asks to give the resources of NSO groups, products or at least samples. What does he want to mean?
Specialist:
I was talking about a company that, let's say, ordered the special services to develop some cyber weapons, I was talking about hacking iPhones. The virus itself is called Pegasus, and in English it is written Pegasus. You can search for it, there are samples, you can download them directly from the Internet, watch them. It is well known, it is well researched, there are articles about it.
Pavlovich:
Are the sources of this Pegasus available on the open network on the Internet? Not the source, but the binaries.
Specialist:
There are compiled files. The source, probably, only the NS groups have. But still, if anyone is interested, they can be opened in a disassembler, watched, researched and read the research. Perhaps, I do not remember if I mentioned the name of the virus. If not, then it is called Pegasus. And already by this keyword, that is, the NS group Pegasus, you can find everything on the Internet.
Were there any real hacks using Spectre and Meltdown?
Pavlovich:
The next question, I do not quite know what this is, but the question is asked. Were there any real hacks in your practice using Spectre and Meltdown?
Specialist:
Great, I'll tell you. So, these beautiful names are the names of vulnerabilities in Intel processors that suddenly came to light, and they consist in the fact that there is a special protected mode in the process and the trick is that one program should not just get access to the memory of another program and there are special hardware algorithms for this and it turned out that in order to increase the performance of Intel they went to some tricks as a result of the discovered vulnerabilities it was possible to get access to, say, in the context of other programs, simply steal some data from RAM and it was even possible to do this attack remotely. That is, I send some special fragments to the server And it can accidentally give me some pages of memory back And in theory, these pages of memory can contain both passwords in plain text, and encryption keys, anything If you attack such a server long enough, you can count a lot of memory It is, however, randomly issued, but you can get some valuable data
Pavlovich:
Well, this is theoretically, but in practice, have you had any?
Specialist:
In practice, it is practically useless. That is, the chances of getting something needed are not very high. And then what? Then they released a BIOS update, a huge number of them. And if they were installed, updated, there is a microcode embedded in the BIOS. This is, let's say, a certain program, how the processor works. And in this microcode, they made some special slowdowns, as a result of which you lose in productivity. But most of these attacks become not very relevant.
Hardware vulnerabilities
Specialist:
But this is an excellent point related to the fact that the question itself raised such a point that in addition to software vulnerabilities, there are hardware ones that are very difficult to close and few users will completely switch to other new processors because they found only very expensive ones, especially if we are talking about enterprise, when I talked about the vulnerability of the iPhone processor and the old ones, it still exists and the T2 chip that was in MacBooks for some MacBook models, it is also based on the old chip from mobile processors and it is also vulnerable and now a MacBook with a T2 chip can be infected with this vulnerability and since the T2 chip is loaded before the operating system, you get a rootkit that, for example, can intercept your password for logging into the system, and this is the password for fail vault encryption, and send it somewhere, since it works like a rootkit. But this only works again with physical access to the laptop.
Sergey Nikitin about MacBooks
Specialist:
And if in the last issue I gave a recommendation to everyone to buy MacBooks with a T2 chip, now, probably, Tim Cook paid me again, but literally yesterday there was a presentation of new MacBooks on their own processors, where this vulnerability is no longer present.
Pavlovich:
Well, it's time for me to change, in my opinion.
Specialist:
Well, and it's also cool that they sell them for the same price, and with incredible autonomy. But the Security Enclave, that same security coprocessor, it is now moved inside the chip, it is not separate, and this hole is closed there. That's why... That is, the new chips from Apple are not bad, right? Yes, very good.
Pavlovich:
As of today?
Specialist:
As of today. It will always be a kind of struggle, there, of sword and shield, but if I advertised T2 last time, you could say I advertised it, I just have to make a reservation that look, it is also being hacked now, it can carry some risks, it cannot hack your encryption, but it can do so that your password is simply intercepted, but all this requires physical access to the laptop, but you can forget it in the hotel, it can be searched at the airport.
Well, like Biden had now, like his son. And therefore, in general, MacBooks with a T2 chip on Avito, and buy new ones yourself, fortunately the price has not changed there and in fact you will not have to pay extra for the difference, perhaps not very much. The problem is fixed there.
Have they tried to attack the Group-IB website?
Pavlovich:
Have they ever tried, I understand that the question is a little naive, have they ever tried to attack Group-IB? Regularly, of course, absolutely.
Specialist:
What do they hack? Well, first, naturally, the weakest point is people, yes, that is, they try to send phishing, anything, get data and access to employees, hack personal accounts of employees, personal devices, several times, there were several interesting cases, in fact, several times on behalf of Group IV they tried to make mailings, that is, they simply replaced the sender's addresses, this is possible in mail, well, if the recipient has poorly configured spam filters, then it may work.
The second point, I remember, there was a leak, I think, of the Bukhtrap source code, well, it's a virus, and there was a password for the archive, Group-IB, Smart Boys, something like that, well, some kind of confession also from cybercriminals, so, it was like, let's say, there was a notification, I think, from our certificate, or rather, someone impersonated a notification from our certificate, and also sent out a mailing, that is, as if some malware was distributing on our behalf.
Therefore, we regularly encounter some attacks and this is, like, completely normal. And was the site hacked, were there any successful attacks? The site, they say there, is our business card site, it has some functionality, and there is simply no point in hacking it.
Pavlovich:
You didn't deface it?
Specialist:
No, we didn't deface it, again it's difficult, because Because, trivially, there are no forms there, yes, simple ones like that.
Yes, there is pure HTML and complex passwords. Yes, yes, yes. That is, it is especially difficult to break there, physically. Let's say that, of course, our products help us, yes, they check all incoming attachments in the mail, launch them in sandboxes, so the chance that phishing will reach the recipient at all is very, very small.
Internal games and trainings Group-IB
Specialist:
Plus, we regularly hold all sorts of games, yes, when our testing team makes internal mailings, checks whether users will click on the links, whether they enter passwords, that is, so to speak, keep them in suspense, which of course helps, but you need to understand that there is no such thing as ideal protection and I am sure that some employees, especially non-technical departments, can be hacked at some point, somehow, for some time, yes, there is no point in inventing things, yes, we are super protected and so on, naturally, the engineering level is very, very high, but the human factor that I am talking about, yes, it always plays a certain role, so we regularly hold certain trainings on digital hygiene, how to behave, what needs to be done, but I think that some young employee who has just joined us may not know something and be hacked.
And fortunately, this does not lead to anything, to some kind of global spread.
Pavlovich:
And usually, when you say that no one hacked us there, well, you somehow, I don’t know, somehow arranged it in the universe, and in a couple of days this will definitely happen, like you can never say never. I never, I don’t know, fought in the streets, oops, a couple of days passed, and that’s it, so yeah, that’s right, we can’t say never.
Can a student get a remote job at Group-IB?
Pavlovich:
The guys ask if a student can get an internship at Group-IB, at least remotely.
Specialist:
Look, we have an address, you can send your resume there. The thing is that we have a whole department for finding talent and happiness, and in fact you can send your resumes there in any form, as you like, what you can do, what you wanted to do and why you’re cool.
We have different internship programs in different departments, for example, in my department there is none right now, but, as I say, you need to send them there, get assigned there.
Pavlovich:
Send them, basically, to your incoming mail.
Specialist:
In fact, we really need developers, all kinds. We need DevOps, it's a real personnel shortage, send them, whether you work remotely or not, it doesn't matter, we need Pythonists. In general, we actually have a huge number of vacancies.
Pavlovich:
Analysts. Masalovich strongly emphasized in his speech that analysts are in demand, i.e. those who can process information and make some kind of extract from it.
Specialist:
And they too, especially if you understand what threat intelligence is, how cyber intelligence works in general, all these skills, they are very applicable. Plus, we also have non-technical vacancies, in fact. So send them, send them, maybe you'll be lucky, maybe we'll be colleagues.
Did the secret services try to recruit you?
Pavlovich:
Have they tried to recruit you or anyone from your team into Western intelligence agencies, so to speak?
Specialist:
Well, it’s hard for me to say for the team, yes, they haven’t tried to recruit me. I think it’s because I don’t know any state secrets, I’ve never served anywhere, I mean neither in the police nor in the intelligence services, nowhere, that is, I’m absolutely a civilian, I graduated from a civilian university and then started working at Group-IB, and since I don’t know any state secrets, I work for a commercial organization, there’s not much point in recruiting me… Well, only competitors, if that’s true.
Yes, yes, yes, competitors might be interested, but we were hunted, naturally, we are regularly hunted by each other, someone is trying to poach something from each other, but the intelligence services simply don’t need my knowledge, I’m soberly aware of that.
Pavlovich:
Well, your knowledge, in principle, can be obtained for money.
Specialist:
Yes, of course, of course, that is, considering how much influence Western intelligence agencies actually have on Western companies, yes, they can buy any of our services, products, etc., and learn something about it, of course. I think that Western intelligence agencies are unlikely to be interested in our commercial secrets, and I don’t really have any either, which are related to the development of something, I mean software or something like that.
After all, I have a more analytical department, so I think that I simply do not constitute any value for our or Western intelligence agencies, no one has even tried them well, from my point of view this is good.
Staff turnover, specialist hunting
Pavlovich:
And you say that competitors are hunting employees, well, and you, accordingly, maybe hunt some of your competitors, right? Is there a high staff turnover in general?
Specialist:
It depends a lot on the department, yes, that is, there are more friendly departments, for example, in our lab we have a very strong division, there are less friendly ones, again, there are agreements on non-hunting, well, you probably know how, you know, Amazon and Google, they agree there, well. Well, they have special agreements there, like either Apple or Google, so as not to lure employees away just like that, that he cannot work there for a certain number of years after he worked here for a competitor.
In general, it all works with varying degrees of efficiency, but, naturally, there is a shortage of specialists, and there is a shortage of personnel, and hunting is quite frequent, and very often Western companies hunt. By the way, Ilya has a famous speech, you can find it on YouTube, where he spoke to the government, and he talked about how Huawei, for example, hunts Russian specialists very much, just buys them up as soon as it can.
This also brings a certain problem, yes.
Drones, neural networks, the near future
Pavlovich:
Well, they simply lure people with big salaries and a better social package. Yes, yes. Do you think there will ever come a time when cybercrime will become obsolete, but simply because it will become unprofitable to deal with it, because of the development of artificial intelligence, neural networks, and so on. Will universal happiness ever come and you will be able to take a year's vacation?
Specialist:
I am sure that no. Why? How does it work? This is about replacing people with the same artificial intelligence. As soon as we get to something like that, the question immediately arises, who programs this artificial intelligence? Like with neural networks and machine learning. For example, in theory, maybe it is possible to find, create a certain conditional neural network that catches hackers.
I am speaking very simply, but it needs to be trained somehow, and there will be people who will train it, that is, some specialists, and there will also be people who will train evil neural networks, who will automatically steal everything themselves, or, of course, abduct, that is, commit crimes themselves, because any technology can be used for good and for evil. I can immediately recall this whole story with drones, which were just appearing, like this is a cool thing to shoot from drones, and then they immediately started throwing drugs across the border with these drones and immediately hung missiles on them and started killing people.
Pavlovich:
They throw a cigarette to a friend.
Specialist:
That is, let's say this way, any technology will immediately begin to be used in a military and criminal way, and then in a peaceful way, for example. And in the same way with any technologies that we named here, there will simply be new methods of committing the same cybercrimes. Perhaps, classic cybercrimes will disappear, but some new ones will appear. But it is also unlikely that they will disappear completely, because we see that technology simply allows old types of crimes to be reborn.
Telephone fraud, which is now somehow connected to finding out some digital data, but it is still the usual, let's say, scam from the moment when telephones appeared. And all this social engineering is still...
Pavlovich:
And casinos.
Specialist:
On the Internet. And these very African letters, which really used to be letters that came to Britain from behind the colony. That's it. Therefore, everything simply makes a circle, a spiral, and it never completely goes anywhere. Probably, in my dreams, in some specific ones, it might even be better if violent crimes are replaced by some cybercrimes.
Well, property-related. Yes, yes, yes, property-related. That is, there will be less violence on the streets, in families, anywhere. There will be murders, all that stuff, rapes, serious crimes of some kind. And there will be more, let's say, cybercrimes, although this brings damage to both people and the economy, but not violent ones. And it seems to me that, perhaps, the development of civilization will lead to the fact that we will never eradicate crime at all, naturally. This is human nature.
But let us better defeat street crime and some violence than defeat this entire cyber-history.
"Digital Profile"
Pavlovich:
Do you think that the introduction of some mandatory lessons in computer literacy in the school curriculum would have a strong impact, would it affect the reduction of the same crimes?
Specialist:
I am sure that yes, I am sure that this is absolutely mandatory. I don’t remember whether I talked about this in previous issues or not, but I will note that now it is very important for absolutely all children to have some kind of digital identity, that is, they will now be children born in the era of the total Internet, they will immediately be on all social networks, and it is super important for the youngest, right there in childhood, to teach them how to behave on the Internet, what and where they can post, and how to conduct their digital appearance, yes, their digital profile, but the same, as you say, nickname, yes, the same nickname that is used everywhere, If you register with it everywhere, a huge trace will be dragged behind you, and you need to use this, among other things, to your advantage, so that later, when you are hired for a job, I don’t know, in 20 years, everything will be completely different, and all this will be automatically searched for, and there will immediately be some kind of digital profile, it already exists now, but it will be even more developed, a digital profile of this person, if you post videos from lists on some huts, where there is trash, fun, alcohol at 14, then at 20 you may not be hired.
Well, in a serious structure. In a serious structure, yes. How many politicians' careers have already been destroyed, when their photos with drugs and prostitutes are posted there. And in the same way, this will affect more and more and everyone, not just some VIPs. And again, as I said, a huge number of people fall under various articles, including computer ones, without fully realizing what exactly they are doing.
They feel that there is some kind of catch here, for example, they cannot only earn money, but they, perhaps, cannot even formulate what the problem is.
Pavlovich:
Well, as in the example with Dzyuba, yes, that is, law enforcement officers can, if they want, they will regard this as the distribution of pornography, but it is clear that in the case of Dzyuba no one needs it, but even a person does not think, my friend sent me at my request, or maybe I provoked him, maybe I am a law enforcement officer, he sent me, and that's it, I tell him, oh, here we go.
Specialist:
Therefore, it is imperative to teach this and teach that the digital world, it is an integral part of life now. And about how to behave there and how not to behave there.
Educational courses on cybersecurity
Pavlovich:
So they would make some kind of educational course, sell it to the state or give it for free, implement it in all schools.
Specialist:
Even this is not difficult.
Pavlovich:
You know what points you need to pay attention to.
Specialist:
We do this, there are all sorts of open lessons, that is, we have our trainers perform there, but still, some kind of campaign initiative is one thing, and another thing is the state level, support and, most importantly, some kind of PR for all of this. I myself have spoken to schoolchildren several times, for example, I spoke at the lyceum that I graduated from, and it always arouses the keenest interest, because a lot of this is not in school programs, and it seems to me that this should be taught from a very young age.
Pavlovich:
So, if any of the government officials are watching us, just think about it, in order to improve computer literacy, security and so on, right from school, we can develop with them there, with another company, involve me for some purposes, we can develop some specific course that will basically benefit everyone, and it will be easier for law enforcement officers, and there will be less theft from banks, and schoolchildren will get involved in fewer cases, and will not ruin their careers, willingly or unwillingly.
Reading information from a monitor using the electromagnetic radiation analysis method
Pavlovich:
A question from a viewer: is it possible to remotely read information directly from a monitor screen using the electromagnetic radiation analysis method?
Specialist:
No, I see skepticism on your face, actually. There is such a thing called PMIN, it is a whole section of certain technical types of intelligence, and in fact, even in the times of, say, the Soviet Union, there were special devices that allowed reading data from an electron beam tube, that is, from a TV screen or monitor, almost through a wall, and this whole story regularly comes up about how, for example, by the sound of pressing on the keyboard, you can understand what is being entered by some residual magnetic scenes on the screen, and so on and so forth.
If we answer briefly, then yes, it is possible, indeed, and there are scientifically substantiated examples, and even, let's say, proof concepts, and perhaps even some special services have some devices, but in reality it is almost impossible to encounter this.
Pavlovich:
There is nothing to worry about.
Specialist:
Yes, yes. Usually all these premises protected from PMIN, there are even special certifications, for example, in which they work with top secret or especially important information. They even have batteries specially distributed through soft pillows so that the sound is not transmitted, does not resonate. There are triple doors, eight-pane glass units, so that the laser cannot read the sound from the vibration of the glass. And all this applies to computers in exactly the same way, for example, there will be some kind of Frodej grid that will screen this whole story.
But in reality, the chances of this are negligible, unless you are an Amazon owner, like Bezos was hacked then, and even then they hacked him clumsily through Prince, it is unlikely that anyone will bother so much.
It seems to me that it is much easier to use all sorts of human methods, to send a person, I don’t know, a mistress who will infect the computer with physical access, or if it is some computer where you synchronize with the cloud, just ask that company on the cloud to provide data, than to bother so much.
How they talk in prison
Pavlovich:
Soldering iron. You reminded me about the battery, I remember we used to talk to each other in prison over the battery, there is a narrow pipe to the battery, and you put a mug up to it and say, we were on the second floor, we were talking to the fourth floor, that is, the resonance goes through the pipes, and you talk through the mug, put this glass down, talk even through the floor, imagine, just over an ordinary battery.
Are there exploits that allow you to pick a password using a gyroscope?
Pavlovich:
Are there exploits that allow you to pick a password on Android, for example, by analyzing a gyroscope?
Specialist:
Again, there were concepts, that is, they showed all sorts of things about the fact that, firstly, there are all sorts of gesture recognition, tapping on different parts of the smartphone, this is even used by some manufacturers. And it also became clear that if the password is short, then pressing on different screens, listening to the microphone or tracking the accelerometer or gyroscope in this smartphone, you can understand how this password is entered.
But here you need to understand that all these things, they are more theoretical, such an application may exist, but it needs to be installed on this phone somehow, and then everyone has different finger lengths, they press the screen with different force, that is, this virus will still have to be trained somehow. Different phone models, different weights, different screen models.
I think that if the virus is already on your computer, it doesn't need your password, it will already extract all the data from there without any problems.
Pavlovich:
In short, theoretically, yes, in practice, like Limu Joe.
Specialist:
I've seen some cool tricks, I've seen examples of overlays on ATMs, skimmers that had an infrared camera. And they just see the residual trace of heat on the keys. That is, even if a person covers the PIN code entry, he then removes his hand, and there, let's say, 3 or 4 keys glow.
Pavlovich:
Ah, that is, this is done so that it would be simpler to count with a video camera, since he covered the PIN codes at Alfa Bank, they have special things like that in ATMs, that is, if you install a camera, it will not see what I'm driving there, and therefore they will be able to see the glowing heat. Yes, yes. And since there is a number 4, it is 4 and we have possible combinations, how many are there, 16 or 4 to the fourth power, I don’t remember, well, in short, Yes, it is logical, but these methods, you see, work in theory and are not needed in practice, because there is a soldering iron.
Why do you use Apple technology?
Pavlovich:
Question from Dagba, or Dagba, it is clear that the guest uses the Apple ecosystem. According to information from Snowden, the American government has an official law, according to which all American IT companies must leave backdoors for the special services.
How do you allow yourself to use these gadgets, for example, an iPhone, being the head of the information department.
Specialist:
Yes, in fact, it’s just that the American intelligence services are not included in my threat model, yes, that is, well, even if they receive some data, it will not affect me in any way, there, on the company’s activities, and so on. Here it should be noted that, firstly, this is really so, yes, that is, I have already even mentioned a revelation, we understand that everything that you upload, if we are talking about the Apple ecosystem, everything that you give to iCloud, the NSA definitely has it, the NSA had problems with access to the iPhones themselves, that is, when they were seized from terrorists, there is no access to the device itself, that is, they do not use the cloud, for example, they turned off the entire cloud history, and they are interested in what was there, what he wrote right before the explosion or attack, to whom and so on, from whom he received commands, this is not in the clouds, and then they start having all these problems, even Trump was like give access, they wrote to Apple, like Apple give access, they specifically did it so that they cannot do this, well, that is, they can do it there, but it is very, very simple, but it will violate all their internal rules and most likely they will destroy it, well, how self-business component they will stop trusting and here the simple point is that if you are afraid of American intelligence agencies in principle the Apple ecosystem can be used, yes, but you turn off the entire cloud history, but at the same time the convenience of all this use drops sharply.
Key in iCloud
Specialist:
You had a guest, BadB, I think he told me that he had a laptop with TrueCrypt and he had a Macbook, and the Macbook was like hacked instantly. I can give you an example. If you enable FailVault encryption in your Macbook, yes, it will ask, do you want to save a backup copy of the recovery key in iCloud? If you click yes, then, of course, later, if you are detained by American intelligence agencies, they will immediately decrypt this file, despite the fact that it is super strong, because the key is stored in iCloud. And it should be noted here no, if you forget the key, that's it, the data is doomed. And the same with any other encryption, for example, Microsoft, BitLocker, built-in Windows encryption. And if you give this key to your Live account for recovery, of course, it can then be available to Western intelligence agencies.
And do not be surprised that then they will instantly decrypt all this.
"There are special deliveries of equipment with special bookmarks and other things
Pavlovich:
Well, okay with you and me, yes, but, let's say, it is better for a high-ranking politician, naturally, not to use enemy equipment.
Specialist:
Absolutely. And here the question is not even about Apple as such, but in general any device on someone else's processes, on someone else's hardware base. Because, again, with Snowd's revelation, we know that there are even special deliveries, a special batch of equipment goes to this country, including television, with special bookmarks and so on. And you need to know that in the Soviet Union, in fact, there were entire departments in research institutes that checked all this equipment for hardware bookmarks using X-ray.
But now the problem is that the technological process has decreased so much that this thing simply does not work. These are microns already. Yes. Nanometers. Nanometers. That's it. And it is simply impossible to find hardware bookmarks. Thus, it is too expensive.
Therefore, yes, if you are some kind of official or businessman, from whom some super know-how can really be stolen, then you need to understand that if you give something to the cloud, it can definitely be used against you by the special services of Western countries, because, as we did not say, but when their entire business is there, they are obliged to comply with any local laws, they cannot just send everyone to hell, and in my case, I simply do not see any threat from Apple, I do not give everything to iCloud, but there is absolutely no direct threat in this.
Pavlovich:
Well, I give photos and I give notes, this has an advantage, because I always have them at hand on all devices, but this has a disadvantage, competitors can take them. And in this regard, we send greetings to Dmitry Anatolyevich Medvedev with his iPad. Remember, he was constantly sitting in his iPad at meetings and got stuck.
Specialist:
Yes, yes, yes. Therefore, of course, yes, it can pose certain threats.
Are Data Science approaches used to analyze complex cases?
Pavlovich:
And the last complex question from our viewers, then we will go over another point, are Data Science approaches used to analyze complex cases, for example, searching for anomalies in network logs, if so, in which cases and how successfully.
Specialist:
Yes, in fact, Big Data and big data analysis, including with the use of machine learning and neural networks, is a super important story. We use this in many products right now. For example, we have a product like SecureBank, SecurePortal, yes, which analyzes various transactions in banks, in retail and can, for example, learn and find these anomalies based on mouse movements, keyboard input.
Here you go. And we, including when analyzing some huge volume of logs or something like that, also use a variety of algorithms, for example, to calculate that a person is working outside of working hours, or there is an uncharacteristic surge in data transfer. These are, in fact, also quite common statistical methods from MATTATA. So, of course, Data Science is all important, this is definitely the future.
Why? Because the volumes of data are already growing so much that it will soon be simply impossible to analyze them with the human mind. The volumes are simply too large. Now, for example, logs can take up gigabytes, and if the Internet penetrates everywhere around the world, there will be everything, I don’t know how many we have, 8 billion. Teapots, microwaves too.
And a bunch of devices will generate traffic, and even an ordinary site will have terabytes of logs, not transferred, but logs, then this can only be analyzed using such methods, so we use it, we need to develop it even better, go deeper, train, use it, as if this is definitely the future.
Bank data analysis
Pavlovich:
Therefore, if yes, they asked such a question, maybe he comes, be with Data Science to work in Group-IB, and immediately the question is, aren't banks afraid to give you such information for analysis?
Specialist:
It works very cleverly there, that is, we give them a script, the analysis is carried out mostly on their side, we do not see specific data, we rather report, alert, highlight some flags that there are anomalies here, and then they already have their own anti-fraud systems, and they use it simply in scoring, that is, they, for example, have some set of points that can be obtained, and our system gives one of these points, but they also check through other channels, and if a certain amount is collected, the transaction can be suspended, and so on.
We have public information that we work with Sber, and even on Habr there was a guy who got really nervous when he saw that some Group-IB script was being given out on the Sberbank Online website, and here you need to understand that there are simply millions of users, millions of transactions per second, these are super overloaded systems, and you still need to analyze everything and give out some data.
So this is really cool, interesting, if you are a developer or interested in such things, join the team, there are really world-class projects there.
Client ID
Pavlovich:
Well, and you don’t see the user ID directly, for example?
Specialist:
No, no, of course not, that’s not what it’s required for. Well, actually, banks simply can’t give us that, according to the law on banking secrecy, and there’s simply no need for that.
Pavlovich:
Well, for example, I also can't give away, for example, user data in cashback, yes, but I can't give away his email, for example, and, there, phone, but I can give away his ID in our database, because this is purely our internal information, there, six digits, or I can, if required for some synchronization, I can give away part of the email, for example, there, in asterisks, for example, that is, first of all, it is not necessary to give away, there, 10 characters of the email, that is, the first 4-5 will be enough for synchronization.
Why is the "pirated" Windows 10 updated?
Pavlovich:
If you use Windows 10, fortunately, I don't have Windows, but activated with this pirated key, yes, why is it updated in Russia, for example? Why is it not blocked? They understand that it is activated with a pirated key for this.
Specialist:
And this is connected with Microsoft's reputation, what happened if you remember, when the seven was not activated, it did not install all the updates, that is, it installed only part of the updates, so it was constantly screaming that it was not activated, they would be unavailable there, and so on, and then they started publishing various review sites and writing the number of infected devices by percentage of the operating system, and it turns out that Windows was simply in the super top leaders, and this is all because Windows is pirated, it does not update, and in no case do not install the update, God forbid the activation will fly off or it is pirated, or something else.
By the way, there were a lot of clients who were victims, who were like, everything is pirated with us, like we don't install anything, God forbid some updates, everything will be erased, like it works and thank God. And there are such holes that a schoolboy opens Kali, launches metasploit, presses one button and they are already hacked, that is, you don’t even need any knowledge, you just need to know the IP, and there is just a vulnerable server, and that’s it.
And as if Microsoft, as I understand it, realized that this is a big problem. And the first thing they started to implement was Windows. Defender, that is, a protector, a small built-in antivirus.
Pavlovich:
Your own firewall.
Specialist:
Here, an antivirus, a real antivirus. Well, the firewall was there right away in the seven, yes, and that means, further in the ten they are already, even if it is not activated at all, that is, with a pirated key, or even not activated at all, it still installs all security updates, there is already a built-in Defender, you do not need to install it separately, earlier there would be Microsoft Security Essentials, something like that it was called, well, and as I understand it, this is precisely for the image, that is, so that home users suffer less from all sorts of attacks, they automatically receive all updates, Office is updated, by the way, automatically too, well, if it is there, and there is some basic antivirus completely free, well, and from mass threats such a user will be infected, will recommend to everyone and this plays precisely on their reputation and image and I think that this is the main problem yes blocking pirated Windows and now even in fact taking into account the limits in the tens to find out who this person is, what he uses there I don’t know and even do anything with his laptop in theory Microsoft could but they don’t do it it's just because, as I understand it, all companies are now reorienting themselves to selling services, like Office 365, this cloud from Microsoft, and all these stories with Azure,
"According to my forecasts, some version of Windows will be free, with paid subscriptions."
Specialist:
And they show that, according to my forecasts, I think that some of the next Windows will be free, and they will simply sell this subscription, the cloud, well, all that. Earn something from something else, right? Earn through services, yes, and vice versa, they will try to get as many people as possible hooked on their platform, so that everyone pays for services.
Sergey Pavlovich about paid services
Pavlovich:
Well, it's like with these, with IQOS, yes, this device is given almost for free, but you pay for these sticks and it's the same with cars, that is, they take theirs from repairs and spare parts, because on the cars themselves the margin is not very big, I had a guy from the auto business and I told him, voiced the numbers, that on a car, for example, take a Toyota Camry or I don't know there a BMW 3 some manufacturer earns very little there 700 thousand dollars well really because everything we buy for the car all this costs real money the margin is very low but on premium brands from the sale of Porsche there earnings of about one and a half two thousand euros already come that is from premium brands but of course they all take theirs with service and one of you sent me a real article under that video with the auto selector that confirms these words of mine, no matter what you say. And so, guys, it's time to say goodbye within the framework of this series, bye everyone!
Famous carder Sergey Pavlovich continues his conversation with Sergey Nikitin, deputy head of the computer forensics laboratory at Group-IB, the main Russian private fighter against hackers, carders and other cybercriminals, and in the ninth episode of the series we talk about viruses for hacking iPhones, protecting MacBooks, hacking Wi-Fi and Apple equipment, how to get a job at an information security company like the one created by Ilya Sachkov, and much more.
Enjoy reading!
Contents:
- Is it possible to get into Group-IB if you were involved in whitehat hacking?
- About Wi-Fi hacking
- Pegasus iPhone Hacking Virus
- Have there been any real hacks using Spectre and Meltdown?
- Hardware vulnerabilities
- Sergey Nikitin about MacBooks
- Have there been any attempts to attack the Group-IB website?
- Group-IB internal games and trainings
- Can a student get a remote job at Group-IB?
- Did the intelligence services try to recruit you?
- Staff turnover, specialist hunting
- Drones, neural networks, the near future
- "Digital Profile"
- Cybersecurity Educational Courses
- Reading information from a monitor using electromagnetic radiation analysis
- How do they talk in prison?
- Are there any exploits that allow one to guess a password using a gyroscope?
- Why do you use Apple technology?
- iCloud Key
- "There are special deliveries of equipment with special bookmarks and other things"
- Are Data Science approaches used to analyze complex cases?
- Bank data analysis
- Client ID
- Why is the "pirated" Windows 10 being updated?
- "My prediction is that some version of Windows will be free, with paid subscriptions"
- Sergey Pavlovich about paid services
Is it possible to get into Group-IB if you were involved in whitehat hacking?
Pavlovich:
A question from the audience. You said in the third part that you use a polygraph to check if I am a planted Cossack, if I am a member of cyber groups, if I am involved in dirty tricks. But if a couple of years ago I hacked websites and networks, sometimes it came to deep access to 1C and accounting, whenever possible I informed the owners about the vulnerabilities I found, I did not sell the access, I did not participate in dirty tricks. That is, well, essentially, white hat, right? Is there any chance at all to get into your office?
Specialist:
I think so. Well, that is, you need to understand that this is not some kind of super-strict boundary. There, oh, you hacked something, and that's it, you are immediately a cybercriminal. A person's motivation is very important, his thoughts, for what purpose he did it, what he was pursuing. He informed them. Yes, yes, yes. That is, it is quite possible that... Let's say it is always individual.
The main idea is that we simply do not take cybercriminals with a cybercriminal mindset, that is, it is not necessary that they were convicted of something, maybe they got away with it, but a person's thinking changes in a certain way. I think that you yourself remember your time, when you were doing this, you probably thought differently than now. I mean the very way of thinking, motivation and so on and so forth.
And this is the idea, that is, we have a certain mission there, many people probably don't like it, but this is how it works. And we look for like-minded people first of all when we recruit people. If a person wants to fight cybercrime, he himself is not directly involved in something bad, why not? It always makes sense to send if he passes the security check, why not?
Pavlovich:
But I think in this case, before you got a job, you also hacked something there and so on. It wasn't always legal there, it's just that here, well, the goal is precisely something, well, yes, I hacked there, okay, I could, as if from the point of view of the law, if you were caught, it would probably be illegal of course and you would be prosecuted by someone, but you hacked it, you managed to tell the guys that you have a hole there, for example, and I think everyone has had something like that in their life.
About hacking Wi-Fi
Specialist:
Yes, in fact, I think that almost everyone there tried to hack some kind of Wi-Fi when it became a popular tool. It seems to me that many people got acquainted with Callie because of this. Or rather, before that it was called Backtrack. As far as I remember, Backtrack or something like that. I'm sure they will correct me in the comments. Naturally, this does not always carry some kind of super-destructive thing. Moreover, I repeat, many teenagers there may not understand that they are committing some kind of crime.
Hacking your neighbor's Wi-Fi. Yes, yes, hacking your neighbor's Wi-Fi. Like, well, I just need the Internet, and I have to pay money and so on.
Pavlovich:
I had a guy come to visit me, and he immediately hacked my neighbor's Wi-Fi, there were 1, 2, 3, 4, 5, 6, 7, 8, and that's it, he gives me the password, says, I say, so why the hell did you do that.
Speaker 1:
Did you do it?
iPhone hacking virus Pegasus
Pavlovich:
You have Internet at home, I have Internet at home, is the Internet not enough for you or what? Well, that's his habit and that's it, that is, in this way he hacked from my IP, yes, and he also set me up. So, the person asks to give the resources of NSO groups, products or at least samples. What does he want to mean?
Specialist:
I was talking about a company that, let's say, ordered the special services to develop some cyber weapons, I was talking about hacking iPhones. The virus itself is called Pegasus, and in English it is written Pegasus. You can search for it, there are samples, you can download them directly from the Internet, watch them. It is well known, it is well researched, there are articles about it.
Pavlovich:
Are the sources of this Pegasus available on the open network on the Internet? Not the source, but the binaries.
Specialist:
There are compiled files. The source, probably, only the NS groups have. But still, if anyone is interested, they can be opened in a disassembler, watched, researched and read the research. Perhaps, I do not remember if I mentioned the name of the virus. If not, then it is called Pegasus. And already by this keyword, that is, the NS group Pegasus, you can find everything on the Internet.
Were there any real hacks using Spectre and Meltdown?
Pavlovich:
The next question, I do not quite know what this is, but the question is asked. Were there any real hacks in your practice using Spectre and Meltdown?
Specialist:
Great, I'll tell you. So, these beautiful names are the names of vulnerabilities in Intel processors that suddenly came to light, and they consist in the fact that there is a special protected mode in the process and the trick is that one program should not just get access to the memory of another program and there are special hardware algorithms for this and it turned out that in order to increase the performance of Intel they went to some tricks as a result of the discovered vulnerabilities it was possible to get access to, say, in the context of other programs, simply steal some data from RAM and it was even possible to do this attack remotely. That is, I send some special fragments to the server And it can accidentally give me some pages of memory back And in theory, these pages of memory can contain both passwords in plain text, and encryption keys, anything If you attack such a server long enough, you can count a lot of memory It is, however, randomly issued, but you can get some valuable data
Pavlovich:
Well, this is theoretically, but in practice, have you had any?
Specialist:
In practice, it is practically useless. That is, the chances of getting something needed are not very high. And then what? Then they released a BIOS update, a huge number of them. And if they were installed, updated, there is a microcode embedded in the BIOS. This is, let's say, a certain program, how the processor works. And in this microcode, they made some special slowdowns, as a result of which you lose in productivity. But most of these attacks become not very relevant.
Hardware vulnerabilities
Specialist:
But this is an excellent point related to the fact that the question itself raised such a point that in addition to software vulnerabilities, there are hardware ones that are very difficult to close and few users will completely switch to other new processors because they found only very expensive ones, especially if we are talking about enterprise, when I talked about the vulnerability of the iPhone processor and the old ones, it still exists and the T2 chip that was in MacBooks for some MacBook models, it is also based on the old chip from mobile processors and it is also vulnerable and now a MacBook with a T2 chip can be infected with this vulnerability and since the T2 chip is loaded before the operating system, you get a rootkit that, for example, can intercept your password for logging into the system, and this is the password for fail vault encryption, and send it somewhere, since it works like a rootkit. But this only works again with physical access to the laptop.
Sergey Nikitin about MacBooks
Specialist:
And if in the last issue I gave a recommendation to everyone to buy MacBooks with a T2 chip, now, probably, Tim Cook paid me again, but literally yesterday there was a presentation of new MacBooks on their own processors, where this vulnerability is no longer present.
Pavlovich:
Well, it's time for me to change, in my opinion.
Specialist:
Well, and it's also cool that they sell them for the same price, and with incredible autonomy. But the Security Enclave, that same security coprocessor, it is now moved inside the chip, it is not separate, and this hole is closed there. That's why... That is, the new chips from Apple are not bad, right? Yes, very good.
Pavlovich:
As of today?
Specialist:
As of today. It will always be a kind of struggle, there, of sword and shield, but if I advertised T2 last time, you could say I advertised it, I just have to make a reservation that look, it is also being hacked now, it can carry some risks, it cannot hack your encryption, but it can do so that your password is simply intercepted, but all this requires physical access to the laptop, but you can forget it in the hotel, it can be searched at the airport.
Well, like Biden had now, like his son. And therefore, in general, MacBooks with a T2 chip on Avito, and buy new ones yourself, fortunately the price has not changed there and in fact you will not have to pay extra for the difference, perhaps not very much. The problem is fixed there.
Have they tried to attack the Group-IB website?
Pavlovich:
Have they ever tried, I understand that the question is a little naive, have they ever tried to attack Group-IB? Regularly, of course, absolutely.
Specialist:
What do they hack? Well, first, naturally, the weakest point is people, yes, that is, they try to send phishing, anything, get data and access to employees, hack personal accounts of employees, personal devices, several times, there were several interesting cases, in fact, several times on behalf of Group IV they tried to make mailings, that is, they simply replaced the sender's addresses, this is possible in mail, well, if the recipient has poorly configured spam filters, then it may work.
The second point, I remember, there was a leak, I think, of the Bukhtrap source code, well, it's a virus, and there was a password for the archive, Group-IB, Smart Boys, something like that, well, some kind of confession also from cybercriminals, so, it was like, let's say, there was a notification, I think, from our certificate, or rather, someone impersonated a notification from our certificate, and also sent out a mailing, that is, as if some malware was distributing on our behalf.
Therefore, we regularly encounter some attacks and this is, like, completely normal. And was the site hacked, were there any successful attacks? The site, they say there, is our business card site, it has some functionality, and there is simply no point in hacking it.
Pavlovich:
You didn't deface it?
Specialist:
No, we didn't deface it, again it's difficult, because Because, trivially, there are no forms there, yes, simple ones like that.
Yes, there is pure HTML and complex passwords. Yes, yes, yes. That is, it is especially difficult to break there, physically. Let's say that, of course, our products help us, yes, they check all incoming attachments in the mail, launch them in sandboxes, so the chance that phishing will reach the recipient at all is very, very small.
Internal games and trainings Group-IB
Specialist:
Plus, we regularly hold all sorts of games, yes, when our testing team makes internal mailings, checks whether users will click on the links, whether they enter passwords, that is, so to speak, keep them in suspense, which of course helps, but you need to understand that there is no such thing as ideal protection and I am sure that some employees, especially non-technical departments, can be hacked at some point, somehow, for some time, yes, there is no point in inventing things, yes, we are super protected and so on, naturally, the engineering level is very, very high, but the human factor that I am talking about, yes, it always plays a certain role, so we regularly hold certain trainings on digital hygiene, how to behave, what needs to be done, but I think that some young employee who has just joined us may not know something and be hacked.
And fortunately, this does not lead to anything, to some kind of global spread.
Pavlovich:
And usually, when you say that no one hacked us there, well, you somehow, I don’t know, somehow arranged it in the universe, and in a couple of days this will definitely happen, like you can never say never. I never, I don’t know, fought in the streets, oops, a couple of days passed, and that’s it, so yeah, that’s right, we can’t say never.
Can a student get a remote job at Group-IB?
Pavlovich:
The guys ask if a student can get an internship at Group-IB, at least remotely.
Specialist:
Look, we have an address, you can send your resume there. The thing is that we have a whole department for finding talent and happiness, and in fact you can send your resumes there in any form, as you like, what you can do, what you wanted to do and why you’re cool.
We have different internship programs in different departments, for example, in my department there is none right now, but, as I say, you need to send them there, get assigned there.
Pavlovich:
Send them, basically, to your incoming mail.
Specialist:
In fact, we really need developers, all kinds. We need DevOps, it's a real personnel shortage, send them, whether you work remotely or not, it doesn't matter, we need Pythonists. In general, we actually have a huge number of vacancies.
Pavlovich:
Analysts. Masalovich strongly emphasized in his speech that analysts are in demand, i.e. those who can process information and make some kind of extract from it.
Specialist:
And they too, especially if you understand what threat intelligence is, how cyber intelligence works in general, all these skills, they are very applicable. Plus, we also have non-technical vacancies, in fact. So send them, send them, maybe you'll be lucky, maybe we'll be colleagues.
Did the secret services try to recruit you?
Pavlovich:
Have they tried to recruit you or anyone from your team into Western intelligence agencies, so to speak?
Specialist:
Well, it’s hard for me to say for the team, yes, they haven’t tried to recruit me. I think it’s because I don’t know any state secrets, I’ve never served anywhere, I mean neither in the police nor in the intelligence services, nowhere, that is, I’m absolutely a civilian, I graduated from a civilian university and then started working at Group-IB, and since I don’t know any state secrets, I work for a commercial organization, there’s not much point in recruiting me… Well, only competitors, if that’s true.
Yes, yes, yes, competitors might be interested, but we were hunted, naturally, we are regularly hunted by each other, someone is trying to poach something from each other, but the intelligence services simply don’t need my knowledge, I’m soberly aware of that.
Pavlovich:
Well, your knowledge, in principle, can be obtained for money.
Specialist:
Yes, of course, of course, that is, considering how much influence Western intelligence agencies actually have on Western companies, yes, they can buy any of our services, products, etc., and learn something about it, of course. I think that Western intelligence agencies are unlikely to be interested in our commercial secrets, and I don’t really have any either, which are related to the development of something, I mean software or something like that.
After all, I have a more analytical department, so I think that I simply do not constitute any value for our or Western intelligence agencies, no one has even tried them well, from my point of view this is good.
Staff turnover, specialist hunting
Pavlovich:
And you say that competitors are hunting employees, well, and you, accordingly, maybe hunt some of your competitors, right? Is there a high staff turnover in general?
Specialist:
It depends a lot on the department, yes, that is, there are more friendly departments, for example, in our lab we have a very strong division, there are less friendly ones, again, there are agreements on non-hunting, well, you probably know how, you know, Amazon and Google, they agree there, well. Well, they have special agreements there, like either Apple or Google, so as not to lure employees away just like that, that he cannot work there for a certain number of years after he worked here for a competitor.
In general, it all works with varying degrees of efficiency, but, naturally, there is a shortage of specialists, and there is a shortage of personnel, and hunting is quite frequent, and very often Western companies hunt. By the way, Ilya has a famous speech, you can find it on YouTube, where he spoke to the government, and he talked about how Huawei, for example, hunts Russian specialists very much, just buys them up as soon as it can.
This also brings a certain problem, yes.
Drones, neural networks, the near future
Pavlovich:
Well, they simply lure people with big salaries and a better social package. Yes, yes. Do you think there will ever come a time when cybercrime will become obsolete, but simply because it will become unprofitable to deal with it, because of the development of artificial intelligence, neural networks, and so on. Will universal happiness ever come and you will be able to take a year's vacation?
Specialist:
I am sure that no. Why? How does it work? This is about replacing people with the same artificial intelligence. As soon as we get to something like that, the question immediately arises, who programs this artificial intelligence? Like with neural networks and machine learning. For example, in theory, maybe it is possible to find, create a certain conditional neural network that catches hackers.
I am speaking very simply, but it needs to be trained somehow, and there will be people who will train it, that is, some specialists, and there will also be people who will train evil neural networks, who will automatically steal everything themselves, or, of course, abduct, that is, commit crimes themselves, because any technology can be used for good and for evil. I can immediately recall this whole story with drones, which were just appearing, like this is a cool thing to shoot from drones, and then they immediately started throwing drugs across the border with these drones and immediately hung missiles on them and started killing people.
Pavlovich:
They throw a cigarette to a friend.
Specialist:
That is, let's say this way, any technology will immediately begin to be used in a military and criminal way, and then in a peaceful way, for example. And in the same way with any technologies that we named here, there will simply be new methods of committing the same cybercrimes. Perhaps, classic cybercrimes will disappear, but some new ones will appear. But it is also unlikely that they will disappear completely, because we see that technology simply allows old types of crimes to be reborn.
Telephone fraud, which is now somehow connected to finding out some digital data, but it is still the usual, let's say, scam from the moment when telephones appeared. And all this social engineering is still...
Pavlovich:
And casinos.
Specialist:
On the Internet. And these very African letters, which really used to be letters that came to Britain from behind the colony. That's it. Therefore, everything simply makes a circle, a spiral, and it never completely goes anywhere. Probably, in my dreams, in some specific ones, it might even be better if violent crimes are replaced by some cybercrimes.
Well, property-related. Yes, yes, yes, property-related. That is, there will be less violence on the streets, in families, anywhere. There will be murders, all that stuff, rapes, serious crimes of some kind. And there will be more, let's say, cybercrimes, although this brings damage to both people and the economy, but not violent ones. And it seems to me that, perhaps, the development of civilization will lead to the fact that we will never eradicate crime at all, naturally. This is human nature.
But let us better defeat street crime and some violence than defeat this entire cyber-history.
"Digital Profile"
Pavlovich:
Do you think that the introduction of some mandatory lessons in computer literacy in the school curriculum would have a strong impact, would it affect the reduction of the same crimes?
Specialist:
I am sure that yes, I am sure that this is absolutely mandatory. I don’t remember whether I talked about this in previous issues or not, but I will note that now it is very important for absolutely all children to have some kind of digital identity, that is, they will now be children born in the era of the total Internet, they will immediately be on all social networks, and it is super important for the youngest, right there in childhood, to teach them how to behave on the Internet, what and where they can post, and how to conduct their digital appearance, yes, their digital profile, but the same, as you say, nickname, yes, the same nickname that is used everywhere, If you register with it everywhere, a huge trace will be dragged behind you, and you need to use this, among other things, to your advantage, so that later, when you are hired for a job, I don’t know, in 20 years, everything will be completely different, and all this will be automatically searched for, and there will immediately be some kind of digital profile, it already exists now, but it will be even more developed, a digital profile of this person, if you post videos from lists on some huts, where there is trash, fun, alcohol at 14, then at 20 you may not be hired.
Well, in a serious structure. In a serious structure, yes. How many politicians' careers have already been destroyed, when their photos with drugs and prostitutes are posted there. And in the same way, this will affect more and more and everyone, not just some VIPs. And again, as I said, a huge number of people fall under various articles, including computer ones, without fully realizing what exactly they are doing.
They feel that there is some kind of catch here, for example, they cannot only earn money, but they, perhaps, cannot even formulate what the problem is.
Pavlovich:
Well, as in the example with Dzyuba, yes, that is, law enforcement officers can, if they want, they will regard this as the distribution of pornography, but it is clear that in the case of Dzyuba no one needs it, but even a person does not think, my friend sent me at my request, or maybe I provoked him, maybe I am a law enforcement officer, he sent me, and that's it, I tell him, oh, here we go.
Specialist:
Therefore, it is imperative to teach this and teach that the digital world, it is an integral part of life now. And about how to behave there and how not to behave there.
Educational courses on cybersecurity
Pavlovich:
So they would make some kind of educational course, sell it to the state or give it for free, implement it in all schools.
Specialist:
Even this is not difficult.
Pavlovich:
You know what points you need to pay attention to.
Specialist:
We do this, there are all sorts of open lessons, that is, we have our trainers perform there, but still, some kind of campaign initiative is one thing, and another thing is the state level, support and, most importantly, some kind of PR for all of this. I myself have spoken to schoolchildren several times, for example, I spoke at the lyceum that I graduated from, and it always arouses the keenest interest, because a lot of this is not in school programs, and it seems to me that this should be taught from a very young age.
Pavlovich:
So, if any of the government officials are watching us, just think about it, in order to improve computer literacy, security and so on, right from school, we can develop with them there, with another company, involve me for some purposes, we can develop some specific course that will basically benefit everyone, and it will be easier for law enforcement officers, and there will be less theft from banks, and schoolchildren will get involved in fewer cases, and will not ruin their careers, willingly or unwillingly.
Reading information from a monitor using the electromagnetic radiation analysis method
Pavlovich:
A question from a viewer: is it possible to remotely read information directly from a monitor screen using the electromagnetic radiation analysis method?
Specialist:
No, I see skepticism on your face, actually. There is such a thing called PMIN, it is a whole section of certain technical types of intelligence, and in fact, even in the times of, say, the Soviet Union, there were special devices that allowed reading data from an electron beam tube, that is, from a TV screen or monitor, almost through a wall, and this whole story regularly comes up about how, for example, by the sound of pressing on the keyboard, you can understand what is being entered by some residual magnetic scenes on the screen, and so on and so forth.
If we answer briefly, then yes, it is possible, indeed, and there are scientifically substantiated examples, and even, let's say, proof concepts, and perhaps even some special services have some devices, but in reality it is almost impossible to encounter this.
Pavlovich:
There is nothing to worry about.
Specialist:
Yes, yes. Usually all these premises protected from PMIN, there are even special certifications, for example, in which they work with top secret or especially important information. They even have batteries specially distributed through soft pillows so that the sound is not transmitted, does not resonate. There are triple doors, eight-pane glass units, so that the laser cannot read the sound from the vibration of the glass. And all this applies to computers in exactly the same way, for example, there will be some kind of Frodej grid that will screen this whole story.
But in reality, the chances of this are negligible, unless you are an Amazon owner, like Bezos was hacked then, and even then they hacked him clumsily through Prince, it is unlikely that anyone will bother so much.
It seems to me that it is much easier to use all sorts of human methods, to send a person, I don’t know, a mistress who will infect the computer with physical access, or if it is some computer where you synchronize with the cloud, just ask that company on the cloud to provide data, than to bother so much.
How they talk in prison
Pavlovich:
Soldering iron. You reminded me about the battery, I remember we used to talk to each other in prison over the battery, there is a narrow pipe to the battery, and you put a mug up to it and say, we were on the second floor, we were talking to the fourth floor, that is, the resonance goes through the pipes, and you talk through the mug, put this glass down, talk even through the floor, imagine, just over an ordinary battery.
Are there exploits that allow you to pick a password using a gyroscope?
Pavlovich:
Are there exploits that allow you to pick a password on Android, for example, by analyzing a gyroscope?
Specialist:
Again, there were concepts, that is, they showed all sorts of things about the fact that, firstly, there are all sorts of gesture recognition, tapping on different parts of the smartphone, this is even used by some manufacturers. And it also became clear that if the password is short, then pressing on different screens, listening to the microphone or tracking the accelerometer or gyroscope in this smartphone, you can understand how this password is entered.
But here you need to understand that all these things, they are more theoretical, such an application may exist, but it needs to be installed on this phone somehow, and then everyone has different finger lengths, they press the screen with different force, that is, this virus will still have to be trained somehow. Different phone models, different weights, different screen models.
I think that if the virus is already on your computer, it doesn't need your password, it will already extract all the data from there without any problems.
Pavlovich:
In short, theoretically, yes, in practice, like Limu Joe.
Specialist:
I've seen some cool tricks, I've seen examples of overlays on ATMs, skimmers that had an infrared camera. And they just see the residual trace of heat on the keys. That is, even if a person covers the PIN code entry, he then removes his hand, and there, let's say, 3 or 4 keys glow.
Pavlovich:
Ah, that is, this is done so that it would be simpler to count with a video camera, since he covered the PIN codes at Alfa Bank, they have special things like that in ATMs, that is, if you install a camera, it will not see what I'm driving there, and therefore they will be able to see the glowing heat. Yes, yes. And since there is a number 4, it is 4 and we have possible combinations, how many are there, 16 or 4 to the fourth power, I don’t remember, well, in short, Yes, it is logical, but these methods, you see, work in theory and are not needed in practice, because there is a soldering iron.
Why do you use Apple technology?
Pavlovich:
Question from Dagba, or Dagba, it is clear that the guest uses the Apple ecosystem. According to information from Snowden, the American government has an official law, according to which all American IT companies must leave backdoors for the special services.
How do you allow yourself to use these gadgets, for example, an iPhone, being the head of the information department.
Specialist:
Yes, in fact, it’s just that the American intelligence services are not included in my threat model, yes, that is, well, even if they receive some data, it will not affect me in any way, there, on the company’s activities, and so on. Here it should be noted that, firstly, this is really so, yes, that is, I have already even mentioned a revelation, we understand that everything that you upload, if we are talking about the Apple ecosystem, everything that you give to iCloud, the NSA definitely has it, the NSA had problems with access to the iPhones themselves, that is, when they were seized from terrorists, there is no access to the device itself, that is, they do not use the cloud, for example, they turned off the entire cloud history, and they are interested in what was there, what he wrote right before the explosion or attack, to whom and so on, from whom he received commands, this is not in the clouds, and then they start having all these problems, even Trump was like give access, they wrote to Apple, like Apple give access, they specifically did it so that they cannot do this, well, that is, they can do it there, but it is very, very simple, but it will violate all their internal rules and most likely they will destroy it, well, how self-business component they will stop trusting and here the simple point is that if you are afraid of American intelligence agencies in principle the Apple ecosystem can be used, yes, but you turn off the entire cloud history, but at the same time the convenience of all this use drops sharply.
Key in iCloud
Specialist:
You had a guest, BadB, I think he told me that he had a laptop with TrueCrypt and he had a Macbook, and the Macbook was like hacked instantly. I can give you an example. If you enable FailVault encryption in your Macbook, yes, it will ask, do you want to save a backup copy of the recovery key in iCloud? If you click yes, then, of course, later, if you are detained by American intelligence agencies, they will immediately decrypt this file, despite the fact that it is super strong, because the key is stored in iCloud. And it should be noted here no, if you forget the key, that's it, the data is doomed. And the same with any other encryption, for example, Microsoft, BitLocker, built-in Windows encryption. And if you give this key to your Live account for recovery, of course, it can then be available to Western intelligence agencies.
And do not be surprised that then they will instantly decrypt all this.
"There are special deliveries of equipment with special bookmarks and other things
Pavlovich:
Well, okay with you and me, yes, but, let's say, it is better for a high-ranking politician, naturally, not to use enemy equipment.
Specialist:
Absolutely. And here the question is not even about Apple as such, but in general any device on someone else's processes, on someone else's hardware base. Because, again, with Snowd's revelation, we know that there are even special deliveries, a special batch of equipment goes to this country, including television, with special bookmarks and so on. And you need to know that in the Soviet Union, in fact, there were entire departments in research institutes that checked all this equipment for hardware bookmarks using X-ray.
But now the problem is that the technological process has decreased so much that this thing simply does not work. These are microns already. Yes. Nanometers. Nanometers. That's it. And it is simply impossible to find hardware bookmarks. Thus, it is too expensive.
Therefore, yes, if you are some kind of official or businessman, from whom some super know-how can really be stolen, then you need to understand that if you give something to the cloud, it can definitely be used against you by the special services of Western countries, because, as we did not say, but when their entire business is there, they are obliged to comply with any local laws, they cannot just send everyone to hell, and in my case, I simply do not see any threat from Apple, I do not give everything to iCloud, but there is absolutely no direct threat in this.
Pavlovich:
Well, I give photos and I give notes, this has an advantage, because I always have them at hand on all devices, but this has a disadvantage, competitors can take them. And in this regard, we send greetings to Dmitry Anatolyevich Medvedev with his iPad. Remember, he was constantly sitting in his iPad at meetings and got stuck.
Specialist:
Yes, yes, yes. Therefore, of course, yes, it can pose certain threats.
Are Data Science approaches used to analyze complex cases?
Pavlovich:
And the last complex question from our viewers, then we will go over another point, are Data Science approaches used to analyze complex cases, for example, searching for anomalies in network logs, if so, in which cases and how successfully.
Specialist:
Yes, in fact, Big Data and big data analysis, including with the use of machine learning and neural networks, is a super important story. We use this in many products right now. For example, we have a product like SecureBank, SecurePortal, yes, which analyzes various transactions in banks, in retail and can, for example, learn and find these anomalies based on mouse movements, keyboard input.
Here you go. And we, including when analyzing some huge volume of logs or something like that, also use a variety of algorithms, for example, to calculate that a person is working outside of working hours, or there is an uncharacteristic surge in data transfer. These are, in fact, also quite common statistical methods from MATTATA. So, of course, Data Science is all important, this is definitely the future.
Why? Because the volumes of data are already growing so much that it will soon be simply impossible to analyze them with the human mind. The volumes are simply too large. Now, for example, logs can take up gigabytes, and if the Internet penetrates everywhere around the world, there will be everything, I don’t know how many we have, 8 billion. Teapots, microwaves too.
And a bunch of devices will generate traffic, and even an ordinary site will have terabytes of logs, not transferred, but logs, then this can only be analyzed using such methods, so we use it, we need to develop it even better, go deeper, train, use it, as if this is definitely the future.
Bank data analysis
Pavlovich:
Therefore, if yes, they asked such a question, maybe he comes, be with Data Science to work in Group-IB, and immediately the question is, aren't banks afraid to give you such information for analysis?
Specialist:
It works very cleverly there, that is, we give them a script, the analysis is carried out mostly on their side, we do not see specific data, we rather report, alert, highlight some flags that there are anomalies here, and then they already have their own anti-fraud systems, and they use it simply in scoring, that is, they, for example, have some set of points that can be obtained, and our system gives one of these points, but they also check through other channels, and if a certain amount is collected, the transaction can be suspended, and so on.
We have public information that we work with Sber, and even on Habr there was a guy who got really nervous when he saw that some Group-IB script was being given out on the Sberbank Online website, and here you need to understand that there are simply millions of users, millions of transactions per second, these are super overloaded systems, and you still need to analyze everything and give out some data.
So this is really cool, interesting, if you are a developer or interested in such things, join the team, there are really world-class projects there.
Client ID
Pavlovich:
Well, and you don’t see the user ID directly, for example?
Specialist:
No, no, of course not, that’s not what it’s required for. Well, actually, banks simply can’t give us that, according to the law on banking secrecy, and there’s simply no need for that.
Pavlovich:
Well, for example, I also can't give away, for example, user data in cashback, yes, but I can't give away his email, for example, and, there, phone, but I can give away his ID in our database, because this is purely our internal information, there, six digits, or I can, if required for some synchronization, I can give away part of the email, for example, there, in asterisks, for example, that is, first of all, it is not necessary to give away, there, 10 characters of the email, that is, the first 4-5 will be enough for synchronization.
Why is the "pirated" Windows 10 updated?
Pavlovich:
If you use Windows 10, fortunately, I don't have Windows, but activated with this pirated key, yes, why is it updated in Russia, for example? Why is it not blocked? They understand that it is activated with a pirated key for this.
Specialist:
And this is connected with Microsoft's reputation, what happened if you remember, when the seven was not activated, it did not install all the updates, that is, it installed only part of the updates, so it was constantly screaming that it was not activated, they would be unavailable there, and so on, and then they started publishing various review sites and writing the number of infected devices by percentage of the operating system, and it turns out that Windows was simply in the super top leaders, and this is all because Windows is pirated, it does not update, and in no case do not install the update, God forbid the activation will fly off or it is pirated, or something else.
By the way, there were a lot of clients who were victims, who were like, everything is pirated with us, like we don't install anything, God forbid some updates, everything will be erased, like it works and thank God. And there are such holes that a schoolboy opens Kali, launches metasploit, presses one button and they are already hacked, that is, you don’t even need any knowledge, you just need to know the IP, and there is just a vulnerable server, and that’s it.
And as if Microsoft, as I understand it, realized that this is a big problem. And the first thing they started to implement was Windows. Defender, that is, a protector, a small built-in antivirus.
Pavlovich:
Your own firewall.
Specialist:
Here, an antivirus, a real antivirus. Well, the firewall was there right away in the seven, yes, and that means, further in the ten they are already, even if it is not activated at all, that is, with a pirated key, or even not activated at all, it still installs all security updates, there is already a built-in Defender, you do not need to install it separately, earlier there would be Microsoft Security Essentials, something like that it was called, well, and as I understand it, this is precisely for the image, that is, so that home users suffer less from all sorts of attacks, they automatically receive all updates, Office is updated, by the way, automatically too, well, if it is there, and there is some basic antivirus completely free, well, and from mass threats such a user will be infected, will recommend to everyone and this plays precisely on their reputation and image and I think that this is the main problem yes blocking pirated Windows and now even in fact taking into account the limits in the tens to find out who this person is, what he uses there I don’t know and even do anything with his laptop in theory Microsoft could but they don’t do it it's just because, as I understand it, all companies are now reorienting themselves to selling services, like Office 365, this cloud from Microsoft, and all these stories with Azure,
"According to my forecasts, some version of Windows will be free, with paid subscriptions."
Specialist:
And they show that, according to my forecasts, I think that some of the next Windows will be free, and they will simply sell this subscription, the cloud, well, all that. Earn something from something else, right? Earn through services, yes, and vice versa, they will try to get as many people as possible hooked on their platform, so that everyone pays for services.
Sergey Pavlovich about paid services
Pavlovich:
Well, it's like with these, with IQOS, yes, this device is given almost for free, but you pay for these sticks and it's the same with cars, that is, they take theirs from repairs and spare parts, because on the cars themselves the margin is not very big, I had a guy from the auto business and I told him, voiced the numbers, that on a car, for example, take a Toyota Camry or I don't know there a BMW 3 some manufacturer earns very little there 700 thousand dollars well really because everything we buy for the car all this costs real money the margin is very low but on premium brands from the sale of Porsche there earnings of about one and a half two thousand euros already come that is from premium brands but of course they all take theirs with service and one of you sent me a real article under that video with the auto selector that confirms these words of mine, no matter what you say. And so, guys, it's time to say goodbye within the framework of this series, bye everyone!