Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,060
- Points
- 113
The infrastructure of a modern metropolis is built on Internet of Things devices: from video cameras on the roads to large hydroelectric power stations and hospitals. Hackers are able to turn any connected device into a bot and then use it to carry out DDoS attacks.
The motives can be very different: hackers, for example, can be paid by the government or corporation, and sometimes they are just criminals who want to have fun and make money.
In Russia, the military is increasingly scaring us with possible cyber attacks on “critical infrastructure facilities” (it was precisely to protect against this, at least formally, that the law on the sovereign Internet was adopted).
However, this is not only a horror story. According to Kaspersky, in the first half of 2019, hackers attacked Internet of Things devices more than 100 million times, most often using the Mirai and Nyadrop botnets. By the way, Russia is only in fourth place in the number of such attacks (despite the ominous image of “Russian hackers” created by the Western press); The top three are China, Brazil and even Egypt. The USA is only in fifth place.
So is it possible to successfully repel such attacks? Let's first look at a few well-known cases of such attacks to find an answer to the question of how to secure your devices at least at a basic level.
Bowman Avenue is needed to prevent flooding of areas near the creek during a flood. And there could be no destructive consequences from the failure of the dam - in the worst case, the basements of several buildings along the stream would have been flooded with water, but this cannot even be called a flood.
Mayor Paul Rosenberg then suggested that hackers could have confused the structure with another large dam with the same name in Oregon. It is used to irrigate numerous farms, where failures would cause serious damage to local residents.
It is possible that the hackers were simply training on a small dam in order to later stage a serious intrusion on a large hydroelectric power station or any other element of the US power grid.
The attack on the Bowman Avenue Dam was recognized as part of a series of hacking of banking systems that seven Iranian hackers successfully carried out over the course of a year (DDoS attacks). During this time, the work of 46 of the country's largest financial institutions was disrupted, and the bank accounts of hundreds of thousands of clients were blocked.
Iranian Hamid Firouzi was later charged with a series of hacker attacks on banks and the Bowman Avenue Dam. It turned out that he used the Google Dorking method to find “holes” in the dam (later the local press brought down a barrage of accusations against Google Corporation). Hamid Fizuri was not in the United States. Since extradition from Iran to the States does not exist, the hackers did not receive any real sentences.
HDDCryptor encrypts local hard drives and network files using randomly generated keys, then rewrites the hard drives' MBR to prevent systems from booting correctly. Equipment, as a rule, becomes infected due to the actions of employees who accidentally open a decoy file in an email, and then the virus spreads across the network.
The attackers suggested that the local government contact them by email cryptom27@yandex.com (yes, Yandex). For obtaining the key to decrypt all the data, they demanded 100 bitcoins (at that time approximately 73 thousand dollars). The hackers also offered to decrypt one machine for one bitcoin to prove that recovery was possible. But the government dealt with the virus on its own, although it took more than a day. While the entire system is being restored, travel on the metro has been made free.
The criminals also claimed that they had gained access to 30 GB of internal documents from the San Francisco Metropolitan Transportation Agency and promised to leak them online if the ransom was not paid within 24 hours.
By the way, a year earlier, the Hollywood Presbyterian Medical Center was attacked in the same state. The hackers were then paid $17,000 to restore access to the hospital's computer system.
An emergency notification system was installed in Dallas in 2007, with sirens supplied by Federal Signal. Authorities did not elaborate on how the systems worked, but said they used "tones." Such signals are typically broadcast through the weather service using Dual-Tone Multi-Frequency (DTMF) or Audio Frequency Shift Keying (AFSK). These are encrypted commands that were transmitted at a frequency of 700 MHz.
City officials suggested that the attackers recorded audio signals that were broadcast during testing of the warning system and then played them back (a classic replay attack). To carry it out, hackers only had to purchase test equipment for working with radio frequencies; it can be purchased without any problems in specialized stores.
Experts from the research company Bastille noted that carrying out such an attack implies that the attackers have thoroughly studied the operation of the city's emergency notification system, frequencies, and codes.
The mayor of Dallas issued a statement the next day that the hackers would be found and punished, and that all warning systems in Texas would be modernized. However, the culprits were never found.
At the same time, with the development of the Internet of Things, the number of cyber attacks will only increase. And while companies are purchasing “smart” devices, forgetting about basic security rules, cybercriminals are getting more and more opportunities to make money from careless users. For example, they use networks of infected devices to carry out DDoS attacks or as a proxy server for other malicious activities. And most of these unpleasant incidents can be prevented if you follow simple rules:
The motives can be very different: hackers, for example, can be paid by the government or corporation, and sometimes they are just criminals who want to have fun and make money.
In Russia, the military is increasingly scaring us with possible cyber attacks on “critical infrastructure facilities” (it was precisely to protect against this, at least formally, that the law on the sovereign Internet was adopted).
However, this is not only a horror story. According to Kaspersky, in the first half of 2019, hackers attacked Internet of Things devices more than 100 million times, most often using the Mirai and Nyadrop botnets. By the way, Russia is only in fourth place in the number of such attacks (despite the ominous image of “Russian hackers” created by the Western press); The top three are China, Brazil and even Egypt. The USA is only in fifth place.
So is it possible to successfully repel such attacks? Let's first look at a few well-known cases of such attacks to find an answer to the question of how to secure your devices at least at a basic level.
Bowman Avenue Dam
The Bowman Avenue Dam is located in the town of Rye Brook (New York) with a population of less than 10 thousand people - its height is only six meters, and its width does not exceed five. In 2013, US intelligence agencies detected malicious software in the dam's information system. Then the hackers did not use the stolen data to disrupt the operation of the facility (most likely because the dam was disconnected from the Internet during repair work).Bowman Avenue is needed to prevent flooding of areas near the creek during a flood. And there could be no destructive consequences from the failure of the dam - in the worst case, the basements of several buildings along the stream would have been flooded with water, but this cannot even be called a flood.
Mayor Paul Rosenberg then suggested that hackers could have confused the structure with another large dam with the same name in Oregon. It is used to irrigate numerous farms, where failures would cause serious damage to local residents.
It is possible that the hackers were simply training on a small dam in order to later stage a serious intrusion on a large hydroelectric power station or any other element of the US power grid.
The attack on the Bowman Avenue Dam was recognized as part of a series of hacking of banking systems that seven Iranian hackers successfully carried out over the course of a year (DDoS attacks). During this time, the work of 46 of the country's largest financial institutions was disrupted, and the bank accounts of hundreds of thousands of clients were blocked.
Iranian Hamid Firouzi was later charged with a series of hacker attacks on banks and the Bowman Avenue Dam. It turned out that he used the Google Dorking method to find “holes” in the dam (later the local press brought down a barrage of accusations against Google Corporation). Hamid Fizuri was not in the United States. Since extradition from Iran to the States does not exist, the hackers did not receive any real sentences.
2.Free subway in San Francisco
On November 25, 2016, a message appeared in all electronic terminals selling public transport passes in San Francisco: “You have been hacked, all data is encrypted.” All Windows computers belonging to the Urban Transport Agency were also attacked. Malicious software HDDCryptor (encryptor that attacks the master boot record of a Windows computer) reached the organization's domain controller.
HDDCryptor encrypts local hard drives and network files using randomly generated keys, then rewrites the hard drives' MBR to prevent systems from booting correctly. Equipment, as a rule, becomes infected due to the actions of employees who accidentally open a decoy file in an email, and then the virus spreads across the network.
The attackers suggested that the local government contact them by email cryptom27@yandex.com (yes, Yandex). For obtaining the key to decrypt all the data, they demanded 100 bitcoins (at that time approximately 73 thousand dollars). The hackers also offered to decrypt one machine for one bitcoin to prove that recovery was possible. But the government dealt with the virus on its own, although it took more than a day. While the entire system is being restored, travel on the metro has been made free.
The criminals also claimed that they had gained access to 30 GB of internal documents from the San Francisco Metropolitan Transportation Agency and promised to leak them online if the ransom was not paid within 24 hours.
By the way, a year earlier, the Hollywood Presbyterian Medical Center was attacked in the same state. The hackers were then paid $17,000 to restore access to the hospital's computer system.
3. Dallas Emergency Alert System
In April 2017, 156 emergency sirens sounded in Dallas at 11:40 p.m. to notify the public of emergencies. They were able to turn them off only two hours later. During this time, the 911 service received thousands of alarm calls from local residents (a few days before the incident, three weak tornadoes passed through the Dallas area, destroying several houses).
An emergency notification system was installed in Dallas in 2007, with sirens supplied by Federal Signal. Authorities did not elaborate on how the systems worked, but said they used "tones." Such signals are typically broadcast through the weather service using Dual-Tone Multi-Frequency (DTMF) or Audio Frequency Shift Keying (AFSK). These are encrypted commands that were transmitted at a frequency of 700 MHz.
City officials suggested that the attackers recorded audio signals that were broadcast during testing of the warning system and then played them back (a classic replay attack). To carry it out, hackers only had to purchase test equipment for working with radio frequencies; it can be purchased without any problems in specialized stores.
Experts from the research company Bastille noted that carrying out such an attack implies that the attackers have thoroughly studied the operation of the city's emergency notification system, frequencies, and codes.
The mayor of Dallas issued a statement the next day that the hackers would be found and punished, and that all warning systems in Texas would be modernized. However, the culprits were never found.
The anxiety level of IoT device owners is approaching zero
In 2017, Trustlook conducted a study of the level of awareness of IoT device owners about their security. It turned out that 35% of respondents do not change the default (factory) password before starting to use the device. And more than half of users do not install third-party software at all to protect against hacker attacks. 80% of IoT device owners have never heard of the Mirai botnet.
At the same time, with the development of the Internet of Things, the number of cyber attacks will only increase. And while companies are purchasing “smart” devices, forgetting about basic security rules, cybercriminals are getting more and more opportunities to make money from careless users. For example, they use networks of infected devices to carry out DDoS attacks or as a proxy server for other malicious activities. And most of these unpleasant incidents can be prevented if you follow simple rules:
- Change the factory password before you start using the device
- Install reliable internet security software on your computers, tablets and smartphones.
- Do your research before purchasing. Devices are becoming smart because they collect a lot of personal data. You should be aware of what type of information will be collected, how it will be stored and protected, and whether it will be shared with third parties.
- Check the device manufacturer's website regularly for firmware updates
- Don't forget to audit the event log (primarily analyze all USB port usage)
