Category: securitycommunity

Review of “Anon” movie

In the spirit of a lighter fare this Sunday.

Watching Anon (again) it is an interesting futuristic movie with a video recording of everything. Apparently everyone has a recording method and Clive Owen the actor, playing Sal Frieland is an investigator that needs to find a murderer. Apparently there is a hacker that goes into other peoples recording devices to kill some people.  This hacker(a woman) also has no digital record.

<<<Lots of Anon spoilers here in this post.>>>

The digital recording of this hacker is apparently so good that digital recordings of this woman are edited out of the library. As Sal sees the woman on the street, later the image is removed from the record.  The main library seems to be hacked by this uber hacker.  As more and more actions occur Sal notices this anomaly  more frequently.

Apparently the hacker built an algorithm to erase all images and recordings of herself in all other people as they walked by and saw her.

The Uberhacker also can edit real life records and add moving images (a train) into events as they happen.

To catch the hacker Sal has to try and hire her .

Sal’s colleagues perform a sting operation and are able to find all of her proxies (12 of them) to handle  all of the ways she covers her tracks. The Uberhacker tries to have an anonymous life, and does not go out unless having to.

 

There is a lot of sex and violence(lesbian, regular) in this movie,  Shooting with a revolver point blank and the  hacker does not seem to have any remorse. Also the interesting thing is the victims do not defend themselves, as they have no guns or any other weapons.

Later the commissioner is more upset of the uberhacker anonymizing rather than the murders themselves. Quote” I don’t care the victims no longer exist” I care that she doesn’t.

Another colleague:” Anonymity is the enemy”, we have to find out how she does it.

 

Sal has to meet her again(uberhacker) and she explains that she started erasing her life at eighteen.  (more sec scenes)

— Stopped midway —

First thoughts, it is an interesting Sci-fi movie with some new ways of running the future using video embedded in all people.   It seems that sex and violence is too easy to insert in these movies. I wonder if there isn’t a better way to make a murder and investigation more interesting. Less blood and certainly less sex scenes might actually invoke more thoughts as to what could be happening.  Anyway it starts out ok, as a murder-investigation-hacking.

why is this important? Because movies sometimes become reality, ever heard of:” Life is stranger than fiction?”

—-

The tale gets a bit strange when Sal sleeps with the uberhacker. she of course now looks closer at Sal while deleting all the just created sex scenes.

But most interesting the guy who was keeping an eye on Sal (Lester) she killed him.

She then records a messge for him saying that if you try and find me I will kill you.

His other colleague came in and said that Sal let her escape and kill his buddy.

“Go home” take some time off.

When Sal is in his apartment uberhacker really goes to work, after he has a short conversation with her (via text) she now oroceeds to create a nightmare scenes for him, starting with a guy punching him, a dog attacking, and then she does something even worse by erasing all of Sal’s memories of his son’s accident and all memories of his son.

Now things really get interesting when Sal’s building is on fire (in his head only)

Then  she starts to add scenes where there is no traffic in a busy intersection. Which creates an accident.

Now his boss comes back to discuss the situation, and while he is in the neighborhood Sal gets arrested for shooting his neighbor and gets placed under house arrest.

Sal has to go outside and punch his overwatch agent with his eyes closed.

His boss said they will hire more hackers.

then as Sal finds the uberhackers apartment she claims that she did not kill Lester.

He claims the hacker was hacked, and his boss says you can’t prove this.

That is the problem – nothing proves anything since it can be manipulated.

Sal us placed under double house arrest now.

She placed a loop in his eyes while creating a false officer down, allowing Sal to get back to her apartment while noone is looking and following.

Except the hacker(Cyrus) that hacked the uberhacker was there too, once a shootout happens Sal kills Cyrus.

Sal’s boss was mad that the uberhacker was released.

uberhacker explains that she created an algorithm that creates microfractions of her life and stores it in everyones record. so that no one sees her.

Near the final scene uberhacker(Anon) explained this to Sal and said that the killer had to find him and her so that Sal could help her kill him. “That was close” says Sal.

What do you have to hide?  Anon said nothing in particular, I just don’t want to be seen.

So this movie makes an interesting twist of a standard murder mystery which happens to show corruption in the government and police forces (a recurring theme in many movies).

While also setting up an interesting Sci-fi  of the recording and hacking methods. Of course making a movie which pretends all of these things happened is easier than actually making a world that records everyone’s movements everywhere.

Thankfully we were not subjected to hours and hours of monotony in most people’s lives in this movie. Cooking and using lavatories were not important in a short movie that had to flip through the scenes quickly.  Besides the storage requirements for all, and the actual privacy  concerns of all seems to have been glossed over.

My most interesting point for this movie was when the bureaucrats decided it was better to control people than find out who performed blatant crimes. Also in this system they did not audit themselves, so the system was rife with corruption.

Auditing yourself may have its uses.

The Enemy Has Say With Your Best Plans

In the field of Cybersecurity we have to do a lot of basic things: as discussed in Behavioralscientist.org

So what is your plan?  Firewall, Antivirus, IT people vigilance, updating devices and software…

What are your enemies’ plans?

When your enemy actually interacts with your employees it  shows.

There are always business level threats (where employees are spoofed) or  (vendors are spoofed).

Do you have a new device with Machine Learning? (a basic type of AI (Artificial Intelligence).  Then the enemy will do something to counteract that.

Adversarial Machine Learning.  It will go against your ML goals, and will try to eventually corrupt your goals by adding faulty data and thus changing your assumptions of the data set.

Another way to use Adversarial Machine learning is to use this method to ‘teach’ your ML to get better  results. It turns out that some ways of GAN (Generative Adversarial Networks) do just that.

For Example:  “Adversarial Machine Learning at Scale” paper from Cornell University   First sentence:

“Adversarial examples are malicious inputs designed to fool machine learning models.”    

Improving the ML learning models if done right. This method has not been used by criminals, as they are still figuring out how to incorporate this in their attacks.

So they may not use this as an adversarial attack, instead they may devise ML attacks which will be hard to distinguish and will become better faster.

Ian Goodfellow (the guy who created GAN – Generative Adversarial Networks) has used the adversarial nature to make a better AI algorithm. Where has this already worked?  Initially he was looking for a Security reason within the AI world, and when he created GAN, it was obvious that he was making AI better.

Who would have known, but AI is creating new images of cats that are entirely  ‘fake’ or better ‘artificial’. the algorithm created a new type of cat picture where needed.

Meow Generator ML algorithms that design cat pictures.

So what does this really mean? Fake pictures of people, animals and other items will start to proliferate.

It remains to be seen how this aspect of AI is actually going to be useful.

Do you want to test ML for Cybersecurity?

We are developing new tests for AI and ML – contact US to discuss.

Headless OpenVAS install

I needed to run OpenVAS (OpenVAS stands for Open Vulnerability Assessment System) the Linux based vulnerability management software on a virtual machine, which means it does not have its own monitor that one sits at to see this screen:

OpenVAS is made by Greenbone, “which develops OpenVAS as part of their commercial vulnerability management product family “Greenbone Security Manager” (GSM). “(from their main web page:)

OpenVAS was developed out of the Nessus code base since 2005, now at github.  The developer of Nessus decided to make Nessus closed source(proprietary) in October of 2005, so openVAS was created and initially named GNessUs.

Why am I talking OpenVAS today? Because I was tasked to install it on a virtual system.

So, one has to install OpenVAS (or update on some Linux distributions since it is already installed by default).  So I work with Kali Linux,  since I use a lot of other tools that are built into the distribution. I wanted to keep some familiarity and so run OpenVAS on Kali Linux.

What are you installing? Several pieces that will need to run on the virtual machine:

As you can see in the image above the Greenbone Security Assistant is software that connects to the OpenVAS Manager and Scanner to run the scans to the targets. OpenVAS uses NVTs(Network Vulnerability Tests) to run the scans. Up to this point (3/18/2019) there are over 49600 tests. CVEs now number 115906.

So in a standard kali Linux install one has the OpenVAS version that comes with it, so to use OpenVAS you have to upgrade Kali first using the following commands:

apt-get update && apt-get install openvas

So now that you have the latest version on your machine how are you going to access OpenVAS? since you cannot sit at the monitor of a virtual system (or what is called a headless install).

 

After some (actually a lot) of review online and some tinkering I found it useful to know some systemd.  And it just so happens that systemd has several configuration files in a few directories:

/etc/systemd/system/*

/run/systemd/system/*

/lib/systemd/system/*

 

The one that is important and relevant for OpenVAS is the /lib/systemd/system directory.

In here there are 3 files that are of importance:

Openvas-scanner.service

Openvas-manager.service

Greenbone-security-assistant.service

What we have to do to make the installation complete is to replace the ip address of the virtual machine to the greenbone-security-assistant.service file.

Specifically

change it in this manner, run the following command(changing <your ip> to the virtual system ip address):

Sed –e ‘s/mlisten=<your ip>/127.0.0.1/g’  greenbone-security-assistant.service

Example the virtual system ip address is 192.68.0.1  so this is what should be run:

Sed –e ‘s/mlisten=192.168.0.1/127.0.0.1/g’  greenbone-security-assistant.service

After running this command you have to run the following:

Systemctl  daemon-reload

(these commands need to be run with root permissions(sudo))

So once the ip address is entered in command line, and the systemd file .service file reloaded you can restart the gsad  and then log into the web interface assuming you already set up the users.  To access the Greenbone-security-assistant program enter the following in your browser:

https://192.168.0.1:9392

From there you will have to learn how to create scans and more.  But at least it is working remotely.

There is also a small issue with this procedure, it is not supported by Greenbone, they want you to install the Greenbone community edition

The security feed is more stable than the community feed (the free version) and has encrypted transmissions.

Contact us to discuss

Phishing #1 Attack – Includes Email Scams

Have you received an email saying your password has been stolen in broken English?

Subject: "Security Notice. Someone have access to you system"

As you may have noticed, I sent you an email from your account.

This means that I have full access to your acc: On moment of crack (youremail@youremaildomain.com)  password: jfwqu6qoizxahofj0qkw

You say: this is my, but old password!
Or: I will change my password at any time!
Of course! You will be right,
but the fact is that when you change the password, my malicious code every time saved a new one!
I've been watching you for a few months now.
But the fact is that you were infected with malware through an adult site that you visited.
If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.
I also have access to all your contacts and all your correspondence from e-mail and messangers.
Why your antivirus did not detect my malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.
I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks. I can also post access to all your e-mail correspondence and messengers that you use.
If you want to prevent this, transfer the amount of $770 to my bitcoin address (if you do not know how to do this, write to Google: "Buy Bitcoin").
My bitcoin address (BTC Wallet) is: 1MrUDSrZiqD3ijxsBUPt2SukoFy534orP2
After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

—————————————————–

So this trickster extortionist  actually makes several mistakes (besides the spelling errors).

First of all the email says ” As you may have noticed, I sent you an email from your account.”  there is a basic issue with this statement.  All email can be ‘spoofed’ thus making it a form of spam. Spoofed means all text in the ‘From:’ means nothing it can be changed to whatever the spammer wants to make it look like.   (In fact you can change your From field yourself if you choose as an experiment)

So if your email is “youremail@emaildomain.com” then the spammer can make it look that way.

 

The other problem the spammer sextortionist has is they have to make assumptions of a video camera that is on the computer.

What if there is no video camera on the computer? then how can the video sextortion work?

So the scammer makes several assumptions:

  1. you don’t know about From spoofing
  2. ignore misspelling and bad grammar
  3. email owner used porn
  4. email owner has videocam functioning on the computer
  5. at one time there was a password that is included in email
  6. knows enough about bitcoin or can learn how to transfer money into bitcoin

Those are a lot of assumptions, and on top of that the scammer is leaving an electronic trail in Bitcoin or at least how they access bitcoin(we will not go into detail of how this is done). The scammer leaves an electronic trail as to how they access bitcoin to experienced investigators, which is why you should goto bitcoinabuse website and file a report (link below).

One thing people should do is to see how many others this has happened to and to decide what to do from here  Internet Storm Center  also had one of these (i.e. google or startpage.com a portion of the email and see what comes up).

 

What did I do you may ask?  Of course you NEVER pay the extortionist.  But one can also help the Internet denizens to reduce this type of email:  goto Bitcoin Abuse website

Go to the website and File a report by adding the bitcoin address that is included in the email so that law enforcement and other people who track and try to find these spammers can start to do something about it.

Or you can View a report with the bitcoin address to see how many others has this email gone to??  check the FAQ on bitcoinabuse.com

Above image is from Bitcoinabuse FAQ

We at oversitesentry and fixvirus.com help others with a variety  of Internet Security issues.

Update 02/02/2019 (Groundhogs Day)   Sextortion Follow the money part 3 – The Cashout begins!

So the short story is the scammers have accumulated a lot of money in hundreds(434) Bitcoin addresses which slowly started to move the money into a few addresses, as much as $21.5mil  plus $18.5mil .  Then from there the bitcoin addresses will be “mixed” so experts like in the link above will not be able to tell where the money goes (anonymity) using bestmixer.io.

So again please do not pay these scammers if you receive an email like the one included in this blog.

Back To Basics in 2019 – Must Have Cybersecurity Issues

What was different about 2018 that will confound us in 2019?  Is there anything new in 2019 that will cause problems for us?

By ‘us’ I mean businesses trying to keep going with their business lives. I.e. run your business, try to make profits, grow product lines or services.

None of us are in tune with new technologies that can be used to upend  our current world that we live in until it is too late and we have to play catch -up. In 2007 how many people actually went and bought a smartphone before it was obvious everyone was going to get one?

This next picture is of an IBM Quantum computer as written about in Wired UK among others:

If you have not heard your computers and phones are built on an old architecture(from the 50’s and 60’s) The quantum computer is a new architecture much faster the current binary machines.

What can possibly be created with a quantum computer?

  1. Unbreakable encryption for one.
  2. Artificial Intelligence and Machine learning (similar yet different)
  3. Molecular Modeling and other sophisticated modeling
  4. Optimization programs
  5. Financial Modeling
  6. Sophisticated new attacks on hardened targets

My point is not that a new Armageddon is coming, it may be but most important is that new days may bring new challenges, and you have to be ready to take them on.

Most important you must take a little time to review new technologies and techniques to see if these methods can create security headaches for your organization.

Practically though the place where we all will get hit is regulations. As more high profile cyber attacks make inroads in organizations the regulations will make life more difficult(more paperwork).

More paperwork means risk based analysis and scanning / audits of networks and computers.

End result is we need more vigilance even if our computers are in “the cloud”.

In the above AWS youtube video   some common sense:

The first thing any auditor will want to see is your documentation.  What is your documentation? Do you have a security policy? Do your employees read it and sign off on it? I.e. is Cybersecurity at least a little bit important?

We are in the business of Computer Cyber audits to help your business be more secure and thus handle the coming challenges in 2019 wherever they may come (technological or regulatory).

Contact Us to discuss