Category: Just Interesting

Security Concerns of Pokémon GO

There’s a certain virtual reality type game that’s causing quite a stir at the moment, it’s called Pokémon GO and in common with anyone over 40 years old – I think it’s utterly pointless. However I seem to be in a minority and there does seem to be some upside – my son actually voluntarily walked the dog yesterday, I feel the need to add exclamation marks to this statement but instead here’s a picture which perhaps illustrates better ….

pokemon-dog

Yes of course he didn’t actually want to walk the dog he went searching for these virtual, cartoon type things with his phone.   Look carefully as you go about your business and you’ll notice these Pokemon hunters blindly walking into street signs, busy roads all the time transfixed by their phones.    Reading up in the papers and online there are stories of people walking off cliffs, being mugged and even finding corpses whilst engaged in Pokémon GO.

So here’s some brief security tips on playing safely:

  1. Download from a trusted source: There are bound to be dodgy or malware filled copies of the game floating around all over the internet, don’t be dumb download it from a reputable source. Go to Google Play or Apple App store, search for the application and select the one with millions and millions of downloads. Seriously it might be slow but you should be ultra careful installing anything which has access to your GPS.
  2.  Remember GPS: Your location will be tagged and marked, if you want to remain incognito or simply want to keep your location discrete don’t play.
  3.  Keep your Privacy: Don’t log into the app with your main account. Don’t log in with your main gmail, google or Facebook account you will be releasing your personal information to the app owner who can of course tie it into your physical location using the GPS data, too creepy – use a throwaway account or login directly.
  4. Play Safe: Don’t wander around dangerous places you are unfamiliar with, staring at your phone like an idiot waiting to be mugged. Be sensible and keep to safe and public places, don’t trespass or climb into private property – imagine how sad you’re going to look when the police are called.
  5. Everyone Can See Pokestops: Be especially careful when using Pokestops, try to go with a friend or group. Don’t visit them late at night in remote places, people have been mugged or robbed at these locations.

There will inevitably be some stories of bad stuff happening to Pokémon GO players. However in reality bad stuff happens to people all the time, although stupidity does increase your chances. I suspect it will eventually get taken off the market when a series of law suits arrives from Pokémon GO related incidents. At the moment though it’s at least trebled my teenage son’s activity level, my dog walking duties have been reduced and well all these kids seem to have a smile on their face for a change – so enjoy.

The Dark Web – Secure and Sinister or Just Slow

The darknet is often cited on news stories and the mainstream media as a mysterious, scary place full of criminals and terrorists however part of that is simply not true.  There are actually plenty of criminals on there, in fact illicit substances and pornography seem to form a huge proportion of the anonymised sites.

man-65049_640

For anyone who has never ventured onto the darknet perhaps a quick introduction is in order.  The Darknet exists completely independently of the mainstream world wide web and crucially none of the sites or information exist on a single identifiable web server.  The darknet is accessed via a plugin which can be installed in your browser and enables you to access an Open Network called TOR available from here.   TOR also allows you to communicate anonymously on the traditional web without being identified although it’s not completely anonymous.

You can identify a Darknet (or Deep Web) address from it’s extension, instead of the traditional html ending – all hidden web sites end in the extension .onion.  You will not be able to access any of these addresses without using the TOR plugin in your browser however.   As mentioned none of these web pages exist on a single web server, but are hosted on thousands of computers anonymously on the TOR network – ensuring that people can post and access information without being traced.

This all sounds fantastic for anyone up to no good and you’d expect to find thousands of terrorist sites and information however there are hardly any, a handful at most.  So why aren’t ISIS and al-Qaeda hosting all their information sites here, why aren’t there thousands of message boards and downloadable how to make bombs pdfs hosted on the Darknet?   Well the answer is not completely certain but it’s likely  the reason is simple – it’s incredibly irritating to use.

Browsing the Darknet is not a a super slick experience, in fact it’s like to trying to use the current web on a 15 year old computer.  The sinister mystery of the place soon gives way to time-outs, broken links and crashing browsers – you can access a site one minute then face a ten minute delay whilst it reloads.  It’s understandable really, after all it’s an open network hosted on thousands of disparate machines on varying quality internet connections, it works but sometimes only just.

Your average terrorist has probably grown up with all the latest technology, he probably has a smart phone that’s much better than mine.  In between listening to anti-west sermons he’s probably streaming Breaking Bad on his Netflix account using a VPN. Crucially they are likely to have as much patience with slow web pages as my children who have been brought up in a household that’s always offered – 30 MB download speeds.  I get irritated with slow web pages, and I remember downloading a newsgroup on 14.8k modem which would often take several hours.

Terrorists are often super active on social media and on the traditional web, the Darknet simply doesn’t function that way – its’ slow and requires a lot of patience sometimes.  The same reason  why people often don’t use TOR for privacy, Smart DNS to bypass filters or VPNs for anonymity in their browsing on the normal web.  These options do hide your web requests for 99% of the time and some of them are free but again very slow to use. Using something like Identity Cloaker provides privacy and has virtually no impact on your normal internet connection speed.

So this is my conclusion – Terrorists Don’t Use the Darknet because it’s a bit rubbish!

 

Turkish Hacker Sentenced

If you’re thinking of setting up for a career in computer crime, there’s many very tempting options for locating your centre of operations.  The obvious place is somewhere like Russia, where as long as you make money the police will be likely to turn a blind eye for a few dollars. There are many other places where minimal law enforcement exist particularly in relation to computer crime which mean the risks are relatively negligible particularly if there’s a lack of any extradition treaties to the developed world.
turkish-hack

However some countries are a staggeringly bad idea to base a criminal cyber empire and it looks like Turkey is one of those. The reason is now becoming clear to a 26 year old Turkish hacker named Onur Kopcak who was sentenced on Sunday for stealing 11 people’s credit card information and selling them online to other criminals. It wasn’t the world’s worst cyber crime and in fact would largely pass unnoticed in many places.

Although to be fair  Onur’s crimes did extend to a few more people after more were discovered from the initial investigation – in all 54 in total claimed to have their card details stolen by him. He, along with a few other hackers set up a few interfaces designed to mimic a bank’s internet portals and combined with a phishing campaign were beginning to see some results from their criminal enterprise.

Unfortunately for the fledgling gang and in particular Onur Kopcak,  these crimes were heard and sentenced separately and Onur received a 199 year sentence for the initial victims followed by an additional 135 years for the later offences. The crimes were listed as identity fraud, access device fraud, wire fraud and website forgery which are all criminal offences in Turkey.

So for a crime which probably netted only a few hundred dollars before they were caught Kopçak has been sentenced to 334 years in prison. It’s a staggering sentence and Onur will probably look in awe at the sentence handed to a UK fraudster called Theogenes de Montford who stole 35,000 credit card details and was sentenced to 4 and a half years in prison for his role in the theft.

So remember all you budding cyber criminals – setting up in Istanbul or anywhere in Turkey is likely a very bad idea if there’s the slightest risk that you’ll be caught.

The IQ of Cyber Criminals – the Bootle Cyber Attacker

There is I suspect rather a misconception about the IQ level of your average cyber criminal. From your harmless hacker to the sophisticated cyber crime networks of Asia and Eastern, everyone involved is normally portrayed as sophisticated, misguided and highly intelligent. The reality is I’m afraid far from truth and a huge proportion of those who commit cyber crimes are pretty damn stupid.

Meet Mr Ian Sullivan, from Bootle who has just been jailed for 8 months for conducting a series of DDoS attacks on high profile websites.

cybercrime

The 51 year old, unemployed father of six conducted these attacks against 300 websites taking many of them offline.  A DDoS attack involves saturating the target servers with thousands of requests which are difficult for the server to process.   It simply aims to overload the target server with these connections until it falls over.

DoS – Denial of Service Attack (Single attack)

DDoS – Distributed Denial of Service Attack ( attack involving multiple machines usually using malware installed on ordinary computers)

There are a variety of these attacks, most involve volume but often involve specialist techniques crafted against certain types of web servers.  Have a google of these attacks if you want to know more

  • Buffer Overflow
  • Smurf Attack
  • Ping of Death
  • SYN Attack
  • Teardrop Attack

However the thing to remember about the vast majority of DDoS attacks is that you can conduct them through a simple software interface i.e. you need very little technical knowledge.  Of course, there are very skilled attackers out there who can bring down servers with individually crafted attacks against specific targets however these are certainly the exception not the rule.  Mainly there’s little to be gained from Denial of Service attacks although many try extortion to stop them.

Although Mr Sullivan claimed some sort of affiliation with the activist group Anonymous, there are suspicions that his technical knowledge was perhaps limited. One of the biggest clues that this wasn’t the work of a digital moriarty is the fact that he would post warnings to the websites he attacked with his Twitter account.  It’s kind of like posting a self addressed letter to the victim, it does help tracking down criminals when they leave huge clues like this.

I think  the point to take away from this, is that computer crime is actually very easy to do.  Many popular attacks have been automated so you only have to fill a few fields in on a web front end, pay a few bucks to for a service from the Darkweb or install a DoS program on yours and a few computers.   The important part is that you need the intelligence and the knowledge to hide your tracks which is much, much harder.

When they looked up Mr Sullivan’s Twitter account and paid him a visit they found lots of  DDoS/DoS related software installed on his machine using simple computer forensics techniques.  Probably his only smart move was to plead guilty, which presumably led to the relatively low sentence of 8 months in prison.  He would not have got away so lightly if he’d performed this attack in the US or against a US based server though.

What a cyber muppet !!

How Can I Find Free Ninja Proxy Lists

Like everything online that is free,  proxy lists do come with some risks and problems – and you should know that you aren’t going to get a secure ninja proxy that should go without saying.   However for anyone who’s a bit pushed for cash  or just enjoys the adrenaline rush of routing all their web traffic through some unknown server – here’s a quick guide of finding free proxies.

Creating Free Proxy Lists

First of all you must remember that these proxies change almost hourly, so there’s no point finding a list that two years old – nothing will work.  There are also numerous web sites which compile this information from a variety of sources, but I’ve no idea which if any of these are trustworthy.   So we’ll leave ourselves in the laps of the search gods by using a simple search, the following will search for some proxy lists to check out.

+”:8080? +”:3128? +”:80? filetype:txt

Just put the search string into Google and it should produce a list of proxies where you can select a server to use.  Here’s a decent looking one I found using the above search expression.

free proxy list

 This particular list splits the proxies into IP address, port number, level of anonymity (pah) and the country of origin.  The country is particularly relevant if you’re trying to access some sort of resource.  However it should be noted that simple proxies are no longer able to bypass most geo-location checks at least for the  big media sites.

For example Hulu will not be accessible via a US proxy any more, the site will detect the proxy and block you.  They still work for a couple of sites (including the BBC last time I checked though), but for bypassing blocks for these sites you’re going to need encryption and a VPN, or use Smart DNS.

Anyway, so you’ve got your proxy ip address and it’s ready to go – what’s next?  Well you could run a quick check to see where and what this server belongs too, it might give you an idea of who’s running it and how it found itself on a proxy list.  Go to somewhere like https://who.is/ and type in the IP address, you’ll then see who owns it.

From the list I just produced I found a variety of services, dedicated servers from an ISP, an Arts company based in London and a few private addresses probably assigned to residential addresses from an ISP.

Which ones are safest ? Well it’s difficult to say, company infrastructure like the arts company are generally misconfigured and accidentally left open.  They might be quite quick initially, and perhaps safer to use but of course there is the issue of using someones servers without permission in this instance.    I’d personally stay clear of any addresses that look as though they are assigned to domestic customers mainly because they’ll probably be very slow and may be being used to try and harvest personal credentials (although any of the servers could be doing this.)

So after a quick check (or not) then you’re ready to use the server, what exactly do you do with it?

Well the simplest way is to just tell your browser to use the proxy while you’re surfing which is quite simple to do.    You need to find your browsers connection settings, here’s mine for Google Chrome – and simply add the proxy server address and the port number to use in the box next to it.  It will be in different places depending on browser but it shouldn’t be too hard to find, if it is you’re definitely out of your depth here!

proxysettings

 

At this point you just need to press OK and restart your browser and that’s it.  Next is a quick check, just go to Google and type ‘my ip address‘ and it should return your public internet facing address, which if the proxy is working properly should match that of the proxy server you inputted. You should also be able to navigate to a web site as normal, there may be a small delay depending on the speed of the proxy you are using.

Now be very careful, from this point on everything you do on that browser is routed through that proxy server, don’t visit any site that requires any credentials – certainly nothing like Paypal, webmail or any account of importance.  If you go and do your home banking via an random proxy server fished out from one of these proxy lists, then I’m afraid bad things are likely to happen.   Just use simple web sites or perhaps to stream from the BBC (UK proxy needed) to watch video.

If you’re using the proxy for security and to hide your location, remember that although the proxy may hide your location from websites you visit you have  no control about what information is logged on the proxy.  It’s worth bearing this in mind as commercial ninja proxies will delete or remove logs but you simply don’t know what happens on these servers.   After you’ve finished then remove the settings and restart your browser to stop using the proxy.