Category: ninja

Hacking Your Exam Grades

There’s a scene in the iconic 80’s film Ferris Bueller’s Day Off where the hero logs into his school’s computer system and starts modifying his records.   It’s a dream that’s probably passed through the thoughts of millions of young people over the years.  If only I could just go and change a couple of those grades discretely, no-one would ever know.

ferris-hacker

Unfortunately as with nearly all ‘computer crimes’, committing is much, much easier than getting away with it. The problem is that it’s very difficult to hide your tracks online, one tiny mistake and there’ll be lots of markers pointing your way.

This is exactly what has happened to student Imran Uddin early this year. A bio-science student at the University of Birmingham, Imran decided that his projected 2:2 degree wasn’t quite good enough and decided to try and gain access to the Universities Exam system to modify his grades slightly – changing the scores on five exams in order to boost his grades.

His attack involved installing keyloggers into a selection of the Universities computers in order to steal staff passwords who had access to the exam recording system.
keylogger
These are little hardware devices which you can pick up for a few dollars on the internet, that plug into the back of a computer and record every keystroke made on that keyboard. It’s the easiest way to steal usernames and passwords as it operates at the hardware level and you don’t need to worry about encryption and security. Imran managed to grab a handful of staff accounts including ones that were able to change the exam grades, where he duly modified his own.

Of course, the problem is that these devices have to be installed and can be identified if someone looks carefully enough. Which is what happened in this case, a technician performing an upgrade on some computers in the Bio-Science lab noticed the device. Of course then all the University computers were checked and staff found several more including one on the back of a computer in a staff only area.

After that all roads led back to Mr Uddin and when police checked his own computers they found a huge amount of incriminating evidence. There were ebay searches and purchases of the keylogging devices, evidence of a failed attempt to login to the University marking system plus loads of other forensic evidence incriminating him.

Which is mainly the problem with these computer crimes, although they’re pretty easy to commit, it’s very difficult to hide all this incriminating evidence when people start looking for it. There will be CCTV records of the keyloggers being installed, records of IP addresses and logins and of course simply looking at backups of the exam system will reveal logs of grades being modified. You can route your connection through Russian or Australian proxies but if you leave obvious clues elsewhere it won’t help you.

I once investigated a system where criminal records where accessed by someone who shouldn’t have had access. Looking at the logs of this system it took about ten minutes to find them – although there were hundreds of thousands of records the culprit stood out like a sore thumb. While every legitimate user of the system logged in and performed searches using an account in this format – USR1077672356, one account was logged in as Jamie333 (details slightly modified!). It was the first account checked and despite the individual being cunning (his name was not Jamie) it didn’t take long to find lots more evidence.

Mr Uddin was sentenced to six months and presumably lost his degree completely, he also faces the possibility of legal action from the University too. It’s impossible to know how many people actually get away with crimes like this, but one small mistake or piece of bad luck and it’s very simple to track the culprits down. Still kind of feel sorry for the guy though, but there’s definitely a lesson to be learnt here!

How Can I Find Free Ninja Proxy Lists

Like everything online that is free,  proxy lists do come with some risks and problems – and you should know that you aren’t going to get a secure ninja proxy that should go without saying.   However for anyone who’s a bit pushed for cash  or just enjoys the adrenaline rush of routing all their web traffic through some unknown server – here’s a quick guide of finding free proxies.

Creating Free Proxy Lists

First of all you must remember that these proxies change almost hourly, so there’s no point finding a list that two years old – nothing will work.  There are also numerous web sites which compile this information from a variety of sources, but I’ve no idea which if any of these are trustworthy.   So we’ll leave ourselves in the laps of the search gods by using a simple search, the following will search for some proxy lists to check out.

+”:8080? +”:3128? +”:80? filetype:txt

Just put the search string into Google and it should produce a list of proxies where you can select a server to use.  Here’s a decent looking one I found using the above search expression.

free proxy list

 This particular list splits the proxies into IP address, port number, level of anonymity (pah) and the country of origin.  The country is particularly relevant if you’re trying to access some sort of resource.  However it should be noted that simple proxies are no longer able to bypass most geo-location checks at least for the  big media sites.

For example Hulu will not be accessible via a US proxy any more, the site will detect the proxy and block you.  They still work for a couple of sites (including the BBC last time I checked though), but for bypassing blocks for these sites you’re going to need encryption and a VPN, or use Smart DNS.

Anyway, so you’ve got your proxy ip address and it’s ready to go – what’s next?  Well you could run a quick check to see where and what this server belongs too, it might give you an idea of who’s running it and how it found itself on a proxy list.  Go to somewhere like https://who.is/ and type in the IP address, you’ll then see who owns it.

From the list I just produced I found a variety of services, dedicated servers from an ISP, an Arts company based in London and a few private addresses probably assigned to residential addresses from an ISP.

Which ones are safest ? Well it’s difficult to say, company infrastructure like the arts company are generally misconfigured and accidentally left open.  They might be quite quick initially, and perhaps safer to use but of course there is the issue of using someones servers without permission in this instance.    I’d personally stay clear of any addresses that look as though they are assigned to domestic customers mainly because they’ll probably be very slow and may be being used to try and harvest personal credentials (although any of the servers could be doing this.)

So after a quick check (or not) then you’re ready to use the server, what exactly do you do with it?

Well the simplest way is to just tell your browser to use the proxy while you’re surfing which is quite simple to do.    You need to find your browsers connection settings, here’s mine for Google Chrome – and simply add the proxy server address and the port number to use in the box next to it.  It will be in different places depending on browser but it shouldn’t be too hard to find, if it is you’re definitely out of your depth here!

proxysettings

 

At this point you just need to press OK and restart your browser and that’s it.  Next is a quick check, just go to Google and type ‘my ip address‘ and it should return your public internet facing address, which if the proxy is working properly should match that of the proxy server you inputted. You should also be able to navigate to a web site as normal, there may be a small delay depending on the speed of the proxy you are using.

Now be very careful, from this point on everything you do on that browser is routed through that proxy server, don’t visit any site that requires any credentials – certainly nothing like Paypal, webmail or any account of importance.  If you go and do your home banking via an random proxy server fished out from one of these proxy lists, then I’m afraid bad things are likely to happen.   Just use simple web sites or perhaps to stream from the BBC (UK proxy needed) to watch video.

If you’re using the proxy for security and to hide your location, remember that although the proxy may hide your location from websites you visit you have  no control about what information is logged on the proxy.  It’s worth bearing this in mind as commercial ninja proxies will delete or remove logs but you simply don’t know what happens on these servers.   After you’ve finished then remove the settings and restart your browser to stop using the proxy.

 

Broken Smart DNS for US Netflix – Here’s the Fix

There’s a bit of a war starting online, and it looks like it might get a bit nasty.  Only a few days ago, Netflix announced that they would be launching a Australian/New Zealand version of it’s popular media streaming site.   There was one slight issue though for the global media giant, it estimated there were already over 200,000 Netflix US members already streaming from Australia. Now this wasn’t some strange mass exodus of US citizens in search of Aussie beer and TV. It referred to  the fact that loads of Australian’s fed up with the local online offerings and their TV stations were using programs like . to stream US Netflix already.

Unblock and Watch American Netflix in Canada using VPN or Smart DNS proxies

They were also using some configured proxies, although mostly these don’t work any more and the new Smart DNS technology to bypass the blocks. Normally when you sign up for a Netflix account, you actually receive a global enabled one.  This means that what you see is actually based on your location.  So my UK Netflix account turns into a US one when I’m physically in the USA, it’s a German account when in Germany and so on.  Which is fine except for one small problem, the US version of Netflix has literally thousands more films, movies and TV shows than any other version. The UK version of Netflix is ok, but the US version is awesome.

So everyone started to use methods which hide their IP addresses and get access to the US version of Netflix (although Canadian Netflix isn’t too bad either).  One of the most important was Smart DNS, which is the easiest way to get access on devices like Smart Phones, Smart TVs and other such devices.   This is the service I use and it comes highly recommended. But that looks like it was stopping, over the last few weeks Netflix has updated it’s client software on these devices and built in something that stops Smart DNS working (here’s exactly how Smart DNS works).   Now on any of these updated devices, you can only access your legitimate country version of Netflix, which means if you’re not in a Netflix enabled country you can’t watch it at all. Basically they’ve updated their systems so that third party DNS servers can’t be used to resolve the addresses of the Netflix Site.  This means that none of the Smart DNS solutions work any more.

How to Fix Broken Smart DNS for Netflix

Fortunately there is a solution which follows, I have demonstrated on my router a Netgear WNDR 4500 but you should be able to do this on most decent routers. Basically Netflix is forcing everyone to use specific DNS servers, the Open DNS and Google ones, in order to stop the Smart DNS trickery working.  The fix ensures that these DNS servers are not accessible and the client will then go back to the Smart DNS ones – So here’s the fix, first go into your routers configuration screens – mine is accessed by putting it’s internal ip address into a browser . i.e. http://192.168.1.1 which gives me this screen. netgear-smartdnsfix1 You then need to move down to Advanced settings and select Static Routes.  From this screen we need to make sure that the four public DNS servers that Netflix is trying to force us to use are not accessible. fixrbokensmartdns2

Here’s the screen (click to enlarge), and you need to simply add a route for each DNS server to ensure it never gets to it’s destination.
Commonly the information required is –  Destination IP address – the address of the DNS servers as follows:

  • 8.8.8.4  Google DNS
  • 8.8.8.8 Google DNS2
  • 208.67.222.222 Open DNS
  • 209.244.0.3   Open DNS

Subnet Mask  – Put in 255.255.255.255 Gateway IP address – Your Router or a made up internal IP address – mines set to a PC 192.168.1.253 Metric – 2 This should ensure that none of your devices will be able to access any of these DNS servers, thwarting Netflix’s plan and making Smart DNS work yet again – hooray!!  The last check to see if it’s working is to ping any of the devices to see if they can be accessed. pingcheck-dns Here’s an example, you can see the Google DNS server is not reachable.  Now Netflix runs like a dream again and connects to the USA version without a hitch.  This obviously relies on you having a router which allows static routes to be set up, however this is not always possible – the crappy routers most ISPs hand out are usually locked down so you can’t get access to these.   There are other potential solutions which I’ll check out and hopefully post up here if I get chance.

What’s My Port – Why is it Blocked?

So what’s a port? Does my computer have one and where do I find it?  Are a selection of questions I often get asked when trying to explain why they can’t access their favorite proxy server, or use file sharing sites whilst they are at work.

Computer ports are of course very dull, but they are intrinsic to how computers work.   Firstly a quick distinction – there are actually two distinct categories of ‘ports’ when you’re referring to computers – hardware/physical/peripheral ports or network/virtual ports.  With regards to computer security, it’s the network ports which we are most interested in,  physical ports are just the places you plug things in on the back or side of your computer.  The common ones are USB, Serial, Parallel, VGA and stuff like that – here’s a picture of two common physical ports you might find –

Computer Ports

The network ports are virtual, they don’t physically exist but are merely exist to allow information to flow across a network between different devices and programs. They are an important part of TCP/IP networking and some knowledge can be of great benefit if you are having filtering or blocking issues. Your computer will be constantly opening and closing these virtual ports when you’re online and you can see which ones are open by running a program called netstat from the command prompt, or for a more user friendly display try one of the freeware tools like Currports which will allow you to see them a little easier.

Port List Computer

Click to Make Bigger

You’ll see in the graphic that there are loads of ports open in response to what programs and applications are running on my computer. Most popular services tend to use standard ports, although this isn’t essential – in the list above you’ll see that there are processes being established on port 443 – this is the SSL port and is open on my computer as I’m logged into my Facebook account in my browser. It’s worth having a look at these lists on your computer because every process there is effectively using your computers resources in some way. For instance I noticed that Dropbox which I stopped using months ago was still sitting running on my computer listening on several network ports.

You can often tell which program or service is running simply by the port number. For example web browsing will normally take place over 80 or 8080, SSL on 443, FTP on 21, DNS Services use 53 and Email 25. I’ll put a more extensive list up in a separate post because it’s useful to have a reference. These ports are therefore also used when someone is trying to block access to something. So for example if you’re the administrator for a corporate network and you want to stop people using FTP to upload or download files from the internet, you could block port 21 which would effectively break standard FTP clients.

It’s a common tactic and is a simple way to control access on a large scale, for example the Great Firewall of China will block ports that are used by anonymity programs like TOR or indeed those using a UK proxy for BBC. However it’s also possible to circumvent blocks like these if you are able to utilise non-standard ports. For example modify your FTP client to use something other than Port 21 to communicate or relay your email through something other than port 25. In the next post I’ll show you how you can use Identity Cloaker to redirect any application traffic onto whichever port your decide and bypass these filters.

Some Useful Proxy Definitions

If you’ve searched around looking for secure proxies to use, you’ve probably come across these three definitions –

  • Transparent Proxy
  • Anonymous Proxy
  • Elite Proxy

Now none of these definitions are set in stone, but they’re used in most sites to describe the different level of security and privacy afforded by a particular proxy.  The three definitions are explained here on this video

However if you don’t want to listen to the video, here’s the basic concepts.

Transparent Proxy
This is a very basic proxy server which actually provides very little security or privacy. This server simply forwards all parts of the request without any restrictions at all, this includes your real IP address. The web site you visit will be aware of your real address and the fact that you are using a proxy to access. It’s commonly used merely to speed up internet access, particularly by caching popular pages. If you want some security or privacy, then you need to use a different type of proxy server.

Anonymous Proxy
These are probably the most common form of proxies particularly if you’re looking at free ones. This server will hide your real IP address from any web site you visit. However it will normally forward some information in the form of HTTP headers. This could include information about the proxy software, the IP address of the proxy etc. It does offer a certain level of privacy in that it will normally protect the client address, however a lot depends on individual configuration settings.

Elite Proxy
This proxy offers the highest level of security and privacy similar to a VPN but not necessarily with the encryption. Not only does an Elite proxy hide your real address, but it also hides it’s own existence as a proxy server. Many sites block access to clients who are using proxies so this can be very useful. The elite proxy server should forward the absolute minimum of information required and should look like a normal client itself. Again though a lot depends on how it is configured, some Elite proxies are much more secure than others. Also just because something is labelled ‘Elite’ on a web site does’t necessarily make it true!