Category: security

Hacking Your Exam Grades

There’s a scene in the iconic 80’s film Ferris Bueller’s Day Off where the hero logs into his school’s computer system and starts modifying his records.   It’s a dream that’s probably passed through the thoughts of millions of young people over the years.  If only I could just go and change a couple of those grades discretely, no-one would ever know.

ferris-hacker

Unfortunately as with nearly all ‘computer crimes’, committing is much, much easier than getting away with it. The problem is that it’s very difficult to hide your tracks online, one tiny mistake and there’ll be lots of markers pointing your way.

This is exactly what has happened to student Imran Uddin early this year. A bio-science student at the University of Birmingham, Imran decided that his projected 2:2 degree wasn’t quite good enough and decided to try and gain access to the Universities Exam system to modify his grades slightly – changing the scores on five exams in order to boost his grades.

His attack involved installing keyloggers into a selection of the Universities computers in order to steal staff passwords who had access to the exam recording system.
keylogger
These are little hardware devices which you can pick up for a few dollars on the internet, that plug into the back of a computer and record every keystroke made on that keyboard. It’s the easiest way to steal usernames and passwords as it operates at the hardware level and you don’t need to worry about encryption and security. Imran managed to grab a handful of staff accounts including ones that were able to change the exam grades, where he duly modified his own.

Of course, the problem is that these devices have to be installed and can be identified if someone looks carefully enough. Which is what happened in this case, a technician performing an upgrade on some computers in the Bio-Science lab noticed the device. Of course then all the University computers were checked and staff found several more including one on the back of a computer in a staff only area.

After that all roads led back to Mr Uddin and when police checked his own computers they found a huge amount of incriminating evidence. There were ebay searches and purchases of the keylogging devices, evidence of a failed attempt to login to the University marking system plus loads of other forensic evidence incriminating him.

Which is mainly the problem with these computer crimes, although they’re pretty easy to commit, it’s very difficult to hide all this incriminating evidence when people start looking for it. There will be CCTV records of the keyloggers being installed, records of IP addresses and logins and of course simply looking at backups of the exam system will reveal logs of grades being modified. You can route your connection through Russian or Australian proxies but if you leave obvious clues elsewhere it won’t help you.

I once investigated a system where criminal records where accessed by someone who shouldn’t have had access. Looking at the logs of this system it took about ten minutes to find them – although there were hundreds of thousands of records the culprit stood out like a sore thumb. While every legitimate user of the system logged in and performed searches using an account in this format – USR1077672356, one account was logged in as Jamie333 (details slightly modified!). It was the first account checked and despite the individual being cunning (his name was not Jamie) it didn’t take long to find lots more evidence.

Mr Uddin was sentenced to six months and presumably lost his degree completely, he also faces the possibility of legal action from the University too. It’s impossible to know how many people actually get away with crimes like this, but one small mistake or piece of bad luck and it’s very simple to track the culprits down. Still kind of feel sorry for the guy though, but there’s definitely a lesson to be learnt here!

How Can I Find Free Ninja Proxy Lists

Like everything online that is free,  proxy lists do come with some risks and problems – and you should know that you aren’t going to get a secure ninja proxy that should go without saying.   However for anyone who’s a bit pushed for cash  or just enjoys the adrenaline rush of routing all their web traffic through some unknown server – here’s a quick guide of finding free proxies.

Creating Free Proxy Lists

First of all you must remember that these proxies change almost hourly, so there’s no point finding a list that two years old – nothing will work.  There are also numerous web sites which compile this information from a variety of sources, but I’ve no idea which if any of these are trustworthy.   So we’ll leave ourselves in the laps of the search gods by using a simple search, the following will search for some proxy lists to check out.

+”:8080? +”:3128? +”:80? filetype:txt

Just put the search string into Google and it should produce a list of proxies where you can select a server to use.  Here’s a decent looking one I found using the above search expression.

free proxy list

 This particular list splits the proxies into IP address, port number, level of anonymity (pah) and the country of origin.  The country is particularly relevant if you’re trying to access some sort of resource.  However it should be noted that simple proxies are no longer able to bypass most geo-location checks at least for the  big media sites.

For example Hulu will not be accessible via a US proxy any more, the site will detect the proxy and block you.  They still work for a couple of sites (including the BBC last time I checked though), but for bypassing blocks for these sites you’re going to need encryption and a VPN, or use Smart DNS.

Anyway, so you’ve got your proxy ip address and it’s ready to go – what’s next?  Well you could run a quick check to see where and what this server belongs too, it might give you an idea of who’s running it and how it found itself on a proxy list.  Go to somewhere like https://who.is/ and type in the IP address, you’ll then see who owns it.

From the list I just produced I found a variety of services, dedicated servers from an ISP, an Arts company based in London and a few private addresses probably assigned to residential addresses from an ISP.

Which ones are safest ? Well it’s difficult to say, company infrastructure like the arts company are generally misconfigured and accidentally left open.  They might be quite quick initially, and perhaps safer to use but of course there is the issue of using someones servers without permission in this instance.    I’d personally stay clear of any addresses that look as though they are assigned to domestic customers mainly because they’ll probably be very slow and may be being used to try and harvest personal credentials (although any of the servers could be doing this.)

So after a quick check (or not) then you’re ready to use the server, what exactly do you do with it?

Well the simplest way is to just tell your browser to use the proxy while you’re surfing which is quite simple to do.    You need to find your browsers connection settings, here’s mine for Google Chrome – and simply add the proxy server address and the port number to use in the box next to it.  It will be in different places depending on browser but it shouldn’t be too hard to find, if it is you’re definitely out of your depth here!

proxysettings

 

At this point you just need to press OK and restart your browser and that’s it.  Next is a quick check, just go to Google and type ‘my ip address‘ and it should return your public internet facing address, which if the proxy is working properly should match that of the proxy server you inputted. You should also be able to navigate to a web site as normal, there may be a small delay depending on the speed of the proxy you are using.

Now be very careful, from this point on everything you do on that browser is routed through that proxy server, don’t visit any site that requires any credentials – certainly nothing like Paypal, webmail or any account of importance.  If you go and do your home banking via an random proxy server fished out from one of these proxy lists, then I’m afraid bad things are likely to happen.   Just use simple web sites or perhaps to stream from the BBC (UK proxy needed) to watch video.

If you’re using the proxy for security and to hide your location, remember that although the proxy may hide your location from websites you visit you have  no control about what information is logged on the proxy.  It’s worth bearing this in mind as commercial ninja proxies will delete or remove logs but you simply don’t know what happens on these servers.   After you’ve finished then remove the settings and restart your browser to stop using the proxy.

 

Global Internet War – Chinese Great Cannon

We’ve all seen those scaremongering stories on mainstream media, about cyber wars and the internet becoming a battlefield.  Usually these are rather over the top,  however a story is breaking now which is making these seem much more of a reality.

The story starts with a web site called greatfire.org which provides news and information around Chinese censorship in general and the Great Firewall of China specifically.  It contains lots of information and links to VPN and proxy tools like Identity Cloaker which can be used to circumvent the Chinese firewall and surf without restrictions.
Now obviously sites like these are not very popular with the Chinese authorities and generally can be difficult to access directly (although the site is mirrored across several locations).  It comes as no great surprise that sites like these are routinely blocked, but what has happened next is a significant escalation by the Chinese authorities.

Unleash the Great Cannon 
cannon-308996_640

On the 16th March the greatfire servers came under a huge DDoS attack, 10 days later an open source developer’s site called github came under a similar attack.  Basically the sites experienced a huge surge in traffic which their servers were unable to cope with and simply fell over.

The origin of these attacks were from thousands of computers mainly from across Asia (although outside China).   The source were thousands of clients and some injected JS scripts from traffic which appeared to be destined for Baidu (the Chinese search engine).

At first it was unclear who was responsible for coordinating these attacks, until Citizen Lab, a group based in the University of Toronto, investigated the attacks and released this report.  It is from their hard work that we can see the real culprit behind these attacks.

Basically the Chinese have developed a system which can intercepting foreign unencrypted traffic destined for any location in China, then insert malicious javascript to attack any target they specify.  This offensive system has been dubbed as the Great Cannon of China and in this instance  performed this man in the middle attack on the two sites greatfire and github.  A large proportion of unencrypted traffic was intercepted and diverted to these sites in order to overwhelm them.

So just to explain, if you had perhaps used Baidu on the 16th March, your browser may have been involved in the attack completely without your knowledge.  The Chinese have developed a system which is able to leverage internet traffic to basically destroy any web site they wish for a limited time.

Of course those worried about a one sided war where the Chinese obliterate sections of the internet, should be aware that the UK and USA intelligence services have already developed and tested similar technology.  However for free speech and internet neutrality it’s an extremely worrying development.

Summary 

It’s an extremely aggressive and high profile attack, the report seems fairly conclusive that it was conducted by the Chinese state, with parts of the code from libraries identified from the Great Firewall and several confirmed locations on the firewall injecting the scripts.

The worry is that the Chinese will so openly inject malware into any inbound traffic and redirect it at any target it likes.   This man in the middle attack could easily be redirected at any target they wish. Although larger sites may be able to cope in the short term, effectively it could finish any web site without significant resources.  The bandwidth bill of greatfire.org shot up by tens of thousands of dollars during the attack, costs that most web owners wouldn’t be able to cope with.  In fact small sites could easily be subverted quickly and efficiently using these methods – read this post which records the demise of Tomaar.net, a Saudi Arabian discussion forum.

Technically there is an even more worrying possibility, in that any computer can potentially be compromised by simply visiting any Chinese website without encryption.  The code could be altered to identify specific computers (perhaps IP addresses used by foreign Government computers)  and then infect them directly rather than launching an attack on a third party.

The possibilities and threats are endless, so unless you want to be involved in an attack it’s probably not a wise move  to visit any Chinese (Non-HTTPS) based website without using encryption.  Although this can be difficult to identify with adverts and analytics often embedded into websites which you can’t see.

Commercial pressure will hopefully cause some damage to stop the Chinese attacks, internal pressure stopped the attack on Github as it’s a powerful resource used by many Chinese programmers.  It’s not going to do a great deal for any Chinese based internet commerce or technology company either, who wants to risk being directly involved in the crazed attacks of the Chinese State on free speech websites?

Superfish Vulnerability – Free Gift from Lenovo

This week saw some staggering news, which even now a couple of days later I still find hard to believe. It’s something you might expect happening in North Korea or China, but not here!

The hardware manufacturer Lenovo, who sell millions of laptops and PC all over the world has been installing an adware program called Superfish on all their new machines. That’s right, no longer do you have to worry about getting malware installed from visiting dodgy porn or torrent sites, just buy a Lenovo laptop and they’ll pre-install them for you.

So let’s just state that again –

A computer manufacturer called Lenovo is pre-installing adware on new computers.

It’s that incredible, I think it’s worth repeating. It doesn’t matter that it has a cute cartoony name like Superfish, this is an incredible abuse of trust powered simply by greed.

superfishThe adware installs adverts into your browsing which make Lenovo money everytime you click on them.  You know adware, the stuff we all hate and go to great lengths to avoid installing.

Lenovo justified themselves in pretending that these ‘MONEY MAKING ADVERTS’ were actually for the customer’s benefit – describing Superfish as advanced technology which helps customers find different products at lower prices using image analysing techniques. I’m sure everyone capable of operating a laptop is able to see through that pathetic justification.

Unfortunately it get’s worse, not only Superfish is happily inserting damn annoying adverts into your browsing but the method it uses is actually making your computer even more vulnerable.

Superfish inserts a self-signed root certificate onto your computer giving it the capacity to intercept all your HTTPS encrypted traffic

It’s called a Man in the Middle attack and it’s something I have demonstrated on this blog previously. But basically they’re intercepting even your secure traffic so that they can insert their money making adverts. They’re apparently using the same default certificate on every single machine which effectively compromises security on each of these. Each Lenovo machine which is affected basically has a pre-installed vulnerability waiting to be used by anyone who wants to intercept your traffic.

It’s truly incredible and it’s been allegedly going on since mid-2014 so who knows how many millions of machines are riddled with this program.

Here’s a tool from the security company Last Pass which checks if you are at risk – Superfish Checker.

Hopefully Lenovo suffer a huge commercial loss due to this incredibly greedy and sneaky act – I for one will never consider buying anything from this company ever again.

Is Smart DNS Safe? Using Free Smart DNS Codes

A lot of people are starting to use Smart DNS instead of the traditional methods of accessing geo-blocked content.   However people still seem to overlook the huge potential risks in using these free codes and servers that conveniently appear on the internet.

is smart dns safe

But first let us back track and attempt to give a short overview of Smart DNS and what it’s actually used for.  It is basically the next step in the war against web sites who want to control access to their content based on your location.  If configured correctly it has the potential to give anyone access to sites like BBC, HBO, ABC, ITV, Pandora and Netflix irrespective or where you live.  SO you can watch the US version of Netflix from Ottowa, then switch to the UK only version of BBC iPlayer without any problems.

Of course, VPNs and proxies already allow this – however the beauty of the Smart DNS proxy solution is that it works almost seamlessly in the background and can be enabled on virtually any network enabled device.  In the past, people have searched how to get proxy or VPN authentication working on games consoles, iPads, mobile phones or Smart TVs.  This can often be very difficult and sometimes it’s virtually impossible.  With Smart DNS it’s not required, simply change your DNS server and it’s done, it takes minutes and then it’s done – watch this for a demo.

It’s easy to see why it’s becoming more popular, incredibly easy to use and you can simply set and forget.  However it’s important to understand how this actually works and you’ll find the majority of smart dns reviews somewhat lacking in explanations.

How Smart DNS Works

To properly consider the risks of using this technique, it’s obviously useful to have an idea of how it works.   Instead of using your standard DNS server usually assigned by your ISP on connection, you are instead forwarding all DNS requests (the lookups that tell your computer where to find a certain web site) to a specially configured Smart DNS server.  This server will run a DNS forwarder (such as DNSmasq) which will intercept certain domain names, these will be typically the geo-blocked sites like BBC, Hulu  and Netflix.

All other requests will be resolved normally, however any request for the specific geo-blocked sites will be routed to a remote proxy in the correct location.  So for example if you request a video from BBC iPlayer your browser will automatically be redirected to a UK proxy where the connection will be made.  If you then switch to Hulu, your request will be redirected to a US based proxy instead.   Basically you will be rerouted to specific servers using the DNS forwarder – this will all be done in the background.

It’s a very simple and clever technological work around, a well configured and fast Smart DNS server works incredibly well.  You’ll be redirected through a proxy when you need to be to access the site, otherwise the DNS requests will be resolved normally.

So are there any risks to this method?

Unfortunately there are,  simply because you are giving a third party server almost complete control of your web browsing.  There is absolutely nothing to stop this server from rerouting any web request you make – here’s an example.

  • You type in paypal/home banking site  into your web browser as you want to pay some bills.
  • The Smart DNS server reroutes your connection to a different website where a mirror of Paypal/your bank site is stored.
  • You login to the fake version of the website using your username and password.
  • Your account details are stolen and your account accessed.

If it was done well, you would be completely unaware of this happening. You will have given the Smart DNS server complete control of your browsing and the ability to decide which web site it sends you to.

This is the main issue (although there are some others), the fact that anyone can knock together a Smart DNS server and use it to steal usernames and passwords quickly and easily.    All they need to do is release it on the net and post a few ‘found these free dns codes’ type messages on social media sites like Facebook and Youtube, they’ll soon have a flood of potential victims.   It’s an incredibly profitable cybercrime, people can have their various accounts plundered, identity stolen whilst thinking they’re getting a great deal whilst watching the BBC for free!

Remember changing your DNS setting hands over complete control of all your web browsing.

So back to the main question – is smart dns safe ? Well if you’re using free DNS codes found on random posts on internet forums and bulletin boards no almost certainly not.   They have the same inherent risk that using free proxies and vpns have – basically why would people do this for free, well they don’t there will always be an ulterior motive usually involving your personal details.

Of course the commercial Smart DNS services are a completely different matter.  They are on the whole run by legitimate companies who secure their DNS servers and the proxies that they route through.  The problem with these is not whether they are legitimate, but the fact that they are easier to block than VPN services.   For example Netflix have waged war on all methods of bypassing their region locks and 99% of Smart DNS services stopped working in 2016.   The technology is unfortunately much more vulnerable to blocking than the VPN services like Identity Cloaker, and of course doesn’t offer any encryption or security to your connection.

Still there’s no doubt it is easier to set up than a VPN on things like Smart TVs and media streamers so a commercial Smart DNS service is still useful to many people. However you should always check first that it works with the media sites you require, many don’t work with the BBC too.

At the moment you can try out a Smart DNS proxy review for free on probably the most advanced Smart DNS system  (only one that works with Netflix) –
FREE Trial of Unblock US Here

Try it out and see how it works for you.