A golden opportunity: the bank we’re about to rob is moving to new premises today. To our luck, they’re also testing alarms until 4 PM, so it won’t be suspicious if we accidentally set one off. There is an open window on the first floor protected by a single sensor. Our inside man among the staff has placed an IP camera into the sensor cabinet, so we can see if the sensor we are trying to break has the ‘status OK’ or the alarm is screaming. The IP camera is streaming to YouTube — alas with a delay. The problem is that the sensor communicates via radio waves: every 15 to 30 seconds the diode beeps and the device sends a signal. We’re listening, trying to imitate it, and when we’re sure, we’re gonna shut down the sensor and turn on our little imitation that we built. What is left is just to arrange the tin foil between the antennas, like this… the sensor alarm’s blaring! We are holding our ears and will try again in half a minute.
Pexeso: cyber education through play without a computer
Today’s children often learn to play a video on a tablet before they utter their first sentence, and game applications are often more popular among our little ones than toy blocks. When the parents find out that a cute hat for a virtual doll has deprived their account of an amount exceeding the price of some real fashion accessory, they start taking an interest in the security settings and in what their kids do on the computer.
From honeypots to router analysis
It all started when we received a response to one of the automatic e-mails generated by our honeypots when they detect an attack attempt or suspicious behavior. These notifications are sent to abuse contacts of the network from which the attack originated. Portscan of the WAN interface:
Impressions from the Locked Shields 2017
Locked Shields is the largest international cyber security drill. It is regularly organised since 2010 by NATO CCDOE (Cooperative Cyber Defence Centre of Excellence), and the focus of the drill is a clash between two teams. The red team attacks the blue team, which plays the role of the defender. This year, the drill was attended by a total of 19 blue teams. The teams were charged with the defense of a diverse computer infrastructure of a fictional country’s military base consisting of different servers, numerous workstations, SCADA systems, etc. The defenders were to face attackers, whose objective was to damage, compromise, or completely take down the network or its elements, or at least to make things complicated for the defenders. In addition to the technical part, the drill is focused also on strategic decision-making, cooperation with the press and the handling legal matters. We were invited by colleagues from GovCert and assigned to the “Linux team”.
Telnet is not dead – at least not on ‘smart’ devices
Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But regardless of your age, you would probably not consider Telnet for anything you currently use. SSH has become the de facto standard when it comes to remote shell connection as it offers higher security, data encryption and much more besides.
DNSSEC signing with Knot DNS and YubiKey
Knot DNS 2.1 introduced support for DNSSEC signing using PKCS #11. PKCS #11 (also called Cryptoki) is a standard interface to access various Hardware Security Modules (HSM). Such devices are usually used to improve protection of private key material. The interface is rather flexible and gives the HSM vendors huge amount of freedom, which unfortunately makes its use a bit tricky. There are often surprising differences between individual implementations.
The most significant attacks addressed by security teams in the Danube region
On March 15, 2016, the concluding conference of the project “Cyber security in the Danube region” (CS Danube) took place. The main objective of the project joined by representatives of security teams and organizations from Croatia, Austria, Slovakia, Serbia and Moldova, as well as our team CSIRT.CZ, was to strengthen the capacity of individual teams and cooperation in cyber security.
Extracting and distributing information on incidents, or what is PROKI
In the last blogpost, I promised to write something about our new project PROKI. PROKI is the abbreviation of the Czech phrase for ‘prediction and protection against cyber incidents’ and in this project, our team set two goals for itself.
Metal or not metal? That is the question!
This Hamletesque question has haunted our team in connection with Omnia for a few months. Turris Omnia was introduced as a home router in a nicely shaped plastic case and for a long time we did not even think of other options. 5 GHz Wi-Fi connection was intended to be provided by three outside antennas and the “older” Wi-Fi at the 2.4 GHz frequency was supposed to be broadcast, sort of obligatorily, with two internal antennas, more or less for backwards compatibility with older devices.
Useful tools for malware analysis
In early October, the international project “Cyber Security in the Danube Region” organized training for security teams operating within the region. As sharing of information and knowledge are essential in the field of security, I decided to write a post in which I would like to draw attention of the security community in the Czech Republic to two very interesting free tools.