CYBER INSECURITY

cybersecurity

The recent rash of  hack attacks, which caused only a little embarrassment to CENTCOM and  damage to the images of some SONY execs, has caused President Obama to initiate high-level discussions on the subject this week.  Channeling Johnny Cochrane on the 12th, the President said, ” If we are going to be connected, then we must be protected.”

 

We agree.  On  June 3rd in this space we posted the details of a Ukrainian-based malware scam that cost victims millions, and we strongly oppose people and organizations that terrorize the Internet.  The cyber security experts usually point at the endusers, chastising them about using passwords more effectively. The experts would have us believe that no site or web application can be made hack-free.   At a recent cyber security industry trade show, one booth featured many types of traditional locks, including some of the best home locks.  As a demonstration, each lock was picked.  The purpose of this was to show that–given enough time–even the best locks can be compromised, and to show  that any security we think we have in the physical  world is as elusive as it is in cyberspace. Then these experts ask you to hire them to help make your infrastructure more secure.  They have set a very low  expectation–easy to fail to  deliver security if it’s really impossible in the first place.   Blame it on all those users and their passwords.     Hopefully, the President’s efforts will push the discourse to a more accountable level.  The good news is that we CAN improve security.  The people who can most effectively push back the black-hat hackers are the people who build and deliver the products and services  that are getting hacked.  Improved security needs to be designed into the hardware devices and software applications, starting with server, smartphone, and personal computing devices, and the high-usage, apparently wide-open  ( are there any security folks  at Facebook and Twitter?) social media applications.  Hacking generates unusual traffic quantities and qualities.   It is possible today to build products and applications that monitor themselves for such unusual activity.

Self-monitoring software applications and Internet devices are necessary firstly to end the current level of black hat activity, but drastic improvement by manufacturers and service providers is most importantly needed to protect the nation’s financial infrastructure and to enable the Internet of Things and smart homes.   The billions of dollars  created by companies using the Internet to deliver their product or service are more than enough to fund a major effort to improve the most-ubiquitous, highly-used products and applications.   Google has the expertise to create a core group of “white hats,”  talent that could be used by manufacturers and very large endusers, like the federal government.    Perhaps providing developer/designer  resources  to hardware and software manufacturers would be a more valuable contribution from Google, for example, than a smart thermostat or smartglass.

Bill Patch, 01/15/

 

Huge Hacker/Extortion Ring Busted

A U.S.-led operation , which included Australia, the European Cybercrime Center, Canada, France, Germany, Italy, Japan, Luxembourg, New Zealand, and Ukraine, recently disrupted a network  of 500,000 – 1,000,000 computers that had been infected by a malicious software named “Gameover Zeus.”  The botnet  was used to gain control of bank accounts and extort money from victims.  One sub-program. named Cryptolocker, had infected more than 234,000 machines.  Cryptolocker encrypted bank account files, and then the gang demanded payments for release.  More than $27 million was paid  in its first two months operating.Zeus

 On May 7th, Ukrainian authorities seized  and copied Gameover Zeus command servers in Kiev and Donetsk.  Recently, about 300,000 victim units have been reclaimed. “We took control of the bots, so they could only talk to us,” said Brett Stone-Gross, a Dell expert who assisted the FBI. On June 2nd, a criminal complaint was filed in Nebraska against Russian Evgeniy Bogachev.

 

Source:  Business Insider

 *   *   *

Perhaps we are fortunate that the Ukrainian officials were still independent enough of Russia to cooperate with the group of nations that conducted this operation.   At the least, this incident illustrates how important global cooperation is to secure and protect the Internet.  The good guys beat the bad guys in this case because the cooperative effort included the equipment manufacturers and a  majority of the nations affected.

 With steady vigilance and  an effective balance of government and business expertise and cooperation, we can keep the Internet free and secure.

Bill Patch  06/03/14

 

WordPress Permissions and Security

Our clients have found the functionality for the wordpress framework to be quite good at putting power to control content and information on their site. We also find the wordpress framework to be flexible and powerful to use as developers.That said all this functionality does come with a price. Security and file access permissions are important to set-up properly. Instructions on what to do are also vague/hard to follow.

Recently one of our clients who maintains her own site was hacked. Now you hear a lot about hacking, but most folks don’t know what that actually means. Here is a picture of the hack that was added to plugins on her wordpress site.

best pharmacy viagra

 

That looks like a lot of gibberish but what it is is encrypted code using a base64 encoding which a lot of software uses for non-malicious means. If we translate it we get this:

Ok more code gibberish for the non-coders, but to give a quick translation this = referring sites like facebook, google, myspace etc are re-directed from your site to another site of their choosing. This makes it hard for you to know you have been infected unless you regularly check your site from outside locations (not typing in the URL directly and instead looking at search results).

So what do you do? First off don’t panic. And really don’t panic if you have good backups. (Ok official shout-out to our friends at rackspace managed backup. We backup entire file structure for all our servers daily. Combine that with the awesome customer service we get from our Managed Backup Team, and you know why our team sleeps well at night).

First Step-Clean up the Mess

Finding whats been infected is an important first step (You need to know what needs to be cleaned.) Start with a couple of key directories:

1) /wp-content/themes/your_active_theme

2) /wp-content/plugins/All Plugins

Take a look at these directories and in particular to the last time edited time stamp. Infections will likely have been done all at one, so you will be able to discover the date you were infected. Move these directories to a safe place for now.

3) copy your wp-content/uploads directory to a safe location. This usually has files/images that aren’t as open to infections, and  you’ll want to save them in the long run.

4) Your theme’s directory is important. If it has been infected cleaning it by hand can be a laborious process. This is where backups come in extremely handy. Once you know the date of infection, restore a version of your themes directory from your backups. If you do not have backups you are left with 2 options:

a) Manually disinfect removing all malicious code. This is hard…in one file on her site she literally had 1000 different encodings which make automation difficult. You also have to be aware of restoring the file to its previous state.

b) Download a fresh theme and re-deploy your customizations. This is also hard, but you should be able to at least see your customizations in your infected theme directory to give you guidance.

5) The final step is to download and install a fresh version of the wordpress framework. Move your uploads directory and themes directory to the new fresh version, and finally re-download and install your fresh plugins.

All together if you have good back-ups the process can be done in under 20 minutes. Without backups the time to back up goes upwards of 10-20 hours.

 

Second Step-Security and Permissions: Or how to make this never happen again.

This is where online guides tend to get pretty vague. We at Blazing Systems are not a fan of vagueness so with two clients permissions we set-up a bit of a permissions test to find out what worked best. What we did was change permissions on two sites at different times to see what exposed the site, and what didn’t expose the site to intrusion. Here is the permissions set-up that seemed to provide the most security while keeping most of the framework functionality intact.

1) General Permissions: We want to have the framework and the majority of files outside control of apache/users. So start with changing ownership of all files in the wordpress directory to ownership of the FTP user that accesses the site:

Example: chown -R site_owner:site_owner_group /wordpress_install_directory

Next we want to change access permissions: 655 or 755 seems to be good permissions to keep these files protected.

Example: chmod -R 755 /wordpress_install_directory.

2) Specific Permissions: You still want to be able to upload files and complete upgrades. Also a lot of the functionality in wordpress will give permission errors with the above settings. So we want to open permissions on 2 directories inside wp-content

chown -R apache:apache /wp-content/uploads and chown -R apache:apache /wp-content/upgrade

chmod -R 755 /wp-content/uploads and chown -R apache:apache /wp-content/upgrade

3) Open and Close Permissions: Some themes have very cool functionality making it easy to change the look and feel of the site on the fly. These files are in your theme directory, but opening them up = exposure, plus all the troubles above. We recommend only opening and closing permissions on this directory while actively working on it, then immediately re-securing when your completed.

 

 

 

Privacy & Piracy

Pirates and Privates…It seems we are hearing more and viagr a pfizer more about these subjects lately.  From famous people taking & sending pictures of themselves, to teachers writing about how bad the students and parents are, to bullying campaigns on Facebook, to Wikileaks and actual bandit pirates on the high seas…

Texts are written, pictures are sent, videos go viral…The ability to publish is now firmly in the hands of anyone with a cell phone…

It’s not that it’s new…Even pre-Internet, content and images were being recorded and archived…Recent events reminded me of an incident that happened over 30 years ago…It seems that one employee, a male, had a “crush” on a female employee.  He left various anonymous notes in her desk over the course of 3 weeks, and then left a picture of himself, taken with a Xerox machine.  As it turns out, she was not so impressed by his picture, and the local sex crimes unit was able to match the handwriting on his job application to the notes.

What’s new is how easy it is.  That guy had to go to  a lot of trouble to get a good shot of himself on the Xerox machine.  Now, one click anywhere.  And it’s so easy to send…no making copies or addressing envelopes…just hit send and away it goes…Away it went…Sometimes not enough time spent thinking with the big head before hitting the send button…

So, by now everyone must understand that all of their texts, emails, photos, posts, contacts, google searches, and purchases, are recorded, and archived, forever.

We advise our clients to consider email as public, rather than private, communication.  If you wouldn’t want to see it on a billboard, then don’t send it.