The most vulnerable part of any secure information system is the human at the controls. Secure passwords, strong encryption, and stringent protocols are all worthless if that human can be coerced to give away the keys to the kingdom. The techniques of attacking a system through the human are collectively known as social engineering. While most of us don’t use social engineering in our day-to-day jobs, anyone can fall victim to it, so it’s always good to see this stuff in action. Some of the best examples of social engineering come from unlikely places. One of those is [Matthew Pitman].
[Matt] is one of those people we all hope we never to meet in real life. He’s a repo man. For those not familiar with the term, [Matt] is the guy who comes to pick up your car, boat or other asset when you fall behind on your loan payments. Generally, these repossession agents are contractors, working for the bank or loan agency who holds the loan on the collateral. As you might expect, no one is happy to see them coming.
[Matt] uses plenty of high-tech gadgetry in his line of work, everything from GPS tracking devices to drones. He calls his tow truck the Repo Ninja, and the interior is decked out with an internet connection, laptop, and tons of cameras. Even so, his greatest asset is social engineering. His 26 years of experience have taught him how to work people to get what he needs: their cars.
Continue reading “You Can Learn a lot about Social Engineering from a Repo Man”
LayerOne, the first level of security. [Brian Benchoff] and I are excited to take part in our first LayerOne conference this Saturday and Sunday in Monrovia California.
Anyone in the Los Angeles area this weekend needs to get out of whatever they have planned and try out this conference that has a soul. Get the idea of a mega-con out of your head and envision a concord of highly skilled and fascinating hackers gathering to talk all things computer security. Speakers will cover topics like researching 0day exploits, copying keys from pictures taken in public, ddos attacks, social engineering, and more.
It’s not just talks, there is a ton of hands-on at LayerOne as well. I plan to finally try my hand at lock picking. Yep, I’ve covered it multiple times and we’ve even had a session led by [Datagram] at the Hackaday 10th Anniversary but I’ve never found time to give it a roll. Of course electronics are my game and [Brian] and I will both be spending a fair amount of time in the hardware hacking village. We’ll have a bunch of dev boards along with us if you want to try out an architecture with which you’re unfamiliar. This year’s LayerOne badges are sponsored by Supplyframe; we’ll have something in store for the best badge hacks we see during the weekend.
See you there!
Most of us know that we should lock our computers when we step away from them. This will prevent any unauthorized users from gaining access to our files. Most companies have some sort of policy in regards to this, and many even automatically lock the screen after a set amount of time with no activity. In some cases, the computers are configured to lock and display a screen saver. In these cases, it may be possible for a local attacker to bypass the lock screen.
[Adrian] explains that the screen saver is configured via a registry key. The key contains the path to a .scr file, which will be played by the Adobe Flash Player when the screen saver is activated. When the victim locks their screen and steps away from the computer, an attacker can swoop in and defeat the lock screen with a few mouse clicks.
First the attacker will right-click anywhere on the screen. This opens a small menu. The attacker can then choose the “Global settings” menu option. From there, the attacker will click on “Advanced – Trusted Location Settings – Add – Add File”. This opens up the standard windows “Open” dialog that allows you to choose a file. All that is required at this point is to right-click on any folder and choose “Open in a new window”. This causes the folder to be opened in a normal Windows Explorer window, and from there it’s game over. This window can be used to open files and execute programs, all while the screen is still locked.
[Adrian] explains that the only remediation method he knows of is to modify the code in the .swf file to disable the right-click menu. The only other option is to completely disable the flash screen saver. This may be the safest option since the screen saver is most likely unnecessary.
Update: Thanks [Ryan] for pointing out some mistakes in our post. This exploit specifically targets screensavers that are flash-based, compiled into a .exe file, and then renamed with the .scr extension. The OP mentions these are most often used in corporate environments. The exploit doesn’t exist in the stock screensaver.
[Dave Jones] shows us just how bad audio equipment can get with his white van speaker scam teardown (YouTube link). Hackaday Prize judge [Dave] has some great educational videos on his EEVblog YouTube channel, but we can’t get enough of his rants – especially when he’s ranting about cheap electronics. Check out his world’s “cheapest” camcorder teardown for a classic example
This week [Dave] is tearing down some white van speaker scam A/V equipment. The White Van Speaker Scam (WVSS) is an international hustle which has been around for decades. A pair of guys in a white van stop you in a parking lot, gas station, or other public area. They tell you they’ve got some brand new A/V equipment in the back of their van that they’ll give you for a “great deal”. The speakers are always in fancy packaging, and have a name that sounds like it could be some sort of high-end audiophile brand worth thousands.
Needless to say anyone who buys this equipment finds they’ve been duped and are now the proud owner of some equipment which only sounds good when hitting the bottom of a dumpster. Coincidentally, a dumpster is exactly where [Dave] found his WVSS equipment.
The case of his “Marc Vincent” surround sound system turned out to be nothing more than thin chipboard hot glued together. The electronics were of such shoddy quality that few words describe them – though [Dave] is always ready to improvise. From the ultra cheap subwoofer driver to the 1990’s era vacuum fluorescent display, everything was built down to the lowest cost while still looking nice from the outside. Even the ground wire was just tack soldered to the frame. We especially liked the three vacuum tubes that weren’t even soldered in. The leads were bent over to hold them onto a PCB, while a blue LED lit the tube from below.
Click past the break to see what [Dave] found inside his “3D Optics” projector.
Continue reading “EEVblog Tears into the White Van Speaker Scam”
Most tech savvy individuals are well aware of the vast amounts of data that social networking companies collect on us. Some take steps to avoid this data collection, others consider it a trade-off for using free tools to stay in touch with friends and family. Sometimes these ads can get a bit… creepy. Have you ever noticed an ad in the sidebar and thought to yourself, “I just searched for that…” It can be rather unsettling.
[Brian] was looking for ways to get back at his new roommate in retaliation of prank that was pulled at [Brian’s] expense. [Brian] is no novice to Internet marketing. One day, he realized that he could create a Facebook ad group with only one member. Playing off of his roommate’s natural paranoia, he decided to serve up some of the most eerily targeted Facebook ads ever seen.
Creating extremely targeted ads without giving away the prank is trickier than you might think. The ad can’t be targeted solely for one person. It needs to be targeted to something that seems like a legitimate niche market, albeit a strange one. [Brian’s] roommate happens to be a professional sword swallower (seriously). He also happens to ironically have a difficult time swallowing pills. naturally, [Brian] created an ad directed specifically towards that market.
The roommate thought this was a bit creepy, but mostly humorous. Slowly over the course of three weeks, [Brian] served more and more ads. Each one was more targeted than the last. He almost gave himself away at one point, but he managed to salvage the prank. Meanwhile, the roommate grew more and more paranoid. He started to think that perhaps Facebook was actually listening in on his phone calls. How else could they have received some of this information? As a happy coincidence, all of this happened at the same time as the [Edward Snowden] leaks. Not only was the roommate now concerned about Facebook’s snooping, but he also had the NSA to worry about.
Eventually, [Brian] turned himself in using another custom Facebook ad as the reveal. The jig was up and no permanent damage was done. You might be wondering how much it cost [Brian] for this elaborate prank? The total cost came to $1.70. Facebook has since changed their ad system so you can only target a minimum of 20 users. [Brian] provides an example of how you can get around the limitation, though. If you want to target a male friend, you can simply add 19 females to the group and then target only males within your group of 20 users. A pretty simple workaround
This prank brings up some interesting social questions. [Brian’s] roommate seemed to actually start believing that Facebook might be listening in on his personal calls for the purposes of better ad targeting. How many other people would believe the same thing? Is it really that far-fetched to think that these companies might move in this direction? If we found out they were already doing this type of snooping, would it really come as a shock to us?
[Steve Wozniak’s] damn the man, devil may care attitude continues to show with this recent interview. Here he shows off the pad of $2 bills he had made up. He’ll sell one sheet of them to you for $5. Do you think that’s a scam? He say’s “you’d be an idiot not to buy it for five bucks” and after we dug a little deeper, he’s right.
Now, you really need to watch the video after the break before you read the rest of this feature. Trust us, it’s extremely entertaining. [Woz] mentions that he hired a local printer to make the pads for him, but he got the paper from a high-quality print shop. They meet the specs of the federal government and by law they’re legal tender. Each pad has a page of four bills which can be torn off of the gummed top, and there are perforations between each bill for easy separation.
Nothing illegal is going on here. We followed one of the YouTube commentor’s links to this article [Woz] wrote about his $2 bill exploits. The high-quality printer he buys the paper from is the Bureau of Printing and Engraving. He buys the bills in sheets and pays a premium for that option. Each $2 bill costs him $3. But the fun he’s had over the years is probably worth it.
Continue reading “[Woz] prints and spends his own $2 bills”
Looks like someone figured out how to game the Reddit system. This probably has been done before, but as far as we know nobody’s actually shared the methods in detail. [Esrun] wrote some scripts that allow him to register multiple accounts and use them to up-vote stories.
The hack goes something like this. A script registers a group of accounts. Each uses a different IP and the only part that requires intervention is typing in the Captcha. This doesn’t take long. You can see the script interface above as well as a demonstration video after the break.
Once the accounts have been acquired a story is submitted and the new accounts vote on it. They’re not all up-votes though, as having both up and down votes puts the article into the controversial section of Reddit (which is desirable), and doesn’t rouse as much suspicion from the moderators. He ran a few tests that he shares and it seems that as long as the article is interesting, this can be quite successful.
Great, more spam with our social media please.
Continue reading “Reddit hacking for votes and profit”