Give A Man A Phish, And You Entertain Him For A Day

With millions of phishing attempts happening daily, we’ve probably all had our fair share of coming across one. For the trained or naturally suspicious eye, it’s usually easy to spot them — maybe get a good chuckle out of the ridiculously bad ones along the way — and simply ignore them. Unfortunately, they wouldn’t exist if they weren’t successful enough in the big picture, so it might be a good idea to inform the targeted service about the attempt, in hopes they will notify users to act with caution. And then there’s [Christian Haschek], who decided to have some fun and trying to render the phished data useless by simply flooding it with garbage.

After his wife received a text message from “their bank”, [Christian] took a closer look at the URL it was pointing to, and found your typical copy of the real login form at a slightly misspelled address. As the usual goal is to steal the victim’s credentials, he simply wrote a shell script that sends random generated account numbers and PINs for all eternity via cURL, potentially lowering any value the attackers could get from their attempt.

As the form fields limit the input length of the account number and PIN, he eventually wondered if the server side will do the same, or whether it would crash if longer data is sent to it. Sadly, he’ll never know, because after he modified the script, the site itself returned a 404 and had disappeared.

In the quest against phishing attacks, this should count as a success, but as [Christian] seemed to enjoy himself, he yearned for more and decided to take a look at a similar attempt he saw mentioned earlier on Reddit. Despite targeting the same bank, the server-side implementation was more sophisticated, hinting at a different attack, and he definitely got his money worth this time — but we don’t want to give it all away here.

Rest assured, [Christian Haschek] continues the good fight, whether by annoying attackers as he did with ZIP-bombing random WordPress login attempts or battling child pornography with a Raspberry Pi cluster. Well, unless he’s busy hunting down an unidentified device hooked up in his own network.

(Banner image by Tumisu)

Plasma “Ghosts” May Help Keep Future Aircraft Safe

Air-to-air combat or “dogfighting” was once a very personal affair. Pilots of the First and Second World War had to get so close to land a hit with their guns that it wasn’t uncommon for altercations to end in a mid-air collision. But by the 1960s, guided missile technology had advanced to the point that a fighter could lock onto an enemy aircraft and fire before the target even came into visual range. The skill and experience of a pilot was no longer enough to guarantee the outcome of an engagement, and a new arms race was born.

An F-15 launching flare countermeasures.

Naturally, the move to guided weapons triggered the development of defensive countermeasures that could confuse them. If the missile is guided by radar, the target aircraft can eject a cloud of metallic strips known as chaff to overwhelm its targeting system. Heat-seeking missiles can be thrown off with a flare that burns hotter than the aircraft’s engine exhaust. Both techniques are simple, reliable, and have remained effective after more than a half-century of guided missile development.

But they aren’t perfect. The biggest problem is that both chaff and flares are a finite resource: once the aircraft has expended its stock, it’s left defenseless. They also only work for a limited amount of time, which makes timing their deployment absolutely critical. Automated dispensers can help ensure that the countermeasures are used as efficiently as possible, but sustained enemy fire could still deplete the aircraft’s defensive systems if given enough time.

In an effort to develop the ultimate in defensive countermeasures, the United States Navy has been working on a system that can project decoy aircraft in mid-air. Referred to as “Ghosts” in the recently published patent, several of these phantom aircraft could be generated for as long as the system has electrical power. History tells us that the proliferation of this technology will inevitably lead to the development of an even more sensitive guided missile, but in the meantime, it could give American aircraft a considerable advantage in any potential air-to-air engagements.

Continue reading “Plasma “Ghosts” May Help Keep Future Aircraft Safe”

Jeremy Hong: Weaponizing The Radio Spectrum

Jeremy Hong knows a secret or two about things you shouldn’t do with radio frequency (RF), but he’s not sharing.

That seems an odd foundation upon which to build one’s 2018 Hackaday Superconference talk, but it’s for good reason. Jeremy knows how to do things like build GPS and radar jammers, which are federal crimes. Even he hasn’t put his knowledge to practical use, having built only devices that never actually emitted any RF.

So what does one talk about when circumspection is the order of the day? As it turns out, quite a lot. Jeremy focused on how the military leverages the power of radio frequency jamming to turn the tables on enemies, and how civilian police forces are fielding electronic countermeasures as well. It’s interesting stuff, and Jeremy proved to be an engaging guide on a whirlwind tour into the world of electronic warfare.
Continue reading “Jeremy Hong: Weaponizing The Radio Spectrum”