The Dark Arts: Hacking Humans

June 10, 2016 by Will Sweatman 53 Comments

One of the biggest challenges for a company that holds invaluable data is protecting it. At first, this task would seem fairly straightforward. Keep the data on an encrypted server that’s only accessible via the internal network. The physical security of the server can be done with locks and other various degrees of physical security. One has to be thoughtful in how the security is structured, however. You need to allow authorized humans access to the data in order for the company to function, and there’s the rub. The skilled hacker is keenly aware of these people, and will use techniques under the envelope of Social Engineering along with her technical skills to gain access to your data.

Want to know how secure your house is? Lock yourself out. One of the best ways to test security is to try and break in. Large companies routinely hire hackers, known as penetration testers, to do just this. In this article, we’re going to dissect how a hired penetration tester was able to access data so valuable that it could have destroyed the company it belonged to.

Information Gathering

The start of any hack involves information gathering. This is usually pretty easy for larger companies. Their website along with a few phone calls can reveal quite a bit of useful information. However, you can be assured that any company who has hired a pen tester has taken the necessary precautions to limit such information.

And such was the case for our hacker trying to gain access to the ACME Corp. servers. Her first target was the dumpsters – dumpster dives have been proven to unearth a trove of valuable information in the past. But the dumpsters were inside the complex, which was guarded by a contracted security firm. Through a bit of website snooping and a few phone calls, she was able to find out the department that was in charge of trash removal for the company. She then placed a phone call to this department. Using a social engineering (SE) technique known as pretexting, she pretended to be with a trash removal company and wanted to submit a quote to service their business. Using another SE technique called elicitation, she was able to find out:

that trash collection took place on Wednesdays and Thursdays
the total number of dumpsters
that there was a special dumpster for paper and technology trash
the name of the current waste removal company – Waster’s Management
the name of the employee in charge of the waste removal – [Christie Smith]

Dumpster Dive

Armed with this information, she went to the Waster’s Management website and grabbed their JPEG logo. Within a few days, she had a shirt and hat with the logo in her hands. She called the security department and said she was with Waster’s Management, and that [Christie Smith] had told her one of the dumpsters was damaged, and she needed to take a look at it before the next trash removal.

The next day, wearing the shirt and hat she had ordered online, she was given a badge from security and allowed access to the dumpsters. Now, any hacker worth her weight in PIC16F84’s already knows what dumpster she dove into. It didn’t take her long to walk away with several hard drives, a few USB drives and some useful documents. She was able to gain knowledge of an upcoming IT contract work, the name of the CFO, and the name of a server with some level of importance – prod23.

Hacking the Server

With some more SE, she was able to find out when the IT work was scheduled. It was after hours. She showed up a bit late and was able to walk right through the front door by claiming she worked for the IT contract company. She then shifted roles and pretended to be an employee. She approached one the real IT contract guys, and said she worked for the CFO, [Mr. Shiraz], and asked if he knew to be careful with the prod23 server. With more SE, she was able to find out the prod23 server was off-limits, encrypted, and only accessible by specific admins.

She was able to access an admin office, and it was there she would don her black hat. She booted the computer with BackTrack via USB and installed a key logger. She made an SSH tunnel to her personal server where she could dump the contents of the key logger, along with some other shells. Now, this is where things get interesting. She opened Virtual Box and used the computer’s hard drive as the boot medium. The VM booted the OS, and she hid all of the screen decorations to make it look like the target OS was running. The admin would log in without a clue, and our hacker would get their username and password through the key logger.

Once the login information came in, she was able to access the admin’s computer, and from there the prod23 server. You can imagine the look on the faces of the top executives for ACME Corp when our hacker handed them a copy of the keys to their kingdom.

Social engineering is human hacking, and a dark art in itself. Our hacker in this story would have never been able to even get close to the server if she did not have SE skills. No matter how secure you make something, so long as you allow humans access to it, it’s vulnerable to attack. And then it’s down to how well-trained your people are in repelling these kinds of intrusions.Just ask Target.

You can find the full story in the source below.

Sources

Social Engineering, The Art of Human Hacking, Chapter 8, by Christopher Hadnagy, ISBN-13: 860-1300286532

Dumpster Diving Nets 100 Arduino-powered Motor Controllers

November 6, 2012 by Brian Benchoff 47 Comments

Never one to pass up the recycle pile at work, [Scott] usually doesn’t find much. A few old hard drives, maybe a ancient laptop every once in a while, but on very rare occasions he finds something actually useful. This latest haul is a gaggle of stepper motor drivers that, with a bit of work, can be reverse engineered and turned into an Arduino.

After prying into one of the plastic-enclosed boards, [Scott] found a LED, a quartet of transistors for powering the motor, and an ATMega168 microcontroller. Interestingly, most of the pins for the 168 were already broken out on the DA15 connector on each controller. The only thing needed was to build a programmer to dump the Arduino bootloader onto these little widgets.

After much trial and error (and building a new programming interface), [Scott] now has 100 Arduinos with a single stepper motor controller built in. He’s already made a toy light cycle rotate on a small stepper (after the break) and blink a LED, but with this many widgets, we’re wondering what crazy contraption [Scott] will come up with.

Continue reading “Dumpster Diving Nets 100 Arduino-powered Motor Controllers” →

Retrotechtacular: Recovering Lost Moon Images By Dumpster Diving

July 23, 2012 by Brian Benchoff 34 Comments

In 1966 and 67, NASA launched five probes to image the surface of the moon from orbit, eventually returning over two thousand high-resolution images of future Apollo landing sites and selenogical features to researchers on Earth. After taking its pictures of the moon, developing the film in orbit, and scanning the print with an electron gun and photomultiplier tube, the images were sent to Earth stations and recorded onto magnetic tape with a hugely expensive tape recorder, a state-of-the-art storage system costing $300,000. Researchers poured over these images of another world, made a few 35mm prints and sent the magnetic tapes off to the NASA archives.

Under the care of [Nancy Evans], the tapes sat in a warehouse eventually moving to an abandoned McDonalds at Ames Research Center. In 2005, retired and not bound by NASA, [Nancy] made a plea to preserve this milestone of human spaceflight wasting away under the golden arches which was heard by [Dennis Wingo]. [Wingo] and admin of the NASA Watch website admin [Keith Cowling] drove out to [Nancy]’s house with a truck, picked up the Ampex FR-900 tape drives she had saved in her garage from the trash heap at Eglin Air Force Base and headed to the cache of Lunar Orbiter tapes at Ames.

None of these drives worked, of course. Forty years will do a lot to expensive precision equipment. Luckily, one of the employees at Ames tasked with fixing video equipment had worked on the ancient Ampex drives before. Taking the unbroken parts of these machines and turning them into a single working unit didn’t come easily; again, parts needed to be scavenged from the Ames boneyard.

All this work was worth it for [Cowling], [Wingo], and [Evans] when the first image – an Earthrise picture seen above (sans the obvious Photoshoppery) – appeared on their monitor. Later, an amazing oblique shot of Copernicus crater was recovered.

In the years since these first images from the LOIRP project were released, many more images have been made available. These images are actually comparable to the Lunar Reconnaissance Orbiter, launched in 2012. Not bad for 45-year-old hardware that has since crashed into the moon.

As for what the future holds for the still-magnetized images from the Lunar Orbiter program, [Dennis Wingo] says they’re considering putting up a Kickstarter to close the gap between the necessary funding and what NASA provides. We’ll be sure to post a link when that happens.

via boingboing

Oscilloscope Clock Made Possible By Dumpster Diving

January 12, 2012 by Mike Szczys 17 Comments

We see people driving around the night before trash collection and reclaiming items doomed to the land fill (or on their way to recycling… who knows). We’re beginning to think we need to join those ranks. Case in point is this vintage oscilloscope which [Bob Alexander] plucked from the curb in the nick of time. Here’s the kicker, when he got it home he found it still worked! He couldn’t let this opportunity go to waste, so he figured out how to turn it into a clock without losing the ability to use it as a scope.

You probably already know that it’s possible to display your own graphics on an oscilloscope. In fact, you can buy a board from Sparkfun which will turn the scope into an analog clock, and that’s exactly what [Bob] did. But he was met with two problems, the X-axis was flipped and he didn’t have an easy way to power the board.

He struggled with the voltage supply, frying his first attempt at boosting the internal 6.3V supply to use with a linear 5V regulator. His second attempt worked though, soldering a 12V regulator to the transformer. He was then on to the X-axis correction, using a rail-to-rail op-amp to invert the signal. The project finishes by adding toggle controls and buttons on the back of the case to switch between scope and clock modes, and to set the time.

High Speed Book Scanner From Trash

April 20, 2009 by Caleb Kraft 28 Comments

book_scanner

[Daniel] sent us his entry to the Epilog laser cutter challenge on instructables. He made a book scanner, mainly out of found parts. The bulk of the project was salvaged from dumpsters, though if you’re not comfortable with that, the free section of craigslist might be able to do the job. The cameras are loaded with CHDK, using StereoData maker, and custom software to compile the images into PDFs. They did a fantastic job of documenting every step of the construction, including helpful tips for some of the more complicated parts. There are several videos in the instructable, so be sure to check them out. We’re particularly amused by the extra step of making the photo captions visually interesting. At 79 steps, it’s a long read, but well worth it.