2.02.2018

hackers attack local restaurant, no wai!

Just wanted some satirical reference to people's surprise when hackers hit their services.
Now, lets pretend you own a local, family owned burger stand. You pay for the internet like its your home network, you use square, or paypal business, or whatever to take credit cards. Lets even go ahead and say you've been around a while and bought an actual network connected, service driven, credit card machine. Lets say its even through the town's primary bank: because, small town, small business, no one would hack them. There is nothing in it for them right?
Bam, it happens.

You thought hackers would target bigger and bigger companies because bigger payoffs. You were thinking this because people say hackers are mostly in it for the money, or revenge. So next you're thinking who hates us enough to have done this? Well, that one guy who was disappointed with our food last week? maybe? Lets tell the cops we know it was him because it's the only person it could have been. Hackers always have a motive.

But wait, lets step back, how long from entry until noticing it did they actually stay in?

Well, we could look at statistics and all or we can look at the evidence. In this case, the router password was changed at some point. No idea when. So you get some tech guy to come in and reset it. Well, there goes your evidence from that point. What about the systems themselves maybe? We found a computer in the back that was connected for doing social media for the establishment. This computer was, as expected, infected with multiple viruses going to multiple domains. But they had antivirus, it's the AV company's fault! That's it! no... no it's not. Lets look some more. As it turns out, with all that social media presence all anyone has to do is be friends with them on socialmediasite1 and share an infected page.

But then, how did they get everyone's money? Why is the bank saying thousands went missing overnight to multiple accounts?

With the assistance of the police, and forensics firm comes into play because well, money. They try to recover data from the router and image everything. They then dig through what they have and find a number of other issues.

- The register systems they use has a way outdated linux kernel, which has been exploited.
- Those registered also have outdated vpn software, known to be capable of mitm for vpn traffic.
- The credit card machine itself, has an outdated linux kernel but otherwise pretty solid service structure. But it also has a web interface for management from a computer. They found evidence the web service was exploited, er well... abused, with default credentials no one told them to change. File upload via updating form, changed location, launched from web viewing.
- All communications appear to be coming from a well known vpn service hosted in another country.

Well shit, what now? if we don't pursue this the bank won't let us keep the money they gave us as a business insurance agreement.

So, please take the time to consider your local businesses and the security they uphold. Telling them about security flaws ahead of time may actually prevent this from happening.

K thnx.
-Ferasdour
https://keybase.io/ferasdour
https://www.facebook.com/help.ferasdour

No comments:

Post a Comment

Tutorial: virus design

This may be somewhat of a cliche topic but I think it's important kids growing up have the same learning methods we do applied to more m...