Cyber Security - Part 1

Last week you may have heard of a company claiming that a Russian hacking gang dubbed CyberVor had hacked various online sites and stole 1.2 billion passwords.

There is some concern that this report is legitimate, with the company which is called 'Hold Security' asking for $120.00 from you to check if your credentials have been stolen. I am airing on the side of caution & scepticism with this one, it doesn't feel right to announce such a big breach and then ask for money to be handed over just to see if you were affected in any way.

Whilst I’m being sceptic on this one, if you want to find out more about it and make up your own mind fire up your favourite browser and Google CyberVor.

With this kind of reporting out there, it does really hit home that regardless of if the CyberVor threat is true or not you have to remain vigilant in the online world and really take note of the best practises for safeguarding your privacy. It can get mundane and people often fire back I have heard this all before, that’s all well and fair but the message just isn't getting across to some people, to prove my point here are some staggering statics from Sophos warbiking exercises.

Before I jump in the stats, warbiking is the same as wardriving but just on a bike! James Lyne who is Global Head of Security Research at Sophos has equipped his push bike with network detection equipment to uncover how Wireless networks are protected.

In his ride through San Francisco he had detected 73,312 networks with the following broken into how they were secured

• 9.5% WEP

• 19.3% No Encryption

• 57.7% WPA

• 13.5% WPA2

• 29% WPS

The following is a straight extract from Sophos the World of Warbiking to give you an understanding of what each of the acronyms are, if you want to read the report in full you can visit the report by clicking here

WEP Networks

WEP, or Wired Equivalent Privacy, has been understood to be severely broken since as far back

as 2001. There are a number of faults that enable an attacker - equipped with readily available

software and tools (even available on Amazon for a low price) - to retrieve pretty much any

password combination in seconds.

Once the attacker has your password they can not only join your network and start attacking

connected devices, but they can also monitor (or change) all your network communications. Your

encryption becomes worthless.

No Encryption

Of the relatively large number of open networks, we discovered the majority looked to be open by

design – that is to say they were networks with captive portals that people had to authenticate to

before being able to access the network or the Internet.

A small number of networks were open and did not fit this profile (such as default named

Linksys routers). Many would assume that the open by design networks are OK (they have made

the decision to be open intentionally after all) but this does not necessarily follow. The lack of

security when joining the network means that any information subsequently sent on the wireless

network is unencrypted. Unfortunately most users do not take additional steps to encrypt their

traffic and therefore any of their activities online can be easily monitored or even modified by an

attacker

WPA

There are a variety of different security configurations that can be used with WPA (Wi-Fi

Protected Access) mode, though WPA+TKIP is the most common at 57.7% of networks detected.

TKIP (Temporal Key Integrity protocol) was implemented as a quick fix to the security problems

that WEP encountered and has been shown to have a number of flaws. On this basis, the Wi-Fi

Alliance and the IEEE have shunned it for some time now. It is considered deprecated in the 2012

revision of the 802.11 wireless standard. In other words, while this standard certainly does not

have the overt flaws that WEP (or no encryption) it is far from the recommended best practice in

2014! This was by far the largest percentage of networks identified by Warbiking San Francisco

as most devices operate a WPA2+WPA mode to insure backwards compatibility.

WPA2

Only 13.5% of the networks in San Francisco used WPA2 (WPA2+AES being the majority and

recommended best practice). Of course, this number of networks is a best-case scenario

given that a number of these will have bad passwords. London had a higher percentage of the

networks using the later security standards, that said a higher percentage of networks were

using WPS potentially leaving them vulnerable to other vectors of attack as outlined below.

Password cracking WPA2 is notably harder than earlier implementations, but it can still be

performed at high speed with the right attack tools. Cracking the password requires a capture

of the ‘handshake’ (or watching a device logon) after which various breaking attempts can be

performed. A graphics card can be used to significantly accelerate the attack and there are

readily available tools that do this.

If your password is based on a dictionary word, or a simple variation, it could be recovered and

your traffic decrypted. It should be noted that other enterprise authentication mechanisms

were also included in this category for simplicity, though they were not a statistically significant

number.

WPS

Last, but certainly not least, WPS (Wi-Fi Protected Setup) is a convenience technology designed

to enable quick connections without having to type long and complex passphrases (though

long passphrases tend to be much rarer than we would all hope). It works be allowing a PIN

to be entered which then authorizes the connection and allows them to connect (think of it as

automatic configuration of the long passphrase based on a short, easy to type PIN).

WPS seems like a great idea but actually opens up an opportunity for attack – amongst other

things, most access points do not ‘throttle’ the speed of PIN guesses. WPS is therefore open

to an attack called ‘Reaver’ in which a brute force is used to recover the PIN and then the

passphrase. Generally an attacker can break in to a network using this method in 4-10 hours,

and by using various enhancements (such as predictions based on analysis of common WPS

PIN codes) this time can be reduced significantly. Luck can also prevail, allowing an attacker to

recover a PIN very quickly.

WPS is extremely common and can allow an attacker to get in to a network even when a strong

password is set. Unfortunately, rate throttling and Reaver attack prevention is infrequently

implemented in access points even today, making WPS potentially a very nasty backdoor in to

29% of the networks we saw in the City by the Bay and 34% in London.

The points above give you a brief understanding of what each security acronym stands for and there short comings, the next part of this is what does this have to do with Cyber Security. Simply ask yourself how does your device, Beit your tablet, phone, laptop etc. connect to the internet when you are at the office or home? The majority of the time it is through a Wireless network. If you use a banking app on your smart device through your Wireless network that is protected by WEP you are leaving yourself wide open to the possibility of someone taking advantage of this poor security and potentially stealing your credentials that you use to access your online bank facilities.

So in essence your Wireless network can be the first point of failure in your security setup, in conjunction with your Wireless network you also need to reconsider the following

• Anti-Virus

• Anti Malware

• Passwords

• Password Strengths

• Not using the same password for more than one service

• Managing your different passwords

• Changing your passwords

• Operating System updates

• Social Media

There’s a lot to consider with your security, but with the potential for major data breaches it is something that needs your full attention to ensure you are always following the best practises and being protected as much as possible

In part two we will go deeper on how to protect yourself in the digital world

#security #passwords #wireless #wifi #antivirus #antimalware