Cyber Security - Part 1
Last week you may have heard of a company claiming that a Russian hacking gang dubbed CyberVor had hacked various online sites and stole 1.2 billion passwords.
There is some concern that this report is legitimate, with the company which is called 'Hold Security' asking for $120.00 from you to check if your credentials have been stolen. I am airing on the side of caution & scepticism with this one, it doesn't feel right to announce such a big breach and then ask for money to be handed over just to see if you were affected in any way.
Whilst I’m being sceptic on this one, if you want to find out more about it and make up your own mind fire up your favourite browser and Google CyberVor.
With this kind of reporting out there, it does really hit home that regardless of if the CyberVor threat is true or not you have to remain vigilant in the online world and really take note of the best practises for safeguarding your privacy. It can get mundane and people often fire back I have heard this all before, that’s all well and fair but the message just isn't getting across to some people, to prove my point here are some staggering statics from Sophos warbiking exercises.
Before I jump in the stats, warbiking is the same as wardriving but just on a bike! James Lyne who is Global Head of Security Research at Sophos has equipped his push bike with network detection equipment to uncover how Wireless networks are protected.
In his ride through San Francisco he had detected 73,312 networks with the following broken into how they were secured
19.3% No Encryption
The following is a straight extract from Sophos the World of Warbiking to give you an understanding of what each of the acronyms are, if you want to read the report in full you can visit the report by clicking here
WEP, or Wired Equivalent Privacy, has been understood to be severely broken since as far back
as 2001. There are a number of faults that enable an attacker - equipped with readily available
software and tools (even available on Amazon for a low price) - to retrieve pretty much any
password combination in seconds.
Once the attacker has your password they can not only join your network and start attacking
connected devices, but they can also monitor (or change) all your network communications. Your
encryption becomes worthless.
Of the relatively large number of open networks, we discovered the majority looked to be open by
design – that is to say they were networks with captive portals that people had to authenticate to
before being able to access the network or the Internet.
A small number of networks were open and did not fit this profile (such as default named
Linksys routers). Many would assume that the open by design networks are OK (they have made
the decision to be open intentionally after all) but this does not necessarily follow. The lack of
security when joining the network means that any information subsequently sent on the wireless
network is unencrypted. Unfortunately most users do not take additional steps to encrypt their
traffic and therefore any of their activities online can be easily monitored or even modified by an
There are a variety of different security configurations that can be used with WPA (Wi-Fi
Protected Access) mode, though WPA+TKIP is the most common at 57.7% of networks detected.
TKIP (Temporal Key Integrity protocol) was implemented as a quick fix to the security problems
that WEP encountered and has been shown to have a number of flaws. On this basis, the Wi-Fi
Alliance and the IEEE have shunned it for some time now. It is considered deprecated in the 2012
revision of the 802.11 wireless standard. In other words, while this standard certainly does not
have the overt flaws that WEP (or no encryption) it is far from the recommended best practice in
2014! This was by far the largest percentage of networks identified by Warbiking San Francisco
as most devices operate a WPA2+WPA mode to insure backwards compatibility.
Only 13.5% of the networks in San Francisco used WPA2 (WPA2+AES being the majority and
recommended best practice). Of course, this number of networks is a best-case scenario
given that a number of these will have bad passwords. London had a higher percentage of the
networks using the later security standards, that said a higher percentage of networks were
using WPS potentially leaving them vulnerable to other vectors of attack as outlined below.
Password cracking WPA2 is notably harder than earlier implementations, but it can still be
performed at high speed with the right attack tools. Cracking the password requires a capture
of the ‘handshake’ (or watching a device logon) after which various breaking attempts can be
performed. A graphics card can be used to significantly accelerate the attack and there are
readily available tools that do this.
If your password is based on a dictionary word, or a simple variation, it could be recovered and
your traffic decrypted. It should be noted that other enterprise authentication mechanisms
were also included in this category for simplicity, though they were not a statistically significant
Last, but certainly not least, WPS (Wi-Fi Protected Setup) is a convenience technology designed
to enable quick connections without having to type long and complex passphrases (though
long passphrases tend to be much rarer than we would all hope). It works be allowing a PIN
to be entered which then authorizes the connection and allows them to connect (think of it as
automatic configuration of the long passphrase based on a short, easy to type PIN).
WPS seems like a great idea but actually opens up an opportunity for attack – amongst other
things, most access points do not ‘throttle’ the speed of PIN guesses. WPS is therefore open
to an attack called ‘Reaver’ in which a brute force is used to recover the PIN and then the
passphrase. Generally an attacker can break in to a network using this method in 4-10 hours,
and by using various enhancements (such as predictions based on analysis of common WPS
PIN codes) this time can be reduced significantly. Luck can also prevail, allowing an attacker to
recover a PIN very quickly.
WPS is extremely common and can allow an attacker to get in to a network even when a strong
password is set. Unfortunately, rate throttling and Reaver attack prevention is infrequently
implemented in access points even today, making WPS potentially a very nasty backdoor in to
29% of the networks we saw in the City by the Bay and 34% in London.
The points above give you a brief understanding of what each security acronym stands for and there short comings, the next part of this is what does this have to do with Cyber Security. Simply ask yourself how does your device, Beit your tablet, phone, laptop etc. connect to the internet when you are at the office or home? The majority of the time it is through a Wireless network. If you use a banking app on your smart device through your Wireless network that is protected by WEP you are leaving yourself wide open to the possibility of someone taking advantage of this poor security and potentially stealing your credentials that you use to access your online bank facilities.
So in essence your Wireless network can be the first point of failure in your security setup, in conjunction with your Wireless network you also need to reconsider the following
Not using the same password for more than one service
Managing your different passwords
Changing your passwords
Operating System updates
There’s a lot to consider with your security, but with the potential for major data breaches it is something that needs your full attention to ensure you are always following the best practises and being protected as much as possible
In part two we will go deeper on how to protect yourself in the digital world