Year-old router bug exploited to steal sensitive DOD drone, tank documents

In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain’s computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron’s MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.

The hacker took the documents to a Dark Web marketplace, where he planned on selling them for a few hundred dollars. And it’s there that analysts from Recorded Future, an information security threat intelligence company, discovered them.

US Air Force/Recorded Future

Read 8 remaining paragraphs | Comments

Threat or menace? “Autosploit” tool sparks fears of empowered “script kiddies”

The tools used by security researchers, penetration testers, and “red teams” often spark controversy because they package together, and automate, attacks to a degree that make some uncomfortable—and often, those tools end up getting folded into the kits of those with less noble pursuits. AutoSploit, a new tool released by a “cyber security enthusiast” has done more than spark controversy, however, by combining two well-known tools into an automatic hunting and hacking machine—in much the same way people already could with an hour or two of copy-pasting scripts together.

Malicious parties have weaponized scanning utilities, network commands, and security tools with various forms of automation before. By “stress testing” tools such as “Low-orbit Ion Cannon” (LOIC), High Orbit Ion Cannon (written in RealBasic!), and the Lizard Squad’s stresser site powered by hacked Wi-Fi routers, they took exploits known well to security pros and turned them into political and economic weapons. The Mirai botnet did the same with Internet of Things devices, building a self-spreading attack tool based on well-documented vulnerabilities in connected devices.

AutoSploit is slightly more sophisticated but only because it leverages two popular, well-supported security tools. “As the name might suggest,” its author wrote on the tool’s GitHub page, “AutoSploit attempts to automate the exploitation of remote hosts.” To do that, the Python script uses command line interfaces and text files to extract data from the Shodan database, which is a search engine that taps into scan data on millions of Internet-connected systems. AutoSploit then runs shell commands to execute the Metasploit penetration testing framework.

Read 16 remaining paragraphs | Comments

Using IPv6 with Linux? You’ve likely been visited by Shodan and other scanners

One of the benefits of the next-generation Internet protocol known as IPv6 is the enhanced privacy it offers over its IPv4 predecessor. With a staggering 2128 (or about 3.4×1038) theoretical addresses available, its IP pool is immune to the types of systematic scans that criminal hackers and researchers routinely perform to locate vulnerable devices and networks with IPv4 addresses. What’s more, IPv6 addresses can contain regularly changing, partially randomized extensions. Together, the IPv6 features cloak devices in a quasi anonymity that’s not possible with IPv4.

Now, network administrators have discovered a clever way that scanners are piercing the IPv6 cloak of obscurity. By setting up an IPv6-based network time protocol service most Internet-connected devices rely on to keep their internal clocks accurate, the operators can harvest huge numbers of IPv6 addresses that would otherwise remain unknown. The server operators can then scan hundreds or thousands of ports attached to each address to identify publicly available surveillance cameras, unpatched servers, and similar vulnerabilities.

Shodan—the vulnerability search engine that indexes Internet-connected devices—has been quietly contributing NTP services for months to the cluster of volunteer time servers known as the NTP Pool Project. To increase the number of connections to three recently identified Shodan-run servers, each one had 15 virtual IP addresses. The added addresses effectively multiplied the volume of traffic they received by 15-fold, increasing the odds that Shodan would see new devices. Within seconds of one of the Shodan’s NTP servers receiving a query from an IPv6 device, Shodan’s main scanning engine would scan more than 100 ports belonging to the device. The Shodan scanner would then revisit the device roughly once a day.

Read 15 remaining paragraphs | Comments

Internet of Things security is so bad, there’s a search engine for sleeping kids

Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams.

The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security.

“It’s all over the place,” he told Ars Technica UK. “Practically everything you can think of.”

Read 44 remaining paragraphs | Comments

After protracted legal battle, System Shock 2 finally available

Few games conjure up the awe and reverence among PC gamers that System Shock 2 produces. The sci-fi horror RPG, set onboard a crippled starship drifting far from home, is an unquestioned masterpiece. The game was originally released in 1999 by Looking Glass Studios, the same development crew responsible for the genre-defining sneaker FPS Thief, and though it broke no sales records, its exquisite tension-filled story and well-implemented RPG elements quickly earned it high accolades.

Unfortunately, it has been almost impossible to legally acquire the game for a number of years. After years of limbo, however, GOG.com (formerly known as “Good Old Games”) has begun offering the game for sale. RockPaperShotgun has published the story of the multiyear battle waged to secure all of the rights necessary to digitally distribute the game, and it’s an amazing read.

Development house Looking Glass Studios dissolved barely a year after System Shock 2‘s debut, and after the dissolution, the rights to the “System Shock” name and the trademarks ended up with different companies—including, oddly enough, an insurance company. No single entity held all of the legal pieces necessary to package and publish the game. Even making a sequel proved impossible, prompting Looking Glass alum Ken Levine to instead create BioShock, a game sharing many of System Shock 2‘s gameplay characteristics but none of the intellectual property.

Read 4 remaining paragraphs | Comments