.

wireless networks as a target for cyberwar?

<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Tue Mar 06, 2012 11:34 pm

wireless networks as a target for cyberwar?

so i have had an idea recently, so in my experience wifi security is one of the easiest ways into a network just ask Albert Gonzalez and TJ Max so if a nation state or another APT has the resources to get operatives into the target's city wouldn't their Wifi network be a easy way in. i mean all they would have to do is if they have WEP crack it WPA/WPA2 personal crack it or if they have PEAP do what i call a kick-and-call: figure out which client on the network has which phone number deuath them or deauth the network wholesale  repeatability and then call them up and ask if they  are having network trouble and get them to connect to a honey pot, crack the MS-CHAPv2 hash and you are in, i digress but wifi security in many ways is the poor relations of computer security so what is there to stop APTs from exploiting it?  in my opinion this is something governments and other high risk targets need to take into consideration: beef up your wifi security and get a WIDS!!!
Last edited by jinwald12 on Wed Mar 07, 2012 1:57 am, edited 1 time in total.
where did all the fun go?
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Mar 07, 2012 11:57 am

Re: wireless networks as a target for cyberwar?

There's also EAP-TLS and EAP-TTLS for more robust infrastructures. The most sensitive organizations probably just forgo wireless altogether.

You should also regularly scan for things like employees bringing in their own APs (i.e. so they can get their tablet online at work), or connecting WNICs to their systems (to circumvent web filtering by connecting to an open AP).
The day you stop learning is the day you start becoming obsolete.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Mar 07, 2012 12:13 pm

Re: wireless networks as a target for cyberwar?

Part of what makes the advanced targeted attacks so "advanced" is their ability to be stealthy.  The attacker will need to do a bit of recon around the target site.  This means they physically need to have someone scope it.  Granted they could pay someone to do it for them and then provide them with whatever they need dropped in once the WLAN has been breached.  But the risk of getting caught is much greater.  Many of these attackers can hide behind the home country and are almost untouchable.  The moment they set foot on US soil, they are now unprotected can be caught and detained.  Why risk it when you can send a phishing email to an unsuspecting user and quickly load the droppers for your backdoors? 

If a proper NAC is in place, then a physical breach will hopefully be pointless, or at least pose to great a risk to bother.  The more systems they have to circumvent, the more noise they will make and the faster the SOC will catch on.

Now if you were to target say a customer or sub-contractor of the company and compromise their network through weak Wi-Fi, then you may have a better chance.  Dependent on the sensitivity of the data these companies have, you still may fall prey to the parent company's security measures.
Certs: GCWN
(@)Dewser
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Wed Mar 07, 2012 8:49 pm

Re: wireless networks as a target for cyberwar?

about EAP-TTLS and EP-TLS yes they are more secure but PEAP is much more common becuase it uses already available credentials and infrastructure most companies already have RADIUS servers and not as many AP vendors sell devices that support or are optimized for  TLS or TTLS so PEAP is the de facto standard for WPA enterprise and the most common implementation of 802.11X and about the recon aspects if you read the wikipedia article on APTs it reads
Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies equally to other threats such as that of traditional espionage or attack
and i bet the FSB, PLA or Iranian Revolutionary Guard could easily and have gotten people into the U.S. or Europe to do B&E so this is just taking it a step forward (or in some cases a step back) and a lot of that recon can be done with OSINT sources, a lot not all. and NACing or DMZing is not a 100% fix all they have to do is pop a computer connected to the wifi but also has a Ethernet connection to pivot and if they use PEAP (which most of the companies where i live do) they already have a set of credentials for the other machine on the network not just the wifi, remember most PEAP implementations use the same RADIUS servers as windows login and even if they don't there is password re-use and derivable attacks. also most APTs have access to HUMINT resources so paying a janitor to re-arrange a few cables to create a bridge into the internal network would not be to hard albeit risky and i don't think they would trust a janitor perhaps a crooked IT person, that is another thing APTs could recruit insiders to do the B&E work as 3xban mentioned and for the being stealthy part some one sitting in a van  down the street is pretty common place where i live and most cities. also most IDS and IPS excluding WIDS/WIPS solutions focus on connections inbound from external sources and in  some government and intelligence agencies i would imagine they could not sniff or log traffic for sensitive departments or projects making a physical access or wireless attack even more stealthy. one of the main problems i have with the infosec and physical security departments in most organizations is they don't work together when they should what good is a strong network based camera and door swipe card system if its control computer can be found via shodan (http://www.shodanhq.com/search?q=GoAhea ... revalidate) and uses ancient software? whats the point of having a multi thousand dollar IDS/IPS solution if its host box's power source can be cut from outside the building? we need to start working with the physical security people more then we do right now, the navy and the army have the marines for a reason.
where did all the fun go?
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Mar 12, 2012 8:05 am

Re: wireless networks as a target for cyberwar?

3xban wrote:If a proper NAC is in place, then a physical breach will hopefully be pointless, or at least pose to great a risk to bother.  The more systems they have to circumvent, the more noise they will make and the faster the SOC will catch on.


You're actually a bit wrong on the noise side of the equation. In a situation where I am coming through the front door, I purposefully make more noise. I do in order to become a needle in a haystack using as many decoys as I can. Most of the times, I will launch decoys WELL before I even touch a system (hours, maybe even days). I do so to make the analyst think a) he is under uber attack - where all his attention is fixated on the "China APT Syndrome" b) to make him think his IPS/IDS is acting up - often which they'll end up ignoring alerts.

3xban wrote:Now if you were to target say a customer or sub-contractor of the company and compromise their network through weak Wi-Fi, then you may have a better chance.  Dependent on the sensitivity of the data these companies have, you still may fall prey to the parent company's security measures.


Taking things head on (pentesting) is a weak game. Your chances of success are as much as they are winning the Powerball nowadays and this is the reality of it. Once upon a time, network engineers slash admins would slap static addresses on everything under the sun. During these times (late 80s through nineties, early 2000), it was easier to find a host on a subnet that MAYBE just MAYBE had vulnerable services running. With the depletion of IP space, networkers pulled these addresses back and migrated to NAT.

You have those companies who are "running in the cloud" with their servers and often times, they are doing so via big business (Akamai, etc.) which means those webservers are not even in a DMZ anymore. Hence recon on a subnet which is noisy. When targeting, I rarely bother via these routes when performing testing because it is not realistic and in tune with the threats. The threats are going to be aimed 90% at the client side versus trying to break down the door.

For those who are trying to bang the door down, I can assure you that I will let you see what you want to see a mile away while I still sneak in your door. So don't ever believe for a second that noise is good and will yield "defensible" information you could use. I use noise for deflection.
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Mon Mar 12, 2012 8:02 pm

Re: wireless networks as a target for cyberwar?

sil, to be honest that has little to do with the OP other then the fact that it makes more sense to go physical if there are NATs making external attacks more dificult and with the lack of static IPs some  networks use a client system's hostname as a sub domain i don't know why but it does happen so you can find targets that way and static IPed systems such as DNS servers or FTP servers are often vulnerable targets.
where did all the fun go?
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 27, 2012 3:46 pm

Re: wireless networks as a target for cyberwar?

jinwald12 wrote:sil, to be honest that has little to do with the OP other then the fact that it makes more sense to go physical if there are NATs making external attacks more dificult and with the lack of static IPs some  networks use a client system's hostname as a sub domain i don't know why but it does happen so you can find targets that way and static IPed systems such as DNS servers or FTP servers are often vulnerable targets.




Didn't see this response before so I'll answer now... While you would *think* that it would make sense to go after wireless networks, the reality of it is, you'd waste a lot of time and money.

In a "cyberwarfare" scenario (remember this forum is based on that theory, nation state based cyberwarfare), there is a high cost associated with the following:

Logistics:
Placing individuals in a confined area (what are you strategically targeting... You will not get anywhere near a mil base)
Placing COMPETENT and CAPABLE individuals in these areas - trying to find someone who is fluent in WiSec and ALSO fluent in the language of their location is astronomical
Feasibility - What are the odds of a wireless network existing where you need it to be, are you wasting time, money, or other resources.

Politics:
Politics is a huge factor in cyberwarfare. Most govs don't want to admit being aggressors, let alone getting caught with their pants down. So funding would be tricky
Politics - most in the cyberwarfare arena STILL follow certain rules of engagement. I can't speak much about this, but if you ask around to people in the know, they'd laugh about it as it would be career suicide in the mil/govspace

Realities:
Webservers, ftp servers, etc., have been outsourced six ways from Sunday with the depletion of IPv4 space. It is RARE you can scan CIDR blocks and find openly vulnerable services on "networks that count" (your targets) which translates into waste of time money and resources.
Client side is where its at. For all the money you can throw around at any security exploitation (outside pentesting, webscanning, etc) you'd have a better chance of getting in via the client side vector versus trying to knock down the front door.
<<

Henry864

User avatar

Newbie
Newbie

Posts: 44

Joined: Thu Jul 14, 2016 2:03 am

Post Thu Jul 21, 2016 6:15 am

Re: wireless networks as a target for cyberwar?

(Cyberwar.news) As the modern world increasingly becomes “wired,” more critical systems and infrastructure are being linked via the Internet. And while that has given rise to incredible new technologies that boost efficiency and capability, it has also meant that countries are more vulnerable to hacking and cyber attack.

Most nations do their best to defend their critical networks against hackers, DDoS (denial of service) attacks and outright cyber assaults. But not all systems are well-protected; some, in fact, are incredibly vulnerable.
<<

rentdresozw

User avatar

Jr. Member
Jr. Member

Posts: 70

Joined: Thu Nov 17, 2016 5:21 pm

Location: Andorra

Post Sat Jan 14, 2017 11:35 am

купить комплект ремня грм

Доброго времени суток дамы и господа!

Image

Наша контора занимается свыше 10 лет продажей автозапчастей в городе Минске.Основные направления и виды нашей деятельности:

1)купить моторное масло Двигатель по праву считают сердцем автомобиля и самой дорогой его частью. Чтобы мотор был пригоден для максимального периода эксплуатации, ему необходимо подобрать качественное масло, иначе ремонт вам обойдется в немалую сумму. Моторное масло в Минске купить с доставкой сегодня можно быстро и легко, для этого достаточно посетить наш сайт и выбрать необходимый товар, где представлены разные по вязкости, составу и объему масла.
2)купить аккумулятор Наша компания является лидером на рынке автомобильных запчастей, у нас в каталоге представлены аккумуляторы для автомобиля, которые отвечают всем требованиям качеству, надежности, экологии и длительности эксплуатации. У нас вы найдете аккумуляторы для любой марки машины от ведущих производителей по самым доступным ценам.
3)купить радиаторы в минске В каталоге радиаторы доступны к заказу от известных и проверенных поставщиков, что гарантирует надежность продукции. Качество всех позиций подтверждено лицензиями и сертификатами.
4)купить зимние шины это значит обеспечить безопасность себе и своим пассажирам. Мы уже несколько лет тесно сотрудничаем с известными поставщиками покрышек, продукция которых отличается высочайшим качеством и надежностью даже при длительной эксплуатации.
5)купить летние шины Также в каталоге вы можете купить летние шины в Минске, чтобы обеспечить устойчивость машины при любой погоде в теплое время года. Сделайте покупку у нас – почувствуйте себя в безопасности!

Нам будет приятно видеть у нас на сайте НАЖМИТЕ ССЫЛКУ
Всегда рады помочь Вам!С уважением,АВТОЗАПЧАСТИ В МИНСКЕ.

антифриз 1л купить
тормозные диски fusion
фильтр масляный рено
глушитель мазда 626 цена
купить глушитель
купить моторное масло pennasol
купить моторное масло полусинтетика 10w 40
шрус внутренний s80
масляный фильтр октавия
купить трос капота на пежо 406
купить присадка в дизельное топливо liqui moly
опорные подшипники стоек купить
купить троса кпп фиат палио
купить аккумулятор 60 в минске
рено шрус внутренний
купить подшипник на ступицу переднего колеса
купить свечи накала для мерседес
пламегаситель
купить аккумулятор для дэу нексия
цепи грм тойота
зимние шины polar
купить накладки для тормозных колодок
купить провода на свечи зажигания ауди
подшипники ступицы хендай
подшипник ступицы опель астра g
тормозные диски вектра с купить
купить топливный фильтр в минске
exide аккумуляторы купить
купить пропитку для воздушных фильтров
купить шкив под ремень
купить автоматическую коробку передач
цена ремня грм в комплекте
терморегулятор для радиатора купить
присадка к дизелю купить
тройник штуцер для шланга купить
глушитель cz
масло моторное купить у дилеров
амортизаторы на капот купить
задние тормозные диски пежо
купить шрус кардана
амортизаторы купить монро
тормозные диски ауди
аккумулятор для ибп купить в минске
авто освежитель
купить топливный фильтр на ситроен с3
купить гидравлическое масло
задние фонари пежо 307 купить
зимние шины 195 65 r15
зимние шины белшина
купить шкивы и ремни

Return to Cyber Warfare

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software