It’s nearly Thanksgiving, and nothing puts me more in the spirit of giving thanks than the thought of an enormous, globe-spanning distributed network of computers at my beck and call. This is a lie, though; I don’t have a network like that, and if I did, ‘thanks’ is probably not what I would be giving, and the only thing I would anticipate receiving would be a prison sentence. The kind of network I just described is called a ‘botnet’, and yes, they are generally illegal. I am certainly not condoning the creation of a botnet, but I feel it is important to know about them, since they represent one of the most powerful weapons a malicious ‘hacker’ typically has in their arsenal. Also, as a sort of morbid curiosity, it is difficult to deny the ingenuity of their operation.
There are a myriad of ways to create a botnet, but the general idea is pretty simple: the ‘bots’ in the ‘botnet’ are simply computers that have been told to report to and / or receive orders from a central location. Basically just a bunch of computers that are set up with software that allows them all to be controlled by a single computer. This practice in itself is not illegal, but the circumstances that surround the creation and operation of the vast majority of botnets in existence today is where ‘botnet’ receives its negative connotation.
Most botnets are formed by distributing a piece of malicious software; these are the same kinds of worms, viruses and trojan horses that you’ve likely heard about before. These pieces of software can be very devious, installing themselves and running as a disguised process without the victim ever knowing. That’s the point, though — the victim has to remain completely unaware, otherwise they may take action against the malware. With this in mind, in order to remain stealthy, botnet software will often intentionally use fewer resources and exert less control over a victim’s system that it is actually capable.
Botnets are used for a variety of things, but most typically for spamming phishing emails, running denial-of-service attacks, and collecting personal data from victims.
Due to their extremely distributed nature, it is difficult to determine the source of a botnet, but that doesn’t mean that individual botnets can’t be identified and tracked. In a certain way, botnets can be a source of fascination and awe. Botnets are given names and sometimes even personalities and are typically ranked by either the number of infected hosts or by their level of impact. Another entertaining facet of botnets are their occasional hostile takeovers, wherein a very savvy individual or group of individuals is able to capture a bot’s software and reverse engineer it in order to procure information that would allow them to seize control of the botnet from its original creator. A bit of internal botnet warfare goes on due to the possibility for these sorts of takeovers, with some botnets possessing the ability to remotely ‘self destruct’ itself — not literally blow up, but to wipe itself or the system it was hosted on in order to prevent a reverse-engineering attempt.
There really is a lot to be said about botnets, but I hope that this overview was enough to pique your interest and lead to further investigation. Just be careful, and don’t do anything illegal, of course. Also, have a great Thanksgiving break, you’ve probably earned it.
So here’s the scenario: you’ve just read about some neat piece of software or a cool operating system either here or elsewhere on the internet and you think you’d like to try it out. To complicate things, perhaps the software doesn’t run on your current operating system, or maybe in order for it to work, it needs a deployment of several systems simultaneously. For nearly anybody, that would be a tall order, and for what? Fun? A difficult justification for what is shaping up to be a monumental undertaking. I assure you, there is a better way.
As the title of this article would imply, the way to your software salvation lies in virtualization. It is likely that you have heard of hardware virtualization before; you have almost undoubtedly been exposed to virtualized hardware at some point in your life, either directly or indirectly. For example, even here on campus, a significant amount of the computers you use in labs are ‘thin clients’ that simply send control information and video data back and forth between a virtual computer that is located on a server deep within one of ISU’s data centers. Even most servers these days are virtualized to allow for scalability and load-balancing. Most applications that are touted to run ‘in the cloud’ will likely be running on virtualized hardware.
Now that you know about all these advantages to virtualization, how can you leverage virtual hardware for your own experimental purposes? Not only is the solution easy, it is also free! There are virtualization applications that you can pay for, for sure, but if all you want to do is set up a quick test environment or if you’re just beginning, some of the simplest solutions are the free ones.
The keyword to search for is ‘Virtual Machine’ software. These are applications that are designed to simulate all of the individual parts of a computer in software, so that you can essentially run a computer within your computer. On a side note, video game emulators function in a similar fashion; all of the hardware components of a console are ‘emulated’ in computer software to allow a game program made for that system to run within that environment. Back on track — two of the most prolific free applications for simulating computer systems are Virtualbox and VMWare Player. Both of these solutions have automated wizards that will aid you in setting up your virtual systems, all you need to supply is the disk image file for the operating system you want to install (Ubuntu would be a good place to start if you are lacking disk images to try). There are other free solutions as well, but generally may require a more intense set-up process. Some of these options would include an Ubuntu server running Xen, or a Windows server running Hyper-V.
However you choose to get your virtual lab set up, you’ll be able to experience a number of handy benefits. If you keep a virtual machine around that has the same operating system installed on it as your primary computer, you can use that virtual machine to give interesting software a sort of ‘trial run’ without having to install it on your own computer. It’s cleaner and more efficient to roll back a virtual machine than it would be to uninstall a pesky application that you don’t want. Testing out configurations for specific applications is handy, too; you’ll be able to see how a particular configuration will will affect your system before actually messing around with any important configurations files. A virtual ‘lab’ is often used by security professionals and hobbyist ‘hackers’ alike in order to practice and gain experience without putting themselves or others at risk of an errant or misconfigured attack. An excellent resource for practice virtual machines is the website Vulnhub.
Personally, I feel the biggest advantage that my personal use of a virtual lab offers me is the lack of apprehension before diving into a project; just spin up a virtual machine and start bashing rocks together. Now go forth and make virtual labs of your own!
Alright, campers, gather ‘round. Have you ever heard of the acronym SCADA? It stands for “Supervisory Control and Data Acquisition”. SCADA is pretty important stuff; it encompasses all the systems that control our cities. Our electrical grids, our traffic control lights, our water supply and sanitation systems, even our power plants.
So now — the sun has set, there’s a chill in the air and it’s almost Halloween. Huddle up to the warm glow of your computer monitors and I’ll tell you all a ghost story…
In fact, you may have already heard this one. It’s the one about a hacker who created a sophisticated self-replicating computer program that could spread itself — completely undetected — into the controller hardware for nuclear facilities around the world. It was beyond stealthy, even deleting itself if necessary. It would spread virulently, but become totally inert on systems that didn’t meet its exacting requirements, waiting for further opportunity to infect other hosts. Once inside a desired nuclear reactor host computer, it could dangerously modify the operation of the reactor equipment while at the same time sending bogus statistics back to the operator’s terminal, telling him everything was fine, until it was too late…
The scariest part, though? This actually happened. The worm I’m referring to was known as Stuxnet. There have actually been several versions of the Stuxnet worm, but the one I described was used to attack Iranian nuclear power plants. Stuxnet never caused any meltdowns, not that it couldn’t have with the level of control it was able to achieve, but because it was programmed not to.
But why make Stuxnet in the first place? No one can say for sure, since no one knows specifically who made the software, though it’s likely that the development of the software was funded by a government; the software is so sophisticated and requires such a deep understanding of the targeted systems, it would have required an incredible amount of time and effort to create. What’s worse, analysis of the spread of the worm seems to indicate that the initial release and spread of that strain of Stuxnet was unintentional. A programming error caused that version of Stuxnet to spread beyond the targeted plant, and go on to infect nearly sixty percent of all the computers in Iran. The worm has even been found on a small percentage of computers in the US. To top it all off, there have even been reports of software very similar to Stuxnet being sold on the black market.
Here’s a video that goes into more detail about Stuxnet if you’re interested. It’s really a fascinating story.
Situations like Stuxnet are quickly revealing how truly insecure so much of our technology and infrastructure is. Stuxnet targeted Iranian nuclear power plants, but those are far from the only vulnerable SCADA systems in operation today. Stuxnet was likely developed by a highly-skilled team over the course of several years, but as software and technology progresses, the skill barrier that once stood in the way of a task like Stuxnet will begin to evaporate. Even now, you can use a simple search engine to locate potentially vulnerable SCADA interfaces on the internet.
All of this means that, in the coming years, there is going to be a steady increase in the demand for security professionals to design and implement more secure systems; so if that seems like something you would be interested in doing as a career, you might want to look into Network Security as a major… before it’s too late!
It’s been about a dozen years since I passed the fourth grade. That probably doesn’t make me sound particularly old — as it shouldn’t, that’s not the intention of this anecdote. You see, what boggles my mind is that, around that time, it was still often considered unfair for a teacher to ask that a paper be typed on a computer, as a lot of families still didn’t have computers, let alone printers or even — hold the phone (literally) — the internet. Compare that to today, where practically every person you cross on the street is likely concealing one (or several) considerably powerful computers that are perpetually, wirelessly connected to the internet.
It seems a bit old hat to go on about ‘how far we’ve come’ and things like that, though. We’ve all heard it at least a dozen times, computers are getting more powerful and ubiquitous every day — so what else is new?
Well, despite an amalgam of issues with infrastructure, data throughput, storage and dwindling radio spectrum, the next evolution of the ‘Internet’ is still rapidly approaching. There are a number of different interpretations on what that evolution may look like, but all of these theories describe what is generally referred to as an ‘Internet of Things’.
If you’ve ever heard people joke about how ‘pretty soon, everything is going to have an internet connection’, then you have more or less been introduced to the concept of an ‘Internet of Things’. Basically, an ‘Internet of Things’ is an idea of a society where practically all ‘things’ that are bought or sold by humans will be connected to the Internet in one form or another.
Now, to me, it seems that there is a bit of a stigma associated with this concept. People see it as unnecessary, excessive, or in some cases even a little unnerving in a ‘Big Brother’ sort of way.
I wouldn’t say people are wrong for thinking that way — it’s an important thing to consider as we continue to push the boundaries of technology — but I just wanted to play a little devil’s advocate here and talk about a few of the potential applications of this technology that have the ability to do a great amount of good.
For instance, during an emergency situation like a building fire, first responders could be equipped with software to scan for victim’s phones or other internet connected devices in order to ascertain their location. In addition, all of the networked objects in the bulding could be used to allow the firemen to determine the safest path to the located victims, or perhaps to provide them with data on where to concentrate fire suppression for maximum effectiveness.
A more pedestrian, everyday use would be something along the lines of a ‘smart house’. Your fridge would read the RFID tags attached to all of your food products and automatically compile statistics like expiration dates and generate recipes based on the contained food. Your phone would signal to your house when you arrived, whereupon it would turn on lights and set the climate.
In fact, Corning Glass’ series of concept videos for their idea of a ‘smart home’ are a good example of what an ‘Internet of Things’ could look like within a home network.
Most of the technology needed to enable these sorts of interactions with ‘Internets of Things’ exists today, the only thing needed to bring it to life is a proper implementation (easier said than done, of course, but that’s not to say you can’t start messing around with the tech yourself). If anything, I hope this might help you look past the potential downfalls of an ‘Internet of Things’ and see the kinds of incredible advancements in software and technology by incorporating these concepts into our everyday life.
Just about everyone reading this has probably heard of the game ‘capture the flag’ before. Most people have participated in this traditional run-and-tag field game, it’s simple and timeless; just about all of the rules you need to know are explained in its name. Given its simplicity and ubiquity, the game of capture the flag is easy to adapt for different situations, and has taken on many different forms over the years — of particular interest is the game’s interpretation by the network security community.
In network security, games of capture the flag are used as a form of recreation, training, and sometimes even recruitment. Games of capture the flag played in the security community, as you might expect, play a bit differently than their namesake would suggest. They also come in a few different varieties.
The less common variant of network security capture the flag also happens to be the more recognizable. This variant is referred to as ‘attack and defense’. An ‘attack and defense’ game pits two teams of players against each other on identical, pre-constructed computer networks, each with a string of characters referred to as the ‘flag’ hidden somewhere within one of the machines. The goal is to hack into the other team’s network and acquire the ‘flag’, while at the same time securing your own team’s network from invasion.
‘Jeopardy’ style variants are far more common, and can support thousands of teams of players simultaneously. In a ‘jeopardy’ style game, contest organizers design elaborate challenges that can only be solved by utilizing skills that are important for network security professionals to possess. These challenges are organized by category and difficulty, with more difficult challenges offering more points — much like a Jeopardy board. Unlimited amounts of teams can compete online to score the most points and secure their victory. Competitions like these are designed with different skill levels in mind, which makes them conducive to beginning players with little experience. A simple challenge would look like this:
After reading about string encoding methods and searching around for ways to decode such strings, you might try running that string through a base-64 decoder like this one which would reveal the flag.
More complicated challenges might see you recovering secret messages encoded in images, SQL injecting web applications, writing a buffer overflow for an executable file or any combination of various skills and techniques. If any of those sound foreign to you, another unspoken tradition of capture the flag competitions is for competitors to post detailed explanations online about how they solved challenges, after the competition is complete. This way, less experienced competitors can learn and advanced competitors can use such published material to attract potential employers.
In the end, the philosophy of these competitions is this: be a hacker. To think like a hacker is a positive and desirable trait. A ‘hacker’ mindset is a mindset of creative problem solving; an important skill not just in network security, but in almost any profession.