Tag Archive for: Failures

Top 10 Hacking Failures In Movies

/in


It had been requested that we make a short video covering the top worst hacks in movies. Being the community that we are, it seemed like an interesting request. We asked for your input, and you were happy to deliver! However, the proposition of creating a “top 10” list turned out to be quite difficult. There were just SO MANY horrible scenes that I started thinking about how to even categorize them. We could probably to a “top 10” in any of the following categories without even having to dig too deeply:

  • hacker lingo
  • mocked up interfaces
  • fake input devices
  • virus screen-takeover moments
  • access denied messages
  • hardware taped together

Honestly, after breaking it down in such a manner, making the top 10 movie hacking failures, felt painfully general. It is like making a list of “top 10 animals that ever existed”. The state of technology portrayal in movies is frankly abysmal. It is obvious that the only people who know less about tech than “hollywood” are the people making laws about it.

So, lets take a look at this list and see what we ended up with.

10.  The Core

There’s a scene where they have to get through a door and it won’t budge. To open it, they’re going to have to crack into the control panel and hotwire the the thing. What do they find inside? A breadboard.  Ok, well, we all know that in that environment, you wouldn’t be finding any breadboards. Then again, I’ve seen some duct taped together networks in large corporations that might convince me that this one isn’t a failure at all.

9. Jurassic Park

I’ve heard so many people point out this scene as a failure, and it is usually for the wrong reason all together. The young woman sits down at a computer and announces to everyone “hey, I know this, it is unix!”, while the camera switches to a 3d rendering that looks like a physical layout of a neighborhood.

“aha! that’s not a real interface!” is usually what I hear from people, but they’re wrong. It was called FSN and did actually exist. No one really used it though because, while neat, it wasn’t a great way to actually work.  Tons of people loaded it up and…

Source…

A growing menace: flubots, phishing, and network failures

/in


As we buy more and more stuff online, text messages like “track your order at this link: http://….” are accepted as the norm. You’ve probably clicked one or two of those links yourself, right? And why shouldn’t you?

It sounds innocent enough, but it might not be. That simple SMS could be the vehicle for a flubot attack. Clicking on the link could cause massive headaches for mobile operators and the industry as a whole. Increases in mobile malware pose a real threat to the telecommunications infrastructure. The implications are serious – both operationally and commercially.

How does a flubot work?

Successful flubots typically build-out botnets that can cripple telecoms networks by generating large volumes of voice calls and SMS messages, as well as mobile data traffic targeted at specific websites and servers – a DDOS (distributed denial-of-service) attack.

Flubots work like this: distribution systems send personalized SMS messages containing links that look genuine, making them difficult to detect and prevent. Clicking on the link triggers a malware download which can then take over the device and send a similar message to contacts; while also initiating DDOS attacks. The malware can also start phishing for bank details, perform identity theft, or make purchases.

How much damage can a flubot cause?

Flubot attacks are happening at scale. In October 21 alone, Sinch’s anti-spam platform detected and blocked more than 1.6 million malicious URLs, while one mobile operator recently reported 10,000 customers had been infected by flubot malware. That attack generated 3,000 messages (both national and international) per customer per day, causing SMS traffic between network operators to soar tenfold. In another attack, 5,000 infected devices called a target number every 10 minutes, resulting in about 30,000 calls per hour.

In the graphic below, you can see the evolution of a flubot attack on a medium-sized MNO in the APAC region. Sinch anti-fraud systems captured over 100K fraudulent SMS messages before customers realized anything had happened. This case is very similar…

Source…

Postmortem on U.S. Census Hack Exposes Cybersecurity Failures

/in



Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems. Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census …

Source…

Six spectacular operational security failures

/in


Credit: Dreamstime

Every day, most of us leave trails of online breadcrumbs behind us, disconnected pieces of data that a determined sleuth could connect to learn about our activities and perhaps break through our veil of anonymity. The struggle to prevent attackers from putting these puzzle pieces together is known as operational security (opsec).

Most of us don’t think too much about all this: nobody’s trying to track us down, and if they did, the consequences wouldn’t be too worrisome. But there are those for whom the stakes are much higher. Would it be so bad if someone recognised the handles of your anonymous social media accounts as the name one of your big work projects or the subject of your senior thesis? It might be if you were the director of the FBI. Does it matter if the selfies you upload to social media have location data embedded in them, or if your fitness tracker sends anonymised data about your jogging route to its manufacturer? It might if you’re a soldier on a secret military base or in a country where your government swears it hasn’t sent any troops.

Hackers and cybercriminals—of both the freelance and state-sponsored variety—are generally quick to exploit any failures in opsec made by potential victims. That’s why it’s perhaps surprising that these malicious actors often themselves fail to cover their online tracks, whether due to arrogance, incompetence, or some combination of the two. You can view these incidents as morality plays in which the bad guys get their comeuppance, but maybe it’s better to think about them as cautionary tales: you might not be spying for the Chinese government or running an online drug market, but you could fall into the same mistakes that these cybercriminals did, to your peril.

All roads lead back to Dread Pirate Roberts

For a few years in the early 2010s, the Silk Road was source of fascination and frustration for computer security researchers and law enforcement alike. An underground marketplace where users could trade cryptocurrency for…

Source…