THE TIMES OF HACKER

  • Home
  • Contact Us
Specialists from the Israeli Ben-Gurion University have repeatedly demonstrated original and interesting concepts of attacks. In their research, researchers mainly concentrate on particularly complex cases, that is, they develop vectors of attacks for situations in which it is simply impossible to steal information or track a user. In particular, if the computer is physically isolated about any networks and potentially dangerous peripherals.

This time, experts presented the technique of PowerHammer attacks and suggested using conventional power cables to extract data.


The principle of PowerHammer is as follows. The target computer needs to be infected with the malware of the same name, which specifically regulates the "busy" level of the processor, choosing those cores that are currently not occupied by user operations. As a result, the victim's PC consumes more, then less electricity. Such "jumps" experts suggest to regard as the simplest zeros and ones, with the help of which any information from the target computer can be transmitted outside (like Morse code). To read the data transferred in this way, specialists suggest using conductive radiation (so-called "induced noise") and measuring the power fluctuations.

To notice such fluctuations in the power of the target PC, the attacker will have to use a hardware "monitor." And the attacker will not have to create the equipment himself, for example, it is enough to purchase a detachable current transformer, available in free sale. During the tests, experts from the Ben-Gurion University used the device SparkFun  ECS1030-L72 . Data collected by such a sensor can, for example, be transmitted to a nearby computer via Wi-Fi.

Experts say that the PowerHammer attack can be implemented in two ways, which will differ in the speed of data transfer. So, the criminal can monitor the power network between the isolated PC and its socket. Then the data transfer rate is about 1000 bps.

It is also possible to connect at the phase level, that is, to install the sensors in the   
electrical switchboard on the desired floor or in the proper building. Of course, such a method is more invisible, but the transmission speed of information is unlikely to exceed 10 bps due to the numerous "jamming". The second method, according to researchers, nevertheless, is suitable for stealing passwords, tokens, encryption keys and other data of small volume.

As usual, the most controversial moment in the attack of PowerHammer is the infection of the target computer with malware (as we recall, it is isolated from external networks and dangerous peripherals). Experts believe that this can be done with the help of social engineering, intervention in the supply chain of equipment or with the support of an insider. Similar methods have already been demonstrated in practice by hacker groups Turla and RedOctober.
IS-experts have found that the IoT-botnet Hajime has initiated and now completes monstrous system filtering, looking for MikroTik's switches. 

The Bleeping Computer version reports that numerous IB masters and organizations found that the sweeps started a weekend ago, March 25, 2018. At that point various servers-traps of specialists recorded interesting action, specifically, routed to the port 8291. In the next days, the mass sweeps of the system proceeded and did not debilitate, which drew the consideration of security specialists from everywhere throughout the world. For instance, Qihoo 360 Netlab and Radware have just presented their reports on what has happened . 



As indicated by Qihoo 360 Netlab, just for three days of perceptions administrators Hajime did in excess of 860 000 outputs. 

As it turned out, aggressors are searching for helpless switches of MikroTik organization, and are attempting to abuse the issue known as Chimay Red - this is a helplessness in RouterOS rendition 6.38.4 and beneath. A bug enables an aggressor to execute self-assertive code on an issue gadget. 

It has come to our attention that a a mass scan for open ports 80/8291(Web/Winbox) is taking place. To be safe, firewall these ports and upgrade RouterOS devices to v6.41.3 (or at least, above v6.38.5)
— MikroTik (@mikrotik_com) 27 March 2018

It was this helplessness that was depicted in the reports distributed by Wikileaks under the name Vault 7. With its assistance a year ago, obscure jokers "renamed" a huge number of gadgets , changing the host name in blends like HACKED FTP server, HACKED-ROUTER-HELP-SOS-WAS-MFWORM - INFECTED or HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD. 

Administrators botnet Hajime jokes, obviously, are not restricted. Through the abuse of the bug, the spread of the Hajime malvari is completed. The officially existing botnet gadgets filter irregular IP addresses, alluding to port 8291 and along these lines compute the MikroTik switches. At that point, when the objective is distinguished, the bots utilize an openly accessible exploit and deliver it to ports 80, 81, 82, 8080, 8081, 8082, 8089, 8181 and 8880. On the off chance that the activity of the bug is fruitful, the gadget turns into another "gear-tooth" in the Hajime system. 

Delegates of MikroTik know and what is going on (counting due to the messages left in official gatherings of the terrified clients). In official Twitter, the organization reminded clients that the fix for Chimay Red was discharged a year back, so it's sufficient to refresh RouterOS to the most recent form 6.41.3 (or if nothing else to 6.38.5, which incorporated a fix) , and furthermore shut the ports with a firewall.

It ought to be noticed that the mission of a huge Hajime botnet is as yet a riddle for IB specialists. Tainted gadgets are not utilized for DDoS assaults, intermediary movement or different purposes, just to contaminate oneself. Give me a chance to advise you that in 2017, specialists expected that for Hajime can stand obscure white hat'y, which along these lines are battling with Mirai and other IoT-dangers.
Older Posts Home

Search News

News

  • Two Critical Vulnerabilities Uncovered in vBulletin
  • Botnet Hajime "HUNTS" on Vulnerable MikroTik Routers
  • Hamza Bendelladj Has Been Extradited From Thailand To USA
  • Hackers Get Your Team Ready For Global CyberLympics
  • Hamza Bendelladj | A Suspect On The US FBI's Top Ten Most Wanted List Arrested
  • Aaron Swartz | Reddit Co-Founder and JSTOR Hacker Commits Sucide
  • Akron Hackerspace SYN/HAK offers great environment for like minded folks
  • Hard-coded Credential Flaw in Wireless Access Points Identified and Fixed
  • The Pentagon's Says A Baffling U.F.O. Spotted By F/A-18 Super Hornet
  • Liberty Reserve Owner Arthur Budovsky Belanchuk Arrested

Contact Form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (86)

Search News

Designed By OddThemes | Distributed By Blogger Templates