This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Guest Post: I Can Have Most of My Threat Research Tools in a Single Interface?

The following is a guest post submitted to Caffeine Security. The owner of Caffeine Security is not responsible for its content.  This post is being shared because I feel this has the potential to be a very informative webinar.  I previously attended a TrainACE "Hacker's Breakfast" which you can read about in a previous post.

The answer is “Yes”! Join Advanced Security by TrainACE in this FREE, hour long webinar covering a few aspects of Advanced Threat Intelligence. During this webinar, you’ll be part of a live demo analysis of suspected malicious URL.  Each malicious URL has the potential to completely cripple a company’s network infrastructure and it’s important that any string which looks suspicious be fully analyzed before it falls into the hands of an unsuspecting victim. Attendees will also be shown how to effectively complete the majority of threat research from a single interface. Compiling all data into one spot will make it more manageable and make analysis much more effective.  REGISTER HERE NOW; space is limited!

TrainACE is an IT Certification and cyber security training company. This is only one of many free hacking tutorials they provide to the public. They also host regular meet-ups and events to discuss the latest and greatest topics in cyber security. 


About the Author

This is a guest post from Megan Horner, Marketing Coordinator at TrainACE. TrainACE offers advanced cyber security training such as Mobile Hacking and Wireless Security. Follow TrainACE on Twitter @pentesttraining.

Hacking the News for Profit - Stock Short Selling

Today the Associated Press' Twitter account was hacked (quite possibly as the result of a sophisticated spear phishing campaign), and started posting fake news headlines.  Specifically, a news headline was posted that there were multiple explosions in the White House, and that the president had been injured.

And while the fact that @AP was compromised was fascinating, what happened next is what should really get your attention.  Shortly after the fake headline was posted, the Dow Jones plummeted 150 points.


While the stock market recovered quickly after the news turned out to be fake, someone could have potentially made millions.

If someone knew when and what stocks were going to drop due to the hacked Twitter account's announcement, they could have performed a short sell on the affected stock(s).

Even if the affected stocks only provided a 1% return, a short on $100,000,000 worth of stocks would result in a $1,000,000 profit.

Something tells me this won't be the last time we see stocks affected by a hacked social media account announcing fake news.  There's a potential for great profit in it.

When it Comes to Space Security, Safety is Key

This is the second article in my series on Space Security.

The Orbital Antares rocket, scheduled to launch later today, is an excellent example of how important safety and security is for a space flight.

During my recent trip to the Antares launch pad at NASA's Wallops Flight Facility, I had the chance to discuss with former astronaut Carl Walz, currently Orbital Vice President of Human Space Flight Operations, the safety and security features incorporated into Antares as well as Cygnus, the cargo craft which will be launched by Antares later this year.  Safety is critical for any rocket launch, especially when it comes to protecting human life.

Much like most computer data centers, the Antares launch pad has redundant power systems: a commercial power feed, as well as generators the size of tractor trailers.  These systems are setup to automatically switch over in the case of a failure.  After all, you don't want to suddenly lose power while you're in the middle of a final countdown.

Further similar to a data center, a rocket launch requires continuous monitoring.  Any failure in monitoring could be disastrous, as a critical problem could be overlooked.  Monitoring occurs during all phases of the mission - from launch pad, to liftoff, to flight, until the mission is completed.  In fact, the first attempt to launch Antares had to be aborted due to early detachment of a data cable.

There are multiple, redundant systems in place to not only verify the Antares rocket isn't headed towards a populated area, but also to destroy all sections of the rocket if there's a chance the rocket could even come close to impacting a populated area.

Multiple systems are used to track the position and trajectory of Antares.  NASA tracks the rocket primarily through RADAR, but the rocket also transmits GPS and accellerometer information.  A computer uses the tracking information to verify the course is not outside the "safety zone", as well as constantly generate an "instantaneous impact point" which uses physics to model what the impact would be if the rocket needed to be remotely destroyed.

Antares contains an automatic destruct system, as well as a manual destruct system.  If the Orbital built first stage, or ATK built second stage, separates prematurely, the automatic destruct system will activate, destroying the entire launch vehicle.  The manual destruct system can be triggered by NASA at any time during the launch if something is going wrong, and relies upon multiple redundant UHF receivers.  Note that Antares rocket does not yet include the Autonomous Flight Safety System, which has been under development by NASA and in test at Wallops Flight Facility.

I feel very reassured after my discussions with Carl Walz, as well as several personnel from ATK and NASA, that state-of-the-art security and safety measures are in place to ensure that minimal risk to human life is present during all stages of the Antares mission.

Antares is scheduled to liftoff at 5 PM eastern on April 21, 2013.  You can watch the launch live on NASA TV. Stay updated on the launch status by following @NASA_Wallops, @ATK, and @OrbitalSciences on Twitter.



Space Security Starts on the Ground

This is the first of a series of articles on Space Security.  In the article series, we will look at the current strengths and weaknesses of NASA's cyber security efforts.


The above video was taken on April 17, 2013 at Wallops Flight Facility during the Antares NASA Social launch event.  In it, Deputy Administrator Lori Garver discusses the importance of Cyber Security and NASA.

NASA was criticized in 2009 by the Government Accountability Office (GAO) for having security vulnerabilities in key networks, despite important progress in securing their computer systems.

Police Scanners and COMSEC (or lack thereof)

I couldn't help but shake my head when Boston police recently shut down online streams of their police scanners during their hunt for terror suspects related to the Boston marathon bombings.

Police even went so far as to request people not to tweet information they hear on police scanners.  And while most Twitter users complied, some began to attack other Twitter users for just providing links to working scanner streams "because they were endangering the lives of officers".

There's a logical fallacy with this thinking. The problem with shutting down online streams of police scanners is that it does nothing to prevent suspects from listening on local radio scanners.  Police radio frequencies are well known, and anyone with a cheap handheld scanner can monitor them locally.

Perhaps it's time for police departments to begin using encrypted TAC channels during manhunts, much like the military uses when in a combat zone?

To provide an analogy for those less tech savvy, Boston PD's request is equivalent to shouting a "secret" across a crowded public auditorium, asking everyone in the auditorium not to share said secret, then continue to speak slightly softer and continue to distribute additional secrets.  The strangers sitting nearby have no legal obligation not to distribute the information they overheard to the rest of the room.

The only answer to the "auditorium" problem, much like the "radio" problem, is to encrypt your messages, so that even if everyone overhears, they can't understand the secret.

COMSEC isn't something new, and has been around for a very long time.  Maybe it's time for civilian police departments to catch up.

Space Security Article Series - Stay Tuned!

I am back from my trip to Wallops Flight Facility and feverishly working on organizing all my notes and recordings to begin my series of Space Security articles.

In the meantime, I'd like to encourage you to check out the pictures and videos I've uploaded from this AMAZING event!

Facebook: https://www.facebook.com/CaffSec

YouTube: http://www.youtube.com/user/CaffeineSecurity


I will be writing a thank you letter to all of the organizations and people who took the time to meet with me, but in the meantime I'd like to give a big shout out to the following organizations:

NASA Wallops
NASA Social
Orbital Sciences Corporation
ATK

Thank you all for helping make the Antares NASA Social event fantastic!

Want to Give Me Feedback During the Antares Launch Event? Call Me!

Because I'm going to be almost completely disconnected for about a week I've added to my blog the ability for you to leave a voicemail to give me feedback for during the Antares launch event.  I will check voicemail nightly and if possible include any feedback in the next day's events.

Thanks!

A Potential Look at the Security Technology Behind #Antares and #Cygnus Remote Control

The main purpose of the Antares rocket is to launch the Cygnus spacecraft - a remotely controlled cargo craft designed to deliver cargo to/from the International Space Station.

Some searching of patents by Orbital Sciences Corporation will reveal a patent from 2009 describing "A secondary payload interface for payload communications using a primary payload communications channel is provided."  This is essentially a space version of a radio repeater or WiFi range extender - and also provides for a redundant communications network to ensure that remote controlled spacecraft and satellites can remain in constant contact with ground control.

The patent discusses the potential for using communications satellites to relay commands remotely:

Although typically built with that single purpose in mind, these satellites may provide platforms for secondary payloads. For example, communications satellites can provide power, thermal control, and attitude control system (ACS) functions, as well as other services, to secondary payloads, such as, for example, earth-observing or weather-monitoring payloads. An auxiliary high rate communications system can be provided on the communications satellite to accommodate the secondary payload.

And good news! The patent is designed with security (encryption) in mind!
In some embodiments, the secondary payload interface may be designed such that control and telemetry interactions with the operators of the primary payload and/or the host satellite (which may be the same or different) are limited. For example, control interactions may be limited to power connections. As another example, telemetry interactions may be limited to discrete telemetry points that provide insight into the basic health of the secondary payload interface. As a result, the secondary payload may still be securely controlled by its operator without involvement by the operations center of the primary payload and/or the host satellite. This approach provides segregation of signals between an encrypted state and a non-encrypted state (e.g., a "red/black" interface) as required by some encryption systems. 

A second possibly related patent by Orbital describes "Emergency Communications Channel Systems and Methods for Satellite Command".  This patent can be accessed here.

This patent creates a backup system for satellite communications - ensuring availability of control if something goes wrong with traditional satellite communications.
To address [...] shortcomings within [remote satellite control], an Emergency Communications Channels (ECC) satellite command system according to one aspect of invention enables commanding of a satellite by remotely modulating telemetry data parameters indicative of the operation of one or more of the satellite's payloads by modulating signals sent directly to the payload from a ground station.  

The two above patents definitely show that Orbital understands the importance of implementing security and redundancy in space systems - and is actively implementing important security concepts in their spacecraft and launch systems.

I look forward to discussing this topic further with them when I visit NASA's Wallops Flight Facility in a few days.

Could you Hack the Mars Rover?

More related reading for my upcoming trip to the Antares rocket launch - this article outlines the difficulties of remotely gaining control of a NASA spacecraft such as the Mars Rover.

http://www.extremetech.com/extreme/134334-could-you-hack-into-mars-rover-curiosity

How Rockets and Spacecraft Are Controlled Remotely

One of the topics I'm hoping to discuss with NASA and Orbital on my upcoming visit to the Antares rocket launch is how rockets and spacecraft are controlled remotely - and how this communication is secured from tampering by outside parties.

I'm not a rocket scientist - and since this really is rocket science - I figured I should start reading up on the topic.

I found on Archive.org a book from 1964 titled "Radio Control of Rockets".  The book was written by two Russian scientists and contributed to by NASA.  It discusses the theory behind remote control of a rocket.

If you're interested in learning more visit the Archive.org page and start reading the book!

New Research Project: Project Ackbar (It's A Trap!)



Today I'm embarking on a new long-term project.

I am seeding social media sites with unique email addresses in the hopes of catching when a database has been compromised.

Each email address is being setup through Mailinator and the inboxes are being monitored through RSS feeds using IFTT.

When one of the email addresses gets an email, or a Google alert discovers the email address published on the web, I will receive an alert so that I can review and see if the email address has been compromised.

I'll update any hits as they come in.

So far I've registered special email addresses on the following websites.  This list will be updated as more are added.

Twitter.com
Facebook.com
MySpace.com

Big Shout Out to Timber Wolfe from NeuStar, Inc. for inspiring me to start this project.  Timber was one of the presenters at TrainACE's Hacker's Breakfast event on 4/3/2013 and presented an excellent piece on Honey Pots, Honey Nets, and Honey Farms.

Voices in the Static: Proactive Cyber Threat Monitoring

Your network is under attack. Right now. This very moment your public facing IP address space is being scanned and probed by someone. In fact, the entire Internet is being scanned by so many malicious attackers on a 24/7 basis that the most amount of time an unprotected computer can hope to last on the Internet without being compromised is seven minutes according to SANS.

So what can you do to help determine what threats to monitor for and which ones to ignore?

Read my Guest Blog Post at Recorded Future to find out more!

Hacker's Breakfast - Absolutely Great Learning Experience

Today I had the privilege of attending a free training seminar today put on by TrainACE called "The Hacker's Breakfast".  The topic of the day was advanced persistent threats and one of my favorite topics - honeypots.

Not only did I get a free breakfast, but I learned a lot from Alex Lanstein of FireEye and Timber Wolfe of Neustar, Inc.

If you haven't attended one of these yet - I would strongly encourage you to do so.  TrainACE provides the training completely free of charge - and you'll get to learn about some of the other training opportunities which are coming up.

This wasn't your typical "free advertisement disguised as a seminar".  In fact the training provided was extremely informative and useful - and there wasn't any pressure to buy anything or sign up for any future training classes.

I'd like to give a big shout out to Megan Horner for inviting me to the event.  Megan recently submitted a guest blog post which you can view here.


If you could ask a question about Space Security what would it be?

I've been given an excellent opportunity to attend the NASA/Orbital Antares rocket test launch at Wallops Flight Facility in Wallops Island Virginia under NASA's social media credentials program.

I hope to learn and share fascinating information such as how remote flight telemetry and control of spacecraft is secured from tampering and interception.  However - since my blog wouldn't be the same without reader interaction - I'd like to take the time to find out what information security related questions my readers would like to have answered.

Please go to Facebook and answer the poll!  Feel free to add your own question if you don't see one listed you're interested in.  Please try to keep questions information security/computer security related.

I will gather questions until a few days before launch - then select the best ones from the poll.

The Cyber Security "Silver Bullet" is Finally Here!

Due to the overwhelming demand for an "all-in-one" security solution, Caffeine Security is happy to announce our solution, which we are releasing as "Caffeine Security Silver Bullet".  This net appliance will be the ultimate solution to all of your security needs.