EVIL DATA MINING FOR FUN AND PROFIT!
Contents● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on...
Introduction●   Fredrik Nordberg Almroth (@Almroot)    Head application engineer and co-founder @ detectify.com    IT-secu...
What is Detectify?Detectify is an automated vulnerability scanner.
●   You sign up using beta code.
●   You press start!●   Detectify emulates a hacking attack.
●   You get a report regarding your vulnerabilities.
●   Detectify is currently in closed beta!●   You may try it for free using the beta code: HyperMine●   http://detectify.c...
What is data mining?●   Data mining is mostly associated with statistics and machine learning.●   ...or discovery of patte...
Web scraping● Grab content from websites● Host somewhere else● Study the data● Sell the data
Web scraping● Manual copy-paste
Web scraping
Web scraping● Googlebot
Web scraping● Bad scrapers  ○ Downloadable or online tools  ○ Homemade scripts  ○ HTTP rewriters
Web scraping● Homemade scripts  ○   Made for one site/purpose  ○   No hacking  ○   May be against ToS  ○   Probably legal
Web scraping● Sosseblaskan.se  ○   Copy of aftonbladet (rewrite)  ○   A joke  ○   Not ads for aftonbladet  ○   Not phishin...
SQL● Structured Query Language● Used to talk with databases. MySQL, PostgreSQL, etc...
How its used● Websites use databases to maintain data.● The SQL queries often contain user-data.● You search on a website ...
What could possibly go wrong?● User supplied data may alter the SQL query.● Example:   SELECT title FROM blog WHERE title ...
SQL Injections
● Devastating attack.● Worst part. Its really common.● Remember Sony last year?
● Victims 2012.  ○   eHarmony  ○   last.fm  ○   Yahoo!  ○   Android Forums  ○   Billabong  ○   Formspring  ○   nVidia  ○  ...
● Thousands of sites attacked daily.● Incredibly easy to get going.● Loads of guides and tools on the internet.● Devastati...
LIVE DEMO!(This is the time well stand here and struggle with the equipment.)
Fun with WLAN● Create an evil twin● Jasager
Evil twin● You connect to eg. "espresso house free"● iPhone will save and remember that network● When you come back it wil...
Evil twin● Someone creates a network called  "espresso house free"● Your phone will automatically connect
What if the attacker dont know whichnetworks youve been connected to?
Jasager
Fun with WLAN● Works on everything  ○ Windows, linux, Mac, Android, iPhone etc● Can be monitored  ○ See which networks you...
Fun with WLANWiGLE.net
IT-Security @ Home● Devices on local networks.  ○   Routers  ○   Printers  ○   Heat Pumps  ○   Laptops  ○   PCs  ○   Table...
Telecom operator ComHem provide "Tre-hål-i-väggen"
● Routers may act as switches● IP Forwarding● You can see your neighbours devices
● Portscan!● A port scanner finds open services on IP-  addresses.● nmap
● Find vulnerability  or● Weak (default) password  or● No password!  Protip:  http://www.routerpasswords.com/
GAME OVER
ConclusionYou can with ease gain access to yourneighbours data.
Speaking of portscanning...● Spring 2010, the "spoon" project.● Got interested in packet crafting.● 3000 packets/second
● Sweden got 25.000.000 allocated IPv4-addresses.● ...Results in a timeframe of 2 hours and 20 min to scan.● Resolve all s...
● Early 2011, "spoon2".● 30000 packets/second. Ten times as fast!● From 2½ hour, to approximate 15 minutes.● Same result.
● Imagine a company. Like ACME Corp.● 10 servers running "spoon2".● Get a fresh map of Sweden every 90 second.● 100 server...
● ACME Corp got potential to become a global "pingdom".● Results in large scale data mining.● Would require loads of cleve...
shodanhq.com● The firm shodanhq already crawls countries for open  services.● Identified ~438.000 web servers in Sweden al...
● Eavesdrop your neighbour? No problem.● Why bother?● Can be applied to a whole country.
Summary● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on ...
Q&A     Hack the planet!http://detectify.com/
References●   http://www.theta44.org/karma/aawns.pdf●   http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet●   ...
Hyper Island - 2012
Hyper Island - 2012
Hyper Island - 2012
Upcoming SlideShare
Loading in …5
×

Hyper Island - 2012

8,243 views

Published on

The slides presented at the Hyper Island - October 18, 2012 for the DDS13 class regarding malicious datamining.

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,243
On SlideShare
0
From Embeds
0
Number of Embeds
7,200
Actions
Shares
0
Downloads
25
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Hyper Island - 2012

  1. 1. EVIL DATA MINING FOR FUN AND PROFIT!
  2. 2. Contents● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids
  3. 3. Introduction● Fredrik Nordberg Almroth (@Almroot) Head application engineer and co-founder @ detectify.com IT-security guy Hacked Google. Twice.● Johan Edholm (@norrskal) Server administrator and co-founder @ detectify.com Worked with IT security analytics and anti-scraping Studied system and network management in Linux
  4. 4. What is Detectify?Detectify is an automated vulnerability scanner.
  5. 5. ● You sign up using beta code.
  6. 6. ● You press start!● Detectify emulates a hacking attack.
  7. 7. ● You get a report regarding your vulnerabilities.
  8. 8. ● Detectify is currently in closed beta!● You may try it for free using the beta code: HyperMine● http://detectify.com/● We love feedback! :)
  9. 9. What is data mining?● Data mining is mostly associated with statistics and machine learning.● ...or discovery of patterns (intelligence) in large datasets...● No fancy algorithms! Just real life examples.
  10. 10. Web scraping● Grab content from websites● Host somewhere else● Study the data● Sell the data
  11. 11. Web scraping● Manual copy-paste
  12. 12. Web scraping
  13. 13. Web scraping● Googlebot
  14. 14. Web scraping● Bad scrapers ○ Downloadable or online tools ○ Homemade scripts ○ HTTP rewriters
  15. 15. Web scraping● Homemade scripts ○ Made for one site/purpose ○ No hacking ○ May be against ToS ○ Probably legal
  16. 16. Web scraping● Sosseblaskan.se ○ Copy of aftonbladet (rewrite) ○ A joke ○ Not ads for aftonbladet ○ Not phishing ○ Illegal
  17. 17. SQL● Structured Query Language● Used to talk with databases. MySQL, PostgreSQL, etc...
  18. 18. How its used● Websites use databases to maintain data.● The SQL queries often contain user-data.● You search on a website for a few keywords.● The odds of it being done by some SQL dialect is huge.
  19. 19. What could possibly go wrong?● User supplied data may alter the SQL query.● Example: SELECT title FROM blog WHERE title = $search_keywords;● If the searched data contain a quote, the SQL query will break.● Attackers may gain other data than just the "blog title".● Usernames, passwords, emails, credit-cards...
  20. 20. SQL Injections
  21. 21. ● Devastating attack.● Worst part. Its really common.● Remember Sony last year?
  22. 22. ● Victims 2012. ○ eHarmony ○ last.fm ○ Yahoo! ○ Android Forums ○ Billabong ○ Formspring ○ nVidia ○ Gamigo ○ ...List goes on...
  23. 23. ● Thousands of sites attacked daily.● Incredibly easy to get going.● Loads of guides and tools on the internet.● Devastating for the vulnerable organizations.
  24. 24. LIVE DEMO!(This is the time well stand here and struggle with the equipment.)
  25. 25. Fun with WLAN● Create an evil twin● Jasager
  26. 26. Evil twin● You connect to eg. "espresso house free"● iPhone will save and remember that network● When you come back it will automatically connect
  27. 27. Evil twin● Someone creates a network called "espresso house free"● Your phone will automatically connect
  28. 28. What if the attacker dont know whichnetworks youve been connected to?
  29. 29. Jasager
  30. 30. Fun with WLAN● Works on everything ○ Windows, linux, Mac, Android, iPhone etc● Can be monitored ○ See which networks you are looking for and in which order
  31. 31. Fun with WLANWiGLE.net
  32. 32. IT-Security @ Home● Devices on local networks. ○ Routers ○ Printers ○ Heat Pumps ○ Laptops ○ PCs ○ Tablets ○ Cellphones ○ XBOXes ○ ...etc...
  33. 33. Telecom operator ComHem provide "Tre-hål-i-väggen"
  34. 34. ● Routers may act as switches● IP Forwarding● You can see your neighbours devices
  35. 35. ● Portscan!● A port scanner finds open services on IP- addresses.● nmap
  36. 36. ● Find vulnerability or● Weak (default) password or● No password! Protip: http://www.routerpasswords.com/
  37. 37. GAME OVER
  38. 38. ConclusionYou can with ease gain access to yourneighbours data.
  39. 39. Speaking of portscanning...● Spring 2010, the "spoon" project.● Got interested in packet crafting.● 3000 packets/second
  40. 40. ● Sweden got 25.000.000 allocated IPv4-addresses.● ...Results in a timeframe of 2 hours and 20 min to scan.● Resolve all servers on a given port in a Sweden.● Could of course be applied to any country.
  41. 41. ● Early 2011, "spoon2".● 30000 packets/second. Ten times as fast!● From 2½ hour, to approximate 15 minutes.● Same result.
  42. 42. ● Imagine a company. Like ACME Corp.● 10 servers running "spoon2".● Get a fresh map of Sweden every 90 second.● 100 servers, every 9th second second.
  43. 43. ● ACME Corp got potential to become a global "pingdom".● Results in large scale data mining.● Would require loads of clever algorithms and infrastructure to maintain it all though.
  44. 44. shodanhq.com● The firm shodanhq already crawls countries for open services.● Identified ~438.000 web servers in Sweden alone.● Mostly devices found on local networks. (routers / printers).● No security. Loads of vulnerable devices.
  45. 45. ● Eavesdrop your neighbour? No problem.● Why bother?● Can be applied to a whole country.
  46. 46. Summary● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids
  47. 47. Q&A Hack the planet!http://detectify.com/
  48. 48. References● http://www.theta44.org/karma/aawns.pdf● http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet● http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/● http://nmap.org/6/● http://www.ietf.org/rfc/rfc793.txt● http://www.ietf.org/rfc/rfc791.txt● http://www.ietf.org/rfc/rfc1323.txt● http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/

×