Hyper Island - 2012

Uploaded on

The slides presented at the Hyper Island - October 18, 2012 for the DDS13 class regarding malicious datamining.

The slides presented at the Hyper Island - October 18, 2012 for the DDS13 class regarding malicious datamining.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 2. Contents● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids
  • 3. Introduction● Fredrik Nordberg Almroth (@Almroot) Head application engineer and co-founder @ detectify.com IT-security guy Hacked Google. Twice.● Johan Edholm (@norrskal) Server administrator and co-founder @ detectify.com Worked with IT security analytics and anti-scraping Studied system and network management in Linux
  • 4. What is Detectify?Detectify is an automated vulnerability scanner.
  • 5. ● You sign up using beta code.
  • 6. ● You press start!● Detectify emulates a hacking attack.
  • 7. ● You get a report regarding your vulnerabilities.
  • 8. ● Detectify is currently in closed beta!● You may try it for free using the beta code: HyperMine● http://detectify.com/● We love feedback! :)
  • 9. What is data mining?● Data mining is mostly associated with statistics and machine learning.● ...or discovery of patterns (intelligence) in large datasets...● No fancy algorithms! Just real life examples.
  • 10. Web scraping● Grab content from websites● Host somewhere else● Study the data● Sell the data
  • 11. Web scraping● Manual copy-paste
  • 12. Web scraping
  • 13. Web scraping● Googlebot
  • 14. Web scraping● Bad scrapers ○ Downloadable or online tools ○ Homemade scripts ○ HTTP rewriters
  • 15. Web scraping● Homemade scripts ○ Made for one site/purpose ○ No hacking ○ May be against ToS ○ Probably legal
  • 16. Web scraping● Sosseblaskan.se ○ Copy of aftonbladet (rewrite) ○ A joke ○ Not ads for aftonbladet ○ Not phishing ○ Illegal
  • 17. SQL● Structured Query Language● Used to talk with databases. MySQL, PostgreSQL, etc...
  • 18. How its used● Websites use databases to maintain data.● The SQL queries often contain user-data.● You search on a website for a few keywords.● The odds of it being done by some SQL dialect is huge.
  • 19. What could possibly go wrong?● User supplied data may alter the SQL query.● Example: SELECT title FROM blog WHERE title = $search_keywords;● If the searched data contain a quote, the SQL query will break.● Attackers may gain other data than just the "blog title".● Usernames, passwords, emails, credit-cards...
  • 20. SQL Injections
  • 21. ● Devastating attack.● Worst part. Its really common.● Remember Sony last year?
  • 22. ● Victims 2012. ○ eHarmony ○ last.fm ○ Yahoo! ○ Android Forums ○ Billabong ○ Formspring ○ nVidia ○ Gamigo ○ ...List goes on...
  • 23. ● Thousands of sites attacked daily.● Incredibly easy to get going.● Loads of guides and tools on the internet.● Devastating for the vulnerable organizations.
  • 24. LIVE DEMO!(This is the time well stand here and struggle with the equipment.)
  • 25. Fun with WLAN● Create an evil twin● Jasager
  • 26. Evil twin● You connect to eg. "espresso house free"● iPhone will save and remember that network● When you come back it will automatically connect
  • 27. Evil twin● Someone creates a network called "espresso house free"● Your phone will automatically connect
  • 28. What if the attacker dont know whichnetworks youve been connected to?
  • 29. Jasager
  • 30. Fun with WLAN● Works on everything ○ Windows, linux, Mac, Android, iPhone etc● Can be monitored ○ See which networks you are looking for and in which order
  • 31. Fun with WLANWiGLE.net
  • 32. IT-Security @ Home● Devices on local networks. ○ Routers ○ Printers ○ Heat Pumps ○ Laptops ○ PCs ○ Tablets ○ Cellphones ○ XBOXes ○ ...etc...
  • 33. Telecom operator ComHem provide "Tre-hål-i-väggen"
  • 34. ● Routers may act as switches● IP Forwarding● You can see your neighbours devices
  • 35. ● Portscan!● A port scanner finds open services on IP- addresses.● nmap
  • 36. ● Find vulnerability or● Weak (default) password or● No password! Protip: http://www.routerpasswords.com/
  • 37. GAME OVER
  • 38. ConclusionYou can with ease gain access to yourneighbours data.
  • 39. Speaking of portscanning...● Spring 2010, the "spoon" project.● Got interested in packet crafting.● 3000 packets/second
  • 40. ● Sweden got 25.000.000 allocated IPv4-addresses.● ...Results in a timeframe of 2 hours and 20 min to scan.● Resolve all servers on a given port in a Sweden.● Could of course be applied to any country.
  • 41. ● Early 2011, "spoon2".● 30000 packets/second. Ten times as fast!● From 2½ hour, to approximate 15 minutes.● Same result.
  • 42. ● Imagine a company. Like ACME Corp.● 10 servers running "spoon2".● Get a fresh map of Sweden every 90 second.● 100 servers, every 9th second second.
  • 43. ● ACME Corp got potential to become a global "pingdom".● Results in large scale data mining.● Would require loads of clever algorithms and infrastructure to maintain it all though.
  • 44. shodanhq.com● The firm shodanhq already crawls countries for open services.● Identified ~438.000 web servers in Sweden alone.● Mostly devices found on local networks. (routers / printers).● No security. Loads of vulnerable devices.
  • 45. ● Eavesdrop your neighbour? No problem.● Why bother?● Can be applied to a whole country.
  • 46. Summary● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids
  • 47. Q&A Hack the planet!http://detectify.com/
  • 48. References● http://www.theta44.org/karma/aawns.pdf● http://timtux.net/posts/10-Vad-delar-du-ut-IT-skerhet-i-hemmet● http://krebsonsecurity.com/2010/06/wi-fi-street-smarts-iphone-edition/● http://nmap.org/6/● http://www.ietf.org/rfc/rfc793.txt● http://www.ietf.org/rfc/rfc791.txt● http://www.ietf.org/rfc/rfc1323.txt● http://www.zdnet.com/sql-injection-attacks-up-69-7000001742/