Risk Factory: Modems the Forgotten Back Door

“Super Phreak” Modems: The Forgotten Backdoor

A Day in the Life

Remember the 80’s ? 1980 John Lennon shot Pac-Man Super Trouper Empire Strikes Back

Remember the 80’s ? 1980 1981 John Lennon shot JR Ewing shot Pac-Man Rubik's Cube Super Trouper Super Freak Empire Strikes Raiders Lost Ark Back

Remember the 80’s ? 1980 1981 1982 John Lennon shot JR Ewing shot Reagan shot Pac-Man Rubik's Cube Trivial Pursuit Super Trouper Super Freak Don’t You Want Me Empire Strikes Raiders Lost Ark Back Tootsie

Remember the 80’s ? 1980 1981 1982 1983 John Lennon shot JR Ewing shot Reagan shot My knees shot Pac-Man Rubik's Cube Trivial Pursuit Cabbage Patch Kids Super Trouper Super Freak Don’t You Want Me Thriller Empire Strikes Raiders Lost Ark Back Tootsie War Games

Spark That Lit The Fire Sales of modems increased by a factor of 500 within 3 Public months of the release of the film “War Games” Private

Remember When? Our biggest vulnerability Our biggest threat Public Private

Super Phreaky – Yoaw! Phreak = "phone" + "freak". "Phreak", "phreaker“= names for people who participate in phreaking Phreaking = studying, experimenting with, or exploring telecoms systems, equipment or systems connected to telephone networks. Linked to hacking when networks went computerised. Now called the H/P culture (Hacking and Phreaking).

War Dialer Process 1. Obtain exchanges 2. Configure & run dialer 3. Analyse carriers & identify devices 4. Connect to carriers identified 5. Brute force if prompted 6. Access granted

Functions of a Modem • Dial-Out access – allows someone to subvert the firewall to get out • Dial-In access – allows remote access to an internal system via the PBX

Dial-Out Access  Desktop devices, faxes, scanners, PCs  Primarily user internet-related activity  Use of unauthorised modems to circumvent firewall rules - access blocked internet material  Risk exposure is user-dependent and localised  Think data leakage  Risk commensurate with access privileges  Most organisations do not have a requirement for it

Dial-Out Risks Firewall Unauthorised Material Your Organisation Network Trojan Horses & Configuration Server Modem Viruses Workstation Business Data Databases Information Server Leakage

Dial-In Access  Business systems – servers - not PC-based  Think 3rd party managed devices  Increased likelihood business-critical system  Permits targeted rather than opportunistic attack  Time to map & exploit the system  System can remain compromised after the hacker disconnects  Likely to be untraceable  Most organisations have at least some requirement for dial-in access

Your View 1. Bandwidth Manager 2. Exterior Router 3. Bastion Host (Firewall) 4. Interior Router 5. Network Switch 6. Application Servers 7. Network Storage 8. PBX 9. Voicemail 10. Modem Bank 11. RAS Server 12. Authentication Server 13. UPS 14. Air Conditioning 15. Building Access Control System

Phreaker’s View 1. Bandwidth Manager 2. Exterior Router 3. Bastion Host (Firewall) 4. Interior Router 5. Network Switch 6. Application Servers 7. Network Storage 8. PBX 9. Voicemail 10. Modem Bank 11. RAS Server 12. Authentication Server 13. UPS 14. Air Conditioning 15. Building Access Control System

Scale of Dial-In Threat  Large organisations: 1.5% – 2.5% of all telephone extensions provide dial-in access (up to 25 extensions per 1000 )  Small organisations: 2% - 3% of telephone extensions provide dial-in connectivity (up to 15 extensions per 500)

Prevailing Opinion… "...most large companies are more vulnerable through poorly inventoried modem lines than via firewall-protected Internet gateways" Hacking Exposed: Network Security Secrets and Solutions. McClure, Scambray & Kurtz. Osborne,2008 “While remote access is not the only route that hackers use to attack networks, they often cite it as the easiest route in” Information Security Breaches Survey 2010: Remote Access. UK Department of Trade & Industry

And yet…. DTI’s Information Security Breaches Survey cited it in 2004 by stating that … • Less than 2% surveyed checked for unauthorised modem access …but not since

Managing Dial-Out Risk Non-PC based: • Configure dial-out under application control • Modem configured for “dial-out” only PC-based: • PBX monitoring – outbound call logging (restricted to DDI line logging) • Host-based solutions – anti-virus / host monitoring / configuration lockdown General: • Effective policy – user education, policing & enforcement

Managing Dial-In Risk Managed through: • Review & confirm 3rd party access requirements • Change vendor defaults • SLA’s should address breach responsibilities • Implement appropriate controls (access restriction, authentication, dial-back) • Monitor – inbound call logging / alerting / read logs! • Effective policy – user education, policing & enforcement

25 th Anniversary

Todays’ War Dialer • WarVOX, Linux-based freeware available on Dark-Hack • Uses VoIP services to make up to 10,000 calls in an 8 hour period • Spoofs caller ID • IDs admin interfaces to PABX and IP based devices • Finds and copies/strips stored audio files and archives

Test This

Some things never die, they just go out of fashion… Phreaking is the founding methodology of hackers. What makes you think its dead? Still the most dependable backdoor into a system.

26 Dover Street, London , W1S 4LY, United Kingdom +44 (0) 203 586 1025 www.orthusirm.com info@ orthusirm.com

Risk Factory: Modems the Forgotten Back Door

You are reading a preview.

Check these out next

Risk Factory: Modems the Forgotten Back Door

More Related Content

Viewers also liked (18)

Similar to Risk Factory: Modems the Forgotten Back Door (20)

More from Risk Crew (20)

Recently uploaded (20)