Archive for January, 2012

Carrier IQ

Carrier IQ also known as CIQ is a software that is installed not only on smartphones but also on tablets. Carrier IQ was developed to reduce the number of dropped calls, extend battery life and for the device and services to work efficiently at all times which will actually help understand the experience of mobile users. Operators want to develop and enhance the services all the time and this can only be done by knowing when exactly the mobile user is having a bad experience.

Historically operators use their network to solve problems but today’s network and devices are too complex to understand if you can’t see the device itself.  Carrier IQ examines a large amount of data from each device to capture and summarize what exactly is working and what is not. For example, the operators and the device manufacturers need to know where exactly was a call dropped or which applications drained the battery life of the device and most importantly they need to know how to solve the user’s problems when you call them.

Carrier IQ’s technology counts and summarizes problems. According to CIQ, it is not providing key strokes or tracking tools.  Carrier IQ’s technology is the user’s advocate because operators and handset manufacturers, for the first time are getting an understanding of the users day to day problems.

Developers, on the other hand, believe that CIQ is a low level software that is installed by Samsung and HTC at the command of the mobile carrier such as AT&T. According to them, it basically records metrics i.e. every key that is pressed, every touch on the screen, every application launched, every website visited or any kind of traffic entering or leaving the phone or every time the battery is changed, etc.

Carrier IQ calls this software the Mobile Intelligence Platform (MIP). CIQ works with mobile manufacturers such as Samsung and HTC to embed the agent within the Smartphone to track all the data. The biggest issue behind CIQ is the threat to privacy since the software works in a similar manner to a spyware.

Carrier IQ has recently gotten immense attention of the public. With growing concerns of threat to the privacy of users, CIQ is facing a lot of pressure not only from the general public but also has lawsuits filed against their software. Developers are coming up with new ways of disabling the software according to the wish of the users allowing them to control exactly what information they are willing to share.


Indian BlackHat Group Defaces Pakistani Government Websites

The cyber war between India and Pakistan continue to rises as an Indian blackhat group Indishell defaced 30 Pakistani government websites only a few days ago including sites such as pak.gov.pk, paknavy.gov.pk, sindh.gov.pk, etc. The reason behind this recent attack was in retaliation to the hacking of the official website Bharatiya Janata Party (BJP) of Karnataka which was defaced by a Pakistani blackhat group. We fear that this war is going to continue to rise to increasing numbers in the near future.

Prior to this attack, Indishell already attacked other high profile Pakistani sites. Indishell believes that the government of Pakistan is involved with various Pakistani attackers instructing them to hack Indian sites. The Pakistani government also received a notice from Indishell as a message on one of the recently hacked websites.

The rivalry between Indian and Pakistani hackers has been going on since years now. This only goes to show that the governments of both Pakistan and India fail to understand the importance of securing official websites along with other websites from attackers, due to which huge security vulnerabilities seem to exist which makes it extremely simple for attackers to exploit.

How did the situation get so bad? In all honesty, it’s the fault of the hosting provider and the application developer of the websites that got attacked.  First of all, the hosting infrastructure should have been properly secured and segregated. Applications and servers should have been audited for security and hardened according to a standard. Blackhats tend to target the web application first and exploit it to access the server hosting the website. So, it’s a jack pot for an attacker if he gets access to the server which hosts multiple sensitive websites. Following is a list of Pakistani government websites that were hosted on a single server (50.23.225.39-static.reverse.softlayer.com) that got attacked:

census.gov.pk
cii.gov.pk
cmpunjab.gov.pk
cmsindh.gov.pk
commerce.gov.pk
desto.gov.pk
dgip.gov.pk
eadtraining.gov.pk
fab.gov.pk
fgehf.gov.pk
fia.gov.pk
fsa.gov.pk
ictadministration.gov.pk
infopak.gov.pk
jobs.gov.pk
joinpaf.gov.pk
lmis.gov.pk
met.gov.pk
mfa.gov.pk
moe.gov.pk
mofa.gov.pk
mopw.gov.pk
na.gov.pk
nab.gov.pk
navtec.gov.pk
nespak.com.pk
nhmp.gov.pk
nidu.gov.pk
nip.gov.pk
nr3c.gov.pk
nrb.gov.pk
ntb.gov.pk
ntc.net.pk
paec.gov.pk
paf.gov.pk
pak.gov.pk
paknavy.gov.pk
parc.gov.pk
pasc.gov.pk
pbm.gov.pk
pc.gov.pk
pcp.gov.pk
pcsir.gov.pk
pha.gov.pk
pifra.gov.pk
pmad.gov.pk
pof.gov.pk
ppqp.gov.pk
privatisation.gov.pk
psf.gov.pk
pta.gov.pk
savings.gov.pk
senate.gov.pk
shydo.gov.pk
sindh.gov.pk
sindhpolice.gov.pk
supremecourt.gov.pk
topians.edu.pk
www.cmpunjab.gov.pk
www.commerce.gov.pk
www.dgip.gov.pk
www.eadtraining.gov.pk
www.fab.gov.pk
www.fgehf.gov.pk
www.fia.gov.pk
www.infopak.gov.pk
www.jobs.gov.pk
www.joinpaf.gov.pk
www.met.gov.pk
www.mfa.gov.pk
www.moe.gov.pk
www.mofa.gov.pk
www.na.gov.pk
www.nab.gov.pk
www.navtec.gov.pk
www.nespak.com.pk
www.nhmp.gov.pk
www.nip.gov.pk
www.nr3c.gov.pk
www.nrb.gov.pk
www.ntc.net.pk
www.paec.gov.pk
www.paf.gov.pk
www.pak.gov.pk
www.paknavy.gov.pk
www.parc.gov.pk
www.pbm.gov.pk
www.pc.gov.pk
www.pcsir.gov.pk
www.pha.gov.pk
www.pifra.gov.pk
www.pof.gov.pk
www.ppqp.gov.pk
www.psf.gov.pk
www.pta.gov.pk
www.savings.gov.pk
www.senate.gov.pk
www.sindh.gov.pk
www.sindhpolice.gov.pk

It’s very saddening to know that so many high profile government websites are hosted at a third-party hosting provider and possibly even on a same server, a poor practice for websites that has information of extreme sensitive nature. This is the same server that hosts websites for National Telecommunication Corporation (NTC)– www.ntc.net.pk – Official IT&T Service Provider for Government of Pakistan and the abandoned National Response Centre for Cyber Crimes (NR3C) – www.nr3c.gov.pk. We wonder if these organizations actually noticed this defacement and decided to take security seriously. It’s never advised to put all eggs in one basket. Moreover, even when hosting multiple websites on the same box, server should be configured in such a way that even though if an attacker is able to exploit an application, he should not be able to access the server and other websites.


GPS Spoofing / Drone Hacking

Iran captured US stealth drone by spoofing its GPS coordinates which tricked the bird to land within the Iranian territory instead of where it was actually programmed to land. The actual landing zone of the drone was Afghanistan, but with the proudly claimed method by Iranian engineers only a few months back, the drone’s GPS was reconfigured and made it land in Iran.

Iran has a long border with Afghanistan and NATO monitors it for weapon smuggling into Afghanistan. Three years ago the Iranians claimed that they had designed their own drone that had a range of 300 miles and could reach Israel. The stealth plane has been built with very sophisticated technology. It is the same kind of stealth plane that was monitoring the US raid on Osama Bin Laden’s compound in Pakistan. This is a $6 million stealth plane manufactured by Lockheed Martin.

According to the US officials, RQ in its name means that it is unarmed and some industry experts who have written about the Sentinel stealth is that its design makes it more of an operational platform not an intelligence gathering aircraft. It was used to fly support during the Bin Laden raid. Nonetheless, according to the Iranian news, the drone was shot down and recovered almost completely intact which goes as a warning to the US.

An unnamed Iranian engineer has been working on the American bat-wing RQ-170 Sentinel who confirmed that the spoofing method that was used allowed the Iranians to divert the landing of the bird according to where they wanted it to land, that too without hacking into the remote-control signals of the American control centre.

The US RQ-170 Sentinel stealth captured by Iran

US military officials have feared the GPS weakness of aircraft for a long time. According to the US officials, this kind of attack is much more sophisticated than jamming since it is executed under cover and there is no way to find out until the spoofing has already been done. The attack allows the GPS receiver to send wrong GPS signals which makes believe that it is located somewhere in space where as in reality it actually isn’t. The US officials claim their loss of their drone to be a malfunction from their end.

According to the Iranian engineer, he claims that the GPS navigation is the weakest point. Once the bird has been “jammed” through sending noise over the communications, the bird automatically goes into autopilot mode and doesn’t know what to do next. It can then be commanded to do whatever the controller wants it to.

Not a single current GPS system is “spoof proof” due to several reasons. The main reason being it is almost impossible to validate consistently on a “one way” communications channel because of “replay attacks”. Therefore they all require an additional channel of some type that is not possible to jam.

According to some sources, claims have been made that Iran has sold the stealth to China so that China may undertake serious investigations. However, this has still not been confirmed.


The Anonymous Blackhat Group

‘Anonymous’ is a well-known international blackhat group which has been active since 2003. Anonymous beginnings make it difficult to understand the identity even though the concept of anonymous has always existed. They believe themselves to be simply ideas without an origin.

The recent attack by Anonymous was on COX DNS servers when all the DNS servers collapsed which resulted in Colorado, Texas, New Mexico and Louisiana to have no internet access. The main reason that led to this attack was because of COX’s latest message to the consumers mentioning their “Data usage quota” stating the consumers would not be able to access the internet if they exceed their limit.

During the past couple of years, Anonymous has managed to take down some of the high profile websites on the internet by causing a distributed denial-of-service (DDoS) attack. They believe themselves to be the “internet hate machine” or “hackers on steroids”. Anonymous includes a number of members that work together to attack a country’s internet coverage like in the case of the Toronto attack. When such a huge scale attack takes place, people from within the country join the Anonymous group in order to help them in carrying out the attack usually because they share similar motives behind the attacks. These blackhat activities usually take place against a stance they disagree with. According to some members of the group, membership to Anonymous can be gained easily but only under conditions which is as short as being concealing one’s identity when carrying out the activities.

The Anonymous mostly uses the Low Orbit Ion Cannon (LOIC), an open source network stress testing and denial of service application, to achieve its DDoS attacks. Potential members of Anonymous allow their computers to be connected to a Botnet by downloading the LOIC. The AnonOps (a pathway for communication within the group) then direct the Botnet against the target while coordinating their attacks on ITC which allows the individual to become a member of the Anonymous blackhat group.

The DDoS attack acts in a similar manner as a huge surge in the amount of individuals visiting the site. The main aim is to delay the access to prove their point; it directly does no damage to the site. Similar to a protest where hundreds of people get together at a certain place which as a result slows the traffic down from that area which brings even more attention to the protestors’ motives. However, in this case instead of protests and people its the internet and computers.

In past few years, Anonymous has attacked New York Stock Exchange, the Westboro Baptist Church, the Recording Industry Association of America and government sites in Malaysia, Egypt, Tunisia and Zimbabwe. Only recently, Anonymous planned on taking down Mexico’s most feared drug dealer Zetas after posting a video on YouTube stating that Zetas had kidnapped a member of theirs and if he was not freed then they would publicize the people linked to Zetas including taxi drivers, local police officers and journalists. However, this issue was resolved soon after in favor of Anonymous.

Anonymous has received a lot of media attention internationally due to their on-going attacks on high profile websites on the internet. KTTV Fox 11 aired a story on them after they attacked a Myspace user who mentioned his account being hacked several times by Anonymous. Additionally, the English version of Al Jazeera publishes regular articles on the activities of Anonymous.

Regardless of all the controversies going on about whether Anonymous is doing the right thing or not, there are a number of people who continue supporting their actions since they share similar motives. A number of members of the Anonymous group have been caught by the police every now and then yet they remain as a strong hacking group with similar morals, motives and thoughts and they continue working in the same direction.


Copyright © Rewterz. All rights reserved.