2014 starts out with a bang, the NSA spying catalog is leaked, back doors are running wild, and thieves use a simple USB drive to steal thousands of dollars.

Then it’s a great big batch your questions, and our answers!

Thanks to:

— Show Notes: —

NSA Spy tool catalogue

• Der Spiegel displays the NSA’s 50 page catalogue of spy tools and “Tailored Access Operations”
• Many of the digital weapons are \”remotely installable\”
• While others require physical access to the device, called an \”interdiction\”
• The malware is installed into the hardware, usually intercepted sometime between leaving the manufacturer and arriving at the customer
• The malware is often persistent, meaning it will survive upgrades, and sometimes even reflashing the BIOS or firmware
• Some of the implants were new hardware, they provided the NSA with RF communications with the target system, allowing them to control or reinfect the system, or exfiltrate data
• The attack against Dell servers, known as ARKSTREAM reflashed the BIOS from a USB stick (so as not to require the attacker to have any technical skills) to implant the infection
• The NSA has nearly complete backdoor access to Apple\’s iPhone
• EFF: Everything we know about the NSA Spying
• One case involved Julian Assange\’s current home at the Ecuadorian Embassy in London, where visitors were surprised to receive welcome messages from a Ugandan telephone company. It turned out the messages were coming from a foreign base station device installed on the roof, masquerading as a cell tower for surveillance purposes
• The program also targeted hard drive manufacturers: Western Digital, Seagate, Maxtor and Samsung
• Responses:
• Dell
• Juniper
• Cisco

Thieves use USB sticks to compromise ATMs

• The attackers physically cut holes in the ATM to be able to access the USB port, then once they had infected the machines with their own code, they patched the holes to avoid discovery
• Once infected, the thieves just had to approach the ATM and enter a 12 digit code to get access
• “Analysis of software installed onto four of the affected machines demonstrated that it displayed the amount of money available in each denomination of note and presented a series of menu options on the ATM\’s screen to release each kind”
• The mastermind behind the attack designed it such that it required two-factor authentication, to ensure that the mules with the USB sticks could not ‘go rogue’
• The researchers added the organisers displayed \”profound knowledge of the target ATMs\” and had gone to great lengths to make their malware code hard to analyse.
• However, they added that the approach did not extend to the software\’s filenames – the key one was called hack.bat.

• FreeNAS Mini from iXsystems

Canadian Federal Departments consider banning USB devices

• After a number of incidents where USB sticks have been lost or stolen, the Canadian government is considering banning USB devices
• A week-long investigations led security officials to conclude it was “impossible to assess [the] compromise” related to the loss of the device
• Nor was it clear who was telling the truth about the number of hands the one small device passed through: Employees pointed fingers at each other, with none knowing where the USB key ended up
• Another USB key that was neither password protected nor encrypted was found on a downtown Ottawa sidewalk by a Good Samaritan. It contained protected information — albeit out-of-date details — of a federal project
• File servers are behind firewalls, support auditing and stronger access control, and are a better solution
• However, since any unsophisticated user can easily use a USB stick, they tend to get used to circumvent IT policy

Feedback:

• ZFS on Root
• ZFS Tuning
• Tuning ZFS on FreeBSD – Martin Matuska, EuroBSDcon 2012
• FreeNAS questions
  • FreeBSD 2012 Security Incident
• Could Allan share his router config?
• Password sharing methods for enterprise
  • FUDO contractor security and auditing appliance

Round Up:

• Backdoor found in Linksys, Netgear Routers
• Proof of concept exploit against Dual_EC_DRBG
• Target confirms encrypted PIN data stolen
• Man fights ISPs affiliate foulplay and wins
• The NSA\’s elite hackers can hijack your Wi-Fi from 8 miles away
• Attackers calling themselves ‘DERP’ take down multiple online gaming servers
• 30th Chaos Communication Congress [30c3] Videos Available on Youtube
• Breeze card hackers arrested and charged with racketeering
• Coca-Cola gets allocated 16 million MAC addresses
• Wired – We’re about to lose Net Neutrality
• Snapchat Account Leak Raises Questions About It and Other Mobile Apps
• Skype blog and social media accounts hacked by Syrian Electronic Army
• FireEye buys Mandiant for over $1 billion