What an Insecure World

This case study increased the scope of security up to a national level, with us considering how to attack and how to defend Australia. The general consensus is that Australia is extremely screwed were we to be dragged to any conflict with any serious cyber power.

For the first half we had to consider the vulnerabilities and targets a foreign nation would aim for. These include:

Economical Targets

IP Theft

Research data

Designs/Prototypes

Industry equipment

Disable or damage

Especially insidious if subtle flaw introduced

Employees/Staff

Spoofing Financial Data

Damage economy

Infrastructural Targets

Electricity Grid

Power outages

Disable hardware

Malware

Water Systems

Induced droughts

Malware

Transport Systems

Train, bus, plane timetables

Internet

Misinformation

Sever submarine cables

Limited satellite connection

Military Targets

Missile systems

Communications

In particular, misinformation as well as infrastructural targets could weaken a country’s resolve to continue waging war. Misinformation can lead to infighting and inflame tensions in the country (immigrants, ethnic minorities, social classes) to weaken the country internally while infrastructure targets reduce the quality of life for the people of Australia which once again turns the public view internally rather than external.

It is important to note that Australia’s infrastructure is especially vulnerable due to our geographical isolation and lack of redundancies. Our reserves last only weeks, the internet to the rest of the world is connected by only two or three submarine cables and many of our infrastructure was not designed with the internet in mind. Without sufficient resources to operate when isolated, a naval power could easily blockade and starve Australia out quickly.

The second half of the tutorial was based on figuring out how to defend Australia against these threats. Some simple but useful strategies include adding redundancies to our available infrastructure by creating more, adding air gaps to our infrastructure such as the electrical grid to prevent remote attacks and stronger authentication for access to companies such as 2FA and enforcing a principle of least knowledge. Government agencies can also actively pen test vital companies to ensure their security standards are high. Decentralisation of our critical infrastructure such as the electrical grid would ensure if it was attacked the damage would be limited to a smaller area. Additionally early education on a security mindset would help accustom the population to be more cautious and capable of detecting certain vulnerabilities within their own actions.

The question proposed for this case study was to provide a list of recommendations in the wake of the Germanwings incident to propose changes in the industry government in order to prevent such an incident in the future. The incident was a low probability, high impact event. In general people would avoid purposefully crashing a plane, and even when such incidents happened they were mostly a result of a non-crew member. In addition there was a co-pilot which could correct any issue in the cockpit that a pilot caused. However in this instance the co-pilot was locked out and the pilot was suicidal, leading to the loss of life of everyone on board. Despite the rarity of the event the loss of life made its impact significant enough to be considered a risk and planned against.

I was able to suggest a few ideas to my team, in particular the use of biometric overrides to access the cockpit that had priority over the lockout controls in the cockpit. This was intended to prevent either the pilot or co-pilot from locking the other out of the cockpit as in normal situations both should always have access and in cases where one is rogue then the other can enter and allow access to others to help take control of the situation. However there is a flaw in this recommendation in that the biometric system could be vulnerable through the database which is used to determine whose biometrics are allowed and in cases where a captain is held hostage. These risks can be minimised by checks on the system to ensure that the captains have access to the overrides at every maintenance and the hostage situation can be avoided through another of the group’s recommendation, that the cockpit be expanded to remove the need for pilots to leave the cockpit.

Another suggestion was the addition of more pilots on planes. Despite having more pilots increasing the chance of a pilot becoming rogue, the increased number of pilots would mean there would be more people available to intervene with the actions of any one pilot. This is similar to a Hamming code in which errors can be detected and corrected provided there is a large enough code to detect the error. Instead of codes there are people and correction can come in the form of restraining. While this would drastically increase the costs for the airplane companies, given the assumption that unlimited support was behind my recommendations this could be possible.

Of the suggestions provided by the class, I found one to be particularly interesting. The introduction of psychological examinations of pilots could possibly detect these kind of issues at a relatively low cost but they introduce a set of problems related to self-interest. If the pilots were to self-report, then they would risk losing income and thus there would be no incentive for them to do so outside of moral ones. Even if they were company based examinations there would be the issue of faking or bribing the examinations.

Despite the proposal stating that I was to make several dev blogs, the little amount of work, repeated breaks and time constraint in the end meant that I did not have time to write anything meaningful. This is the result of about 3-4 weeks of progress. GitHub link: https://github.com/Moop204/identity-manager Initial Start

Decided to start off making a Mozilla Firefox extension with WebExtensions API as it claims to offer easier portability between browsers and has significant documentation. Following the tutorials really opened up my eyes in terms of how easy it was to write an extension. It also reminded me of my intense hatred for javascript.

Going through the examples, the Menu demo seemed the most useful in making the skeleton. From there I decided to use the sidebar to hold most of the content so that more information would be easily accessible to the user. I also drew up a quick diagram of what I imagined the finished product would look like. [shifty skeleton menu]

[goal]

Bad Mistakes

After this point several assignments arrived which led to a pause in productivity. There was also several restarts of the project. The first was a move to using a React wrapper to avoid working with raw Javascript. This had to be reverted as the create-react-webextension was woefully outdated and not documented enough. After searching for related features of WebExtension, I found the Firefox Multi-Account Containers extension which seemed to achieve a lot of what I wanted to do. In particular it provided separation between tabs, associating each tab with a ‘container’ that held separate cookies.  As time was tight and it did not completely do everything I initially aimed for, I decided to extend it rather than develop an extension from scratch.

Pivoting

At this point the features expected to be implemented were the tracking ‘details’ for every identity. This was to be a key-value pair that could be compared across identities and notify users of similar information being used on different identities. This vastly reduced the scope into a manageable size with clear and simple goals.

Final Result

None of the technical implementations were completed. What was complete can be considered trivial. This was due to a heavy mismanagement of time. In terms of planning, too much time was spent researching on not very important details. In practice, work was not distributed throughout the several weeks where I had time to work on it. It led to most of the difficult and time consuming work to be left to be completed at the same time as mid semester exams and assignments.

An example of an interesting fake is the doctored video of U.S. House Speaker Nancy Pelosi’s speech which makes her appear drunk. Its notable because of its effectiveness despite its simplicity. The original video was slowed down by around 75% and the pitch was increased to match the speaking voice of Pelosi. Both of these methods are easily done with pretty much any video and audio editing tool. Its effectiveness can be seen by one instance of the video which has been seen by at least 2 million people.   This fake could be detected by finding the original video. I find that it is good practice to research deeper into controversial news or any information that damages a person’s reputation. Often the headlines are misleading or outright false and a simple google search is enough to dispel or contextualise news. In this instance it could have been detected by noting that it is unusual for a politician to hold a speech drunk, leading to a search for a video of the speech from another source. Sources

CNBC Article because Washington Post is Paywalled Guardian Article

Electronic Code Book (ECB) Useless for cryptography. Parallelisable. Notable characteristics: - Repetitions exist - Modifying a bit doesn’t propagate, changes only within block

Cipher Block Chaining (CBC) Expensive process, unable to encode parallel as it each block relies on the block before. Notable characteristics: - No repetitions - Avalanches

Counter Mode (CTR) Uses counter to prevent repetitions, shifting results. Better than ECB but more practical than CBC as it can be encoded in parallel. Notable characteristics - Not repetitions - Modifying a bit doesn’t propagate, only within block

Confusion Removes any clues from ciphertext. Complicates relation between ciphertext and encryption key. Obtained via the use of substitution. Used in both stream and block ciphers. Increases vagueness.

Diffusion Obscures a plaintext. Complicates relationship between plaintext and ciphertext. Obtained via the use of transposition. Used only in block ciphers. Increases redundancy.

Avalanche Effect Small changes in input cause large changes in output. Strictly whenever a single input bit is complemented each output bit changes with a 50% probability.

S Boxes (Substitution Boxes) Takes input of m bits and transforms them into n bits. Usually done using a fixed table or generated from a key. In SP box m = n so it is reversible. ‘Good’ when one bit of change in input changes half of the output bits. 

P Boxes (Permutation Boxes) Bit shuffling to permute/transpose bits across S box inputs. Used with S boxes to make relation between plain and cipher text difficult. Classified with compression, expansion and straight based on output bits compared to input bits with straight being the only one that is invertible.

SP-Network Input is run through several rounds of S boxes and P boxes with a subkey XOR’d at the end of each round. Used in AES. 

Block Ciphers Takes in block of bits and key, outputs ciphertext. Function must be a permutation (reversible) and must be efficiently computable. Maps to possible encryptions have 2^n possible states with n bit inputs. Keys are the choice of permutation. Smaller block size -> Becomes similar to substitution, analysis on characteristics feasible Larger block size -> Large key, performance slows drastically

Stream Ciphers Encrypts data streams one bit/byte at a time. Key used as input to bit-stream generator. Both sides use the same key in order to generate the same cryptographic bit stream which is used for encoding/decoding (XOR). Key can be of the same size as the message (one-time-pad). For practical purposes a smaller key is used to generate the bit stream.

Feistal Networks Used to construct block ciphers. Type of block cipher design. Process 1. Split plaintext into two halves 2. On each round compute right with key as left with key as ...

Uses subkeys for each round. Security of design based on round function.

Useful Links

The simulated social engineering activity was very enjoyable and interesting. While it had a much lower standard than a real person would have it definitely showed some techniques used in social engineering.

This activity focused on two parts of the social engineering process, the investigation and the hook. Investigation was achieved through the Puppy Love website and Sarah’s Instagram (facebook page was down at the time). From there it was possible to obtain their emails as well as details about their love for dogs and in Sarah’s case that she was a recent mother. This meant that the main target for this attack is Sarah and David and using their love of dogs could be a useful attack vector. The hook was achieved with a sense of urgency. My first message was to David, acting as part of Facebook, I inquired about their Facebook account by claiming that there was ‘unusual activity’, providing them with bogus credentials and asking them to correct me if they were incorrect. This was an attempt at inciting anxiety and urgency to get them to overlook the usual suspicions. This failed due to a lack of formality and not using the recipient’s name within the email. By making it appear to be customised specifically for the recipient, I was able to invoke a proper response however it turns out David was not the correct target. However he directed me towards Sarah and by giving the same email I was able to locate the flag.

For the second activity I had to take a different approach. This one preyed on their love of dogs and charity as I asked to purchase a dog but required $1200 for travel expenses for me and the dog. Initially this failed as there was no urgency in the request. That was resolved by adding a birthday gift story to create a small time frame and prompt a fast response.

SecSoc CTF T2 

Its me in red!

For my first CTF event I was able to learn a lot of useful tools and approaches but was unable to complete any of the challenges. Discussing how team members were able to solve some challenges have helped me develop a better eye for detecting vulnerabilities in real software.

I arrived late to the event so some challenges were already being attempted by my teammates when I arrived. While I did not complete any challenges I was able to come close to some:

Rotation

Given what appeared to be a cryptogram, I started to look for short words. There was only a single single-character word and that same character appeared in the middle of repeating three letter words, suggesting that it was ‘A’ as opposed to ‘I’. There were no two letter words. Seeing no clear steps I attempted to format and count the letters through vim, first by normalising all characters to lowercase with a regex select and replace, then searching for the number of occurrences of each character with ‘%s/h//ng‘. Attempting to fill the three letter words with ‘THE’ did not match the letter frequencies. It took a while but I finally realised that the name of the challenge was an obvious hint and I tried to do a Ceaser cipher based on the T->A match. During the messy regexing I made a mistake and by the time I was able to work on it again another team member had already completed the challenge.

From this experience it is clear that I should have written a short script to parse the file rather than modifying it within the editor. Manually editing produced human errors and was extremely frustrating as I overwrote the original file and was unable to reverse. It would also save a lot of time.

K17 Coin

The limited inputs made this challenge easier to follow. I worked on this challenge with another member of my team. We looked at the website and were attempting to get some extra points before the CTF ended. It was a quick find but it took a few tries and being rushed I missed the solution from mixing up the two forms. The first attempt was with buying a negative amount of items (not reading properly) but there was no such option and from a failure to purchase the item I believed that the approach was incorrect.

This showed how important it is to thoroughly go through all possible solutions rather than rush through them to avoid missing a correct solution.

Welcome

Movie Review - Wargames

Movie Review - Dr Strangelove

What a movie. Its hard to figure out what to analyse in this movie. Best I can do is the protocol used by the bombers to determine what to do.

In the film, the U.S. bombers were signaled by a base to initiate plan ‘R’. The coded signal was sent by radio, decoded on the plane through a codebook. Once intiialised they locked themselves out of any outside communication by switching circuits to a specialised receiver that would only accept specifically coded messages to prevent false messages. This protocol was concerned mainly with confidentiality and authenticity, that the message is not known to the enemy and that it is known to be from the correct source. Integrity is not a high concern as the film shows the radio operator requesting confirmation which maintains enough integrity for the protocol to work. Confidentiality was achieved despite broadcasting on radio through coded messages. Even if the russians had received the radio broadcast they would not have understood it without the codebook, assuming that the code is sufficiently randomised. However due to the need of a codebook and what I assume is the same transmission to multiple bombers there is a vulnerability in that the loss of a single codebook would lead to the compromise of all the messages to every bomber. This could be mitigated by providing every bomber with their own unique code however that would increase transmission time and physical overhead as the base would be required to keep track of every codebook for every plane and encode the message with each one rather than encoding once. Authentication was achieved through the radio lock-out and the 3 letter code. The hardware radio lock-out meant that once the plan was initiated, even if the codebook was compromised, there was no way of contacting the plane without knowing the code which would only be known by the issuer of the plan. This works based on the assumption that the issuer would not reveal the code to anyone else. The objective of that is to prevent inauthentic messages from being sent to the planes. However the film shows that because of the emphasis on authentication the protocol is vulnerable to Type 1 errors.

Movie Review - The Smartest Guys in the Room

This movie covers another human weakness, corruption. Corruption occurs everywhere in the world and in every sector. You can see it on the news nearly daily but to see it as it unfold is a rare experience that is this film provides.

Enron was an American energy company which became known for its constantly increasing profits and reputation for having incredibly smart personnel. This myth was able to grow due to the many shady dealings within the company, the desire of others to believe in the myth itself and the corruption of others that worked with Enron despite knowledge of their shady work.

The film suggests that the corruption you see from Enron was a mixture of the greed for money, the pressure to maintain their pride and profits and the culture that promoted it all.

While monetary greed is easily understandable, the pressure to continue on with their illegal dealings in order to maintain their image is particularly interesting. The competitive culture led to unethical practices being made commonplace. Many of the employees were proud to be working in the company due to its reputation but for them to obtain the profits that the company was making they had to partake in unethical practices. The need to constantly grow profits and the success of the company despite their risks had many become corrupted and fail to reflect on their actions.

Movie Review - The Sting

Movie Review - 12 Angry Men

One of the most memorable movies I’ve seen. Despite its black and white look 12 Angry Men captivates you with one of the most timeless human weaknesses, the inability to change your mind.

The premise of the film is that a jury of twelve men are deciding the fate of an accused murderer. Out of the twelve men only one is opposed to convicting the murderer which leads him to attempt to convince the others.

In early parts of the film you can see how many of the jurors were pressured by the overwhelming majority to vote for the conviction. As the movie went on, it became clear that each character’s bias affected how easily it was for them to change their minds. Many of the characters who were able to empathise  were the first to change their minds while those that held strong and deeply rooted beliefs were the last to change. For example the old man who empathised with a witness was able to open his mind up to other possibilities while the last juror who had a very personal bias was unable to change his mind despite being exposed to new information and continued to assert his righteousness until the very end. From the film you can see many factors that affect the mindset of a person:

Should mass surveillance or individual privacy prevail? That was the main question in the tutorial with me being on the side of being pro surveillance. Due to the glaring privacy issues initial points were focused on pushing them aside and, from the perspective of the government, forcing them onto the citizens with justifications of security and illegal activity. For example there was an argument that currently people already give out large amount of information to companies whether willingly or otherwise so why not give that information to the government which can make better use of that information and have a more direct impact on citizens. Upon considering the alternative uses of mass surveillance outside of authoritarian and security uses we realised there are more positive uses for all the information that could possibly be created. These centered around increasing efficiencies by using all the newly available information, for example recording transport usage in real time to optimise future constructions and train timetables or identifying people with health issues to provide an early response.

The opposing side proposed that the technology is flawed, with a very high error rate which could mean either false positive errors leading to arrests or false negatives which would mean the technology was useless. In addition there are large maintenance costs with storing large databases of identifying information as well as the difficulty in storing such data securely. It was also mentioned that many of the data stored, such as biometric, cannot be changed and if the data was ever obtained by a third party then all citizens would be affected for the rest of their life.

Identity Manager Scope and Features

Most of the threats and issues mentioned in previous blog posts already have software that minimises or eliminates them or are outside the scope of this project.

ISP Logs – Outside the scope as it is collected by the gatekeepers of the internet and you have no access to them. Despite that the information provided by them can be minimised through the use of VPN to show a connection from you to the VPN rather than you to the website you intend to visit.

Cookies – Solutions exist for managing cookies including PrivacyBadger which determines which cookies are detrimental to your online experience and allows you to fine tune the cookies allowed. However the program may be able to manage the cookies in such a way that they are separate between identities.

Browser Fingerprinting – Solutions exist with the TOR browser that uses set window sizes to group together users and make it harder to identify individuals through browser fingerprinting.

IP Addresses – Solutions exist with the usage of VPNs, it is much harder to determine who requested what.  

HTTP/HTTPS – Solutions exists with the web extension HTTPS Everywhere which forces HTTPS on websites when you access them.

The program’s scope is usage within a web browser, with a focus on habits and the usage of social media. This aims to assist in the compartmentalisation of an online identity to allow a single person to have access to multiple identities without contamination .

This is hopefully achieved through the following features that deal with specific issues:

Account Management – Automates the logging on and signing off of accounts based on which online identity is in use. Removes the threat of contamination by which a person uses the wrong account to post which may allow others the link the two identities. An example from the 2019 Australian State Election can be seen above.

Enforced Separation – Compares given information across accounts and flags common details. Minimises cross contamination of identities such as in the case of Ross Ulbricht who used his gmail account to create accounts on public forums and lead to the authorities to further evidence to build their case against him.  

Content Warning – Identifying information, such as location and images, are highlighted and the user is reminded to check before they submit such information. This gets users to consider the impact of releasing that information to others which was not the case with Donald Trump’s visit to Iraq late last year where a video was released with the uncovered faces of special forces members.

While these features are most likely outside what is possible to complete within three weeks, they can be considered for future improvements.

Sync Accounts – Given a social media account, convert all the publicly available information into details about the account. Automates the collection of data so that no detail is missed.

Activity Tracking – Recording and visualising the activity of the user online. The amount of work required for this feature is high compared to its relevancy to the aim of the program.  

Sources:

Online Identity

Maintaining a truly anonymous presence online is difficult if you wish to interact with others. In addition to your software and hardware giving away information, the actions you do online also freely provide identifying information. As a result you end up taking on a identity regardless of what you do, however the extent to which that identity can be traced back to the real life you is the key issue.

Below are some components of an online identity. These are the more concrete aspects of an online identity and may be how your real identity may be exposed online.

Email

Used for communication directed at you. Often requires identifying information to set up such as phone numbers. Best made with an email service that asks for easily falsifiable information.

Due to the use of emails almost everywhere, emails should be disposable if they become compromised such as through leaked databases.

Credentials / Accounts

Grants access to your accounts online. Most of the time these accounts will form your identity online. Ensuring they are secure and only you have access is vital to securing your identity.

I.P. Address

Location of your device on the internet. Everything you interact with online has relatively easy access to your IP. It allows for the identification of your local area unless precautions are taken.

Personal Information

Anything that describes you as an individual. This information can be revealed directly, say by providing your location in a form, or indirectly through other actions such as being active at certain times of the day. This can extend out to include any expression of opinions and experiences as they build up a persona.

However in addition to these, online identities also build up a  reputation. The more involved an identity is involved in a community the stronger the reputation that they make for themselves. This allows them to exert influence upon others and obtain trust in an environment where anonymity still holds.  

Sources

https://matomo.org/wp-content/uploads/2012/01/How-to-remain-anonymous-online.pdf