Kaspersky Lab researchers have examined publicly available hardware and software tools for covert password interception and discovered that a hacking tool can be created for as little as $20.
In an experiment professionals used a DIY Raspberry Pi based USB-device, configured in a specific way, and carrying no malicious software. Armed with this device, they were able to covertly collect user authentication data from a corporate network at a rate of 50 password hashes per hour.
The research started with a real story: in another investigation that Kaspersky Lab experts participated in, an insider (the employee of a cleaning company) used a USB-stick to infect a workstation inside a targeted organisation with malware. Upon hearing the story, Kaspersky Lab security enthusiasts became curious about what else could be used by insiders to compromise a targeted network? And, would it be possible to compromise a network without any malware at all?
They took a Raspberry-Pi microcomputer, configured it as an Ethernet adapter, made some additional configuration changes in the OS running on the microcomputer, and installed a few publicly available tools for packet sniffing, data collection and processing. Finally, the researchers set up a server to collect intercepted data. After that, the device was connected to the targeted machine and started to automatically feed the server with stolen credential data.
The reason why this happened was that the OS on the attacked computer identified the connected Raspberry-Pi device as a wired LAN adapter, and automatically assigned it a higher priority than other available network connections and – more importantly – gave it access to data exchange in the network. The experimental network was a simulation of a segment of a real corporate network. As a result, researchers were able to collect authentication data sent by the attacked PC and its applications, as they tried to authenticate domain and remote servers. In addition, researchers were also able to collect this data from other computers in the network segment.
Moreover, as the specifics of the attack allowed for intercepted data to be sent through the network in real time, the longer the device was connected to the PC, the more data it was able to collect and transfer to a remote server. After just half an hour of the experiment researchers were able to collect nearly 30 password hashes, transferred through the attacked network, so it is easy to imagine how much data could be collected in just one day. In the worst-case scenario, the domain administrator’s authentication data could also be intercepted should they log into their account while the device is plugged-in into one of the PCs inside the domain.
The potential attack surface for this method of data interception is big: the experiment was successfully reproduced on both locked and unlocked computers running on Windows and Mac OS. However, researchers were not able to reproduce the attack on Linux based devices.
“There are two major things that we are worried about as a result of this experiment: firstly – the fact that we didn’t really have to develop the software – we used tools freely available on the Internet. Secondly – we are worried about how easy it was to prepare the proof of concept for our hacking device. This means that potentially anyone, who is familiar with the Internet and has basic programming skills, could reproduce this experiment. And it is easy to predict what could happen if this was done with malicious intent. The latter is the main reason why we decided to draw public attention to this problem. Users and corporate administrators should be prepared for this type of attack”, said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.
Although the attack allows for the interception of password hashes (a cipher-alphabetic interpretation of a plaintext password after it has been processed by a specific obfuscation algorithm), the hashes could be deciphered into passwords, since the algorithms are known or used in pass-the-hash attacks.
In order to protect your computer or network from attacks with help of similar DIY devices, Kaspersky Lab security experts recommend the following advice:
For regular users:
- On returning to your computer, check if there are any extra USB devices sticking out of your ports.
- Avoid accepting flash drives from untrusted sources. This drive could in fact be a password interceptor.
- Make a habit of ending sessions on sites that require authentication. Usually, this means clicking on a “log out” button.
- Change passwords regularly – both on your PC and the websites you use frequently. Remember that not all of your favourite websites will use mechanisms to protect against cookie data substitution. You can use specialised password management software for the easy management of strong and secure passwords, such as the free Kaspersky Password Manager.
- Enable two-factor authentication, for example, by requesting login confirmation or use of a hardware token.
- Install and regularly update a security solution from a proven and trusted vendor.
For system administrators
- If the network topology allows it, we suggest using solely Kerberos protocol for authenticating domain users.
- Restrict privileged domain users from logging into the legacy systems, especially domain administrators.
- Domain user passwords should be changed regularly. If, for whatever reason, the organisation’s policy does not involve regular password changes, be sure to change this policy.
- All of the computers within a corporate network have to be protected with security solutions and regular updates should be ensured.
- In order to prevent the connection of unauthorised USB devices, a Device Control feature, such as that available in the Kaspersky Endpoint Security for Business suite, can be useful.
- If you own the web resource, we recommend activating the HSTS (HTTP strict transport security) which prevents switching from HTTPS to HTTP protocol and spoofing the credentials from a stolen cookie.
- If possible, disable the listening mode and activate the Client (AP) isolation setting in Wi-Fi routers and switches, disabling them from listening to other workstation traffic.
- Activate the DHCP Snooping setting to protect corporate network users from capturing their DHCP requests by fake DHCP servers.
Besides intercepting the authentication data from a corporate network the experimental device can be used for collecting cookies from browsers on the attacked machines.
Cisco unveils ‘Internet for the future’ silicon breakthrough
Cisco One is a new silicon architecture that can be used in any form factor, while Cisco 8000 will reduce cost of building and operating mass scale networks
Cisco today unveiled a series of innovations it says will underpin “the Internet for the Future”. It launched Cisco Silicon One, a new networking silicon architecture, and the Cisco 8000 Series, the world’s most powerful carrier class routers built on the new silicon.
Chuck Robbins, chairman and CEO of Cisco, said its technology strategy was to build a new internet designed to push digital innovation beyond the performance, economic and power consumption limitations of current infrastructure. It would be a multi-year approach that will define the Internet for decades to come.
“Innovation requires focused investment, the right team and a culture that values imagination,” said Robbins. “We are dedicated to transforming the industry to build a new internet for the 5G era. Our latest solutions in silicon, optics and software represent the continued innovation we’re driving that helps our customers stay ahead of the curve and create new, ground-breaking experiences for their customers and end users for decades to come.”
Cisco said in its announcement: “Over the next decade, digital experiences will be created with advanced technologies — virtual and augmented reality, 16K streaming, AI, 5G, 10G, quantum computing, adaptive and predictive cybersecurity, intelligent IOT, and others not yet invented. These future generations of applications will drive complexity beyond the capabilities current internet infrastructure can viably support.
“For the past five years, Cisco has driven a technology strategy that is building the internet our customers will need for the future success of their business in an advanced digital world. Aimed at solving the toughest problems that will emerge as digital transformation taxes current infrastructure to its breaking point, this strategy will lead to the next-generation of internet infrastructure that combines Cisco’s new silicon architecture with its next-generation of optics.
“Cisco’s strategy will change the economics behind how the internet will be built to support the demands of future, digital applications and will enable customers to operate their businesses with simpler, more cost-effective networks.”
Cisco says its strategy is based on development and investments in three key technology areas: silicon, optics and software.
David Goeckeler, executive vice president and general manager of the Networking and Security Business at Cisco, elaborated: “Pushing the boundaries of innovation to the next level — far beyond what we experience today — is critical for the future and we believe silicon, optics and software are the technology levers that will deliver this outcome.
“Cisco’s technology strategy is not about the next-generation of a single product area. We have spent the past several years investing in whole categories of independent technologies that we believe will converge in the future — and ultimately will allow us to solve the hardest problems on the verge of eroding the advancement of digital innovation. This strategy is delivering the most ambitious development project the company has ever achieved.”
Visit the next page to read about the dramatic performance improvements in the new products.
Building the Internet for the Future begins now
By JONATHAN DAVIDSON, SVP and general manager of Cisco’s Service Provider Business
“We do not remember days; we remember moments.” Those words from Cesare Pavese have been one of my personal favorites. Interestingly, we remember thesesignificant, or “flashbulb” moments in our lives in vivid detail. We rememberexactly where we were, whom we were with, what we felt, or even what we werewearing. One of my flashbulb moments was 20 years ago in 1999 when Brandi Chastain made the winning penalty shot during the Women’s World Cup inspectacular fashion. At the time, I was coaching my oldest daughter’s soccer team.That victory felt like the start of something big. It had this wonderful feeling thatwomen’s soccer was going to change for the next generation.
I believe we are having one of those “flashbulb” moments right now in the networking industry. Years from now, we will look back and remember this moment in time. Because today, Cisco revealed breakthrough innovations sosignificant and expansive, they will change the economics of the Internet forthe next generation.
Significant technological innovations have defined human history. The steamengine replaced muscle with machinery. With the telegraph, communications exceeded the speed of animals. And, with the Internet, information wasdigitized, and global communities were created.
IP infrastructure connects our world. The Internet has profoundly changed the waywe work, live, play, and learn – anything, anywhere, anytime. The results are astounding. Our ability to connect and collaborate has caused society to evolve faster than ever before. We have made more progress in mitigating wars, preventing famine, and curing disease in the last 35 years than in the previous35,000.
Today is the moment when we enter a new phase of the Internet. Technologiessuch as 5G, IoT, 3D printing, and advanced analytics are connecting more, increasing participation, and pushing digitization further. And as a result, industries like mining becomes safer, agriculture becomes more efficient, transportation becomes autonomous, and healthcare becomes wellness-driven, not crises-driven. The possibilities are endless. And service providers will be the catalysts for changing economies, countries, and the world because at the very heart of this next transformation is the network infrastructure that makes it all possible.
The route to success for service providers is not straightforward or simple. There are fundamental business challenges. Networks, which are already huge, must become even more massive. And to succeed, service providers need to transform not only their infrastructure but their operations and their business models as well.
Our current network economics will begin to break as we evolve to operate at massive scale. The physics behind our past achievements are already showing signs of slowing down, while traffic growth continues to accelerate. So far, performance increases have helped to reduce the cost of traffic at about the same rate that traffic has increased. $1 in CapEx today does eleven times the work that it did just a few years ago. However, continuing with the status quo will likely lead to a significant increase in CapEx unless we reinvent the rules.
The cost of operations must be reduced too. Today, many operators spend almost $5 in OpEx for each $1 of CapEx. With current network management technology, that situation is likely to get worse, as the larger a network becomes, the more inefficient it is to operate unless we reinvent the rules.
With innovation from a technology pioneer that spans multiple dimensions across silicon, optics, software, and systems to create entirely new network architectures, this is that “flashbulb moment” when Cisco is redefining the economics of the Internet.
Redefining the economics of the Internet has to begin at the foundation. The very “DNA” of the Internet itself. The engine to a car. Silicon.
Moore’s law is stalling. While the rest of the industry slows down from the physics of traditional approaches, we have unlocked new dimensions of innovation. By rethinking silicon design entirely, we can deliver industry-leading performance today and create a “fast lane” to the future. We are excited to introduce our groundbreaking programmable silicon architecture, Cisco Silicon One. The first member of this new family, Cisco Silicon One Q100, delivers over twice the network capacity and twice the power efficiency over any other silicon. It is the first routing silicon to break through the 10Tbps barrier without compromising carrier-class capabilities (e.g., feature richness, large buffers, advanced programmability). And Cisco Silicon One is available right now; we won’t make you wait for it.
The innovations in Cisco Silicon One bring significant value to lowering operational costs as well. In the past, multiple types of silicon have been used across a network and even within a single device. Feature development was inconsistent. Telemetry varied dramatically.
Operators had to spend too much time and effort coordinating and testing parity of new features across the network. Now, a single silicon architecture can serve different market segments, different functions, and various form factors for a unified experience that dramatically reduces costs of operations and time-to-value for new services.
Optic costs matter. At lower interface speeds, optics were roughly 10% of the total solution cost, and systems accounted for the remaining 90%. At 400G and beyond, that equation flips. Optics become the dominant part of the total spend.This dynamic needs to change, a long-term strategy is required to make it easier to deploy both short-reach and long-haul optics solutions.
Cisco is investing in technologies like silicon photonics to accelerate the adoption of 400G and prepare for the future beyond 400G. Our recent acquisition of Luxtera brings a highly automated wafer-scale manufacturing process to Cisco that improves production volumes and quality.
If silicon is the engine of a car, the software is the steering and suspension to enable phenomenal handling. Even the world’s most advanced silicon can be wasted without the right software to steer correctly and operate smoothly. Imagine the ride at 400 km/h without proper steering and suspension. Any unfortunate bump or turn could be disastrous.
To redefine the economics of operating a network, the Internet of the future needs software that recognizes operations is just as important as functionality. Cisco IOSXR7, the new release of our industry-leading Networking Operating System (NOS), has been overhauled to prioritize operations – with simplicity and automation. It has been simplified to reduce required resources, install procedures, and deployment efforts (e.g. zero-touch).
Most notably, XR7 has been completely modernized. XR7 is the first-of-its-kindcloud-enhanced NOS. XR7 can leverage new cloud-delivered SaaS deployment models from Cisco Crosswork Cloud to enhance operations. Now, operations team scan optionally consume insights and analytics as a service for agile, proactive management without the risks and resources of traditional models.
Now, we get to the “car” itself. With new silicon and new software, we can build new systems that have the performance, efficiency, and operational improvements to meet the next wave of traffic demand. Today, we introduce theCisco 8000 series routers, new systems optimized for high-density 100GbE and400GbE, including:
- 2 fixed platforms – providing 10.8Tb/s of network bandwidth starting at I RU
- 3 modular form-factor platforms – 8 slots, 12 slots and 18 slots delivering upto 115 Tbps, 172 Tbps and 260 Tbps respectively
These are systems designed without compromise and with a very bright future.No oversubscription. Full fabric redundancy. Power efficiency down to as little as4 Watts/Gb. That is 1/4 to 1/5th the amount of power that our nearest competitor uses. And a “clean sheet” design allows us to grow into 1.6 TbE interfaces and beyond.
Wait, there’s more. The most distinctive characteristic of the Cisco 8000 relates to trustworthiness. Networks are critical infrastructure as they connect industries,finance, utilities, and governments and service providers must maintain the integrity of their infrastructure. The chain of trustworthiness begins by knowing whether or not the hardware and software are authentic. The Cisco 8000 Series are equipped with tamper-proof hardware that serves as the root of trust to prevent any modification of the hardware or software. Next, the NOS, XR7, works with Cisco Crosswork Cloud to provide real-time visibility and control to deliver the trustworthy networks that the Internet requires.
To grow to the size and capabilities that the next generation will demand, the Internet requires fundamental changes. We reinvented from the ground up, the DNA, the performance curve, operations, trust, and even the rules. We reinvented what Cisco does best.
And these reinventions will allow us to build the future on new architectures –converged, cloud-enhanced, and trustworthy. We that work in the networking industry will hopefully remember this moment years from now. I hope it is just as vivid a memory as Brandi Chastain’s winning goal 20 years ago.