Monday, 22 October 2007

Hacker High School Movies

Facts behind screen hacks
http://news.bbc.co.uk/2/hi/programmes/click_online/7029540.stm

We see a lot of impressive hacking in the movies, not just taking over individual PCs but whole traffic systems and top security databases.

Waterloo Station formed the back drop for The Bourne Ultimatum, one of the biggest movies of the year, in which Americans take over all of the CCTV cameras. But just how realistic is that scenario and worse, what about a hostile takeover?

According to Sarb Sembhi, IT systems analyst at ISACA, local authorities and the police use network TV because they can take advantage of the technology that allows them to view cameras on any system.

"Unfortunately not only does it enable them to view any camera on their system from anywhere, it also means that other people who shouldn't have access to the system may end up having access to the system.

"Anyone can do this if they know what they're doing," he said. "It may not be friendly governments, it could be any government anywhere, it could be criminals, it could be terrorists, they can use the system for their own advantage."

Paul Docherty of Portcullis Security is paid by governments and blue-chip companies to hack into their systems. He has been doing it for 20 years and believes hijacking Waterloo's cameras would be a difficult feat

"The Waterloo scenario is a wired system, whereby they're wired back to a central control station. You would need access to the control station in order to gain access to the data.

"In a wireless network the camera has to broadcast whatever it's picking up across a wide area in order for it to be picked up by another system and then relayed to whoever is looking at the data. In those instances anyone can sit nearby and intercept the data.

"Potentially they could inject [data] packets in that so they could control the camera and point it in the direction they wanted it to go."

'Drastic attacks'

What about our critical infrastructure. Could undercover hackers take down a power plant or bring transport to a standstill?

An Associated Press report was posted on the internet last month showing an internal test by Homeland Security in the US to see if hackers could tap into the power network and shut down a turbine. The test succeeded.

"If you know something about SCADA technologies you can introduce yourself inside the network of power plants, nuclear plants, pipelines, hospitals, traffic lights in the city, airports and so on," said security evangelist Alessio Pennasilico. "Once you are inside the network you can do whatever you want."

SCADA is an older system that is still very common today. It allows you to acquire data from multiple systems.

Mr Docherty said: "In terms of how realistic the attacks are, personally I think it's somewhat over dramatised, the stuff of James Bond movies.

"However, what we're seeing is a convergence of technologies, and many SCADA systems are now connected to other systems which are connected to the internet via the IP protocol.

"So potentially the theory of the attacks is true. I think the realism of them is not so true. Someone would very much have to understand many, many proprietary systems in order to make such drastic attacks happen."

Personal safety

Hackers can also target individual mobile phone users if they are using a Bluetooth headset or a handset with Bluetooth switched on.

Bluetooth headsets rely on the phone to transmit radio waves to the earpiece. But they are vulnerable. That two way connection can also be a gateway into your handset.

"If there is a specific flaw in the Bluetooth implementation in the model of the phone you won't even know that a hacker is getting into that specific phone," said Dino Covotsos of Telspace Systems.

"A lot of different techniques include bluesnarfing and bluebugging. You can actually do something called STP tooling."

STP tooling is a method for establishing the services that are supported by the phone.

Mr Docherty showed BBC Click how easy it was to pull off all the contacts from a phone placed 10 metres away from him. Using a laptop and a free computer program available on the internet it took him about a minute. The target's phone did not make a sound.

He could also have lifted calendar and diary entries and even have made a call without the phone owner's knowledge.

Fortunately, newer Bluetooth phones now warn the user.

Portcullis Security also hacked into the programme's wi-fi system in 10 minutes. It was "protected" by a 128-bit WEP encrypted password. Again the programme they used is free and it is available on the internet.

You still need a degree of expertise to pull off a movie-style spying attack but it does seem that wireless systems in particular, while convenient for us, have made the hackers' lives a little easier, and those spy scenarios just a little more realistic.

No comments: