Yearly Archive 2016

ByCyberFrat

Is the Blockchain an economy or a computer science innovation?

Introduction to Blockchain

Blockchain is a decentralized distributed database (ledger) system. It is distributed because there is not a single repository held or owned by one person (Parties or Miner). All of them have their own copies of committed transactions of the block. Blockchain is not a drop box of transactions on the contrary it is a vault of hashed value of an asset which is tagged to its latest owner. Transactions being the trail of quantity and change of ownerships since it was the first time introduced in the Blockchain.

1

Blockchains can be applied to any concept which requires digital security for maintenance and management and currently Blockchains version 3.0 is the latest release. Some of the applications of Blockchains in financial domain are Crypto currency (the famous Bitcoin), Escrow transaction, Bonded Contracts, Smart Contracts, and Intellectual Property etc.  One can also conceive that a voting right can also be put on a political Blockchain of a national electorate (electorate being a vote exchange) also a physical housing property can be converted into a hashed digital asset traded on Blockchain of a real estate exchange and there are endless possibilities one think of. With the advancement in IoT, a Blockchain is a perfect combination to launch smart contracts.

To understand more on Blockchain one needs to understand its building blocks, let’s see one by one:

Unit: It is a digital intangible or tangible asset which can be converted into a hashed value e.g crypto-currency, a vote, digital property, intellectual property etc…

Transaction: No of Units that can be exchanged in one single go

Block: Stack of authorized transactions

Blockchain: Irreversible blocks (ledger)

Miners: Nodes that work as authenticators and validators of transaction and forms block in a chain.

The next question comes into the mind is how transactions are executed on the Blockchain. Assume that there are two parties A & B and they want to execute a transaction between them by exchanging certain number of Units (assume a crypto currency unit such as Bitcoin). Both the parties have to be on the same Blockchain network and application but on separate node (computer). This is important because a common platform is needed for transfer and communication of protocol for request and response. In order to execute a transaction both will require keys (randomly generated encrypted/hashed values to be kept confidential). The keys can be common session keys or public and private keys. Usually it is public and private keys combination and per transaction a unique set of pairs of keys are generated. “A” (initiator with address N) will pledge a transaction with certain number of Units with his key. “B” (receiver with address M) will acknowledge this transaction with his key. Now the transaction is in the executed stage but not validated and authorized. These Transactions flow into the distributed network and remain in the queues of Miners for validation and authorization and once done the transaction is connected to a chain and chain into a block of irreversible transaction. The blocks are formed after a suitable time lets us say that number of transactions validated in 10 secs will form a block. These blocks are then stored into a decentralized distributed database/ledger (Blockchain) i.e the copy of the block will be replicated into a database maintained with A, B and the Miner (who authorized the transaction) so that none of them can deny the execution of transaction. This replication is done to address the conflict between parties should it arise. The chain is actually the quantity and trail of tag of the unit associated with the ownership. During entire transaction anonymity of both A & B is maintained because they are identified by their keys and these keys cannot be reverse engineered to identify the owner as the keys are random values generated using trusted and certified algorithms.

2

Miners are available in Public Blockchain (Bitcoin), they validate and authorize a transaction and convert it into a chain but only when they have completed their workloads (proof of work) between chains. The workloads are nothing but complex numerical problems which require huge computation processing and time. It is a huge investment to become a Miner. One may be wondering then why to become a Miner.  For validating and authorizing each transaction the Miner is paid a fee/commission in form of Units of the Transaction. Some Miners also act as exchange house to buy and sell the Unit (Bitcoin) with fiat currency (USD) this is also called an Offchain.

3

4

Just to revise the layers of a Blockchain are the Units that are executed over a transaction which are further validated and verified by Miners to convert into chain and then into a block and finally stored into a decentralized distributed ledger.

There are different types of Blockchain:

Public Blockchain: In this type anyone, individual or a group can be a part of a Blockchain to execute a transaction or become a Miner. Example can be Bitcoin Blockchain.

Permissioned Blockchain: Consortium of entities form the Blockchain and only permissioned or licensed individual or a group can be a part of this Blockchain to execute a transaction but there are no Miner. In this type the transactions are auto validated and authorized as the parties are trusted. This is a more secured network and example can be consortium of banks or financial institutions forming a Permissioned Blockchain and parties can be legitimate entrusted customers of the bank.

Sidechain (Interchain) Blockchain: When one or more unique Blockchains interlink to form a complex set of Blockchain.


vikasvarma

Vikash Verma

Enterprise Risk Management

ByCyberFrat

How Bots are different from Virus, worms and Trojans

One common mistake that people make when the topic of a computer virus arises is to refer to a worm, Bot or a Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from damaging effects. Different classes of malicious software are described below.

Viruses

A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments.

Worms

Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.

Trojans

A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.

Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an e-mail attachment or downloading and running a file from the Internet.

Bots

A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another (C&C might be built into the botnet as P2P).[1] Botnets have been used many times to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.

Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server or servers that act as a command and control (C&C) centre for an entire network of compromised devices, or “botnet.” With a botnet, attackers can launch broad-based, “remote-control,” flood-type attacks against their target(s). In addition to the worm-like ability to self-propagate, bots can include the ability to log keystrokes, gather passwords, capture and analyse packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host. Bots have all the advantages of worms, but are generally much more versatile in their infection vector, and are often modified within hours of publication of a new exploit. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.

 

How Bots Work

Bots sneak onto a person’s computer in many ways. Bots often spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are instructed to carry out a task.

After a computer is taken over by a bot, it can be used to carry out a variety of automated tasks, including the following:

Sending Stealing DoS (Denial of Service) Clickfraud
They send – spam – viruses – spyware They steal personal and private information and communicate it back to the malicious user: – credit card numbers – bank credentials – other sensitive personal information Launching denial of service (DoS) attacks against a specified target. Cybercriminals extort money from Web site owners, in exchange for regaining control of the compromised sites. More commonly, however, the systems of everyday users are the targets of these attacks — for the simple thrill of the botherder. Fraudsters use bots to boost Web advertising billings by automatically clicking on

 

Best Practices for Combating Viruses, Worms, Trojans, and Bots

The first steps to protecting your computer are to ensure that your OS is up to date. This means regularly applying the most recent patches and fixes recommended by the OS vendor. Secondly, you should have antivirus software installed on your system and download updates frequently to ensure that your software has the latest fixes for new viruses, worms, Trojans, and bots. Additionally, you want to make sure that your antivirus program can scan e-mail and files as they are downloaded from the Internet. This will help prevent malicious programs from reaching your computer. You may also want to consider installing a firewall.

Technical Definition Sites

http://en.wikipedia.org/wiki/

http://www.sans.org/resources/glossary.php

https://us.norton.com/botnet/

http://www.cisco.com/security/

ByCyberFrat

SS7 Protocol hack revealed – How hacker can access your calls and texts

The Signaling System No 7 (SS7), also known as Common Channel Signaling System 7 (CCSS7) or Common Channel Interoffice Signaling 7 (CCIS7), is a set of protocols developed in 1975 that allows the connections of one mobile phone network to another. The information passed from a network to another are needed for routing calls and text messages between several networks.
The SS7 performs out-of-band signaling in support of the call establishment, billing, routing, and information exchange functions of the public switched telephone network (PSTN).
When users access a PSTN, he constantly exchanges signaling with network elements, for example, signaling information are exchanged between a mobile user and the telephone network.
Information includes dialing digits, providing dial tone, sending a call-waiting tone, accessing a voice mailbox, etc.
The term Out-of-band signaling is used to specify that signaling that does not take place over the same path as the conversation. The digital channel used for the exchange of a signaling information is called signaling link, when a call is placed, the dialed digits, trunk selected, and other information is sent between switches using their signaling links, rather than the trunks used to carry the conversation.
Out-of-band signaling has the following advantages:
• It allows for the transport of more data at higher.
• It allows for signaling at any time in the entire duration of the conversation, not only at the beginning of the call.
• It enables signaling to network elements to which there is no direct trunk connection.

The SS7 is also used to implement the network roaming when users need to use different network providers.
A hacker accessing the SS7 system can snoop target users, locate them, and transparently forward calls.
The access to the SS7 system is possible by using any number of networks.
In response to the disclosure of security issues related to the SS7 protocol, telco bodies, and operators, including the GSMA, have introduced monitoring services to prevent intrusions or abuse.
Recently a group of hackers demonstrated how spy on mobile users simply using their phone numbers; they have chosen as a target complacent US Congressman.
The group is led by the popular German security expert Karsten Nohl; the researchers demonstrated they were able to eavesdrop and geographic track the politician just knowing his phone number.
There is nothing new in the revelation because the telco community was aware of the technique adopted by security experts, the same team illustrated in the past the technique that exploits security flaws in the Signalling System No. 7, also known as an SS7 protocol.
An attacker can exploit security issued in the SS7 protocol to spy on private phone calls, record them and monitor target’s movements.
Exactly one year ago, Channel Nine’s 60 Minutes reported the existence of a security hole in modern telecommunication systems that could be exploited by cybercriminals to listen in on phone conversations and read text messages.
Karsten Nohl and his team investigated the presence of security flaws in the SS7 system back in 2014.
In that occasion, Nohl and his colleagues were able to intercept data and geo-track every mobile user by exploiting a flaw in the SS7 signaling system.

In December 2014, a group of German researchers at the Chaos Communication Hacker Congress revealed the existence of serious security issues in the protocol used by a large number of carriers of mobile telephony. Despite the huge investment in security made by telco companies, the adoption of flawed protocols exposes customers to serious privacy and security risks.
“It’s like you secure the front door of the house, but the back door is wide open,” said Tobias Engel, one of the German researchers.

1

Figure 1 – Tobias Engel Slides presented at CCC Berlin

What does the network know about your location?
Tobias explained that the network knows the location of the cell tower that could be used to have a pretty good approximation of a user’s location. Despite the access to the information managed by operators is restricted to the technical operation of the network, voice calls, and short messages can be initiated to your phone number from almost anywhere in the global SS7 network.

2

Figure 2 – Tobias Engel Slides presented at CCC Berlin

Below the presentation made by the expert Tobias Engel:

Attacks relying on these security issues already happened in the past, one of the major incidents was registered by the NKRZI (which is the National Commission for the State Regulation of Communications and Informatization in Ukraine) and involved Russian addresses back in April 2014.
The expert noticed that many Ukrainian mobile phone holders have been targeted by SS7 packets sent from Russia to track them and steal information from the mobile devices.
According to the security firm AdaptiveMobile who analyzed the case, a number of Ukrainian mobile subscribers “were affected by suspicious/custom SS7 packets from telecom network elements with Russian addresses over a three day period in April 2014. The packets were revealing the subscribers location and potentially the contents of their phone calls to be obtained.”
A series of SS7 packets were sent to the MTS Ukraine’s SS7 network that caused the modification of the control information stored in network switches for several MTS Ukraine mobile users. The effect was that one of the affected MTS used tried to call someone else, their call would be forwarded to a physical land line number in St. Petersburg, Russia allowing the interception of the communication.
“In the document, the investigation stated that the custom SS7 packets themselves came from links allocated to MTS Russia, the parent company of MTS Ukraine. The Ukrainian regulator then assigned responsibility for the nodes that generated the SS7 based on the origination addresses in the SS7 packets received. According to the report, some of the SS7 source addresses that originated the attack were assigned to MTS Russia, while others were assigned to Rostov Cellular Communications.” stated the AdaptiveMobile.
The incident was not isolated, other cases were observed in different countries, let’s consider for example that the same protocol is being used by major Australian providers, this means that Aussies data could be exposed to hackers. Names, addresses, bank account details and medical data stolen due to a security vulnerability that could give hackers the access to their mobile devices.
Another case was reported by the Guardian that revealed security tests conducted by an operator in Luxembourg took Norway’s largest network operator Norway offline for over three hours due to an “unexpected external SS7 event.”
A preliminary report issued by Telenor states the problem was caused by the reception of “unusual signaling” from another international operator into their networks. Software from Ericsson misinterpreted this very rare signaling messages stopping parts of mobile traffic up.
Ericsson identified how the misperception of signaling occurred and applied the necessary correction to fix the issue.
The reality is that old and insecure protocols could harm our privacy dramatically enlarging our surface of attack.

 

sunil-sharma

Sunil Sharma