Hack and access of laptop belonging Czech Secret Service.
Hack and access any secret service-military organization-corporation using HDD encryption and security suite for system protection.
All from inside Android.
When McAfee and Symantec sucks and encrypted laptop belonging Czech Secret Service gets hacked.
Endpoint Encryption unlocks the hdd but whole system remains unprotected until Endpoint Security is fully loaded and protects.
It's a gap of 10 to 15 seconds when with appropriate Python script or other software you can extract a lot of information from the widely open laptop.
Or plant an execution script which starts after full OS and security suite load, and can do anything.
Remember, all such laptops are centrally administrated and controlled, when they are inside own intranet.
The planted script mimics the central command server sent scripts.
Backdoor in Google Bot helps us to verify that laptop MAC address exists in a database of trusted MAC addresses belonging Czech Interior Ministry.
For those who once ironised the unknown power of backdoors in Google Bot (Dag Ströman).
How to find when is the moment?
Use a modified Wifi Kill, ARP protection is bypassed, system defended by Endpoint Security hangs and the owner will restart the system.
Now it's time.
Cause: most bios will activate Wifi before OS initialization.
Affected: most from Dell, Asus, HP.
Affected all laptops belonging to any secret service, military organisations and agencies using Symantec or McAffee or other similar security suites for hdd encryption and system protection.
Conclusion: trust and follow blindly the "recommendations" from CommonCriteria and ISO27000. :)
Remedy: very simple, disable automatic wifi start.
Start wifi manually after full OS and security suite load.
Awkward for lazy big chiefs :)
Advice nr. 2:
Do not dope your laptop with fancy cryptic names alike:
it will only reveal the departmental structure of your organisation.
Use instead simply numbers:
and have a totally separate database to organise all your laptops.
Don't disclose indirectly your organisation structure by giving logical related names.
19 July 2017
Hack and access of laptop belonging Czech Secret Service.
Backdoor discovery at Romanian Transport Ministry - Department for Railways Security and Certification AFER
As usual, backdoor in Google Bot help to discover backdoor leading to intranet access inside Romanian Transport Ministry - Department for Railways Security and Certification AFER.
Responsible were informed.
07 June 2017
170607 Swedish Digital Identification System BankID from Finansiell ID-Teknik BID AB byepassed on Android
"BankID is the leading electronic identification in Sweden.
Many services are provided where citizens can use their BankID for digital identification as well as signing transactions and documents.
The services vary from online and mobile banking, e-trade to tax declaration and are provided by government, municipality, banks and companies.
BankID is used both for identification as well as signing.
According to Swedish law, and within the European Union, BankID is an advanced signature and a signature made with a BankID is legally binding.
The customer’s identification is guaranteed by the bank issuing the BankID.
Authorities, companies and other organizations must check the validity of the customer’s identity and signature.
BankID is available on smart card, soft certificate as well as mobile phones, iPads and other tablet devices."
"Jag har skaffat en ny smartphone. Kan jag flytta över mitt Mobilt BankID till den?
Nej, det går av säkerhetsskäl inte att flytta ett Mobilt BankID men har du fortfarande tillgång till din gamla smartphone så kan du använda den för hämta ett nytt Mobilt BankID.
Ladda ner BankID säkerhetsapp från Google Play eller App Store till din nya smartphone.
Tänk på att telefonen behöver vara ansluten till internet via antingen wifi eller 3G.
Logga in i internetbanken med din gamla smartphone och beställ ett nytt Mobilt BankID under Tillval – BankID
Starta BankID säkerhetsapp och skapa en säkerhetskod ange aktiveringskoden som du fick i internetbanken.
Vi rekommenderar också att du spärrar ditt Mobilt BankID som var kopplat till din gamla smartphone. Detta gör du internetbanken under Tillval – BankID"
Unfortunately, I discovered a way to copy and restore Mobilt BankID on a device after full system restore.
And have it completely functional with all services using it.
No longer reauthentication with bank and create a new Mobilt BankID, as they say for security reasons.
That means the whole authentication system based on Mobilt BankID from Finansiell ID-Teknik BID AB is byepassed.
Tested with Swedbank.
Further escalation would be to test recreate the Mobilt BankID on an other device.
I informed Finansiell ID-Teknik BID AB and Swedbank about the critical security flaw which byepasses the leading electronic identification in Sweden.
No technical details are given publicly.
Only directly (no phone/email/other internet based communication) to implied authorities.
17 May 2017
170517 Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness
Swedish National Forensic Center NFC needs to instruct their personal more in IT Security awareness
Today I travelled back from Stockholm where I have been for an interview at Defence Ministry as Chief Engineer for IT Security.
Near me was a higher employee from Swedish National Forensic Center.
He was accompanied by several other persons from same authority.
He started to read some job related mails and talk with his mates about them.
I concluded they were on a job related matter travel at Stockholm and returned back.
The fact they were discussing openly job matters made me curious to check their security awareness.
Using a special modified Bluetooth scanner and promiscuous sniffer,
I noticed they had mobile phones, tablet and smart watch widely open to Bluetooth attacks.
Well, I made a sign to their chief and asked to follow me few meters away to discuss a private matter.
He followed me, then I informed him about the risks he is exposing himself and confidential information from his workplace.
He replied he was aware.. but all the devices he used were ...his private..not official from NFC.
Strange... personal smartphone but from same phone he read official mails and messages to his job comrades.
I'll just to my duty and inform NFC about the events and that they need to rise awareness of their employees when it comes to IT Security.
16 May 2017
Finalist i rekryteringen som:
Analytiker med inriktning cyber till enheten för taktisk säkerhetsanalys vid säkerhetsavdelningen för centrala stats ledningen.
Finalist in recruitment as:
Cyber Security analyst at the Unit for Tactical Security Analysis belonging Security Department of Swedish Secret Service under the leading of Swedish Prime Minister.
10 May 2017
Physical isolation - last step in securing own internal IT-infrastructure
I wrote 4 years ago in my analysis of how Iran got Stuxnet:
and in insecurity of Cloud services:
that only way to total security is complete physical separation of national/internal IT-infrastructure from rest of the world.
Now my advice is confirmed and applied.
"Russia’s Communications Ministry has developed a program that would allow the isolation of all internal internet traffic on servers located within the country, thus minimizing the risk of foreign hackers meddling with sensitive data."
And those naives still thinking that software solutions from "neutral" small countries is "secure" or "efficient" should think twice.
Being "small" increases the risk for "planting" backdoors ordered by US authorities.
19 April 2017
Few days ago a Russian hackers group made public the info that US authorities had secret access to SWIFT.net network via until now secret kept backdoors in software.
Now, that this information is no longer a secret,
I can disclose that as early as 2010 April, US authorities had direct hidden access in the French bankgroup BNP Paribas in Europe.
By using a special syntax and backdoor in Google servers and Google Bot, someone could access bank internal SWIFT.net data traffic intercepted and retransmitted to US located servers.
Similar backdoor was available in 2011-2012 for intercepting of data traffic from servers belonging Romanian Government and Finance Department regarding state contracts and aquisitions.