19 July 2017

Hack and access of laptop belonging Czech Secret Service.

Hack and access of laptop belonging Czech Secret Service.
Hack and access any secret service-military organization-corporation using HDD encryption and security suite for system protection.
All from inside Android.

When McAfee and Symantec sucks and encrypted laptop belonging Czech Secret Service gets hacked.
Endpoint Encryption unlocks the hdd but whole system remains unprotected until Endpoint Security is fully loaded and protects.
It's a gap of 10 to 15 seconds when with appropriate Python script or other software you can extract a lot of information from the widely open laptop.
Or plant an execution script which starts after full OS and security suite load, and can do anything.
Remember, all such laptops are centrally administrated and controlled, when they are inside own intranet.
The planted script mimics the central command server sent scripts.

Backdoor in Google Bot helps us to verify that laptop MAC address exists in a database of trusted MAC addresses belonging Czech Interior Ministry.
For those who once ironised the unknown power of backdoors in Google Bot (Dag Ströman FMV-CSEC).

How to find when is the moment?
Use a modified Wifi Kill, ARP protection is bypassed, system defended by Endpoint Security hangs and the owner will restart the system.
Now it's time.
Cause: most bios will activate Wifi before OS initialization.
Affected: most from Dell, Asus, HP.

Affected all laptops belonging to any secret service, military organisations and agencies using Symantec or McAffee or other similar security suites for hdd encryption and system protection.

Conclusion: trust and follow blindly the "recommendations" from CommonCriteria and ISO27000. :)

Remedy: very simple, disable automatic wifi start.
Start wifi manually after full OS and security suite load.
Awkward for lazy big chiefs :)

Advice nr.  2:
Do not dope your laptop with fancy cryptic names alike:
A12B34C56
it will only reveal the departmental structure of your organisation.
Use instead simply numbers:
12345678
and have a totally separate database to organise all your laptops.
Don't disclose indirectly your organisation structure by giving logical related names.


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.