exfil   16

How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs
Dr. Mordechai Guri, the head of R&D team at Israel's Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research named "BeatCoin."
BeatCoin is not a new hacking technique; instead, it's an experiment wherein the researcher demonstrates how all previously discovered out-of-band communication methods can be used to steal private keys for a cryptocurrency wallet installed on cold storage, preferably an air-gapped computer or Raspberry Pi
airgap  cybersecurity  exfil  cryptocurrency  bitcoin  attack 
24 days ago by bwiese
Malicious Network Traffic From /bin/bash - SANS Internet Storm Center
The script itself is not new, it was already spotted in July 2017 but it looks to be slightly modified and was uploaded recently to VT[2] (current score is 9/59). The most interesting part of the script is the ability to run a simple IRC bot in using Bash commands.

Bash can use /dev/tcp or /dev/udp to generate network flow. The syntax is /dev/<proto>/>host>/>port>.

Example to grab data from a remote server without external tools:

exec 5<> /dev/tcp/blog.rootshell.be/80
printf "GET / HTTP/1.0\nHost: blog.rootshell.be\n" >&5
cat <&5
exec 5>&-
sans  bash  networking  script  irc  c2  cybersecurity  exfil 
25 days ago by bwiese
Data exfiltrators send info over PCs' power supply cables • The Register
data exfiltration vector, defending yourself requires hermit-like separation from the world: you have to do without wireless connections, use a fanless computer, block the USB ports, install machines in a windowless room with any LEDs covered by black tape, make sure nobody can sense a PC's magnetic fields, and disconnect the speakers.
cybersecurity  israel  exfil  airgap 
28 days ago by bwiese
Data Exfiltrators Send Info Over PCs' Power Supply Cables - Slashdot
PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.

data could be exfiltrated at between 10 (building's electrical services panel) and 1,000 bits-per-second (power cable to computer) -- different classified systems in same power outlet?

The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.
cybersecurity  israel  exfil  airgap 
28 days ago by bwiese
Hackers once stole casino database through lobby fish tank thermometer - Business Insider
"The attackers used that to get a foothold in the network," she said. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
iot  cybersecurity  darktrace  exfil  vegas  casino 
28 days ago by bwiese
Criminals Hacked A Fish Tank To Steal Data From A Casino
fish tank monitor - hackers to swipe 10 gigabytes of data from the North American casino that just installed it, according to a report from the threat intelligence experts at Darktrace.

only casino system that ever sent data to the remote server in Finland that it was communicating with. It also did so using protocols that are normally used for streaming audio or video.
vegas  casino  cybersecurity  exfil  darktrace 
28 days ago by bwiese
Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers
Dubbed MAGNETO [pdf] and ODINI [pdf], both the techniques make use of proof-of-concept (PoC) malware installed on an air-gapped computer inside the Faraday cage to control the "magnetic fields emanating from the computer by regulating workloads on the CPU cores" and use it to transmit data stealthily.

aIR-Jumper attack that steals sensitive information from air-gapped computers with the help of infrared-equipped CCTV cameras that are used for night vision.
USBee attack that can be used steal data from air-gapped computers using radio frequency transmissions from USB connectors.
DiskFiltration attack that can steal data using sound signals emitted from the hard disk drive (HDD) of the targeted air-gapped computer;
BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;
AirHopper that turns a computer's video card into an FM transmitter to capture keystrokes;
Fansmitter technique that uses noise emitted by a computer fan to transmit data; and
GSMem attack that relies on cellular frequencies.
airgap  cybersecurity  hack  israel  faradaycage  exfil 
9 weeks ago by bwiese
Tech Insight: Cutting-Edge Techniques For Data Exfiltration -- Dark
exfil ideas: social media dropbox, wiki talk pages, printer print out / encoded can scan, VOIP and voicemail systems
hacking  security  exfil 
november 2013 by bwiese

related tags

airgap  analytic  attack  bash  bitcoin  c2  casino  cryptocurrency  csp  cybersecurity  darktrace  dns  faradaycage  google  hack  hacking  infoleak  infosec  iot  irc  israel  javascript  networking  node  npm  pcr  pentest  power  sans  script  security  ssrf  steganography  threathunting  tools  vegas  vulnerability  web  write-up 

Copy this bookmark: