UNM4SK3D: CIA, MalwareTech, and Self-Driving Cars

Profile image for olynch
August 11, 2017 | Views: 2519

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#wikileaks 

You didn’t think Wikileaks was going to stop anytime soon, did you? The latest, 20th leak discloses the details of ‘CouchPotato,’ a remote tool used to secretly collect RTSP/H.264 video streams.

In a guide that dates back to February 14, 2014,  ‘CouchPotato’ is described as a tool that allows for “a RTSP/H.264 video stream to be collected either as a video file in AVI file format or as series of still images of frames from the stream in JPG format.” You may know Real Time Streaming Protocol, or RTSP, as a network control protocol designed for use in entertainment and communication systems for controlling streaming media servers. ‘CouchPotato’ works by utilizing FFmpeg for video and image encoding and decoding and Real Time Streaming Protocol connectivity. It offers the user total discretion, as it is designed to support ICE v3 ‘Fire and Collect’ loader, which according to The Hacker News, is an in-memory code execution (ICE) technique that runs malicious code without the module code being written to the disk.

While Wikileaks does not detail how the CIA gains initial entry to the systems, one can assume from previous leaks that ‘CouchPotato’ may be used in combination with other tools. The previous leak, ‘Dumbo,’ “involves a USB thumb drive equipped with a Windows hacking tool that can identify installed webcams and microphones, either connected locally, wired or wirelessly via Bluetooth or Wi-Fi.” Wikileaks has kept their promise on the continuation of these leaks and many question what the exposure means not only for national security but for the cyber security industry in general.

CouchPotato utilizes ffmpeg software for video and image encoding and decoding as well as The Real Time Streaming Protocol (RTSP) connectivity. CouchPotato relies on being launched in an ICE v3 Fire and Collect compatible loader. -Wikileaks

Get an inside look at how RSTP can be used to access webcams and their video streams. Read ‘Shodan: The Hacker’s Search Engine.’

#wannacry

Many are debating, ‘hero or criminal?’ after the arrest of Marcus Hutchins (MalwareTeach), the analyst who helped stop the Wannacry attack by finding the global kill switch. Despite his recent rise to fame, Hutchins was convicted for his alleged role in creating and distributing the Kronos Banking Trojan between 2014-2015. 

As a refresher, Kronos is a banking Trojan designed to steal banking credentials and personal information from victims’ computers, which was sold for $7,000. Hutchins was taken into custody at McCarran International Airport in Las Vegas after attending the DEF CON conference and is currently facing six counts of hacking-related charges from the United States Department of Justice (DoJ) for his involvement in Kronos. In a police interview, “Hutchins admitted of writing the code of malware that targeted bank accounts,” US prosecutors said during a hearing on Friday, but during the proceedings, he pled not guilty.

At the hearing, the judge ruled that Hutchins could be released on $30,000 bail, saying he was not a flight risk or a danger to society, but that he must wear GPS tracking device and remain in the US. The five additional counts he faces include wiretapping and violating Computer Fraud and Abuse Act, meaning he could spend up to 40 years in prison if convicted. Supporters of the ‘WannaCry savior’ and Twitter personality say a tweet from July 2014 proves he could not have written the malware and is innocent. We will be anxiously awaiting further details of this case. In the mean time, the debate of heroism vs. hacker continues.

He has dedicated his life to researching malware, not to try to harm people. He has tremendous community support, local and abroad and in the computer world. -Adrian Lobo, Hutchins’ defence attorney

Learn the inner-workings of a trojan. Watch this ‘Trojans’ whiteboard video from the ethical hacking course.

#hacked

Security researchers have proven their ability to hack cars remotely, disable critical functions and how to use hacking to steal a vehicle, but the latest research suggests that self-driving cards can be tampered with in a unique and terrifying way that involves no intrusion to the vehicle itself. 

A team of researchers from the University of Washington demonstrated how anyone could print stickers and put them on a few road signs to convince ‘most’ autonomous cars into misidentifying road signs and causing accidents. In a paper titled ‘Physical-World Attacks on Machine Learning Models,’ the researchers explain how the image recognition systems used by most self-driving cars fail to read roads if they are altered by placing stickers or posters over part or all of the sign. By adding ‘Love’ and ‘Hate’ graphics onto a  stop sign, the researchers were able to trick the car’s image-detecting algorithms into thinking it was a 45-speed limit sign in 100% of tests, proving the alterations could cause accidents. Although the researchers did not reveal the car manufacturer they used in their experiments, threats to self-driving cars have made the public more cautious of their immediate adoption of these products.

In similar, related news, Tencent Keen researchers successfully hacked Tesla’s Model X for the second year running. They demonstrated their ability to remotely turn on the lights and open and close the doors in a video, highlighting their control by engaging the vehicle’s brakes while driving. A report indicates Tesla fixed the flaws in the vehicle’s Controller Area Network (CAN bus) and Electronic Control Unit (ECU) attack within two weeks using an over-the-air (OTA) update. Experts have acknowledged that the hack was not an easy feat, but a concerning one nonetheless. Vehicle vulnerabilities such as those demonstrated serve as a reminder of the complexity and safety of future ‘smart’ cars.

We think that given the similar appearance of warning signs, small perturbations are sufficient to confuse the classifier. In future work, we plan to explore this hypothesis with targeted classification attacks on other warning signs. -University of Washington researcher

Get an inside-look at the world of autonomous vehicles. Read ‘Self-Driving Cars: An Introduction.’

#networksecurity

Network Security Technology Foundations is the NSE-1 course from Fortinet. This free self-study course provides the foundation knowledge for presenting a network security sales opportunity. 

Course Objectives include:

  • Describe common network security appliances and their roles in protecting a network.
  • Describe various network threats and how to protect against attacks.
  • Describe hardware and software used to protect a network against attacks.
  • Identify and position firewalls, mail, and web security devices within a network.
  • Explain the role of management and analytics in modern network security.

#factbyte

In July 2017, the global spam rate reached the highest level registered since March 2015, 54.9%, a 0.6% point increase compared to the previous month. 

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
6
0
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

DUHK: The Technique That Got the VPN Compromised
Views: 1282 / December 10, 2017
What is Docker? [Series]
Views: 2098 / December 9, 2017
Wanna-Cry Ransomware
Views: 2085 / December 9, 2017
The Abyssal Depth of the Deep Web
Views: 2060 / December 8, 2017
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel