Information Security | Data story - Part 2

Qualys – Lessons Learned from Cracking LinkedIn Passwords1

Singular approach from Qualys, reagarding the LinkedIn password leak. Using a patched version of John the Ripper (brute force password craker), they successfully found complex passwords in almost no time by iterating over a password file filled by newly found password from latest iteration. Ultimately cracking password as complex as this one: “lsw4linkedin”

 

Original source: https://community.qualys.com/blogs/securitylabs/2012/06/08/lessons-learned-from-cracking-2-million-linkedin-passwords

Like everyone this week, I learned about a huge file of password hashes that had been leaked by hackers. The 120MB zip file contained 6,458,020 SHA-1 hashes of passwords for end-user accounts.

 

At first, everyone was talking about a quick way to check if their password had been leaked. This simple Linux command line:

 

echo -n MyPassword | shasum | cut -c6-40 

 

allows the user to create a SHA-1 sum of his password and take the 6th through 40th characters of the result. (See note below*). Then the user could easily search the 120MB file to see if his hash was present in the file. If it was, then of course his password had been leaked and his account associated with that password was at risk.

 

John the Ripper

 

But when the OpenWall community released a patch to run John The Ripper on the leaked file, it caught my attention.  It has been a long time since I have run John The Ripper, and I decided to install this new, community-enhanced “jumbo” version and apply the LinkedIn patch.

 

John the Ripper attempts to crack SHA-1 hashes of passwords by iterating on this process: 1. guess a password, 2. generate its SHA-1 hash, and 3. check if the generated hash matches a hash in the 120MB file. When it finds a match, then it knows it has a legitimate password.  John the Ripper iterates in a very smart way, using word files (a.k.a. dictionary attack) and rules for word modifications, to make good guesses. It also has an incremental mode that can try any possible passwords (allowing you to define the set of passwords based on the length or the nature of the password, with numeric, uppercase, or special characters), but this becomes very compute-intensive for long passwords and large character sets.

 

The fact that the file of hashed passwords was not salted helps a lot.  As an aside, even if they were salted, you could concentrate the cracking session to crack the easiest passwords first using the “single” mode of John the Ripper. But this works best with additional user information like a GECOS, which was not available in this case, at least to the public. So the difficulty would be much greater for salted hashes.

 

Approach

 

In my case, I have an old machine with no GPU and no rainbow table, so I decided to use good old dictionaries and rules.

 

I ran the default john command that just launches a small set of rules (like append/prepend 1 to every word, etc.) on a small default password dictionary of less than 4000 words. It then switches to incremental mode based on statistical analysis of known password structures, which helps it try the more likely passwords first. The result was quite impressive because after 4 hours I had approximately 900K passwords already cracked.

 

But then, as it got to the point were it was trying less and less likely passwords and therefore found matches more slowly, I decided to stop it and run a series of old dictionaries I had: from default common password lists (16KB of data) to words of every existing language (40MB of data). It was very efficient and found 500K more passwords in less than an hour, for a total of 1.4M passwords.

 

Even though my dictionaries were 10 years old and didn’t contain newer words like “linkedin”, it appeared that some cracking rules, by reversing strings or removing some vowels could guess new slang words from already cracked passwords.

 

And as I had just acquired 1.4M valid passwords, I believed that using these newly discovered passwords as a dictionary I could find more. It worked and the rules applied to the already cracked passwords produced 550K new ones. I ran a second iteration using the 550K passwords from the first iteration as a dictionary, and found 22K more. I iterated in this manner a total of ten times.

 

It is interesting to see that the most elaborate passwords found in the 3rd or 4th iteration of this kind of recursive dictionary cracking were related to the word linkedin most of the time:

 

If I tried to match the word linkedin slightly modified (reversed or with ’1′ or ‘!’ instead of ‘i’ like in l1nked1n):

 

  • In the first iteration, 558 passwords found in the 554,404 (0.1%) are related to the ‘Linkedin’ string;
  • In the second iteration, 3248 out of 22,688 (14%) are related to the ‘Linkedin’ string;
  • Third iteration: 1,733 out of 3,682 (47%);
  • Fourth iteration: 539 out of 917 (59%);
  • Fifth iteration: 217 out of 330 (66%);
  • Sixth iteration: 119 out of 152 (78%);
  • Seventh iteration: 40 out of 51 (78%);
  • And so on through the tenth iteration.

 

An example of what I found on the 7th pass is:  m0c.nideknil

 

Another example is: lsw4linkedin, which was found on the tenth pass. To illustrate how the rules work for modifying words in the dictionary, below is the actual set of modifications used to get from the dictionary entry ‘pwlink’ to the successfully cracked password ‘lsw4linkedin’ over the ten iterations:

 

  1. pwdlink from pwlink with the rule “insert d in 3rd position”
  2. pwd4link from pwdlink with the rule “insert 4 in 4th position”
  3. pwd4linked from pwd4link with the rule “append ed”
  4. pw4linked from pwd4linked with the rule “remove 3rd char”
  5. pw4linkedin from pw4linked with the rule “append in”
  6. mpw4linkedin from pw4linkedin with the rule “prepend m”
  7. mw4linkedin  from mpw4linkedin with the rule “remove second character”
  8. smw4linkedin from mw4linkedin with the rule “prepend s”
  9. sw4linkedin from smw4linkedin with the rule “remove second character”
  10. lsw4linkedin from sw4linkedin with the rule “prepend l”

 

This is the deepest password found, i.e. the only one obtained in the last iteration.

 

This clearly shows that no matter how elaborate a password you choose, as long as it is based on words and rules, even if there are many words and many rules, it will probably be cracked. The fact is that on a huge file like the LinkedIn leak, every password you find can help you to get another one. That is because human-created passwords are not random, and programs like John the Ripper and dictionary attacks can use patterns, either already known or discovered in the password hash file, to greatly reduce the time needed to crack them.

 

Password Management

 

Thus, it is highly recommended to use a strong random password generator that is known to be actually random.

 

It is funny to note that a very old version of a command line tool called “mkpasswd” produced passwords based on a bad random salt and was generating only 32768 different passwords (http://www.kb.cert.org/vuls/id/527736 ), this was reported and fixed 10 years ago, but I was still able to recover 140 passwords in the leaked file that had been generated by this vulnerable version of mkpasswd.

 

Evidence indicates that the hacker who made this leak public was most likely trying to get cracked passwords from an online community, a kind of crowdsource cracking. Since he probably possesses the list of logins as well, you might want to change your passwords in other accounts if you think he can access them with the information he has. Note that if you have unique passwords created with simple rules, you might change them as well. For example, if your password for LinkedIn is MyPW4Linkedin, a malicious cracker might guess that MyPW4Facebook might be your Facebook password.

 

It is also recommended to change your password if your username can be guessed from it, because every password cracker on the planet is currently playing with this password file.

 

The author of John the Ripper, Solar Designer, did a great presentation on the past, present and future of password security. Although the security industry has put a lot of work into making good hash functions (and there’s still more work to do), I believe that poorly chosen passwords are a concern. Maybe we should demand that our browsers (using secured storage as in Firefox Manager) or 3rd-party single-sign-on providers create easier solutions to help us resist the temptation of using simple passwords and re-using the same passwords with simple variations.

 

* Note: The hashes in the 120MB file sometimes had their five first characters rewritten with 0.  If we look at the 6th to 40th characters, we can even find duplicates of these substrings in the file meaning the first five characters have been used for some unknown purpose: is it LinkedIn that stores user information here? is it the initial attacker that tagged a set of account to compromise? This is unknown.

 

The security software industry over last 10 years1

With Flame MD5 collision have come true1

It is a mathematic breakthroughs introduce by the state supported malware named Flame

“We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack,” Marc Stevens and B.M.M. de Weger wrote in an e-mail posted to a cryptography discussion group earlier this week. “The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications.”

Collision” attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn’t until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Wegwer, of the Technische Universiteit Eindhoven were two of the driving forces behind the research that made it possible.

Flame is the first known example of an MD5 collision attack being used maliciously in a real-world environment. It wielded the esoteric technique to digitally sign malicious code with a fraudulent certificate that appeared to originate with Microsoft. By deploying fake servers on networks that hosted machines already infected by Flame—and using the certificates to sign Flame modules—the malware was able to hijack the Windows Update mechanism Microsoft uses to distribute patches to hundreds of millions of customers.

According to Stevens and de Weger, the collision attack was unlike any that cryptographers have seen before. They arrived at that conclusion after using a custom-designed forensic tool to analyze Flame components.

“More interestingly, the results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant,” Stevens wrote in a statement distributed on Thursday. “This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis. Further research will be conducted to reconstruct the entire chosen-prefix collision attack devised for Flame.”

The analysis reinforces theories that researchers from Kaspersky Lab, CrySyS Lab, and Symantec published almost two weeks ago. Namely, Flame could only have been developed with the backing of a wealthy nation-state. Stevens’ and de Weger’s conclusion means that, in addition to a team of engineers who developed a global malware platform that escaped detection for at least two years, Flame also required world-class cryptographers who have broken new ground in their field.

6.5M LinkedIn Passwords Leaked Online1

Time has come for password change on LinkedIn …. as millions of passwords are posted on a Russian hacker website.

Few details so far:

  • The data leaked is a file of SHA1 hashes
  • The data have been first posted on a Russian hacker website
  • There are 3,521,180 hashes that begin with 00000. Probably marked to cracked(reversed user’s password).
  • The file does not contain duplicates. LinkedIn claims a user base of 161m. This file contains 6.4m unique password hashes. That’s 25 users per hash. Given the large amount of password reuse and poor password choices it is not improbable that this is the complete password file.

 

Microsoft Certificate used in “Flame”1

Following our recent article on Flame, it appears that “Flame” components were sign using Microsoft Certificate.

Microsoft just released an emergency bulletin, and an associated patch, notifying users of Windows that a “unauthorized digital certificates derived from a Microsoft Certificate Authority” was used to sign components of the “Flame” malware.

The update revokes a total of 3 intermediate certificate authorities:

 

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

It is not clear from the bulletin, who had access to these intermediate certificates, and if they were abused by an authorized user, or if they were compromised and used by an unauthorized user. Either way: Apply the patch.

The bulletin also doesn’t state if this intermediate certificate authority or certificates derived from it could be used to fake the patch. Microsoft Certificates are used to sign patches, and a compromise could lead to a sever break in the trust chain. The use of a “real” Microsoft certificate is surely going to increase the speculations as to the origin of Flame.

[1] http://technet.microsoft.com/en-us/security/advisory/2718704
[2] http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

 

‘Flame’ is a continuation of the cyberwar history1

Are we  at (Cyber) War ?

Over the last few years there has been growing event and talk about how the world seems to be plunging into cyber war as governments, hacking groups, terror groups, and hacktivists all seem to be increasing their attacks on networks, users, and data.

This is my short answer, only reflecting  my own opinion aka “the bad news”

Like it or not, but we probably are at war and worst …. this is your war.  whatever your are unwilling, you are a participant and you have an obligation to protect your computer and your data in any way you can, in order to not only avoid risks to yourself, but to reduce the chance of being used to relay attack  against others.

 

Stuxnet and Duqu were bright examples of cyber weapons which could even physically destroy infrastructure, and Flame is a continuation of this history … cyber war has been ongoing for years already. People are just not aware of it because cyber war is hidden.

 

Cyber war is evolving rapidly, and ‘Flame‘ vividly confirms this trend,Flame is a universal attacking tool kit used mostly for cyber espionage

  • It can record audio if a microphone is attached to the infected system
  • It can scan for locally visible Bluetooth devices(meaning phone for instance) if there is a Bluetooth adapter attached to the local system
  • It can do screen captures and transmit visual data
  • It can steal information from the input boxes when they are hidden behind asterisks, password fields

 

 

“Flame” one of the most complex threats ever discovered1

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.

Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.

The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.

They described Flame as “one of the most complex threats ever discovered”.

Research into the attack was carried out in conjunction with the UN’s International Telecommunication Union.

They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.

In the past, targeted malware – such as Stuxnet – has targeted nuclear infrastructure in Iran.

Others like Duqu have sought to infiltrate networks in order to steal data.

This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky’s chief malware expert Vitaly Kamluk.

“Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” he said.

More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.

Iran’s National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for “recent incidents of mass data loss” in the country.

The malware code itself is 20MB in size – making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.

Iran and Israel

Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.

He explained: “Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.

“Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group.”

Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.

“The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it,” Mr Kamluk said.

The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.

It is also able to take screenshots of on-screen activity, automatically detecting when “interesting” programs – such as email or instant messaging – were open.

‘Industrial vacuum cleaner’

Kaspersky’s first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.

Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.

“This is basically an industrial vacuum cleaner for sensitive information,” he told the BBC.

He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.

“Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on.”

Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks – almost in the same manner as adding apps to a smartphone.

 

By Dave Lee

Sourcehttp://www.bbc.com/news/technology-18238326#?utm_source=twitterfeed&utm_medium=twitter

NMAP 6 has been released1

Nmap Security Scanner version 6.00 from http://nmap.org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more.

 

1. NSE Enhanced

The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well. [More details]

2. Better Web Scanning

As the Internet has grown more web-centric, Nmap has developed web scanning capabilities to keep pace. When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported. [More details]

3. Full IPv6 Support

Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap has been a leader in the transition, offering basic IPv6 support since 2002. But basic support isn’t enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch.

We’ve created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It’s easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at2600:3c01::f03c:91ff:fe96:967c. [More details]

4. New Nping Tool

The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping’s novel echo mode lets users see how packets change in transit between the source and destination hosts. That’s a great way to understand firewall rules, detect packet corruption, and more. [More details]

5. Better Zenmap GUI & results viewer

While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we’ve also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We’ve also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports. [More details]

6. Faster scans

In Nmap’s 15-year history, performance has always been a top priority. Whether scanning one target or a million, users want scans to run as fast as possible without sacrificing accuracy. Since Nmap 5 we’ve rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease. [More details]

 

http://nmap.org/6/

Bitcoinica hacked close to $100k USD stolen1

Bitcoinica has been shutdown until further notice, following a theft of 18,000 BTC.News of the hack was posted this morning by Bitcoinica’s founder, Zhoutong:

“Today, we have discovered a suspicious Bitcoin transaction that doesn’t seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive.

Suspicious transaction:

{
“account” : “”,
“address” : “182tGyiczhXSSCTciVujNRkkMw1zQxUVhp”,
“category” : “send”,
“amount” : -18547.66867623,
“fee” : 0.00000000,
“blockhash” : “00000000000003f6bfd3e2fcbf76091853b28be234b5473a67f89b9d5bee019c”,
“blockindex” : 1,
“txid” : “7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8″,
“time” : 1336738723
},

We have contacted Rackspace to suspend all our servers and lock down our accounts. All your trading and financial data is safe (as far as I know), apart from the Bitcoin loss. Thank you for your patience and understanding while we investigate this issue in detail.”

And in a follow-up post:

“Our data is kept inact. Any order placed before the shutdown will still be valid. However, no order execution will happen (no zhoutonging either).
If the market moves significantly, we will come up with a proposal to compensate disadvantaged customers once the investigation is complete.”

Bitcoinica was also the victim of a 43,000 BTC ($215,000 USD) heist back on March 1st.

It will be interesting to see how the market is affected by the inability of traders to take leveraged positions in either direction. Also, you should not surf to Bitcoinica.com, as the site has been redirected to a porn site.

Hack.lu 2012 8th edition1

Call for Papers for hack.lu 2012 is now out! – You can register and submit your paper via the CFP website.

Hack.lu is an open convention /conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society. The aim of the convention…

 

The conference will take place in Luxembourg (that’s the 8th edition) the 23-25 October 2012 and everyone is welcome to submit a talk/paper to the conference on interesting security topics.

http://2012.hack.lu/cfp/

 

Follow LuxNoSQL on Twitter
 
Join the LuxNoSQL Community on LinkedIn