This reports explores the ways an intruder could enter a computer system and violate the confidentiality of files. We know that Alice is using an encryption tool called Truecrypt and Charlie has to find a way of accessing the commercially sensitive files on her hard drive. To do this Charlie needs to learn a number of things firstly how she is encrypting the software, although we know Charlie does not. Secondly he needs to find a number of passwords to access the encrypted files. The first password is to dismount the virtual drive that the Truecyrpt program has created and maybe a second to access the hidden volume. This is because no one is sure if she has used the second hidden volume feature.Charlie has many viable options available and his best mode of attack would be to use a combination of keyloggers hardware and software, cameras, and password recovery software.
Many people take the computer power for granted and start questioning a computer only when it fails or when there is a security breach. The reality is that violating the confidentiality, integrity or availability of a computer system, ethical or legal obstacles aside, is relatively easy. This report attempts to address the question: Given a particular scenario what are the ways of entering into a computer and retrieving encrypted data. The report explains the different methods of attack that could be used, to increase Charlie’s chances of accessing the files he should use a combination of all these attacks to get through the different security barriers in place. Charlie should also be ready to use all of the attacks encase one of the methods fails.
Assumptions:
- Alice is very careful with the password that she uses for the Truecrypt program.
- Charlie can find details of the Truecrypt program on the WWW.
- Charlie will not be constrained by the legal or ethical implications of his actions.
- Charlie has a high degree of technical literacy and is comfortable with many aspects of computing, including programming.
- Charlie is acting as an individual and has a finite budget.
- The secret communications are time sensitive and therefore Charlie will need to choose an avenue of attack that will work in a reasonable amount of time.
- The Data is time sensitive, we can therefore assume that it is going to be accessed regularly. This brings it forward in the list of last file accessed search.
- Alice has gone to the trouble of securing her file with encryption it is assumed she is going to have a windows logon password.
- Due to the Firewall Spyware and Adware programs Charlie can’t send Alice a virus or malware to violate the system and access to the data.
- Since Alice is using Open Source software it is assumed that she doesn’t have a lot of finances to fund an administrator and have her own system support/help desk.
- Alice’s operating system is Windows XP and is connected to a networked computer with always on internet (broadband)
Obtaining passwords
The following methods can be used as a-go-around for the many barriers that Charlie faces. For example obtain the windows logon password, discover one or two encryption passwords and to see simply see what encryption tool is being used (Truecrypt).
Software key logger
Charlie has 30-minute intervals in which he can access the computer. In this time he would be able to install one of the many different types of software key loggers available.
A software key logger is a program which records all the key strokes of a computer, after installing such a program Charlie would be able to record and retrieve any passwords and the method of accessing the data. Which would explain to Charlie how thesensitive file is encrypted, and where the data is kept ready for him to retrieve.
(Quick_Logs, 2006)
The above picture is and example of a software keylogger called Quick-Keylogger 2.1.
Physical/Hardware key logger
Another variation of the software is a hardware or physical key logger. The hardware key loggers work in a similar way as the software loggers and would be installed in the 30 minute time frame would also retrieve the keystrokes of passwords and method of encryption. The hardware logger has the advantage of not slowing the system down and is less likely to be detected, as there is no software running on the computer that could be stumbled upon. The physical logger has its own separate microchip, which captures the keystrokes and a separate flash memory, which stores them. This sort of attack would obviously only work if Alice’s computer monitor is hidden away for example inside a cabinet as most computer users would notice the new extension of the cord.
The physical key logger looks similar to an extension cable and is placed in-between the keyboard and the monitor obviously it wouldn’t be a viable option if Alice had a laptop or if her keyboard used a connection other than USB or PS/2. (Keyghost, 2006)
Windows XP Administration account
Many people have logon passwords for the Windows XP accounts. What a lot of people do not know is how easy it is to reset the password, change the password or view the files from an administration or guest account. This can be done as follows:
Whilst the computer is loading on windows start up press F8 and force the computer into Safe Mode.
Logon into the Administrator account the default password is blank. Since many people are not even aware of the account the odds are that the password has not been changed.
Through this we can then access all the documents in the Luke account as you can see in the picture above we are logged into the Administrator account and it allows viewing of the other accounts files.
This would provide to Charlie a go around method for the windows login password. Charlie could do a number of things; firstly this would enable him to install a software key logger and secondly it would give him access to the normally restricted access other windows login accounts.
Windows password recovery software or retrieval software
Another method would be to use one of the programs that are available to recover lost or forgotten passwords. Advanced Windows XP Password recovery or AWPR is one of the many programs available on the internet. These programs recover the passwords of forgetful user but could prove useful to Charlie if Alice went on her coffee break/ lunch he could recover the logon password and come back at a later date, although it would be in Charlie’s best interests to try the methods mentioned above first. As Charlie needs to make his visits to Alice’s computer as least frequent as possible.
Active Password Changer V3.0 is a program, which does not need to be logged on to recover the password; the user creates a bootable disk from the programs installation package. This program however only allows you to reset the password and not recover it. Charlie would then be leaving too many tracks. This could make it difficult hiding the fact that he has entered here system
Observing using surveillance
Another way to obtain the passwords as well as the method of encryption is visual surveillance there are many wireless cameras available that could record on screen information and keyboard keys. A simple search in e-bay and many different surveillance options become available
New Awesome SupaTiny Wireless Spy Camera, (2006)
Other options include hidden cameras in smoke detectors and other office friendly devices. To use these options Charlie would have to thoroughly assess the situation. As leaving a physical device makes it obvious and leaves damaging evidence.
Social Engineering
Dating Alice
Given the correct circumstances Charlie could try and date Alice. It is well known that individuals who work for the company do the majority of computer fraud. As it means they are already inside the computer network and know the in’s and outs of the system. We could now make a further assumption that Charlie and Alice are work associates. This would make it much easier for Charlie to “seduce” Alice. Of course the correct circumstances would come about but this option is viable.
Security Officer or other important personnel
Charlie could impersonate an IT officer fixing the computer and doing “routine checkups” and ask Alice for her passwords and her methods of hiding files to retrieve the files.
Hoax email
Although there are many warning about hoax emails asking for passwords (especially banks) this option is also viable. Sending out an email asking a user to logon and check or validate their passwords giving access to the information.
Back Orifice/ Subseven
These programs create a back door entry into a computer allowing the attack to control the computer remotely, browse files on the system, take screen shots, open and close programs, remotely restart a computer and edit registry information. To do this though Charlie would have to install a small executable file on to Alice’s computer he could do this in a number of ways physically installing it himself in the 30 minute interval in this time he would also have to open up the ports of the computer through the virus software. Or through social engineering such as impersonating an IT security officer or computer advisor or sending out a hoax email that tricks the user into installing the package. Once the program has been installed Charlie would be able to access the files (assuming he already has the passwords) and breach the confidentiality of the files. (Backdoor.Subseven, 2006)
Physical written down password
This is probably the simplest and least plausible of all the methods but is viable. It is important for users to create complicated passwords but this leads users too needing to write down there password as a way of remembering it. Charlie could search the surrounding areas before attempting any other methods as a way of gaining access to the system and files.
Searching and obtaining files
Another method of obtaining the files is using the windows last file accessed search. Since the data is time sensitive, Alice is going to access the file to update it. Charlie could do a file search and see the last files accessed. And then use the passwords obtained through other methods to breach the confidentiality of the file.
This report contains the most viable ways that Charlie could breach the confidentiality of Alice’s files. With both hardware, such as physical keyloggers, mini video cameras and software, password recovery applications and back entry programs as an aid. Charlie could assess the situation and have multiple backup plans if the original plan fails.
References
Keyghost, (2006), Keyghost, Retrieved August 27, 2006, from http://www.keyghost.com/hardware-keylogger.htm
Koris, G. (2004), Backdoor.SubSeven Summary, Retrieved September 5, 2006 from http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99&tabid=2
Koris, G. (2004), Backdoor.SubSeven Technical details Retrieved September 5, 2006, from http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99&tabid=3
Lost Password Recovery for Windows XP 2003 2000 NT, (2006) Retrieved, September 5, 2006, from http://www.password-changer.com/
New Awesome SupaTiny Wireless Spy Camera, (2006), Retrieved, September 5, 2006 from http://cgi.ebay.com.au/New-Awesome-SupaTiny-Wireless-Spy-Camera-Top-Quality_W0QQitemZ150029230414QQihZ005QQcategoryZ14957QQrdZ1QQcmdZViewItem
Pfleeger. C. P & Pfleeger, S.L. (2003) Security in Computing 3rd Ed, Upper Saddle River, New Jersey, Prentice Hall Professional Technical
Quick_Logs, (2006) Retrieved, August 27, 2006, from http://www.quick-keylogger.com/images/screens/quick_logs.jpg
WideStep, (2006), Retrieved September 5th, 2006 from http://www.quick-keylogger.com/
Wikipedia (2006), Back Orifice 2000, Retrieved September 5, 2006, from http://en.wikipedia.org/wiki/Back_Orifice_2000