Friday, November 21, 2014

The suitcase of a digital spy

When James Bond needed technological tools, he went to hidden laboratories where they provided him with latest spy developments. A recorder clock, a ring with poison, or a bombproof car which was also useful to "show off" towards females.

Spies in the 21th century have at their disposal similar tools, but this time these tools are digital. They make their work easiera and force them to keep themselves contiously learning. As James Bond, they must also put them in their suitcase.

Eavesdropping is a classic. To perform such activity in the 21st century, the spy could perform a Masque Attack on the iOS enterprise applications upgrade system. He could change the binary of its apps or upload corrupted ones. He could also supplant legitimate apps and access all the encrypted content which the application has access to (old conversations, contacts, pictures, videos...).

But if his goal is to cause chaos within the target headquarters, he will probably know that any espionage mission can twist due to any single unexpected event. A proof of that is Stuxnet. This was a malware created as APT to slow down the Iranian nuclear race, a very specific product which should reach the computer that controlled the uranium centrifuges. It traveled all around the world and infected some US departments in its wat before settling on the chosen driver.

A lower level, it is CITADEL Trojan. Actually it is a great tool that cannot missed by any spy to bypass the robust protection of password managers, such as the open source ones KeePass and Password Safe.

The ignorance of the victims made this attacks success. Amnesty International has published Detekt to help them to look for spyware tracks on their devices. This open source project is free and has to be run with not connection to the Internet. 

Meanwhile more powerful methodologies and security techniques emerge. After TrueCrypt’s fall, which was the tool most commonly used for encrypting documents, we witness Veracrypt’s birth. It is born from an abandoned TrueCrypt’s encryption branch (fork).Iit arrieves to solve one of  its father’s weaknesses: brute force attacks. TrueCrypt used 2000 iterations to create a password using the same technique, while Veracrypt takes 655,331 iterations from the same algorithm, plus 500,000 from SHA-2 and Whirlpool, what will surely frustrate any spy’s attack trying to get information by applying this type of attack.

An spy is mainly a hacker in his area. The truth is that this term is very underrated outside the security industry. It is usually associated to cyber criminals, crackers and other cyberspace evil minds. But there are good hackers and spies who load their suitcases with digital tools to ensure our interests.


Post a Comment