09.01.2014

What interesting things you can find on someone's hard drive?

[The text was translated automatically by Google Translate] American journalist Adam Penenberg, recently conducted a very interesting experiment - hired hackers to see what information about his person able to obtain (and what damage the occasion to make), and then described both course attempts to hackers, how and to what managed to reach. It should be noted that virtually all of the important information acquired hackers gained only after gaining access to his home hard drive. This means that the greater the need to ensure the protection of hard drives - if they will acquire access to the data contained on them, it may be that any sums spent on protection against intrusion into their corporate or home network, were issued in vain. Sam journalist emphasizes the fact: "You only need to have enough patience and know-how to break through someone's privacy - and, if you so choose, to make destruction in its finances and destroy his reputation."

Adam Penenberg dozen years earlier, has already carried out a similar experiment - hired a private detective to find out what is able to find about it for a potential client, you have to have only his name and place of work. The results were: address, social security number (U.S. Social Security), mother's maiden name, salary, list of long distance calls, the amount of rent and utility bills, a list of bank accounts and a list of shares - all in just a week. The journalist then decided to repeat this experiment with the present state of technology and hired a professional firm conducting penetration tests as hackers designed to learn about it as much as possible, and that the strict condition of not breaking the law (in relation to anyone but himself and his wife) and not engaging in the children journalist (of course in the standard situation, hackers will not be so kind). The whole story is described on the website pando.com (from the perspective of a journalist), on the site blog.spiderlabs.com (from the perspective of hackers), and its Polish summary is available on the portal niebezpiecznik.pl to which it places refer interested (all used here photos come from one of these sources), but in this article we will look in detail only a matter of access to the hard drive.

How to get the victim's data?

Their actions with SpiderLabs hackers began by gathering as much as possible information about the victim, including, inter alia, the address of his home and office, that is a fan of Apple products, and that his wife runs a pilates exercise studio. On this basis, prepare a preliminary plan, comprising nine faculties and methods of attack:

  1. Planned directions of activities of hackersPhysical breaking into the house of the journalist and install malicious software on your computer
  2. Identification of the home WiFi network and the attack on the WPS
  3. DoS on the wireless router and the substitution of another with the same SSID to take traffic
  4. Sending email malware journalist and his wife
  5. The attack on the corporate network journalist wife
  6. The attack on the network in the office of the journalist (and possibly gain access to his laptop, if the opportunity arose)
  7. Toss infected USB drives around the house and in the company of his journalist wife
  8. Entice a journalist to visit a specially crafted blog, which could infect his computer
  9. Establishing cooperation with the designer blog of journalist that has done a similar blog for hackers, so they could steal his identity in order to gain control over the blog of Adam

Noticeable is the lack of attempts to obtain the hard disk, but many of these courses focused on gaining access to it - probably resulted from the fact that hackers have gotten this information seamlessly as possible, but if a journalist (or his wife), just get rid of the disk drive, it most likely would not have been missed by them.

Defeats and victory

One of the devices used by hackersSome attacks have proven to be impossible , or failed - to break into his home or office would require passage through the territory of other people (that would break the rules in relation to someone other than a journalist ) , identification of the home network in the jungle around 1200 local networks proved to be too difficult, and no one not interested in podrzuconym stick in the company of his wife . Vigilant neighbors partly przepłoszyli also watching his apartment hackers - they were forced to examine their domestic habits of a little further away - with rental car through binoculars from a nearby park and through the window of a building opposite the work of his wife. One of the attacks failed as a result of laziness journalist - in one of his articles he wrote that has too many books in the basement and invites anyone who feels like it, so they took some books and drove to the freely chosen by one another library or foundation Others with devices used by hackers- hackers immediately used this opportunity and the substituted person wanted to get inside the house, but eventually journalist appealed the invitation , explaining that he must first catalog your books. Another attack proved to be unsuccessful due to the very old software computer at work of the journalist 's wife , in which the substituted person asked for the ability to print the "CV" needed for a job interview to be held immediately after a Pilates class - the software was not updated so long ago that the designer malicious the software does not take into account that the more anyone could use it, which - paradoxically - this time the owner was protected from attack.

Hackers lurking in one of the rented carAnother attack failed due caution Adam - he received the "prospective student journalism" question about some of the issues relating to the university where he taught, and the attachment of the portfolio in the formations. Jar - it was unknown journalist, file type, so it did not open . On a side note, you can add that it is a very sensible attitude: if you do not know the type of file sent to us, and the more so if it is obtained from someone, you should never open it.

One of the emails used to attackHis wife, unfortunately, was not so careful and opened the file. Jar of potential candidates for the employee ( the hackers used the data and the history of a real person , under which the podszyli and who knew nothing about it - they took the information from the website, they used only their own address e-mail), but fortunately her favored because malware hidden in the video from the portfolio of the candidates was a mistake (the author did not foresee that it should restart your computer after returning from sleep mode - the program had worked at the restarts, but not advised deal with trivial closure of the computer screen). Hackers, however, quickly fix the mistake, explaining that " the video does not work, because it was the first time I send the portfolio to be played on a Mac, but it sends the version that should be open" - and, actually opened - giving hackers complete access to her computer was ever connected to the Internet. At this point, the previous failures ceased to have meaning - found their Eldorado. The attacker is because the luxury that can attack from many directions, and it is enough to succeed the only one of his attacks - the victim must defend themselves against each.

What hackers have found on the hard drive?

It turned out that the journalist's wife computer was everything what the hackers needed:

  • tax returns, including all important personal and financial information the whole family.
  • copies of credit cards
  • bank statements
  • encrypted password stored in the system (they could not read them without knowing the root password, but have created a simple application who asks the user to re-enter the main password - encryption, and soon ceased to be a problem)
  • home WiFi network data (along with the slogan - now no longer be able to connect to it)
  • login and password to the main bank account of the family of the journalist in the bank (and the cookies allow binary authentication bypass required the bank to log in with previously unknown computer or network)

This in itself was a lot and would zruinować his family financially if hackers as they chose, but they were not all findings - so in his wife's computer, on the disk were old files of a journalist. A few years earlier gave her my old laptop without bothering to remove the data beforehand. After a few months the old laptop is lit - melted keyboard and motherboard, hard disk, however, survived the fire. Support the store, which carried the remains of a laptop, moved the old drive to the new laptop - and it started. Then the same old drive was transferred to two or even three more and newer computers and all these years the old files of the journalist were transferred together with the drive, completely without his conscious knowledge on the subject.

Do you after so many years on the disk could remain something of value?

Hackers searching the home environment - artwork by Adam PenenbergaOne of the stored files contained passwords for various online accounts journalist, including the Amazon store. You might say: So what? But it is precisely here lay the key success of the team of hackers. That journalist, like many people, has developed an own system of creating passwords - obviously for him, but difficult for others to guess. However, if the hackers were able to compare these write a number of old passwords, in a fairly short time unmasked journalist method - by which they gained access to all of its accounts, wherever he opened them.

The results of the lack of destruction of data from the old disk

Hackers breaking into your computer - graphics by Adam PenenbergaThanks forgotten found on the unused for many years by the journalist hard drive, hackers took over his Twitter account, Facebook, Amazon ordered 100 plastic spiders delivered to his house, broke into his account in the cloud iCloud and sent from there to the e-mail with information: "We were here." Being in the cloud activated the app "Find My iPhone" which, thanks to Apple also operates in relation to laptops - the result of its action was to switch the laptop and a mobile journalist mode "stolen": the laptop is locked, has reset and displays a field for entering a special password owner to unlock the phone is locked and began frantically beeping and vibrating.

If hackers had bad intentions, it would no doubt do a lot more, like the: zruinować him financially, destroy his reputation, to impersonate him and for a time in his name to commit crimes ...

The need for effective data destruction

It can therefore be seen as a great danger associated with the lack of effective removal of data. Indeed, if the old data has been irretrievably destroyed, the final results of hackers would be significantly less - or at least require the involvement of a lot more money from them. The modern state of the art, and examples of recovering lost data show that a truly effective removal of data from the hard drive is really difficult - most methods only makes it difficult, or increasing the cost of their recovery. Currently, the only methods of data destruction that will leave even the material for analysis by experts are chemical methods, as technology LiquiDATA, dissolving discs in liquid, and thermal methods, changing them in the dust.

Journalist, summarizing the story, said that although the changed passwords and logins, it ceased to delude ourselves that it is safe from prying eyes - if someone really matters is having the right skills, resources and determination, it is able to reach the private data of each (let us add: who they effectively destroyed the earlier) and ended his article with the words: "and if I'm not safe, are you?"