Portable apps make portable hacks

I recently posted an article about the instant message program Pidgin being insecure. However, I think insecure needs to be defined a little bit more. I was watching a recent episode of the TV show Leverage. In the show they have a hacker named Hardison that has incredible hacking skills that would make you cry. Most of his skills are totally impossible TV hacking but I’m still entertained because it doesn’t insult your intelligence. In watching the show though, I’ve found that many of the hacks that are done on the show can be performed on many computer networks because people have such poor security methods. Today, I’m going to talk about the easiest one. Walking in with a USB stick and using a portable application or by booting the computer with a LiveCD.

You may not be sure what I’m talking about but some programs for a computer can be run strictly from a USB stick. These cheap $10 memory sticks can be purchased almost anywhere these days and you can even get them at conventions from people trying to get you to look at their products. Simply delete their data off of it and I give it to my neices and nephews for school and games. Well, you can do more than that.You can buy a new one or one with a small amount of memory and use it to hack a computer.

The process is simple. I’ll explain the process not for hackers but for the techno savvy to understand how to prevent it from happening. Simply pugging a memory stick into a computer and having the portable versions of Wireshark, SIW, tor, RealVNC and winscp gives you all the tools you need to plug into a Windows machine find all the saved passwords and wireless access codes on that computer and scan for ones being input by other computers on that network and send them to your computer offsite without being tracked. Some processes could be scripted with a little work so the USB stick just has to be stuck into the computer and the rest just runs.

The other security threat is a LiveCD. Anyone could make one of these now days with a Linux distribution of choice. All the person needs to do is boot your computer with this LiveCD or LiveUSB stick. Once booted it can have scripts to find everything it needs to find. Learn everything it needs to learn and send it offsite or save directly to some portable drive (even the LiveUSB stick) everything it learned. It’s scary because when they shut the computer down you’d have no idea that you’d been hacked because there would be no log of the attack and everything would boot up as normal the next time.

This is scary stuff. If I’ve heard it once I’ve heard it a million times, “I don’t have anything important enough on my computer for anyone to hack me.” You’d definitely be surprised. Your computer can sometimes give someone all the information they need to assume your identity or attack someone higher up the food chain and make it look like you. I will never forget being a young IT director and getting a Windows NT box hacked and the hackers using it as a jumping off point to 3M. 3M tracked the IP address of the attack back to my company.Learn from me. Don’t let this happen to you. Lock down everything you don’t use on your firewall and in your permissions.

For more information or help with this please feel free to email me at: phillip@banksnetworking.com .

Leave a Reply

You must be logged in to post a comment.