How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Friday, May 29, 2015

PHDays V. Day First: How to Intercept SMS and Hack Satellite

Positive Hack Days launched on May 26, and on the very first day, cybersecurity experts demonstrated various techniques that are used to hack ATMs, online banking systems, mobile carriers' networks, energy, transport, and industrial companies. More than 50 reports were presented at the Word Trade Center. A number of hands-on labs, round tables were held as well. The organizer provided several video streams to broadcast the most interesting events on the forum's website.

Damage caused by a cyberattack can be measured in billions of dollars, while its actual cost is rather low. According to the Positive Research center, anyone with less than 10,000 dollars is able to gain remote access to somebody else's SIM card, which means access to the subscriber's traffic, SMS, calls and location data. Twenty percent of SIM cards are vulnerable to such attacks. It is also possible to obtain a subscriber's confidential information by attacking his mobile carrier's equipment. An attack on a GSM cell can cost about 1,000 dollars. To hack a base station, an intruder might need only a PC and access to the SS7 network.

Banking systems keep pace with the telecommunications sector. An ATM can hold 10 million rubles. And when it comes to hacking the cash machine, you might only need a Raspberry Pi for $60. Last year, Russia took second place in the world (after Palestine) for the quantity of ATMs that can be detected by special search engines and remotely reprogrammed by using insecure protocols and exploiting numerous vulnerabilities in Windows XP. The situation with e-money is not much better.

In 2014, 70% of Android applications and 50% iOS apps contained vulnerabilities that gave access to an e-money account.

Devices that seem harmless at first sight, such as wireless USB modems, can also constitute a danger to users. Mobile operating system developers are slick at fixing vulnerabilities, while modem firmware developers haven't paid much attention to security until recently. According to Positive Technologies researchers, 27 out of 30 firmwares contained critical vulnerabilities. Timur Yunusov presented a report, which reveals how easy it is for an intruder to enable automatic identification and infection of 4G modems in order to intercept traffic, manipulate an account and SMS, break into a computer connected to such a modem.

The philosophical conception of PHDays V involved certain elements of cosmological theories. However, practical aspects were as well in the range of interest, which is why the forum's organizer held the session named Amateur Radio for Space Communication. Speakers discussed information security of space stations; in particular, they discussed the Fobos-Grunt crash considering a version based on external influence. The radio amateur Dmitry Pashkov claims that it is quite possible to jam signals between a control center and a spacecraft¬. You will find the necessary equipment in any electronics store. Except for an antenna— you'll have to make it by yourself. By using homemade devices, Dmitry managed to obtain solar eclipse images from Meteor-M No. 2 (a Roscosmos satellite) and to get the most up-to-date weather forecast.

How to Protect

A more effective fight against vulnerabilities in information systems and measures for protection of national interests have been discussed at the most "governmental" section — Today's Russia in Unfriendly Cyberworld.

Dmitry Finogenov (FSB department #8), Alexander Radovitsky (RF Ministry of Foreign Affairs), Alexander Baranov (Federal Tax Service), Vadim Dengin, Andrey Tumanov, and Ilya Kostunov (deputies of the State Duma) took part in the discussion. Alexey Andreev (Positive Technologies) and Alexey Lukatsky (Cisco) were speaking on the part of the expert community.

The government officials promised that a new Russian IS concept would have been published by the end of 2015. Vadim Dengin urged Russian Internet users (over 70 million people at the moment) to always be responsible for their words (in court as well) and said, that the security of citizens, data privacy in particular, was the task #1 for the government; therefore, the federal law on data processing center (DPC) transfer to the Russian territory won't be postponed. "The international business totally agrees with that," he said. Vadim's colleague Ilya Kostunov had recently revealed that Google Analytics was installed in all the Russian governmental bodies. Thus, he made an inquiry to the Prosecutor General's Office and Ministry of Economic Development. Ilya mentioned that Russia had had an opportunity to launch its own payment system with chip cards back in 2000.


 When securing data in large companies with extensive infrastructures, they say, "A chain is only as strong as its weakest link". Natalya Kukanova from Yandex mentioned in her report — Pig in a Poke: M&A Security Issues — that Yandex deducts the cost of vulnerability elimination from the profit when acquiring third-party projects.

Not only can a large business have growth problems. There are several events traditionally held at PHDays on supporting and promoting IS ideas and solutions. Almaz Capital, a venture capital fund that was represented by managing partner Alexander Galitsky and general partner Geoffrey Baehr, organized an open contest among startups in IS. Moreover, Geoffrey Baehr told about 18 IS startups fighting for 1.5 million rubles and gave some advice to the founders of the new companies.


Photo @AlmazCapital

The PHDays V organizers  held a round-table discussion on making an international community of "white hats". Among the participants were the organizers of the top hacker conferences — CanSecWest (Canada), Vangelis and Power of Community (Korea), H2HC (Brazil), CodeBlue (Japan), Chaos Communication Congress (Germany), ZeroNights and PHDays (Russia).

The first day ended with reading the best short stories out of 200 works sent for the Hacked Future contest. Bruce Sterling, the father of cyberpunk fiction, had made the decision on the final standings, and then the MDS team read out the stories about cybernetic Trojans, devourers and head controllers to the forum participants.

The winners of the Hacked Future contest:
  • I place — Pavel Gubarev ("Uncle Zhenya")
  • II place — Alexander Matukhin ("Prestige")
  • III place — Dmitry Bogutsky ("Casting Dice")
  • IV place was shared between Mikhail Savelichev ("Sixty Deaths of Axis Maria"), Nikolay Murzin and Timur Denisov under the pseudonym "Rumit Kin" ("The Numb Man"), and Juliana Lebedinskaya ("Shadow and Eliza").

29 comments:

  1. Taking part in contests gives a lot of opportunities: you can find a team for your start up, create a project or find a job. So I admire people who are all the time taking part in different competitions. By the way, I was on a writing contest and in such way I got to handmade writings as a custom writer.

    ReplyDelete
  2. The damage occurred by the site attackers leads to a lot of loss around the 100 million dollars. It must be tracked and prevent . The expert must take care of this. The research paper writing service is doing a online essay writing service.

    ReplyDelete
  3. –°ontest is always an important part of life of a person who tries to reach any goals he or she decides to reach! Such kinds of activity help people to motivate themselves and to understand which of his or her skills are worth improving. In such a way, I improved my own skills in writing. Today I`m freelancing on one of the custom writing services. That`s great when you have nice results after you`ve worked hard.

    ReplyDelete
  4. It's so funny to read that Russians are the heads of this community while this country still remains a womb of unpunished black soft and hack attacks. I won't wonder if these guys will be revealed as a beginners of this hack company. By the way, thanks for your thoughts. A good idea for my upcoming 4-page essay and maybe further research.

    ReplyDelete
  5. hey guys try this game is very good and download it and play on you phone and enjoy download now

    ReplyDelete
  6. It's imperative to settle on savvy shopping decisions. Test drive a few portable workstations previously picking. Trial until the point when you feel totally good with your last decision. Visit Best Laptops

    ReplyDelete
  7. There are so many types of sewing machines starting from traditional machines to electric machines and from electronic ones to computerized sewing machines

    ReplyDelete
  8. Book Mumbai to lonavala Cabs Online at cabs2go Car Rentals. Trust cabs2go for the Best mumbai to Lonavala taxi service

    ReplyDelete
  9. cabs2go cab Rental from Mumbai to Shirdi and get best Best Deals on your cab booking. Hire taxi for full day from Mumbai to Shirdi. Taxi Rental services available for all types of cab

    mumbai to shirdi cab

    ReplyDelete
  10. Well, it's really interesting, although I would not mind seeing how it works.

    ReplyDelete
  11. radar detector beltronicse and helpful!! Good quality content!! You can now get the best rooting app for all devices!! Towelroot Apk This is one of the most efficient and safe apk for rooting!! Also the best rated app for 201
    kickass torrent proxy that worksxample, your friend might ask, “Are you going to the party this weekend?” The definite article tells you that your friend is referring to a specific party that both of you know about. The definite article can be used with singular, plural, or unco
    extra torrent application free download
    dolby atmos appication free
    fusion kodi couldn't connect to network server
    free netflix premium account email and password

    Anonymous Dingo has left the document.
    The definite article is the word the. It limits the meaning of a noun to one particular thing. For example, your friend might ask, “Are you going to the party this weekend?” The definite article tells you that your friend is referring to a specific party that both of you know about. The definite article can be used

    ReplyDelete
  12. The Board Of Intermediate Education, Andhra Pradesh has held the 1st Year and 2nd Year Intermediate Exams in March 2018 at various allocated Examination centers across the Andhra Pradesh State.

    manabadi.com

    ReplyDelete

  13. kickass torrent proxy working
    is the product of our contemporary society and as a result biographical truths are constantly shifting. So the history biographers write about will not be the way that it happened; it will be the way they remembered it.[14] Debates have also arisen concerning the importance of space in life-writing.[15]

    Daniel R. Meister in 2017 argues that:

    Biography Studies is emerging as an independent discipline, especially in the Netherlands. This Dutch School of biography is moving biography studies away from the less scholarly life writing tradition and towards history by encouraging its practitioners to utilize an approach adapted from microhistory.[16]
    Biographical research
    Biographical research is defined by Miller as a research method that collects and analyses a person's whole life, or portion of a life, through the in-depth and unstructured interview, or sometimes reinforced by semi-structured interview or personal documents.[17] It is a way of viewing social life in procedural terms, rather than static terms. The information can come from "oral history, personal narrative, biography and autobiography” or "diaries, letters, memoranda and other materials".[18] The central aim of biographical research is producing rich descriptions of persons or "conceptualise structural types of actions" which means to "understand t
    netflix free account hack no survey
    freebypassapk
    tutu app hack
    thevideo.me pair kodi

    ReplyDelete
  14. It's really very detailed article on this topic. I'm sure that you spent a lot of time at its writing. This is a very worthwhile advice, thank you for that. I recently read a very good article of a professional writer on this subject. For more info you may check it by yourself here. Good luck!
    custom academic writing services
    academic writing service uk
    academic writing services uk
    academic writing services
    academic writing service
    buy term papers
    coursework editing service
    research paper editing
    coursework editing services
    article writing service uk
    phd coursework writing
    term paper editing
    academic writing consultants
    buy coursework editing

    ReplyDelete
  15. So to get iMessage on pc the very first thing to do is to verify the application on the machine you are using. Just look for the Messages In the spotlight search or using via your folder of Applications.

    imessage for windows

    ReplyDelete
  16. For those who are not familiar with the term anime series here is a small explanation for you. Anime is a special Japanese animation art form from all genres found in movies.

    anime haven

    ReplyDelete
  17. I write my thesis paper on the topic of cybersecurity. Could you be more accurate with statistics and provide the sources you used for the research? I found on essay-helpwriting.org only the structure I can use for my thesis.

    ReplyDelete
  18. Kickass Proxy Sites that is helpful for download movies, TV show

    ReplyDelete
  19. It is very interesting to read about how to Intercept SMS and Hack Satellite.I found a lot of interesting things for myself! I've been working on this topic for a long time on this site https://papers-writings.com/ and want to further develop it

    ReplyDelete
  20. This comment has been removed by the author.

    ReplyDelete
  21. thanks for sharing information about these blod and also download Dolby Atmos app

    ReplyDelete
  22. Very Interesting and wonderful information keep sharing this post kindly check
    amazon prime video anime

    ReplyDelete
  23. great post. Thanks for sharing this information.Tutuapp APK
    Google duo

    ReplyDelete
  24. Great for PHDays V. Day First: How to Intercept SMS and Hack Satellite
    torrent mirror websites

    ReplyDelete