What is SSL/TLS?

Have you ever wondered if the information you exchange over the web is secure? When you visit a website, you start the communication between your computer’s web browser and the web server the site is hosted on. You want to ensure that this webserver is guarding and encrypting your important personal information.

Brief History

Secure Socket Layer (SSL) was created in 1994 by Netscape and was succeeded by Transport Layer Security (TLS) in 1999. We are currently at TLS 1.3 which is was published in August 2018. Although most sites are still utilizing TLS 1.2, TLS 1.3 utilizes stronger message authentication and key-material generation and other encryption algorithms which boosts security, performance, and privacy over it’s predecessor (SSL).

How does it work?

Simply put, the webserver issues a SSL/TLS certificate which acts like a drivers license. You don’t own this drivers license certificate though, the web server does. Once issued to you, it is used to grant you permission (or authenticate your session) to enter their website. All communication with the site is encrypted to protect your personal information. You will most likely notice a site is secured when the padlock icon appears in your web browsers address bar.

This process is called a “handshake.” To provide confidentiality of data exchanged through the handshake, the user and the webserver agree an encryption algorithm and shared secret key is to be used for one session only. Any communication exchanged is encrypted and ensures the data exchanged remains private even if it is intercepted. For example, imagine two business men in black suits. One is a dealer (webserver) and the other is the buyer (user). The buyer visits the dealer who gives him a code-locked briefcase (protected information) and a temporary code (certificate) to unlock it. Only the buyer and dealer knows this temporary code. The buyer unlocks the briefcase with the temporary key and adds more information, exchanges data, etc…then locks the briefcase (encryption) and gives it back to the dealer. Once the dealer receives the locked briefcase and processes the new information received, the deal is terminated when the buyer agrees (website is closed or computer is turned off, session ends). The code for the code-locked briefcase changes thus ensuring the data exchanged is secured. Every time the buyer visits the dealer, he is issued a new temporary code to review or make changes to the data exchanged.

Why it matters?

When you exchange your private information over the web, don’t you want to ensure that it is secured? TLS encrypts information you exchange over the web, thus protecting you, your information, and your identity by preventing cyber attackers from spying on your logins, credit card data, and personal data.

Next time you visit a website even if it looks trustworthy, verify that it is utilizing TLS 1.2 or TLS 1.3. You can do this by checking if there is a padlock icon on your web browser address bar. Depending on your web browser, click on the padlock and click on “more information” to view what version of TLS the webserver is utilizing to encrypt your data.

Sources:
TheSSLStore.com – What is an SSL/TLS Certificate?
IBM – How SSL and TLS provide authentication
Internet Society – TLS Basics
Kinsta – An Overview of TLS 1.3 – Faster and More Secure

The release of 5G is drawing near. This new airwave technology (new to the public) is promised to provide “supercharged speeds” faster than it’s lightning predecessor, the 4G. New technology such as self-driving cars and virtual reality will be able to utilize it’s low latency to bring a smooth experience and seamless entertainment to consumers. Most importantly, it promises to protect consumers against International Mobile Subscriber Identity (IMSI) catchers, but recent research has identified a security vulnerability.

Before we start, here is this weeks decipher:

• Authentication and Key Agreement (AKA) – the method of how phones communicate with cellular networks securely.
• International Mobile Subscriber Identity (IMSI) catchers – Devices that pretend to be cell towers to spy on calls, messages, and call location details by intercepting phone signals. The FBI and police officers use a similar surveillance technology called “Stingray”.
• Latency – the delay time and response before a transfer of data begins following instructions for transfer.
• Backwards compatibility – a piece of hardware or software that is capable of working with older pieces of hardware or software without modification.

Researches from Technical University in Berlin, ETH Zurich and SINTEF Digital Norway discovered an AKA vulnerability that poses privacy threats to the new high-speed protocol “5G”, months before it is deployed for public use. This also affects 3G and 4G cellular networks as well through it’s backwards compatibility. The vulnerability allows IMSI catchers to trick AKA’s into thinking the connection is secure and providing sensitive data. This opens up many privacy threats as it can be used to provide data and location on political figures, threaten U.S. national and economic security, or spying on you!

There is still yet time and room for improvement for this new airwave technology. Third Generation Partnership Project (3GPP) and GSM Association (GSMA) have acknowledged the findings and have taken action to improve 5G security protocols. Until further proof from 3GPP, IMSI catcher attacks are still possible against upgraded 5G-AKA protocols.

Before your next device purchase supporting 5G, consider and research if this threat has been remedied. This blog is not to sway you from any future purchases, but to keep you informed and aware of any vulnerabilities you might be exposed to, if not already exposed by the world wide web. This technology is much needed yes, but we should consider any privacy and security concerns that may jeopardize ourselves and our nation before prematurely releasing new technology to the public. Let’s protect everyone by not providing cyber attackers with more tools to do their worse.

Sources:
5G Network Security Flaw Discovered! FaceTime Disabled – ThreatWire
Research Paper on New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols
ZDNet – New security flaw impacts 5G, 4G, and 3G
cnet – Security flaw allows for spying over 5G, researchers warn
cnet – Homeland Security has detected phone spying devices in DC

As requested by ctrlf4blog, I will cover two important questions:

1. How does an individual get hacked?
2. What are some simple actions you can take to increase your security?

A few important keywords deciphered to clear up the fog (metaphorically blogging):

• User – we refer a person who use computers as a user.
• Cyber Attack – an act or acts of attempted theft methodically organized to steal a person’s or people’s valuables.
• Hack – the tool used in the act to steal a person’s or people’s valuables.
• Hacked – when the person’s or people’s valuables have been stolen.
• Asset – for short, we will use this word to describe a person’s valuables, sensitive data, private information, financial information, and secrets.
• VPN (Virtual Private Network) – an application that encrypts all your data before putting it on the internet and protecting that data from being read or modified by unauthorized and unintended individuals.
• Malware – evil software installed on a computer system(s) that is intended to damage, steal, disrupt, or gain unauthorized access assets.
• Cookie – a small file created when browsing to a website that stores the user’s data to identify who they are when visiting a website. Cookies are stored on a user’s computer.

There are numerous ways an individual can get hacked that would probably require a whole article written on this. I’ve listed a few credible and detailed sources below for interested readers. I will cover the top 12 most common and effective hacking techniques. These hacks are common, because they work against the “common” people. With the right education, even common people can be turned into smart people.

Top 12 Most Common Hacks and How to Prevent Them

• Fake Wireless Access Point (WAP)
  • Description: occurs when a person connects to a fake wireless network located in a public area such as coffee shops, hotels, or airports.
  • How it happens: when the connection is made, the hacker monitors and changes the internet connection to steal valuable assets from people.
  • Simple preventative actions: best method is to never connect to an unsecured wifi network that is not password protected. Always verify that the wireless network you are accessing is a trusted sourced by asking the employee behind the counter for the wifi network name and password. A recommended option is to use a VPN to encrypt your data.
     
• Bait and Switch
  • Description: also known as “Click Bait”, occurs when a person clicks on a fake ad that directs the person to malicious sites.
  • How it happens: when the malicious site is visited, the hacker can automatically upload malware to the person’s system and enforce clickjacking or browser locking (described below in Browser Locker and Clickjacking/UI Redress).
  • Simple preventative actions: don’t click on ads you don’t trust and use a secure browser with an ad-blocker program. Some anti-virus software support opening browsers in a secured state that blocks ad. Some VPN features like NordVPN’s Cybersec blocks site redirection to malicious sites.
     
• Credential Re-use
  • Description: when a person uses the same login and password (referred to as credentials) across multiple sites.
  • How it happens:  in the event of data breach’s on one of those multiple sites, the password is re-used across the multiple sites and possibly others to access a person’s assets.
  • Simple preventative actions: best practice is to not use the same password for multiple sites, sometimes even variations of the same password doesn’t help. Another good practice is to change your passwords frequently to something that wasn’t previously used or currently used on another website.
     
• Browser Locker
  • Description: also known as ransomware, is an annoyingly malicious popup that appears on an individuals screen and prevents the user from performing any actions. This action holds the users computer hostage and provides a fake link to tech support link.
  • How it happens: an average user that doesn’t know what to do unknowingly clicks the link which then demands the user for payment to remove the virus. The users assets are compromised and the computer is still locked.
  • Simple preventative actions: purchase anti-virus software that blocks browsing to malicious sites. A Ctrl+Alt+Del to end the browsers task or an Alt+F4 can usually force close the window. Some VPN features like NordVPN’s Cybersec blocks site redirection to malicious sites.
     
• Macro Malware in Documents
  • Description: an insidious malware that runs a macro when opening many documents such as those that end  in .doc or .pdf. Usually the document will prompt the user if they want to run the macro.
  • How it happens: If the user authorizes the macro to run on the document, the macro will run a hack that opens numerous vulnerabilities in your system, putting you at the hacker’s mercy and allowing them to control your computer.
  • Simple preventative actions: Never open documents from non-trusted sources. If it is a trusted source, ask what the macro is and what it does and if there’s supposed to be a macro. Anti-virus software’s usually have features that detect infected documents and prevents users from opening them.
     
• Cookie Theft / Sidejacking / Session Hijacking
  • Description: cookies identify who you are on a website and keeps track of when users login and logout of their accounts. Whenever a user logs in to their account, the websites sends them a cookie (creates a cookie) usually through a secure connection to authenticate the user so they can stay logged in to the website without immediately getting logged off.
  • How it happens: because cookies are like an ID card that badges you into a secure location, a hacker can steal this ID card (cookie) and exploit this through an insecure connection to change a number of settings to hijack your account and pretend to be you.
  • Simple preventative actions: Accessing sites through a VPN connection is a safe method, but also ensuring that you are visiting and entering data on a secured website (HTTPS and not HTTP) that you trust will prevent cookie thefts. Keep in mind, HTTPS, although considered secure, could be a website that has been hacked or fake, so be wary and only provide information to trusted sources. Setting your browser to clear your cookies after every session will help to prevent cookie theft as well.
     
• Internet of Things (IoT) Attacks
  • Description: Smart devices such as wireless cameras and security alarm systems are vulnerable to cyber attacks as they do not have strong security features. Factory default passwords are usually the same and unchanged by users, meaning anyone can login to them.
  • How it happens: hackers from anywhere around the world can hack into the smart device and disable the security alarm system to break into your home. They can also use these devices to launch orchestrated attacks on targeted servers known as Botnets.
  • Simple preventative actions: Always change the factory default password when configuring your smart device. Some VPN services support smart devices, however encrypting the connection means that even you will not be able to access and communicate with the device from the internet.
     
• Distributed Denial of Service (DDoS) Attacks
  • Description: Although it doesn’t target or hurt the individual affected, it occurs when your system’s bandwidth is stolen to send numerous requests to the intended target to for shut the target’s servers down.
  • How it happens: the hacker infects multiple users computers with malware that can be achieved through any of the 12 listed attacks and more. Your system then becomes a small part of an army of bots (botnet) that the hacker can call upon at anytime to participate in an attack.
  • Simple preventative actions: having Anti-Virus/Anti-Malware software installed can prevent you from getting infected by these bots, recruiting your devices into this bot army. Some VPN such as NordVPN’s Cybersec feature blocks your computer from connecting to botnet commands and control servers.
     
• Phishing
  • Description: targets the user, not the machine by tricking users through convincing emails, messages, or ads.
  • How it happens: convinced user’s provide the credentials needed to access the user’s assets, giving hackers the key to the lock.
  • Simple preventative actions: Never provide your login ID or password to anyone over the internet. This information should only be provided to trusted individuals face to face. If you aren’t expecting a file from someone, don’t download it until you can verify it is 100% safe.
     
• Clickjacking/UI Redress
  • Description: occurs when malicious or compromised websites are implemented with an invisible frame over the website being viewed. This invisible frame has invisible buttons over existing buttons and tracks your mouse cursor.
  • How it happens: when the user clicks on a button, the invisible button they cannot see is executing another action that the user isn’t aware of, such as unlocking your camera, microphone, or agreeing to a purchase.
  • Simple preventative actions: always use a secure browser with built-an adblocker or script-blocker plugin. Some Anti-Virus software’s block ad’s that have been identified for clickjacking.
     
• Man-in-the-Middle (MITM) Attacks
  • Description: occurs when a hacker invisibly inserts themselves between a user and the server the user is communicating with. Can occur when connected to fake WAP’s.
  • How it happens: The hacker can clone your communication, gaining access to all your assets. In the event of a financial transaction, you may see your money purchasing a product, but the hacker may have modified the transaction to send money into his account.
  • Simple preventative actions: use secure and encrypted connections such as VPN’s to ncrypt sensitive data over the internet. This prevents hackers from modifying the data. When making purchases, always verify your transactions processed as intended through your bank and the seller’s website.

Sources:
NordVPN – Hacking
Malwarebytes – Hacker
Rapid7 – Types of Attacks
Pixel Privacy – Have you been hacked?
WhatIsMyIpAddress – I’ve been hacked! What do I do?

As the number of days grow during this partial federal government shutdown, U.S. Cybersecurity weakens. The safety of our nation is more at risk to cyber attacks as the federal Cybersecurity division remains understaffed. Concerns arise such that security guidelines by the National Institute of Standards and Technology (NIST) are outdated, intrusions are missed, security weakens when passwords are reset, and skilled unemployed staff migrate to private companies.

A few important keywords deciphered to give you some background:

• National Institute of Standards and Technology (NIST) – a division of U.S. Department of Commerce that provides measurements and standards for a vast amount of products and services that rely on technology.
• TLS Certificates – Transport Layer security is an updated and more secure version of Secure Sockets Layer (SSL) that uses a form of encryption comes in pairs of keys. One key encrypts data and can only be decrypted with the paired (second) key. that to provide end-to-end security of data sent between applications over the internet to ensure privacy of messages or data sent.
• Backdoor – in terms of hacking, it is a secret and undocumented path that allows hackers to illegally access a network, system, or application.

Outdated NIST Security Guidelines

Due to government funding, the Cybersecurity division NIST was left understaffed and security guidelines outdated. Many security companies depend on NIST guidelines as a standard to:

• Determine security tools required to test systems for vulnerability and reconnaissance
• Develop security technology and encryption plans to protect systems from cyber attacks
• Design and implement security measures to respond and resolve cybersecurity attacks

When visiting their website, companies have been left in the dark and greeted with the following message:

Undetected Infiltration’s

A backlog of log files to be reviewed is piling up. Because of time limits, there is a probability that old log files may never get analyzed for successful infiltration’s. As the shutdown extends, this allows plenty of time for hackers (or cyber attackers) who successfully infiltrated government networks to perform malicious actions and create a backdoor, giving hackers the ability to re-access the network after government operations have resumed.

Security of Password Resets

People forget passwords, especially if it hasn’t been used for a month. Password resets are likely to be enforced when employees return to work. If a hacker already established a backdoor or deployed malicious software, regardless if a password reset is enforced, old passwords and new passwords would be easily available for hackers.

In a different scenario: if hackers did not successfully infiltrate or deploy malicious software. It is a likely possibility that the requirements for password resets may be less strict, allowing employees to re-use old passwords or require fewer characters. These are examples of bad security policies for password management as hackers know people re-use passwords and fewer characters mean weak passwords and fewer attempts to match passwords

Difficulty Filling Vacant Government Cybersecurity Positions

Because of politics, the shutdown has left many employees without a paycheck. A number of them have sought out employment with private agencies in fear of not having a steady paycheck, missing out on better opportunities, or living the corporate life. A major shortage of cybersecurity professionals already exists in both public and private sectors, thus making recruitment of new talent more difficult for the federal government.

The extended government shutdown thins the ice for U.S. Cybersecurity. We are at risk because of politics, leaving many employees unemployed, and thinning cybersecurity staff. As NIST security guidelines remain outdated, other cybersecurity companies are left at risk to cyber attacks. Infiltration’s are occurring and allowing hackers time to create malicious counter measures to tackle password resets and keep backdoor hidden. Talented cybersecurity professionals who protected the country are left without a paycheck to pay their bills and support their families for their public service.

While politics continue and put the government at a pause, cyber attacks don’t and instead take advantage of this moment. This makes increases the challenge for cybersecurity professionals. In order to improve cybersecurity, these risks need to be considered.

Sources
CBS News – Cybersecurity Risks During Government Shutdown
Venture Beat – 5 Ways The Government Shutdown Is Impacting US Cybersecurity

Cybersecurity is the protection of any computer systems, networks, and digital sensitive data from cyber attacks – attacks over an offline or online network connection. Cyber attacks include threats that pose physical harm to a computer system or unauthorized access to a computer system, application, or network. The goal of cybersecurity is to create defensive measures to protect people and organizations from such threats.

Some facts:

• As of 2018, over 55.1% of the world has internet access
• 147.9 million people were compromised from the Equifax breach
• Worldwide cybersecurity spending expected to exceed $124 Billion by 2019

The time to take action is now. Do you recall the last time you filled out a form or application manually, submitted it and had it filed physically in a filing cabinet? A little over a decade ago, we used to do everything manually. Today, more and more of those manual processes are being digitized, automated, and stored in the “cloud” (the internet). The widespread use of technology from internet-enabled home security systems to self-driving cars continues to grow as technology advances. These advancements increase the need for Cybersecurity as demands grow to shield individuals from identity theft, extortion of organizations, and in the case of self driving cars – people’s lives, from malicious attacks. On a deeper level, such security is needed to protect our power plants, hospitals, and financial service companies from cyber terrorism.

Cybersecurity protects us from cyber attacks. It is needed more than ever as technology advances and is widely used by the world. Stay tuned for next weeks decipher.

Sources:
FireEye – What is Cybersecurity?
Cisco – What is Cybersecurity?
SNHU – What is Cybersecurity?
Forbes – Global Information Security Spending
Global Internet usage

Have you ever had a difficult time reading and understanding a Cybersecurity news article? Wondering, “what is Advanced Persistent Threat” or “cryptanalysis”, or “rootkit”? You’re not alone. Maybe you’re savvy in today’s digital world and maybe you’re not, but honestly readers of all levels may find this challenging. My blog simplifies cybersecurity news articles to make reading about cybersecurity enjoyable and easy to understand. We will call this process: decipher.

“The KISS principle – Keep it Simple, Stupid.” — by The Simple Person