Friend Help with substitution..

One of my friend was struggling with deciphering. Hence i decided to help him get better at it. The following are the things that i told him to focus on. 

1) calculate the frequency of each letter of the ciphered text.

2) focus on frequency analysis chart 

3) focus on single letter words as it can only be a or i.

4) look for common word like the 

5) once you get a order fill the remaining bits and us common sense 

Friends job app review...

i went through one of class mates(Darren) job application. It was really helpful as it gave me an insight on the structure. Everything he did was perfect. 

However, he did miss some key things that he complete but unfortunately did not mentioned them in his blog. Firstly his should add analytical skills to his skills page. analysis was one of the most skill that was refined in this course. Furthermore his time management should include his something awesome as he had to manage his own time and resources to achieve his target.

Overall his structure and everything is perfect. he should read through his job app again and possible refine skills and time management again. 

Combination lock hack.

After researching on locks and coming up with ways through which they could be hacked or exploited. i decided to hack to the combination lock that i had at home. the following was could be used to hack a simple combination lock at home:

1) pull the top and bottom section in opposite directions. 

2) find the smoothest slider. 

3) turn the smoothest slider until you her a sound.

4) find the next smoothest slider and do same with that. 

5) bruteforce through the last slider. 

Final Something Awesome...

Finally my something has came to end. The initial target that i set for myself was to analyze the attacks in MR.ROBOT drama series. which is in fact considered by many security expert as the most accurate representation of hacking and security exploitation TV show ever. 

My target for something Awesome was to explain the attacks that occurred in the drama series and whether if they makes sense in the real world or not. Secondly, my target was to link they to real world attacks and see if something has happened in the real world. Lastly, come up with potential ways through which attacks like this could be avoided in the future. 

I learned alot from my something awesome. it was a fun activity. 

Something Awesome 6..

Explanation of Attack: 

In this scene Elliot is at Ron Coffee Shop.He explains how he starts of with just Packet Sniffing on the traffic on Rons coffee place. After sometime he notices something odd in his networks. He also tells Ron that he is using TOR(the onion router) networks to keep the servers anonymous. TOR is a way of disguising where your traffic is coming from and going to. The Packets are encrypted in layers and really hard to intercept and sent trough a network, each relay on the network decrypts an encrypted layer and the exit node has a decrypted message. Elliot sets up alot of relays on the system, which increases his chances of being the exit node. once he controls the exit nodes of the traffic, he is in control. After reading his packets, he notices that Ron is selling child pornography on internet and hands him over to cops, with an anonymous tip. 

 Real Attacks:

an attack in the wild launched against the Tor network by the authors of a study was done. The attack targeted six exit nodes, lasted for twenty-three days, and revealed a total of 10,000 IP addresses of active Tor users. This study is significant because it is the first documented attack designed to target P2P file-sharing applications on Tor. BitTorrent may generate as much as 40% of all traffic on Tor. Furthermore, the bad apple attack is effective against insecure use of any application over Tor, not just BitTorrent.

Avoiding:

In order to avoid attacks on TOR the following steps should be taken:

-The exit node should keep on changing as frequent as possible. 

-only Trusted relays should be used. No third party relay should join the network. 

-The should be a bit delay in the timings. Because using the time and size of the file the sender could be traced back.  

Something Awesome 5...

Explanation of Attack:

Elliot who previously hacked his psychologist is now trying to hack the psychologist boyfriend. However, after researching him over the internet he notices that he is a ghost as he does not have any social media accounts under his name. In order to get more reckon on him he conducts a social engineering attack. He first follows the person and know more about his movements. Once he knows about his interests. He then approaches him and makes up a story that he has to call his mother and asks for his phone to do it. Once he has his phone he calls his own number, That way he has a record of his number. Moreover, once he has number he looks him up again and after a lot reckon he notices that he is cheating on his wife with the Elliots psychologist and is using a different name for his online profiles. 

Real Attacks:

One of the most famous attacks that involved social Engineering happened in 2016 United States Elections. The Russian were able to use phishing social engineering techniques to infiltrate Hilary’s email. They started by sending out out phishing email to people in Hilary’s inner circle. These phishing email imitated Google’s security alerts.  All it took was once click and all of the Hilary’s data was compromised. 

Avoiding:

In order to avoid social engineering Attacks the following steps should be taken:

-Never reveal your sensitive data to someone else. 

-DO NOT give your personal items such as ID and phones to anyone else.

-Avoid clicking on suspected links.  

<--I am reposting this as i lost the video on the previous blog-->

Explanation of Attack:

Elliot who got sick previously is admitted to a hospital. Since he does not know any else besides his psychologist, he calls her. After meeting his psychologist he tells his psychologist about his drug abuse. She tells him that she will only sign his release if he submits to bimonthly drug tests. In order, to keep his record clean he hacks in to hospital systems and changes his test. upon researching he found out the hospital system is outdated and being looked after someone who is an idiot. The hospital systems are run on us less virus scanner and security software that run on window 98.

Real Attack:

The medical industry has been on the target for most attackers. nearly all of the US health organization has reported one attack. A hospital in Buffalo, New York was hacked recently. The attackers were able to take the hospitals computers for almost 6 weeks. Everything the hospital was using was unplugged, include monitors. The attackers later sent ransomware that demanded $44,000 to unlock hospital data that was being held hostage. The hospital decided not to pay the attack. details on how the attacked happened are in the link below. But briefly, viruses and brute-force to guess the password were the methods used.

Avoiding:

In order to avoid further events like this happening in the future following steps should be taken:

-The hospitals systems should be updated and more secure, security measures should be added to them.

-staff members should be educated about potential risks.

-restrictions on email should be imposed.

-Users should not be allowed usb sticks.

Link

https://buffalonews.com/2017/05/20/ecmc-got-hacked-cyber-extortionists/

Something Awesome 4..

Explanation of Attack: 

In this scene the company that Elliot works at All safe is suffers the worst DDoS attack in the history. DDoS is short for distributed denial of service. In a DDoS attack multiple requests are sent to companies attack with aim of exceeding the system capability and preventing the system to work properly. DDoS attack usually results in a in slower response to requests or all requests may be ignored. After an investigation by Elliot he notices that it is not only a DDoS attack. The Attackers are using a root kit  and are in the systems.Rootkit is a malicious code that is really hard to detect in a system and could potential stay in the system for a while without a notice. 

Real Attack:

In 2018, Github suffered the worst DDoS Attack ever recorded. A 1.3 Tbps DDoS attack pummeled github for over 15 mins. It resulted in Github becoming offline for almost 10 minutes. The attackers aim in the Github attack was to hijack something called “memcaching” which a distributed memory service. For assistance Github called assistance from “Akamai Prolexic”, who offers expertise in the DDoS attack. They rerouted the traffic to GitHub through its “scrubbing” centers which removed and blocked malicious data. 

https://github.blog/2018-03-01-ddos-incident-report/

Avoiding:

In order to avoid DDoS attacks from happening in the future the following steps should be taken: 

-The traffic should be rerouted through scrubbing centers.

-Companies should hire experts. 

-apply mitigation technologies. That reduces the traffic in worst cases. 

Explanation of Attack:

In this scene Elliot and his team members are trying achieve the access to steel mountain. Steel mountain is the place where Evil Corp keeps their records in magnetic strips. In order to interfere or get rid of these records Elliot and his team planes to install a raspberry pi to the temperature thermostats and increase the temperature of the air con to destroy the magnetic tapes. Firstly in order to be granted access in the facility Elliot goes there as a visitor and upon refusal to the building he asks them to google his name. Upon searching the noticed he is among one of the most influential tech giants in the world. Whereas, they did not knew that the Wikipedia was edited by his friend. Upon getting inside the building he distracts the guards and goes the nearest place where he can fit his raspberry pi and get access to the temperatures.

 Real Attack:

In 2018, a similar attack was carried on NASA, where the attackers used a raspberry pi as well. NASA’s Jet propulsion Laboratory was victim of this attack and the attackers managed to steal almost 500 megabytes of data. The attacker used Raspberry pi to get unauthorized access to the network. He got the access to the user’s account and was able to remain the system undetected for 10 months. 

Avoiding:

In order to avoid events like this happening again the future the following step should be taken: 

-Every system should be restricted. so that once someone has access they cannot access the remaining files. 

-Constantly update the system and make it more hard to penetrate. 

-getting servers or system that won’t allow raspberry pi in the system. 

Trump Phishing..

Hi Baby, 

You can visit me at the following address

 [Link]. 

I have also attached some personal photos 

[Link]. 

Regards 

Stormy Daniels 

Tutorial 7..

Tutorial 7 was fairly more interactive than others. it involved a debate on facial recognition, whether the government should allow them or not. However, there was a twist to it. Before the debate began Hayden divided the class into groups two groups, where one group will support the pros of facial recon by government and the other group will support the cons of the system. When the discussion was about to start Hayden swapped the groups and the team which was supporting facial recognition now was against it and vice-versa. 

There was a few notable point that i did learn from the debate:-

- There are numerous advantages to facial recon. Previously i thought that facial recon can not benefit public in many ways.

-Security and Health were among the major benefits. 

-However, it could possible have a one point failure.

- implementing the system cost a lot of money and time.

The most interesting thing that i noticed was that although a team was supporting facial recon system. But deep inside they were against it. 

5G in Australia..

Dear Donald J Trump, 

I have to decided to let Huawei conduct their operations in Australia. Firstly you have no proof that China or Huawei is eavesdropping and invading everyone personal space. Secondly, last time i checked America organization such as Facebook and google we involved in such events. 

Moreover, given the current technological advancement of Australia we can decide and research for ourselves if Huawei is involved in such horrible acts. Furthermore, if i do not go with Huawei America would most probably benefit from and would probably be a back lash for Austrlalia and it public.

i think Huawei is beneficial for the public, companies and government of Australia. I will make sure that every step is taken towards the protection of sensitive data and if we found any loop holes in them we will definitely let you know. 

P.s Thanks for your advise 

Regards

PM Scomo   

Security Everywhere....

Security Guards are  suppose to stop robbers at museum or banks. Since security guards are human are we do know that human have a lot of limitation such as sleep, distraction etc. a guard whose job to survey a museum at night could possibly fall asleep on his duty. we have seen numerous cases where a guards were not able to stop attackers.  

for instance a guy was able to rob a museum. follow the link for more description on that robbery. 

https://www.rferl.org/a/trial-set-for-man-charged-with-stealing-valuable-painting-from-moscow-museum/30058896.html

Security Everywhere...

Zebra crossing are supposedly so that pedestrians could safely and securely cross roads. however one mistake by a driver could potentially end a persons life.  

Security Everywhere...

NSW buses does not have a good security system to potential avoid hitchhikers. So there was this instance that happened to me. i would usually take bus from my home to train station. Once, i met this bus driver who offered me a free ride. i thought how nice of him. next i saw him at the 7-eleven that i used to work at. he came to me and was like you give me free coffee and i will give you free rides.  

Security Everywhere....

I believe the gates above are the worst security measurement every. These gates are supposedly there to stop hitchhikers. however, the engineers who designed them didn’t think that someone could potential just get over the gates and avoid the ticket or two riders could simultaneously walk through these gates. without anyone noticing. I do believe that Australia has taken some good steps to avoid hitchhikers by introducing train guards that check every passengers ticket or by placing guards on these gates. However, these step are not 100% fool proof. 

Security Everywhere...

There is the usually safety or security measurement that i usually see at trains station and it kinda makes think if this is a good security/ safety measurement or not. The YELLOW LINE that is supposed to keep the traffic safe and away from the trains. firstly it is poor mechanism that could turn out to be horrific at anytime. A child might not be able to identify the YELLOW LINE and could possible step in the danger zone and potentially injure himself.