Tag Archives: Cryptography

Fake Cell Phone Tower Used to Track Your Every Move

Over the past 12-18 months, there’s been an increased level of scrutiny applied to the various ways local, state, and federal law enforcement officials track and monitor the lives of ordinary citizens. One tool that’s come under increasing fire is the so-called stingray — a fake cell phone tower that law enforcement officials deploy to track a suspect, often without a warrant or any other formal approval.

A stingray is a false cell phone tower that can force phones in a geographical area to connect to it. Once these devices connect, the stingray can be used to either hone in on the target’s location or, with some models, actually eavesdrop on conversations, text messages, and web browser activity. It’s not clear how much the police cooperate with the cell phone carriers on this — in at least some cases, the police have gone to carriers with requests for information, while in others they seem to have taken a brute-force approach, dumping the data of every single user on a given tower and then sorting it to find the parties they’re interested in tracking. Stingrays can be used to force the phone to give up its user details, making it fairly easy for the police to match devices and account holders.

Stingray

The potential uses for the information are enormous. Say a murder occurs on a particular street with an estimated time of death between 2 and 4 AM. Local law enforcement would have an obvious interest in compelling cell phone companies to turn over the records of every cell phone that moved in and out of the area between those two time periods. At rush hour, this kind of information would be useless — but if the cell phone network data shows a device in the same approximate area as the murder suddenly leaving the area at a high rate of speed, that cell phone owner is a potential suspect.

Virtually all the stingray devices in use across the United States are manufactured by one company, the Harris Corporation, which makes a variety of other tracking devices. Its other products can be used to conduct denial-of-service attacks on cell phones, monitor voice traffic, amplify the range and power of stingray attacks, and more sophisticated monitoring tools for triangulating an individual’s location.

A consistent disregard for constitutional safeguards

Used properly, stingrays could be an incredibly useful tool for law enforcement, but there are enormous problems with their current deployments. Police often fail to submit a warrant request — one police department in Florida has admitted to using a stingray more than 200 times since 2010 without ever getting a warrant for its use. These devices are indiscriminate — in rare cases, such as a stolen cell phone, police may know in advance precisely which device to target, but in the majority of scenarios they’re fishing for bait to see what they can find. The only indication that a phone has been trapped into connecting to a stingray may be a sudden increase in power consumption (the stingray tells the phone to run its antenna at maximum power).

The problems only increase from here. The Harris Corporation has an NDA (non-disclosure agreement) in place with all its customers that explicitly forbids them from disclosing the fact that they use or own a stingray device. In the aforementioned Florida case, police have acknowledged that they avoided applying for a warrant specifically so they would not have to explain the use of the stingray to a judge.

States using Stingray devices

Meanwhile, the Obama Administration, having learned its lesson over repeatedly attempting to quash the Snowden disclosures, has welcomed discussion of how these devices are being used to spy on Americans by local officials without any regard for the rule of law.

Just kidding!

The Obama Administration is actually telling police agencies to refuse FOIA requests on security grounds or censoring such documents to the point of worthlessness. Last week, the US Marshals interfered in a case in Florida to prevent the ACLU from meeting with local police officials to discuss the use of stingray technology. According to the ACLU, the Marshal’s deputized the local police force, declared all materials related to stingray use to be government property, and took the records off-site.

The problem here isn’t necessarily the capability, but the ways in which that capability is being used. As with license plate detectors, the police have eagerly embraced the idea of tracking the movements of innocent people with no regard for how that data might be misinterpreted or abused. They’ve signed NDAs with a company that seeks to circumvent the Freedom of Information Act, and avoided disclosing the existence of programs in order to avoid the chance of possible censure.

New technology like DNA analysis and fingerprinting has often been controversial at the outset, but this widespread mobile tracking has no analog in history. There’s an ongoing campaign to blanket the US in local Freedom of Information Act requests for data on stingray use across the country; if you’re interested in contributing, details are here. The goal is to map individual departments and derive an understanding of how practices differ across the nation.

 Source: extremetech.com

 

Advertisements

80+ Best Free Hacking Tutorials | Resources to Become Pro Hacker

Green-Hacker-Wallpaper-Desktop

Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques.

Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.

If you are thinking about ethical hacking as a career option, you may need to be prepared for a lot of hard/smart work. I hope these free resources will help you speed up on your learning. If you decide you pursue ethical hacking as a career option, you may also want to read some

IN DEPTH ETHICAL HACKING BOOKS

.

A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.

Hacking is not only about knowing “how things work”, but its about knowing “why things work that way” and “how can we challenge it”.

Below are some really useful hacking tutorials and resources you may want to explore in your journey of learning to hack

Hacking For Dummies – Beginners Tutorials

These tutorials are not really simple for anyone who is just starting to learn hacking techniques. However, these should be simple starting point for you. I am sure you have different opinion about complexity of each tutorial however advanced hacker are going to be calling this a job of script kiddie (beginner hacker). Even to acquire the skills of a script kiddie you need to have good understanding of computer fundamentals and programming.

  1. CYBRARY – For those looking to learn ethical hacking skills online, Cybrary provides the perfect platform to do so. Cybrary is a free online IT and cyber security training network that provides instruction in the form of self-paced, easy-to-follow videos. Featuring courses on topics such as Penetration Testing and Ethical Hacking, Advanced Penetration Testing, Post Exploitation Hacking and Computer and Hacking Forensics, Cybrary provides instruction from the beginner to the highly-advanced level of hacking. Additionally, Cybrary offers supplemental study material along with their courses free of charge. With their in-depth training videos and study guides, Cybrary ensures that users develop the best hacking skills.
  2. HACKING TUTORIALS FOR BEGINNERS – By BreakTheSecurity.com
  3. HOW TO LEARN ETHICAL HACKING – By Astalavista.com
  4. PENETRATION TESTING TUTORIAL – By Guru99.com
  5. BACKTRACK PENETRATION TESTING TUTORIAL
  6. INTRODUCTION TO PENETRATION TESTING
  7. INFORMATION GATHERING WITH NMAP
  8. SIMPLE HOW TO ARTICLES By Open Web Application Security
  9. THE SIX DUMBEST IDEAS IN COMPUTER SECURITY
  10. SECURE DESIGN PRINCIPLES
  11. 10 STEPS TO SECURE SOFTWARE

Cryptography Related Tutorials

Cryptography is must know topic for any aspiring security professional or a ethical hacker. You must understand how encryption and decryption is done. You must understand why some of the old encryption techniques do not work in modern computing world.

This is a important area and a lot of software programmers and professional do not understand it very well. Learning cryptography involves a lot of good understanding of mathematics, this means you also need to have good fundamentals on discrete mathematics.

  1. INTRODUCTION TO PUBLIC KEY CRYPTOGRAPHY
  2. CRYPTO TUTORIAL
  3. INTRODUCTION TO CRYPTOGRAPHY
  4. AN OVERVIEW OF CRYPTOGRAPHY
  5. CRYPTOGRAPHY TUTORIALS – Herong’s Tutorial Examples
  6. THE CRYPTO TUTORIAL – Learn How to Keep Secret Secret
  7. INTRODUCTION TO CRYPTOLOGY, PART 1: BASIC CRYPTOLOGY CONCEPTS

Websites For Security Related Articles And News

These are some websites, that you may find useful to find hacking related resources and articles. A lot of simple tricks and tips are available for experimenting through these sites for improving yourself to become advanced hacker.

In recent years, many people are aspiring to learn how to hack. With growing interest in this area, a lot of different types of hacking practices are evolving. With popularity of social networks many people have inclined towards vulnerability in various social networks like facebook, twitter, and myspace etc.

Continuous learning about latest security issues, news and vulnerability reports are really important for any hacker or a security professional. Some of the sites that keep publishing informative articles and news are listed here.

  1. HTTP://WWW.ASTALAVISTA.COM/
  2. HTTP://PACKETSTORMSECURITY.COM/
  3. HTTP://WWW.BLACKHAT.COM/
  4. HTTP://WWW.METASPLOIT.COM/
  5. HTTP://SECTOOLS.ORG/
  6. HTTP://WWW.2600.COM/
  7. DEF CON – HACKING CONFERENCE
  8. HTTP://WWW.BREAKTHESECURITY.COM/
  9. HTTP://WWW.HACKING-TUTORIAL.COM/
  10. HTTP://WWW.EVILZONE.ORG/
  11. HTTP://HACKADAY.COM/
  12. HTTP://WWW.HITB.ORG/
  13. HTTP://WWW.HACKTHISSITE.ORG/
  14. HTTP://PENTESTMAG.COM
  15. HTTP://WWW.SECURITYTUBE.NET/
  16. HTTPS://WWW.SSLLABS.COM/

EBooks And Whitepapers

Some of the research papers by security experts and gurus can provide you a lot of information and inspiration. White papers can be really difficult to read and understand therefore you may need to read them multiple times. Once you understand the topic well, reading will become much faster and you will be able to skim through a lot content in less time.

  1. HANDBOOK OF APPLIED CRYPTOGRAPHY – This ebook contains some free chapter from one of the popular cryptography books. The full book is also available on amazon atCRYPTOGRAPHY BOOK.
  2. NETWORK PENETRATION TESTING GUIDE
  3. HOW TO HACK ANYTHING IN JAVA
  4. MCAFEE ON IPHONE AND IPAD SECURITY
  5. A GOOD COLLECTION OF WHITE PAPERS ON SECURITY AND VULNERABILITIES – This site contains collection of white papers from different sources and some of these white papers are really worth referring.
  6. ENGINEERING PRINCIPLES FOR INFORMATION TECHNOLOGY SECURITY
  7. BASIC PRINCIPLES OF INFORMATION PROTECTION
  8. OPEN WEB APPLICATION SECURITY PROJECT – OWASP is one of the most popular sites that contains web application security related information .

Videos & Play Lists

Those who like to watch video tutorials, here are few I liked. However there are many small video available on youtube. Feel free to explore more and share with us if you like something.

  1. CRYPTOGRAPHY COURSE By Dan Boneh Stanford University
  2. OPEN SECURITY TRAINING– Youtube Playlist of More than 90 hours. I have found this to be the biggest free training available for security related topic.
  3. OWASP APPSEC USA 2011: Youtube Playlist containing compilation of OWASP conference highlight in 2011.
  4. DEFCON: HOW I MET YOUR GIRLFRIEND – Defcon is one of the most popular hacker conference. The presenters in this conference are well know inside the hacking industry.
  5. DEFCON: WHAT HAPPENS WHEN YOU STEAL A HACKERS COMPUTER
  6. DEFCON: NMAP: SCANNING THE INTERNET
  7. PUBLIC KEY CRYPTOGRAPHY: Diffie-Hellman Key Exchange
  8. WEB APPLICATION PEN TESTING
  9. INTRO TO SCANNING NMAP, HPING, AMAP, TCPDUMP, METASPLOIT

Forums For Hackers And Security Professionals

Just like any other area, forums are really great help for learning from other experts. Hundreds of security experts and ethical/non-ethical hackers are willing to share their knowledge on forums for some reason. Please keep in mind to do enough research before post a question and be polite to people who take time to answer your question.

  1. STACKOVERFLOW FOR SECURITY PROFESSIONALS
  2. HTTP://DARKSAT.X47.NET/
  3. HTTP://FORUMS.SECURITYINFOWATCH.COM/
  4. HTTP://FORUMS.CNET.COM/SPYWARE-VIRUSES-SECURITY-FORUM/
  5. HTTP://WWW.HACKFORUMS.NET/FORUMDISPLAY.PHP?FID=47

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

  1. HTTP://WWW.EXPLOIT-DB.COM/
  2. HTTP://1337DAY.COM/
  3. HTTP://SECURITYVULNS.COM/
  4. HTTP://WWW.SECURITYFOCUS.COM/
  5. HTTP://WWW.OSVDB.ORG/
  6. HTTP://WWW.SECURITEAM.COM/
  7. HTTP://SECUNIA.COM/ADVISORIES/
  8. HTTP://INSECURE.ORG/SPLOITS_ALL.HTML
  9. HTTP://ZERODAYINITIATIVE.COM/ADVISORIES/PUBLISHED/
  10. HTTP://NMRC.ORG/PUB/INDEX.HTML
  11. HTTP://WEB.NVD.NIST.GOV
  12. HTTP://WWW.VUPEN.COM/ENGLISH/SECURITY-ADVISORIES/
  13. HTTP://WWW.VUPEN.COM/BLOG/
  14. HTTP://CVEDETAILS.COM/
  15. HTTP://WWW.RAPID7.COM/VULNDB/INDEX.JSP
  16. HTTP://OVAL.MITRE.ORG/

Product Specific Vulnerability Information

Some of the very popular products in the world require a special attention and therefore you may want to look at the specific security websites directly from vendors. I have kept Linux. Microsoft and apache in this list, however it may apply to any product you may be heavily using.

  1. RED HAT SECURITY AND OTHER UPDATES SITE
  2. MICROSOFT PRODUCTS SECURITY BULLETIN
  3. APACHE FOUNDATION PRODUCTS SECURITY REPOSITORY
  4. UBUNTU SOFTWARE SECURITY CENTER
  5. LINUX SECURITY REPOSITORY

Tools And Programs For Hacking / Security

There are dozens of tools available for doing different types of hacking and tests. Tools are really important to become more productive at your work. Some of the very common tools that are used by hackers are listed here. You may have different choice of tools based on your own comfort.

  1. NMAP
  2. NSS
  3. HPING
  4. TCPDUMP
  5. METASPLOIT
  6. WIRESHARK
  7. NETWORK STUFF
  8. NIKTO

Summary

I have tried to compile some of these resources for my own reference for the journey of learning I am going to start. I am not even at a beginner level of becoming hacker but the knowledge of this field really fascinates me and keeps me motivated for learning more and more. I hope will be able to become successful in this.

A lot of people use their knowledge skills for breaking stuff and stealing. I personally think that doing harm to someone is a weak choice and will not have a good ending. I would recommend not to use your skills for any un-ethical endeavor. A single misuse of your skill may jeopardize your career since most companies do a strict third party background check before they hire a ethical hacker or a security personal.

There are dozens of companies looking for ethical hackers and security professionals. There are really good number of opportunities in this area and its really niche compensation segment. You will be easily able to get a decent job without even acquiring all the expert level skills to become a pro hacker.

Source: fromdev.com