Protecting my Mom - Part 3 - How Easy is it to Get Hacked?
In our first installment of “Protecting my Mom” we discussed some phone phishing attack that I was targeted for. This was followed by our second part where I found myself being attacked over a Wi-Fi network that was setup for the express purposes of compromising machines that roamed onto it. In this final installment, we take on the role of an attacker and are reminded of how easy it is to be hacked.
My challenge to myself was simple, how fast could I target a machine and compromise it using off the shelf tools. My goal: 5 minutes from start to finish. How much time did I need? The stopwatch showed a mere 2 minutes and 13 seconds. Scared yet? -- After doing that I was. After being the target of a hack twice in the span of less than a week, I decided to go from being the “prey” to being the “hunter.” How hard is it to be hacked? And if I was hacked, how long does it take me to start grabbing data that I could use? Don’t worry, I’m doing this as a bit of a test and I’m using my own Virtual Machines, so I’m not turning my abilities on any other person, it’s more of a challenge to see how hard it is.
The Setup
To make my life easier, I created two Virtual Machines to simulate this:
- One unpatched virtual machine running Windows 8, which was conveniently missing a specific Java patch.
- One fully-patched virtual machine running the latest/greatest hacking tools in my possession (and I have a lot of tools).
I ran both of these Virtual Machines on their own virtual switch so I had an isolated network. Using the patched virtual machine, my goal was to hack the unpatched one.
The Execution
With both machines fired up, I ran one of my tools that searched the remote machine for exploits. It didn't take long for it to find the vulnerability. It correctly identified the missing patch and was even nice enough to flag it for me.. Using a very simple script, I loaded up a payload for that exploit, fired it at the remote machine and within a few seconds, I was presented with a message on my hacking machine informing me that the remote machine had made a session connection back to the hacking virtual machine, which I should feel free to use at any point. Scary, isn't it? Okay, but let’s talk about what I did next. In a few more key-strokes, I added a key-logger to the remote machine, I took a screenshot of what the user was doing and I redirected the traffic to www.google.com to a malware site on my hacking machine to further install bad-software. (I was even nice enough after installing the software to send them back to www.google.com so they never knew that happened!). Within another minute, I began downloading files, created my own administrative user on the remote machine, disabled anti-virus, disabled the Windows firewall, and disabled Microsoft Defender so I could work without fear of being blocked in my efforts. Finally, just for fun, turned on the web-cam so I could see myself before rebooting the virtual machine. So, let’s see… I hacked, stole, spied, trapped and rendered the remote machine defenseless… I reached over to my stopwatch and paused it at 2 minutes and 13 seconds.
The Wrap
Mom, I've got bad news for you… It’s never been easier for me to find a problem with a machine. Within seconds, anyone with the skills that I grew up with can target, exploit and leverage a remote machine. While knowledge of phishing that we discussed in part one keeps you mindful of people trying to hack you, and awareness of the environments that we discussed in part two can keep your machine in a safe environment, these two alone can’t keep you safe. In the end, if your machine is put into a compromised state, in mere moments, your data is someone else’s and, if you aren't careful, they’ll be able to hang out for a while and take more of it too. That being the case, here’s my advice:
- Keep your machine’s software safe: Patching (something that most kids don’t talk to their parents about) is the best way to start.
- Keep your machine in known environments: While Patching is best; it’s not always the most convenient. Keep your machine behind your firewalls and known environment. In a public setting, it’s a target.
- Keep your machine your machine: While people like we discussed in part one might try and take advantage of you and trick you, don’t let them. If you don’t feel comfortable doing something to your machine, don’t let someone talk you into it.
If we had a switch on the wall that we could flip to turn off the darkness, we would do it. Unfortunately, the risk is real and it’s getting worse. Keep that machine (and your information) safe. It’s a dangerous world out there… watch out.