What's new

Neutralizing Target with a hacker's help

Mega_Man

FULL MEMBER

New Recruit

Joined
Dec 4, 2018
Messages
84
Reaction score
2
Country
Pakistan
Location
Pakistan
"Following article is only for awareness and improvement in our network infrastructure"
We will cover the following points:
1. Why Hospitals and government offices are highly likely to get hacked.
2. How a single or couple of hired killers and hackers can take out VIP even with cutting edge technologies
3. How to stop all of this

DAP-2330-Lobby-1664x936.png

You all have one of these wifi router which is available for residential and small office setup everywhere these days
And noob programmers and with no actual network administrator running IT departments we put same wifi routers in hospitals and government offices because they're cheap and client has no knowledge of how vulnerable they are.

Now let's assume the most advanced security plans
The hvt is admitted in a hospital for treatment which happens a lot with our politicians
Hospital vip wing is off limits only selected doctors nurses and staff are allowed
They have 3 layer show off security setup.
1. Only Their rffid cards allowed in this wing
2. But it also has retinal or thumb scanners
3. And lastly dot matrix cameras
Pretty secure huh?

Hacker's strategy:
Wired:
intel_windows_81_onastick.jpg

https://www.windowscentral.com/theres-small-usb-stick-intels-bay-trail-cpu-can-run-windows-81

First preference is always hardware or physical intrusion because it's easy

I would prefer something like this device it's a entire CPU in a USB dongle.
put Linux in USB dongle bc it's still open source and vastly use by IT professionals bc of it's unlimited accessibility with modules and scripts
After installing some intrusion scripts our USB is ready. even with the USB disabled in work environment our script will dictate all the functions
USB can be plugged in by following ways
1. Inside man (always)
2. The receptionist (lack of expertise causes serious damage new monitors and CPU right on the desk is the easiest way to plugged it in)
3. Get yourself an appointment with any of the doctor (I would get appointment for eye specialist, as they are dependable on tech there have to be a computer sitting around hooked with their testing equipment)
What it will do
It will try to penetrate via usb
Or it will target nearby phones via it's wifi to find passwords of the nearest router bc it's itself a entire CPU.
Or it can provide remote connection(see wireless)

Wireless:
Safe but slow
A normal wifi router for home and small office use have 300m range(yeah home and small office router is installed everywhere)
External Antenna.jpg

images (91).jpeg

With external antennas we can have a passive aggressive setup for catching packets from the targeted router even beyond from it's range sitting in suv from somewhere out of guards and CCTV detection range.
Now you can remotely access your USB dongle and if you were unable to install one:
Get a Reaver or like compatible phone or tab with external dongle it's available in market.
Visit the hospital find the nearest router in a reception area
Reaver will find the bssid even if it's hidden or not broadcasting it's ssid
That's it come back to your SUV
Kali Linux or Debian with other penetration tools you boot system and target that ssid and bsid.
Wpa2 is really hard to crack so what you gonna do is clone that router with evil twin scripts
With evil twin you can restart the targeted router

which causes its clients to assume your router as the targeted router(hospital router)
Now entire wirelessly connected devices are connected to your router bc of it's external antennas.
First find the CCTV server because you will have to disable the recording if your agent is inexpandable
Now intruding in your own network is the oldest form of hacking.
What You're looking for is the password of the Targeted router.
If you're looking into a computer it's stored in
C:\users\*name*\appdata\local\Micorsoft\credentials”. Windows 10
All of the information is encrypted but can be decrypted. Once the hacker decrypts the data they can now have the identity of one of their own PC's.
Next stop is their database server with the upper given trick it can be accessible.
Database is the real target all along.
Rfid retinal or thumb scanners and even dot matrix need one to store data
Column-encryption-in-a-banking-database-table.png
it looks like this but instead of credit card no. It will have key for rfid, thumb or retinal and dot matrix in different columns.
First you have to find out which doctors and nurses are assigned to that vip wing
Now assume Dr. Peter and nurse jack is assigned by the tables indicating more keys in their columns also have a connected folder for rfid dot matrix photos and thumb or retinal impressions

Dr can be identified
Get nurse identity
Now you're nurse jack for their system
Flash the rfid at your SUV setup
Take photos with your own dotmatrix camera of your agent
Take thumb or retinal impressions from your own scanners
Put them with your agents alias there and copy nurse jack all of the keys there.

Your agent is now a nurse jack it doesn't matter what he look like system will presume him nurse jack as you manipulated the database server which is the core of storing information.

Send your agent in only when it's safe
Guards will thoroughly check you but not your medicines and injections
Scan rfid
Scan thumb or retinal impressions
Scan dot matrix
All go as we hacked the information and tell the computer to call your agent as Jack
Your agent go through all the doors inside your hvt is waiting to be killed by smothering pillow if there's no CCTV inside or poison in medicated dripping system like a pro. As CCTV cameras are working but not recording your agent will not be identified...


Ofcourse decrypting is not that easy
And you'll need more than 2-3 gaming laptops bc they have quite the CPU power
But this is the scenario I gave to my students in ethical hacking and firewall management classes
Now how to stop it?
First of all don't buy those cheap routers
Buy from certified franchise of the brand and buy those Netgear or any corporate use routers which provides somewhat security with their enhance wpa2 corporate version.
Second smart firewall
A firewall server with some extra tweaks can also detect a broadcasting signal coming from anywhere near it's range
Third always have main database server to the isolated network and connect it via VPN servers
VPN provides tunneling through internet between 2 networks.
With replication of main and site databases the intrusion can be detected and can be scripted to silent alarms.
With this the hacker and agent can be captured
Conclusion:
All of the above solutions requires an eligible network administrator CCNP security and experienced.
Please invest properly in network security when it comes to hospital, government offices and security checkpoints.
 
Last edited:
I think purchasing a good expensive router won’t save us from US NSA if they decide to penetrate. They have access to source code of almost all router frameworks and they have developed tools which can penetrate such networks easily.

What we need to do is we need to rely on Chinese technology to secure our networks. Huawei networking products are probably most secure as compare to other western brands.

We need to send our students to China to learn ethical hacking and securing networks even from NSA type high budget organizations. I think Pakistan is already doing this and if not then they need to work in this area asap. We must take maximum benefit from Chinese expertese in this area. Even North Korean hackers were trained in China.

We need a operating system with mimum dependencies on open source software. Maybe use Linux as a base and lockdown all dependencies versions. A separate team should keep an eye on bugs etc and merge any changes after reviewing each and every line. Each open source component must be audited from time to time to search for any hidden vulnerabilities.

We need alternatives to Gmail, Hotmail etc which should be based in Pakistan. Similarly, we need local social networking platforms like there are few in China and all the data should be kept in Pakistani data centers. We need wechat like platform as well. We need to lock down our networks like China have been doing for decades.

Facebook and Twitter host our enemies and are being used as a propaganda tool by our enemies. We need to ban these platform asap and need to provide an alternative.
 
Thank you for your analysis.
Yes as I mentioned we need professionals running our network.
And By combining very basic electronics home and office automation protocol with computer we can have intrusion alert AI system which can detect any possible threats from same band and channels which is how the evil twin works. Silent alarms can be programmed when Dropping or restarting of routers this is where we lost our clients to the evil twin running router.
And finally the VPN protocols. With one way database replication and accept input from only form data.
It's already been implemented not in hospital but private firm which was hacked and lost their tender.
 
I think purchasing a good expensive router won’t save us from US NSA if they decide to penetrate. They have access to source code of almost all router frameworks and they have developed tools which can penetrate such networks easily.

What we need to do is we need to rely on Chinese technology to secure our networks. Huawei networking products are probably most secure as compare to other western brands.

We need to send our students to China to learn ethical hacking and securing networks even from NSA type high budget organizations. I think Pakistan is already doing this and if not then they need to work in this area asap. We must take maximum benefit from Chinese expertese in this area. Even North Korean hackers were trained in China.

We need a operating system with mimum dependencies on open source software. Maybe use Linux as a base and lockdown all dependencies versions. A separate team should keep an eye on bugs etc and merge any changes after reviewing each and every line. Each open source component must be audited from time to time to search for any hidden vulnerabilities.

We need alternatives to Gmail, Hotmail etc which should be based in Pakistan. Similarly, we need local social networking platforms like there are few in China and all the data should be kept in Pakistani data centers. We need wechat like platform as well. We need to lock down our networks like China have been doing for decades.

Facebook and Twitter host our enemies and are being used as a propaganda tool by our enemies. We need to ban these platform asap and need to provide an alternative.
Agree NSA is a pain in the a$$ these days.
No mate russia has best hackers in the world.
 
"Following article is only for awareness and improvement in our network infrastructure"
We will cover the following points:
1. Why Hospitals and government offices are highly likely to get hacked.
2. How a single or couple of hired killers and hackers can take out VIP even with cutting edge technologies
3. How to stop all of this

View attachment 530918
You all have one of these wifi router which is available for residential and small office setup everywhere these days
And noob programmers and with no actual network administrator running IT departments we put same wifi routers in hospitals and government offices because they're cheap and client has no knowledge of how vulnerable they are.

Now let's assume the most advanced security plans
The hvt is admitted in a hospital for treatment which happens a lot with our politicians
Hospital vip wing is off limits only selected doctors nurses and staff are allowed
They have 3 layer show off security setup.
1. Only Their rffid cards allowed in this wing
2. But it also has retinal or thumb scanners
3. And lastly dot matrix cameras
Pretty secure huh?

Hacker's strategy:
Wired:
View attachment 530939
https://www.windowscentral.com/theres-small-usb-stick-intels-bay-trail-cpu-can-run-windows-81

First preference is always hardware or physical intrusion because it's easy

I would prefer something like this device it's a entire CPU in a USB dongle.
put Linux in USB dongle bc it's still open source and vastly use by IT professionals bc of it's unlimited accessibility with modules and scripts
After installing some intrusion scripts our USB is ready. even with the USB disabled in work environment our script will dictate all the functions
USB can be plugged in by following ways
1. Inside man (always)
2. The receptionist (lack of expertise causes serious damage new monitors and CPU right on the desk is the easiest way to plugged it in)
3. Get yourself an appointment with any of the doctor (I would get appointment for eye specialist, as they are dependable on tech there have to be a computer sitting around hooked with their testing equipment)
What it will do
It will try to penetrate via usb
Or it will target nearby phones via it's wifi to find passwords of the nearest router bc it's itself a entire CPU.
Or it can provide remote connection(see wireless)

Wireless:
Safe but slow
A normal wifi router for home and small office use have 300m range(yeah home and small office router is installed everywhere)
View attachment 530925
View attachment 530926
With external antennas we can have a passive aggressive setup for catching packets from the targeted router even beyond from it's range sitting in suv from somewhere out of guards and CCTV detection range.
Now you can remotely access your USB dongle and if you were unable to install one:
Get a Reaver or like compatible phone or tab with external dongle it's available in market.
Visit the hospital find the nearest router in a reception area
Reaver will find the bssid even if it's hidden or not broadcasting it's ssid
That's it come back to your SUV
Kali Linux or Debian with other penetration tools you boot system and target that ssid and bsid.
Wpa2 is really hard to crack so what you gonna do is clone that router with evil twin scripts
With evil twin you can restart the targeted router

which causes its clients to assume your router as the targeted router(hospital router)
Now entire wirelessly connected devices are connected to your router bc of it's external antennas.
First find the CCTV server because you will have to disable the recording if your agent is inexpandable
Now intruding in your own network is the oldest form of hacking.
What You're looking for is the password of the Targeted router.
If you're looking into a computer it's stored in
C:\users\*name*\appdata\local\Micorsoft\credentials”. Windows 10
All of the information is encrypted but can be decrypted. Once the hacker decrypts the data they can now have the identity of one of their own PC's.
Next stop is their database server with the upper given trick it can be accessible.
Database is the real target all along.
Rfid retinal or thumb scanners and even dot matrix need one to store data
View attachment 530948 it looks like this but instead of credit card no. It will have key for rfid, thumb or retinal and dot matrix in different columns.
First you have to find out which doctors and nurses are assigned to that vip wing
Now assume Dr. Peter and nurse jack is assigned by the tables indicating more keys in their columns also have a connected folder for rfid dot matrix photos and thumb or retinal impressions

Dr can be identified
Get nurse identity
Now you're nurse jack for their system
Flash the rfid at your SUV setup
Take photos with your own dotmatrix camera of your agent
Take thumb or retinal impressions from your own scanners
Put them with your agents alias there and copy nurse jack all of the keys there.

Your agent is now a nurse jack it doesn't matter what he look like system will presume him nurse jack as you manipulated the database server which is the core of storing information.

Send your agent in only when it's safe
Guards will thoroughly check you but not your medicines and injections
Scan rfid
Scan thumb or retinal impressions
Scan dot matrix
All go as we hacked the information and tell the computer to call your agent as Jack
Your agent go through all the doors inside your hvt is waiting to be killed by smothering pillow if there's no CCTV inside or poison in medicated dripping system like a pro. As CCTV cameras are working but not recording your agent will not be identified...


Ofcourse decrypting is not that easy
And you'll need more than 2-3 gaming laptops bc they have quite the CPU power
But this is the scenario I gave to my students in ethical hacking and firewall management classes
Now how to stop it?
First of all don't buy those cheap routers
Buy from certified franchise of the brand and buy those Netgear or any corporate use routers which provides somewhat security with their enhance wpa2 corporate version.
Second smart firewall
A firewall server with some extra tweaks can also detect a broadcasting signal coming from anywhere near it's range
Third always have main database server to the isolated network and connect it via VPN servers
VPN provides tunneling through internet between 2 networks.
With replication of main and site databases the intrusion can be detected and can be scripted to silent alarms.
With this the hacker and agent can be captured
Conclusion:
All of the above solutions requires an eligible network administrator CCNP security and experienced.
Please invest properly in network security when it comes to hospital, government offices and security checkpoints.
Almost all the high-security deployment for protecting VVIP that I have seen did three things :

1. Bring their own isolated equipments.
2. Issue their own authorization badges.
3. Man the authorization stations by their own personnels.

Any VVIP security worth its salt always believes that public/existing infrastructure is already compromised and cannot be trusted.
 

Pakistan Affairs Latest Posts

Back
Top Bottom