Mega_Man
FULL MEMBER
New Recruit
- Joined
- Dec 4, 2018
- Messages
- 84
- Reaction score
- 2
- Country
- Location
"Following article is only for awareness and improvement in our network infrastructure"
We will cover the following points:
1. Why Hospitals and government offices are highly likely to get hacked.
2. How a single or couple of hired killers and hackers can take out VIP even with cutting edge technologies
3. How to stop all of this
You all have one of these wifi router which is available for residential and small office setup everywhere these days
And noob programmers and with no actual network administrator running IT departments we put same wifi routers in hospitals and government offices because they're cheap and client has no knowledge of how vulnerable they are.
Now let's assume the most advanced security plans
The hvt is admitted in a hospital for treatment which happens a lot with our politicians
Hospital vip wing is off limits only selected doctors nurses and staff are allowed
They have 3 layer show off security setup.
1. Only Their rffid cards allowed in this wing
2. But it also has retinal or thumb scanners
3. And lastly dot matrix cameras
Pretty secure huh?
Hacker's strategy:
Wired:
https://www.windowscentral.com/theres-small-usb-stick-intels-bay-trail-cpu-can-run-windows-81
First preference is always hardware or physical intrusion because it's easy
I would prefer something like this device it's a entire CPU in a USB dongle.
put Linux in USB dongle bc it's still open source and vastly use by IT professionals bc of it's unlimited accessibility with modules and scripts
After installing some intrusion scripts our USB is ready. even with the USB disabled in work environment our script will dictate all the functions
USB can be plugged in by following ways
1. Inside man (always)
2. The receptionist (lack of expertise causes serious damage new monitors and CPU right on the desk is the easiest way to plugged it in)
3. Get yourself an appointment with any of the doctor (I would get appointment for eye specialist, as they are dependable on tech there have to be a computer sitting around hooked with their testing equipment)
What it will do
It will try to penetrate via usb
Or it will target nearby phones via it's wifi to find passwords of the nearest router bc it's itself a entire CPU.
Or it can provide remote connection(see wireless)
Wireless:
Safe but slow
A normal wifi router for home and small office use have 300m range(yeah home and small office router is installed everywhere)
With external antennas we can have a passive aggressive setup for catching packets from the targeted router even beyond from it's range sitting in suv from somewhere out of guards and CCTV detection range.
Now you can remotely access your USB dongle and if you were unable to install one:
Get a Reaver or like compatible phone or tab with external dongle it's available in market.
Visit the hospital find the nearest router in a reception area
Reaver will find the bssid even if it's hidden or not broadcasting it's ssid
That's it come back to your SUV
Kali Linux or Debian with other penetration tools you boot system and target that ssid and bsid.
Wpa2 is really hard to crack so what you gonna do is clone that router with evil twin scripts
With evil twin you can restart the targeted router
which causes its clients to assume your router as the targeted router(hospital router)
Now entire wirelessly connected devices are connected to your router bc of it's external antennas.
First find the CCTV server because you will have to disable the recording if your agent is inexpandable
Now intruding in your own network is the oldest form of hacking.
What You're looking for is the password of the Targeted router.
If you're looking into a computer it's stored in
“C:\users\*name*\appdata\local\Micorsoft\credentials”. Windows 10
All of the information is encrypted but can be decrypted. Once the hacker decrypts the data they can now have the identity of one of their own PC's.
Next stop is their database server with the upper given trick it can be accessible.
Database is the real target all along.
Rfid retinal or thumb scanners and even dot matrix need one to store data
it looks like this but instead of credit card no. It will have key for rfid, thumb or retinal and dot matrix in different columns.
First you have to find out which doctors and nurses are assigned to that vip wing
Now assume Dr. Peter and nurse jack is assigned by the tables indicating more keys in their columns also have a connected folder for rfid dot matrix photos and thumb or retinal impressions
Dr can be identified
Get nurse identity
Now you're nurse jack for their system
Flash the rfid at your SUV setup
Take photos with your own dotmatrix camera of your agent
Take thumb or retinal impressions from your own scanners
Put them with your agents alias there and copy nurse jack all of the keys there.
Your agent is now a nurse jack it doesn't matter what he look like system will presume him nurse jack as you manipulated the database server which is the core of storing information.
Send your agent in only when it's safe
Guards will thoroughly check you but not your medicines and injections
Scan rfid
Scan thumb or retinal impressions
Scan dot matrix
All go as we hacked the information and tell the computer to call your agent as Jack
Your agent go through all the doors inside your hvt is waiting to be killed by smothering pillow if there's no CCTV inside or poison in medicated dripping system like a pro. As CCTV cameras are working but not recording your agent will not be identified...
Ofcourse decrypting is not that easy
And you'll need more than 2-3 gaming laptops bc they have quite the CPU power
But this is the scenario I gave to my students in ethical hacking and firewall management classes
Now how to stop it?
First of all don't buy those cheap routers
Buy from certified franchise of the brand and buy those Netgear or any corporate use routers which provides somewhat security with their enhance wpa2 corporate version.
Second smart firewall
A firewall server with some extra tweaks can also detect a broadcasting signal coming from anywhere near it's range
Third always have main database server to the isolated network and connect it via VPN servers
VPN provides tunneling through internet between 2 networks.
With replication of main and site databases the intrusion can be detected and can be scripted to silent alarms.
With this the hacker and agent can be captured
Conclusion:
All of the above solutions requires an eligible network administrator CCNP security and experienced.
Please invest properly in network security when it comes to hospital, government offices and security checkpoints.
We will cover the following points:
1. Why Hospitals and government offices are highly likely to get hacked.
2. How a single or couple of hired killers and hackers can take out VIP even with cutting edge technologies
3. How to stop all of this
You all have one of these wifi router which is available for residential and small office setup everywhere these days
And noob programmers and with no actual network administrator running IT departments we put same wifi routers in hospitals and government offices because they're cheap and client has no knowledge of how vulnerable they are.
Now let's assume the most advanced security plans
The hvt is admitted in a hospital for treatment which happens a lot with our politicians
Hospital vip wing is off limits only selected doctors nurses and staff are allowed
They have 3 layer show off security setup.
1. Only Their rffid cards allowed in this wing
2. But it also has retinal or thumb scanners
3. And lastly dot matrix cameras
Pretty secure huh?
Hacker's strategy:
Wired:
https://www.windowscentral.com/theres-small-usb-stick-intels-bay-trail-cpu-can-run-windows-81
First preference is always hardware or physical intrusion because it's easy
I would prefer something like this device it's a entire CPU in a USB dongle.
put Linux in USB dongle bc it's still open source and vastly use by IT professionals bc of it's unlimited accessibility with modules and scripts
After installing some intrusion scripts our USB is ready. even with the USB disabled in work environment our script will dictate all the functions
USB can be plugged in by following ways
1. Inside man (always)
2. The receptionist (lack of expertise causes serious damage new monitors and CPU right on the desk is the easiest way to plugged it in)
3. Get yourself an appointment with any of the doctor (I would get appointment for eye specialist, as they are dependable on tech there have to be a computer sitting around hooked with their testing equipment)
What it will do
It will try to penetrate via usb
Or it will target nearby phones via it's wifi to find passwords of the nearest router bc it's itself a entire CPU.
Or it can provide remote connection(see wireless)
Wireless:
Safe but slow
A normal wifi router for home and small office use have 300m range(yeah home and small office router is installed everywhere)
With external antennas we can have a passive aggressive setup for catching packets from the targeted router even beyond from it's range sitting in suv from somewhere out of guards and CCTV detection range.
Now you can remotely access your USB dongle and if you were unable to install one:
Get a Reaver or like compatible phone or tab with external dongle it's available in market.
Visit the hospital find the nearest router in a reception area
Reaver will find the bssid even if it's hidden or not broadcasting it's ssid
That's it come back to your SUV
Kali Linux or Debian with other penetration tools you boot system and target that ssid and bsid.
Wpa2 is really hard to crack so what you gonna do is clone that router with evil twin scripts
With evil twin you can restart the targeted router
which causes its clients to assume your router as the targeted router(hospital router)
Now entire wirelessly connected devices are connected to your router bc of it's external antennas.
First find the CCTV server because you will have to disable the recording if your agent is inexpandable
Now intruding in your own network is the oldest form of hacking.
What You're looking for is the password of the Targeted router.
If you're looking into a computer it's stored in
“C:\users\*name*\appdata\local\Micorsoft\credentials”. Windows 10
All of the information is encrypted but can be decrypted. Once the hacker decrypts the data they can now have the identity of one of their own PC's.
Next stop is their database server with the upper given trick it can be accessible.
Database is the real target all along.
Rfid retinal or thumb scanners and even dot matrix need one to store data
First you have to find out which doctors and nurses are assigned to that vip wing
Now assume Dr. Peter and nurse jack is assigned by the tables indicating more keys in their columns also have a connected folder for rfid dot matrix photos and thumb or retinal impressions
Dr can be identified
Get nurse identity
Now you're nurse jack for their system
Flash the rfid at your SUV setup
Take photos with your own dotmatrix camera of your agent
Take thumb or retinal impressions from your own scanners
Put them with your agents alias there and copy nurse jack all of the keys there.
Your agent is now a nurse jack it doesn't matter what he look like system will presume him nurse jack as you manipulated the database server which is the core of storing information.
Send your agent in only when it's safe
Guards will thoroughly check you but not your medicines and injections
Scan rfid
Scan thumb or retinal impressions
Scan dot matrix
All go as we hacked the information and tell the computer to call your agent as Jack
Your agent go through all the doors inside your hvt is waiting to be killed by smothering pillow if there's no CCTV inside or poison in medicated dripping system like a pro. As CCTV cameras are working but not recording your agent will not be identified...
Ofcourse decrypting is not that easy
And you'll need more than 2-3 gaming laptops bc they have quite the CPU power
But this is the scenario I gave to my students in ethical hacking and firewall management classes
Now how to stop it?
First of all don't buy those cheap routers
Buy from certified franchise of the brand and buy those Netgear or any corporate use routers which provides somewhat security with their enhance wpa2 corporate version.
Second smart firewall
A firewall server with some extra tweaks can also detect a broadcasting signal coming from anywhere near it's range
Third always have main database server to the isolated network and connect it via VPN servers
VPN provides tunneling through internet between 2 networks.
With replication of main and site databases the intrusion can be detected and can be scripted to silent alarms.
With this the hacker and agent can be captured
Conclusion:
All of the above solutions requires an eligible network administrator CCNP security and experienced.
Please invest properly in network security when it comes to hospital, government offices and security checkpoints.
Last edited: