- from “On War” by Karl von Clausewitz
There is a war going on. You cant hear it or see it, but its is raging every moment of the day. The combatants fight not with bombs or bayonets, but with code and networks. Attacks come swiftly and silently, the effects once felt can change lives, businesses and countries. Everyone on earth is adjacent to the war for data and should make themselves aware of it’s dangers.
Well that last paragraph sure sounded scary. Sorry if I activated your dormant existential dread, got to hook em’ early though ya know. The subject of cybersecurity can be frightening, but needn’t be crippling. Of course if average Joe #22589 from Swan Hills Alberta finds themselves in the cross-hair of an international cyber warfare syndicate, chances are average Joseph’s data can’t be saved. For the rest of us, those whom are at least middlingly tech savvy, with a naturally paranoid disposition towards technology, we still have a chance.
In this series of blog entries I will be covering cybersecurity. First a light jaunt through the history of cyber security. Then we’ll go over some of the tenets of applying cybersecurity effectively. After that I will get into the main focus of these cyber security entries; mobile device security. Specifically how we leave ourselves open to attack because it’s no coincidence that with the worldwide proliferation of smart phone technology, has followed a shit-nami of attacks against earthling’s data. Along the way there will be two demonstrations to accompany these write-ups.
The first will introduce the way in which we will demonstrate mobile device security in action. It will be an instruction on creating an Android OS instance housed within a virtual machine. The second demonstration will use the VM from demo 1 to show an in action attack against the VM, the tools used to perpetrate that attack, and some ways to defend. So strap-in, light up and brace yourself, because we’re at war and war is hell.
Computers are our lives now it seems. They’re in our office, pockets, cars, and appliances, seemingly taking note of every aspect of our lives. Computers make paths from the average person to all ends of the internet, vast untold treasures of infinite knowledge line these paths (plus memes and junk too I guess. Actually maybe those are the exciting bits nowadays, whoops sidetracked). These gilded info tracks rutted across the fabric of our greatest human invention (after Korean Fried Chicken) also call to the less than average people as well. Roving our information highways are predatory vagabonds looking to intercept data and permeate our personal networks. It wasn’t always like this though, so lets look back into the before time, the prehistorical period called the 1970’s where disco wasn’t the only virus being birthed.
Around the beginning of the 1970’s research began on the grandparent of our current internet. Advanced Research Projects Agency Network or ARPAnet for short was a military project designed to enable locations not within a close vicinity to transfer data securely between one another. Since there were so few high powered computers in that era, Labs would need to send away for computations to be make at other facilities then wait for the info to be faxed, mailed or tied to the foot of a pigeon and back. Initially ARPAnet was only a few computers sending simple one or two word messages back and forth but more and more members were added who began producing upgrades. Protocols like Telnet, FTP, and email were all created within the first 3 years of the 1970’s, vastly increasing the usefulness of the project and are still in use today. Primitive virus/anti-virus software was explored around this time by researchers Bob Thomas and Ray Tomlinson. They experimented with a program that traveled through ARPAnet leaving small traces of data and one that would find and destroy those traces. As the 1970’s progressed the idea of cybersecurity grew in prevalence. The military and data scientists had begun to theorize and test ways in which operating systems could be infiltrated and data lost or modified.
By the end of the decade and clear through the 1980’s cyber attacks became more and more common. Users became more aware of warning signs of attack, paying closer attention to sudden increases in file sizes or decreases in usable memory. A cold war raged leaving the military fearful of Soviet cyber infiltration. By the mid-eighties fear and need manifested itself into fully commercial antivirus products. The 1980’s also saw the rise of what we call the internet today. ARPAnet had used a protocol called Network Control Protocol, but in 1982 the TCP/IP protocols were introduced and by the end of the decade ARPAnet was shutdown in favour of the National Science Foundation network which is the foundation of the modern internet.
From this time on cybersecurity began to morph into what we know today. The world was going online at a breakneck pace and computer viruses and malware were keeping that pace as well. Antivirus companies became ubiquitous and all the greatest hits of viruses became more commonplace. Trojan horse, worms, email attachments, many of the things we worry about today got their start in this period. By the 2000’s humanity had come to behold the spectacle of our internet, our information mecca a joy to the senses, but the stench of what lay just under the surface had begun to permeate it’s glitzy veneer. The early 2000’s to today saw the rise of the most advanced offensive cybersecurity threats as well as returns to more basic classic types of hacks. Ransomware and server breaches have reached ridiculous levels and most businesses are under constant attack. Social engineering has grown again through phishing and scam calls so attackers can con unsuspecting people into giving away remote access to data. The defensive side fights valiantly by introducing ever more complicated ways to authenticate and authorize access through features like multi-factor authentication and firewall protection.
The stakes are higher than ever for cybersecurity to stay strong because we have intertwined our entire society and civilization with the internet and transfer of data. If Microsoft Azure, Amazon Web Services or other providers have major outages it can take down large portions of our world’s functionality and the attackers don’t care as long as there is data to be stolen and sold. The chilling realization that almost anything can be hacked by the right person is what keeps many cyber defenders motivated, because just as prolific as the modern day cyber attackers are, so to are the people on the other side vigilant. The cybersecurity industry has now birthed a whole new sector of workers. Penetration testers use their skills to find holes in defense systems, analysts monitor data to look for offensive signatures, and architects work to design effective security structures.
So this brings us to the present day. Cybersecurity is now longer a theory of what may happen, but a reality present in every second of our existence. Military and business are not the only ones in danger. The average person’s information is also in jeopardy. Every scam call, every Nigerian Prince email and every pop-up asking you to click here now for hot singles in you area, they’re all malicious. Each day on the web is a test, a battle in the war for our data. It will never stop, it will never get weaker, we are veterans now and the instincts we’ve developed about what seems suspicious must stay sharp. So for Christ’s sake people, change your passwords to something harder, don't fill out Facebook surveys that give away your mother’s maiden name and always wash behind your ears...oh wait that last one doesn’t fit here. Oh well still good advice.
Thanks for reading my introduction to cyber security post. This is just the tip of the iceberg, but I thought it would be good to get a feel for the evolution up to now before launching into the main focus of this blog series: Mobile Device Security. Stay tuned for future pieces where I will cover the tenets of cyber security philosophy, the world of mobile device security and some common ways we all may leave ourselves open to attack. Coming up next though I’ll be introducing my first instructional demonstration. The video will cover installing Android operating system within a VMware virtual machine so we can test some mobile device security features and attacks in the future. Once again thank you so much and I will see you in the next one. Bye!
Hey everybody, I’ve missed every single one of you I swear… So I recorded a video instructional on how to make an Android VM in VMWare workstation pro. The video will guide you through creating the VM, installing the operating system, making changes to the android filesystem to get GUI working and finally running through initial Android setup and network functionality. This is all leading up to my second set of blog posts that will focus on Mobile Device Security. Then end with a demonstration of attacking our Android VM from a second VM using some of the same techniques that modern techno-douches employ to steal your data and watch you pick your nose.
Here's the video, enjoy!