Nowadays, the virtual security of corporate intellectual property is under the continual assault. The attackers include competitors, criminal groups, disloyal employees, hackers and various agents of the government. Experts confirm that every company had been under virtual attacks at least once (Booz, 2012). Some victims still have no notion what virtual thieves had obtained. Although companies are strengthened their defences, more and more attacks have success. Such attacks pose serious prolonged consequences to companies’ profitability and competitiveness.
This paper considered the some types of engineering systems that can be applied to the virtual attack. The NeuString was chosen to consider and explain methods and tools that hackers, corporate raiders, penetration testers or vandals can use. Further, it also described the methods and suggestions to secure vulnerabilities of the company.
However, the main problem is that companies still do not fully appreciate the threat which virtual attacks represented. Many managers of the companies believe that attacks are less successful, widespread and more threatening than statistical data indicates (Booz, 2012). Therefore, companies’ management must focus on securing its systems and be more precautious and attentive to the possibility of break-ins.
Attack Plan Paper
Communicating through the Internet connection provides opportunities to share and get information all over the world; however. It also makes possible to penetrate the network for Internet users that are involved in criminal or deceitful activities. It is the common opinion about hackers, spies and other types of intruders that they are dangerous only in movies, but not in the real life. Indeed, the overwhelming majority of the network attacks consist of spreading worms and other viruses. Nevertheless, the damage that these viruses cause can be irreparable. Therefore, it is significant to prevent any possibility of intrusions.
NeuString is the world leading company in the Wholesale Analytics software for Mobile Operators in many regions of the world; the company produces and distributes Roaming Analytics Software. According to the Official Site of NeuString (2012), NeuString owns several software products, including Desktop and Web applications. From company’s profile on the LinkedIn (2012), it is known that NeuString has offices in UAE, Denmark and Ukraine. CEO, CFO and management of the company are based in Dubai, UAE. Client service directors are located in Denmark, and technical department and team of software developers are based in Ukraine. NeuString was established in 2008; therefore, it is a relatively young company. Total number of employees is approximately 30 people; this fact indicates a necessity of a small system administration team, and that is a potential weakness.
The company is specialized on producing the Analytics Software, so it has the qualified and skilled technical personnel. Hence, in order for methods of social engineering to be applied, they have to be skilful and well-considered. A message with proper text from the account of company’s System Administrator is the reliable way to make employees install the necessary software or to provide their password information by e-mail. To obtain the password from the mail account of System Administrator, it is necessary to crack his account; his contact details (e-mail and Skype) can be taken from the LinkedIn, facebook or other social network. Assuming that NeuString is a Gmail user, the method, retrieved from http://www.insecure.in/gphish.asp can be used to crack the System Administrator’s e-mail account. Thus, the warning of the database moving to a new server should be sent from false Gmail Account and on behalf of the “Gmail Team” from e-mail of the System Administrator. The message’s content could be seen at http://www.insecure.in/gphish.asp. Such message should not evoke suspicion, especially, if in the past employee has already witnessed migration from one mail server to another. Hacking into the System Administrator’s e-mail account gives access to not only contact details of all company’s employees, but to servers or virtual server images, used by the company. Knowing that NeuString has offices in several countries, it is important to send similar messages from Gmail account of System Administrator and on his behalf to financial and accounting personnel, for example, after working hours. Copies of these counterfeit messages have to be removed from “Sent” folder, so that the System Administrator would not discover them in his mailbox and would not suspect that his account was hacked. Setting a redirection up on his mail account for certain mail addresses will prevent getting the requested password information from financial and accounting personnel into the System Administrator's mail box.
Oracle Database Vulnerability
Suppose the desktop software applications, which developed by NeuString, are based on a client-server technology, and it is highly likely that Oracle database (Oracle DB) is used in this case. TNS Listener, which is responsible for establishing a connection with the database, is vulnerable to TNS Poison Attack. This vulnerability permits a hacker to wiretap the traffic between the Oracle DB and a user, in order to observe all sent and received data. TNS Poison Attack still does not have a solution, except for a workaround way (Koret, 2008). This vulnerability also permits the exploitation of the established connection by sending the specific commands to compromise the data that are located on the server; data can be deleted, modified or augmented.
Attacker can also use this vulnerability to install the rootkit that takes control over the server (Goodin, 2012). Assuming that NeuString has Standard support version of Oracle products; there is no solution for security alert, so the database can be easily attacked by TNS Listener Poison Attack. However, to exploit this vulnerability, it is a required a network access to TNS Lister.
Thus, if an attacker was able to avail himself of the vulnerability, he would get complete control over the DB server. Moreover, NeuString has several Oracle installations for various clients’ accounts, so it means a complete control over all client data, stored in the DB.
VMware Server Vulnerability
It was discovered that NeuString uses VMware server image (2012) while the company’s site was being explored. It was also undertaken several attempts to select the combination for the domain name of company’s website. Assuming that the hacking into Gmail account of the System Administrator was successful, hence, password to the server may be found in his e-mail box. In case there is no password in the e-mail box, it can be gained with the help of a sniffer program. An additional vulnerability can be exploited in case the version of VMware server, currently installed in NeuString, was not recently updated; it is possible to execute the host code from guest operating system. This vulnerability of the virtual machine's display function allows guest OS to run the code on the host. This technique can be retrieved from http://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html. Next vulnerability involves the denial-of-service of the virtual devices; guest OS may cause the failure of any virtual machine on the given host. This technique is described at
http://www.vmware.com/support/server2/doc/releasenotes_vmserver201.html. There are some more Web application vulnerabilities that have potential to be exploited in the company’s Web application such as Authentication Bypass, SQL Injection, Cross-Site Scripting (XSS), Application Logic Flaws, Local file inclusions and Code Execution. They are described in detail at http://www.bonsai-sec.com/en/services/web-application-penetration-testing.php.
Remote Access and Remote Control
Getting the remote access to the NeuString top management’s physical PCs is the best opportunity for an attacker to cause significant damage to the company’s software resources and the confidential client’s billing data. NeuString is a small company, so the IT-team that monitors the security system consists of only one System Administrator. Therefore, there is a reasonable chance of exploiting vulnerabilities through the human factor. As in the case with social engineering, described earlier, the main target for the remote access and control attempt would be the System Administrator’s PC. The technical department of the company is based in Ukraine, so their working schedule coordinates with time zone UTC + 02:00; it is noteworthy because attack can be undertaken only outside their working hours. Most likely that the System Administrator’s PC runs 24/7 and has stable connection with Internet and static IP; to obtain his IP address a sniffer 2IP can be used, which is a apy available on the following website 2ip.ru/strange-ip. Sending a link with the GIF image copied from the website through a message by e-mail, Skype, social network or pasting the picture itself into any message is enough to get the System Administrator’s IP address, location, browser and OS. Once the IP address has been determined, the sniffer Cain & Abel can be installed on attackers PC, due to which the password to System Administrator’s PC or other required information becomes available to him.
The technique is described at http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml.
Sniffer has a wide range of options, such as Decoders, Network, Sniffer, Cracker, Traceroute, CCDU, Wireless and Query. The Decoders tab allows decrypting different passwords and protected documents. The Sniffer tab enables a user to get passwords from various network protocols (FTP, HTTP, IMAP, POP3, VNS, Telnet, MySQL etc). Once all required passwords are obtained, a Remote Control PC application has to be installed on an attacker’s local PC; it enables to control the System Administrator’s PC. The product can be retrieved at http://www.remote-control-pc.com/. Remote Control PC application allows controlling the remote computer in the real time mode, using all features of remote OS with an attacker’s mouse and keyboard. Theoretically, undetected remote control over System Administrator’s PC is a “game over” for any company, because it allows the attacker to install any malicious spyware, perform Denial-of-Service attacks, damage data, stored in the DB and take remote control over PC’s of the top management. In addition, any possible vulnerability on the controlled PCs can be detected by installing and running on these PCs various scanning tools available at http://www.ehacking.net/2011/08/top-6-web-vulnerability-scanner-tool.html
One of the most common computer security methods is the user’s login and password. However, it is a common knowledge that login and password authentication does not provide the absolute security. First of all, many users choose classic passwords based on personal information or write their passwords down in order to not forget them. Second of all, some of the users share their passwords with colleagues by e-mail or phone. Thus, reliable security system could not depend on passwords only, it would be more reliable to combine them with smart card system or biometrical authentication (voice, fingerprint, or eye scan) (Geers, 2011).
With the widespread usage of Internet and social networks, the office computer networks became vulnerable to social engineering methods of attack. A virus can infect any file located in a system and do irreparable damage to the particular computer or entire computer network. Thereby, prevention or early detection is indispensable for the security system of any corporate network. Timely updated antivirus software detects the latest viruses, so it is recommended to use up-to-date antivirus programs for adequate protection (Geers, 2011).
Remote access represents quite a security risk of unauthorized intrusion into the system. The remote user gains access not only to the network, but also to the personal information of the controlled workplace. Installed into the computer, security system or password protection is not effective measures against the remote access. A network system with external access is never completely secure against attackers. Nevertheless, external access can be prevented by callback system; with such system user should call to be identified, and the system should call him back on the authorized number before it grants to access (Geers, 2011).
A necessary tool for securing any network is a Firewall system. Firewall examines every message and blocks those that deviate from the specified security standard. Thereby, it is also recommended having the firewall security.
To prevent the access of the unauthorized person to vital or confidential data, as well as to protect such information from being released accidentally, the data can be encrypted. Encryption means encoding the information into a special cipher which can be decrypted only by an authorized person who has a key to the code (Geers, 2011).
Backup process is duplicating the system and user’s files to another data carrier, such as a USB, diskette or zip drive, as a preventive measure in case the primary source will be infected, compromised or destroyed. It is crucial to duplicate all the needed information and software, since the most reliable computer system could eventually fail or be compromised. Depending on the type of data and method of the recovery process, there are various techniques for backing up the computer data content (Geers, 2011).
The personnel that are responsible for monitoring and ensuring the computer security as well as for information defence, freeware product versions and standard support service usage is an indispensable necessity for any company nowadays. The attempts to save money by reducing technical and security support put the company at risk of destruction (Goodin, 2012). Therefore, companies’ management must pay a greater attention to securing the computer’s systems to avoid the unpleasant surprises in the future.