A new version (4.75) of the popular network scanner is available for download now. This version of Nmap allows for a neat graphical representation of your scan results through Zenmap. The network topology is shown in the form of concentric circles indicating the distance between the scanned host and your computer from where the scan originates. Each concentric circle here represents a hop. Hosts are represented in the form of circles of different sizes and the more number the number of open ports in a host, the bigger is the size of the circle that represents it. Images of the Zenmap features along with their explanation can be found here.

Apart from the graphical representation of network topology and some other new features. This latest version of Nmap contains many new OS signatures which should improve the accuracy of results. I will be very shortly using this version of Nmap on one of my penetration testing assignments and post more if required. If you have used it already in any of your scans, do share your insights on this blog!

When (evil) hackers hammer the Stock prices

Can evil hackers/cyber criminals/competitors affect the stock prices of a corporation? We are not talking about sophisticated hacks aimed at accessing confidential information or conducting massive denial of attacks on web interests of a business. Instead, let’s consider a case where a hacker ‘poisons’ the information available about the (financial) health of a corporation. You may ask: “How does that happen and how would it impact the trading of securities like stocks? “

Consider the following hypothetical case then:

Phase 1: Evil hackers/crime mobs/competitors break into news websites and add (false) damaging information (in the form of a fake article) about the financial well being of a corporation X. The title of such an article could look like “Senior Management of Corporation X is selling company shares in anticipation of impending bankruptcy”. 

Phase 2: On the internet, the news travels at the speed of light (or even faster!) .This fake article may be quickly indexed by search engines and then would available to a wider population. Also, to further increase traffic to the fake article and to in turn increase the page rankings on Google et al , a hacker could use botnet herds to visit this article. Once this (fake and grim) news is seen by enough people , Bloggers and market analysts alike wouldn’t hesitate to share their (pessimistic) opinions and predictions about the future of the corporation X. 

Phrase 3: Stock markets incorporate any available information at blazing speed. As stock traders, MBAs et al would know, the efficient market hypothesis or the concept of “Market Efficiency” suggests that any new information is readily absorbed and reflected in the stock prices. To a certain extent, this is intuitive as well. So now a mass paranoia may lead to massive selling of the stocks and sending the stock prices of corporation X crashing down. Now in times of credit crunch, economic depression, soaring oil prices, global warming and what not, bankruptcy is always an option..

Now off course, some readers may feel that this is FUD and some others may feel that the above situation has been expressed in a very simplistic manner as if it impacting the stock prices and forcing a corporation towards bankruptcy was the easiest thing to do on the planet. The readers in the latter category might be right though. However, those who think it’s a hypothetical case, might wish to read this piece of news .‘Apparently’ a 6 yr old write-up about bankruptcy fears related to United Airlines resurfaced on a news website in 2008, as a current affairs piece and brought down the stock prices of the airlines. This impact on stock price of United Airlines is believed to be a result of stock scamming techniques such as the one described above in this post. Agreed that only time will tell if this indeed was the case for American Airlines but there shouldn’t be any doubt about the probability of such threats materializing and the fact that we could see more of them in the near future.

Terrorists today have become tech savvy. Modus operandi of terrorist-group(s) in recent bomb-blasts in Indian cities of Jaipur, Bangalore, and Ahmadabad and just now in Delhi proves it.   As has been reported in the media, law enforcement agencies believe that insecure wireless networks belonging to individuals (like “Ken Haywood) and institutions like universities were misused by terrorists to send emails to the press claiming responsibility for the blasts. See this Times of India article if you need any further background on the above.

v So what’s the problem?

In the past, intelligence agencies/law enforcement agencies have been able to track such emails to a specific IP address used by criminals/terrorists. However, now the terrorists have become smarter than before, it seems. Such ruthless mercenaries now look out for vulnerable wireless networks used by general public for Internet access in homes or offices etc.  This act of surveying an area for open/exposed/unprotected wireless networks is called “war driving” and can be carried out by a terrorist sitting in his car outside your home/office. Once the terrorists find a vulnerable wireless network (like the one with no password), it becomes a piece of cake for them to hijack and use that Internet connection to send emails of any kind to anybody (like the press or the law enforcement).  These dubious persons, who are ruthless and impudent to the extent of insanity, needn’t be standing  right next to you and  could use a laptop or a less conspicuous PDA for ‘war driving’ from a distance of 20-100 meters from your network. When the law enforcement analyses at the header of such emails (to trace where the email came from) they find the IP address belonging to the vulnerable wireless network which was exploited by the terrorist and helpless individuals are interrogated.

v How can a home wireless network be secured?

What could be done to minimize the risk of terrorists exploiting your home, university or company wireless network? At this juncture, let me clarify here that, we are not talking about full-fledged sophisticated wireless security solutions or techniques but at least some basic things which can be done by system admins managing wireless networks or techies with a home wireless network to secure their own and their neighbor’s wireless network! These are as follows:

a)  Keep a strong password for your Access Point (AP)

Most access points come with a default (factory set) password which can be used by an administrator to login to the AP through a web browser and make configuration changes. Several hacking websites publish a list of such access points (of various brands) along with their factory set passwords. Needless to say, such lists are available to anybody with minimal Google skills and off course to the terrorists and therefore if you haven’t changed this default password, sooner or later your wireless network may be broken into.

To change your access points default password, you can login into your AP with a web browser (if such functionality is supported).  e.g., some Access Points, like those from D-link and Linksys can be configured through the URLs: http://192.168.0.1 and http://192.168.1.1 respectively. After the login, you should see a password tab where you can configure your AP with a strong password. A strong password would be a combination of numbers, letters in small alphabets and some letters in caps lock and would preferably be of 8 characters length or so. If such a password sounds inconvenient to remember then you could keep a password based on any random phrase which you can remember like “the rabbit goes fox hunting”. Also, it would serve well from security point of view to change the password periodically, say once every month or so.

b) Make your network invisible

Hackers/Terrorists may use software tools to scan an area/location to find out the various wifi networks in that area. Your access point generally broadcasts your network name (SSID) freely in the air and anybody should be able to detect its presence and attempt to connect to it. Some of these wireless network detection tools can be defeated by hiding your network presence. For this you need to configure your wireless access point to disable SSID broadcasts.

You can log into your Access point and select “Disable SSID” (or something similar; see your AP manual) to disable such broadcasts. Note that, you will now need to manually configure your desktop/laptop or PDAs with your new network name to be able to access your wireless internet connection.

c) Change the Default SSID

Like the factory set passwords, APs also come with a default network name (default SSID). Even if you hide your network as described in (b) above, if somebody knows your network name, he/she can still find your network. Lists of default network names along with the brand of Access points are freely available on the Internet and act as a tool in the terrorist’s war driving chest.

Therefore, it is recommended that you login to your access point and assign a new network name (other than the factory set).

d) Strong Encryption key

Access to your network should be restricted with a strong encryption key based on a wireless security standard. Your wireless client (software on your laptop or PC) uses this key to authenticate to your Access point and enables you to access the wireless network and/or associated internet connection. This key/password should be strong. Many people such as those whose wireless connection was actually exploited by the terrorist group, e.g., “Indian Mujahidin”, probably (seems so from the news reports) did not have any password or encryption key for their network.

At least some form of encryption (like the one based on the WEP standard) should be configured for your wireless networks. Although, WEP (Wireless Equivalent Protocol) is inherently insecure, but it’s certainly better than having no encryption. Note that, it doesn’t matter how strong a ‘version’ (like 128 bit) of WEP is used. WEP’s inherent flaws can be easily exploited (encryption can be cracked by readily made tools available on the Internet). Therefore, if you wish to use a stronger encryption, you should disable WEP and enable WPA (Wi-Fi Protected Access) encryption which is more secure than WEP and relatively harder to break into. An even stronger encryption standard for wireless networks is WPA 2.Note that your wireless router /AP may not support WPA /WPA2, in which case WEP remains the only option. If you end up using WEP encryption, make sure you change your encryption key (password) periodically.

e) Switch off Wireless network when not in Use

This should be self explanatory!

f) Restrict access by MAC Address

Many APs also allow you to define the specific computers/systems which can connect to your wireless network. This is achieved by specifying ‘allowed’ MAC addresses in the access point configuration. MAC address is a unique identifier for any network adapter (like your wireless network card). You can configure your AP to only allow access to your systems (like laptops etc.) to connect to the wireless network.

To re-emphasize, this article is focused towards home/small office wireless network security, For a robust wireless security solution , one would also need to consider wireless intrusion detection systems, maintain auditing trails which are reviewed frequently , implementing encryption key management procedures , performing periodic wireless security reviews, RADIUS authentication etc.

For a home wireless Internet connection, at least the first 5 steps should be taken by a home user. I have tried to make the wireless security concepts simpler so that they can be referred to by anybody with minimal knowledge of wireless security. You can use the above list to secure your network or consult with specialists in your area to ensure that your wireless network is safe. If you aren’t a techie, the above will help you to be a bit more aware about what may be required for securing your wireless networks. At least after reading the above list of safeguards you might be able to ask your Internet connection provider or a techie nearby to secure your network! Also, though the implementation method (how to do it) of above mentioned safeguards vary by Access Point brands, the principles are the same. It’s best to seek expert help (like your wireless Internet connection setup guy) or network administrators and consult the manual that comes along with the APs to ensure that the above safeguards are implemented properly.

v Food for Thought

You might wonder if all the above effort in securing your wifi network is justified. “Can it happen to me? It might have happened to “Ken Haywood” or others but it won’t happen to me”. I bet both Ken Haywood and other thought the same before the Anti Terrorism Squad came knocking on their doors!

Consider, implementing wireless security measures as being diligent and being a responsible citizen. We demonstrate such attributes when we look out for unattended objects in a public area and inform the law enforcement. Now given that the scourge of terrorism is reaching new frontiers and becoming more sophisticated, the magnitude of our prudence/diligence also has to increase and be in consonance with the current trend. It’s not a matter of choice anymore; it’s a matter of survival…