HAM SHACK FU!

Protecting Your Ham

Shack’s Computing

Resources

Chris Miltenberger

W5CMM

May 25, 2017

IDENTIFYING THE RISKS

• Self-inflicted harm

• Security Breaches

• Data Leaks

• Phishing

• Malware

• Support scams

• Wireless networks

• Internet of Things (IoT)

• Hardware failure

• Weather and

Infrastructure

SELF-INFLICTED HARM

• File sharing / Warez

• Poor security practices

• Poor equipment maintenance

• Lack of situational awareness

SECURITY BREACHES

• Yahoo

• Target

• Home Depot

• TJ Maxx

DATA LEAKS

•Chelsea Manning

•Edward Snowden

•Wikileaks

•Shadow Brokers

PHISHING

Email that appears to come from an acquaintance, coworker, customer,

delivery company, etc. but actually comes from an impersonator.

• Your mailbox is full.

• You need to verify your account.

• You have a package waiting from UPS, FedEx, DHL, etc.

• Please authorize a financial transaction.

MALWARE

• Viruses – Must be executed by the user.

• Worms – Can spread without any user intervention.

• Trojans – Provide attacker with remote control of your system.

• Bots – Use your computer for DDoS attacks (distributed denial of

service) attacks.

• Scareware – Threatens the user with a phony notification from FBI,

DHS, etc.

• Ransomware – Encrypts your data and holds it for ransom.

WANNACRY?

• Launched 5/12/2017

• Spreads through Server Messenger

Block version 1 (SMB v1) using the

ETERNALBLUE exploit.

• Installs the DOUBLEPULSAR

remote access Trojan and Tor to

facilitate communications with the

ransomware author.

WANNACRY?

• Attempts to infect all connected

drives, mapped network shares,

and remote desktop sessions.

• This is a worm so it can spread

by itself to vulnerable computers

across your network.

WANNACRY?

• ETERNALBLUE and

DOUBLEPULSAR were part of the

Shadow Brokers release of the NSA

Equations Group hacking tools

earlier this year.

• MS17-010 patch released in March.

• Windows Vista, 7, 8.1, and 10

systems without MS17-010 are

vulnerable.

WANNACRY?

• Microsoft released a patch for older

unsupported systems (XP, 8, Server

2003) the afternoon of 5/12/2017.

• Windows 10 is mostly invulnerable

due to forced updates.

• Keep your computers behind a

router that blocks SMB v1.

• Uninstall SMBv1.

WANNACRY?

• Originally thought to be the work

of a nation-state, but now

thought to be the work of the

Lazarus Group.

• The same group is responsible

for the 2014 Sony Pictures hack

and the 2016 siphoning of $81M

from Central Bangladesh Bank.

SUPPORT SCAMS

• Typically a call from Microsoft or some other respected company.

• Typical social engineering claims are “you are infected” or “your neighbors are

using your internet connection”.

• Attacker tries to social engineer access to victim’s computer

• Convinces victim to download and install a remote access tool to gain and retain

access to your computer.

• Shows victim large list of network connections or errors in event logs.

• Offers to fix the problems, install a product, etc., often as a monthly service.

WIRELESS NETWORKS

• Insecure home wireless network.

• Using an public, insecure,

untrusted, or open wireless

network.

• Not updating or patching

wireless drivers with known

vulnerabilities.

INTERNET OF THINGS

• Smart TVs

Samsung and Visio have both had

issues with insecure or out-of-date

applications, or with spying on

customers.

• Smart Appliances

PornHub was found running on a

smart refrigerator in Home Depot.

HARDWARE FAILURE

• Hardware can fail at any time.

• Power surges can destroy multiple computer components.

• Failing power supplies can cause other components to fail.

• Hard drives crash. Data recovery is sometimes possible, but requires

an expert. Recovery of SSDs (solid state drives) are much more

difficult, if not impossible.

• Data recovery services are expensive ($300 and up).

WEATHER

• Hurricanes – We live in Louisiana…no big surprise here.

• Tornados – More in recent memory.

• Floods – Again…we live in Louisiana.

• Lightning – A major threat to amateur radio equipment.

INFRASTRUCTURE

• Aging power distribution

infrastructure can cause voltage

spikes and outages.

• Older homes have

poor/substandard wiring.

• Squirrels and other varmints can

destroy wires.

WHAT CAN WE DO?

• Improve our security

awareness.

• Improve our security posture.

• Improve our security

practices.

• Prepare and follow a plan.

SECURE YOUR WIRELESS NETWORK

FACT: Wireless networks can be breached. Understand and accept this, but

do everything you can to make it as difficult as possible for attackers.

• Upgrade your router’s firmware or replace it with a new router.

• Disable WPS (Wi-Fi Protected Setup). An attacker can exploit WPS to get

on your wireless network in a matter of minutes.

• Don't bother hiding your SSID or using MAC address filtering. An attacker

can sniff the wireless traffic to find the SSID and the MAC addresses of

authorized clients as they reauthenticate, and then clone the MAC address

to gain access.

SECURE YOUR WIRELESS NETWORK

• Use WPA2-PSK with AES encryption. If you use anything weaker, like WEP

or WPA1-PSK with TKIP, your wireless network is much easier to breach.

• Use a long and complex passphrase. Include upper and lower case letters,

numbers, and special characters. Shorter passphrases can be attacked

quickly with rainbow tables (tables of precomputed hashes).

• Change the default SSID and passphrase. There are rainbow tables for

default SSID/passphrase combinations.

SECURE YOUR WIRELESS NETWORK

• Most newer wireless routers have guest networks separate from the main

network. Make use of that feature especially if you have kids/grandkids!

• Some wireless routers have personal VLANs (where wireless clients can't

talk to each other). This is sometimes called wireless client isolation.

Leveraging this feature can prevent malware from spreading.

• Remember…if you give someone the passphrase to your main wireless

network they have access until you change the passphrase. If you type it in

for them the passphrase can be easily recovered.

PUBLIC WI-FI

• Avoid using public Wi-Fi.

• Some public hotspots are unencrypted and can be sniffed for

usernames and passwords.

• Rogue access points that broadcast a “trusted” SSID use man-in-

the-middle attacks to steal your credentials.

• Use the cellular data or a personal hotspot on your device.

• If you must use public Wi-Fi consider using a trusted VPN.

USE DEDICATED COMPUTERS IN YOUR SHACK.

• Restrict your shack computer to rig control, logging, QRZ

lookups, connections to clusters, etc.

• Avoid casual web surfing, emails, videos, etc.

• Use Linux or MacOS – less prone to infections than

Windows.

• Advanced – Put your shack systems on an isolated VLAN.

PATCH YOUR OPERATING SYSTEM

• Use a supported operating system.

• Fully patched versions of Windows 7, 8, and 10, and Server 2008 R2, 2012,

2012 R2, and 2016 are supported.

• Earlier versions of Windows are not supported and usually do not get security

patches. The WannaCry patch released 5/12/2017 was an exception.

• Most machines that came with Windows XP can run Windows 7 or Linux.

• Patch Tuesday – 2nd (and possibly the 4th) Tuesday each month.

• Allow the operating system to automatically check for and install

patches.

PATCH YOUR APPLICATIONS

• Go for the low hanging fruit first. Java, Flash, and Acrobat are the

most often exploited attack vectors by malware/ransomware.

• Java will notify you when there's an update available. Unless there's an

extremely good reason for not updating Java (some programs need a specific

version of Java to run) you should update it ASAP. If you don’t need Java then

uninstall it.

• Flash will ask about installing new updates after a reboot. Install the update

ASAP. If you don’t need Flash uninstall it (or disable the plug-in in Chrome).

• Acrobat can check for updates (under Help > Check for Updates…). Consider

using a different PDF reader like Foxit Reader or CutePDF.

PATCH YOUR APPLICATIONS

• Uninstall software you don't need or use with an uninstall tool like

Revo Uninstaller. It uninstalls the software and removes all remaining

files and registry entries.

• Use an application like Personal Software Inspector to check for, and

apply, application updates.

• Allow trusted applications to automatically update themselves.

• Use a utility like Snappy Driver Installer to update your drivers.

USE A GOOD ANTIMALWARE UTILITY (OR TWO)

• Primary - Malwarebytes (free/paid), Microsoft Defender

(free), Avira (free/paid), BitDefender (free/paid), Avast

(free/paid), ESET (paid), Norton (paid), ZoneAlarm

(free/paid), etc.

• Secondary – RansomFree, CryptoPrevent,

SUPERAntiSpyware, SpyBot Anti Beacon, etc.

DON'T RUN AS AN ADMINISTRATOR (OR ROOT)

• Using a regular user account will block over 90% of all current

Windows vulnerabilities.

• Create unprivileged guest accounts for anyone* that uses your

computer.

*Your kids or grandkids will infect your system!

FILE SHARING

• Are you sure what you're up/downloading isn't copyrighted,

illegal, or contains child pornography or malware?

• File sharing uses a large amount of data.

• Sharing copyrighted material can result in your ISP

terminating your Internet account and leave you open to

legal action by the copyright holder.

• Sharing child pornography will send you to prison.

WAREZ

• Almost 100% of hacked or cracked software contain

malware.

• Almost 100% of keygens (registration key generators)

contain malware.

• If the program is worth stealing it's probably worth buying.

• Most commercial (for pay) amateur radio programs have

equivalent low cost, free, or open source alternatives.

EMAIL

• Don't open attachments unless you are certain they are safe.

• Download all attachments and scan with an up-to-date malware

scanner (or upload to VirusTotal for analysis).

• What about emails from mom/dad/friend/UPS/FedEx/USPS?

• Are you 100% sure about the identity of the sender?

• Are you 100% sure they aren't infected themselves?

• Configure Windows to display all file extensions.

AVOID USING MICROSOFT OFFICE

Online office suites are resistant (so

far) to malware in office documents.

• Microsoft Office Online

(https://www.office.com/) – Free to

individuals!

• Google – Free to individuals!

• Docs (https://docs.google.com)

• Sheets (https://sheets.google.com)

• Slides (https://slides.google.com)

Use a non-Microsoft office suite

• LibreOffice

• OpenOffice

• Apple

• Pages

• Numbers

• Keynote

SECURE YOUR BROWSER

• Dump that insecure or out-of-date browser.

• Upgrade to the latest version of Firefox or Chrome.

• Stop using Internet Explorer!!!

• Use browser extensions to enhance your online security

and privacy.

• Using AdBlock, Privacy Badger, Ghostery, and NoScript is a good

start.

• Avoid questionable websites.

ENABLE MULTI-FACTOR AUTHENTICATION (MFA)

• A second factor will protect you even if your password is

compromised.

• Many online services offer MFA.

• Soft tokens and authenticator apps are easy to install and use.

• The use of SMS messaging as a second factor was recently

deprecated by NIST (and was recently exploited).

USE A PASSWORD MANAGEMENT TOOL

• LastPass, KeePass, RoboForm, etc.

• Prevents password reuse.

• Remember a single master password.

• Some support MFA (multi-factor, or two-factor

authentication).

BACKUP YOUR DATA

• Image Backups - Can be restored to new media to

revive a failed hard drive or recover from a disaster

or ransomware incident.

•File Backups - Individual files or folders can be

restored to recover from a malware incident or

accidental deletion.

LOCAL BACKUPS

• Local backups are stored on USB device, CD/DVD/Blu-ray, Tape, Network

Share, etc.

• Encrypt your backups. They probably contain passwords, protected data

(SSNs, credit card numbers), registration keys, etc. that you don't want

leaked.

• Backups on connected devices (anything with a drive letter) can be rendered

useless by ransomware. Always detach the backup device from your

computer after completing your backups and store it in a secure location.

• Consider making multiple backups and storing them at different locations.

CLOUD BACKUPS

• Cloud backup providers- Carbonite, Crash Plan, BackBlaze, etc.

• Cloud backups are generally more resistant to ransomware.

• Some cloud backup vendors keep multiple generations or versions of

files to allow users to restore from a specific point in time.

• Some vendors have restore options for disasters or critical situations.

They will overnight your backups on an encrypted drive for quicker

restoration.

PROTECT YOUR EQUIPMENT

• Always use a surge suppressor or UPS.

• Insure your cables aren’t frayed or pinched, and are fully

inserted.

• Periodically vacuum the interior of your computer case, or

carefully use a leaf blower (do it outside, and avoid blowing

directly on fans…they aren’t built to handle 120 mph gusts).

• Use ferrite clip-ons to reduce RF interference.

SANITIZE YOUR HARD DRIVES

• Use a secure wipe utility

before you sell, dispose of,

or gift an old computer or

hard drive.

• .223, .308, .357, .44, .45,

and .50 diameter holes are

also extremely effective.

DON’T FALL FOR SUPPORT SCAMS

• Microsoft will never call you

(unless you pay for a

support incident).

• Microsoft has no way to

know your computer is

infected (but your ISP

might).

• Event log errors and multiple

network connections are

normal and expected.

• Giving a stranger access to

your computer is placing your

life in their hands. JUST

DON’T DO IT!!!

ONLINE RESOURCES

• Securing The Human – Ouch! -

https://securingthehuman.sans.org/resources/newsletters/ouch/2016

• ASD Strategies to Mitigate Cyber Security Incidents -

https://www.asd.gov.au/infosec/mitigationstrategies.htm

• ASD Top 4 - https://www.asd.gov.au/infosec/top-mitigations/top-4-

strategies-explained.htm

• BBB Scam Tracker - https://www.bbb.org/scamtracker/us

ONLINE RESOURCES

• Free phishing training - https://phishme.com/resources/cbfree-

computer-based-training

• Uninstall SMBv1 - https://support.microsoft.com/en-

us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-

smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-

server-2008-r2,-windows-8,-and-windows-server-2012

ONLINE RESOURCES

• Protect your computer from Ransomware

• http://www.computerworld.com/article/3187889/security/how-to-

rescue-your-pc-from-ransomware.html

• https://www.bleepingcomputer.com/news/security/how-to-protect-

and-harden-a-computer-against-ransomware/

• https://krebsonsecurity.com/2016/12/before-you-pay-that-

ransomware-demand/

ONLINE RESOURCES

• Ransomware in action - https://youtu.be/Z-htleMYq5E?t=50

• ETERNALBLUE in 2 - https://t.co/I9aUF530fU

• Ransomware Prevention-

https://www.helpnetsecurity.com/2017/05/15/prevent-ransomware-

guide/

• Ransomware Simulator Tool - https://info.knowbe4.com/ransomware-

simulator-tool-1chn

• VirusTotal - https://www.virustotal.com/

ONLINE RESOURCES

• Personal Software Inspector -

https://www.flexerasoftware.com/enterprise/products/software-

vulnerability-management/personal-software-inspector/

• Snappy Driver Installer - https://sdi-tool.org/

• RansomFree - https://ransomfree.cybereason.com/

• CryptoPrevent -https://www.foolishit.com/cryptoprevent-malware-

prevention/

ONLINE RESOURCES

• Removing Admin Rights

• https://www.helpnetsecurity.com/2017/02/23/removing-admin-

rights/

• http://www.cso.com.au/article/604516/block-100-ransomware-by-

managing-admin-rights-applications-researchers/

• Password management applications -

http://www.pcmag.com/article2/0,2817,2407168,00.asp

• Enable MFA on your online applications -

http://www.pcmag.com/article2/0,2817,2456400,00.asp

ONLINE RESOURCES

• Cloud backup providers -

http://www.pcmag.com/article2/0,2817,2288745,00.asp

• Support scams - https://www.onthewire.io/inside-the-tech-support-

scam-ecosystem/

• Highlights of the Verizon 2017 Data Breach Investigations Report-

http://ridethelightning.senseient.com/2017/05/highlights-verizon-2017-

data-breach-investigations-report.html