This week’s episode was a little confusing for me – and I’m not only referring to the trippy dream Elliot has while going through his drug withdrawals.
It seems I wasn’t the only one who had questions about the hacks in this week’s episode; Forbes published an interview they did with Michael Bazzell, Mr. Robot’s technical consultant and cyber crime expert explaining the hack attack on E Corp that Elliot comes up with at the beginning of the show.
In the article, Michael Bazzell explains how Elliot plans on destroying E Corp’s data storage facility, using Raspberry Pi. Sounds like a very yummy method – too bad there’s an “e” missing at the end of “pi”! Michael explains that Raspberry Pi is a very small computer that can be accessed via the Internet through its built-in cellular chip. Using this, Elliot wants to control the facility’s climate control system to overheat it, thus melting E Corp’s tape-based back up.
While Forbes focused on the more complex hacks that targeted large corporations like E Corp and Allsafe, I was intrigued by the two physical hacks in the show.
The first “IRL” hack is when two members of FSociety hack a minivan – keep in mind that FSociety does everything in their power to not leave a trail, so they need a stolen car to get to E Corp’s data facility center in order to prevent being caught.
The FSociety guys casually sit on a sidewalk and wait for someone to park and lock their car. Using what looked like an old radio to me but is more likely a transmitter, they were able to send a command to unlock the car – politely thanking “mom” for giving them the opportunity to steal her car. Once inside the car, they connect the car to their laptop using a cable and ran the code to get the car started.
I asked my colleague, senior malware analyst Jaromir Horejsi, what he thought of the hack:
All they needed was the cable and specialized control software for cars. This software can access data from sensors in the car and it can control the car’s behavior. With that, they just had to connect everything together and select their desired actions. – Jaromir Horejsi
Elliot, Mr. Robot’s anti-hero cyber-security engineer by day and vigilante hacker by night, has been having a life-style crisis. In episode 3, Elliot longs to live what he calls a bug-free life, otherwise known as a regular person.
However, he is quickly pulled back into F Society’s hold when emails exposed during the threatened data dump revealed that E Corp executives had knowledge about the circumstances which led to his father’s death. We will leave the intrigues and plot theories, especially if Mr. Robot is real or a figment of Elliot’s imagination, to the internet. Right now, let’s look at the hacks highlighted in this episode.
At minute 7:40, you see Elliot in the hospital after Mr. Robot had pushed him off the high wall they were sitting on in the previous episode. His psychiatrist, Krista, is in the hospital and explains that the police wanted to do a drug panel, but Elliot refused. Elliot admits he has been taking morphine. Krista says the only way she can approve his release from the hospital would be if he commits to a bi-monthly drug test. Elliot starts thinking about how he will get around this problem by hacking the hospital’s IT. The IT department is lead by one single person, William Highsmith, with a budget of just $7,000 a year. According to Elliot, he uses useless virus scans, dated servers and security software that runs on Windows 98. It’s one of the reasons why Elliot made that particular hospital his primary care facility, since he can easily modify his records to look average and innocent.
Stefanie: Wow, wouldn’t it be an unusual that a hospital would actually use old infrastructure and have little budget for their IT? I also found it a bit odd that they have just one IT guy, I mean healthcare data is REALLY sensitive and definitely one of the last things I would want to have accessed by hackers!
This morning, our colleagues who work on our Avast SecureLine VPN product informed us that there was a significant increase in downloads in the U.S. This made us curious, as we didn’t have any specific campaigns running that would explain this dramatic spike in downloads. In the App Store, we jumped tothe 6th spot in the utilities category (and as we were coming from the 200th spot, this says a lot)!
We decided to turn to Twitter to see what was going on and discovered that teenagers were the cause of the trend. This shouldn’t have really surprised us, as teens are trendsetters and experts at dispersing viral content via social media channels.
Another week, another Mr. Robot episode! Last Wednesday the second episode of Mr. Robot aired (Ones and Zer0s). This episode did not disappoint! It was dark, gloomy, but also included lots of technical things that made us once again question: How can this affect me?
This week I sat down with freelance security and privacy journalist, Seth Rosenblatt, to discuss the episode.
At the beginning of the show, Elliot has a bit of an involuntary meeting with E-Corp now interim CTO, Tyrell Wellick. After this meeting, Elliot goes home and hacks Tyrell. What he notices is that E-Corp mail servers haven’t been patched since “Shellshock” and that Tyrell does not use two-factor authentication nor does he have a complex password. Elliot realizes that this was all too easy and that Tyrell must have wanted Elliot to hack him. He then goes nuts and burns his chips and SIM cards in the microwave, tears apart his hard drive, destroys his mother board.
Stefanie: Lots of interesting stuff happened in this scene! Can someone hack me like Elliot hacked Tyrell? What is the Shellshock vulnerability and can it still affect me as a personal user?
Seth: If Tyrell wanted Elliot to hack him, he made it pretty easy for an experienced hacker like Elliot. I bet many people, who do not put a lot of thought and effort into their online security, can be easily hacked. The fact that E-Corp hadn’t patched their servers since Shellshock seemed a bit odd, but again this was maybe intentional to make it easy for Elliot to hack, in the hopes of blackmailing him later on. In terms of the average user, Shellshock is a vulnerability that affects systems using BASH (a Unix based command processor used by Unix- based systems such as Linux and Mac). Patches for Shellshock have long been issued, so if you update your operating system regularly you have nothing to worry about.
Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.
The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.
I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.
In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.
Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?
Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.
Stefanie: Wow! That’s a bit frightening… How can I protect myself then?
VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:
- allows Hola users to use each others’ bandwidth
- sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
- and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.
If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.
Devastation. The feeling you get when you realize your mobile phone is missing. All those photos, contacts, and other data- gone forever. Why? Because it wasn’t backed up.
Just in time for World Backup Day, Avast conducted a global survey to find out whether or not people back up data on their mobile devices. We received responses from 288,000 users in countries including the United States, Germany, India, Mexico, and Russia.
In order to get an idea of which kinds of data users store on their devices, we began the survey by asking respondents for what purposes they use their mobile devices aside from making calls and sending text messages. In response, we found that
- Two out of ten people use their mobile device to take photos
- 18% browse the Internet
- 17% listen to music/watch videos
- 16% use social networking apps like Facebook and LinkedIn
Why do people not back up their data?
Put simply, most people don’t think it is necessary to back up their data. Globally 36% and nearly half of Russians do not think it is necessary (48%).
Almost a quarter of the world attributes not backing up their data to laziness (24%). Thirty-two percent of Indian people admit that they are too lazy to do a back up.
Thirty-six percent of British respondents claimed not to back up their data because they believe their data is not valuable, compared to only 22% of global respondents citing this as their reason for not backing up their mobile data.
What is more valuable to mobile users: hardware or data?
Now that we established that lots of people don’t care about their data, are too lazy to prevent its loss, or don’t think its worth the trouble, we then asked users what they would be more upset about losing: their data (that has not been backed up) or their device (the hardware).
Globally, 64% of people would be more upset about losing their data that has not been backed up rather than the device itself. Respondents in Mexico backed up this claim most significantly, with 78% of Mexican users claiming they would be more upset about losing their data than losing their hardware.
Which data are people worried about losing?
Across the board, users were most heavily concerned about losing the contacts stored on their mobile device (25%) and photos (21%). Despite these concerns, 37% of respondents said they do not back up their data. Brazilians are the least likely to back up their data (45%), yet 64% of Brazilians would be upset about losing it.
Why you should back up your mobile data
We use our mobile devices to make important calls, capture valuable moments, browse the web, to use our favorite apps and so much more. Anything can happen to your mobile device in a split second; it could fall into the toilet, go missing (either through loss or theft) or even get run over by a car! Yet, as we discovered, many do not back up the data they consider indispensable.
How to back up your data
You can back up your data in many ways: by connecting your mobile device to a PC (like nearly one-third of global users do. See below.), connect to a Cloud service (like Dropbox, iCloud, or Google Drive) or use a mobile back up app like Avast Mobile Backup.
When people actually do back up their data, how do they go about it?
The majority of those who do back up their data back it up on a monthly basis (41%), while another 8% back it up on a daily basis.
Most people back up their data by connecting to a PC (32%) — only 17% back up their data to the Cloud. When we inquired about this difference in numbers, 46% of users expressed their reluctance to back up to the Cloud due to privacy concerns. Germans were the most concerned about their privacy when it came to Cloud back up (61%), with Spanish (58%) and American (57%) respondents close behind them.
March 28th, 2015 – It was a gray and chilly Saturday morning when some of Avast’s fittest gathered to run in the 17th edition of the Sportisimo Prague Half Marathon. As the biggest running event in the Czech Republic, this year’s race drew in over 12,000 participants. Thirteen brave Avastians ran the event’s full 21 kilometers and 12 (also brave) Avastians ran in relay teams. The relay teams consisted of four members, three of whom ran five kilometers and a fourth who ran six. The Avast runners chose to support the Committee of Good Will – Olga Havel Foundation, an organization that works to support handicapped, abandoned and discriminated individuals in their integration into society.
Let the race begin
The race took place in Prague’s historic city center along the Vltava River. Both the start and end points of the race were positioned in Jan Palach Square, named after Jan Palach, a student who immolated himself to protest the Soviet occupation of Czechoslovakia in 1969. At the starting line, I found myself stretching and warming up next to thousands of fellow participants. As we eagerly waited for the race to begin, some sort of miracle occurred – the sun’s rays made their way through the clouds, warming our cold bodies and lifting our spirits. Then, at noon, the starting pistol was fired and we began the race, appropriately accompanied by the sounds of Bedrich Smetana’s “The Moldau”. This celebrated piece of classical Czech music evokes the sounds of the Vltava River, the body of water that served as the backbone of the race.
Step out of your comfort zone
The Prague Half Marathon was the first official race that I’ve taken part in. I ran five kilometers as part of one of Avast’s three relay teams. Intimidating is definitely a word one could use when describing the experience — when the race began, literally thousands of people ran past me and it soon became somewhat of a struggle to keep up in the constant stream of runners. However, it was great having my colleagues there for moral support. During the first kilometer, one of my colleagues passed me, giving me a cheerful greeting en route to complete the race’s full 21 km.
As I ran, I let the Vltava’s breeze cool me off while I basked in the sun’s warmth and admired Prague’s breathtaking views. Within just two kilometers, I had passed some of the city’s most famous sites, including the Charles Bridge, National Theater, and Dancing House. Out of the corner of my eye, I could even see the Prague Castle on the other side of the river. Upon reaching the five kilometer mark, I handed my baton chip over to my teammate, who continued on and crossed the Vltava to meet our third runner.
Each of the Avast relay teams completed the half marathon in just under two hours. The individual runners, who ran the full length of the race, all finished within two and a half hours. To top it all off, Avast’s fastest runner, Adam Simek, came in 88th place out of the 12,500 runners who participated, completing the half marathon in a remarkable one hour and 18 minutes!
A message to my fellow Avast runners: You guys all did an amazing job and I hope you have all recuperated from the run I look forward to running with you again next year!
Andreas L. lost his phone at a party, but that’s not the end of the story. Avast Anti-Theft helped him find the thief and get his phone back.
A lot can happen when you go to a party: you may bump into old friends, make new ones, or dance like there is no tomorrow. Losing track of your personal belongings can also happen when you party, which is exactly what happened to Andreas from Bangkok.
Andreas recently commented the following on our Facebook page:
We were happy to hear Avast Anti-Theft helped Andreas get his phone back and asked him what happened and how exactly he used Avast’s features to get his phone back. Here is his story:
Andreas went to a party in Bangkok where he made new friends, had a few drinks and at the end of the night Andreas responsibly took a taxi home. When he woke up the next morning he realized that every smartphone owner’s worst nightmare had happened to him, his phone was missing! Losing a smartphone is not only frustrating because the hardware is expensive, but because it contains so much personal information.
Avast Anti-Theft to the rescue!
While Andreas worried about his phone, he received a message from Avast. The message informed him that his phone’s SIM card had been changed and provided him with the new SIM card’s number and service provider. That is when Andreas realized he could use Avast’s other anti-theft features to GPS locate his phone and perform commands like wiping his phone remotely. Luckily, Andreas did not have to go as far as wiping his phone, but the option did help him in his efforts to get his phone back.
I will look for you, and I will find my phone
With his phone’s new number in hand, Andreas called the thief to confront him and demand he return his phone. Andreas let the thief know that he knew his location (and more) and could render the phone useless and go to the police if the thief did not cooperate. The thief gave in and sent Andreas his phone.
Andreas’ story is one of many lost and found stories we have received from Avast Anti-Theft users and each story gets more interesting! From this experience we can only recommend partiers install Avast Anti-Theft before going out, we will have your back so you can party worry free!
Malvertising, sounds like bad advertising right? It is bad advertising, but it doesn’t necessarily include a corny jingle or mascot. Malvertising is short for malicious advertising and is a tactic cybercriminals use to spread malware by placing malicious ads on legitimate websites. Major sites like Reuters, Yahoo, and Youtube have all fallen victim to malvertising in the past.
How can consumers and SMBs protect themselves from malvertising?
Malvertising puts both website visitors and businesses at great risk. Site visitors can get infected with malware via malvertising that either abuses their system or steals personal data, while businesses’ reputations can be tarnished if they host malvertisments. Even businesses that pay for their ads to be displayed on sites can suffer financial loss through some forms of malvertising because it can displace your own ads for the malicious ones.
To protect themselves, small and medium sized businesses should make sure they use the latest, updated version of their advertisement system, use strong passwords to avoid a dictionary attack and use free Avast for Business to discover and delete malicious scripts on their servers. Consumers should also keep their software updated and make sure they use an antivirus solution that will protect them from malicious files that could turn their PC into a robot, resulting in a slowed down system and potential privacy issues. Avast users can run Software Updater to help them identify outdated software.
How does malvertising work?
Businesses use ad systems to place and manage ads on their websites, which help them monetize. Ad systems can, however, contain vulnerabilities. Vulnerabilities in general are a dream come true for cybercriminals because vulnerabilities make their “jobs” much easier and vulnerabilities in ad systems are no exception. Cybercriminals can take advantage of ad system vulnerabilities to distribute malicious ads via otherwise harmless and difficult to hack websites.
Why cybercriminals like malvertising
Cybercriminals fancy malvertising because it is a fairly simple way for them to trick website visitors into clicking on their malicious ads. Cybercriminals have high success rates with malvertising, because most people don’t expect normal looking ads that are displayed on websites they trust to be malicious. Targeting well-visited websites, not only raises the odds of ad clicks, but this also allows cybercriminals to target specific regions and audiences they normally wouldn’t be able to reach very easily. Another reason why malvertising is attractive to cybercriminals is because it can often go unnoticed, as the malicious code is not hosted in the website where the ad is being displayed.
Examples of malvertising
An example of an ad system platform with a rich history of vulnerabilities is the Revive Adserver platform, formerly known as OpenX. In the past attackers could obtain administrator credentials to the platform via an SQL injection. The attackers would then upload a backdoor Trojan and tools for server control. As a result, they were able to modify advertising banners, which redirected site visitors to a website with an exploit pack. If the victim ran outdated software, the software would download and execute malicious code.
Another malware family Avast has seen in the wild and reported on that spread via malvertising was Win32/64:Blackbeard. Blackbeard was an ad fraud / click fraud family that mainly targeted the United States. According to our telemetry, Blackbeard infected hundreds of new victims daily. Blackbeard used the victim’s computer as a robot, displaying online advertisements and clicking on them without the victim’s knowledge. This resulted in income for botnet operators and a loss for businesses paying to have their ads displayed and clicked.