Security Week 38: Security cameras transmit via IR, the neural network quickly picks up passwords, hackers conduct intelligence through Word
No matter how effective the “cut off the cable to the Internet” protection method is, it is extremely rarely used - even by those who should. But researchers are not relentless in trying to come up with the most curious way to bridge the "air gap." That sound , then light , then warm The idea is this: a physically isolated (air-gapped) network is infected with malware. How - it has long been invented, and even implemented (Stuxnet, for example). A flash drive can be thrown, a disk with infected software, but you never know what. But to enter does not mean to exit. However, there are few objects with an isolated network without a physical security system with surveillance cameras. And to see something when the light is off in the room, you need a backlight, and most cameras are equipped with an array of IR LEDs. Some of these cameras can be seen outside through the window.
Accordingly, cameras with a special Trojan turn into a BILATERAL data transmission channel. And invisible to the naked eye. Outwardly, the data is transmitted by infrared diodes, and an attacker with an ordinary smartphone accepts them. To enter data, the hacker uses the same array of IR diodes, and the camera receives their signal.

The channel parameters stated in the study are impressive, compared to other methods of overcoming the air gap - a speed of 15 bit / s for each LED (which gives 120 bit / s with eight LEDs common for cameras), a distance of hundreds of meters out, and kilometers when transmitted inwards . Ben-Gurion entertainers even figured out how to do without line of sight (though the maximum distance is reduced to tens of meters).

Well, in order for us to see the real application of such a technique, we need three circumstances to coincide: (1) someone decided to isolate the network with an air gap, (2) hackers became interested in his information, and (3) this someone turned on security cameras into their super secure isolated network. It sounds silly, but still, the idea is beautiful.
Developed by AI for quick guessing passwords
News . Research . Scientists from the Stevens Institute of Technology and the New York Institute of Technology have published early results of their work on using the Generative adversarial network (GAN) to accelerate guessing passwords. Well, that is, faster than manually sorting through the rules, as in Hashcat or John the Ripper.
The idea looks quite logical to itself - if anyone can determine by what principles people come up with passwords, then only neural networks. Recently, generative-competitive networks have often been used for fun, such as improving tainted photos or automatically building realistic-looking pictures of animals (they look realistic only for deep learning experts themselves, but in reality they’re scary, see proof). The essence of the GAN is the use of two neural networks, one of which (generative) generates something more or less similar to training samples, and the second (discriminatory) distinguishes generated samples from training ones. Playing against each other on a sufficiently large sample, both networks reach a state of equilibrium in which they can generate very reliable samples.
Egg-headed hackers, armed with TensorFlow 1.2.1, trained the network with passwords fused over the past 18 months from LinkedIn and RockYou. She eventually generated her own, improved password selection rules. By themselves, they turned out not to say that it is better than HashCat, but if they are combined with the HashCat rules, then the number of guessed passwords from the test sample increased by 18-24%. The numbers are not very impressive, but you need to understand that in practice, you can take a lot more. That is, pretty soon assessments of the complexity of password selection will have to be reviewed - progress cannot be stopped.
The undocumented feature of MS Office allows you to merge
News profile data . Study. No matter how you poke around in Microsoft Office, or in its files, you will always find some kind of surprise. Our guys, exploring Freakyshelly's targeted attack, came across a phishing mailing list with OLE2 files. At first glance, there was nothing malicious inside, no macros, no exploits, no flash. And then they found links to PHP scripts on external hosting. You open the file in Word, it crawls on the links - and data on the installed software enter outside.

Presumably, the attackers need this data for reconnaissance. In general, accurate success data about which software is installed on the victim and which versions are very important for the success of a targeted attack. But why does Word even follow these links?
The researchers found that hackers exploit the not fully documented feature of MS Office - the INCLUDEPICTURE field in the document. The value in this field only tells Word that a picture is attached to certain characters in the text, the link to its location should be in ASCII. But someone came up with a cunning Unicode, and as a result, the field refers to a certain offset in the document, where the form lies, in the additional data of which there is a URL - where Word crawls. In addition to Word for Windows, this feature works in Microsoft Office for iOS and Android.

Antiquities
“Subliminal-1487”
Periodically encrypts and displays the text: “LOVE, REMENBER?”. Also contains ciphertext: “N: SUBLIMINAL V1.10 O: ˆHYSTERIA! D: 02OCT89. "
Quote from the book "Computer viruses in MS-DOS" by Eugene Kaspersky. 1992 year. Page 35.
Disclaimer: This column reflects only the private opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. That's how lucky.