CCDC – Mid-atlantic Regional
Now I’ve had my share of competitions and especially computer science competitions. I had my first one when I was about 10 (that meaning I’ve spent half of my life doing CS competitions). And I’ve seen a lot of them…and I’ve seen pressure and people breaking under pressure. But I had no idea that I’ll participate in something that will make all of that look like child’s play. Now if there was one thing many of us hated back in high school was the feeling that everything we’re doing is so damn useless in real life.. real life problems are nothing like *THIS*. Why are we wasting time solving these problems? Some arguments were flying around about how these problems are actually stripped down reflections of real-life issues (very true, by the way, for all you youngsters out there), but that doesn’t satisfy the average energic teenager. We needed more. We needed to see our stuff work in something that “looked real”. I thought no one ever really understood that and as I grew older I also stopped caring about it all that much. As of 2008, I stand corrected. I know now that at least a few people that DO understand and DO care… And kudos to them for that and everything they do!
When our team won the State Qualifying round, although we went there with nothing but a desire to learn and gain some experience, I felt happy for our completely unexpected victory and somehow sad because that meant more work that was not planned for and another competition in March. But nothing in this world or the other could have prepared us for what the three-day marathon in March was really all about. Security you say? Just security? Oh damn security, that was the *easy* part, just change [ALL] the default passwords (I have failed utterly at that, I must admit), patch, setup the firewall correctly, backup and prepare for the worst because IT WILL HAPPEN and monitor/log your stuff so you can report events. But take that, add tons of business injects to it, add a phone system that just keeps ringing (well..at least it did as long as I could keep the phones running, it didn’t ring too much after it got hacked the 4th time) and an unhappy CEO and you have just a VAGUE idea of what our regional was like.
We had everything one could ever ask for in terms of “realism”. Clients trying to use their services (too bad there weren’t more volunteers for this), a CEO to increase pressure, a fantastic red team to simply break any belief you ever had in your abilities to secure a computer, a hectic schedule, business injects flying in like questions from a three year old and all the problems in the world. As they say in that recent blockbusters, in this situation “numbers count for nothing”, unless your team moves and thinks as one. And this time we didn’t and that’s why we only got 3rd place. But we’ve learned our lesson…we’ve learned it very well.
And I just adored what they guys came up with instead of a certificate. You see, something like this can’t be just written down on paper. What certificate can explain the hell that was loose down there? What certificate could encapsulate the pressure and work that was done? It was a cyber-war out there and it should be treated as such. So they were kind enough to honor us with challenge coins 
Other than all the knowledge I’ve gained and all the knowledge I will gain from now on as a result of the incentives this brought through, it also made me think a lot about my career, about what I want to do. It really opened my eyes about a lot of things in the field of computer security that I had no idea about… and I don’t think I could’ve ever really experienced them in any other way. So, if you’re reading this and you’re a US student interested in computer security… put together a team and get going. And if you happen to be lucky enough to be in the Mid-Atlantic Region…prepare for the most exciting and demanding thing you’ve ever went to.
People usually say this when they win something… well we didn’t win any prize, but I feel I’ve won a lot of other things, so I would like to take this opportunity to thank Tim Rosenberg, Joe DeCree(and everybody else at White Wolf Security), Casey O’Brien, the whole red team and all the people who made this happen! This has been by far the best competition experience in my entire life! And don’t worry fellas… we’ll be back next year.. and this time, we’ll be ready. Make it just as interesting
PS: Oh, I shouldn’t forget. I also need to thank Trevor Ford for putting GW’s team together and for keeping me there when I was having doubts about this whole thing. I will not forget this anytime soon, thank you my friend.
How to #2: Figure out if something is wrong
Now, let’s assume you have a suspicion. Stuff has been acting weird, you think you might be hacked. These tools can give you a better grip of what’s going on:
AVG Anti Rootkit – what is a rootkit you ask? Well, in just a few words, once someone gets access to your computer they want to make sure they have full control and that they can keep having control no matter what you do. So they install a rootkit on your system. This is a program that won’t show up in your process list in task manager, won’t be detected by antiviruses, is very difficult to remove (sometimes impossible without a complete reformat) and gives the one who installed it full, unrestricted access to your computer (also known as root access, which is where the term got its name). Fortunately, not all hackers are also good coders, so they use rootkits that are out there rather than writing their own. AVG Anti-Rootkit is a simple tool to scan for common rootkits. Runs pretty much like an antivirus scan, does its job.
This time though, simple also means not all that good. So this is where Hijackthis comes into play. Hijackthis is a small tool that is very useful for finding rootkits. Unfortunately this is not for the average user. Even security experts sometimes don’t know what all the stuff in that list stand for, simply because unlike any of the previous tools, hijackthis doesn’t really tell the difference between good stuff and bad (it doesn’t pretend to either). It just brings out a list of stuff that’s suspicious. Most of that stuff is good. Some of it might be bad. How do you know? Well… one way you can get an idea is to run it when you’re sure your computer is CLEAN (say a new installation of an operating system) and save the log file. Then run it whenever you have your doubts and compare the two log files. If you can’t really make sense of some of the new stuff out there, you should give the log file to someone more specialized to examine it.
Wireshark and Nmap – these tools are useful for monitoring your own system. Nmap will tell you what ports you have open (if you know they shouldn’t be, take another look at those firewall settings) and wireshark will capture traffic, which means it will show you EVERYTHING that goes in or out through your network card. Both of these tools are very powerful and if you want to use them you either learn how to use them yourself or you save the results they give you and give them to someone that knows what they’re doing. Also, a side note: do NOT scan anything else other than yourself (localhost) with Nmap or capture packets on an open network with Wireshark. These actions can be ILLEGAL and can get you into trouble. Use them just for getting information about your own system, nothing more. Ok?
Sysinternals suite – this pack of tools is so good, Microsoft bought it. And it’s so loved that even after they bought it, it’s still free. These are all the best tools to figure out what is really going on with your system. What processes are running, what goes on at startup, what connections are active, another tool for finding rootkits and much much more.
Finally, again, just use your wits. Do you get pop-ups when you start your computer or when you open your browser? Is your computer or network connection slow? That’s a pretty good guess that you’ve got some malware on your system. Another thing you can look at is startup programs. Either use the tools in sysinternals (generally better), or go to Start -> Run, type in msconfig and click ok. The last two tabs are what you really care about… you can take down services (make sure you tick Hide Microsoft Services first, so you don’t mess you operating system up) that seem suspicious, as well as startup programs. This doesn’t remove anything, it just keeps them from starting up, which may then help you to remove them.
There’s also a chance that your problems are not virus related and there will be some future articles relating to that.
How to #1 : Keep your computer secure
With all different opinions and ideas flying around, the average user seems to be totally confused about what they need to do to keep their computer secured, how much it will all costs and what it really means. Even worse, users they don’t really know that they should do this or WHY. Given the extended time I’ve been spending lately securing a Windows XP Desktop, in preparation for a security contest, I decided to share some ideas. These are mostly for Windows XP machines, but they are mostly appliable to any other Windows box. Feel free to ask for specific questions for your OS if you need to. I will be glad to answer these.
1. Windows Updates – the critical Windows updates are there for a reason; whenever a vulnerability is discovered that would allow people to hack your system, software teams get back to work and come up with patches for them. They do a pretty good job at patching these things and coming up with an update every other day. And with automatic updates (Start -> Control Panel -> Security Center -> Automatic updates) that do all of this without even bothering you, there is no excuse not to have your system updated DAILY. If you would rather do it manually and/or you also want to install optional updates, just go to Start -> All Programs -> Windows Update (it will be in that small list at the very top). And no, I don’t care what you heard, what your friend of a friend who knows somebody who’s father’s second wife has a son that saw Bill Gates at a conference on a TV in the mall said, updates will NOT hurt your computer. They fix problems that are already there. If you fail to keep your system up-to-date, everything that follows is useless. It’s like trying to lock and dead-bolt your front door while leaving the back-door wide open.
2. Antivirus – “But I got this file from my best friend, I’ve known him for 20 years, of course I trust him”. Well, I do also. But your friend might have a virus and not know it. With all the malware out there, behind every other link or email attachement, nothing pays off more than a simple antivirus. And although opinions about which one is better vary all the time, you shouldn’t let this stop you from just picking one. And guess what? There are a bunch of completely free antivirus programs there that do more than a decent job. “But it’s free, doesn’t that mean it’s a cheap unsafe product?” Rest assured that many tech offices use exactly the same tools. A word of warning here… make sure you only use one antivirus for full-time protection. Feel free to have as many as you want for the occasional scans.. but only use one at a time and only have one enabled 24/7. Why? Well, think of this as taking drugs for a cold. You wouldn’t (I hope) take a combination of Tylenol, Aspirin and Advil, would you? Just the same, no antivirus is bad, one antivirus is good, several antiviruses are nearly as bad as none at all. Here are a few examples of what you can get for free: AVG, Avira
3. Antispyware – Getting back to that example with the cold. You’ve taken your favorite drug, whatever it be and now you’re feeling better. But what about that sore throat? Enter, the lozenge for the sore throat or our next friend, the antispyware tool. If you want to find out what different types of malware are there and what exactly is the difference between a virus, a worm, spyware and all that stuff, don’t let me stop you from asking Google. All I’ll say is that you need an antispyware tool (yes, this one CAN AND SHOULD run at the same time as your antivirus, just as the lozenge can go with whatever drug you’re taking – they serve different purposes). But again, don’t have two antispyware tools running at the same time – it’s a waste of resources and can actually harm your system. My favorite: SpyBot, Ad-aware
4. Firewall – look at the firewall as the Vitamin C you’ve ODed on so you don’t get that dreaded cold. It’s main purpose is prevention/protection and it’s just as important as all the others. The reason I mentioned it later is because you already have one on your system (this assuming you have Service Pack 2, which if you are a Windows XP user, for the love of God, I hope you do, if not get it HERE right NOW) and it does a decent job. There is another one that I personally like more though, a very good tool for both the total n00b (if you don’t know what that is, you are one; no worries it pretty much just means novice) or for the master of ip-tables, and that is Comodo Firewall. It will take a little bit for it to get used to your system and for you to setup all your programs that you trust, but after that it will almost stop bothering you and it will give you a very good protection against what’s out there.
5. Passwords! With all these, there is still the issue of someone using “good” tools (such as remote desktop connection) to get to your computer, with bad intentions. Can they? Maybe.. if they know some vulnerability that no one else knows yet. Maybe, if you don’t have all the stuff I wrote about above. Maybe, if they’re just damn good at what they’re doing. CERTAINLY, if your password sucks. This can be anything from: not having one in the first place, using dictionary words, using a short one or using something that can be known about you (names, cities, dates etc.). If you feel you’re brain can’t take the effort of remembering a random-generated password (it’s a great mental exercise by the way), then what you can do is: you get your regular password, be it “ilovemydog” and change letters with numbers or characters, when it’s rather obvious to do so: “!10v3myd0g”. You’ll remember this in no time and it’s still better than using dictionary words.
6. DON’T JUST CLICK ON STUFF!!! I MEAN THAT! Do you just accept boxes with stuff from random people you meet on the street? Do you explore dark location in sketchy neighbourhoods at 2am? Well, if you’re smart enough not to do that, don’t let yourself be tricked by cheap online tricks! Don’t open emails that offer you discounted drugs, lottery wins, free vacations, surprise funds from dead exotic royal families and whatever ideas they come up with. Even opening the email might land you with malware or simply a confirmation that your email address is genuine and active and then even more spam will come to you. Also, be careful with links you see on unknown pages and especially with pop-ups. Same deal here… no, you’re not the n-th user today, that for some weird reason wins one million dollars; no, that flashy little icon did NOT find an infection on your computer and so on. Be smart and you’ll be safe!
All this should make your online day a happier one. Still, this doesn’t mean that now your computer is impenetrable. It just means that it’s considerably more difficult to hack (compared to “way too easy” before this) and chances are that as long as you don’t do something stupid (see number 6), you’ll be safe. On the other hand, if someone specifically wants something on your system and they make a point out of hacking YOU, that’s a whole different story. But that’s probably not the case, so don’t worry about it for now. Do these steps and you can definitely sleep better at night. If only securing your house was this easy.
Feel free to ask any questions or to bring any comments/additions to the solutions I’ve proposed here!
Site updates
After writing those two posts about security issues I realized how long it’s been since I updated my blog. OOPS
So, I got it updated today and I also added a CAPTCHA plugin for comments, so you should know be able to comment without registering/logging in as long as you can read (and type) the letters in that image. I would really appreciate feedback on this, try out, let me know if you run into trouble!
Thanks!
–anothem
LE: I’ve updated the word list for the CAPTCHA plugin. Please let me know if you
have any problems (including not understanding the picture)