Deutschlandfunk: Markus Feilner on the Radio (twice, in German)

Very nice, one of the major german NPR radio stations requested me as an expert for Hacking the Bundestag. Once Again, a radio interview. 🙂

Hackerangriffe auf den Bundestag – Die Verwundbarkeit der Politik

“Im Jahr 2015 sorgte ein Bundestagshack fĂĽr groĂźen Schrecken. Anfang dieses Jahres alarmierte ein Datenangriff auf Politiker die Sicherheitsbehörden. Inzwischen soll das Netz aktuellen Sicherheitsstandards genĂĽgen – doch es bleiben Schwachstellen.”

(Deutschlandfunk Kultur, Zeitfragen | Beitrag vom 25.03.2019, Hackerangriffe auf den Bundestag, Die Verwundbarkeit der Politik)

And here:

 Wahlmanipulation – SicherheitslĂĽcken der Demokratie

“Mitte Mai 2015 bemerkte die IT-Abteilung des deutschen Bundestages: Hier stimmt etwas nicht. Was genau? Das ist bis heute nicht ganz klar, erklärt Markus Feilner. “Die Details sind nicht ganz geklärt und es wird sich wahrscheinlich auch nie klären lassen.” Der IT-Journalist Feilner hat versucht, den Hack 2015 nachzuzeichnen. Sicher ist, dass die Netzverwaltung des Bundestages, basierend auf dem System eines US-Konzerns, zumindest falsch konfiguriert war. So hatten mehr Mitarbeitende höchste Systemrechte im Netzwerk als nötig und gut war. Unter anderem ĂĽber diese Schwachstelle konnten die Angreifenden in die Netze eindringen.  “Grundlegende Sicherheitsaspekte wurden nicht beachtet” Entsprechend lautet Feilners Fazit noch heute: “Der Bundestagshack war insofern besonders erschreckend, weil wir bei der Recherche feststellen mussten, dass grundlegende Sicherheitsaspekte nicht beachtet oder bedacht wurden.” 

(…)

“Die Situation ist gegenĂĽber der letzten Bundestagswahl quasi unverändert. Was aus meiner Sicht eigentlich ein Skandal ist. Das heiĂźt, es wird immer noch Software eingesetzt, die eigentlich nicht eingesetzt werden sollte und die anfällig ist.”

(DLF, Computer und Kommunikation | 30.03.2019 Wahlmanipulation, Sicherheitslücken der Demokratie) 

Benjamin Delphy on Kekeo, successor to mimikatz. (Video)

BlueHat IL 2019 – Benjamin Delpy (@gentilkiwi) – You (dis)liked mimikatz? Wait for kekeo – YouTube

From the comments: 

“If you enjoyed playing with Kerberos, ASN1, security providers…, then you’ll love adopting this furry, sweet animal. From its birth with MS14-068 to cleartext passwords without local administrator rights, you’ll know everything about this animal. This talk will embed CredSSP and TSSP with cleartext credential, explore a little bit about PKINITMustiness and the RSA-on-the-fly for Kerberos with PKI!”

Mimikatz on Windows Server 2019… nice music.

DoktorCranium is fiddling around with Windows Server 2019 Insider Preview Build 17650 and Mimikatz, a security tool used by hackers e.g. for intruding the German parliament, the Bundestag in 2015/2016 . “Bypassing Windows Defender, Loading meterpreter, and executing the latest Mimikatz just for fun.” Why? Because he can. And Open Source rocks. I still find it hard to believe so many security-sensitive environments still use software from the shelf. And if you like Benjamin Delphy’s work, look at this video about Kekeo: https://www.youtube.com/watch?v=sROKCsXdVDg

Windows Server 2019 Insider Preview Metasploit/Mimikatz tests – YouTube 

QR Codes: Apple messed it up (again)

… For years I have been talking about the dangers of QR codes…. well here’s one of the convenient Apple preload functions, I assume, messing it up: The Hacker News — Online Cyber Security News & Analysis … :

You need to open the Camera app on your iPhone or iPad and point the device at a QR code. If the code contains any URL, it will give you a notification with the link address, asking you to tap to visit it in Safari browser. However, be careful — you may not be visiting the URL displayed to you, security researcher Roman Mueller discovered. According to Mueller, the URL parser of built-in QR code reader for iOS camera app fails to detect the hostname in the URL, which allows attackers to manipulate the displayed URL in the notification, tricking users to visit malicious websites instead.

The City of Atlanta, Georgia has been hacked.

Reality update: Hackers Are Holding The City of Atlanta Hostage … :
“This is much bigger than a ransomware attack, this really is an attack on our government,” Atlanta Mayor Keisha Lance Bottoms said at a news conference, Reuters reports. “We are dealing with a (cyber) hostage situation.”

(…)

Experts have warned that cybersecurity is likely the next great security threat for governments and companies around the world, and that most systems are simply not prepared. Indeed, Atlanta isn’t the first U.S city to be hit by ransomware — the Colorado Department of Transportation has already been hit twice in 2018. However, the Atlanta attack seems to the most thorough, city-wide cybersecurity breach yet. And though some companies have ramped up security following attacks, as Atlanta plans to do, it seems that most cities aren’t adapting their security before an attack happens.

(…)

It’s not yet clear at what point Atlanta will give in and pay the ransom to get its data back. But as more cities rely on digital processes, the dangers to both citizen privacy and security are going to multiply. Imagine a hack that takes out not just a city’s computer systems, but also its electrical power, plumbing, and even control of your own car.