Following on from the ongoing Facebook / Cambridge Analytica scandal, I was invited to be a guest on James Hazell’s show on BBC Radio Suffolk. We talked in depth about how social networks and apps are using our data.
Please listen in by clicking the ‘play’ button above. Don’t forget to Like, Subscribe, Comment and Share.
If you watch Mission Impossible: Rogue Nation, you will find a scene near the end of the movie where Faust (Rebecca Ferguson) hands a USB drive to her ‘handler’ Atlee (Simon McBurney), he then proceeds to surreptitiously erase the contents of the USB stick using an combination of distraction, slight of hand, a Nokia 930 smartphone and a copy of the Financial Times. Thus Faust is oblivious to the smoke and mirrors that has just taken place and continues on with her mission (should she choose to accept it!).
All of the above just seemed completely unnecessary and it was with this still in mind that I began testing and reviewing the Apricorn Aegis Secure Key 3z, a storage device which not only hardware encrypts your data but also includes a self destruct option for those most inconvenient moments when your only option is to completely destroy the data!
The majority of disk encryption is at software level which means that you can access the information, but it is in effect ‘scrambled’ using a password or code. Try enough times using either brute force or dictionary attempts and you may just crack the key and thus give yourself access to the information.
The Secure Key 3z uses a hardware based encryption, namely 256-bit AES XTS. AES is an acronym for “Advanced Encryption Standard”, originally invented in 2001 as the “Rijndael Cypher” after it’s creators Daemen and Rijmen. AES is a widely used encryption standard able to be resilient against attacks. It is in fact so highly respected, it has become to ‘go to’ encryption method for security agencies, banks and governments to trust it with their highly sensitive information and state secrets. The 3z uses 256 bit encryption, which gives a hundred thousand billion billion billion billion billion billion billion billion combinations of keys. With the further addition of the XTS cypher, it renders data stored on the device effectively impossible to access or decrypt.
Out of the box, the Secure Key measures in at 81mm x 18.4mm x 9.5mm and weight 22 grams and has an internal rechargeable battery. Once unpacked, you will need to set up your Admin pin number straightaway as there is no pre-programmed key. This must be between 7 and 16 digits, you cannot set consecutive numbers or numbers which are all the same, this pin is users to set up the Secure Key allows to to manage other features, but more of that later.
As soon a you’ve added your admin user, you can then (if you like) add a standard user. You would use this feature if you were going to manage the Secure Key and were going to issue it to another person to use. Again, this is a fairly straightforward and covered in the ‘quick start guide’.
Whilst locked, the USB is effectively useless, plug it into a computer’s USB port and you will find the computer won’t even recognise the device as it is hardware disabled, in other words it’s switched off. This is indicated by a ‘red’ led illuminating on the device. To unlock the device, you press the green padlock key and then enter either the user or admin pin number and press the green padlock again. The red LED will switch off and the green LED starts flashing, this indicates that device is unlocked and ready for use, it is simply a matter of plugging it in to a spare USB port.
The key itself is USB3.1 but is backwardly compatible to v3, v2 and v1.1. This gives it a surprising turn of speed of to 190MB/s read and 80MB/s write.
OK, so the key performs really nicely and had government grade encryption, what happens if I lose the key and it gets into the hands of an enemy?
First off, the key is encased in a IP58 Dust and Water Resistant tough metal shell with polymer coated wear resistant keys. Inside the electronic components are protected by a filling of hard epoxy resin, making a physical attempt to access the electronics virtually impossible without causing catastrophic damage.
PIN entry ‘brute force’ protection means that if you enter the code number incorrectly more than 3 times, the space between entry of subsequent pins slows down, if the incorrect entry of keys hits 10, the red light on the key will start flashing rapidly, at this point you have 10 more attempts left, if you fail to enter a correct pin within these last attempts, the key will consider itself as under attack and will delete it’s data as a precaution.
Should you be left in the position of Faust and Atlee in Mission Impossible : Rogue Nation, there is in fact a better option for destroying the data on the card (or in fact having a third party do it for you). Yes, the Secure Key supports the entry of a ‘self destruct key‘, a key which is designed to delete all data on the key and reformat the device, this key is then assumed as the standard key for the device and it will behave as a brand new drive.
It was quite fiddly to set up, but I was successful in testing the ‘Self Destruct’ mode, it worked as documented and didn’t give me any indication that it was taking place.
Apricorn have made a very solid product with the Secure Key 3z, it looks and feels the part, it worked very well and the security features were exceptional.
I loved the fact that a company is working SO hard to make the theft of data so difficult. In times of cross border data theft, the counter-measures employed by the Secure Key 3z are both impressive and comforting.
The Gadget Man
Starting at £74 for the 8GB to £228 for 128GB models, the USB Storage Key is reassuringly priced for the corporate market.
Following a report by the RAC that vehicle thefts in the United Kingdom have risen by 30% in the last three years, I spoke to Mark Murphy on his BBC Radio Suffolk Breakfast show about how thieves are trying to defeat the security measures that car manufacturers are putting in place.
You can listen into the stream, but clicking the ‘play’ button above.
If you are interested in the technology that is regularly being used to defeat vehicle security, Andy Greenburg has written a very interesting article on Wired which can be found here.
The Gadget Man - Episode 101 - WannaCry - WannaCrypt - Eternal Blue - What Happened and What to Do?[ 5:45 ]Play Now | Play in Popup | Download (493)
Following my previous post which can be found here, I talked this morning to Mark Murphy on BBC Radio Suffolk about WannaCry and the effect it has had on the NHS, what needs to be done to stop it happening again and what we can do to protect ourselves.
To read and in depth article on how to protect your computers from such attacks, click here
PLEASE ensure your computers have all their updates installed and make sure you have Anti-Virus software installed.
WannaCry Ransomware has now affected over 200,000 systems in 150 countries around the world. In the UK, the National Health Service has been very badly affected causing massive disruption across the country.
Although the initial outbreak was stopped, several new versions of this virus have been reported in the ‘wild’. Some have been stopped by registering the ‘kill-switch’ domain name, but it is widely believed that a version or versions of the virus has been released that does not contain a kill-switch.
ONLY COMPUTERS RUNNING WINDOWS ARE IN DANGER OF INFECTION CURRENTLY.
Before you do ANYTHING else BACKUP your important files onto removable storage. Upon completion of this backup, ensure it is kept separately from your computer in a safe place. Should you become infected with this Ransomware, you don’t need to consider paying any kind of ransom as your files are safely stored elsewhere.
UPDATE your antivirus software, if you don’t have antivirus software installed enabled Windows Defender which is free.
You MUST ensure that your Windows system is correctly patched with the latest security updates.
If you are using an unsupported version of Windows like Windows XP, Windows 2008 or Server 2003, you can get the patches for your unsupported OS from the Update Catalog. We do recommend that you update to a supported version of Windows as soon as possible.
Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry.
Another weekend in the UK and Facebook users are both being SWAMPED and are SWAMPING the web with fake voucher codes AGAIN!
Despite repeated warnings by supermarkets and trading standards across the country, there seems no let up in the social sharing of these codes along with the very high chance of having identities stolen or at the very least being added to email spam lists.
The method of sharing these scams are by using ‘Social Engineering’, ie. Friends and Family share them and add legitimacy to an other wholly illegitimate fraud.
By clicking on these fake vouchers and accepting what appears to be a vaguely official looking terms and conditions, people are effectively handing over their personal details in return for absolutely nothing…
So, what are the giveaways?
The vouchers contain an expiry date in US date format
The barcode is the same for each voucher, these would need to be unique.
The issuing store is ALWAYS Greenhithe.
It can ONLY be redeemed with your original receipt
All of the vouchers seem to mention ADSA Direct rather than the store they are supposedly issued under.
The domain name is suspicious to say the least, The URL has not relation to Morrisons other than a VERY DUBIOUS domain name.
All of these would lead me to be extremely suspicious of the validity of the offer. So let us look at the domain name morrisons-f50f83o.grabinn.us
For starters I see no logical reason for any large company to be using such a cryptic URL for anything, but lets look at where this website lives. We do this by using a common command call ‘ping’.
PING morrisons-f50f83o.grabinn.us (184.108.40.206): 56 data bytes
64 bytes from 220.127.116.11: icmp_seq=0 ttl=49 time=31.111 ms
64 bytes from 18.104.22.168: icmp_seq=1 ttl=49 time=31.736 ms
64 bytes from 22.214.171.124: icmp_seq=2 ttl=49 time=32.421 ms
64 bytes from 126.96.36.199: icmp_seq=3 ttl=49 time=30.546 ms
We are returned an IP address, this is the physical address that this voucher code lives at, in the case of this voucher code it resolves to 188.8.131.52
We can then lookup the IP using domaintools.com and it gives the following results
The host (or computer holding the web site is located in France. This makes the tracing of the owner much more difficult as it requires international law enforcement cooperation
This shows that 30 other websites are located on the same server. I would suggest these are probably variants of the web address, possibly other store names.
This is the ‘abuse’ contact for this IP address, in this case it is firstname.lastname@example.org . This is the email address people should contact to report unlawful behaviour. Worth noting.
We now have the contact details of the host in order to report unlawful behaviour.
OK, we can now lookup the domain name to find out it’s owner. In this case it is using subdomains, so we can comfortably ignore the morrisons and hieroglyphics and concentrate on the TLD or Top Level Domain grabinn.us
GRABINN.US is the domain name used to host the voucher
NAMECHEAP is the registrar (or company holding the domain name)
Lisa Alex is the registered owner of the domain (probably a fake name)
This is the registered address of the domain owner (probably fake too), it doesn’t look like a valid address and the telephone and fax numbers are also fake looking.
So, by the look of everything, we have a domain name that cost 99p to register using a LOW COST registrar, hosted on a server that charges £1.60 per month on a LOW COST server by a fake name at a fake address in Pakistan (supposedly).
Now, YOU need to ask yourself the following question,
Would a multinational company employ a person to run it’s national voucher system whilst sitting behind fake credentials on low cost hardware? Or would they use their own existing IT infrastructure?
Why not spend the time you might have spent being duped by reporting these people to the ‘abuse’ email address and help STOP this kind of thing from continuing.
If you live in Suffolk or Norfolk, we now have our own Cyber & Serious Crime Department which can be contacted by dialling 101. I have spoken to several officers working in this division and they are all very professional and take cyber crime very seriously.
On Friday, I spoke to Mark Murphy on the Morning Show on BBC Radio Suffolk about the breaking news story concerning the massive data breach at Yahoo, possibly converning over 500,000,000 user accounts and by far the largest leak in history.
Listen to the short interview where I explain what I think happened and what Yahoo users should do to ensure their accounts are kept safe and secure from now on.
Yahoo has released a statement concerning the breach, we can be read here