Lawrence’s List 061716

Lawrence Hoffman //

ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques.

Certain Intel chips come with what’s called a “Management Engine” or ME. This is an actual physical subsystem which implements Intel’s Active Management Technology (AMT.) Why is it on a security blog? Because it has full control over everything your machine does, uses security by obscurity, and if infected would be totally undetectable, and totally unfixable.

Net neutrality. For those who haven’t been following, let me give a short overview. ISPs would like to sell you access to the internet piecemeal. That is you would no longer pay one fee for equal access to all websites. Rather you’d purchase access much the same way as we purchase access to cable TV. Facebook and Twitter would be one fee, using Google search another fee, etc. Furthermore, they’d like to be able to prioritize delivery. For example, assume you owned an ISP, and you wanted to start an on demand video service, how to get new adopters? Make the current video services deliver so slowly that you become the only watchable option. Thankfully the FCC’s ruling that the internet is a medium of communications was upheld by the courts this week. This isn’t over though, ISPs are claiming that not being allowed to block or handicap sites is an infringement of their freedom of speech, and they’ll likely continue this battle for as long as they can.

This grabbed my attention. The worm, dubbed “Photominer,” is pretty neat in concept and design. Here’s the plan:

  1. Brute force weak ftp passwords.
  2. Infect websites on those ftp servers with malware that infects machines of people who visit the site.
  3. Pivot within the victim’s environment using SMB, dropping as many copies as possible.
  4. Set up fake Wi-Fi access points that infect other machines when they try to connect.
  5. Use all the infected machines to mine Monero (a crypto currency.)
  6. Profit.

Hype warning: You’re reading stuff on the internet, it may not be true!

I’ve read enough articles on this that I’m getting turned around as to who did what. At the beginning of the week we heard that Julian Assange is planning another dump of information on Hillary Clinton which he believes will lead to her indictment ( For the most part this is a political issue, and I wasn’t considering it for this column, but then came how Mr. Assange supposedly acquired this data and made this a security matter. Shortly after Assange’s announcement came news that Russian hackers had penetrated several DNC assets and were in possession of the opposition research on Donald Trump ( Interesting, and I think it was here that people began to believe that Russia had perhaps given information (found on the same servers) that Assange claims could lead to the indictment of Hillary Clinton to WikiLeaks. A new player entered the game at this point, claiming to be a lone hacker “Guccifer 2.0” who claims they were the ones who broke into the DNC server and dropped a few documents as evidence ( It’s been about two days since I’ve read anything further on the case. As noted above in the hype warning, remember that none of the information in the articles above is anything we should call “actual” evidence.

Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand