Friday, January 27, 2017

Comprehensive Guide to Backdoors

When I was learning this, I was disappointed with internet guides for setting up remote access, aka backdoor to a computer so here’s my contribution. Also, it’s important for security and privacy concerned people to understand this because these methods are often used maliciously to gain control over target computer.

In this article, I’m going to cover theory and practice behind binding TCP shells and reverse TCP shells. After that I will briefly touch upon their advanced versions – secure shells (SSH) and reverse secure shells.

Theory

Transmission Control Protocol (TCP) is a way to transfer data from one IP address to another. It’s used to transfer the command to the remote computer as well as the command output back to the command and control computer. In TCP connections, one side has to listen for a connection and the other side has to connect.

There are 2 ways to get a shell on remote machine:

    Remote machine listens for a connection. There has to be a process on the remote machine that waits for a connection and executes a shell once the connection is established.
    Remote machine connects to us. This one goes the other way around – local command and control machine has to listen for a connection and remote machine has to ‘send’ a shell to the listener.

Which one is better? Of course, it depends on the circumstances, otherwise one wouldn’t be mentioned. Each paragraph explains corresponding row in the table below.

At a first glance, option #1 seems superior because we can connect to remote computer anytime, instantly. When using reverse shell, persistent backdoors try to connect to the control computer periodically, so we usually have to wait.

By default, firewall blocks all connections to the machine. To allow connections to the listener process, firewall must open that port. Firewall only works for incoming connection, it has no restrictions on outgoing connections so by choosing option #1 or option #2, you’re also choosing which computer’s firewall you need to configure. This is why hackers prefer reverse shells – it’s easier to configure their than victim’s firewall.

When using TCP connection, each side’s router assigns a unique port to a specific computer in local area network. That’s how the router knows which packet should be sent to what computer in LAN. If we try to connect to our listener on remote machine (option #1) without configuring the router to forward our connection to the exact computer and exact process, the router will refuse connection because it doesn’t know where to send the packet. By choosing option #1 or option #2, you’re also choosing which router needs to be configured to port forward the connection. Obviously, hackers prefer to configure their router, rather than their victim’s.

ValueShuffle – Comprehensive Transaction Privacy For Bitcoin Users

The public ledger is an indispensable part of bitcoin’s blockchain, yet it imposes a serious threat that undermines the privacy of anyone sending or receiving bitcoin. Since the source of coins can be traced and tainted, the value of two bitcoins from 2 different sources might not be the same (as the coin whose source cannot be traced can be worth more than a traceable coin); hence, the fungibility of bitcoin can be questionable. To overcome these threats, many researchers have proposed a number of privacy enhancing solutions to render bitcoin more secure and anonymous. Nevertheless, the majority of the proposed solutions either solve only a small number of bitcoin’s privacy issues, so they would provide limited value if implemented successfully, or require major modification(s) of the blockchain protocol.

Researchers from Saarland University, Germany, proposed a solution to promote privacy of bitcoin’s transactions. The new solution, which they named ValueShuffle, is designed on the basis of CoinJoin, a method for anonymizing bitcoin transactions that was proposed by Gregory Maxwell. ValueShuffle is by far the first coin mixing solution to conceal the amount of coins involved in transactions, which is a proposal known as “Confidential Transactions” (CT). ValueShuffle is designed to guarantee the anonymity of the participants of a coin mixing round, not only against blockchain observers, but also against possible malicious attackers participating in the coin mixing round.

Via coupling ValueShuffle with Confidential Transactions along with “Stealth Addresses”. the proposed solution promotes what can be described as “comprehensive privacy” (sender’s anonymity, receiver’s anonymity and privacy of the paid amount), without having to do any modification to the current bitcoin protocol. The paper proved that combining the aforementioned three privacy promoting strategies creates synergies that can solve the two major problems that have hindered the implementation of coin mixing practices, mainly that participants need to mix the same amounts of coins, and need to do so before the funds can be actually spent. As such, ValueShuffle can unleash the full potential of coin mixing practices as a solution to enhance bitcoin’s privacy and anonymity.

The Features of ValueShuffle:

ValueShuffle is the first ever coin mixing protocol that utilizes the CT technology. ValueShuffle is considered a developed version of CoinShuffle++, which is considered the most efficient Peer-to-peer bitcoin mixing protocol to date, which relies on the DiceMix paradigm.
ValueShuffle combines bitcoin mixing practices, stealth addresses and CT to promote a comprehensive privacy for bitcoin users (untraceability, sender’s & receiver’s anonymity and amount privacy). The new technology inherits a group of features from CoinJoin, which are essential to practical implementation of ValueShuffle along bitcoin’s network e.g. compatibility with blockchain’s script and pruning.

Combining ValueShuffle, with Stealth Addresses and CT will yield the following features:

A- Comprehensive Privacy:

Neither observers of the blockchain nor participants in the mixing procedure can trace the inputs or outputs of a ValueShuffle’s execution instant. Accordingly, the output transactions cannot be used to identify the sender’s address among the other honest input addresses that participated in the mixing round (receiver’s anonymity). Moreover, Stealth Addresses create one-time addresses to receive payments while preventing tracing funds to already known addresses (sender’s anonymity). CT promotes amount privacy.

B-Single Transaction:

ValueShuffle will send payments to recipients directly without having to go through any premixing procedures that are required by the present peer-to-peer mixing solutions, and without having to interact with the recipients. Accordingly, private anonymous payments can be sent with just one transaction recorded on the blockchain.

C- Dos Resistance:

ValueShuffle is resistant to denial-of-service DoS attacks launched by disruptive users who aim to keep honest users from successfully completing a mixing round. Although disruptive users can delay execution of an instance of ValueShuffle, they can never stop it, as it is based on the DiceMix protocol, so an instance will always terminate throughout a number of communication rounds equaling 4 + 2f where f represents the number of disruptive users. So, an undisrupted instance of ValueShuffle will be successfully completed within 4 communication rounds.

D- No Anonymous Channel Required:

To prevent linkage of the inputs and outputs of a CoinJoin transaction, ValueShuffle doesn’t utilize any external anonymous channels such as the Tor network. Nevertheless, to prevent an observer from linking inputs of a given CoinJoin transaction with network identifiers, such as IP addresses, it is highly recommended to use external means for anonymous communications such as proxy servers, or VPN.

Designing Trust – Weighing The Utility of Smart Contracts Against The Risk of Decentralization

By the year 2025, around 10% of the world’s gross domestic product (GDP) will be stored on blockchains, according to a report that was published by The World Economic Forum in August, 2016. Smart contracts are forms of electronic contracts that are coded and executed on a blockchain, and can disrupt global finance by omitting the need for intermediary third parties. Use cases of smart contracts in the financial sector include the following:

    Overseas payments to reduce transactions’ fees, capture obligations and minimize operational human errors.
    Real estate business and insurance casualty claims to eliminate the need for third parties.
    Syndicate loans to aid in real time loan funding and automate servicing operations without the need for intermediaries.
    Lending and deposits in trade finance to automate the process of creation and management of various forms of credit facilities which would ultimately eliminate the need for retail banking services.
    Capital raising via contingent convertible bonds to forewarn regulators whenever absorption of a loan needs to be activated and reduce the demand for point-in-time stress testing.
    Compliance within the context of investment management to formulate reporting and aid in automation of periodic filings.
    Proxy voting within the context of investment management to automate the process of end-to-end confirmation via votes’ validation and maximize transparency.
    Re-hypothecation of assets in market provisioning to promote real-time asset history reporting and reinforce regulatory constraints via facilitation of settlement and clearance to omit the need for intermediary third parties and minimize settlement time.
    Equity post-trade throughout market provisioning to transfer cash and equity simultaneously in real-time and reduce the possibility of occurrence of errors that can affect settlement.

The policy connotations of decentralization and the blockchain technology require economists and attorneys to understand the mechanics of this technological shift and the risks that emerge from tangible factors ( e.g. utilization of consensus as a security measure) and intangible factors ( e.g. script errors and occasional incompleteness of some smart contracts). A recently published paper examined the trust design of smart contracts, while balancing the utility of smart contracts against the risk of decentralization. Percy Venegas, the author of the paper, proposed a method for decision making that measures utility by means of “levels of trust” via utilization of artifacts from the financing sector and applying them to a portfolio that is comprised of smart contract cooperations.

Expected utility was estimated via mapping of a demand vector field, i.e. the attention level, and funding through creation of a scalar field, i.e. the investment level; the associated risk exposure is implied in the consensus mechanism tradeoffs, with regards to the progression of firms represented in the system of coordinates. This aims at creating a device for construction and analysis of a given portfolio. The data utilized in this study represents 200 million web users as well as a number of investment databases. The results of the paper represents a scalable and comprehensive view of decentralized portfolios that are inspired by the methodologies of behavioral finance.

Results of The Study:

The author of the paper concluded that utilizing a field’s approach when constructing portfolios, has revealed essential demand signals that are dependent on levels of trust. Trust flourishes with increased visibility and trust is resolved whenever funding sources are realized. Nonetheless, the nature of some of this attention can occasionally be detrimental, as is the case of negative brand associations. Digital businesses represent part of the economy of attention, and in the case of smart contracts, one should pay attention that they also operate within the context of the economy of attention as well.

The market share of digital businesses and the ability to acquire new investors/adopters quickly, and retain current users, are pivotal to promote the survival of most platforms that rely on the smart contract technology. Accordingly, enterprise users are required to collect competitive intelligence and take their due diligence to perfection before commencing in a pilot. How can one know all this, if the tangible value and associated risks are not ideally visible? It is worth mentioning that the initial step in the process of meta automation is rendering these signals tangible so that machines would efficiently manage machines, which is the main goal of the smart contract technology. Within this context, this paper can be useful to both blockchain developers and fund managers.

The Firearm Vendor Involved in the Munich Shooting Now Stands Trial in the Bavarian State Capital

In 2016, the events that followed the Munich shooting spiraled in several different directions. As soon as authorities announced that the 9mm Glock 17 and ammunition came from a darknet vendor, Germany’s darknet scene changed dramatically. Arrests started picking up. Police raided both suppliers and buyers on a constant basis. Then news spread regarding the 31-year-old darknet firearm vendor—the one who sold the Glock to David Ali Sonboly. He began fully cooperating with police and contributed to many of the recent arrests.

Not but a few short weeks after that news broke, the darknet vendor made the news again. The headlines, this time, changed perspectives completely. Previously, The Federal Public Prosecutor’s Office of Frankfurt all but congratulated the vendor for his contribution to law enforcement’s newfound ability to make DNM arrests. He gave the authorities access to his PGP keys in part of an anti-weapons operation. Consequently, those keys unlocked messages that incriminated him to a new extent.

“The arrest warrant was initially issued only because of the violation of the arms laws. The further investigation of the secured communication from the supposed arms dealer on the Darknet – the secret area of the Internet – however, showed indications of negligence. There was no evidence that the 31-year-old Marburger knew what the amok gunman had in mind.”

The Federal Public Prosecutor’s Office of Frankfurt re-opened the case against the vendor after finding previously hidden messages—messages between David Ali Sonboly and the seller, Philipp K. The current arrest warrant for the vendor applied only to his violation of weapon laws in Germany. While the gun laws in Germany are notoriously strict, the messages revealed the vendor potentially violated the law to a much greater degree than initially believed.

The vendor then faced new charges pertaining to the nine deaths in Munich. Nine counts of negligent homicide and four counts of negligent bodily injury. Even though the investigation “restarted,” investigators believed the newly-uncovered messages showed a new side of the vendor. The messages proved that Philipp K. knew exactly what David Ali Sonboly planned to do. The 31-year-old returned to a jail cell, awaiting a new hearing in Frankfurt.

However, a new trial in Frankfurt never took place. Instead, as of early January, The Federal Public Prosecutor’s Office of Frankfurt handed the case over to the Bavarian State Capital. The investigation will proceed from there, along with the remainder of the court appearances.

Man Arrested for Ordering 500g Amphetamines from the Darknet

The Customs Office of Essen opened an investigation into a 31-year-old after intercepting a suspicious package. Essen Customs became a commonplace on the news after another recent bust—and an even bigger one that involved illegal firearms. In it, a similar event took place. And, as with the interception of the 31-year-old’s suspicious package, authorities failed to provide the public with the vital details.

However, in this case, the investigation took far less time finalize. The Customs Office of Essen opened a package that contained 500 grams of mixed amphetamines. In no time, the criminal police from the recipient’s address received a notice from the Essen Customs Office regarding the package and addressee. The original package shipper sent the package to a residence in Norderstedt, a city in the Hamburg Metropolitan Region of Germany.

After a brief investigation, officers determined that the purchaser used an invalid address to order the amphetamines. A 31-year-old from Elmshorn, a town in the Pinneberg in Schleswig-Holstein district, proved to be the police’s number one suspect. Through the District Court of Kiel and public prosecutor, the Criminal Police of Elmshorn (Kriminalpolizei Elmshorn) received an oral search warrant for the suspect’s address—an apartment in the town.

On December 30, investigators from the Criminal Police of Elmshorn as well as a special narcotics squad from the same district, raided the suspect’s apartment. The Narcotics Taskforce (Rauschgift) of the Criminal Police of Elmshorn, during the raid, found enough drugs to consider the 31-year-old a drug dealer. The investigation broadened in spectrum and no longer focused solely on the importation of 500 grams of amphetamine. This situation, in and of itself is not surprising. Germany sees amphetamine-related darknet vendors arrested on a near-daily basis.

According to police reports, the task force found and counted 280 grams of marijuana; 30 grams of hashish; an unannounced amount of ecstasy; “small amounts” of MDMA, presumably contained in a different medium than the ecstasy; and another unquantified amount of amphetamine. The amphetamine and ecstasy, according to some reports, amounted to only a small percentage of the drugs found—nothing akin to the 500 grams that sparked the investigation.

Following Criminal Police’s search of the apartment, the officers placed him in custody for the possession of drugs and conspiracy to distribute said drugs. Once in custody, the 31-year-old suspect’s actions allowed this case to move much quicker than the previous weapons case in the same district. He confessed to both buying the intercepted amphetamines from the darknet. He additionally admitted to buying the drugs found at his apartment from the darknet as well. Moreover, in a further incriminating statement, he told investigators that he bought the drugs to sell on the streets.

“In the ensuing interrogation, the accused showed up and confessed. He explained the process by which he placed extensive orders for narcotics on the so-called Darknet. He revealed that he ordered the drugs to sell offline,” said police spokeswoman Peggy Bandelin. Despite referring to the findings and situation as “not small,” the Criminal Police of Elmshorn released the 31-year-old, for now. They began an investigation into the darknet vendor, or source, behind everything.