HAM SHACK FU!

Protecting Your Ham Shack’s Computing Resources

Chris Miltenberger W5CMM May 25, 2017 IDENTIFYING THE RISKS

• Self-inflicted harm • Support scams • Security Breaches • Wireless networks • Data Leaks • Internet of Things (IoT) • Phishing • Hardware failure • • Weather and Infrastructure SELF-INFLICTED HARM

• File sharing / Warez • Poor security practices • Poor equipment maintenance • Lack of situational awareness SECURITY BREACHES

• Yahoo • Target • Home Depot • TJ Maxx DATA LEAKS

•Chelsea Manning •Edward Snowden •Wikileaks •Shadow Brokers PHISHING

Email that appears to come from an acquaintance, coworker, customer, delivery company, etc. but actually comes from an impersonator. • Your mailbox is full. • You need to verify your account. • You have a package waiting from UPS, FedEx, DHL, etc. • Please authorize a financial transaction. MALWARE

• Viruses – Must be executed by the user. • Worms – Can spread without any user intervention. • Trojans – Provide attacker with remote control of your system. • Bots – Use your computer for DDoS attacks (distributed denial of service) attacks. • Scareware – Threatens the user with a phony notification from FBI, DHS, etc. • Ransomware – Encrypts your data and holds it for ransom. WANNACRY?

• Launched 5/12/2017 • Spreads through Server Messenger Block version 1 (SMB v1) using the ETERNALBLUE exploit. • Installs the DOUBLEPULSAR remote access Trojan and Tor to facilitate communications with the ransomware author. WANNACRY?

• Attempts to infect all connected drives, mapped network shares, and remote desktop sessions. • This is a worm so it can spread by itself to vulnerable computers across your network. WANNACRY?

• ETERNALBLUE and DOUBLEPULSAR were part of the Shadow Brokers release of the NSA Equations Group hacking tools earlier this year. • MS17-010 released in March. • , 7, 8.1, and 10 systems without MS17-010 are vulnerable. WANNACRY?

released a patch for older unsupported systems (XP, 8, Server 2003) the afternoon of 5/12/2017. • is mostly invulnerable due to forced updates. • Keep your computers behind a router that blocks SMB v1. • Uninstall SMBv1. WANNACRY?

• Originally thought to be the work of a nation-state, but now thought to be the work of the Lazarus Group. • The same group is responsible for the 2014 Sony Pictures hack and the 2016 siphoning of $81M from Central Bangladesh Bank. SUPPORT SCAMS

• Typically a call from Microsoft or some other respected company. • Typical social engineering claims are “you are infected” or “your neighbors are using your internet connection”. • Attacker tries to social engineer access to victim’s computer • Convinces victim to download and install a remote access tool to gain and retain access to your computer. • Shows victim large list of network connections or errors in event logs. • Offers to fix the problems, install a product, etc., often as a monthly service. WIRELESS NETWORKS

• Insecure home wireless network. • Using an public, insecure, untrusted, or open wireless network. • Not updating or patching wireless drivers with known vulnerabilities. INTERNET OF THINGS

• Smart TVs Samsung and Visio have both had issues with insecure or out-of-date applications, or with spying on customers. • Smart Appliances PornHub was found running on a smart refrigerator in Home Depot. HARDWARE FAILURE

• Hardware can fail at any time. • Power surges can destroy multiple computer components. • Failing power supplies can cause other components to fail. • Hard drives crash. Data recovery is sometimes possible, but requires an expert. Recovery of SSDs (solid state drives) are much more difficult, if not impossible. • Data recovery services are expensive ($300 and up). WEATHER

• Hurricanes – We live in Louisiana…no big surprise here. • Tornados – More in recent memory. • Floods – Again…we live in Louisiana. • Lightning – A major threat to amateur radio equipment. INFRASTRUCTURE

• Aging power distribution infrastructure can cause voltage spikes and outages. • Older homes have poor/substandard wiring. • Squirrels and other varmints can destroy wires. WHAT CAN WE DO?

• Improve our security awareness. • Improve our security posture. • Improve our security practices. • Prepare and follow a plan. SECURE YOUR WIRELESS NETWORK

FACT: Wireless networks can be breached. Understand and accept this, but do everything you can to make it as difficult as possible for attackers. • Upgrade your router’s firmware or replace it with a new router. • Disable WPS (Wi-Fi Protected Setup). An attacker can exploit WPS to get on your wireless network in a matter of minutes. • Don't bother hiding your SSID or using MAC address filtering. An attacker can sniff the wireless traffic to find the SSID and the MAC addresses of authorized clients as they reauthenticate, and then clone the MAC address to gain access. SECURE YOUR WIRELESS NETWORK

• Use WPA2-PSK with AES encryption. If you use anything weaker, like WEP or WPA1-PSK with TKIP, your wireless network is much easier to breach. • Use a long and complex passphrase. Include upper and lower case letters, numbers, and special characters. Shorter passphrases can be attacked quickly with rainbow tables (tables of precomputed hashes). • Change the default SSID and passphrase. There are rainbow tables for default SSID/passphrase combinations. SECURE YOUR WIRELESS NETWORK

• Most newer wireless routers have guest networks separate from the main network. Make use of that feature especially if you have kids/grandkids! • Some wireless routers have personal VLANs (where wireless clients can't talk to each other). This is sometimes called wireless client isolation. Leveraging this feature can prevent malware from spreading. • Remember…if you give someone the passphrase to your main wireless network they have access until you change the passphrase. If you type it in for them the passphrase can be easily recovered. PUBLIC WI-FI

• Avoid using public Wi-Fi. • Some public hotspots are unencrypted and can be sniffed for usernames and passwords. • Rogue access points that broadcast a “trusted” SSID use man-in- the-middle attacks to steal your credentials. • Use the cellular data or a personal hotspot on your device. • If you must use public Wi-Fi consider using a trusted VPN. USE DEDICATED COMPUTERS IN YOUR SHACK.

• Restrict your shack computer to rig control, logging, QRZ lookups, connections to clusters, etc. • Avoid casual web surfing, emails, videos, etc. • Use Linux or MacOS – less prone to infections than Windows. • Advanced – Put your shack systems on an isolated VLAN. PATCH YOUR OPERATING SYSTEM

• Use a supported operating system. • Fully patched versions of , 8, and 10, and Server 2008 R2, 2012, 2012 R2, and 2016 are supported. • Earlier versions of Windows are not supported and usually do not get security patches. The WannaCry patch released 5/12/2017 was an exception. • Most machines that came with Windows XP can run Windows 7 or Linux. • Patch Tuesday – 2nd (and possibly the 4th) Tuesday each month. • Allow the operating system to automatically check for and install patches. PATCH YOUR APPLICATIONS

• Go for the low hanging fruit first. Java, Flash, and Acrobat are the most often exploited attack vectors by malware/ransomware. • Java will notify you when there's an update available. Unless there's an extremely good reason for not updating Java (some programs need a specific version of Java to run) you should update it ASAP. If you don’t need Java then uninstall it. • Flash will ask about installing new updates after a reboot. Install the update ASAP. If you don’t need Flash uninstall it (or disable the plug-in in Chrome). • Acrobat can check for updates (under Help > Check for Updates…). Consider using a different PDF reader like Foxit Reader or CutePDF. PATCH YOUR APPLICATIONS

• Uninstall software you don't need or use with an uninstall tool like Revo Uninstaller. It uninstalls the software and removes all remaining files and registry entries. • Use an application like Personal Software Inspector to check for, and apply, application updates. • Allow trusted applications to automatically update themselves. • Use a utility like Snappy Driver Installer to update your drivers. USE A GOOD ANTIMALWARE UTILITY (OR TWO)

• Primary - Malwarebytes (free/paid), (free), Avira (free/paid), BitDefender (free/paid), Avast (free/paid), ESET (paid), Norton (paid), ZoneAlarm (free/paid), etc. • Secondary – RansomFree, CryptoPrevent, SUPERAntiSpyware, SpyBot Anti Beacon, etc. DON'T RUN AS AN ADMINISTRATOR (OR ROOT)

• Using a regular user account will block over 90% of all current Windows vulnerabilities. • Create unprivileged guest accounts for anyone* that uses your computer.

*Your kids or grandkids will infect your system! FILE SHARING

• Are you sure what you're up/downloading isn't copyrighted, illegal, or contains child pornography or malware? • File sharing uses a large amount of data. • Sharing copyrighted material can result in your ISP terminating your Internet account and leave you open to legal action by the copyright holder. • Sharing child pornography will send you to prison. WAREZ

• Almost 100% of hacked or cracked software contain malware. • Almost 100% of keygens (registration key generators) contain malware. • If the program is worth stealing it's probably worth buying. • Most commercial (for pay) amateur radio programs have equivalent low cost, free, or open source alternatives. EMAIL

• Don't open attachments unless you are certain they are safe. • Download all attachments and scan with an up-to-date malware scanner (or upload to VirusTotal for analysis). • What about emails from mom/dad/friend/UPS/FedEx/USPS? • Are you 100% sure about the identity of the sender? • Are you 100% sure they aren't infected themselves? • Configure Windows to display all file extensions. AVOID USING

Online office suites are resistant (so Use a non-Microsoft office suite far) to malware in office documents. • LibreOffice • Microsoft Office Online • OpenOffice (https://www.office.com/) – Free to Apple individuals! • • Pages • Google – Free to individuals! • Numbers • Docs (https://docs.google.com) • Keynote • Sheets (https://sheets.google.com) • Slides (https://slides.google.com) SECURE YOUR BROWSER

• Dump that insecure or out-of-date browser. • Upgrade to the latest version of Firefox or Chrome. • Stop using Internet Explorer!!! • Use browser extensions to enhance your online security and privacy. • Using AdBlock, Privacy Badger, Ghostery, and NoScript is a good start. • Avoid questionable websites. ENABLE MULTI-FACTOR AUTHENTICATION (MFA)

• A second factor will protect you even if your password is compromised. • Many online services offer MFA. • Soft tokens and authenticator apps are easy to install and use. • The use of SMS messaging as a second factor was recently deprecated by NIST (and was recently exploited). USE A PASSWORD MANAGEMENT TOOL

• LastPass, KeePass, RoboForm, etc. • Prevents password reuse. • Remember a single master password. • Some support MFA (multi-factor, or two-factor authentication). BACKUP YOUR DATA

•Image Backups - Can be restored to new media to revive a failed hard drive or recover from a disaster or ransomware incident. •File Backups - Individual files or folders can be restored to recover from a malware incident or accidental deletion. LOCAL BACKUPS

• Local backups are stored on USB device, CD/DVD/Blu-ray, Tape, Network Share, etc. • Encrypt your backups. They probably contain passwords, protected data (SSNs, credit card numbers), registration keys, etc. that you don't want leaked. • Backups on connected devices (anything with a drive letter) can be rendered useless by ransomware. Always detach the backup device from your computer after completing your backups and store it in a secure location. • Consider making multiple backups and storing them at different locations. CLOUD BACKUPS

• Cloud backup providers- Carbonite, Crash Plan, BackBlaze, etc. • Cloud backups are generally more resistant to ransomware. • Some cloud backup vendors keep multiple generations or versions of files to allow users to restore from a specific point in time. • Some vendors have restore options for disasters or critical situations. They will overnight your backups on an encrypted drive for quicker restoration. PROTECT YOUR EQUIPMENT

• Always use a surge suppressor or UPS. • Insure your cables aren’t frayed or pinched, and are fully inserted. • Periodically vacuum the interior of your computer case, or carefully use a leaf blower (do it outside, and avoid blowing directly on fans…they aren’t built to handle 120 mph gusts). • Use ferrite clip-ons to reduce RF interference. SANITIZE YOUR HARD DRIVES

• Use a secure wipe utility before you sell, dispose of, or gift an old computer or hard drive. • .223, .308, .357, .44, .45, and .50 diameter holes are also extremely effective. DON’T FALL FOR SUPPORT SCAMS

• Microsoft will never call you • Event log errors and multiple (unless you pay for a network connections are support incident). normal and expected. • Giving a stranger access to • Microsoft has no way to your computer is placing your know your computer is life in their hands. JUST infected (but your ISP DON’T DO IT!!! might). ONLINE RESOURCES

• Securing The Human – Ouch! - https://securingthehuman.sans.org/resources/newsletters/ouch/2016 • ASD Strategies to Mitigate Cyber Security Incidents - https://www.asd.gov.au/infosec/mitigationstrategies.htm • ASD Top 4 - https://www.asd.gov.au/infosec/top-mitigations/top-4- strategies-explained.htm • BBB Scam Tracker - https://www.bbb.org/scamtracker/us ONLINE RESOURCES

• Free phishing training - https://phishme.com/resources/cbfree- computer-based-training • Uninstall SMBv1 - https://support.microsoft.com/en- us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and- smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows- server-2008-r2,-windows-8,-and-windows-server-2012 ONLINE RESOURCES

• Protect your computer from Ransomware • http://www.computerworld.com/article/3187889/security/how-to- rescue-your-pc-from-ransomware.html • https://www.bleepingcomputer.com/news/security/how-to-protect- and-harden-a-computer-against-ransomware/ • https://krebsonsecurity.com/2016/12/before-you-pay-that- ransomware-demand/ ONLINE RESOURCES

• Ransomware in action - https://youtu.be/Z-htleMYq5E?t=50 • ETERNALBLUE in 2 - https://t.co/I9aUF530fU • Ransomware Prevention- https://www.helpnetsecurity.com/2017/05/15/prevent-ransomware- guide/ • Ransomware Simulator Tool - https://info.knowbe4.com/ransomware- simulator-tool-1chn • VirusTotal - https://www.virustotal.com/ ONLINE RESOURCES

• Personal Software Inspector - https://www.flexerasoftware.com/enterprise/products/software- vulnerability-management/personal-software-inspector/ • Snappy Driver Installer - https://sdi-tool.org/ • RansomFree - https://ransomfree.cybereason.com/ • CryptoPrevent -https://www.foolishit.com/cryptoprevent-malware- prevention/ ONLINE RESOURCES

• Removing Admin Rights • https://www.helpnetsecurity.com/2017/02/23/removing-admin- rights/ • http://www.cso.com.au/article/604516/block-100-ransomware-by- managing-admin-rights-applications-researchers/ • Password management applications - http://www.pcmag.com/article2/0,2817,2407168,00.asp • Enable MFA on your online applications - http://www.pcmag.com/article2/0,2817,2456400,00.asp ONLINE RESOURCES

• Cloud backup providers - http://www.pcmag.com/article2/0,2817,2288745,00.asp • Support scams - https://www.onthewire.io/inside-the-tech-support- scam-ecosystem/ • Highlights of the Verizon 2017 Data Breach Investigations Report- http://ridethelightning.senseient.com/2017/05/highlights-verizon-2017- data-breach-investigations-report.html