give me your data!
TRANSCRIPT
![Page 1: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/1.jpg)
Give Me Your Data!
Pilfering Data without Breaking In
Dave ChronisterCISSP, MCSE, C|HFIFounder / Managing Technical PartnerParameter Security
![Page 2: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/2.jpg)
About Me
• Security Practitioner
• Ethical Hacker
• Forensic Investigator• (MO PI Lic#2012039253)
• Instructor
• Founder Parameter Security
• We Find, Not Fix Issues
![Page 3: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/3.jpg)
![Page 4: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/4.jpg)
Data is not Secured
![Page 5: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/5.jpg)
Could I Obtain Sensitive Data?
Without Breaching Any Access Controls?
![Page 6: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/6.jpg)
Determine Sources of Data
Purchase Old Hardware
Social Media Sites
FTP Sites
![Page 7: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/7.jpg)
WARNING
This is a demonstration, not an instruction manual for criminal behavior.
Obfuscation of sensitive data was done by me.
When possible, the data owner was notified of insecure information.
The identity of the owners have been hidden to protect the Security Impaired.
![Page 8: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/8.jpg)
Old Hardware
1. Create Forensic Image
2. Data Carve Files
3. Profit??
![Page 9: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/9.jpg)
Old Hardware
EBay – 2 IPhone / 9 Hard Drives
Targeted Individuals Selling Equipment(IT Employees Offloading Equipment)
2 Rounds of Purchases
2nd Round Included Hardware Resellers
Total Cost - $50 IPhone, $120 Hard Drives
![Page 10: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/10.jpg)
Results:
IPhones Forensically Clean
Drives Re-Partitioned w/ Artifacts
5 – “Floor Models” (Only OS)
Hard Drives Zero’d Out
University of ######## Drive Term Papers, Porn, and Mal-ware
Office Equipment Service company in PAService Logs, Time Off Request
2
1
7
![Page 11: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/11.jpg)
Drive 9
![Page 12: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/12.jpg)
Drive 9
![Page 13: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/13.jpg)
Drive 9
![Page 14: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/14.jpg)
Drive 9
![Page 15: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/15.jpg)
Drive 9Purchased from Re-Seller
![Page 16: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/16.jpg)
Drive 9
![Page 17: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/17.jpg)
Drive 9
![Page 18: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/18.jpg)
Drive 9
• Purchased from Re-Seller
• Drive was not Formatted
• Partitions were not Deleted
• Drive belonged to Re-Seller Owner
Conclusion – Promising but could be Expensive
How do you handle EoL Media??
![Page 19: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/19.jpg)
Photo Sharing Sites
Photobucket
Recent Uploads
![Page 20: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/20.jpg)
Photo Sharing SitesRecent Uploads – Open Buckets
App allows phones to upload pics automatically
![Page 21: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/21.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 22: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/22.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 23: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/23.jpg)
Photo Sharing Sites
Before you start browsing…warning
![Page 24: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/24.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 25: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/25.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 26: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/26.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 27: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/27.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 28: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/28.jpg)
Photo Sharing Sites
Before you ask, yes I found that
![Page 29: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/29.jpg)
Photo Sharing Sites
But I Also Found…
![Page 30: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/30.jpg)
Photo Sharing Sites
Credit Cards
![Page 31: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/31.jpg)
Photo Sharing Sites
Address Information
![Page 32: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/32.jpg)
Photo Sharing Sites
International Cards
![Page 33: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/33.jpg)
Photo Sharing Sites
International Cards
![Page 34: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/34.jpg)
Photo Sharing Sites
Vendor’s Notes
![Page 35: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/35.jpg)
Photo Sharing Sites
Checks
![Page 36: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/36.jpg)
Photo Sharing Sites
Lots of Checks
![Page 37: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/37.jpg)
Photo Sharing Sites
Identity
![Page 38: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/38.jpg)
Photo Sharing Sites
Identity
![Page 39: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/39.jpg)
Photo Sharing SitesFamily Relationships
![Page 40: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/40.jpg)
Photo Sharing Sites
With Their Info
![Page 41: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/41.jpg)
Photo Sharing Sites
My Favorite
![Page 42: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/42.jpg)
Photo Sharing SitesTarget #1
![Page 43: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/43.jpg)
Photo Sharing SitesTarget #1
![Page 44: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/44.jpg)
Photo Sharing SitesTarget #2
![Page 45: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/45.jpg)
Photo Sharing SitesTarget #2
![Page 46: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/46.jpg)
Results:
Credit Card Numbers
Login Information
Social Security Numbers
Also, Personal Info and Business Trade Secrets
Conclusion – Very Easy, No Cost, No way to Automate…. Yet….
10
15
30
Total Time Spent – Approx. 8 hours
How could you control “pix leakage?”
![Page 47: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/47.jpg)
FTP Sites
Used Metasploit Framework – FTP Anon Scanner
Could also use Nmap
![Page 48: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/48.jpg)
FTP Servers
Typical Finding
![Page 49: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/49.jpg)
FTP ServersTypical Finding
![Page 50: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/50.jpg)
FTP ServersStarted Getting Good
![Page 51: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/51.jpg)
FTP ServersWTF?!?
![Page 52: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/52.jpg)
FTP ServersTrends Forming
Anonymous READ (220 Welcome to ASUS RT-AC66U FTP Service.)
Default config creates external FTP Site
![Page 53: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/53.jpg)
FTP ServersTrends Forming
![Page 54: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/54.jpg)
FTP ServersWhat Did We Find?
• Financial Information
• Unencrypted Backups
• Medical Records (PHI)
• Intellectual Property
• Passwords Galore (Include System Passwords to Global
Companies)
• Voter Information/ Political Parties Info
In a Nutshell - Everything!
![Page 55: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/55.jpg)
FTP ServersASUS Is Not Alone
• At least 3 more vendors have same issue
• Currently contacting vendors
• Will release when patched or after 3 months
![Page 56: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/56.jpg)
FTP ServersAnything Else Interesting?
READ/Write Access
PCI / Safe Harbor Violations
![Page 57: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/57.jpg)
FTP Servers
Results:
• IPs Scanned – ½ Class A
• Anonymous FTP Servers – 3000+
• “Legitimate” Servers - >100
Conclusion – THE Path of Least Resistance
![Page 58: Give Me Your Data!](https://reader035.vdocuments.site/reader035/viewer/2022062703/5551a74eb4c905013a8b54a0/html5/thumbnails/58.jpg)
Questions?
www.ShowMeCon.com
Dave<dot>Chronister<at>ParameterSecurity<dot>com
@Bagomojo