Products
Personal Monitor
Record PC users's actions, grab screenshots and passwords
Keylogger
Keystrokes recording software. Keylogger free trial
Hoverwatch
Cell phone and computer spy
Employee Monitor
Access and control the time spent by your workers
Terminal Monitor
Track employee activities on Terminal Server
Free Keylogger
Free keyboard logger keeps track of all typed text

GPRS: channel hacked

10 November 2011

Karsten Nohl, a German network security and cryptography expert, announced the discovery of a relatively simple technique of intercepting and decrypting data transmitted over the GPRS protocol.
His team also discovered that many mobile carriers use a low-security variant of GPRS, while some of them disable GPRS traffic encryption altogether.
There can be two reasons behind such ignorant attitude of mobile carriers to the security of their clients’ data:

  • An attempt to save on equipment required for proper data protection.
  • Deliberate disablement of data encryption for retaining access to clients’ data.

Karsten Nohl claims that his discovery is far from being theoretical: his team was able to capture and decrypt data in T-Mobile, O2 Germany, Vodafone and E-Plus networks. What made matters worse was that they did not have to use cumbersome equipment (they used a reflashed Motorola C-123 phone) or expensive software (they only used publicly available freeware). Even in this case, they managed to capture data in the radius of 5 km.
The details of this technique have not been published yet to avoid damage to the clients of cell phone companies. The research group believes that it’s high time that mobile operators did their homework and configured their GPRS gateways and checked all cryptographic systems, as the methodology they followed will be made public shortly.
However, Russian operators were quick to react: according to “The Big Three” (Beeline, Megafon, MTS), they don’t see how this could jeopardize their clients’ security and suggest using better-protected technologies, such as 3G.

Most secret company data is not protected

5 April 2011

Companies working in the internet security business have been conducting annual research for several years on data protection in organisations. Their reports show that fro 2008 to 2011 the situation has changed significantly. Theft and leaks of secret information have massively increased.

At the same time hackers are attacking corporate web sites more often, successfully stealing company secrets. There are specific reasons for this.

1. Data is saved on devices difficult to make secure.

With the development of mobile technologies and wireless communication systems employees of large companies are becoming more interested in accessing their work information using mobile devices (telephones, smartphones, tablet computers, laptops). It is extremely difficult to protect such devices from even simple theft, even though they often contain important corporate information.

2. Workplace remote access systems.

These are becoming more popular, and they are much simpler to break into than internal closed corporate networks.

3. Use of cloud services for storing information.

Corporate cloud systems often lack the necessary security and there is a high risk of losing information stored there. In addition such systems are often located outside the reach of company specialists (hosting in other countries), which makes it harder to organise the appropriate security measures.

4. High demand for corporate data.

The significantly increased demand and high cost of such services encourages hackers to attack company networks. Hackers can easily sell stolen marketing statistical data or development codes for new software at a high price.

5. Incorrect response to discovered vulnerabilities.

In many cases companies do not even realise that information has been stolen. Moreover, only half of companies who discover information leaks try to restore and improve their security system. Only 30% turn to network security consultants and experts.

Experts recommend, as a precautionary measure, that companies strictly control the staff members who have access to secret information.

It is necessary that mobile devices are carefully controlled with, at the very least, password protection.

Information on internal computer systems (and also the stored information) should not be given to people who have no relation to the company’s security services.

20% of all Internet users are afraid that their browsing history will be made public

29 March 2011

This conclusion was made by Microsoft after an extensive international research that analyzed the behavior of users online and their perception of online security. Users from over 20 countries, including Russia, took part in the research.

According to this study, only 36% of Russian users fully recognize the importance of keeping their browsing history confidential, but over 63% are confident that the Internet must be safe.

The results are slightly different on the global scale, but the figures as still in the same brackets. Users called page loading times, user-friendliness of browsers and privacy the next most important aspects of comfortable Internet surfing after security and protection from viruses.

Around 60% of all users would not want anyone else to have access to their browsing history, and 20% are afraid of this actually taking place.

The sites that users would not want seen in their browsing history are mostly online banking sites and porn sites.

Research: IT security of organizations

5 March 2011

McAfee, Inc. has published research on how aware companies are of risks associated with computer security. This report shows that almost half of the organisations do not have a reliable defence against such risks, or do not know anything about them at all. Only 20% of companies have confidence in their IT security provisions.

Research: IT security of organizations

Despite the fact that a large number of programs have appeared this year which analyze IT security of corporate networks and check compliance management, they have not been very popular. Corporate users prefer integrated solutions to narrowly specialised products.

Due to changes in legislation the need for security policy compliance is an issue for 75% of companies, while 10% have already received fines. Databases containing personal information have caused the greatest problems, so they have received the greatest attention.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management. As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls,”

said Stuart McClure, senior McAfee vice president.

USA: Hackers Getting Better

21 February 2011

According to researches, the number of users affected by cybercrimes in 2010 dwindled by nearly 30% and reached 8 million, which is 3 million fewer than in 2009.

However, despite the decline in the number of victims, the actual damage was much more substantial. This happened due to the fact that attackers used much more intricate and modern techniques with a purpose of inflicting maximum damage and making as much profit as possible on every intrusion.

Old methods, like theft of credit card details and one-time cashing of the stolen money, are rarely used these days, since they are easy to track down. Attackers are using increasingly complex and hard-to-detect schemes. For instance, a fraudster can steal your personal data, open a new bank account, take a bank loan or get a new credit card to cover his tracks…

The calculated value of an average damage per user explains the research results: it grew by 63% to $630 in the period of 2009 to 2010.

According to a research by Javelin Strategy, the growth of retail sales entails a decline in cybercrime rate. The experts who discovered this correlation believe that the rather bad results for 2010 are directly related to the consequences of the global economic crisis.

Information security in Russian companies

16 February 2011

The recruiting company HeadHunter carried out research in 2010 where they questioned 1600 employees of Russian companies on information security.

The research showed that the management of most companies worry about this issue: 75% of companies have strict rules on working with internal information and the larger the staff the stricter these rules are.

  • The management of more than 30% of companies had experienced information leaks.
  • More than 30% of those employees questioned know that their personal correspondence and blogs are monitored.
  • 68% of those questioned admitted signing agreements on information disclosure on joining their company.
  • 52% are aware that special software tracks their computers and 24% that memory sticks are banned.

Despite this, 51% of those questioned believed that they could tell one of their friends or relatives office secrets, while 30% have already done so. Among those questioned were also people who had passed on secret information to competitors.

According to the data from this research, the presence of a company security service makes almost no difference.

The analytics company InfoWatch, which has gathered statistics on information leaks since 2004, estimates the loss due to leaks in 2010 at $200 million. Their statistics show that the internet was the third major source of information leaks after mail and various mobile, data storage and paper media.

It is also interesting that, according to InfoWatch data, that the most popular method, blocking staff access to social networks, does not in any way correlate to the probability of information leaks.

Children spend more time each week in front of PC’s than with their textbooks

11 February 2011

ChildWise, a British research agency, has published a report based on surveys completed by two thousand kids aged 5-16 from 92 different schools.

The report clearly states that various Internet-enabled devices are gradually becoming a sort of “virtual nanny” and Internet is becoming the children’s playground.

The Internet is steadily replacing television that has been playing this role for years.

The following figures from the report appear to be quite interesting:

  • School-aged children spend less time every week on doing their homework than on using their computers.
  • Around 97% of schoolchildren aged 11-16 have a personal cell phone (89% for adults and 30% for 8-year-olds).
  • Most of them use their phones for going online.
  • Around 60% of children aged 11-16 have a computer and a TV set and 50% of them have permanent Internet access.
  • These kids spend their free time in social and torrent networks and on video portals.
  • Over 30% of kids aged 7-10 use social networks, although it’s only legal for children aged 13 and above.
  • 30% of the respondents have a personal blog and 62% have a profile in a social network.
  • Children with Internet access spend an average of 1.7 hours online every day, slightly more on watching TV and just as much time on playing computer games.

Doctor Emma Bond, a child development expert, believes that it’s high time for many parents to re-evaluate the situation, restrict access to television and websites and start educating their children on their own. She also added that “school-aged children also use cell phones for sexual development by using them as a means of establishing intimate contacts with each other”, which is an important element of the personality formation process.

 

New online service from Refog. Track any device online. Just install the track android phone. And Information from your phones and computers will reflect in your online Hoverwatch account.

Keykeriki: a new device for capturing wireless traffic

4 February 2011

This new device for capturing traffic with a large number of wireless devices (including keyboards, various remote controls, medical equipment and other devices), works based on open source software and is called Keykeriki version 2.

It captures the whole flow of wireless data using Nordic Semiconductor chips. The device was developed by specialists from Dreamlab Technologies and costs only $100.

Keykeriki is not only a device sniffer. Unlike the first version it not only has a function for capturing packets, but also the ability to inject signals, that is to control remotely the observed devices.

At the CanSecWest conference, company developers demonstrated a fully fledged attack on a system using Keykeriki. The attack began by capturing the signal from a wireless Microsoft keyboard, then its XOR encryption signal was hacked and it was possible to fully control the computer to which it was attached.

Experts believe that such actions would lead to a successful result, and if more secure encryption was used it would only need a little bit more time.

New data capture technology: TEMPEST

20 January 2011

It has been long known that it is possible to steal information from computers in a number of ways, including in ways that are quite simple to use.

A criminal can illegally obtain information by remote access to a computer (and download anything they want), or install on the computer monitoring software or hardware keyloggers, infect the computer with a virus, capture data using a sniffer or simply steal the computer itself.

However, technology does not stand still: information is regularly published on new methods of data capture.

For example, last year technology was successfully tested (margin of error was less than 5%) for recovering text entered by the user on their keyboard from a recording of noise issued by the keyboard. This means that data can be captured by a simple dictaphone, radio bug or directional microphone.

Another leakage channel comes from emanation issued by parts of the computer, including the keyboard (wired, wireless and on laptops). By taking and studying this emanation it is possible to recover all the text entered by the user.

These emanations have been studied for a long time. This is usually called “compomising emanation” or TEMPEST.

Several ways of capturing TEMPEST have been developed and successfully tested (and apparantly used by someone).

The most obvious method is radio capture on a determined frequency. By using special equipment capture distance is 20 metres and can even work through walls. While for capturing data in the same building all that is needed is an FM receiver with manual settings and a computer with a good sound card.

An experiment conducted in the institute Ecole Polytechnique Federale de Lausanne showed that this method has been put into practice, all of the 11 different studied keyboards were vulnerable to TEMPEST capture.

At the Black Hat USA 2009 security conference another capture method was shown using the electricity network. The keyboard cable is unshielded and therefore emits an impulse to the ground wire, and from there into the ground wire of the power supply system, which makes it possible to use this method, which is called “power line exploit“.

If the user’s laptop is not connected to the power supply (or too many are connected), then another capture method can be used: a laser is directed at the laptop’s body, a receiver captures the reflected beam and records its modulations caused by vibrations from pressings keys.

Recently, there have been more and more rumours concerning technology allowing for remote capture of not only data coming from the keyboard but also data from the monitor.

It is quite difficult to protect oneself from such methods. As an active defence various noise generators can be used, and as a passive defence shielding computer parts or the building as a whole.

Internet threats in Q3 2010

10 November 2010

Entensys and Commtouch have released a detailed report on the most serious Internet threats in Q3 2010.

Entensys develops a line of traffic monitoring and Internet access products and is mostly known for its flagship product, UserGate. Commtouch (Israel) specializes in the study of emerging spam activities and development of anti-spam solutions.

The report covers the following trends:

  • Along with regular spam messages with links to malware, users started receiving messages with infected attachments.
  • Spammers are now using fake social network (LinkedIn, etc) invitations and notifications to distribute links to malware and illegal drugstores.
  • The companies have identified that some malware is now distributed using a new complex multi-step infection scheme.
  • PayPal fraud has focused on the South African Telescope Shop.
  • Links to illegal drugs are more and more often disguised as letters of support for various politicians.

You can read the full version of the report on the Entensys website.