View RSS Feed

recovery

Not amused...

Rate this Entry
12:30: Happily chatting on IRC, checking emails doing the usual post waking up routine (late time to wake up, I know T_T)

13:45: IRC is messing up a lot, "Connection reset by peer" happening frequently.

Now, I thought to myself, what is causing my connections to reset. The router doesn't do that and I can't see why the IRC server would. I did jokingly say, maybe some one is playing around with me... But that was only the beginning of the trouble.

13:55: Browsing on facebook, a notification appears "HouseMate likes your status" it said. Odd, I thought, haven't posted a status in a while. Clicked on it, and it was to a status I didn't make. It was made seconds before it was liked and said "Facebook rape UnMarth got owned lololol"

Now I quickly drew up three people who would write such a thing, it turned out neither of them were the actual culprit. But I was rather perplexed over how some one managed to do it. It was from mobile web it said. I do remember hearing about facebook vulnerabilities for the facebook mobile site (but beats me what they were), and I know one friend who is aware of these and would use them for humor at times.

I changed my password, just to be safe and should invalidate any other active session. But I never log into a public machine with my personal accounts ever. So I was still scratching my head. Checking my emails shows that no security warnings popped up. I don't really have faith in facebooks security settings, but any hint is better than no hint. Still nothing...

14:05: I take a shower and have a little think about it. Mostly around social engineering attacks, where I was lapsing. I must of made a mistake some where. I don't have any security questions set, my email account has nothing in there of attempted password resets, my facebook email is unique and the logged logins on to that email are all from me. Maybe... the attack was from within the network, and was thinking about the reset connections. A MITM? Arp-poison? Now, two of my house mates do computer science but I know they don't know much about this and they're learning fast if that's the case. There are silly all-in-one tools out there that are point and go these days, maybe my house mate has a hold of that.

14:15 Out the shower, a three letter command is all I need to type into my laptop terminal to see what's up "arp". And what I saw was every machine on the network had the same mac address. Now I don't expect everyone to understand this. But it was a clear positivie that some one was doing arp-poisoning attacks. I spent the next 30 seconds running various tools to test this. All were pointing to this one device. All my internet traffic is being routed through the wrong machine. Not the router in the front room, but an unknown device.

Now I was cursing beyond this point... This device probably has been for the past 30 minutes snooped on my emails, irc, msn, facebook, adisc etc... Without me realising it. Every message I send, every message I read is being inspected by an unkown active 3rd party. I was worried about who this was and how naive they are as to what they are doing. And importantly what are they seeing.

I started to collect forensic evidence at this point. To double check I wasn't making stuff up and was an anomalies. But it all pointed down to arp-poisoning and MITM.

14:25 Having established who was in the house and awake, I thought I'd call the only awake housemate on it. I just opened it up and said "do you mind not doing that". His natural reply was "doing what?" in those silly sarcastic I know what you mean, but pretend I don't voices. I went into detail over what he had done to face book rape me.

I tried to ask him what tool he used, as this will let me know what he saw. It later turned out he was using a silly application on his work android device that hijacked facebook/twitter accounts. Hence why the device was new on the network. And from what I can tell it's only interested in showing the user specific websites

his phone rang and it was his girlfriend. I left then, give him a chance to get out of bed and get dressed at least! But when he was it the kitchen I told him how silly that application was and how dangerous it was. And to never ever to anything like that again. If he wants to use such an app, learn how it works and use it in a sandbox.

His intent wasn't a black one, he was curious if the app worked. He did first say it worked on his own facebook account and then I appeared, since clicking on his own was rather dull, he clicked mine. And surprise surprise it worked! And that's how he facebook raped me... And why it was mobile as well. He still takes it from a funny and cool side of things, thinking the app is merely a pranking toy. It's not it's much more deceptive than that! And I take it that had he known or had an app that was more powerful than this one to analyse the traffic going through it, he would of used good judgment not to use it.

Even then people still contact me through facebook of private matters. I'd rather they'd be off facebook, but I work around other people's needs than they to work around my convoluted ones.

I am still not amused...

I did turn on https on facebook now. I don't really feel any more secure. I know many ways to defeat that. And I don't really want to have to explain that to anyone who is interested. But feel some what silly not enabling it in the first place, it does add an extra bounry for crackers to jump over. Normally facebook's idea of security is giving them more personal data, to verify your ID against. But IMHO is more insecure and makes people feel better. I understand that's important to gain people's trust. But personal information doesn't cut it for me.

I also find it odd that my housemate said, "I expected you to easily find out it was me". So I don't know how to take that, although after I explained the attack to the second CS student he replied "out of all the people to use this on, you used it on UnMarth!" Which means a) I will catch him red handed, ad I did. and b) everyone knows how odd I am and what the hell he could find, isn't going to have any answers to how I behave, just more questions.

One person said I should tighten up my security. I did manually set the proper router's Mac into my laptop (and should do the similiar to the router). But the wifi is shared and I would like it set to default because it makes it easier for others to fix it themselves than me getting phone calls in awkward cituations out the house. As well as making adding new devices easy. For guests or their new gadget that has wifi.

Well, Still upset over the ordeal, just wished people understood the seriousness of it all. But he won't run the app again. But I also would like to teach him more about what he could do next time, but I don't think it's wise to give him ideas.
Categories
Uncategorized

Comments

  1. Near's Avatar
    Some people have very, very interesting ideas of what a "joke" is...

    And for the records, I would have been absolutely livid in your situation.
  2. LunaCat's Avatar
    I would like to think every CS student would know about ARP poisoning attacks. It's one of the easiest to do, incredibly straight forward, and has been an unchanged, viable route of attack for like... ever.

    I don't think I'd care if another CS room mate was playing around with an ARP poisoning toolkit out of curiosity. I'd be more annoyed that 1. he actually posted via an account of mine and 2. it can interfere (functionally) with network connections.

    Lord knows I played with one as soon as I learned how switches worked (like Lily with the Unicorns... had to experience it first hand). I had all my room mate's passwords at one point. The main differences being that 1. I could not have cared less what his passwords actually were beyond the retrieval of them. (I actually already knew some.) 2. I would never think of logging into someone else's account for any reason without their request/permission and 3. I would never filter through traffic looking for human readable data like email messages or instant messages.

    Interestingly enough, the reverse would not have been true. Had he done the same, I know for a fact he'd be digging through my email/etc. Mainly because he's unabashedly nosey (Not that I was connecting to sensitive websites without using HTTPS to make it incredibly easy anyway. Well, incredibly easy to get my actual password at least.)

    But, had he been interested enough in playing around with it, I wouldn't have likely cared. If he posted from an account of mine or was reading mail/etc, I'd have been forced to retaliate.
  3. moocow's Avatar
    Also, IT majors should know that. And really, there are tools out there for twitter, facebook and tons of other sites that don't use HTTPS. The tool (which was just recently released for android) is crazy, but is easily defeated by enabling HTTPS on sites that allow you to. Another thing that might have helped (not sure though since you were already logged in) is setting facebook to notify you of logins via stuff. I get an email every time I login using a computer I haven't used before and I can't login until I give it a name. (http://www.abdlmoocow.tk/2011-06-04_0110.png) It is handy (though I have yet to see an attempt that wasn't me)
  4. Near's Avatar


    Quote Originally Posted by moocow
    Also, IT majors should know that. And really, there are tools out there for twitter, facebook and tons of other sites that don't use HTTPS. The tool (which was just recently released for android) is crazy, but is easily defeated by enabling HTTPS on sites that allow you to. Another thing that might have helped (not sure though since you were already logged in) is setting facebook to notify you of logins via stuff. I get an email every time I login using a computer I haven't used before and I can't login until I give it a name. (http://www.abdlmoocow.tk/2011-06-04_0110.png) It is handy (though I have yet to see an attempt that wasn't me)
    CS majors tend to be pretty theoretical, at least from my experience so far. I'm about 3/4 trough my second year (out of four), and frankly the extend of what we've been taught when it comes to anything networking related is really, really, really trivially simple TCP/IP stuff. We've done a bunch of pretty theoretical math (automata, first order logic, complexity analysis, relational algebra, Turing machines, data structures...) but absolutely not a word on computer security as of yet (and the one computer security course they offer is not core). Then again, with how university is structured in North America (of the courses I have attempted/passed so far, 60% are math (calculus and linear algebra), physics, economics or arts) it's not overly surprising.

    I would be surprised if 10% of the students in my year know what ARP stands for, to be perfectly honest. I mean, most of my fellow CS majors don't know what IRC is . As for IT majors? Where I am, it's the same thing as a CS major, just with some of the math replaced with business courses.

    Oh, fun fact. One of the Computer Science prof I have now claims he hasn't programmed in over a decade. It's not hard to believe...
ADISC.org - the Adult Baby / Diaper Lover / Incontinence Support Community.
ADISC.org is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.