Social Engineering Blogs

An Aggregator for Blogs About Social Engineering and Related Fields

Facial Recognition gets “Hacked” Thanks to Facebook

Facial recognition technology is utilized in many different systems. Biometric software is used in facial recognition tools for security purposes and other applications such as social media marketing. Algorithms use a statistical approach to identify facial features – and facial recognition is increasingly used as a crime-fighting tool. In the future it could be used to monitor employee attendance at work, to enhance security measures at ATMs and to prevent voter fraud. Many privacy advocates see a problem with this technology because it could quickly turn us into a surveillance society.

University of North Carolina researchers have discovered a way to get around facial recognition security. By using a virtual reality (VR) system to develop 3D models of the face, they were able to trick the biometric security measures. They did this with just a handful of photos found on Facebook and were able to fool the systems more than half the time (Newsweek).

Clearly this is a huge security flaw in the technology which means other types of “verifiable data” would need to be used for authentication in order for facial recognition to be a feasible option. One technique that could be used is the detection of infrared radiation which would be given off by a real face, not a 3D model (Techworm).

For more information on how facial recognition technologies work, check out this video from Brit Lab:

The post Facial Recognition gets “Hacked” Thanks to Facebook appeared first on Social Hax.

A Seized Silk Road Wallet is Moving Bitcoin to the NSA Hackers

Last week, a group called the “Shadow Brokers” claimed to have hacked the NSA – stealing their code, exploits and spy tools. They leaked bits of information on GitHub and claimed the information was stolen from the Equation Group, a group who most believe is a computer surveillance wing of the NSA. The Shadow Brokers says they will auction off the data to the highest bidder. Leaks from Edward Snowden have demonstrated that this hack is legit. (The Register) Security experts believe that the hacker group is Russian.

Now it appears that there are some Bitcoin moving from a seized Silk Road wallet to the Shadow Broker’s auction. This leads some experts to believe that “the US government is potentially bidding to prevent stolen NSA exploits and tools from ending up in the wrong hands”. It could also mean that the government might be making an attempt to trace where the Bitcoins are going. Additionally, it must be noted that the co-founder of a major Bitcoin investigation company says that payments are also going in the other direction. This could simply indicate that spam is being sent in very small payments to famous addresses. (ZDNet)

So far, the Shadow Brokers have collected around $1000 in Bitcoin payments – a far cry from the 1 million Bitcoins they have demanded (which would be worth just over a half a billion $USD at the time of this writing). The U.S. government seized several thousand Bitcoin when shutting down Silk Road, so this may be their source of funds when dealing with the Shadow Broker hackers.

Learn more about the Shadow Brokers hack of the NSA here:

The post A Seized Silk Road Wallet is Moving Bitcoin to the NSA Hackers appeared first on Social Hax.

NSA Hoards Zero Days; Doesn’t Disclose Them all to Vendors

The NSA does not always disclose the zero day vulnerabilities it finds to unprotected vendors. Some security flaws are kept secret “when they can be used to serve a clear national security or law enforcement need” (Wired).

The US National Security Agency (NSA) was hacked by a suspected Russian hacker group and many of their exploits and hacking tools were archived. Leaked information was made public that showed the NSA collects exploits and does not always disclose them to vulnerable vendors. When vulnerabilities are not disclosed, problems do not get fixed. The NSA appears to operate “on the premise that secrets will never get out. That no one will ever discover the same bug. That no one will ever use the same bug. That there will never be a leak” (Business Insider).

Unfortunately, as we are currently witnessing with this recent leak, other types of hackers are able to find the same bugs and those hackers could have more malicious intent than the NSA. When hackers obtain a trove of U.S. secrets, that could put the government and corporations worldwide in a susceptible position. For example, the leaked data includes information on breaching popular commercial firewalls. Emergency service providers, governments, financial systems and many businesses all rely on these firewall technologies.

Global networking company, Cisco Systems, confirmed last week that the NSA exploited an undetected severe vulnerability that allows remote attackers “who have already gained a foothold in a targeted network to gain full control over a firewall” (Ars Technica). The NSA knew about this vulnerability since 2013 and did nothing to stop it. Now that the data is leaked, Cisco fears that the information “could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system”. It can be argued that these exploits would have been patched had the NSA disclosed the vulnerabilities instead of collecting them for their own use.

(Watch – Snowden discusses NSA hack, Cisco to cut 5,500 jobs, NASA preps an asteroid rocket):

The post NSA Hoards Zero Days; Doesn’t Disclose Them all to Vendors appeared first on Social Hax.