Innovation is at the heart of hacking. The hacker’s mindset needs to consider how common items may be manipulated to provide any advantage, whether that’s looking at online presence or finding ways to physically infiltrate an organisation.
Introducing Josh R. - Operations Manager at Alcorn Group, hacker, and innovator, whose customised modification to Cisco phone hardware is assisting our consultants in the field. We call it CiscPwn.
A.G.: What are we looking at, what is this phone device and what can it do?
Josh: We often use devices “implanted” at client networks in order to maintain access. This is a functional computer with hacking tools ready for us to connect remotely and run attacks. We custom made this for a job; the basic build was done in under a day. Since then we’ve added improvements. Typically we’ll build a device for a specific job if needed, then add new features and improvements when we think of them.
A.G.: Why did you choose a phone for the basis of this hardware?
Josh: Lots of spare room, and it fits in at most meeting rooms or desks without raising too many eyebrows. The phone is fully functional, but because it would need to be configured for the PBX at the target, we typically hang the phone on the loading screen so it looks like it’s frozen.
A.G.: Was it difficult to place the device on the site?
Josh: Very easy! When the device looks like it fits in, then it’s normally a matter of plugging it in. We snuck it into a network and used it to maintain remote access. It was very successful.
A.G.: You recently gave a presentation about this device, tell us about that.
Josh: I gave a presentation on Red Team techniques, how to get in the mindset of an attacker. Which for us often comes down to low risk and high success rates. These devices are low risk because they’re difficult to trace, and once we have one implanted there’s a good chance we’ll be able to compromise the network.
A.G.: Are there changes you’d like to make for the next version?
Josh: We have a few improvements to detect tampering and more… but let’s not give it all away.
A.G.: Will Alcorn Group be doing more hardware like this one?
Josh: We have a number of other purpose-built devices already, and whenever we see the need or have an opportunity we add to the list. We can make custom gear for an engagement for sure.
A.G.: What advice do you have for businesses on protecting themselves from hardware like this one?
Josh: Port security and a good asset management policy are key. Asset management and an easy way to identify legitimate items is incredibly important.
A.G.: If someone finds a suspicious piece of hardware like this one on their business premises, who should they contact?
Josh: Ahh, well, roll incident response. …(Have) a good IR plan.
Incident response is a vital piece of the puzzle when safeguarding your systems against intruders. Alcorn Group offer a range of incident response services to fill your needs, ranging from assistance in preparing your IR strategies, determining which areas of your business may require extra attention, or helping you recover in the aftermath of an incident.
Call our consultants today on 1300 368 806.