In a world of technology anything is possible. Technology is used day-to-day, hour by hour by all industries. But what happens when it fails? For example, when machines unexpectedly turn off or printers don’t connect to the network. These all seem like normal issues, right? Well…these issues can be the first signs of intrusion. And without any security tools in place, how would you know that your printer is not having malware installed on it?
It’s all well and good having your machines protected with the latest patch but what about the other office equipment, like that office printer? That exact printer sat in the corner of your office could be the culprit of an attack in a matter of minutes.
I’m Callum Butler and I used to be a hacker – these days I’m an Ethical hacker, but I know how the simplest innocent thing can turn into a potential hacking job ….
Put yourself in a hacker’s shoes
My day starts in the coffee shop whilst waiting for a drink. But it’s not my drink I’m waiting for. I know every morning ‘Charles’ (a manager at a local company) comes into this very coffee shop with his laptop to start his day.
A spiced skinny latte to awaken him from his ‘sporadic sleep’. Charles goes to sit down and places his laptop on the table with his coffee.
His laptop immediately gives away key clues that it is not particularly secure. For example, Charles’ company name, ‘Quick Accountancy’, flashes up on the home screen.
Following some quick research, I learn they are running laptops with old operating systems and un-restricted Administrator accounts.
Silly move if you ask me. With this information, I can easily run a PSExec exploit on that machine and gather all information that he has.
The fact he has the Windows admin rights, allows me to install and run any software that my heart desires.
If only Charles had a Host Intrusion Prevention System on his laptop that would detect access coming in from different networks.
Have you protected all your office equipment?
Now, I have the access code to the company door, and know he is a manager. This allows me full reign of the company.
I could simply walk in, in the middle of the night and go through everything but that is too obvious.
I decide to setup a meeting with one of their accountants just to get some simple information from the company.
It’s not actually this information that I want. I want to walk through the company offices to see what’s what and to find out where the key information is stored.
Luckily for me, the helpful receptionist went to get me a coffee. Conveniently allowing me to install my malware onto the printer that is unguarded in the middle of the room.
A printer you ask, why the printer?
Well, this printer isn’t just accessed by the receptionist, it’s accessed by everyone in the company.
In the event there were separate networks, it would just take one employee to print their expenses report and I would have full knowledge and control.
Now, if they had a logging and prevention system like a SIEM, that would notify the administrator that a device was being accessed remotely. The printer could be removed instantly and an investigation setup.
Unfortunately, for ‘Quick Accountancy’s’, this wasn’t the case. This place is small making remembering who is who and where everything is easy.
Whilst showing me different areas of the office, I am mentally clocking where the important information will be kept. Oddly, they keep this on a NAS drive placed next to a router. That shouldn’t be hard to hack and has been noted.
Once I’m sitting down in a meeting room with the accountant, he receives an urgent call from Charles, followed by a message “important call quick”. What could that mean?
I don’t know. But what I do know is that finding the phone address for all the people in this office was easily completed with a little hack I did earlier in the coffee shop.
Being the excellent employee that the accountant is, he went out to return the important fake call, supposedly from Charles. Whilst doing this, he left his laptop unattended.
Lucky for me whilst the Accountant and Charles were discussing the confusion caused by the call, I was able to use my USB rubber ducky with a Mimikatz script to extract all credentials and saved web passwords that this nice guy has.
I now have access to that NAS drive followed by any other systems that he might have access too. This wouldn’t happen if only the USB devices that the company use were whitelisted and anything new would result in a power loss to that port.
Now the Hack.
Using the malware installed in the printer, the usernames, the passwords and knowledge of who has access to what, I can create a simple SSH tunnel remotely to the printer.
Through a proxy chained TOR network and simply logging into the NAS drive with the credentials I got from my fellow accountant I can now help myself to all the corporate and customer data. I can anonymously download it all. Cover my tracks and encrypt the data with my own key.
POOF” the company data has now disappeared leaving all their work gone forever.
The lack of security on the company printer, means the hack has been made all too easy. The company will now face millions in damages.
Don’t get caught out
Remember security isn’t something to joke around about and costs millions if you get affected by a breach.
That’s one of the things that attracted me to become an ethical hacker and now I spend my time protecting CANCOM and all our clients.
It is imperative that you find secure tools and professionals that will be able to guide you in the right direction as well as be able ensure that your staff and common equipment is maintained with basic day-today security such as patching.
And if you thought that this was all a fairy tale story and will never happen to you, don’t be so sure, it can happen to anyone.