How and Why To Re-Rout DNS Through Your Computer or Phone

In a few of my previous tutorials I briefly touch on DNS re-routing, but never really get into it in full details, so I figured why not here today? Before moving forward, learning to re-route your DNS is important because it is a means of protecting your personal data, devices, network connectivity and internet traffic away from the spying or prying eyes of your Internet Service Provider (ISP), Government and any other interested 3rd parties, such as advertisers or even hackers. As for how DNS works or how switching it effects your internet connectivity, I think the short video below is the best demonstration. It explains how DNS re-routing configures your computer or phone to connect through a DNS server first, in order to connect to a website second – instead of connecting to a server owned by your ISP to connect to that same website, get it?

While there are number of ways to re-route your DNS and different services providers to choose from, for the purposes of this article, I consider the following to be the worlds best “Top 3” – Cloudflare DNS, IBM Quad 9 and Google’s Public DNS. As you can read below, each of which have their own unique benefits.

Cloudflare DNS:

Ipv4: 1.1.1.1
Ipv6: 1.0.0.1
Ipv6: 2606:4700:4700::1111
Ipv6: 2606:4700:4700::1001

Cloudflare DNS is my personal DNS provider of choice, installed on both my computer and phone. As for why I choose them, this is because Cloudflare DNS anonymizes IP Addresses, deletes logs daily and doesn’t mine any user data. Additionally, Cloudlfare DNS also offers security features not available in many other public DNS service providers, such as “Query Name Minimization” – which diminishes privacy leakage by sending minimal query names to authoritative DNS servers when connecting to websites.

Learn More – Cloudflare DNS: https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

IBM Quad 9:

Ipv4: 9.9.9.9
Ipv4: 149.112.112.112
Ipv6: 2620:fe::fe
Ipv6: 2620:fe::9

IBM Quad 9. Whereas Cloudflare may be more beneficial for activists and researchers, IBM Quad 9 on the other hand is probably of more benefit to your average home owner, parent or business owner. This is because Quad 9 routes your internet connections through DNS servers that actively blacklist known malicious websites, as well as websites which have previously been compromised by data breaches. In addition to this, Quad 9 servers also protect your internet’s incoming/outgoing connections as a means of preventing any of your devices from being caught up in a botnet. Quite simply, this means that while on Quad 9 servers, you never have to worry about any of your devices being hijacked or caught up in any sort of DDoS or crypto-mining campaigns, even smart devices connected to the “Internet of Things” (IoT).

Learn More – IBM Quad9: https://www.quad9.net/

Google Public DNS:

Ipv4: 8.8.8.8
Ipv4: 8.8.4.4
Ipv6: 2001:4860:4860::8888
Ipv6: 2001:4860:4860::8844

Google Public DNS servers on the other hand are ideal for people in countries such as Ethiopia, Sudan, Turkey, Syria, North Korea and the like which are all known to have restricted, censored, shut down and/or sealed off access to certain portions of their national internet in the past. In fact, as you can see via the picture provided below, activists affiliated with Anonymous Cyber Guerrilla have literally spray painted Google’s 8.8.8.8 DNS in public places in times of National crises as a means of raising awareness and alerting citizens how to bypass local internet restrictions imposed by their Government – opening people back up to the global world-wide-web. In addition to bypassing regional internet restrictions, compared to ISP’s in some 3rd world regions, switching to Google DNS servers might actually help improve or speed up your load time/internet connection.

Learn More – Google Public DNS: https://developers.google.com/speed/public-dns/

No photo description available.

 

How To Switch DNS On Windows?

1.) Go to the start menu and type in “Settings,” press enter and then select “Network & Internet” options

No photo description available.

 

2.) Click on “Change Adapter Options

Image may contain: text

 

3.) Select the “Internet Connection” your are using then click on the “Properties” button when it pops up

No photo description available.

 

4.) Scroll through and individually select/click on “Internet Protocol Version IPv4” and “Internet Protocol Version IPv6” then press the “Properties” button again

No photo description available.

 

5.) Select “Use The Following DNS Server Address” and manually enter in your DNS service provider of choice – see IPv4 and IPv6 Addresses above – then press “OK

No photo description available.

 

That’s it, really. Generally speaking, the setup should be the same on your Apple PC just as well. It’s also important to note that you can actually do a mix-match of the addresses listed above. For example, you can use Cloudflare for IPv4, but then choose IBM for IPv6 – vice versa – and your internet connection will not be broken. Just so you are aware, while IPv2 usually signifies the country of origin or device where you are coming from, but most all devices on the world-wide-web these days connect to websites via IPv4 connections, making IPv4 the most important settings to modify.

How To Switch DNS On Phone?

Changing or re-routing the DNS settings on your phone can either be incredibly complicated or incredibly simple, depending on your level of skill/expertise. However, far and away the easiest means to go about accomplishing this is by installing a 3rd party App – either by going to your App, Apple or Google Play store(s). Simply just type in “Change DNS” to your search settings, press enter, and this should open up a whole host of options to choose from. Simply choose the one that you feel is best for you and enter in the Addresses listed above.

If You are A Little More Advanced…

OpenNIC Project. For those of you whom may be unfamiliar, “OpenNIC (also referred to as the OpenNIC Project) is a user owned and controlled top-level Network Information Center offering a non-national alternative to traditional Top-Level Domain (TLD) registries; such as ICANN. Instead, OpenNIC only operates namespaces and namespaces the OpenNIC has peering agreements with.

In other words, they are open DNS addresses, servers and proxies not indexed by global internet agencies or their Governments. Stay classy mi amigos 😉

Learn More -OpenNIC Project: https://www.opennic.org/

See Also – CyberGuerrilla Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Behind The Headlines, Understanding The Circumstances Surrounding The Creation of The Silex Botnet

For those of you whom might not be aware, news of the Silex Botnet was first broke by Akamai and published on ZDNet by Catalin Cimpanu on June 26th. Now, normally I would link to ZDNet’s article and give them full credit for their reporting on the matter, but they would never link to this follow up report by yours truly – so fuck them, honestly. With that established, what I have is a transcript of a conversation from the hacker(s) whom built the botnet, the physical source code of the botnet itself, as well as an interview with the hacker whom trained the botnets creator(s). You may have heard of them before? It’s “0x20k” of Ghost Squad Hackers, ranked as one of the worlds top 10 botnet builders.

But, without any further adieu, lets start with the good and juicy stuff – shall we? Here’s a full copy of the source code for the Silex Botnet. Please note that I will be keeping the plain text file redacted, so you’re just going to have to learn C language and structure the code yourself if you really want it that bad.

Full 6 Page Source Code – Silex Botnet:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/07/Silex.pdf”%5D

With that out of the way, lets talk about why all of this happened in the first place. According to the botnets architect, “Light The Sylveon,” it was actually all just an accident/mistake – really. In a transcript of a conversation seen by Rogue Media Labs, Light goes on to explain how they are “sorry” for having created the botnet and “didn’t know it would have such a large impact, to be honest.” As a result, Light is actually considering “quitting” the underground Black-Hat life, though they have plans to continue learning and becoming a better botnet builder in the future.

As for why the hackers behind the creation of the botnet reached out to me, it’s because they want the tech world to know that the Silex Botnet was never meant to become as large as it has, that Light is not some attention seeking whore – so to speak – and that they are honestly sorry for what has happened because of it. Essentially, Light was messing around with some new ideas/concepts and created something they weren’t fully prepared to handle – nothing more, nothing less.

As for an update on the Silex Botnet‘s rein of destruction, according to Light, as of July 2nd 2019, the botnet has already bricked over 10,000 devices worldwide – up from around 2,000 devices a little less than a week ago on June 26th. Additionally, for those of you whom might not have been read into it, Silex literally has no other purpose than to seek and destroy – completely blocking owners from their own devices. The source code of Silex itself was essentially designed to be a carbon-copy of Brickerbot, only with their own unique spin on it. Silex also does not round up devices for use in DDoS or Crypto-mining like most other modern botnets, nothing like that. Instead, Silex merely just searches and destroys, infecting devices with the intent of locking the owners out of the device, wiping all storage space, dropping its firewall rules and bricking it off completely. Kind of cool, for an accident anyways – right?

Lastly, Light was trained by “0x20k” of GSH, which probably explains how/why Silex attacks through default Telnet credentials – the primary means through which 20k’s Ficora Botnet also infected Internet of Things (IoT) devices in the past. On top of this, Light claims to have developed Silex with the help of 3 other hackers, whom did not want to be identified/implicated publicly.

Study: Researches at School of Physics at Georgia Tech Calculate That A Hack of Only 10% of All IoT Connected Cars Could Cause National Gridlock

Far be it from me to pass up an opportunity to talk about a highly intellectual academic study with hints of an inevitable “Dystopian Future” and/or “Zombie Apocalypse” and/or both! But a new research paper was introduced to the public last week by Skanda Vivek of the School of Physics of the Georgia Institute of Technology in Atlanta, Georgia. The paper itself discusses the vulnerabilities effecting most all internet connected cars these days, as well as how these vulnerabilities could theoretically be exploited by hackers or other threat actors in the present and into the future.

Perhaps most interesting though were Vivek’s statistics indicating that a major hack effecting only 10% of all internet connected cars in a city such as New York for example, would be enough to cause gridlock and shut down all transportation across city streets entirely. His full findings were released in a new research paper entitled “Cyber-Physical Risks of Hacked Internet-Connected Vehicles,” presented to an audience of his peers at the 2019 American Physical Society summit in Boston last week. You can browse through and/or download his whole research presentation below – you’re welcome 🤓.

Download Full Research Paper Here: https://arxiv.org/pdf/1903.00059.pdf

Read for Yourself:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/Smart_Car_Study.pdf”%5D

Senator Mark Warner Introduces “Internet of Things (IoT) Cybersecurity Improvement Act of 2019”

This past Monday, March 11th 2019, along with a host of bipartisan supporters and co-sponsors, Senator Mark Warner (D-VA) officially introduced a new piece of legislation he calls the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” The bill comes as a result of years of work, following an investigation of IoT vulnerabilities and flaws originally undertaken by Senator Warner in 2017 – directly on the heels of the US Senate Intelligence Committee’s investigation into Russian interference in the 2016 US Presidential Elections, a committee and investigation led by none other than Senator Warner himself.

As is, if passed, the bill would:

  • Requires the National Institute of Standards and Technology (NIST) to craft recommendations that address secure development, identity management, patching and configuration management for IoT devices
  • Requires the Office of Management and Budget (OMB) to come up with agency guidelines based on the NIST guidance.
  • Requires the OMB to review agency policies every three years.
  • Requires NIST to work with security researchers and industry professionals to coordinate vulnerability disclosures while requiring contractors and vendors to maintain coordinated vulnerability disclosure policies to ensure information on a vulnerability is disseminated out to government agencies with priority.
  • Mandates/restricts government agencies to purchasing or use only those devices found to be in compliance with new NIST recommendations set into precedent with the legislation.

In a message attached to the release of his legislation, Senator Warner stated “While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security. This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices” – to better secure the US Government and Internet of Things collectively as we move into the future.

Full Text of Bill: https://www.scribd.com/document/401616402/Internet-of-Things-IoT-Cybersecurity-Improvement-Act-of-2019

Scroll Through Bill for Yourself:

2017 Version Leading To This Weeks New Bill:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/IoT_Cybersecurity_Improvement_Act_2017.pdf”%5D

SCode404 of Ghost Squad Hackers May Have Just Built A Botnet Capable of Producing The Largest DDoS Attack The World Has Ever Seen

For those of you whom might not be aware, just a few weeks on January 31st 2019, researchers working for the international cyber security firm known as Imeperva claimed to have successfully mitigated what would become the largest DDoS attack in world history. According to the data, January’s attack topped out at well over 500 million packets per second, nearly 4 times the amount of packets generated from a March 2018 attack against Github servers – an attack still considered to be the largest bandwidth consuming DDoS attack on record, topping out at approximately 1.35 Terabits per second.

Well, as it turns out, there may soon be a new record holder on the way. According to a message posted to Twitter on March 2nd 2019, “SCode404” of Ghost Squad Hackers claims to be in possession of a botnet capable of producing attacks topping out at just short of 3 Terabits per second. Officially named the “Uchiha Botnet” and used to launch Layer 7 DDoS Attacks, via a test run on Vedbex’s DNS resolver, SCode404 claims to have launched an attack topping out around 2,900 GB per second (2.9 TB per second) – a bandwidth level DDoS attack that would utterly smash previous record holders.

https://twitter.com/Scode404/status/1101884385660329984

While Scode is remaining fairly tight lipped about their creation, at least for the time being, it does appear to be literal months in the making. I say this because dating back to a mid-January 2019 posting to Twitter, SCode announced that they ‘were back‘ and had begun the process of hijacking/exploiting hundreds of thousands of new devices on the Internet of Things (IoT) – primarily targeting the geographic regions of China and Korea via Shodan.io, the official search engine of the Internet of Things. For now though, SCode will not reveal to the public what their botnet comprises of, how they assembled it or built their source code, nor who/what their intended targets may be. When asked as much, SCode told Rogue Media Labsfor this I still keep it a secret.” I guess you will all have to just wait and find out with the rest of us, stay tuned….

https://twitter.com/Scode404/status/1084942213686030336

Qurlla of New World Hackers Begins Infecting IoT Devices with New, Never Before Seen, TrojanXENE Ransomware

This morning, January 14th 2019, “Qurlla” of New World Hackers essentially launched/invented a new form of ransomware attack that the world has never seen before. Unlike traditional ransomware attacks which first require a user to click on a hyperlink and/or download a file, this ransomware is being spread via open ports on devices located on the Internet of Things (IoT).

Traditionally, the IoT has been used to build botnets for Bitcoin mining or DDoS attacks, essentially using malware to crawl different network systems on the IoT to infect any vulnerable devices on it. However, Qurlla appears to have coded a new piece of malware that scans vulnerable devices on the Internet of Things, injecting open ports built into their software directly with the ransomware itself – requiring no action from the device or its user whatsoever. Essentially, these devices are being infected simply by just existing dormantly on the IoT – something which, at least to my knowledge, no one has ever pulled off before.

https://twitter.com/Qurlla/status/1084880048799342596

To date, Qurlla claims to have compromised approximately 214,003 devices through a web service known as Shodan, the self described “Search Engine for The Internet of Things,” infecting at least 150,000 with his ransomware – including TV’s, laptops, PC’s and Raspberry Pi servers. He has also targeted Amazon Echo devices, printers and cell phones as well. In statements to Rogue Media Labs, Qurlla explained that this only the beginning, and he is still actively developing his source code – which will remain private until at least next month. For the time being, Qurlla is going to keep building upon his code – perhaps introducing a DDoS variant into the mix, allowing for infected devices to coordinate with one another to carry out DDoS attacks in the future.

While it is still very early and the attack was just launched a few hours ago, Qurlla says that he has already made over $300 from infected victims – asking $150 a piece to decrypt his ransomware. Qurlla calls his new ransomware “TrojanXENE,” a custom coded trojan which uses Ruby code to send TCP payloads and header redirects from a Google API – effecting devices found on on Shodan, using their API to send the payloads to get a response. To exploit the printers, Qurlla used CastHack source code from “HackerGiraffe,” modifying the payloads to deliver his variant.

Qurlla details that he uses a “simple SHA-1” to encrypt the devices, “but every payload is tweaked to pull off the attack” – depending on the type of device compromised. He explains how he “did code like a gui in C# earlier, but it wasn’t as efficient as just executing python commands in terminal to make this possible. There is really a mix of programming languages.” Upon turning on or accessing their device, users are greeted with a message stating that “You got Hacked” – which then redirects them to a BTC payment gateway. Reportedly, users are not allowed to do anything on their devices until a payment of $150 is made. Below is a screen shot of the messages left behind on infected devices.

Screen Shot from Infected IoT Device:

Image may contain: one or more people and text

https://twitter.com/Qurlla/status/1084839749746126849

Survey: Despite Buying Smart Devices, 80% of Customers Claim Not To Trust Any Internet Connected Devices

Earlier this week, funded by BlackBerry, researchers working at Atomic Research released the result of a new study designed to gauge the public’s level of trust in the devices they purchase, as well as what their levels of expectation were for the regulation of data security and privacy as it relates to the internet connected devices or products they buy. Conducted throughout the early half of December 2018, researchers interviewed approximately 4,100 individuals across three countries – the United States, United Kingdom and Canada – revealing that:

  • 80% say they do not trust their current internet connected smart devices to secure their data or privacy
  • 84% said they would be more likely to buy a product based on their historic reputations for protecting data/privacy
  • 82% of respondents said they would embrace the adoption of a set of industry standards regulating the data privacy industry, requiring devices to be certified before being released to the public
  • 25% of respondents stated that they trusted their own in car AI from Google more than any other, followed by Siri (19%) and Alexa (16%)
  • 67% of respondents stated they would pay more for a car if they knew it offered more secure software than a competitor
  • 58% said they would pay more for Internet of Thing (IoT) devices if they offered built in security
  • On average, 20% of respondents said they would pay up to 10% more for any product for the piece of mind knowing it was more secure
  • 36% of respondents claim to have no knowledge whatsoever of any industry standards or security certifications when it comes to data security

Results from study: https://www.blackberry.com/content/dam/blackberry-com/media-gallery/pdf/Consumers-Dont-Trust-Connected-Devices-to-Keep-Data-Safe-and-Secure.pdf

Browse Through The Release:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/Consumers-Dont-Trust-Connected-Devices-to-Keep-Data-Safe-and-Secure.pdf”%5D