How and Why To Re-Rout DNS Through Your Computer or Phone

In a few of my previous tutorials I briefly touch on DNS re-routing, but never really get into it in full details, so I figured why not here today? Before moving forward, learning to re-route your DNS is important because it is a means of protecting your personal data, devices, network connectivity and internet traffic away from the spying or prying eyes of your Internet Service Provider (ISP), Government and any other interested 3rd parties, such as advertisers or even hackers. As for how DNS works or how switching it effects your internet connectivity, I think the short video below is the best demonstration. It explains how DNS re-routing configures your computer or phone to connect through a DNS server first, in order to connect to a website second – instead of connecting to a server owned by your ISP to connect to that same website, get it?

While there are number of ways to re-route your DNS and different services providers to choose from, for the purposes of this article, I consider the following to be the worlds best “Top 3” – Cloudflare DNS, IBM Quad 9 and Google’s Public DNS. As you can read below, each of which have their own unique benefits.

Cloudflare DNS:

Ipv4: 1.1.1.1
Ipv6: 1.0.0.1
Ipv6: 2606:4700:4700::1111
Ipv6: 2606:4700:4700::1001

Cloudflare DNS is my personal DNS provider of choice, installed on both my computer and phone. As for why I choose them, this is because Cloudflare DNS anonymizes IP Addresses, deletes logs daily and doesn’t mine any user data. Additionally, Cloudlfare DNS also offers security features not available in many other public DNS service providers, such as “Query Name Minimization” – which diminishes privacy leakage by sending minimal query names to authoritative DNS servers when connecting to websites.

Learn More – Cloudflare DNS: https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

IBM Quad 9:

Ipv4: 9.9.9.9
Ipv4: 149.112.112.112
Ipv6: 2620:fe::fe
Ipv6: 2620:fe::9

IBM Quad 9. Whereas Cloudflare may be more beneficial for activists and researchers, IBM Quad 9 on the other hand is probably of more benefit to your average home owner, parent or business owner. This is because Quad 9 routes your internet connections through DNS servers that actively blacklist known malicious websites, as well as websites which have previously been compromised by data breaches. In addition to this, Quad 9 servers also protect your internet’s incoming/outgoing connections as a means of preventing any of your devices from being caught up in a botnet. Quite simply, this means that while on Quad 9 servers, you never have to worry about any of your devices being hijacked or caught up in any sort of DDoS or crypto-mining campaigns, even smart devices connected to the “Internet of Things” (IoT).

Learn More – IBM Quad9: https://www.quad9.net/

Google Public DNS:

Ipv4: 8.8.8.8
Ipv4: 8.8.4.4
Ipv6: 2001:4860:4860::8888
Ipv6: 2001:4860:4860::8844

Google Public DNS servers on the other hand are ideal for people in countries such as Ethiopia, Sudan, Turkey, Syria, North Korea and the like which are all known to have restricted, censored, shut down and/or sealed off access to certain portions of their national internet in the past. In fact, as you can see via the picture provided below, activists affiliated with Anonymous Cyber Guerrilla have literally spray painted Google’s 8.8.8.8 DNS in public places in times of National crises as a means of raising awareness and alerting citizens how to bypass local internet restrictions imposed by their Government – opening people back up to the global world-wide-web. In addition to bypassing regional internet restrictions, compared to ISP’s in some 3rd world regions, switching to Google DNS servers might actually help improve or speed up your load time/internet connection.

Learn More – Google Public DNS: https://developers.google.com/speed/public-dns/

No photo description available.

 

How To Switch DNS On Windows?

1.) Go to the start menu and type in “Settings,” press enter and then select “Network & Internet” options

No photo description available.

 

2.) Click on “Change Adapter Options

Image may contain: text

 

3.) Select the “Internet Connection” your are using then click on the “Properties” button when it pops up

No photo description available.

 

4.) Scroll through and individually select/click on “Internet Protocol Version IPv4” and “Internet Protocol Version IPv6” then press the “Properties” button again

No photo description available.

 

5.) Select “Use The Following DNS Server Address” and manually enter in your DNS service provider of choice – see IPv4 and IPv6 Addresses above – then press “OK

No photo description available.

 

That’s it, really. Generally speaking, the setup should be the same on your Apple PC just as well. It’s also important to note that you can actually do a mix-match of the addresses listed above. For example, you can use Cloudflare for IPv4, but then choose IBM for IPv6 – vice versa – and your internet connection will not be broken. Just so you are aware, while IPv2 usually signifies the country of origin or device where you are coming from, but most all devices on the world-wide-web these days connect to websites via IPv4 connections, making IPv4 the most important settings to modify.

How To Switch DNS On Phone?

Changing or re-routing the DNS settings on your phone can either be incredibly complicated or incredibly simple, depending on your level of skill/expertise. However, far and away the easiest means to go about accomplishing this is by installing a 3rd party App – either by going to your App, Apple or Google Play store(s). Simply just type in “Change DNS” to your search settings, press enter, and this should open up a whole host of options to choose from. Simply choose the one that you feel is best for you and enter in the Addresses listed above.

If You are A Little More Advanced…

OpenNIC Project. For those of you whom may be unfamiliar, “OpenNIC (also referred to as the OpenNIC Project) is a user owned and controlled top-level Network Information Center offering a non-national alternative to traditional Top-Level Domain (TLD) registries; such as ICANN. Instead, OpenNIC only operates namespaces and namespaces the OpenNIC has peering agreements with.

In other words, they are open DNS addresses, servers and proxies not indexed by global internet agencies or their Governments. Stay classy mi amigos 😉

Learn More -OpenNIC Project: https://www.opennic.org/

See Also – CyberGuerrilla Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Behind The Headlines, Understanding The Circumstances Surrounding The Creation of The Silex Botnet

For those of you whom might not be aware, news of the Silex Botnet was first broke by Akamai and published on ZDNet by Catalin Cimpanu on June 26th. Now, normally I would link to ZDNet’s article and give them full credit for their reporting on the matter, but they would never link to this follow up report by yours truly – so fuck them, honestly. With that established, what I have is a transcript of a conversation from the hacker(s) whom built the botnet, the physical source code of the botnet itself, as well as an interview with the hacker whom trained the botnets creator(s). You may have heard of them before? It’s “0x20k” of Ghost Squad Hackers, ranked as one of the worlds top 10 botnet builders.

But, without any further adieu, lets start with the good and juicy stuff – shall we? Here’s a full copy of the source code for the Silex Botnet. Please note that I will be keeping the plain text file redacted, so you’re just going to have to learn C language and structure the code yourself if you really want it that bad.

Full 6 Page Source Code – Silex Botnet:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/07/Silex.pdf”%5D

With that out of the way, lets talk about why all of this happened in the first place. According to the botnets architect, “Light The Sylveon,” it was actually all just an accident/mistake – really. In a transcript of a conversation seen by Rogue Media Labs, Light goes on to explain how they are “sorry” for having created the botnet and “didn’t know it would have such a large impact, to be honest.” As a result, Light is actually considering “quitting” the underground Black-Hat life, though they have plans to continue learning and becoming a better botnet builder in the future.

As for why the hackers behind the creation of the botnet reached out to me, it’s because they want the tech world to know that the Silex Botnet was never meant to become as large as it has, that Light is not some attention seeking whore – so to speak – and that they are honestly sorry for what has happened because of it. Essentially, Light was messing around with some new ideas/concepts and created something they weren’t fully prepared to handle – nothing more, nothing less.

As for an update on the Silex Botnet‘s rein of destruction, according to Light, as of July 2nd 2019, the botnet has already bricked over 10,000 devices worldwide – up from around 2,000 devices a little less than a week ago on June 26th. Additionally, for those of you whom might not have been read into it, Silex literally has no other purpose than to seek and destroy – completely blocking owners from their own devices. The source code of Silex itself was essentially designed to be a carbon-copy of Brickerbot, only with their own unique spin on it. Silex also does not round up devices for use in DDoS or Crypto-mining like most other modern botnets, nothing like that. Instead, Silex merely just searches and destroys, infecting devices with the intent of locking the owners out of the device, wiping all storage space, dropping its firewall rules and bricking it off completely. Kind of cool, for an accident anyways – right?

Lastly, Light was trained by “0x20k” of GSH, which probably explains how/why Silex attacks through default Telnet credentials – the primary means through which 20k’s Ficora Botnet also infected Internet of Things (IoT) devices in the past. On top of this, Light claims to have developed Silex with the help of 3 other hackers, whom did not want to be identified/implicated publicly.

Study: Researches at School of Physics at Georgia Tech Calculate That A Hack of Only 10% of All IoT Connected Cars Could Cause National Gridlock

Far be it from me to pass up an opportunity to talk about a highly intellectual academic study with hints of an inevitable “Dystopian Future” and/or “Zombie Apocalypse” and/or both! But a new research paper was introduced to the public last week by Skanda Vivek of the School of Physics of the Georgia Institute of Technology in Atlanta, Georgia. The paper itself discusses the vulnerabilities effecting most all internet connected cars these days, as well as how these vulnerabilities could theoretically be exploited by hackers or other threat actors in the present and into the future.

Perhaps most interesting though were Vivek’s statistics indicating that a major hack effecting only 10% of all internet connected cars in a city such as New York for example, would be enough to cause gridlock and shut down all transportation across city streets entirely. His full findings were released in a new research paper entitled “Cyber-Physical Risks of Hacked Internet-Connected Vehicles,” presented to an audience of his peers at the 2019 American Physical Society summit in Boston last week. You can browse through and/or download his whole research presentation below – you’re welcome 🤓.

Download Full Research Paper Here: https://arxiv.org/pdf/1903.00059.pdf

Read for Yourself:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/Smart_Car_Study.pdf”%5D

Senator Mark Warner Introduces “Internet of Things (IoT) Cybersecurity Improvement Act of 2019”

This past Monday, March 11th 2019, along with a host of bipartisan supporters and co-sponsors, Senator Mark Warner (D-VA) officially introduced a new piece of legislation he calls the “Internet of Things (IoT) Cybersecurity Improvement Act of 2019.” The bill comes as a result of years of work, following an investigation of IoT vulnerabilities and flaws originally undertaken by Senator Warner in 2017 – directly on the heels of the US Senate Intelligence Committee’s investigation into Russian interference in the 2016 US Presidential Elections, a committee and investigation led by none other than Senator Warner himself.

As is, if passed, the bill would:

  • Requires the National Institute of Standards and Technology (NIST) to craft recommendations that address secure development, identity management, patching and configuration management for IoT devices
  • Requires the Office of Management and Budget (OMB) to come up with agency guidelines based on the NIST guidance.
  • Requires the OMB to review agency policies every three years.
  • Requires NIST to work with security researchers and industry professionals to coordinate vulnerability disclosures while requiring contractors and vendors to maintain coordinated vulnerability disclosure policies to ensure information on a vulnerability is disseminated out to government agencies with priority.
  • Mandates/restricts government agencies to purchasing or use only those devices found to be in compliance with new NIST recommendations set into precedent with the legislation.

In a message attached to the release of his legislation, Senator Warner stated “While I’m excited about their life-changing potential, I’m also concerned that many IoT devices are being sold without appropriate safeguards and protections in place, with the device market prioritizing convenience and price over security. This legislation will use the purchasing power of the federal government to establish some minimum security standards for IoT devices” – to better secure the US Government and Internet of Things collectively as we move into the future.

Full Text of Bill: https://www.scribd.com/document/401616402/Internet-of-Things-IoT-Cybersecurity-Improvement-Act-of-2019

Scroll Through Bill for Yourself:

2017 Version Leading To This Weeks New Bill:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/IoT_Cybersecurity_Improvement_Act_2017.pdf”%5D

SCode404 of Ghost Squad Hackers May Have Just Built A Botnet Capable of Producing The Largest DDoS Attack The World Has Ever Seen

For those of you whom might not be aware, just a few weeks on January 31st 2019, researchers working for the international cyber security firm known as Imeperva claimed to have successfully mitigated what would become the largest DDoS attack in world history. According to the data, January’s attack topped out at well over 500 million packets per second, nearly 4 times the amount of packets generated from a March 2018 attack against Github servers – an attack still considered to be the largest bandwidth consuming DDoS attack on record, topping out at approximately 1.35 Terabits per second.

Well, as it turns out, there may soon be a new record holder on the way. According to a message posted to Twitter on March 2nd 2019, “SCode404” of Ghost Squad Hackers claims to be in possession of a botnet capable of producing attacks topping out at just short of 3 Terabits per second. Officially named the “Uchiha Botnet” and used to launch Layer 7 DDoS Attacks, via a test run on Vedbex’s DNS resolver, SCode404 claims to have launched an attack topping out around 2,900 GB per second (2.9 TB per second) – a bandwidth level DDoS attack that would utterly smash previous record holders.

https://twitter.com/Scode404/status/1101884385660329984

While Scode is remaining fairly tight lipped about their creation, at least for the time being, it does appear to be literal months in the making. I say this because dating back to a mid-January 2019 posting to Twitter, SCode announced that they ‘were back‘ and had begun the process of hijacking/exploiting hundreds of thousands of new devices on the Internet of Things (IoT) – primarily targeting the geographic regions of China and Korea via Shodan.io, the official search engine of the Internet of Things. For now though, SCode will not reveal to the public what their botnet comprises of, how they assembled it or built their source code, nor who/what their intended targets may be. When asked as much, SCode told Rogue Media Labsfor this I still keep it a secret.” I guess you will all have to just wait and find out with the rest of us, stay tuned….

https://twitter.com/Scode404/status/1084942213686030336

Qurlla of New World Hackers Begins Infecting IoT Devices with New, Never Before Seen, TrojanXENE Ransomware

This morning, January 14th 2019, “Qurlla” of New World Hackers essentially launched/invented a new form of ransomware attack that the world has never seen before. Unlike traditional ransomware attacks which first require a user to click on a hyperlink and/or download a file, this ransomware is being spread via open ports on devices located on the Internet of Things (IoT).

Traditionally, the IoT has been used to build botnets for Bitcoin mining or DDoS attacks, essentially using malware to crawl different network systems on the IoT to infect any vulnerable devices on it. However, Qurlla appears to have coded a new piece of malware that scans vulnerable devices on the Internet of Things, injecting open ports built into their software directly with the ransomware itself – requiring no action from the device or its user whatsoever. Essentially, these devices are being infected simply by just existing dormantly on the IoT – something which, at least to my knowledge, no one has ever pulled off before.

https://twitter.com/Qurlla/status/1084880048799342596

To date, Qurlla claims to have compromised approximately 214,003 devices through a web service known as Shodan, the self described “Search Engine for The Internet of Things,” infecting at least 150,000 with his ransomware – including TV’s, laptops, PC’s and Raspberry Pi servers. He has also targeted Amazon Echo devices, printers and cell phones as well. In statements to Rogue Media Labs, Qurlla explained that this only the beginning, and he is still actively developing his source code – which will remain private until at least next month. For the time being, Qurlla is going to keep building upon his code – perhaps introducing a DDoS variant into the mix, allowing for infected devices to coordinate with one another to carry out DDoS attacks in the future.

While it is still very early and the attack was just launched a few hours ago, Qurlla says that he has already made over $300 from infected victims – asking $150 a piece to decrypt his ransomware. Qurlla calls his new ransomware “TrojanXENE,” a custom coded trojan which uses Ruby code to send TCP payloads and header redirects from a Google API – effecting devices found on on Shodan, using their API to send the payloads to get a response. To exploit the printers, Qurlla used CastHack source code from “HackerGiraffe,” modifying the payloads to deliver his variant.

Qurlla details that he uses a “simple SHA-1” to encrypt the devices, “but every payload is tweaked to pull off the attack” – depending on the type of device compromised. He explains how he “did code like a gui in C# earlier, but it wasn’t as efficient as just executing python commands in terminal to make this possible. There is really a mix of programming languages.” Upon turning on or accessing their device, users are greeted with a message stating that “You got Hacked” – which then redirects them to a BTC payment gateway. Reportedly, users are not allowed to do anything on their devices until a payment of $150 is made. Below is a screen shot of the messages left behind on infected devices.

Screen Shot from Infected IoT Device:

Image may contain: one or more people and text

https://twitter.com/Qurlla/status/1084839749746126849

Survey: Despite Buying Smart Devices, 80% of Customers Claim Not To Trust Any Internet Connected Devices

Earlier this week, funded by BlackBerry, researchers working at Atomic Research released the result of a new study designed to gauge the public’s level of trust in the devices they purchase, as well as what their levels of expectation were for the regulation of data security and privacy as it relates to the internet connected devices or products they buy. Conducted throughout the early half of December 2018, researchers interviewed approximately 4,100 individuals across three countries – the United States, United Kingdom and Canada – revealing that:

  • 80% say they do not trust their current internet connected smart devices to secure their data or privacy
  • 84% said they would be more likely to buy a product based on their historic reputations for protecting data/privacy
  • 82% of respondents said they would embrace the adoption of a set of industry standards regulating the data privacy industry, requiring devices to be certified before being released to the public
  • 25% of respondents stated that they trusted their own in car AI from Google more than any other, followed by Siri (19%) and Alexa (16%)
  • 67% of respondents stated they would pay more for a car if they knew it offered more secure software than a competitor
  • 58% said they would pay more for Internet of Thing (IoT) devices if they offered built in security
  • On average, 20% of respondents said they would pay up to 10% more for any product for the piece of mind knowing it was more secure
  • 36% of respondents claim to have no knowledge whatsoever of any industry standards or security certifications when it comes to data security

Results from study: https://www.blackberry.com/content/dam/blackberry-com/media-gallery/pdf/Consumers-Dont-Trust-Connected-Devices-to-Keep-Data-Safe-and-Secure.pdf

Browse Through The Release:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/Consumers-Dont-Trust-Connected-Devices-to-Keep-Data-Safe-and-Secure.pdf”%5D

Industrial Control Systems (ICS) & The Industrial Internet of Things (IIoT) are Increasingly Being Targeted by State Actors

According to a new report published by CyberX this week, entitled the ” 2019 Global ICS & IIoT Risk Report,” hackers and malicious state actors are increasingly targeting Industrial Control Systems (ICS) and the Industrial Internet of Things (IIoT) all across the globe. To gather data and asses the risks posed to several of the world’s most vital industrial sectors, including manufacturing, pharmaceutical, Energy/Utilities and Natural Gas, CyberX studied the inner working of 850 Industrial Control Systems on 6 continents, as well as the types of attacks being launches against them throughout 2017 – 2018. In this sense, the data obtained presented researches with a sense of what to come for these industries/sectors in the years(s) to follow, and what these industries need to focus on to secure themselves in the future.

While the data showed that industrial and critical infrastructure organizations have improved their security measures recently, major gaps still exist across several key areas. For example, here are some of the key takeaways highlights by Cyberx‘s Executive Summary of their full research project- the full research report has been obtained by Rogue Security Labs, featured below.

  • 40% of industrial sites have at least one direct connection to the internet
  • 53% of industrial sites have outdated Windows systems like XP
  • 69% have plain-text passwords traversing the network
  • 57% of sites are still not running anti-virus protections that update signatures automatically
  • 16% of sites have at least one Wireless Access Point
  • 84% of sites have at least one remotely accessible device

Of the 4 major industrial hubs, in order of least secured to most secured heading into the future, at the present moment in time the most vulnerable industries are Manufacturing and Pharmaceutical, followed by Energy/Utilities and Natural Gas. CyberX developed a risk score ranking these industries in several areas based on the categories listed above. In their analysis here are the rankings for each industry.

  • Manufacturing 67%
  • Pharmaceutical & Chemicals 68%
  • Energy & Utilities 79%
  • Natural Gas 81%

Full Report from CyberX:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2018/10/CyberX-Global-ICS-2F-IIoT-Risk-Report.pdf” title=”CyberX Global ICS IIoT Risk Report”]

Internet Router Security

This next bit is a little more “involved,” but it is pretty straight forward and something that almost no one in society seems to practice for some reason. You might be surprised to know that your internet router is completely unsecured straight from the company/manufacture, and the user name and password needed to physically access the routers settings is usually uniform. For example, here is the username and password for nearly every Comcast issued internet router, one of the US’s largest internet service providers.

User Name: admin
Password: password

As you can imagine, this is not exactly rocket science for anyone to figure out or crack, so you are going to want to encrypt your individual internet router by setting up your own password for it. You can find your routers unique IP Address by opening cmd and typing in “ipconfig/all” – then looking under “default gateway.” Next you are simply going to want to open your web browser and type in that number/IP Address into the URL and press enter, where you will be prompted to sign into your routers log in page. If you do not already know this information beforehand, you can find your routers default log in credentials by simply entering a Google search for it or calling your internet service provider.

Highlighting just how much of a priority router security should be for you, the fact that your routers login is publicly listed on the internet and the login is the same for every customer should tell you all that you need to know. Moreover, despite what your ISP might ask of you, this is also why you should never use your personal router as a free and public hotspot. For example, if you are using your router as a hot spot and have not changed your default login credentials first, then theoretically any person using that hotspot could access and corrupt your router using the same information I just provided above – it’s literally that easy. This includes gaining access to information like the IP Address of any/all devices which has ever connected to the internet through that router.

With that out of the way, once you have logged in and are messing around with your routers settings, you can do things like set up a new password for it, white-list selected devices allowed to access and strengthen the routers firewall. Another advanced security tip is to disable your router from publicly broadcasting your internet signal. To do this, simply have a look under settings and disable the “SSID broadcast” feature.

To understand why this is important, have you ever clicked on your devices Wi-Fi button to see all of the available networks in range around you – particularly in a large urban area? Unless you live way out in the country, in addition to your own, I ‘m sure you are used to seeing all of your neighbors wi-fi connections. Disabling the SSID broadcast feature on your router will prevent your network from being picked up by everyone else in your neighborhood, keeping your connection hidden, secret and more secure. After-all, if no one knows your network connection is out there then no one is going to be looking to mess around with or exploit it.

Now that you know all of this information, you might also want to start warning all of your neighbors/friends now too 😉