Add1son's Blog

A place for pondering, planning and projects

Distributed social networking using old protocols

We live in a very interesting time, a time in which we have access to more information than ever and the ability to broadcast a message or information to more people than ever. This comes with a laundry list of pros but something that has always been confusing to me has been that the web is designed to be decentralized and fault tolerant but even by this design people flock to the same platforms in order to broadcast a message or information.

Websites like Twitter, Youtube and Facebook are now constantly being criticized by more and more people as being “full of censorship” and “injustice”. Whether or not these claims hold any merit isn’t really what I spend time thinking about but instead why don’t these people migrate platforms or create their own platform? For $5 you can have a VPS instance up and running with free software (free as in speech and free as in beer) within 10-15 minutes. Using RSS with this a person could setup a “feed” of sorts a lot like Twitter or Facebook but instead of having to worry about algorithms modifying what you are looking at as well as being experimented on in secret. A plain feed would come out of this that could be chronological in nature or otherwise as denoted by the user. The power in this case is given back to the people who run their own content producing websites that they can advertise directly to potential advertisers or accept donations on with something decentralized like Bitcoin and BOOM you are off to the races.

One could ponder something here like technical literacy making this a high barrier to entry but I remain optimistic that once people are tired of getting their rights stepped on by private companies, they will have no other choice. I remain optimistic in hopes that this decentralized communication model is utilized and taken in stride by the masses, until then I am stuck utilizing multiple platforms for multiple types of communication instead of just using my web server for everything. On the off chance that isn’t the most “first world problem”, I don’t know what is.

Threat model analysis: inmates with homebrew equipment

One of the first headlines that came across my feed today read as the title of this post does, “Investigation finds inmates built computers and hid them in prison ceiling”. Archive.org Link

Immediately after reading this the following thoughts went through my head

  1. How could IT be so unaware of these ethernet lines running directly into their own networking infrastructure?
  2. How did they get caught?

    The answer to the 1st question is easily found when looking at the photo used in the article to describe the state of the cabinets that housed what I can only assume to be the core network switches that looked like a rats nest of copper cable.The second question however is somewhat answered in the article itself, It states “Authorities say they were first tipped off to a possible problem in July, when their computer network support team got an alert that a computer “exceeded a daily internet usage threshold.” When they checked the login being used, they discovered an employee’s credentials were being used on days he wasn’t scheduled to work.”Very interesting that this would be the only alert that would pop for this type of an intrusion. This lead to the thought of “well they must not have had access to that type of information that would allow them to spoof their employee credentials based off of who was scheduled to work?”

    The article goes on to say that “The Ohio Inspector General says investigators found an inmate used the computers to steal the identity of another inmate, and then submit credit card applications, and commit tax fraud. They also found inmates used the computers to create security clearance passes that gave them access to restricted areas.”

    In my mind this means that if these inmates had access to the internet why didn’t they just learn to figure out how to check the employee schedule or at least scribble down on hand what people they saw working and correlate their logins as such. Given the fact that they were using an employee login, we can only assume that this required a password auth as it wouldn’t make sense for a login prompt to just allow you to identify as any user without verifying that you are that user. This means that at some point they had to of acquired the credentials of an employee and used those credentials to login to access the internet. Even just monitoring the patterns of use should have tipped off the network administrators to this long before noting that an off the clock employee was using the system. Another idea would be to limit access to correlate to times worked which would be a strange arbitrary change to implement but could be easy if the time card / scheduling service was able to export a .csv.

This type of negligence is just incredible to see especially on a network that is dealing with something as potentially dangerous as fugitives getting access to SCADA systems or lock / unlocking doors via a web console.

The article goes into detail speaking of the idea that “lax security” allowed the inmates to get the computer equipment to their respective cells. Computers aren’t getting any larger and with a platform such as the Raspi or the Raspi Zero the profile of these things are going to continue to dwindle down until you may not be able to stop them from being transferred in and out of a facility. This means that network security should be an even higher concern and proper IPS / IDS implementation will be needed along with vlan integration and other network security practices in order to keep the network safe. Hell even then, what if your inmates start building a meshnet in which they communicate with decentralized technology, what then? It just reminds me that we truly ain’t seen nothing yet.

Edit: After finding an additional article they uploaded a full .pdf of the report which is most likely what got this news coverage.