t3chn0tix

Everything is Broken. How the hackers hack

A Picture will go here

It appears the hackers I wrote a blog about are coming up with new strategies, using a variety of malware and other tactics. One major key is uniting and shape-shifting. I tend to believe multiple individuals are pulling the strings, taunting law enforcement. They are either modifying existing malware or crafting new ones based on the mechanics of others, executing different tactics. It's not a change in the playbook of these gangs; it's just advancement. Their primary targets include all companies, security firms and contractors, Windows, Linux, Apple, Android, VPNs, DNS, ISP, and virtual machines. It has been observed by security firms worldwide that hackers are not only targeting online devices like IoT devices and CCTV cameras but also wireless devices such as keyboards and mice. In some cases, these hackers have been found to extract data from devices that are not even connected to the internet.

Despite the widespread use of wireless keyboards, wired versions remain prevalent globally, especially in business or institutional environments.

When a key is pressed on a wired keyboard, it is converted into a voltage and transmitted to the computer via the cable. These cables are unshielded, allowing the signals to leak into the PC's main power cable. This type of attack is only feasible on PCs that are consistently plugged into the mains. Hackers can use stealer logs, which are viruses that covertly reside on your machine, collecting every detail you type and even say. (I'll get to that)

If you're thinking, "Oh, I'll just get a wireless keyboard," think again. Wireless can be hacked in a few different ways, one of which is Bluetooth. The other is by using radio signals that can retrieve data. This hack requires being closer to the targeted device. Keyboards do come with encryption built into the system so the information sent over the Bluetooth or "radio waves" is encrypted, but not always.
In the past, we have seen encryption being hacked with a Zero Day. The problem lies in the way the encryption is decrypted, so exploiting that wouldn't be hard for a determined person. Don't get me started on all the possibilities when it comes to air gap hacking. Those are so powerful they can take down electrical grids. It can overheat your computer too. It's a lot. (But that's a different topic)

Yes: speakers, cameras, washing machines, TVs, toys... need I go on? Let's not start on medical devices. When I said everything, I meant everything was/is hacked.

Let's talk about Virtual Private Networks for a moment. I have, in another blog, explained how VPNs work. A person's personal computer or device connects to a VPN, typically requiring a specific client to operate. VPN clients establish a connection from the originating Internet Service Provider (ISP). The ISP links the VPN to the internet under a fabricated IP address. Most VPNs are paid services, so they have data about you. Your client also gathers information about your computer, device, or virtual machine (VM) environment. (Don't get me started on how easy it is for a determined person to add code and escape your Virtual Machines). While some offshore VPNs may offer payment with crypto and claim to keep no logs, this can create a false sense of security. Many VPNs declared not to keep logs have disclosed logs to law enforcement in the past. VPNs can serve as gateways for hackers when targeting a victim. VPNs themselves can be vulnerable to hacks, potentially exposing user data and real-time IP addresses. Those free VPNs? Read the TOS. You're the product being sold. There's also a big possibility that these VPNs could contain stealer logs or other viruses and malware upon download on devices.

All this data gets transmitted to the hackers' controlled servers. This process resembles real-time hacking depicted in movies, where the FBI listens and collects information through phones and computers. However, unlike the movies, these hacks don't involve someone sitting outside in a van. These hacking groups are likely based in Eastern Europe, the USA, Germany, South America, and some parts of Asia (possibly the Middle East). I have stressed more than once my belief that some of these hackers are state actors, working for governments to hack and collect data; some even pursue this as a hobby. Others are individuals in need of money and/or clout. They branch off into different sects, including blackmail groups. Their targets include high-profile individuals, people who possess compromising information or are close to others who are the target, including family, friends, and anyone you have called, texted, emailed, or met in real life. The higher the profile, the more eyes on them. These hackers have evolved into something only a sci-fi movie could portray. We can thank AI for this advancement (sarcastically), but I also believe the solution lies in AI.

Tunnelling is used by some hackers to bypass security measures and make traffic appear legitimate by sending data between devices and a control server, much like revolving IP addresses, you can mimic files in a tunnelling attack; you can mimic legitimate processes as well. Those files could change names to trick the eye and virus detection software. The admins and computer defence wouldn't see it. We have seen a rise in tunnelling in 2024, a rise in stealer logs, and a rise in old and new tactics. 2024 has been the year of the hacks.

Stealer logs? Yes, stealer logs. These logs function as digital spies, discreetly capturing sensitive information without awareness. They establish a connection to a control server, enabling remote manipulation and data extraction. With the capability to execute commands at will, these logs transform the victim's device into a puppet. Control servers serve as a place to gather all info and execute commands. These commands can be triggered or set on timers where it just randomly does something. Your online life becomes someone else's puppet. The reason why stealer logs are a big deal is that they are made to run as long as your computer is being used. The intention is to keep your computer running and to steal your entire life.

I will try to be as direct as possible and explain how this new malware operates. The data gathered from these breaches is used to connect to the targeted individuals or companies. Many companies utilize beacons and mesh networks, which can also be compromised. Attackers can infiltrate these networks to conduct further intrusions. Once the malware enters the system, it exploits and releases anything it wants and scatters pieces throughout to collect as much information as possible. Why did AT&T go down? It's running all kinds of mesh networks off the main network. The US government thought it would be a good idea to go mainstream with their communication lines. These hackers have had all kinds of viruses, trojans, malware, etc., on some of these systems for many years. We are just starting to see the execution.

The operation of big control servers implies financial backing, suggesting that nation-state actors and government entities might be involved. It doesn't make sense otherwise. There are many more tactics that they will deploy to get something on your machine, including having you look at a picture. I often wonder if the same kind of process can be done on WebRTC or other VoIP protocols because you are connecting directly. I will research this topic and elaborate more later.

The level of cyber attacks that we have seen in the last few years has significantly grown. From the Law Enforcement Agency to the hackers, all have tricks up their sleeves. I recommend strict monitoring and rewriting systems. I will write about that later as well. The targets? Anyone and anything.