02 May White Hat Hacking: Doing Wrong to Do Right
Over a month ago, Triton Technologies was given a challenge.
The challenge was simple: break our wireless network and you have our security contract. Sounds great in theory, but in reality white hat hacking is a quite complex method and time-consuming.
Security Penetration: Break Their Wireless Network
We had been trying to acquire this company for years and we knew their shortcomings, insecurity and data protection management. So we set out to do what we’ve been asked to do, break their wireless network.
So in order to protect something, you need to know what weapons your enemy is going to use. If you don’t know, you can’t protect against it and the battle is lost.
Here’s What We Did
Step 1. We acquired multiple Raspberry Pi 3 minicomputers with dedicated external wireless antennas. We installed Kali Linux and Aircrack-ng and linked them all through a cellular VPN to our Amazon cluster.
Step 2. Over a period of days, we captured thousands of packets that were transmitted by or their wireless access points. Utilizing known methods of breach and capture, we captured gigabytes of usable data.
Step 3. Utilizing our Amazon cluster of dedicated CPUs, we uploaded our packet capture data and began to crunch the code to retrieve the wireless information.
Step 4. And we waited. And waited.
We came in over a long holiday weekend and found that the cracking utility found the password. So we drove out to the client, them unaware and we locked into their wireless network gaining access to their entire infrastructure.
A few days later we had a meeting with the client, presented our findings, and they have changed to us their managed IT services.
The Need for White Hat Hacking
What we did was known as white hat hacking, utilizing known methods of security penetration in a controlled environment to prevent any kind of serious breach in the future. This is extremely encouraged by our clients in order to test their defenses and test the reliability and dependability of their hardware and services.
Only Strong As The Weakest Security
Over a period of a few days, we discovered a lazy password methodology, unpatched systems, and that the firmware for the wireless access points was never upgraded beyond their defaults, all making their defeat easier than expected. It also reinforces the fact of having complex and long passwords within systems. You cannot control such as wireless access points or cellular devices. We cannot harp enough that complexity will help in security.
We replaced their wireless access points with ubiquity and are now monitoring their entire infrastructure on a minute by minute basis. Contact us to learn the weakness in your current system and what we can do to help.