Read through the whole assignment and review the videos of lab 3 to help you with the digital forensics completion question.
You can complete this assignment using your own computer or a lab computer, the only software required is Wireshark.
Review how the assignment is structured and also how it is marked.
You cannot get marks for only stating an answer, you need to explain your reasoning and for some parts such as Wireshark include screenshots so we can tell that you have carried out the work yourself. We often provide as many marks for how you arrive at an answer as much as the answer itself!
To Submit
Use the provided template for written answers and submit as PDF.
Remember to submit your files. When you have submitted them, check that you can read the files listed on the submission page, and complete the submission process.
Structure of the Assignment
This assignment has Core, Completion, and Challenge parts.
Tutors will provide help for the core and completion but you should talk to Harith for broad hints regarding the challenges.
Core
Password strength
Investigate the the following password strength meters:
For each site, you should check the following passwords (based upon the 10,000 most common passwords):
123456
qwerty123
ncc1071
!@#$%^&*
understandingbydivisionspite
1a. Record the strength of each password according the measure provided by the site (Password strength checker gives a strength score, How secure is my password gives an estimate of how long it would take to brute force the password and Password meter gives a complexity score).
1b. Consider each password strength meter individually, what was the strongest password according to each one? Hint: You should observe that they do not all agree.
1c. Record the number of times that each of those passwords has been used before according to this useful website https://haveibeenpwned.com/Passwords.
1d. Based upon the information gathered while answering the above questions, which password would you choose to use and why to minimise the chance of an attacker either guessing it or brute forcing it?
1e. We chose these password strength meters carefully but there is always a chance that when you enter a password that it will be recorded.
Briefly discuss what the risk is to you of a website that does this and compare the approach used by Password strength checker and Have I been pwned to trying to minimise the risk to you presented by these sites.
Vishing attack
In the lecture on social engineering, you watched a video where a social engineering expert demonstrates how she can get access to a journalist’s cell phone account over the phone (vishing), manipulating the customer service agent’s attention with distractions and appeals to urgency.
Watch the video again and answer the following questions.
2a. Why would someone do this? What could they do with the information?
2b. What potential consequences can you think of for the person who got hacked?
2c. What exactly is the “hack” here?
2d. What technical knowledge or tools did the hacker use? Note: the hacker uses a tool to spoof the number she’s calling from. Name a couple of such tools that you can find on the Internet
2e. What non-technical knowledge and skills did the hacker use?
2f. What did she do to reduce the customer service agent’s likelihood of being cautious? Their ability to think clearly?
2g. How did she make use of social norms and/or stereotypes?
2h. Can you think of any security measures or procedures that could have prevented this hack from succeeding?
2i. What would you advise Verizon to do?
Digital Forensics
You are working in a security operations centre (SOC) and have been asked to analyse a packet capture for an employee who is being investigated. Use Wireshark to do the analysis and remember to use screenshots to document your answers.
The pcap file is found in assignment2.zip.
Here is the Wireshark official documentation chapter on working with captured packets - https://www.wireshark.org/docs/wsug_html_chunked/ChapterWork.html.
PLEASE INCLUDE EASY TO READ SCREENSHOTS AND EXPLAIN WHY YOU HAVE INCLUDED THEM AND WHAT THEY SHOW 3a. They attempted to access a FTP server "sol genomics network", what username and password did they use?
3b. What was the domain name being looked up by the user in packet 50129?
3c. What is the MAC address associated with the user's computer? (Hint - their IP address is 192.168.1.107).
3d. What is the domain name of the web server that hosts the file cuckoos-egg-160.jpg?
3e. Extract cuckoos-egg-160.jpg and paste it into your answer document.
Completion
Online Marketplace Purchases
On December 5, 2012, the US Attorney for the Eastern District of New York announced the arrests of six Romanian and one Albanian national for defrauding US customers on popular Internet marketplaces such as eBay, AutoTrader.com, and Cars.com. The arrests involved co-operation among law enforcement agencies in Romania, Czech Republic, United Kingdom, Canada, and the United States.
The fraudsters posted detailed ads for expensive items such as cars and boats on the popular online markets though none of the posted items actually existed. They used co-conspirators called "arrows" in the United States to open bank accounts using high-quality fake passports. These arrows responded to enquiries from potential buyers and collected payments.
Payments from unsuspecting victims were transferred out of the United States by the arrows as cash or wire transfers. In one case, \$18,000 in cash was mailed out of the US inside audio speakers. In another case, money was used to buy an expensive watch, which was then mailed to the fraudsters. The total estimated earnings of the gang was \$3 million.
Read this article to help you answer the following questions.
4a. Outline the steps taken by the fraudsters to make the advertisements and car dealers appear legitimate to the potential buyers?
4b. Explain why the effectiveness of this fraud could be explained in terms of the affect heuristic and pre-texting. Think about who and what is being targeted in each of these two cases as well as what are the fraudsters trying to achieve?
4c. Based on this incident, what precautions (MULTIPLE, e.g, 2-3) would you recommend to a friend contemplating the purchase of an expensive item online? For each, explain how the precaution might have prevented the success of the fraud?
Analog to Digital
Choose a scam from one of these scams and read this article on the principles of persuasion as discussed in Robert Ciadini's book.
This is an infographic version of the main points:
An excellent answer might provide more detail on how the targets are found with reference to actual websites, an explanation of what principles of persuasion apply, an explanation of how it makes use or applies any techniques such as quid-pro-quo and the level of description.
5a. What scam did you choose and what aspect(s) of human behaviour are being exploited by this scam? You can answer in terms of Cialdini’s principles of influence and the lectures on psychological aspects of why people will do certain things.
5b. How could this scam be adapted to use digital resources? Write down a description of your digital version. Feel free to include pictures or other information to help the markers how you would encourage people to believe your digital scam.
5c. If you’re basing your description on a real digital scam that you’ve seen in the past, explain its relationship to the analog scam.
5d. What changes or additions are needed for this scam to move into the digital age? If your answer is “None”, explain why no changes are needed.
5e. How do the properties of the Internet, for example the possibility for instantaneous communication, play into the digital version of the scam? How do they make it more or less difficult to pull off than the analog version?
5f. Do you think the digital version or the analog version of the scam is more likely to be effective? Why?
Challenge
Secure messaging
Research the documentation and articles describing these three secure messaging tools: telegram; signal; and, snapchat.
Make sure that you provide the source of your answers, i.e. references to documentation, news articles or other sources.
6a. For each, research whether the messages are encrypted. In particular, what are the algorithms used for encryption? What are the size of the keys? Is it per conversation or per user?
6b. For each, consider how keys are managed. In particular, I might start up a conversation with an unknown person. How do I trust the key that they using? Is there a mechanism to establish trust provided by the messaging service?
6c. How do you know whether the tools do not include backdoors or trojans. For each, explain whether you can verify that the code can be trusted?
Password File Woes
Carol, your fellow hacker liber8 has successfully obtained the password file from evilcorp incorporated and sent it to you over the interwebs. Multiple encryption schemes, including symmetric and asymmetric methods, were used during the encryption phase to ensure that only you, i.e., Carol, can reveal the content. Furthermore, the message is signed to ensure that the content has not been altered.
The admin loves to use easy to remember passwords and it is useful to know that the password file stores passwords as MD5 hashes.
Libr8 has encrypted the file using the Blowfish algorithm in CBC mode and the password is a commonly chosen one. Furthermore, the file was encrypted in 2018 and Libr8's favourite movie is Mirrors.
Required files (found in assignment2.zip):
Carol’s private key (carol.asc).
Libr8’s public key (libr8.asc).
Password file (passwd.bf.enc.asc)
PLEASE INCLUDE EASY TO READ SCREENSHOTS AND EXPLAIN WHY YOU HAVE INCLUDED THEM AND WHAT THEY SHOWHints:
Use assignment2 as a password to import Carol's private key.
There are several websites for cracking MD5 but most of them cannot be accessed on campus.
7a. What is the password used by Libr8, what was your process for discovering it? What guesses did you try and discard?
7b. What is the admin password contained within the stolen password file, what was your process for discovering it?
Due 28 May 23:59
1a. Record the strength of each password according the measure provided by the site (Password strength checker gives a strength score, How secure is my password gives an estimate of how long it would take to brute force the password and Password meter gives a complexity score).
An excellent answer might provide more detail on how the targets are found with reference to actual websites, an explanation of what principles of persuasion apply, an explanation of how it makes use or applies any techniques such as quid-pro-quo and the level of description.