Cyber Criminals Selling Video-Teleconferencing Credentials On The Dark Web — Including 2,300 Usernames And Passwords From Zoom Video; Camera And Microphone/Eavesdropping Is Occurring — China May Combine Info With Purloined OPM Breach Material

Cyber Criminals Selling Video-Teleconferencing Credentials On The Dark Web — Including 2,300 Usernames And Passwords From Zoom Video; Camera And Microphone/Eavesdropping Is Occurring — China May Combine Info With Purloined OPM Breach Material
 
     Last week, I wrote an article posted to this blog about the vulnerabilities of video teleconferencing darling — Zoom Video. Robert Lemos posted an April 13, 2020 article to the cyber security and technology blog — DarkReading.com — noting that cyber criminals are taking advantage in the explosion in the use of video teleconferencing and are having a field day. Mr. Lemos writes that “in one case, a cyber criminal posted a data base on the Dark Web, containing more than 2,300 usernames and passwords from Zoom Video,” accroding to the firm, InSights. InSights warned “the credentials could be used for denial-of-service (DoS) attacks, and pranks such as Zoom ‘bombing,’ as well as potentially for eavesdropping (microphone and camera) and social engineering,” said Etay Maor, Chief Security Officer for the global threat intelligence firm, Insights.
     “If the attacker can identify the person whose account he has taken over — and that doesn’t take much time, just use Google and LinkedIn — then the attacker can potentially impersonate that person, and set up meetings with other company employees,” Maor warns. “This can be used for business email  compromise (BEC) type of attacks, where the attacker can impersonate someone in the company, and ask to move money. It can also lead to asking people to share files and credentials over Zoom chat.”
     “In a second incident,” Mr. Menos writes, “a cyber criminal posted more than 350 Zoom account credentials to an online forum, with several belonging to educational institutions and small businesses, and at least one healthcare firm.” “The intent of the publication was to allow pranksters and vandals to disrupt video teleconferencing calls,” according to the security intelligence firm, Sixgill.
     “Last October, vulnerability researchers discovered a software bug in both Zoom and Cisco’s WebEx applications for video teleconferences that could allow attackers to scan for unprotected conference calls, and join them — if the meeting was not password protected,” Mr. Menos wrote. “Using a type of attack called enumeration, an automated bot could cycle through potential meeting IDs, and find other unprotected video teleconference calls. While both Zoom and Cisco patched the issue,” other vulnerabilities remain.
     The publication, Motherboard reported last week that “one hacker, interviewed by Motherboard, claimed to have traded exploits/flaws found in Zoom on the black market for between $5000-$30,000 — a relatively low sum compared to other [similar] bugs that compromise web browsers like Chrome, or operating systems like iOS or Android.”
     The rapid shift to remote working is significantly expanding the attack space for hackers; and not suprisingly, they are taking advantage of this target-rich environment.  A whole new genre of artificially-enhanced malware is empowering even novice hackers to masquerade as a legitimate employee or senior company official in what appears to be a legitimate email. With everyone working from home — there are no quick trips down the hall to verify that the email was indeed sent by a colleague or boss. AI-enhanced malware which is easily obtainable on the Dark Web, is greatly aiding a malicious hacker to practice the art of denial and deception, with malware that hides when it senses it is under surveillance, as well as malware that changes its character and signature patterns.
      I am not singling out Zoom, but the idea that they have strong enough cyber security protocols and procedures just doesn’t past muster. As noted cyber security guru Bruce Schneier wrote on his blog: SchneierOnSecurity, “Zoom’s security is at best sloppy; and malicious at worst.” In an April 3, 2020 blog post, “Security And Privacy Implications Of Zoom,” Mr. Schneier noted, according to the Motherboard report: “Zoom’s iPhone app was sending user data to Facebook, even if the user didn’t have a Facebook account. Zoom subsequently removed the feature; but, it’s response should worry you about its sloppy coding practices in general. This wasn’t the first time Zoom was sloppy with security,” Mr. Schneier warns. “Last year, a researcher discovered that a vulnerability in the Mac Zoom client, allowed any malicious website to enable the [victim’s] digital camera without permission.” Then earlier this year, it was discovered that Zoom for Windows can be used to steal a users Windows credentials, Mr, Schneier added.
     And perhaps even more worrisome, “Zoom’s encryption is awful,” Mr. Schneier warns. “First, the company claims to provide end-to-end encryption; but, it doesn’t. It only provides link encryption, which means everythng is unencrypted on the company’s servers.” When confronted about the issue, a Zoom spokesperson wrote: “Currently, it’s not possible to offer/enable end-to-end (E2E) encryption for Zoom video meetings.” And the type of encryption software that the company utilizes is weak and leaves a lot to be desired. “Zoom documentation claims that the app uses “AES 256” encryption where possible. But as Mr. Schneier notes, “we found that in each Zoom meeting, a single AES 128 key is used in the ECB mode by all participants to encrypt and decrypt audio and video. The use of the ECB is not recommended, because patterns in the plaintext are preserved during encryption. The AES 128 keys, which Citizen Lab verified, are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting — through servers in China — even when all meeting participants, and the Zoom’s subscriber’s company is outside of China.”  
     Mr. Schneier wrote: “I am okay with AES 128, but using ECB (electronic codebook) mode indicates that there is no one at the company that knows anything about cryptography. And, that China connection is worrisome.” You bet it is. There is little doubt that China has slipped some backfdoors into the Zoon network or its linkages.
     If you put the enormous OPM breach of a few years ago — which exposed the personal information of millions of Federal employee’s — especially those who held Top Secret clearances — then Zoom becomes even more worrisome, My personal doctor’s office called yesterday to set up a Zoom appointment with me to go over any medications or medical issues I needed to discuss not COVID-19 related, and suggested we coduct this conversation via Zoom — and, that I needed to download the app in advance. I declined and opted instead for a phone call. The point is, if China already has the personal information on Federal employee’s who hold Top Secret clearances — they can use technology like Zoom to gather additional, personal medical information that could be embarrassing or place the individual in a compromising position.  RCP, fortunascorner.com

19 comments

  1. fabianno · · Reply

    Your site is very nice, i have bookmarked it.

  2. Very good website you have here but I was wondering if you knew of any discussion boards that cover the same topics discussed here? I’d really love to be a part of group where I can get feed-back from other knowledgeable people that share the same interest. If you have any recommendations, please let me know. Thanks!|

  3. Hello! Do you know if they make any plugins to assist with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very good results. If you know of any please share. Appreciate it!|

  4. What a material of un-ambiguity and preserveness of precious knowledge about unpredicted emotions.|

  5. Hurrah! At last I got a website from where I be capable of actually obtain valuable facts concerning my study and knowledge.|

  6. Very nice post. I simply stumbled upon your weblog and wished to say that I’ve really loved browsing your blog posts. In any case I will be subscribing on your feed and I am hoping you write again very soon!|

  7. If you are going for finest contents like myself, just pay a quick visit this web page daily because it provides feature contents, thanks|

  8. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something enlightening to read?|

  9. Hi! I could have sworn I’ve been to this site before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be bookmarking and checking back often!|

  10. You need to be a part of a contest for one of the best websites on the internet. I will highly recommend this blog!|

  11. I’m extremely impressed along with your writing skills as well as with the format to your blog. Is this a paid subject matter or did you modify it yourself? Anyway stay up the excellent quality writing, it’s uncommon to look a great weblog like this one these days..|

  12. Excellent blog post. I definitely appreciate this website. Keep writing!|

  13. I pay a visit daily a few websites and information sites to read articles, except this webpage provides quality based content.|

  14. Incredible points. Great arguments. Keep up the good effort.|

  15. What’s up, I wish for to subscribe for this website to obtain latest updates, therefore where can i do it please help out.|

  16. you are actually a just right webmaster. The website loading velocity is amazing. It sort of feels that you’re doing any distinctive trick. Also, The contents are masterpiece. you have performed a great process on this subject!|

  17. I’m impressed, I must say. Rarely do I encounter a blog that’s both educative and amusing, and let me tell you, you have hit the nail on the head. The issue is an issue that too few folks are speaking intelligently about. I’m very happy that I came across this during my search for something relating to this.|

  18. Nice blog here! Also your website loads up very fast! What host are you using? Can I get your affiliate link to your host? I wish my website loaded up as fast as yours lol|

  19. Howdy would you mind stating which blog platform you’re working with?
    I’m going to start my own blog in the near future but
    I’m having a hard time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your design seems different then most blogs and I’m looking for something completely unique.
    P.S My apologies for being off-topic but I had to ask!

Leave a Reply

Your email address will not be published. Required fields are marked *