• [object Object]@lemmy.ca
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    12 hours ago

    Secure communication/networking on windows or macOS is just bad opsec.

    They both have hidden certs, and non VPN activity that can be trivially correlated back to you, especially if you have OS services (can see and bypass your VPN) mixed with something like iCloud (goes over VPN).

    All iDevices have a unique ID, which is hidden from apps only if you turn on tracking prevention. I don’t know the situation with Windows, I assume it’s just as bad or worse.

    If I were a hacker I would be using something like a customized Sway DE and a stripped back distribo.

    Also worth nothing: on macOS EVERY binary you run gets fingerprinted and sent to Apple. Again, I don’t know that Windows does this, but I’d assume it’s the same. It’s for security — probably not your security though.

    —-

    ETA: the Hack the Planet chain included is hilarious lol.

    But what script kiddy shit is using ngrok to tunnel on the servers?

    1. Ngrok stores logs. They’re not a hacking tool, they’re going to log and comply.
    2. Did they install the Microsoft Store version!?! I can’t tell if the app told ngrok the GUID or ngrok shared the networking events and Microsoft had that all logged to the GUID
    3. They put a ton of trust in their VPN, which stores logs.
    4. They left a massive trail of breadcrumbs here. Reused Gmail account, reused phone numbers, reused proxy server.

    I’m surprised that the install of ngrok on the servers didn’t immediately set off alarms before they even got to exfiltrating data. But with PAAS and containers, I’m not shocked.

    Maybe I shouldn’t write this comment for fear it’ll be construed as encouraging hackers, that’s not my goal. I am not a hacker, I’ve never hacked anything. I just find this shockingly stupid, but I suppose they are young.

    If I were a criminal I would probably also avoid posting diamond crusted jewellery and wads of cash online.

    I am surprised how much of your network logs Microsoft keeps around. That’s insane they were able to link the GUID to both ngrok and the hotel.