Technology – jozefmares.com
Home Technology
Category:

Technology

This category covers my technology notes.

Seems like ransomware is getting traction, since I was asked for 3 times last week my opinion on the topic. 

What is going on with ransomware, how to deal with it and is it going away? Short answer – no. Here is why.

It is business thing

First time founders think having awesome product is the most important thing to succeed. Once they will mature a little bit, they will find out marketing and distribution is real deal. 

10 years ago, it was pretty popular to extort ecommerce and content companies with DDoS attacks. I personally had “pleasure” to deal with this issue for 3 times. Two times we were able blackhole DDoS traffic and implement what we called hillbilly CDN, once customer decided to pay. 

Let’s take a look on a problem from business perspective. Using DDoS as product, you have to act in real-time to create pressure, have to solve payment infrastructure (anyone remembers eGold or payment in vouchers?). Scaling was hard as your DDoS infrastructure has only certain capacity. DDoS capacity was changing very fast as your hacked machines were subject of interest for other groups. This business didn’t scale well and distribution was hard.

Since extortion is multination technological industry with agile transformation (like shady Amazon) need for transformation was here. Payment infrastructure (part of the distribution problem) was solved by BTC. Side note – BTC is not anonymous and seems like it is not problem. Product was here – encryption malware and this product compared to DDoS scales very well (e.g. when you have 1000 victims in pipeline your cost for service is not growing linearly). Early versions of most of the ransomware had issues (remember it is agile industry) with weak encryption algorithms, stored keys in memory etc. Probably normal developer thing – not invented here, I will make my own cipher suite. This was eliminated by using industry standards encryption algorithms. 

Product-market fit was easy. Encrypt and extort. There is churn (e.g. 40% will not pay as they have backups, 20% will not pay as they do not have resources – you can provide discounts) – you get the idea. 

I mentioned it is agile industry and here is the thing – you need faster distribution (bigger pipeline for your churn) and for last two years I saw multiple times offers like this: introduce our ransomware to your corporate environment and get 30% of profits (business thing – commission based model). Another model – start your own ransomware with our platform. We will handle payments and create ransomware packages you will take care about support and find victims (franchise/sometimes MLM model).

You can see – ransomware is really just a business. You have customer support, development, finance people etc. and probably even some board meetings. :)

To conclude – there is great product-market fit, profits are here and most of the businesses can’t compete with agile tech industry (see newspapers vs Facebook, local shops vs Amazon).

It is political problem

If there are countries which supports ransomware gangs, provide legal infrastructure (or decide not enforcing law) and even profit from ransomware (North Korea, Russian intelligence units) situation is not going to change. It is relatively harmless to profit from ransomware, there is not going to be military action as response to ransomware attack (so far, in future this will change) and investigation is taking long time. Worst case scenario – you will play diplomacy card. Cost/benefit analysis is speaking for ransomware.

It is technical problem

Technological landscape in average household and organization is getting more complex every year. Just think how many new devices you got in last two years. For corporations it is worse. Cloud has removed perimeter and remote work moved security boundaries to homes of your employees. Shadow IT is omnipresent – it is not just people will bring their own cell phones. Your data are in various services like dashboard, note-taking apps etc. All these things are creating super-complex landscape. 

And cybersecurity is constantly failing. Why is cybersecurity failing – that’s topic for another time. Long story short – cybersecurity does not scale well and immediate response is always more compliance and rules instead of root cause analysis. 

Lot of cybersecurity problems can be solved by proper hygiene and it is where almost every company is failing – assets management, monitoring and incident response. At least at 50% of organizations I speak with is saying what kind of countermeasures they are doing, what tools they are buying. Rarely I can hear incident response, resilience and reliability and continuity planning. It is almost like most of the people do not plan for failure and act surprised when incident happens.

Why ransomware getting traction now?

1.     Ransomware is commodity and requirements for entering business are low – almost no technical skill required. 

2.     Complexity of landscape is increasing (read more things to attack and more ways how to get access) every year which helps fill extortion pipeline.

3.     Little readiness for incident – no backups, no incident handling planning, zero focus on resilience.

What’s next?

More ransomware of course. Difference is, this is going to be more present for industrial organizations. How many manufactures are not going to pay ransom if they must deliver just-in-time? When ransomware will hit targets like Colonial pipeline or other critical infrastructure how probable is they will not pay extortion? I heard few times things are going to change, there will be legislation and new regulations. Might be but that is what we have been doing for last 20 years. Are we more secure?

If you are not planning for incident buy some BTC, there is good conversion rate these days.

Having two machines for work has a lot of advantages but there are few disadvantages. I have covered file synchronisation issue in my previous post.

Today issue is sharing screen – e.g. I hate two separate sets of input devices. Solutions is called Synergy and I am using this project for years. Yet, even developers and admins who work with separate (not virtual) machines on their physical desktops do not know this beautiful piece of software. Time to change this!

Synergy basically works this way: one computer acts as a server (this is the computer with main input device – keyboard and mouse for example). Clients connects to this server which have stored configuration with physical position of clients. One picture worth thousand words, check this (image courtesy of Synergy project):synergy scheme

 

My setup is based on Fedora box with two screens in the middle and right (second screen) and OS X box on the left. I’m using pretty basic setup (no special Synergy hacks) and server configuration file looks like this:

section: screens
fedora_box:
os_x_box:
alt = meta
meta = alt
end

section: links
fedora_box:
left = os_x_box
os_x_box:
right = fedora_box
end

Name this file .synergy.conf and run Synergy to check if it works:

synergys -f

I would like to mention only one speciality compared to “extremely basic setup” and it is:

alt = meta
meta = alt

This configuration options are switching meta (win) key on IBM keyboard with alt key. I have this setup because Mac keyboard I’m using all day when I’m away from my home office has CMD key left of space followed by alt key from right to left. This way I’m not making typos in keyboard shortcuts. Productivity on!

You can download on project page binaries for your favourite distributions and OS X. Be careful – version in Fedora 18 repositories is 1.3.X and version downloaded from project page will be likely 1.4.X – server will return error about incompatible client.

Finally you should automate somehow startup of binaries but way how to achieve is up to you. I have server always started (binary started after Gnome 3 startup) and on OS X box I’m starting binary on demand. In future post I might write how to start applications and change network profile on OS X based on location.

My workflow is based on using OS X and Fedora together. I’m using OS X for business work and Fedora for actual work. This post is about a way which I use to keep my files in sync, post about my workflow might come later.

I tested a few solutions like rsync and manual copying (really, this was bad idea :) ). I’m not able to keep my files in sync manually thus i need to automate. To automate is good idea even if you are capable to keep files in sync – automation makes (at least me) things go smooth.

So I decided to go Unison way. Unison is beautiful piece of software written by Benjamin C. Pierce in pretty cool programming language – OCaml.

I have few machines always on on Internet so I can use start topology which has few advantages over direct synchronisation. One of the greatest (for me) is that central server for Unison is available over SSH (password-less login) and central server is in my office where I’m rarely but when I’m in office i always want some of my files which is few hundred kilometres from me.

So let’s assume we have two machines (clients) and one server. One machine is called NTB-1, second is DESKTOP-1 and server is called SERVER-1.

In this part I should mention that Unison is extremely sensitive to own version. You must have available exact same version on every synchronised machine (at least i would not try doing job without it). Fedora 18 has Unison 2.4 default version, you can get this version to OS X using homebrew. Server is running Centos 6.3 where Unison 2.4 is also by default (provided by unison package). I’m lucky bastard – this was pain free for me.

Let’s setup first client – NTB-1 running OS X. First we should install Unison:

brew install unison 

Then I created folder for Unison config:

mkdir ~/.unison

Next step is to create configuration file, mine (pretty basic) is looking like this:

# Sync roots
root = /Users/jozef
root = ssh://jozef@vserver-1//home/jozef/TrustedPoint

# What to synchronize
path = Current
path = Documents
path = .ssh
path = .bashrc
path = .vimrc

# What to ignore
ignore = Name *~
ignore = Name .DS_Store
ignore = Name .tmp
ignore = Path .ssh/known_hosts

# Keep backup copy of every file
backuplocation = central
backup = Name *
backupprefix = $VERSION.
backupsuffix =

# Log actions
logfile = /Users/jozef/.unison/sync.log

On Fedora box i created config directory:

mkdir ~/.unison

On Fedora box config file look like this:

# Sync roots
root = /home/jozef
root = ssh://jozef@server-1//home/jozef/TrustedPoint

# What to synchronize
path = Current
path = Documents
path = .ssh
path = .bashrc
path = .vimrc

# What to ignore
ignore = Name *~
ignore = Name *.swp
ignore = Name .tmp
ignore = Path .ssh/known_hosts

# Keep backup copy of every file
backuplocation = central
backup = Name *
backupprefix = $VERSION.
backupsuffix =

# Log actions
logfile = /home/jozef/.unison/sync.log

You should adjust at least sync roots and what to synchronize. I would not describing each option as you can find it here.

I would like to especially mention two / after server address and backuplocation option. They are pretty important for me, you might look to manual why. :)

Server setup is pretty easy – just create paths and install Unison:

mkdir ~/TrustedPoint
yum install unison

If you want password-less login you should setup SSH which is beyond scope of this quick how-to. Happy synchronizing and no conflicts.