Are you afraid of Hackers? Do you lie restless at night thinking of what might happen if they got into your bank account, facebook profile, or e-mail. Perhaps you’re also worried about that they might hack into a forum you visit, or that they might get into your personal messages on whatsapp.

It’s true that hackers are able to do all of these things, but the public perception of hackers really isn’t quite justified, and this false perception can lead to terrible outcomes.

Take last weeks post about the hacktivist group Anonymous. In it I expanded on the public fear of anonymous and how that didn’t correspond to the actual damage that the group causes. Sometimes all Anonymous does is a DDOS on a public website, that still takes some skill, but far removed from actually infiltrating a server. Yet, most people wouldn’t be able to differentiate a DDOS attack of a website to a compromise of an actual server, and this inability leads then to disproportionately fear hackers, worse still it leads them to lump all security related incidences into a single bucket called “hacked by hackers”.

But Why?

Why are people so afraid of hackers? And why is there a huge discrepancy between what some of these hackers are actually doing and the fear that the average citizen has of them.

I have one theory–ignorance, or more specially tech-illiteracy.

The latest buzz in Malaysian cyberspace is the ’threat’ from Anonymous Malaysia to launch ‘internet warfare’ on the Malaysian government, singling out our poor ol’ Prime Minister, demanding that he step down or face the consequences of Anonymous actions.

The threat of internet warfare even came with a date, 29th to 30th August at 2.30pm, coinciding with Bersih 4.0. You know you’re dealing with a bad-ass when they tell you when the attack is coming, sort of like Muhammad Ali telling his opponents which round he would knock them out in. (down in the 5th)

So I was wondering if I should publish this, but I guess I have to. If you’re one of the 500,000 Unifi subscribers in Malaysia, you need to know that your stock router–is completely hackable. TM has left you literally hanging by your coat-tails with a router that can be hacked as easily as pasting a link. So I was struggling to figure out if I really should have made this post, but in the end I think it’s better for you (and everyone else) to know just how easy it is to Hack Unifi accounts–not so you can hack them, but so that you can take some precautions over the situation.

But first, some caveats–everything I’m showing here is already public knowledge, the only difference is that I’ve culled and aggregated knowledge from different streams to show you just how easy an attacker can circumvent your password protection on your Unifi Dlink DIR-615 router, which is the stock router that comes with Unifi. It’s better for you to know about it than to remain oblivious to possibility that anyone from anywhere in the world, sitting in their room with their pyjamas on, can log onto to your router and start doing some rather nasty stuff.

Second caveat, is that as a result of this, some ‘kiddy-hackers’ may see this post and now be empowered with the means to attack, that’s a risk I’m willing to take to allow for everyone to know about it, so that they can do something about it. Keeping everyone in the dark about vulnerabilities of their routers is not a good thing. Security works better when everyone has access to the same information, this is how security works, and if you don’t agree–well tough luck.

With that said, here’s how you use Shodan, and a well known exploit to hack Unifi. The final exploit which doesn’t require any knowledge of the passwords starts at 4:08

Update 22-Jun: My Apologies: YouTube have removed my video because someone reported it as being inappropriate. I am appealing..I’m not sure what about the video was inappropriate, and I have made no attempt to mis-lead anyone. Stay tuned. I’ve updated the video with a Vimeo upload instead.

Hacking Unifi Dlink routers using Shodan from Keith Rozario on Vimeo.

Details of the hack:

1. To access the password page the appendage is /model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

2. To search for Dlink Routers on Shodan the query is Mathopd/1.5p6 country:MY

I’ve alerted TM to this much earlier, in August 2013 actually, and they promised they’d fix it by the end of the year. To be honest though, I don’t blame them, your router security is your responsibility and not TMs, so I think that TM isn’t doing anything wrong by not doing anything. A user should be responsible for the security of the router, just like how you are responsible for the security of your phone–even if you did get it free from Maxis or Digi. So anyhow, in the absence of any clear action from TM, I’ve taken it upon myself to inform you of the router vulnerability, and here’s hoping you do something to fix it.

As always–stay secure.

To address the issue check out my post on how to prevent this on your Unifi router, click on my post here.

However, I’m here to tell you, that as a Malaysian–you want to hold off your pre-order. Now if you want to buy coin to show-off to your less tech-literate friends, then go ahead, but if you’re buying COIN thinking that it’ll simplify your wallet, you’ll be sadly mistaken.

One of the key reasons always cited to support the Angkasawan program is to promote the understanding of science and maths in Malaysia–unfortunately, the Angkasawan program seems to have a negative effect on our international test scores for science. I wonder why? I’ve made a video on why the angkasawan project was a waste of time, check it out here.

Here’s a quick question–do you have a ‘original’ version of Windows running on your PC or is it pirated?

If you’re like me, then obviously you’ve learnt long ago to only use original versions of software–especially when it’s the operating system of your PC. Of course, I wasn’t always like this, back in my university days, I couldn’t afford the couple hundred dollars it cost to buy an original Windows XP, and hence used a pirated version–my windows installation CD was actually burnt from a pirated CD, I wonder if that made me a pirate of a pirate?

One of the things that puzzled me was that even with my obviously pirated software, I could still download Windows software security updates–something I thought represented Microsofts failure to engineer a way to check on the legitimacy of my software. It wasn’t until much later, that I discovered the true reason for Microsoft seeming benevolence–Microsoft was merely protecting it’s paid customers by providing free updates to the pirates.

Say what now?

It may sound ironic, but one of the best ways for Microsoft to provide security for their paying customer is to ensure that even the pirates receive security patches.

Imagine for a moment if Microsoft didn’t allow patching for pirated Windows, and assume that 20% of the Windows machines on the internet were pirated. What that would mean is that 20% of all PCs on the internet would be vulnerable to each and every Windows vulnerability discovered. That’s a large chunk of customers that would be affected, and the real down-side is that the 20% of pirated customers could end up re-infecting legitimate paying Windows customers. So in order to reduce the spread of vulnerabilities in it’s ecosystem, Microsoft had to protect it’s paying customers, by patching its pirated copies.

Vulnerabilities aren’t fun for Microsoft, but they’re a fact of life–and being the dominant Operating System of the 1990’s and 2000’s meant the Microsoft received more than it’s fair share of attacks, the problem of course was how to address the vulnerabilities as and when they’re discovered?

There are two ways to deal with this problem: Limit the number of people who know about the attack or reduce the number of systems that are vulnerable. The first method has been tried for years with little success. This leaves us with the option of reducing the number of vulnerable machines on the Internet. Or as one team of researchers noted (pdf), “a vulnerability dies when the number of systems it can exploit shrinks to insignificance."[1]

So Microsoft followed the science and attempts to shrink the number of vulnerable systems to insignificance, and that can only mean allowing patches for pirated versions of Windows, no two ways about it, a world where Microsoft didn’t allow pirated version of Windows to be patched would be a dangerous world to live in.

Why shouldn’t Malaysia censor the internet?

Of late, the recent cases involving a certain pair of ‘sex’ bloggers and their ilk have prompted certain parties to call for more stringent regulations of the internet, but I for one think that we need to ensure that the internet remain free and un-censored–now more than ever. So why shouldn’t we censor the internet?

Rephrasing the question

A lot of people have made up their minds about it, mostly based on a series of assumptions–assumptions that usually false, and I hope to address the core assumption in this post.

So that’s why I don’t like the data caps, but how about the content filtering? Particularly filters that block of torrent downloads?

Part of the cost of your broadband connection includes the cost that the telcos pay to route your transaction to the US. That’s really where the internet is, and while Google has a couple servers here and a youtube presence–the vast majority of traffic still flows to the US. This means on top of the price of getting the Fibre to your home, the local telcos also have to pay for routing your data to the US (and back). If most Malaysians started viewing local sites rather than pornhub, our broadband cost ‘could’ become cheaper, because the telcos don’t have to invest in those expensive undersea cables to setup the connection to the states. Contrast this with the situation in the US where only 10% of traffic from the US flows outside it’s borders, it means that even if a US ISP lost its undersea cables, it could still serve up 90% of the content its users were requesting. It also explains why Singapore has cheaper broadband than Malaysia–Singapore is the data-hub for the Asia Pacific Region, so a lot of it’s traffic is also local.

So how do we resolve this issue? One approach would be to make Malaysia a hub, but most experts conclude that it’s probably not going to happen (including Afzal Abdul Rahim in his 2011 TedXKL talk). The other option would probably be to start hosting more content in Malaysia, and that’s why a Youtube server within our borders is a great start. What would probably help better is Netflix availability and Netflix servers in Malaysia–until you realize that Netflix host their servers on Amazon Web Services, and Amazon chose Singapore as their Asia-Pac location–probably because Singapore is a data hub, which sends us into a round-about circular argument.

We can’t get cheaper broadband because we don’t have the cables coming into Malaysia, and we don’t have the cables because we don’t have the content, we don’t have the content because we don’t have the cloud servers and we don’t have the cloud servers because we don’t have the cables. I explored this before how cloud computing ties in closely with your data connectivity as a nation–and there really is nothing much we can do to address the gap with Singapore except spend more on undersea cables. Most of which require significant monetary investment–and take a lot of time to deploy.

There’s a controversy brewing in the land of the free, one that will have implications for Americans, but also Malaysians and nearly every citizen of the world. We may look back at the moment Mr. Snowden leaked controversial (and ugly) slides about a program called ‘PRISM’ as the start of a pivotal moment in internet history, a moment where we either begun a massive campaign to prevent illegal and unethical government wiretaps or a moment where we let governments turn the internet into a police state.

So let's recap what happened.

There isn’t a person I know that doesn’t have either an iPad, Facebook account or Gmail address. Even my dad who vehemently refused to have a Facebook account, eventually succumbed to the social pressure but that was much after I setup his company email with Google Apps. So to say that the US Government had access to private details of nearly every single person in the world is not a stretch.

So what is PRISM really?

So is it possible that the NSA has a backdoor to Google without Google knowing about it? Turns out it’s not as far-fetched as it seems.

Steve Gibson, a security guru with his own show on TwitTv seems to think so. He’s put together some high level analysis of the story, taking into account other similar stories and suggest that the NSA has a wire-tap on the entire world. A communications intercept targeting the likes of Google and Facebook, but one that the tech companies could be blissfully ignorant of. A wiretap strategically placed at the front door of Google, Facebook, Microsoft and Apple–that collects and stores every data packet passing into and out of their servers.

But communications intercepts don’t work–because the data is usually encrypted…isn’t it?

In most parts the communications that people like you and me use to connect to Google is encrypted, and we’re secure in the knowledge that our data in transit is protected from prying eyes by a minimum 128-bit encryption–that’s encryption that probably won’t be broken for another 20 years.

But not all data flowing into and out of Google is encrypted, some of it flows in plaintext–ripe for any wiretap to pick up. Just like email.

This is what Article 12 of the Universal Declaration of Human Rights says:

• No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

This is what security offences bill in Malaysia says:

(1) Notwithstanding any other written law, the Public Prosecutor, if he considers that it is likely to contain any information relating to the commission of a security offence, may authorize any police officer— (a) to intercept, detain and open any postal article in the course of transmission by post; (b) to intercept any message transmitted or received by any communication; or (c) to intercept or listen to any conversation by any communication.

To me, the phrase ‘if he considers it is likely’ is another way of saying arbitary.