90 lines
4.8 KiB
Plaintext
90 lines
4.8 KiB
Plaintext
|
-----BEGIN PGP SIGNED MESSAGE-----
|
|||
|
Hash: SHA512
|
|||
|
|
|||
|
I was pleased to be a participant in Powers of Tau, having served as the
|
|||
|
Zcash Company’s DevOps engineer during 2016-2017, and contributed some
|
|||
|
suggestions to the original ceremony.
|
|||
|
|
|||
|
For the purposes of my report, the most important fact to disclose,
|
|||
|
which I must stress seems unconnected to my participation in the
|
|||
|
ceremony, is that I discovered I was hacked about a week beforehand. My
|
|||
|
router was popped and being tunneled/VPN’d into, and there was
|
|||
|
unprivileged access to my desktop computer complete with the hijacking
|
|||
|
of my DBUS user session enabling the attacker(s) to spy on my screen
|
|||
|
with XRDP. This was the case for a period of about two weeks in
|
|||
|
February, though it’s possible the targeting began earlier.
|
|||
|
|
|||
|
Even as this is the first time any equipment of mine had been
|
|||
|
compromised in over a decade, and it’s somewhat embarrassing to admit
|
|||
|
since I make my living by securing systems and being trusted, I can
|
|||
|
reveal some of the methodology. At the time I was hacked, I was
|
|||
|
experimenting with Tor’s DNSPort as my primary means of domain name
|
|||
|
resolution, and I was running an open resolver which was exposed to the
|
|||
|
internet. I had also enabled UPnP and the media/streaming services of my
|
|||
|
router, and had set up SNMP to control the router. My best understanding
|
|||
|
is that a malicious DNS server was used to obtain the privileges of the
|
|||
|
loopback interface. Later, an unconfigured installation of FreeRADIUS on
|
|||
|
my system (which has a client grant for localhost in its default
|
|||
|
configuration) was exploited in order to give the attacker their own
|
|||
|
user on my machine. In addition to the hijacking of my DBUS user session
|
|||
|
and the remote viewing which occurred for days on end unbeknownst to me
|
|||
|
at the time, I discovered several levels of compromise and daemons which
|
|||
|
had been reconfigured, including MiniDLNA/minissdpd, PPD/pptpd, OpenVPN
|
|||
|
and snmpd.
|
|||
|
|
|||
|
Needless to say, figuring this out prompted me to replace my router,
|
|||
|
re-install my operating system, revoke keys and shift passwords, and led
|
|||
|
to several sleepless nights spent investigating, yet ironically prepared
|
|||
|
or positioned me in a way for the ceremony. The strangest part of the
|
|||
|
whole episode is that I ended up having some conversation with one of
|
|||
|
the people who was hacking me via IRC, and to this day it seems they
|
|||
|
were just curious and nothing of value was taken. The lesson which I can
|
|||
|
impart to others is to please disable UPnP, and be wary of defaults and
|
|||
|
of keeping stuff installed which you don’t need!
|
|||
|
|
|||
|
So… now for the computation, which occurred on March 9th. For a period
|
|||
|
of days before the ceremony, I essentially “went dark”, e.g. stopped
|
|||
|
posting on social media, and all traffic on my LAN was routed through
|
|||
|
the Tor network. Working out of my apartment, I used a computer which I
|
|||
|
have maintained for air-gap operations; which has never been connected
|
|||
|
to the internet. I transferred the challenge and the Rust
|
|||
|
code+dependencies via a USB stick. Both the compute node and my regular
|
|||
|
computer ran the ‘testing’ distribution of Debian Linux, and were fully
|
|||
|
updated in all respects including firmware. In addition, those machines
|
|||
|
had hardening applied to make things more secure. To be specific, I ran
|
|||
|
the latest grsecurity kernel in the 4.4.x stable series. I firewalled
|
|||
|
the machine(s) so that both incoming and outgoing packets had a default
|
|||
|
'DROP' policy, and the few protocols which I wanted to use would be
|
|||
|
explicitly added. I leveraged the AppArmor LSM with all available
|
|||
|
profiles enforced and enabled, and I also kept auditd logs which
|
|||
|
indicated no unusual activity or syscalls.
|
|||
|
|
|||
|
With that said, here’s the b2sum of my response:
|
|||
|
|
|||
|
548c67a73e0e33cd8c8d00f23963870ba5bfb8637ebeacc6541ed607b5edc8e7db1593d22804688f3cc4c788a750f7f8ec57aa7f122f3fa6d86ff5bc11a26940
|
|||
|
|
|||
|
Lastly I want to note in advance that the key I'm using to sign my
|
|||
|
attestation presently (which was on a smartcard, so I have no indication
|
|||
|
it was stolen), 0xB604C32AD5D7C6D8, will nonetheless be revoked at the
|
|||
|
end of March 2018.
|
|||
|
|
|||
|
Regards,
|
|||
|
Kevin Gallagher
|
|||
|
@ageis
|
|||
|
-----BEGIN PGP SIGNATURE-----
|
|||
|
|
|||
|
iQIzBAEBCgAdFiEEo/K1CkOGL+Ll5vJw+HWS81Mz1E8FAlq5jGMACgkQ+HWS81Mz
|
|||
|
1E9bkg/9EYMvFzfsRLEtAA2f3j0JuU7+9LPDxWQFu4bdefSs+kNiriAp96sBIpjc
|
|||
|
VaFAjMynSF6RIIT7n+DkXfiKY8V4ptkqMtV/rXVIqExX0Y+wWJAyPdx9DgeYotlZ
|
|||
|
ReyP3cyXowSlZyGelTR9pmUhsrFSaN4y9fdOrpUqMju8qzIEMfq4/Co2OlIsFrRu
|
|||
|
b2r7aC/6bmhFppobAkFZDDeuBypgtIvrTO6MZP0TRRUEtLXH7HIkDXeL4+dy3DS0
|
|||
|
r47/2hfhI77EJN+/TyQTM6Si6eT65yn1j0pMtAuXCZ3uDYMO1MN6b7Vt9M5EPqyh
|
|||
|
qC0GUneAAlBigMBODj6/9ZvWjf4FubBgptUydL1OOQHX+Cs/NZWcRPBarqsQS+tv
|
|||
|
IB63ibtrNrqdjt+yqw/Fb0zUxYlg87v+4aTmTQoXvnowB4Scox0vA3RYT2jN4s66
|
|||
|
MA/0dOLx06jkrPtHs1YP+GhmxgT9qTF40KcjtZQL93zQFQdwBbzyYswtRjrUYJRH
|
|||
|
/GrpOg2yyNaUo/OxC8sEScVRjT/LGKdfFaVtxscfv9nLjJKAmKSNpGlKzGpDNSHU
|
|||
|
om95geTf6/Sz/awEaA+lv4hJKiRi1CKiAiiTPjcYQK1ymzZ+t7oA0AZNQsDlm0lW
|
|||
|
edmLvRq62C6jbiaIYiFldyWcmyfJQ6Uf2NGU8MBOZiI2LTTIPbo=
|
|||
|
=C9TT
|
|||
|
-----END PGP SIGNATURE-----
|