From a Hacker’s Point of View: Nothing Exists Outside the Cyber-World. If it is Here, Cyber is a Too.

ncsam2019_logoB

I am a Certified Ethical Hacker (CEH); yes, there really is such a thing. Somewhere, someone decided that taking criminal hackers and using them to secure things of value was a plan with a tiny flaw. So, the intelligence community started training people who had yet to become criminals to battle the ones who had.  It is one of my somewhat diverse set of training and certifications.

I am also a Certified Archivist and have been a member of SAA for a number of years. I understand the basic concepts of provenance and original order, how to process to the file level or institute MPLP, and assist researchers in finding what they need, whether I think it is what they really need or not. I also have a view of metadata that may be a bit different than that of the “average” archivist (if such exists.)

One of the things I do with “repositories or centers” of all types, is to help audit their security. By this I mean I work, mostly with one of several teams of other auditors, to see if we can bypass the security systems put in place to protect items seen as valuable by their owners, custodians, curators, — or people who may see value where these others do not. If we can discover and exploit vulnerabilities in the system, which includes human beings, by the way, so can the cyber-criminals. Hopefully by exposing flaws, they can be fixed.

Most of the security auditing work I do has nothing specifically to do with digital collections, even if the eventual goal is to verify or denounce security of digital material. The team that most often asks me to join it does so because of a) my social engineering skills (think phishing, fooling security guards, basically being a conman), b) my record of unusual ways to attack a stubborn object, and c) I am the fastest lock picker among us.

Overcoming physical barriers is part of a cyber-attack. Hacking a wireless mouse and keyboard is extremely useful, controlling cc camera-surveillance, disabling alarms (both onsite audio and calls to emergency personnel), and controlling environmental controls are tasks often only easily accomplished when the attacker is in close proximity, have been previously able to get close and hide surveillance tools, or acquire information that the target is unaware has been acquired. It is, however, possible to drive a point home if the double-locked room that holds a server also has an audit team business card sitting on the server, or a bank branch manager can only type “I will change my password every 3-6 months” no matter what keys he or she types on the keyboard.

Vendors build technology for users, and most users don’t want security badly enough to give up things they enjoy about technology. If I can get into your system, and many of the devices we use these days are very easy for someone to gain unauthorized access, I can activate your camera and microphone on your phone or tablet. I can access information you thought had been erased. I can put malware on a device that will drop onto a computer network at your repository. And now we have millions of little doors into our information systems that were designed to send out information but not to keep it secure.

In the past few years these little devices have provided the exploited vulnerabilities for major Distributed Denial of Service (DDoS) attacks, including one that shut down a major DNS system server that caused Twitter, about half of Amazon, and many “unnamed government facilities of at least significant importance” that accessed the networks through cc-cameras, baby-monitors, refrigerators (yes), microwaves (yup; laugh all you want), and other high-frequency radio wave or wireless signals broadcast from millions of everyday objects (commonly referred to as the Internet of Things IoT).

The point is, there is practically no place someone can try to keep secure or keep private that does not have vulnerabilities through cyber networks. Likewise, privacy is part of securing those networks. The networks of information and communication used in preservation and protection depend on computer technology. Physical environments are controlled by computers, and criminal hackers can do them in.

Probing Ports for Vulnerability Initial IP Tracing and Reconnaissance Prior to Attempting to Crack Password
Probing Ports for Vulnerability Initial IP Tracing and Reconnaissance Prior to Attempting to Crack Password

A Lab Demonstration Just for Archivists and Librarians.

So. When thinking about your repository and it’s need for information security, consider this exercise conducted during a Certified Ethical Hacker practice training exercise arranged for some of my colleagues and me. Our tasks were set up on a server running virtual machines that reacted in the same way as “real life” configurations. In fact, the virtual machines could have been used to replace the originals, which likely ran, at least in part, on virtual environments. We had a series of networks duplicated from real life on a server, run on several virtual servers. We conducted reconnaissance where we realistically could, and had a randomly determined amount information provided that represented things we would have ascertained with more time (the random amount provided for a percentage of any failures, and we felt it was actually unrealistically against us.)

 

We had determined several potential access points, including outside security lights controlled by sensors with passwords we were able to crack. One of the first things we did was hack the alarm and emergency communication devices, as well as block wireless signals. (Keep in mind that, although we were a small team, we had a variety of experience levels. By the end of our training, each of us could do this on our own, and had to prove it.) We later did several things that would give us continuous access to various points of the networks and keep control of parts of it in the future.

 

I noticed a location on the network (I didn’t know the physical location but didn’t need to) and got a very nasty idea. At my request, we did something else with the emergency response systems. There was an area that was a “virtual library”, as identified by the network connections. We had already deactivated alarm systems, including communication with first responders. We now accessed the environmental controls on a connected network node (so things could be shut down in an emergency), and set the thermostats connected to the library to maximum. We then started the fire suppression system, water sprinklers, to come on at (I believe) 11:00 P.M. Friday night, and after about 40 minutes, discontinued it for 10 minutes, restarted for 20 minutes, stopped for 10, and continued it the rotation until the early morning hours on Monday (I think 3:00 A.M.) Remember, we were causing the computers to exercise these instructions, but they were not connected to any actual equipment.

 

If this had been the original system that had been copied to this virtual server, and physically in the building where it was originally located, the library would have had constant drenching, with short breaks to let the water sink in where it could, while the temperature rose to the building’s maximum amount (upper 90s maybe), and stayed there for at least 3 days. The library might have had no digital collections, and in the eyes of many, if not most, archivists did not need to worry much about cybersecurity. Think about the condition of the library materials after this. What about 3-day weekends? Nasty stuff.

 

In less than 2 weeks I return to training. Hacking into control signals of drones, and using drones to hack where you can’t otherwise reach. I am quite pleased that the “good guys” were forced to use aggressive attack as a method of network defense.

 

 

Jim Havron, CA, CEH

Update on Stolen Christopher Columbus Letter

nypl.digitalcollections.510d47df-2923-a3d9-e040-e00a18064a99.001.r

 

Last year, the Security Section wrote a piece on a 525-year-old Christopher Columbus letter that was missing from the Vatican Library. Unbeknownst to them, a forgery lived in its place for decades. Last week, the United States returned the 1943 letter to the Vatican. However, investigators still have no answers regarding who stole the letter or how the theft occurred.

 

Read more at:

New York Times

Smithsonian Magazine 

Voice of American News 

Washington Post

 


The Miriam and Ira D. Wallach Division of Art, Prints and Photographs: Print Collection, The New York Public Library. “Christopher Columbus.” The New York Public Library Digital Collections. http://digitalcollections.nypl.org/items/510d47df-2923-a3d9-e040-e00a18064a99

French Prosecutors Seek Sentences of up to Seven Years for Hungarian Map Thieves

FranceMap-Rumsey
“A New Map of Ancient Gaul or or Gallia Transalpina,” from David Rumsey Map Collection

Yesterday, prosecutors in France announced that they are seeking sentences of up to seven years for seven suspects who devised a scheme to steal rare and antique maps from libraries across France. The suspects are reportedly Hungarian nationals who cut the maps out of atlases during visits to libraries from 2011-2013. Over 100 maps, including several with stamps of the Toulouse Library, were found by Hungarian customs officers when they inspected the car of Andras Katona, one of the suspects. The total value of the crime is estimated to be four million Euros. For more information about this case, read this article from Expatica or this French-language article from Ouest-France.

The Plight of Cultural Heritage Objects at the Hands of Transnational Terrorist Networks

The rise of Daesh in Syria and Iraq, and the spread of Daesh and Al Qaeda affiliated groups throughout the Middle East and North Africa, has resulted in a great deal of harm done to uncountable numbers of objects of enduring cultural value. The damage is being done in two principle ways.

mosul-library2
Interior of the Library, University of Mosul. From the Independent online

First, these groups are destroying cultural sites, libraries, archives, and museums because they deem these sites to be affronts to the society they are attempting to create. There are several examples that have been reported, such as the Al Mahdi case in Mali, the destruction of the library at the University of Mosul, and the numerous cultural heritage sites, including Palmyra and Nimrud, that have been destroyed by Daesh.

The second way damage is being done is via looting of cultural heritage objects that are then sold to collectors, sometimes by seemingly reputable dealers, in order to finance terrorist groups. Just this week, on March 26, two Spanish antiquities dealers, one named as Jaume Bagot and one yet unnamed, have been arrested and charged with financing terrorist activities by providing a licit front for the illegal sale of antiquities looted from Libya and Egypt. A great deal of news is still coming out of Spain about this subject and the story will be developing over the next several months.

Various governmental organizations, national and international, have recently been addressing the problem of looted cultural artifacts being used to fund terrorist activities. US Homeland Security and law enforcement and prosecutors in New York have made strides to combat looted antiquities trafficking resulting in several seizures of materials already. The UN and EU hosted a conference on March 20-21 entitled, “Engaging the European Art Market in the fight against the illicit trafficking of cultural property” to develop a cooperative approach with players in the art and antiquities markets in Europe to stem looting from conflict zones. The EU has also proposed new restrictions on the import of antiquarian books, prints, and manuscripts in an effort to combat smuggling of looted materials (links to a PDF). Some groups, including ViaLibri and the International League of Antiquarian Booksellers have expressed their concerns over the proposed regulations because of the consequences to the licit rare books and manuscripts trade. These points of view are something for those interested in combating looting to consider if there is an effort to have a cooperative approach to stemming the flow of smuggled goods through international art and antiquities markets.

Snip-AntiquitiesCoalitionInfographic
Segment of an Antiquities Coalition infographic about conflict antiquities financing terrorist activities

The body of research about cultural property destruction in the name of terrorism is rapidly growing and one can find a great deal that has been produced in the last 3-5 years. One particular source is the Antiquities Coalition, an NGO with a mission to combat “cultural racketeering.” They recently featured a three part blog series about the trade in looted antiquities. They also have a variety of resources for those interested in combating crimes against cultural heritage, including infographics with jarring statistics about how much Daesh and similar groups can finance with just a few sales of looted artifacts and how the process of looting and garnering money from the proceeds was institutionalized by Daesh as a formal operation of their group.

The Antiquities Coalition is certainly not the only source of information. They are one of many that archivists, special collections librarians, and those who work with cultural heritage should be aware of. By being aware of how different groups across the globe are fighting against the illicit trafficking of cultural heritage objects, we can contribute to the effort and ensure that our institutions know the provenance of the cultural heritage objects we are acquiring.