Wednesday, November 28, 2012

Think it's wiped? Think again.

EA's Gerrit Padgham was recently interviewed as part of a news story that discusses the state of security on multiple mobile device platforms. Smartphones today aren't phones: they are computers that just happen to make phone calls, and store all kinds of personal information about its owner. What you do with the device after you upgrade to a new phone could impact on your privacy.

The video can be viewed here

Thursday, January 5, 2012

Stratfor Breach: A (Better) Password Analysis

TL; DR: It seems that well over three-quarters of all the breached accounts were created but never used.

By now it's been widely reported that around Christmas time 2011, Stratfor suffered a significant breach.  The company provides "an audience of decision-makers and sophisticated news consumers in the U.S. and around the world with unique insights into political, economic, and military developments."  Disclosed data includes over 800K records, containing usernames, e-mail addresses, password hashes, physical addresses, and in numerous cases credit card account numbers, shockingly including CVV data.

A hash is the result of  processing data (like a password) with a specific type of algorithm, called a one way function.  These functions are designed such that output cannot be used to derive the input.  Some hashing functions are more effective at this than others, but that isn't the point of this article.  Several articles analyzing the password hashes have been published already, complaining about the collectively poor password practices of end users.  Generally speaking, they are correct.  The Tech Herald article in particular discusses using hashCat and CPU based cracking to recover roughly 80,000 plaintext passwords after about 4 hours of tinkering on account of these weak passwords.

Top 10 Passwords
Using GPU technology, we can just as easily crack those 80,000 passwords in just a few seconds.  We have been working on the disclosed hashes for a few days now and have managed to crack 713,984 (or 86%) of the ~822,000 unique hashes that have been released (roughly 40k of them are duplicates).

The resulting data is interesting, as it's not very often that we get the chance to look at over 700K passwords from a single source.

Probably the surprising and under-reported insight we found is that a majority (about 630K) of the passwords we recovered appear to be randomly generated by the Stratfor site at registration time.  These passwords all have a very specific set of characteristics.  They are eight characters long. They consist of uppercase and lowercase letters, and digits ('mixedalphanum').  With a mid-range dual GPU machine, we were able to test and recover all passwords for that entire character set and length in just over 24 hours.

So what does this tell us?  It's likely that during enrollment, the system generates a password automatically, and e-mails it to the user.  Normally users are required to change the randomly generated password on subsequent logins.  So it seems that well over three-quarters of all the breached accounts were created but never used. It's possible that Stratfor auto-generated a password and didn't require a change on next login, but based on our discussions with users exposed by the breach it appears that this was not the case

Password analysis tools  identify other patterns as well, such as the most common 'base word', or common digit patterns.  Many passwords start or end with digits to pad them out to meet password length requirements.  In the context of all of the random generated passwords, the numbers are very insignificant.  Patterns found have less than .25% commonality among the whole set.

So this begs the question: When there are GPU's at our disposal which make intelligent password guessing and checking easy to do, at a very rapid pace, what is a good password?

A very long one.  How long? As long as the storage mechanism supports.  If you have to look it up everytime, what does it matter, how long it is? It should be randomly generated, and contain as many unique characters as feasible (again, per the constraints of the password policy). Most importantly, it should be unique for that one application.  Should it become compromised, it won't put your other accounts at risk.  Open source password utilities (like KeePass or PasswordSafe) can be used to generate and securely store passwords.  Using strong passwords and securely storing them doesn't protect against keylogging, and if an attacker has deployed a keylogger to your system, they probably have  access to your filesystem as well.

For the curious, we ran the resulting Stratfor dictionary through a password analysis tool called Pipal.

Total entries = 750940
Total unique entries = 713984
Top 10 passwords
stratfor = 12023 (1.6%)
123456 = 625 (0.08%)
0000 = 519 (0.07%)
password = 517 (0.07%)
stratfor1 = 426 (0.06%)
changeme = 265 (0.04%)
strat4 = 265 (0.04%)
1qaz2wsx = 232 (0.03%)
1234 = 228 (0.03%)
wright = 179 (0.02%)

Top 10 base words
stratfor = 13562 (1.81%)
password = 775 (0.1%)
strat = 498 (0.07%)
changeme = 273 (0.04%)
qaz2wsx = 254 (0.03%)
wright = 188 (0.03%)
qwerty = 182 (0.02%)
usmcportal = 148 (0.02%)
intel = 133 (0.02%)
ranger = 127 (0.02%)

Password length (length ordered)
1 = 47 (0.01%)
2 = 41 (0.01%)
3 = 266 (0.04%)
4 = 3735 (0.5%)
5 = 4198 (0.56%)
6 = 32676 (4.35%)
7 = 28599 (3.81%)
8 = 648267 (86.33%)
9 = 16592 (2.21%)
10 = 9819 (1.31%)
11 = 3568 (0.48%)
12 = 2016 (0.27%)
13 = 609 (0.08%)
14 = 359 (0.05%)
15 = 163 (0.02%)

Password length (count ordered)
8 = 648267 (86.33%)
6 = 32676 (4.35%)
7 = 28599 (3.81%)
9 = 16592 (2.21%)
10 = 9819 (1.31%)
5 = 4198 (0.56%)
4 = 3735 (0.5%)
11 = 3568 (0.48%)
12 = 2016 (0.27%)
13 = 609 (0.08%)
14 = 359 (0.05%)
3 = 266 (0.04%)
15 = 163 (0.02%)
1 = 47 (0.01%)
2 = 41 (0.01%)


        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
        |
||||||||||||||||
0000000000111111
0123456789012345

One to six characters = 40957 (5.45%)
One to eight characters = 717821 (95.59%)
More than eight characters = 33119 (4.41%)

Only lowercase alpha = 62342 (8.3%)
Only uppercase alpha = 1482 (0.2%)
Only alpha = 63824 (8.5%)
Only numeric = 9959 (1.33%)

First capital last symbol = 3333 (0.44%)
First capital last number = 50259 (6.69%)
Months
january = 18 (0.0%)
february = 4 (0.0%)
march = 40 (0.01%)
april = 42 (0.01%)
may = 309 (0.04%)
june = 71 (0.01%)
july = 57 (0.01%)
august = 39 (0.01%)
september = 14 (0.0%)
october = 30 (0.0%)
november = 13 (0.0%)
december = 14 (0.0%)

Days
monday = 20 (0.0%)
tuesday = 7 (0.0%)
wednesday = 2 (0.0%)
thursday = 4 (0.0%)
friday = 34 (0.0%)
saturday = 2 (0.0%)
sunday = 8 (0.0%)

Months (Abreviated)
jan = 450 (0.06%)
feb = 169 (0.02%)
mar = 1794 (0.24%)
apr = 255 (0.03%)
may = 309 (0.04%)
jun = 360 (0.05%)
jul = 274 (0.04%)
aug = 249 (0.03%)
sept = 42 (0.01%)
oct = 208 (0.03%)
nov = 209 (0.03%)
dec = 240 (0.03%)

Days (Abreviated)
mon = 958 (0.13%)
tues = 8 (0.0%)
wed = 199 (0.03%)
thurs = 9 (0.0%)
fri = 274 (0.04%)
sat = 319 (0.04%)
sun = 457 (0.06%)


Includes years
1975 = 76 (0.01%)
1976 = 63 (0.01%)
1977 = 61 (0.01%)
1978 = 66 (0.01%)
1979 = 63 (0.01%)
1980 = 68 (0.01%)
1981 = 78 (0.01%)
1982 = 88 (0.01%)
1983 = 67 (0.01%)
1984 = 96 (0.01%)
1985 = 79 (0.01%)
1986 = 68 (0.01%)
1987 = 56 (0.01%)
1988 = 68 (0.01%)
1989 = 47 (0.01%)
1990 = 52 (0.01%)
1991 = 50 (0.01%)
1992 = 40 (0.01%)
1993 = 36 (0.0%)
1994 = 24 (0.0%)
1995 = 46 (0.01%)
1996 = 40 (0.01%)
1997 = 42 (0.01%)
1998 = 40 (0.01%)
1999 = 53 (0.01%)
2000 = 240 (0.03%)
2001 = 137 (0.02%)
2002 = 107 (0.01%)
2003 = 97 (0.01%)
2004 = 115 (0.02%)
2005 = 138 (0.02%)
2006 = 141 (0.02%)
2007 = 150 (0.02%)
2008 = 157 (0.02%)
2009 = 252 (0.03%)
2010 = 365 (0.05%)
2011 = 290 (0.04%)
2012 = 46 (0.01%)
2013 = 13 (0.0%)
2014 = 15 (0.0%)
2015 = 9 (0.0%)
2016 = 14 (0.0%)
2017 = 10 (0.0%)
2018 = 5 (0.0%)
2019 = 14 (0.0%)

2020 = 56 (0.01%)

Years (Top 10)
2010 = 365 (0.05%)
2011 = 290 (0.04%)
2009 = 252 (0.03%)
2000 = 240 (0.03%)
2008 = 157 (0.02%)
2007 = 150 (0.02%)
2006 = 141 (0.02%)
2005 = 138 (0.02%)
2001 = 137 (0.02%)
2004 = 115 (0.02%)


Single digit on the end = 87780 (11.69%)
Two digits on the end = 28409 (3.78%)
Three digits on the end = 9033 (1.2%)

Last number
0 = 6778 (0.9%)
1 = 16724 (2.23%)
2 = 17527 (2.33%)
3 = 18068 (2.41%)
4 = 15993 (2.13%)
5 = 15746 (2.1%)
6 = 15759 (2.1%)
7 = 15946 (2.12%)
8 = 15143 (2.02%)
9 = 16036 (2.14%)

  ||
 ||||  | |
 |||||||||
 |||||||||
 |||||||||
 |||||||||
 |||||||||
 |||||||||
 |||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
3 = 18068 (2.41%)
2 = 17527 (2.33%)
1 = 16724 (2.23%)
9 = 16036 (2.14%)
4 = 15993 (2.13%)
7 = 15946 (2.12%)
6 = 15759 (2.1%)
5 = 15746 (2.1%)
8 = 15143 (2.02%)
0 = 6778 (0.9%)

Last 2 digits (Top 10)
23 = 2888 (0.38%)
11 = 2143 (0.29%)
00 = 2023 (0.27%)
01 = 1999 (0.27%)
12 = 1582 (0.21%)
10 = 1347 (0.18%)
34 = 1335 (0.18%)
56 = 1276 (0.17%)
99 = 1200 (0.16%)
77 = 1076 (0.14%)

Last 3 digits (Top 10)
123 = 2113 (0.28%)
000 = 995 (0.13%)
234 = 838 (0.11%)
456 = 746 (0.1%)
111 = 448 (0.06%)
007 = 432 (0.06%)
010 = 357 (0.05%)
001 = 322 (0.04%)
777 = 292 (0.04%)
011 = 284 (0.04%)

Last 4 digits (Top 10)
1234 = 791 (0.11%)
3456 = 687 (0.09%)
0000 = 606 (0.08%)
2010 = 283 (0.04%)
2011 = 240 (0.03%)
2009 = 220 (0.03%)
2000 = 210 (0.03%)
2345 = 191 (0.03%)
1111 = 146 (0.02%)
2007 = 130 (0.02%)

Last 5 digits (Top 10)
23456 = 682 (0.09%)
12345 = 181 (0.02%)
45678 = 84 (0.01%)
11111 = 69 (0.01%)
54321 = 52 (0.01%)
77777 = 47 (0.01%)
34567 = 38 (0.01%)
00000 = 34 (0.0%)
56789 = 34 (0.0%)
31313 = 29 (0.0%)


Character sets
mixedalphanum: 415810 (55.37%)
mixedalpha: 179778 (23.94%)
loweralpha: 62342 (8.3%)
loweralphanum: 61633 (8.21%)
upperalphanum: 10973 (1.46%)
numeric: 9959 (1.33%)
mixedalphaspecialnum: 6507 (0.87%)
upperalpha: 1482 (0.2%)
loweralphaspecialnum: 1343 (0.18%)
loweralphaspecial: 709 (0.09%)
mixedalphaspecial: 188 (0.03%)
upperalphaspecialnum: 65 (0.01%)
specialnum: 64 (0.01%)
upperalphaspecial: 12 (0.0%)
special: 12 (0.0%)

Character set ordering
allstring: 243602 (32.44%)
stringdigitstring: 207513 (27.63%)
othermask: 150645 (20.06%)
stringdigit: 88585 (11.8%)
digitstring: 39717 (5.29%)
alldigit: 9959 (1.33%)
digitstringdigit: 8209 (1.09%)
stringspecialdigit: 2042 (0.27%)
stringspecial: 296 (0.04%)
stringspecialstring: 277 (0.04%)
specialstring: 52 (0.01%)
specialstringspecial: 31 (0.0%)
allspecial: 12 (0.0%)

Hashcat masks (Top 10)
?l?l?l?l?l?l?l?l: 24525 (3.27%)
?l?l?l?l?l?l: 14922 (1.99%)
?l?l?l?l?l?l?l: 9925 (1.32%)
?l?l?l?l?l?l?d?d: 5381 (0.72%)
?l?l?l?l?l?l?l?l?l: 4312 (0.57%)
?d?d?d?d?d?d: 4180 (0.56%)
?u?u?d?d?d?d?d: 4018 (0.54%)
?l?l?l?l?l?l?l?d: 3207 (0.43%)
?l?l?l?l?d?d?d?d: 3074 (0.41%)
?l?l?l?l?l: 2917 (0.39%)