Is today wh what day?
The seventh evening of the seventh moon, a not quite friendly to lone dog day. Encircle the Hua Shixiu conjugal love in besides the friend, du Lei this table of article of the seventh evening of the seventh moon as always coquettish, still did a lottery incidentally: You are all the attitude that ascends a top, I am witnessed. Transmit a small gain, du Du is smoked randomly choose 2 friends to send a Du Lei this &Jeep the seventh evening of the seventh moon is custom-built ceremony box.
Fall in this small gain however, have a different voice, netizen of a certain sex: Be at ease, I had arranged a brother to go black the hotel around, arrange obviously for nothing.
Although do not know this big brother says is really false, but hackers seem to having to the hotel really not general " interest " .
God enters the ground, will see hackers much love gets a public house.
Inescapable triumphant YueMiserable or triumphant Yue is miserable, afterwards Chu Kaiyue system met with 2016 hacker breach, by head take " one blood " hind, triumphant Yue was finished smoothly again in October 2017 " double kill " .
Hotel of 41 of 11 countries triumphant Yue pays the whole world the system be inbreaked by the hacker, the discharge outside mass data. What concern with the Chinese is, suffer the amount of triumphant Yue hotel with the largest influence this to be located in China, share 18, the information that divulge includes full name of the person that hold card, card number, expire date and code of in-house test and verify.
These 18 " in action " the curiosity that the hotel also shows a face to satisfy next masses:
Fuzhou storehouse hill triumphant Yue hotel
Big public house of Guangzhou Fu Lijun Yue
Hotel of Guangzhou cypress Yue
Guiyang culmination triumphant Yue hotel
Hangzhou triumphant Yue hotel
Hotel of Hangzhou cypress Yue
Jinan 10 thousand Da Kaiyue hotels
Hotel of Li Jiangjin Mao Junyue
Qingdao hotel of Lu Shangkai Yue
3 inferior hotel of Yue of gentleman of bay of Chinese flowering crabapple
How does Shanghai new scope of operation amount to hotel of be an official
Big public house of Shanghai Jin Maojun Yue
Big public house of Mao Yue of the beach outside Shanghai
Shanghai esteems hotel of bright gold Mao Kaiyue
5 horn of Shanghai triumphant Yue hotel
Hotel of Shenzhen gentleman Yue
Xiamen bay of 5 predestined relationships triumphant Yue hotel
Xi'an triumphant Yue hotel
Say according to Malwarebenchmark, these clients that visit without accredit pay card data, be come from March 18 between July 2 what run a place in a few triumphant Yue is downstage, be inputted through manual means or brush card. And the reason that this data divulges, it is the card that will contain baleful software code by tripartite inserts system of certain hotel IT, manage systematic flaw through the hotel, get the visit limits of authority of the database, extraction and after decoding, obtain the private information of the user.
What be taken aim to go up is more than triumphant Yue.
Hacker purloin record of credit card of 15 million personAccording to Singapore " associated morning paper " 2 days of reports, american judiciary Zhou San (on August 1) announce, 3 Wu Kelan's hacker is suspected of inbreaking the information system of 3600 hotels of 47 cities of American, dining-room and gambling house, purloin surpasses the credit card record of 15 million person, experience record amount is as high as dollar of even more ten million. Judiciary accuses 3 people are telegraphic 26 accusation such as behavior of con, hacker and larcenous identity.
According to the report, factitious hacker organizes these 3 Wukelan " FIN7 " important member. Since 2015, they slip into the hotel of many cities of American and gambling house system. Besides, they ever also inbreaked England, the system of Australia and France, record of purloin credit card, concerned information data is sold in dark net later.
The report says, american government points out, "FIN7 " use to claim Yueluosi and Israel, name is total position " Combi Security " information security company comes recruit is other hacker.
So far, a lot of people are incomprehensible, why does hotel system suffer a hacker alone " favour bestow favor on " ?
Actually with respect to two reasons:
Because,be money, than the example of as above face, hacker filch data may take dark net to sell, why do you know you always got rubbish short message so?
The 2nd it is interest purely, like to chase after a star with you same, others likes to do get a technology, black hotel of what.
To open hotel room, the hacker built a twirlAccording to titanium media coverage, two safe experts of Holand F-Secure liked off hours to do a bit " little interest " . And this is done did 10 years, break the safe system that divided famous public house to lock up manufacturer VingCard, build the global millions that went out to be able to open use VingCard to lock up the twirl of hotel room.
The thing wants restrospect to the earliest their colleague lost computer in the hotel 2003, but the hotel insists to say he does not have responsibility. Then two great minds want to look, can use systematic flaw to open the door lock of the hotel after all, do not leave a bit mark even.
Then they began endless research, analysed the whole and tectonic principle that intelligence locks up. Pass finally find out a few look be like hurtless to conceal flaw, make the key that gave to be able to open every door. They removed to this action very cruel and meaningful name: Ghost lock.
Through jobs, to 2015, two experts built a RFID to demonstrate an environment, to March 2017 they succeeded to give all-pervasive key in configuration of a hotel. According to their plan, the room card that should take a public house only is to expire even the room gets stuck, can deserve very quickly to go out can open a hotel of every room advocate secret key. And their revolutionary depend on, can complete record is the door that is opened by twirl to open the door normally, won't leave any data marks even, it may be said does not have footprint truly without the shadow.
Lock up this thing to have enough conviction to allow intelligence of the hotel that defeat solution, two experts chose the top class VingCard that lock up business to regard a test as the target, very much famous public house is their client, be fond of for instance will ascend hotel of group, intercontinental to wait a moment. Famous public house of a lot of China, beijing nation trade is for instance large hotel, also be in the hotel list that is captured this. And two experts are returned express humbly, what they used 10 years is long, because still have full-time job,basically be, if do this thing heart and soul, perhaps succeeded very quickly...
When if you are in,hotel of class of a 5 stars rests, there is a stranger to taking a twirl however outside the door, can open the door of every room, what feeling can you be? Be a bit creepy?
The hotel is blackmailed, do not hand in ransom not to open the doorBesides what match twirl to open the door secretly, still have what involve client opening a room outside the door.
Of Austria " J? Gerwirt romantic hotel " was blackmailed unfortunately between 2017 3 times with same trick by the hacker.
When encountering the hacker is atttacked for the first time, the hacker infiltrates the system of electronic entrance guard that took them, hundreds guest the lock is outside the door, requirement hotel just pays ability of 1600 dollars ransom money to see lock door. At that time his normal operation order to restore a public house as soon as possible, paid ransom money to the other side directly.
However hotel manager absolutely did not think of, although the hacker received the solution after ransom to lock up hotel door, but a safe back door left in the IT system of the hotel. Soon, hacker stage a come back, undertook the 2nd times extortionary with same method, bring about many 180 client to cannot enter a room again.
Face the 2nd times blackmail, although hotel manager signed up for alarm, but for the hotel normal operation, they still choose to pay ransom money, coming police is helpless to this also. Interesting is, the hotel still exists without the back door that realizes IT system, till the 3rd experience is blackmailed.
Cannot think of, still have this kind of operation...
Do the electronic lock that decides him hotelOuter live when the hotel sleeps to be not worn, what can you do?
Is what clockwork spring friend encircles call insomnia congener? Brush shake days of phonic fritter away? See a film or TV program silently?
All Pass, some is allegedly senior the hacker is sleeping to be not worn moment rises sweep one week later, plan to dig a hotel " flaw " .
Very fast he defined a goal-----The electron of own door is locked up.
Above all, he discovers the lower part of electronic response division of the door of the hotel, the small cover that still one can be opened easily (go up the area that there is keyhole on the right side of the graph) , this is to report is done not have in the door when, can open cap to open the door with mechanical key.
Next, he is extended from the mouth of this square go in, the parts of an apparatus of electric machinery line that take advantage of an opportunity locks up this electron is drawn out, after the line that studied each color, basic affirmatory white and gray label twice + the line of M- is electric machinery line.
Finally, wiring drive electric machinery, can be below the circumstance that gets stuck without the door, open a door. This one opens lock operation, the whole thing the time that needs 20 seconds only, if using him, say " the thief is good do " .
Good, this is real case is fabricated by no means, the true identity of this hacker is 360 alone the safe researcher of horny animal group, the speech desk that the safe peak such as DEFCON hacker congress, HITB meets still crosses on Ceng Deng. His is the loophole that seeks hardware of car of of all kinds intelligence, intelligence to go up daily, tell manufacturer next, the thing of your home is insecure, have the place that what can improve. If be opposite,the children's footwear that this great mind is interested in can click Li Jun: The hacker spirit in my eye, examine textual.
Hotel agreement
Rose and Jack are to different the ground is loved, half an year just sees, two people met this to be in about directly hotel of class of some 5 stars. Male heroine goes up in the bed hard-fought war when, room lamp shined suddenly, the curtain is opened slowly...
Those who do this is Nicky of two of group of Blade of ministry of Tecent safety platform little elder brother, Xbalien.
Current, the communication agreement that intelligence lives in uses ZigBee agreement more, and KNX is commonly used at large public, wait for establishment of a few industry like stadium house, airport, luxurious hotel and nuclear power plant, factory. Nicky and Xbalien will begin to study this one agreement in November from last year, discover the research related this one agreement and safe tool are few, their early days cost a large number of time and energy to analyse this one agreement.
Early before go up in DEFCON congress, ceng Youan's complete researcher inbreaked through WiFi network Shenzhen Beijing base the KNX system of hotel of auspicious of 100 buildings luck, controlled the lighting system of the hotel. But the segregation of WiFi network photograph of the KNX gateway network that most hotel discovers when Nicky and Xbalien are checking on the spot and hotel itself, the final gateway of its KNX equipment is in alone control is indoor, other people is not contacted.
Pass the analysis of pair of KNX agreements, their discovery can enter KNX cable network to modify KNX/IP way through receiving by implement configuration, below the normal use situation that does not affect equipment of network of whole and original KNX, atttack discharge of any equipment in KNX network or network of smell explore KNX, this kind of attack can bring about the equipment of whole KNX network to decline a service at the same time.
Of course this is a train of thought only, whether implementation still needs to contact KNX equipment to have a test personally.
Then two little him elder brothers acquired KNX equipment, build a small-sized KNX network, and above finished a complete set of to atttack flow.
"But this kind of small-sized network cannot complete imitate is large the attack setting of the network, then we decide, go hotel of class of some 5 stars opens a room. Go hotel of class of some 5 stars opens a room..
Choosing hotel of class of some 5 stars to open a room have a reason, not be the matter of certain and frame-up classics that you consider of course, used KNX device because of all rooms of this hotel and corridor or hall however. This is a larger network, may use among them thousands of very consummate equipment of 10 thousand KNX, realize the batch attack of large KNX network to study the target is OK with this.
Then, nicky and Xbalien chime in easily, run the hotel spent 1800 a room, one night checked one day inside, successful test and verify use afore-mentioned attack means to be able to hold lantern of corridor of inn of drink to excess, and guest room " do not disturb please " lamp shop sign is bright destroy.
Know on have a problem: How to become an elegant hacker?
A reply with next noodle top praise is: Do not know what is elegant, know a hacker only very nerve.
So, wish this group has a place " nerve " hackers the seventh evening of the seventh moon is happy, and the evening that has a public house that peace spends.
Net of Lei Feng of net of Lei Feng of net of VIAL Lei Feng