TEAM CLOCKWORK SRA 221 PROJECT

Blake Michener, Bryan Beech, Eric Gibbs, Hunter Walker, Matt DeRosa, Kevin Foldes

P a g e |1

Table of Contents
Executive Summary Memorandum of Understanding Requirements Documentation Risk Assessment and Mitigation Plan Proposal Detailed Security Plan Technical Implementation Appendix of Detailed Setup Instructions Appendix of Problems 2 3 6 11 15 16 35 37 39

P a g e |2

Executive Summary
Problem Team Clockwork sought to crack WEP wireless encryption, capture Microsoft Xbox 360 packets streaming over the network, and analyze them through the Wireshark software.

Solution After the team encountered initial setbacks with Backtrack 5 and the first round of Kali Linux attempts, team members were able to successfully isolate Xbox traffic utilizing the Fern Wi-Fi Cracker software. The successful capture was performed by bridging the attacking laptop and the Xbox 360 console, isolating the network traffic, initiating a chop chop attack on the wireless encryption, and recording the results in Wireshark. Ultimately, a number of different packets and handshakes were recording, ranging from basic network traffic to encrypted handshakes for services like Netflix and finally Xbox Live account handshakes. As further detailed in the Technical Implementation document and the presentation, Team Clockworks solution to cracking WEP wireless encryption on the Xbox is the best fit for the problem because it is easy to follow, repeatable, reliable, and evolved out of the real world challenges and successes that occurred during this term project.

Team Clockwork Members Blake Michener (bdm5125) Eric Gibbs (emg5361) Hunter Walker (hzw5097) Bryan Beech (bwb5287) Kevin Foldes (krf5170) Matt DeRosa (mmd5271)

P a g e |3

Memorandum of Understanding
The purpose of our project is to break into an encrypted wireless network that has been setup by us for this purpose. We will then leverage the cracked network to intercept data that is being streamed from a wireless router via Wi-Fi to an Xbox gaming console. We are also looking to gain experience with the use of the Kali Linux software tools, specifically Fern. Throughout this project, we also want to obtain a greater understanding of the fundamentals of wireless encryption and wireless fidelity in general. The problem being addressed in our project will be the extent of vulnerability from a connection between an encrypted wireless network to an Xbox gaming console. The focus of our project will be the Xbox to router connection, and to what extent our tools and knowledge can intercept and manipulate from this data connection. Research into the type of protocols used to transfer data from and to the Xbox will be high priority in organizing a successful breach. If successful, the information gained from gaining access to this secure connection will allow Microsoft to mediate any flaws and exploits used to deter security breaches from outside threats. Primary stakeholders for the Kali project included Microsoft, Xbox Game Developers, Internet Service Providers, Router Manufacturers, End Users, Hackers, Kali developers and members of Team ClockWork. Should this project successfully intercept user data from an Xbox over a wireless network, this may reveal a crucial security flaw for all businesses involved, whether they develop the gaming console, software for it, or simply provide the wireless connection and infrastructure. Any of these corporate stakeholders may find the teams discoveries useful for their own intrusion testing and vulnerability assessment purposes, potentially averting a costly breach in their customers confidentiality. Alternatively, if the team encounters difficulty in intercepting the wireless data, it may confirm the confidentiality of their

P a g e |4

systems and serve as a practical proof of their existing security measures. The users of the Xbox console and wireless networks are also stakeholders, as the project may expose issues that positively or negatively impact their experience utilizing a wireless-reliant Xbox or other device. Similarly, those seeking to exploit these networks could find the project a boon or bane it may expose a flaw theyve already been exploiting for nefarious purposes or confirm the existing system possesses is sufficiently secure. Those responsible for coding the Kali Linux distribution and tools utilized within the project may also be considered stakeholders. Any flaws exploited through their code could either generate interest in their work or create an immense backlash against it for enabling hackers to exploit the Xbox consoles vulnerabilities. Finally, the Team ClockWork members are key stakeholders, as the projects success will largely determine our grade and enjoyment of the SRA 221 course. The timeline of this project will consist of all team members coordinating and working together in order to meet the deadlines assigned by the professor. In order for our group project to run smoothly, a lot of research will need to be done in order for group members to fully understand our topic. In about two weeks our group will be able to fully understand the inner workings of the Kali tools especially focusing on Fern. After fully understanding how to penetrate networks, we will be able to research the wireless network capabilities for Microsofts Xbox which should take about one week. This step should not be too difficult due to the fact that an Xboxs MAC and IP addresses can be found right on the system. The type of protocols that are used to transfer data will also need to be researched which will allow our group to fully understand how to crack a wireless network that is being streamed to an Xbox console. Team Clockwork predicts that all members will have full knowledge with the task at hand in about a month and a half. With the leadership from our team leader along with the determination of all

P a g e |5

the team members, Team Clockwork will be able to fully understand the project topic and meet the deadlines. Measurements of success will be based upon our ability to gain access to the network the Xbox and router are communicating on, intercept various packets being sent, and being able to decrypt some of those packets to reveal user-sensitive data, such as logon information, credit card details, or any other useful encrypted data. By revealing this data, we shall have exposed a major flaw in security of Xbox consoles. This is important because millions of people store credit card information on their systems and when they communicate with Xbox servers over the internet, there is a possibility of personal information being leaked to unauthorized entities.

P a g e |6

Requirements Documentation Purpose and Explanation

Interfaces Multiple interfaces will be needed to achieve our objective of breaching a WEP encrypted Wi-Fi network. The most vital interface will be our virtual machine Linux interface. This VM interface will allow us to access Kali Linux and other programs needed to break the WEP encryption. Another essential interface will be the program Kali Linux which will allow us to actually break the WEP encryption of our target network. The target interface of an Xbox 360 streaming data will used as well. We will configure a large transfer of data from an Xbox live streaming service via our target Wi-Fi network which will be initiated on the Xbox. Another interface will be the Linksys network configurator that will allow us to precisely adjust out networks security so that we can configure Kali Linux to counter it successfully

Functional Capabilities In order for our project to be successful in capturing data from an Xbox 360 will we need to have a few things functioning properly first. We will need to have a functioning Xbox 360 with online capabilities. We will also need a functioning virtual machine with Linux interface. On this virtual machine with Linux we will need to have Kali Linux installed to break the WEP encryption. With these things we will be able to use Fern program from Kali Linux on a virtual linux system to intercept and crack wireless data sent to an Xbox 360.

Performance Levels

P a g e |7

ClockWork expects to maintain a high performance level during the execution of our mission. We have multiple laptop computers that will maintain the required processing power to utilize Kali Linux so our project will remain consistent and not be interrupted. When our computers utilize the Kali Linux program we expect it to comply with the security and quality standards we have set for our project. If at any time the performance level decreases we will reanalyze our structure and adjust accordingly to meet our specified criteria and performance level.

Data Structures/Elements As the scope of the project does not involve coding or the use any proprietary software, it is unlikely that the team will be required to generate data structures or define elements. Interfaces and software used during the course of the project will undoubtedly involve various forms of self-contained elements and structures that the team may wish to familiarize themselves with, but it is unlikely that knowledge of structures outside of basic arrays will be necessary, and only for sorting data.

Safety Team ClockWorks motive is to intercept data that is being streamed from a wireless router via Wi-Fi to an Xbox gaming console, with focusing mainly on streaming services such as Netflix or Hulu. The aspect of safety for this project needs to be highly considered when intercepting data. The main focus of our project may arise some issues concerning safety in relation to Microsofts Terms of Use. Under the No Unlawful or Prohibited Use section of Microsofts Terms of Use states that Using a service in any f ashion that could damage, disable, or overload Microsofts network, or affecting another partys service cannot be conducted.

P a g e |8

(Microsoft). The aspect of safety for this project needs to be highly considered when intercepting data. Since we will be trying to intercept data from an Xbox, there are certainly some risks involved. We are not owners of the data, which may imply that we would be stealing this information. This can be considered unlawful or prohibited, which may raise flags during parts of our project. There are some Microsoft guidelines and rules by which we need to abide by in order to make sure that we do not disown Microsofts Terms of Use. In order to assure that the work we will be doing in our project abides by these terms, we must be certain that we do not perform any procedures that would be damaging to the Microsoft servers. In addition to this, we cannot do anything that would negatively affect Microsofts servers or networks during the data interception steps.

Reliability We need to ensure that we conduct our procedures in a way that is guaranteed to work every single time it is attempted. When we write down the steps needed to conduct our mission goal, we need to be clear and precise so that no future attempts to recreate the situation ever fail. The instructions must be written in a legible manner as to not confuse any readers. We also have to make sure our methods of capturing the target packets are correct in their proceedings, enabling a user who follows these methods to produce a viable result every time. If we do not verify our procedure multiple times we run the risk of losing our credibility in this project. Some major points to consider about reliability is ensuring the connection to our virtual machines. Our virtual machines is what allows us to capture packets being sent by the xbox through the router. If access to this resource is interrupted during the procedure, we failed in providing reliability for our project. The methods are required to work 100% of the time, if this

P a g e |9

isnt accomplished it would be a great pitfall for our project. Reliability is one of the most important aspects of this project and our group will work with great regard for reliability.

Security/Privacy Due to the sensitive nature of breaching WEP encryption and capturing data from an Xbox console, Team ClockWork faces practical concerns relating to security and privacy. First, since the team will be exploiting vulnerabilities within their own Wi-Fi connections and related devices, they must be careful to avoid inadvertently exposing their own equipment and private information to outside threats. Precautions should be taken to ensure that all major interfaces utilized involved the project, such as Kali Linux and the network configurator, are themselves secure before attempting to proceed. ClockWork must also outline precautions and guidelines before commencing data capture to avoid accidentally violating the privacy of anyone within the group. The team must work to ensure that Kali Linux and the associated tools are only being used to monitor, capture data, and break encryption on team owned and operated devices, so as not to interfere with the privacy and security of others. Failure to do so could incur serious legal liabilities and threaten the projects success and legitimacy. Finally, touching back to issues raised in the Safety section, the team must be cautious to avoid any action that could be construed as damaging towards Microsofts data and network systems, since doing so would grievously impact the security and operations of the project.

Quality In terms of quality for this project, we are expecting the data we intercept to be significant. The type of data we are expecting to intercept data such as user information, which will require filtering of any non-essential data that could be collected in the process. Valuable

P a g e | 10

information will be isolated from invaluable data and translated into an understandable format. The information acquired is expected to be valuable enough to deem it a security risk and that be able to state that valuable information is able to be acquired through said actions.

Constraints and Limitations We will be constrained by our teams lack of previous experience with network hacking and a need to practice our approach and work around technical problems that are bound to arise. The level of encryption is a limitation to us our goal as well seeing as the higher the encryption, the more difficult it is to crack and the more expertise that is required. Certain encryptions could exceed the amount of processing power and capability that is our cracking program, Kali Linux. Even if Kali Linux is able to handle the encryption, the time it would take could be prohibitively lengthy as well, leading to a need for another plan.

P a g e | 11

Risk Assessment & Mitigation Plan

What software and systems are present on the network? Laptop computer
It could contain malware prior to use that can affect data and processes carried out at later time. It could crash and ruin current operation. It could have installed monitoring hardware and software like keystroke loggers and internet history logger.

VMware server
Security could be comprised by a third party that has found a way in through the network and firewalls. It could be comprised by an entity inside PSU with access to server room, direct uplink can bypass the majority of the protocols. Bot attacks could potentially crash the server via DDOS or use servers and terminals in a bot attack on another network.

Kali Linux
The program could be corrupt hindering our hacking efforts by means of a virus or many other means.

Wireless Router
Used as means to transmit data around the network wirelessly and provide an internet connection. Unless specifically targeted by malicious physical means or corrupting program, relatively immune to failure aside from outphasing of wireless bandwidth and manufacturers planned obsolescence.

Xbox Console
Tethered to the wifi network and is the target of the hack we are going to perform. Wireless security is strong- uses Kerberos While capable of getting a virus, Microsoft keeps a degree separation between the Xbox and the pure, unfiltered internet that you get on your laptop. Virus penetration would most likely have to come through Microsoft Xbox Lives servers to affect consoles effectively. Although they have improved dramatically in recent product iterations, Xboxes have a noticeably higher hardware failure rate compared to other consoles and computers. So there is always a risk of it failing permanently.

P a g e | 12

Malware introduction from a real world entity via the USB ports on the console are possible as well albeit very unlikely.

What systems are vulnerable on the current network? Why are they vulnerable?
The network is vulnerable because Microsoft uses a well-documented authentication system with their Xbox gaming platform - Kerberos that uses AES encryption to fulfill a PKI environment. We can compromise the authentication server and then impersonate any user It is still vulnerable to password-guessing attacks Also does not prevent denial-of-service attacks

What types of solutions are available to mitigate the risks? Hardware or Software? What kind?
In order to assure that the Laptop computer we are using isnt infected with Malware or Viruses we must set up Anti-Virus and Anti-Malware software on the Laptop. By doing this we can run scans every time we use the computer to ensure the computers in a good state at all times.

Whats the cost?

Since a group member of ours has Xfinity internet we have access to downloading the full Norton Security Suite for free. In the free Security suite, you get everything you would by paying for the full premier package. This package provides the following: Core Protection: Which is protection against Viruses, spyware, trojan horses, worms, bots, and rootkits. It also protects against browser and application threats, and protects you from infected websites. Another great protection feature it has is the networking feature. Which helps secure and monitor your home network, it also automatically secures your PC when connecting to public WiFi. It also has a ton of other features that wont really utilize such as Identity protection, PC tuneup and Support for these features.

What does it do?

P a g e | 13

Antivirus and Anti-Malware software utilizes signature based detection of malicious code for established threats and heuristics to detect, prevent, and eliminate threats from newer forms of malware, trojans, viruses, root kits, and tracking cookies. Signature based detection relies on updating a software catalog of threat definitions distributed by the softwares developers containing kn own patterns of malicious code and executables. The software scans the host system for any matches within the archived database to prevent and eliminate threats in real time or at scheduled intervals. Suspicious code is isolated or deleted upon detection and the systems user is notified of the security breach. Heuristics relies on rules of thumb to recognize similar patterns of coding and variations on established threats to prevent new viruses or new variations of threats from affecting the host system. Just as with signature based detection, the software will isolated or delete the threat upon detection, as well as notify the software developer of the new threat.

How long will it take to implement?

It will not take very long to implement the Anti-Virus and Anti-Malware. Once we access Xfinitys website all we have to do is download the Security Suite and install it. This could take anywhere from 1015 minutes to a few hours depending on the size of the download and the internet speeds we are using.

Is implementation feasible?
Implementation and maintenance is easily feasible due to low to no cost, minimum time investment, and the simple upkeep of the outlined plan. As mentioned, adequate protection is available through complementary copies of the Norton Security Suite, which is a simple and intuitive software to use. Group members will run the required scans to minimize the risk to all systems involved in the project and maintain up-to-date threat catalogs. Since many of these steps are already common practice for group members outside of the scope of the project, there are no expected difficulties in implementing the mitigation plan. Running the Norton software will require limited system overhead, but this is not anticipated to be a serious performance concern.

P a g e | 14

Will implementation disrupt current business operations?

Implementation will not disrupt the current business operations at a high level. Using Anti-Malware and Anti-Virus software is an essential steps concerning the operations for our project. The only disruption implementation will introduce is simply the time it will take to run virus scans. If the software detects viruses this will cause a serious disruption in our operations, but it is better for a virus to be detected than our group members not knowing about it.

P a g e | 15

Team Clockwork Proposal

Our team is planning on using the Fern program from Kali Linux on a virtual Linux system to intercept and crack wireless data being sent to an Xbox 360 gaming console. We will set up a large data transfer on a LAN from a streaming service such as Netflix or Hulu and while streaming to the console, we will use Fern to crack the WEP encryption and access the data being transmitted. We will document our decryption process with a camera to demonstrate our success.

P a g e | 16

Detailed Security Plan

Technical Security Policy & Baseline Technical Details and System Setup The first technical security aspect of our system is the Wi-Fi network. It will be configured to WEP encryption standards and made visible to all scans for Wi-Fi networks. The Xbox will be tethered to the Wi-Fi via its built-in network configuration settings that will require the denotation of WEP encryption and the entrance of the WEP key. The SSID of the Wi-Fi network is called Grapes there is no subway mask and a standard gateway being used. Proxy server setting will be left alone as well. Once the console is connected to the Wi-Fi, data transmission will begin to happen between the Xbox live servers and the console. A large data packet will downloaded on the Xbox via an application of our choosing like Netflix, Hulu or HBO. Additionally we will have our attacking machine on the Wi-Fi as well. Kali Linux, our Wi-Fi cracking program, will be booted from a thumb drive on the attacking machine and configured to break into our network. Seeing as we are booting from a thumb drive, we decrease our vulnerability of anything backfiring on the attacking machines actua l system or data. Microsoft servers use Kerberos as their ticket granting service to Xbox consoles querying their databases for information. However, once the data is transmitted through the wireless router, it only receives WEP encryption from the router itself. With this being the security of the data at this point, it is very low at this point and fairly easy to obtain. The attacking machine will run Symantec antivirus to reduce the risk of picking up anything from the internet.

System Baseline

P a g e | 17

The baseline of the system involves constant connectivity between the router and all devices connected to it unless the connected devices are shut off or have their Wi-Fi connectivity turned off. There is a constant stream of data to and from all of the connected devices to the router and then the internet. Checking for emails, system updates, iMessages and application data all make up parts of the transmitted data. The Xbox console in specific is off of the network most of the time since it doesnt get that much use and is therefore shut off. Data streaming patterns are erratic and vary with usage, online play and entertainment downloads. This is why we will be specifically streaming a large amount of data at the time of break-in to ensure that we intercept some of the packets. Normal operation does not involve the use Kali Linux or an attacking machine that is not on the Wi-Fi. All of the devices in the system do not normally interact with one another let alone intercept each others data.

Personnel Security Plan Due to the fact that our project topic is intercepting packets that are being sent over a network connecting to a Microsoft Xbox, the members of our team need to be responsible when performing the necessary tasks in order to be successful. Team Clockwork will be using the Kali Linux software in order to intercept data packets. Kali Linux is made from the creators of BackTrack and is using for penetration testing. This software offers many tools, including data analysis software, which can possibly cause harm to others without our group members even knowing. Since Kali Linux has the capability to negatively affect others, Team Clockwork has set guidelines on how each member of the team should act while working on the project.

P a g e | 18

The members of Team Clockwork have come to the agreement to only use Kali Linux solely for project purposes. Each team member is to act in a responsible manner and to not take advantage of other team members or members of the public while using this software. Like stated before, Kali Linux is home to many tools that our team can use. In particular, Team Clockwork anticipates to use the WireShark, AirSnort, and Reaver tools. These tools are solely for intercepting data packets, decrypting WEP encryptions, and breaking Wi-Fi passwords. Team Clockwork has agreed that no member of the team shall use these tools against the general public, team members, classmates, and the Penn State community. These tools will only be used for our project and on a member of the teams wireless or Ethernet network. The main purpose for setting these guidelines is to maintain responsibility and trust throughout our team. With the team members working responsibly will ensure our project to run smoothly without any difficulties. Attached below is a contract our team has come up with to ensure each member follows the guidelines for the personnel security plan: Team Clockwork Personnel Security Contract 1. No member of the team shall use any of the tools available to cause harm to any

teammates or the public. 2. 3. 4. 5. The tools used shall only be used for project purposes. Documentation of every step using the Kali Linux software shall be saved. Every member of the team shall be present when using the Kali Linux software. Any team member that does not abide by these rules shall be reported to the professor.

P a g e | 19

Team Members Signatures Bryan Beech Kevin Foldes Eric Gibbs Hunter Walker Blake Michener Matt DeRosa Bryan Beech Kevin Foldes Eric Gibbs Hunter Walker Blake Michener Matt DeRosa

Team Clockworks Personnel Security Contract is very similar to an Acceptable use Policy (AUP). This security contract emphasizes that each team member needs to act in an appropriate manner or consequences will arise. In order to make sure each team member is following the guidelines set, Team Clockwork has agreed to all be together when using the Kali Linux software. The rules stated in the contract relate to an AUP by clearly stating the guidelines, outlining the penalties of breaking the rules, and having a signature section before using the software so all team members are familiar with the rules before using the programs on Kali Linux. Working with an International Safety Security Management team would be very beneficial for our team. However, Team Clockwork is not an established business or corporation and does not need high priority security measures for this project. Due to the fact that this is a team project for a class, the Pennsylvania State University can serve as an ISSN. With Team Clockwork following the guidelines set, especially the point of documenting our steps, Pennsylvania State University will serve as an ISSN if any issues arise. Granted, Team

P a g e | 20

Clockwork does not anticipate using the software for any illegal or harming actions, just solely for project purposes. Team Clockworks personnel security plans guidelines also relate to the three main points from the CIA triangle: confidentiality, integrity, and availability. Confidentiality relates to the team members only using the software for project purposes. No team member should use Kali Linux to crack others passwords or put anyones data privacy at risk. Integrity comes into play when using only the tools for project purposes and all team members being present when conducting the necessary steps. The signature section included ensures that each team member can be trusted and will uphold their integrity. Availability is the last point in the CIA triangle but is not as important as the prior two. The availability of the software is on one of the team members personal computers. Since the contract states that every team member needs to be present while working with the software, the software will always be available to the team while working. If an issue arises, such as the software not working correctly, all members of the team will be present to fix the issue.

Physical Security Plan The system is going to be physically secured using a laptop computer and a flash drive. The physical security of the system will secure due to the separation of the laptop computer configured to use Kali Linux, and the flash drive that the Kali Linux system is installed on. The laptop computer will remain in Hunter Walkers possession for the entirety of the project, only shared with group members during set times designated to work on the project. The flash drive with Kali Linux will be on his person at all times on his keychain until it is booted on the laptop for use. Access to the machine will be limited to group members who have been given the login

P a g e | 21

credentials for the laptop. The flash drive will also have limited access to only those authorized as it will also be password protected. If the flash drive at any time will be exchanged between the team for extended periods of time, further security will be put in place. The drive would then be encrypted with a 128 bit encryption paired with a kill switch program, after 3 unsuccessful attempts to enter the correct credentials, the drive will be wiped and unusable. Take home hardware will be accounted for personally by Hunter Walker. As stated above the laptop will be in his possession for the entirety of the project, when it is not in his immediate possession it will be located in his apartment which will be locked. At no point in time will the laptop be in sole possession of anyone outside of team clockwork.

Change Management Plan Hardware and Software Upgrade Plan Hardware upgrades will be fulfilled on an as-needed basis. If the hardware running Kali Linux isnt able to brute-force the security protocols on the router were trying to penetrate in a timely fashion, then we will cluster multiple PCs together in order to combine processing power. This additional processing power will enable us to penetrate the target router in a reasonable timeframe. If any piece of the hardware is found to be functioning incorrectly, that piece of hardware should be replaced with one in working-condition as soon as possible. Software upgrades will be implemented as soon as they are publicly available. When they are, they will be immediately downloaded and installed on the machine responsible for intercepting packets on the target network. These software upgrades ensure we keep our system running in the most efficient and mitigate the risk of failure due to some software-related issue.

P a g e | 22

Performing Maintenance Maintenance will be performed by the member with the most expertise of the system, hardware, or software with regards to what type of maintenance task is being performed. For example, if Kali Linux needs to be upgraded to the latest version, the member of the group with the most expertise dealing with Kali Linux should be the member designated to upgrade the operating system.

Credentials Formal credentials are not required for this project, however, any member intending on making changes to any part of the system should possess a working knowledge of the that piece of equipment, as well as knowledge of how the system works as whole. This is so that the member making changes wont make changes that cause the system to function incorrectly.

Credential Assignment Only members within the project group will be allowed to make changes to the system. Authorized access is a priority because we need to be sure that the system stays within working order.

Patch Management Patch management coincides with our software upgrade policy. Patches should be rolled out as soon as they are available. This policy includes monitoring update streams of the software we are using such as Kali Linux, Wireshark, Airsnort, and Reaver tools. Patch checks should be

P a g e | 23

performed on a daily basis. This will ensure that functionality in our system stays in working order.

Privilege Management Plan Maintaining Integrity Privilege management will be very easy on our system. We will be using Hunters computer to run Kali Linux. Kali Linux is basically the new backtrack 5 on steroids, so we have opted to use that. Everyone will be able to access this program from hunters computer locally while working on the project together. The physical security of the system will secure due to the separation of the laptop computer configured to use Kali Linux, and the flash drive that the Kali Linux system is installed on. The laptop computer will remain in Hunter Walkers possession for the entirety of the project, only shared with group members during set times designated. The flash drive with Kali Linux will be on Hunter at all times on his keychain. The flash drive will also have limited access to only those authorized as it will also be password protected. The drive would then be encrypted with a 128 bit encryption paired with a kill switch program, after 3 unsuccessful attempts to enter the correct credentials, the drive will be wiped and unusable.

Access Policies All group members will have access to the computer locally when working on the project with Hunter. By doing this we allow everyone to try out Kali Linux and work on the project together and learn how to use the program. By restricting certain group members we will only

P a g e | 24

hinder their learning of the new program and understanding of the process of cracking the WEP and getting the information.

Executive Privilege There will not be executive privileges and all group members will have the same privileges as explained above. The only people who will access are those who are physically there with Hunter when he runs Kali Linux off of his computer. Also since Hunter is the owner and administrator of his computer he will be considered an executive because he has overall power of the computer but we will be able to do anything needed to be done on his computer with no restrictions.

Backup & Disaster Recovery Plan

Regional Threats Crime On campus and off campus, some of the most common crimes in the State CollegeUniversity Park area are larceny and burglary. Burglary is defined as illegal entry into a building with the intent to commit other crimes, while larceny is the illegal act of ta king anothers personal property. In the 2012 calendar year, the Penn State Annual Security Report for 2013 listed a staggering four hundred and fifteen instances of larceny on campus alone, including three automobiles. Another forty eight instances of burglary were also recorded on campus. In terms of the greater State College area, burglary and larceny rates are generally regarded as low for the population, although they tend to spike during periods of time where students are away from

P a g e | 25

their dorms or apartments. It is also worth noting that the University and town have separate crime reporting under separate police departments, which may dramatically downplay the overall rates and trends in minor crimes like larceny. As a result of the somewhat substantial risk of theft for high value items like laptops, computers, and Xbox consoles used within this project, team members should observe prudent physical security measures and ensure their personal property is adequately secured at all time. Theft of critical items could result in major delays related to the projects timeline, important data loss, and result in a lengthy recovery process. Team members who live off campus should maintain a similar level of physical security as well as considering rente rs insurance to offset some of the cost of potential larceny, if it is not already required by their lease. All team members should maintain multiple copies of all important data as well as utilizing cloud storage services to mitigate the risk of loss due to theft or other threats.

Severe Weather Tornadoes Tornadoes are a severe weather event characterized by a high speed, rotating column of air. The high winds and damaging debris produced by tornadoes can destroy or damage buildings, obliterate critical infrastructure, and constitute a serious threat to human life. While Happy Valley may seem an unlikely place for such a disaster as it is located far from the tornado-stricken region of the United States dubbed Tornado Alley, Pennsylvania still ranks among the top twenty five states for tornado occurrences. This totals approximately twenty damaging tornadoes per year, with Centre County experiencing approximately twelve tornado events in the past one hundred and twenty nine years. While this rate of occurrence seems

P a g e | 26

extremely infrequent as it is on the low-middle side of the states tornado distribution, it is still a dangerous event that could have a massive impact on critical project elements and recovery. The damaging winds and relatively flat terrain of Centre Countys valleys could eviscerate utility lines over a substantial area and result in a lengthy recovery period. Such outages of power and internet would be devastating to the teams project and deadlines. The risks of tornadoes can best be addressed by team members monitoring current weather and severe weather threats. Critical devices should be stored in safe and dry locations under the threat of severe weather and unplugged if there is a risk of voltage spikes. Team members should also be aware of the threat to their own safety and seek shelter in appropriate buildings when under tornado watches or warnings. In the event of prolonged power or utility outages, team members should, if possible, attempt to locate businesses or residences that were not affected by the disaster and offer free internet connections to continue project development.

Thunderstorms In the past fifty four years, Centre County has been host to far more damaging thunderstorms than it has tornadoes. With one hundred and eighty nine being recorded in just the past fifty four years, this averages out to approximately three and a half thunderstorms with damaging winds, hail, lightning, and heavy rains per year. All of these phenomenon associated with severe and even moderate storms pose a threat to our teams equipment, data, and our ability to perform critical tasks. Just as with tornadoes, the winds and hail can produce property damage or sever power lines and utilities necessary for our operations. Lightning can also result in damaging power surges that destroy or disable sensitive electronic devices. Finally, the heavy rains associated with severe thunderstorms pose a threat to the unique geography of State

P a g e | 27

College our area, especially campus, is incredibly prone to flooding. After heavy rain, major roadways and low-lying buildings are vulnerable and flood waters pose a serious threat to electronics and electricity. The risks of thunderstorms can best be addressed similarly to tornadoes or other severe weather by team members monitoring current weather threats. Critical devices should be stored in safe and dry locations under the threat of severe weather and unplugged if there is a risk of voltage spikes, as would occur with frequent lightning strikes in the nearby area. Team members should also be aware of any threat to their own safety and seek shelter in appropriate buildings if they are concerned about severe weather conditions. In the event of prolonged power or utility outages, team members should, if possible, attempt to locate businesses or residences that were not affected by the disaster and offer free internet connections to continue project development.

Flash Flooding As mentioned above, Centre County and more specifically State College are at great risk for serious flooding and water damage. While official records identify only twenty five flash floods in the past fifty four years at a rate of about one flood every two years, this tally many reflects rivers and major water sources overflowing as opposed to the more general water dispersal problems that State College experiences. As recent as June of last year, heavy rains left several feet of water pooled on some major roads and caused serious water damage to low lying buildings. Floods could pose a serious threat to the project flooding may physically destroy essential devices and data, cut off utilities, pose a threat to the well-being of team members, and require long term recovery based on extensive damages.

P a g e | 28

Flooding and flashing flooding risks can best be addressed similarly to other severe weather. Team members should vigilantly monitor current weather threats and act accordingly. Critical devices like computers or Xbox consoles should be stored in safe and dry locations that are well above ground during the threat of flooding and unplugged to ensure that any damage to surround utilities would not affect the device. Team members should also be aware of any threat to their own safety and seek shelter in appropriate buildings if they are concerned about severe weather conditions. Due to the difficulties associated with determining the depth or possible damage cause by flood waters, team members are encouraged to avoid traveling during the immediate emergency. In the event of prolonged power or utility outages, team members should, if possible, attempt to locate businesses or residences that were not affected by the disaster and offer free internet connections to continue project development.

Hurricanes Pennsylvania and the Centre County region are at relatively low risk for the devastating impact of full-force hurricanes, but the area has still been affected by the winds and substantial rainfall that can occur when a tropical storm marches inland. Hurricanes have produced as much as nineteen inches of rain water in eastern Pennsylvania and their high winds have been associated with at least seven deaths in the past fifteen years. Due to their overall weakened nature and most common attributes high wind, substantial rainfall, and hail team members should generally regard tropical storms and hurricanes as powerful thunderstorms for a disaster management perspective. Hurricanes and their associated threats can best be addressed similarly to other severe weather such as flooding or thunderstorms. Team members are expected to monitor current

P a g e | 29

weather threats and act accordingly. Critical devices like computers or Xbox consoles should be stored in safe and dry locations that are well above ground during the threat of flooding and unplugged to ensure that any damage to surround utilities would not affect the device, as might happen with lightning from the storm front. Team members should also be aware of any threat to their own safety and seek shelter in appropriate buildings if they are concerned about severe weather conditions. In the event of prolonged power or utility outages, team members should, if possible, attempt to locate businesses or residences that were not affected by the disaster and offer free internet connections to continue project development.

Snow and Ice The Centre County region experiences a substantial amount of severe winter weather ranging from ice and sleet storms to powerful blizzards. The freezing precipitation can create hazardous road conditions, down power lines, and create major schedule disruptions. Due to the timeframe of the teams project, however, the risk of these affecting our progress is remarkably low. At present time, Accuweather suggests that there will be no freezing rain or snow within the next several months. In the event that snow does occur, team members should be cautious and allow extra time for travel to classes or meetings. Snow poses little risk to the critical technology involved in the project, though it could potentially lead to downed power lines or utilities. As with other threats, in the event of prolonged power or utility outages, team members should, if possible, attempt to locate businesses or residences that were not affected by the disaster and offer free internet connections to continue project development. Campus computer labs are also generally

P a g e | 30

unaffected by frozen precipitation and may serve as a viable meeting place or alternative workstation.

Earthquakes Pennsylvania is not located along a major fault line and Centre County itself lies between the very slight to slight risk categories for earthquake hazard zones. Although Penn Sta tes University Park campus has experienced at least one felt tremor in the past five years, the earthquake was not of substantial enough magnitude and was at great enough of a distance that it did not pose any threat. More substantial earthquakes could cause significant destruction by destroying underground and aboveground utilities, damaging or destroying buildings, and posing a serious threat to team members. In the event of a minor earthquake, team members are encouraged to avoid panicking and move to a safe location. In the unlikely event of a major earthquake, team members should place priority on personal safety and only focus on recovering key equipment after it is deemed safe by proper authorities. As with other major disasters, it is likely that utilities may be disrupted for a substantial period of time. If possible, team members should seek out businesses, known residences, or campus workstations that have power and internet access.

Maintaining Uptime As outlined in the potential threats and scenarios above, there are many commonalities in maintaining reasonable uptime and recovering from serious disasters. First, key devices and technology should be stored in a physically secure location that is locked or under direct observation if it cannot be locked. Due to the overwhelming number of natural threats, this

P a g e | 31

location is ideally above ground, dry, and a stable location. Similar cautions should be utilized when devices are in use for the team project, as should reasonable measures of physical security. To ensure data and team progress is not lost, team members should adhere to the backup plan outlined below, as well as ensuring all team related work is shared to group members, saved to multiple physical locations(such as multiple hard drives, flash drives, personal and university computers), and uploaded to the cloud storage service Google Drive. By following all of these steps, the team can manage the catastrophic loss of one or more devices or copies of data without actually losing progress on the project. In the event of major utilities being down for an extended period of time, team members should familiarize themselves with the many businesses and computer labs in the area that offer free internet or computer access. The University Park campus itself is obviously a tremendous resource, as it offers a central location that rarely loses power or internet access that could be utilized for both team meetings and workstations in the event of a disaster. While they cannot be used to compensate for equipment loss, many fast food restaurants and cafes offer free internet connections and power outlets that can be utilized to perform some less technical aspects of the project. Finally, known residences of family and friends outside of a specific dis asters radius can be employed by team members for both utilities and workstations, as well as a safe place to conduct the more sensitive aspects of the project involving breaking wireless encryption.

P a g e | 32

Critical System
Xbox Console

Threats
Xbox Live Downtime, Physical Theft, Environmental Threats, Device Failure

Response Strategy
Determine nature of problem, confirm device is not functional, troubleshoot device

Recovery Strategy
Utilize alternate device while recovering primary if necessary, alter project scope if alternate is unavailable/unworkable

Team Computers

Theft, Environmental Threats, Device Failure

Ensure device is inoperable, confirm data was saved/stored elsewhere, troubleshoot device Verify data was saved/stored, switch to alternative storage location/medium/device, adhere to backup plan, determine nature of data threat

Shift data/assignment to other members while device is recovered, utilize alternative workstation if device cannot be fixed in a timely manner Fix data issue/device, continue to adhere to backup plan

Team Data

Theft, Environmental Threats, Device Failure

Utilities

Environmental Threats

Locate alternative work sites or stations, alert team of viable locations

Return to normal devices/workstations and sites, ensure proper backup plan adherence

Backup Plan At a glance: Type: Full Backup Frequency: One per meeting, week, or deadline whichever occurs first Hardware: Team Members personal computer, flash drives, and university machines Storage Location: Onsite and Offsite. Onsite Personal devices. Offsite University machines and cloud storage.

P a g e | 33

Details In order to ensure a smooth recovery from any possible disaster or setback, Team Clockwork has elected to employ a full backup strategy. As a result, the team will ensure that each member backs up all of the data, documents, and major software involved in the project to ensure straightforward recovery. In line with a good backup plan, this means that we will not only be backing up our essential documents and files associated with the project, but also maintaining multiple operable copies of the Kali Linux distribution that we have elected to use and maintaining complete records of team communications. The latter task is accomplished through the GroupMe application, which allows our communications and profiles to be stored locally and remotely. This step, while possibly unnecessary, was largely inspired by some of the requirements of SOX. Everyone within the team will be responsible for backups as a result, data and software will be almost impossible to lose and all team members will constantly be updated and aware of the projects current status and deadlines. This decentralized approach works well with the nature of a less-formal group project and carries the secondary purpose of ensuring every member is actively engaged in the assignment. Full backups should be conducted every week, every major project deadline, or after every team meeting, whichever occurs more frequently. A variable frequency dependent primarily on important events offers the most reliable option to ensure that all data and software is properly backed up after important changes are made or milestones are reached. As a team, we have elected to use both onsite and offsite storage methods to ensure effective and resilient backups. In terms of onsite storage, we are utilizing our devices and flash drives as a means of individual, local backups. For offsite backups, university machines and

P a g e | 34

cloud storage via Google Drive meet our teams needs as well as facilitating team collaboration efforts. Overall, our backup plan ensures a simple but effective means of complete recovery from nearly any disaster. By requiring everything be backed up by anyone, we have not created an unnecessary burden due to the limited scope of the project, but do ensure that everyone is involved and engaged. Similarly, requiring these backups be done dependent on periods of productivity or within a certain time frame ensures that important progress will always be recoverable. Finally, the overall strength of our plan is only reinforced by requiring the backups be done on two physical devices onsite as well as two off site, remotely accessible locations.

P a g e | 35

Technical Implementation
Installation of Kali Linux In order to allow the use of Kali Linux without installing it the on hard drive, we used Linux Live to create a bootable live drive to be able to run the operating system off the flash drive. After the live drive was made, we had to change the BIOS settings of the computer we intended to run it on. The boot priority was edited to allow the flash drive with Kali Linux to boot when the flash drive was inserted into the computer and restarted. Once the flash drive loaded the Kali Linux distribution, we selected Run AMD 64, which would boot Kali Linux without installing. After a few minutes the GUI loaded and the operating system was live and ready for use.

Cracking into the Target Wi-Fi After analysis of the target network, we determined that network was using a WEP encryption. Once we had determined the type of encryption the network was utilizing, we began research of WEP cracking methods. The most practical method of cracking the Wi-Fi and gaining access to network would be through a program call FERN, a python based cracking program. The network was put into monitor mode through the command console, then the WiFi cracking program FERN was launched. Once the program was launched we began scanning for the target network, once the network was found we instructed the program to attack the target network. Before the attack commenced, the option to automate the attack was checked, this also

P a g e | 36

enabled the program to initialize packet injection into the target network to speed up the process of cracking. After 3-4 minutes the cracking was successful and the network key was displayed. The network key was confirmed, and was used to gain access to the network. Once access to the network was obtained, we launched the program Wireshark to begin packet sniffing. Wireshark was set to sniff packets on the target network we gained access to, after 5-10 minutes of sniffing, we ended the capture. After analysis of the packets we determined that we were able to capture Microsoft Certificates from the Xbox 360 used to authenticate users. We also captured packets with URLs attached to them that enabled us to download images and other GUI components directly from out web browser on a computer. Another interesting catch was the IGMPv2 protocol, which is used for multicast group protocols which indicates it goes hand in hand with the account subscription verification of an Xbox Live Account.

P a g e | 37

Appendix of Detailed Setup Instructions

1. Downloaded the penetration testing operating system, Kali Linux 2. Once image file was downloaded, we proceeded to use Linux Live to write the image to a flash drive to make the drive bootable 3. After the drive was finished, we configured the attacking laptops BIOS setting to boot from the flash drive 4. When the BIOS was configured, we plugged in our flash drive and booted into Kali Linux 5. In the Kali Linux menu we chose AMD 64 graphic, which boots a GUI for Kali Linux 6. Once we were in the Kali Linux GUI, we proceeded to open up FERN 7. With network monitor mode enabled, we began scanning for the target network 8. Once the network was found we selected the target network, enabled automate attack and selected chop-chop attack from the packet injection drop down menu and begun the attack 9. After 5 minutes the attack was successful and displayed the network key 10. The key was used to gain access to the network, once in we opened up Wireshark 11. Before we begun the capture, we bridged the connection from the Xbox 360 to the attacking laptop 12. In Kali Linux we modified the network connection to allow sharing of internet to other devices 13. After booting up the Xbox 360, we begun capturing on eth0 (Ethernet port)

P a g e | 38

14. While capturing we signed into an Xbox live account and navigated though the menus and applications 15. After 10 minutes of capturing we ended the capture and begun analysis of the packets 16. After analysis of packets we found packets pulling media data and included a partial URL 17. We copied the URL, added download.xbox.com at the beginning of the url and copied it into a browser 18. After a couple seconds the browser loaded the image that was displayed on the Xbox 360 GUI

P a g e | 39

Appendix of Problems
Problem One: Too much data on the network. Fix: Reduce overall traffic and bridge consoles network connection via laptop. Problem Two: Fern malfunction. Fix: Packet Injection change to chop chop method and increase overall traffic on network. Problem Three: Nature of Kerberos Tokens. Fix: They are not sent from Xbox Live to console but rather between consoles in peer-to-peer connections. Problem Four: Unable to discover networks in Kali Linux. Fix: Enable monitor mode on network card. Problem Five: Lack of Xbox Traffic. Fix: Sign in to Xbox Live after Wireshark capture starts.