Power Pwn and DARPA Programs for Developing Hacking Tools

Monday, July 23, 2012

Pierluigi Paganini

03b2ceb73723f8b53cd533e4fba898ee

(Translated from the original Italian)

We have discussed several times of the interference of governments inside our ordinary life as they try to monitor our  social networks and gain access to our gaming consoles and everything surrounding us.

The nightmare experienced by the protagonist of the movie "Enemy of the State" is now a reality, as we live in the digital era and every device around us can be used to track our habits and to spy on our movements.

Government agencies have invested heavily in programs that "violate" our privacy in the name of national security, because the world changed after 9/11 and the risk of a dramatic cyber attack is now high.

Government monitoring is necessary for homeland security, and it's normal that law enforcement and other security agencies are working to increase overall control of possible threats to our security.

Among the appliances that monitor our traffic and the spiders that collect and correlate information on the our networks was invented by DARPA researchers.

Apparently it look like a surge protector, but it’s a powerful tool to infiltrate our networks by allowing remote access to our machines. The new device is called the Power Pwn, and it’s the evolution of a device that in the previous months has been presented as a little White Box that can be used to hack any network.

It's an all in one solution that contains the necessary hacking tools used by security experts and pen-testers to exploit a network.

The devices is also equipped with Wi-Fi and Bluetooth adapters which give the opportunity to an attacker to control it via the cellular network thanks to a “text-to-bash” feature that lets hackers send commands to the device using SMS messages.

The device makes it possible to conduct a full and accurate penetration test, that's what the CEO of Pwnie Express, Dave Porcello, said:

"It’s a device 'you can just plug in and do a full-scale penetration test from start to finish,' Porcello says. 'The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.'"

Following the full list of feature of the tool:

  • Onboard high-gain 802.11b/g/n wireless.
  • Onboard high-gain Bluetooth (up to 1000').
  • Onboard dual-Ethernet.
  • Fully functional 120/240v AC outlets!.
  • Includes 16GB internal disk storage.
  • Includes external 3G/GSM adapter.
  • Includes all release 1.1 features.
  • Fully-automated NAC/802.1x/RADIUS bypass.
  • Out-of-band SSH access over 3G/GSM cell networks!.
  • Text-to-Bash: text in bash commands via SMS! .
  • Simple web-based administration with "Plug UI".
  • One-click Evil AP, stealth mode, & passive recon.
  • Maintains persistent, covert, encrypted SSH access to your target network [Details].
  • Tunnels through application-aware firewalls & IPS.
  • Supports HTTP proxies, SSH-VPN, & OpenVPN.
  • Sends email/SMS alerts when SSH tunnels are activated.
  • Preloaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools, & more.
  • Unpingable and no listening ports in stealth mode.

The device has a reasonable cost (it is available in a version sold at $1295) and it can be used by corporations to conduct security audits remotely, but what is interesting is that the main customers of the device work for the federal government, around 90%.

Power Pwn can be used to launch remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks while searching for network weaknesses, it’s fully manageable via a Web interface, accessible through the unit's built-in 3G radio, or directly to the device via text message… to perform a network analysis it has never been easier.

But why mention DARPA in the beginning of the article?

Because the Power Pwn was developed with funds established by a Darpa program called Cyber Fast Track that promotes and helps in the development of a new generation of cyber-defense tools.

“'It’s kind of taking the tools that the hackers are using and putting them in the hands of the people that need to defend against the hackers,' Porcello says."

The Power Pwn is currently available for pre-order, but its estimated ship date is September 30, 2012.

Similar tools certainly facilitate the task of those who oversee the security of networks, with similar devices it is easier to continuously test the state of the network. However, such devices can also be used to attack networks.

There are countless variations on the theme and the availability of low cost embedded devices makes it possible to create platforms of every shape and size for the intrusion into networks of others.

Cyber espionage is largely a diffused practiced, especially against small and medium businesses. It’s in this area that it is difficult to fight cyber threats due to the smaller budgets for security, and in the same sector the effect of cyber attacks are really serious.

The availability of such devices has to demonstrate to us how technology can be invasive in our daily lives... in the future It could be possible to attack our home by way of the TV or our refrigerator... are we ready to prevent this?

Cross-posted from Security Affairs

Possibly Related Articles:
9052
Network->General
Information Security
Government Hacking Tools Penetration Testing Network Security DARPA Pwn Plug PwnieExpress Power Pwn
Post Rating I Like this!
Ca77c9128684f4263450c6d728107608
Damion Waltermeyer You had me really excited there. You forgot the initial 1 in the price. It's $1295 on the site. Looks like a great tool, Looking forward to it's release. I've been a fan of Pwnie Express for a while. Great Company.
1343416236
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Thanks for catching the pricing error Damion...
1343556324
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked