ba 572 - j. galván1 computer crime cybercrime, cyberterrorism, and cyberwarfare
TRANSCRIPT
BA 572 - J. Galván 1
COMPUTER CRIME
Cybercrime, Cyberterrorism, and Cyberwarfare
BA 572 - J. Galván 2
Cybercrime
Illegal or criminogenic activities performed in cyberspace
BA 572 - J. Galván 3
Common EC/EB crime targets/victims
Identity theft – is your customer “real”? Credit card number theft – is your customer’s
credit/debit account “real”? Computational embezzlement – fraudulent
creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem)
(Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far
BA 572 - J. Galván 4
Hacker/Cracker
Originally, an expert programmer Today, someone (Cracker) who breaks into
computers Types of hackers
White-hat hackers Black-hat hackers (crackers, dark side hackers) Elite hackers
Superior technical skills Very persistent Often publish their exploits
Samurai – a hacker for hire
BA 572 - J. Galván 5
A list of postings on a hacker newsgroup.
Source: alt.bio.hackers newsgroup
BA 572 - J. Galván 6
A typical posting.
Source: alt.bio.hackers newsgroup
BA 572 - J. Galván 7
Hackers publish their exploits.
Source: http://packetstormsecurity.org/
BA 572 - J. Galván 8
Script-kiddies and Phreakers
Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers
Phreaker Person who cracks the telephone network
Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators, etc. Potentially most dangerous
BA 572 - J. Galván 9
Why Do Hackers Hack? Government sponsored hacking
Cyberwarfare Cyberterrorism Espionage
Industrial espionage White-hats
Publicize vulnerabilities The challenge – hack mode
Black hats – misappropriate software and personal information
Script kiddies – gain respect Insiders – revenge
BA 572 - J. Galván 10
Password Theft
Easiest way to gain access/control User carelessness
Poor passwords Easily guessed
Dumpster diving Observation, particularly for insiders
The sticky note on the monitor Human engineering, or social engineering Standard patterns
Guess the password from the pattern
BA 572 - J. Galván 11
Rules for Choosing Good Passwords
Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types
Letters, digits, special characters Use an acronym Avoid dictionary words Different account different password Change passwords regularly
BA 572 - J. Galván 12
Packet Sniffers
Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk
Ethernet and cable broadcast messages Set workstation to promiscuous mode
Legitimate uses Detect intrusions Monitoring
BA 572 - J. Galván 13
Potentially Destructive Software
Logic bomb (set up by insider) Potentially very destructive Time bomb – a variation
Rabbit Denial of service
Trojan horse Common source of backdoors
BA 572 - J. Galván 14
Backdoor
Undocumented access point Testing and debugging tool Common in interactive computer games
Cheats and Easter eggs
Hackers use/publicize backdoors to gain access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access
Back Orifice – the Cult of the Dead Cow
BA 572 - J. Galván 15
Viruses and Worms (most common)
Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies use
these (but most anti-virus software does not!) Worm
Virus-like Spreads without a host program Used to collect information
Sysop – terminal status Hacker – user IDs and passwords
BA 572 - J. Galván 16
Structure of a typical virus.
Payload can be Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer
Macro viruses Polymorphic viruses E-mail attachments
Today, click attachment Tomorrow, may be eliminated!
Cluster viruses Spawn mini-viruses Cyberterrorism threat
Reproductionlogic
Concealmentlogic
Payload
BA 572 - J. Galván 17
Anti-Virus Software
Virus signature Uniquely identifies a specific virus Update virus signatures frequently
Heuristics Monitor for virus-like activity
Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure
Recovery support
BA 572 - J. Galván 18
Security and virus protection in layers.
Defend in depth What one layer
misses, the next layer traps
Firewalls Anti-virus software
Virus protection
Personal virusprotection
Workstation
Host server
Router
Firewall
Internet
Firewall
Firewall
Internet
BA 572 - J. Galván 19
System Vulnerabilities
Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts
War dialer to find vulnerable computer
BA 572 - J. Galván 20
Denial of Service Attacks (DoS)
An act of vandalism or terrorism A favorite of script kiddies
Objective Send target multiple packets in brief time Overwhelm target
The ping o’ death Distributed denial of service attack
Multiple sources
BA 572 - J. Galván 21
A distributed denial of service attack.
Cyber equivalent of throwing bricks
Overwhelm target computer
Standard DoS is a favorite of script kiddies
DDoS more sophisticated
Target system
BA 572 - J. Galván 22
Spoofing
Act of faking key system parameters DNS spoofing
Alter DNS entry on a server Redirect packets
IP spoofing Alter IP address Smurf attack
BA 572 - J. Galván 23
IP spoofing.
Preparation Probe target (A)
Launch DoS attack on trusted server (B)
Attack target (A) Fake message from B A acknowledges B
B cannot respond DoS attack
Fake acknowledgement from B
Access A via 1-way communication path
Alpha server(the target)
Beta server(trusted source)
Hacker'scomputer
2
Under DoS attack
1
3
4 One-way connection
False message claiming to come from Beta
Counterfeitacknowledgement
Acknowledgement to BetaNo response possible
BA 572 - J. Galván 24
Cybercrime prevention
Multi-layer security Security vs. privacy?
BA 572 - J. Galván 25
The service worker