the seven hackers v6
TRANSCRIPT
Seven Hackers
Tom Gilheany, CISSPTwitter: @TomGilheanyhttp://gilheany.netLoading
_
1
Cyber Securityintroductory seminar
DefendersToolsLaws & Regs.
7 HackersTarget: YOUAttacks
The seven hackers you will encounter in the wilds of the internetSEVEN HACKERS_
SEVEN HACKERS
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.10,000 new species/variants of malware per day
1 Billion IP AddressesOperates in 47 countries6,000 common types of devices attacked.
4
SEVEN HACKERS
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.10,000 new species/variants of malware per day
1 Billion IP AddressesOperates in 47 countries6,000 common types of devices attacked.
5
SEVEN HACKERS
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.10,000 new species/variants of malware per day
1 Billion IP AddressesOperates in 47 countries6,000 common types of devices attacked.
6
SEVEN HACKERS
Attacks are EVERYWHERE
YOU are the TARGETIntended or Not!
http://map.ipviking.com/
Norse tracks >50,000 attacks per second.10,000 new species/variants of malware per day
1 Billion IP AddressesOperates in 47 countries6,000 common types of devices attacked.
7
SEVEN HACKERS
?
?
?
?
?
?
?
YOU MAY BE ASKING:Who would want to attack ME?Who ARE these people?Whats their MOTIVATION?_
8
SEVEN HACKERS
?
?
?
?
?
?
?
SEVEN HACKERS
?
?
?
?
?
?
?
1: SCRIPT KIDDIES
WHO ARE THEY?Limited Technical KnowledgeUse downloaded software kits.Some kits = advanced damage!Unaware or do not care about consequences.
MOTIVATIONS:ImmaturityEgo-BoostingThrill Seeking.
EXAMPLE:
The Movie Wargames1983, MGM Pictures
1: SCRIPT KIDDIES
2: CYBER-PUNKS
WHO ARE THEY? High-Tech, Low-LifeDisregard for Authority, Societal Norms Cultural RebelsHard-Boiled Hacker with Anarchist TendenciesMore technically sophisticated than Script-KiddiesCounts on Slap on the WristPredominantly 12-18yo MalesTechno-Revolutionary, Manifestos, Rave/TechoMOTIVATIONS:Recognition from Peers, Respect (or fear) from the systemCling to a cult of individualism, in a culture characterized by corporate control and mass conformity.
2: CYBER-PUNKS
EXAMPLE: High-Tech Low-Life
The Matrix1999, Warner Bros.
The Matrix, 1999, Warner Brothers.Image 1 is from a fan site, identifying the various pieces of technology used as props. (Original screen does not have the number overlays).Image 2 & 3 are screen captures posted by fansites.All images 1999, Warner Brothers Pictures.
14
3: HACTIVISTS
WHO ARE THEY?Defacing or DDoSing sites, claiming civil disobedience.Individuals & loosely organized groups/mobs distributed across the internet.May be from other categories, Hacktivism as justification.
MOTIVATIONS:Revenge, Power, Greed, Marketing, Media AttentionVigilante JusticePolitical Agenda
3: HACTIVISTSEXAMPLE: Anonymous
4: THIEVES
WHO ARE THEY?Common Criminals (part-time)Credit Cards, BitCoin, Wire TheftIdentity TheftIntellectual Property TheftService Theft (AWS, VoIP, Storage)Organized CrimeLarge ScaleSophisticatedHired Teams: SpecialistsTheft of ANYTHING of value
MOTIVATIONS:MoneyGreed
Whats in YOUR wallet???
17
4: THIEVES
EXAMPLE:Petty Organized Crime.
2001, Warner Bros.
5: MALWARE WRITERS
WHO ARE THEY?Adolescent College Student Adult Ex-WriterSkill varies.Writer may not be one who releases it into the wild.
MOTIVATIONS:Mental Challenge AttentionRaw Thrill Bragging Rights
5: MALWARE WRITERS
EXAMPLES:
https://krebsonsecurity.com/2013/04/who-wrote-the-flashback-os-x-worm/
https://www.trustwave.com/Resources/SpiderLabs-Blog/Hacking-a-Reporter--Writing-Malware-For-Fun-and-Profit-%28Part-1-of-3%29/
https://grahamcluley.com/2014/11/write-regin-malware/
http://www.scmagazine.com/russian-man-claims-he-wrote-target-pos-malware-as-a-security-program/article/330337/
Motivations of Malware CreationMalware writers can have various reasons for creating and spreading malware. The following are common reasons:
1. Fun/Hobby/Spreading of ideologicalSome malware writers consider their creations to be works of art, and see malware writing as a creative hobby.
2. Jocks/PranksPranks are harmless that merely display an annoying message to programs that can destroy files or disable a computer altogether.
3. Showing computing knowledge/ Gaining respectA widely spread malware and is observed by mass media can show malware writers knowledge and gain great respect in a small group of like-minded people.
4. Industrial espionageObtaining secret information about a company by using weaknesses and defects in the company's IT-system is something that is quite common today.
5. Experimental/ Research/Proof of ConceptsMalware are written in laboratories and research facilities for experimental or research purpose. Most of these malware do not spread. Usually malware in labsand research facilities test systems is called in-the-field. Others malware that have been found infecting users computers worldwide in real world are called in-thewild.
6. Vandalism/GraffitiThe intentional destruction of property is popularly referred to as vandalism. It includes behavior such as breaking windows, slashing tires, spray painting a wallwith graffiti, and destroying a computer system through the use of a computer malware. Vandalism is a malicious act and may reflect personal ill will, althoughthe perpetrators need not know their victim to commit vandalism.
7. RevengeThere are always employees who are not particularly satisfied with their employer. When a programmer or system administrator about to be fired from a job mayleave behind backdoors or software "time bombs" that will allow them to damage the former employer's systems or destroy their own earlier work.Malware are used to attack the products of specific companies or web sites. According to the FBI, revenge from employees is a very common reason for ITrelatedcrimes.
8. Political messageMalware which infects executable files on compromised computers and displays a political message when launched. This type of malware usually targets particulargovernment organizations.
9. Profit/Financial gain/ExtortionMost malware writers motivated by profit/financial gain are more and more likely to be working with spammers and hackers. One of the most common methods isby stealing sensitive information which is then sold on the black market to criminal organizations to make a profit.Some Malware will encrypt some of your files on your computer then it leaves a message to contact a certain email address with a reference number so that you canbuy back your own files.
20
6: PROFESSIONALS
WHO ARE THEY?VERY Sophisticated Creators of Advanced Persistent Threats.Custom, High-Threat Attacks.Avail. for-hire Org. Crime, foreign governments.Advanced TrainingClandestine(Ex?)IntelligenceCyber Warfare Recon. & Intel.
MOTIVATIONS:Profession
6: PROFESSIONALS
PLA Unit #61398,and #61486
Joe McReynolds, a researcher of China's network warfare and capabilities for the USCenter for Intelligence Research and Analysis
Chinese Professional Hacking (3 groups): [1] Specialized military network warfare forces -- focus on carrying out network cyberattacks and defense. (PLA Unit#61398, 12-storey building). [2] Unit of civilian teams granted the go-ahead by the Chinese military to carry out "network warfare operations. [3] Umbrella Unit for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments.
Each unit targets US companies in order to steal valuable data related to business and trade.This, in turn, can give Chinese firms a boost in the global economy._____________________________________________________
References:http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor
http://www.zdnet.com/article/china-reveals-existence-of-cyber-warfare-hacking-teams/
Joe McReynolds, a researcher of China's network warfare and capabilities for the USCenter for Intelligence Research and AnalysisAccording to McReynolds, China's digital military strategy has been split up into three separate sections. One unit, called "specialized military network warfare forces," focus on carrying out network cyberattacks and defense. Secondly, another unit comprises of civilian teams which have been given the go-ahead by the Chinese military to carry out "network warfare operations." Finally, another unit acts as an umbrella for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments.The Chinese military expert says that each unit targets US companies in order to steal valuable data related to business and trade. This, in turn, can give Chinese firms a boost in the global economy.In May, the United States charged five Chinese nationals described as "military hackers" with breaking into US corporate networks to steal sensitive data. These men allegedly belonged to Unit 61398, the focus of a study conducted by FireEye's Mandiant cyberforensics team in 2013.The report claimed that a 12-story building associated with the PLA hosted this unit, which connects a number of sophisticated Chinese hacking groups including the "Comment Crew" and "Shanghai Group." Mandiant says that Unit 61398 was likely responsible for an "overwhelming" number of cyberattacks, whereas at the time Chinese officials dismissed the allegations as "groundless."
22
6: PROFESSIONALS
EXAMPLE:
7:CYBER-TERRORISTS
WHO ARE THEY?Extortionists.Cyber-Warfare / IntelligenceConnection to Physical World
MOTIVATIONS:PowerPoliticalExtortion=Greed
Example: SONY24
7:CYBER-TERRORISTS
EXAMPLE:
SEVEN HACKERSScript-KiddiesCyber-PunksHacktivistsThievesMalware WritersCyber-TerroristsProfessionals
NEW HACKER GROUPS?Growing Groups:Political ActivistsInsidersOrganized CrimeCyber Warriors
CYBER WARRIORS / CYBER-WARFARE:Identify Point-of-EntryGather Intelligence on Point-of-EntryCompromise Perimeter via Point-of-Entry- Execute Entry-plan: Targeted Spearphishing, Insiders, weak underbelly.ONCE INSIDE:Reconnoiter / Gather IntelligenceMap Terrain / ConnectivityIdentify Primary, Secondary TargetsIdentify VulnerabilitiiesIdentify Diversionary TargetsMap DefensesProfile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems).
Gain High Ground (acquire a position)Plan attack.Establish command-and-controlEstablish offsite place to exfiltrate information.Identify a buyer (or use-point for what is stolen a fence).Execute the attack-plan while avoiding detection and prevention.
[email protected] Add to social profiles & can re-tweet members news.27
NEW: Inside InsidersWide Range of Insiders:Begrudged EmployeeDevelopers/EngineersSales PeopleUnwittingly Co-Opted people.
LESSON: Have clear well-known policies on Intellectual Property (IP) protection!
CYBER WARRIORS / CYBER-WARFARE:Identify Point-of-EntryGather Intelligence on Point-of-EntryCompromise Perimeter via Point-of-Entry- Execute Entry-plan: Targeted Spearphishing, Insiders, weak underbelly.ONCE INSIDE:Reconnoiter / Gather IntelligenceMap Terrain / ConnectivityIdentify Primary, Secondary TargetsIdentify VulnerabilitiiesIdentify Diversionary TargetsMap DefensesProfile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems).
Gain High Ground (acquire a position)Plan attack.Establish command-and-controlEstablish offsite place to exfiltrate information.Identify a buyer (or use-point for what is stolen a fence).Execute the attack-plan while avoiding detection and prevention.
[email protected] Add to social profiles & can re-tweet members news.28
TARGET: AQUIRED
GENERAL MOTIVES: Understand yourself as a targetRevengeIs there anyone with an axe to grind?Would cost of a security breach be high?Brand DamagePolitical DamageCostly Fines or PenaltiesLoss of Information Assets/ControlNotorietyCould somebody get famous or gain street credibility for hacking your company, product, or service?CuriosityDo you have interesting information, computing environments or assets? (NASA, Computer-Game Company).
TARGET: AQUIREDFinancial Motives: Understand yourself as a targetBlack Market Price$:
Adwords: $1000 (to drain competitors AdWords Budget)
Botnets USA: $180 / 1,000 Computers Canada: $270 UK: $240 France: $200 Russia: $200 Worldwide: $35
Credit Cards Premium Big Balance: $250 Regular CC w/ SSN: $5
Doxing Someone: $25-$100
Health Insurance Info: $1200 - $1300
Twitter Followers: $15 / 10,000 Fake FollowsEmail Accounts Gmail: $200 / 1,000 Hotmail $12 / 1,000 Yahoo: $10 / 1,000
Facebook Likes: $15 / 1,000 Spam: $13 page w/ 30k fans
Hacked Webcams Male: $0.01 Female: $1
Online Bank Account USA: 2% Acct. Bal. EU 4%-6% Acct. Bal.
Online Funds to Cash: 9% - 40% CommissionPayPal Account: 6%-20% of Balance
Online Game Hackers: $16k/mo in China
Remote Admin Tool: $40 for Blackshades
Website Traffic: $1 for 1,000 Fake Visitors
Thought: If a hacker is selling access to compromisedcomputer for 18 cents, or gmail account for 20 cents,how much must it cost to break into that computer???
Prices Updated August 2014.
(What can be stolen / used for financial gain?)Information, ServicesInfo: For own use, to sell, or hold hostage.Customer InformationSoftware / Product and R&D DesignsFinancial RecordsKeys/Control Information to Hard AssetsPersonal/Private Information (photos, etc).ServicesComputing Power, Information Storage, ControlServices (Phone Service, Cloud)
If I am selling a compromised computer for 18 cents, or gmail account for 20 cents, how much must it cost to break into that computer?
30
HACKER MOTIVATIONSSkill Level
Revenge
Curiosity
Financial
Notoriety
+
+
+
+
NV: NoviceOG: Old Guard HackersCP: Cyber-PunksPA: Political ActivistsPT: Petty ThievesPC: Pro CriminalsIW: Info WarriorsIN: InternalsMW: Malware Writers
NV
OG
MW
IN
IW
PT
PC
PA
CP
SEVEN HACKERS
It is said that if youknow your enemiesand know yourself,you will not be imperiled in a hundred battles
-Sun Tzu, The Art of War (6th Century BC)
32
CyberSecurity Primer
DefendersToolsLaws & Regs.
7 HackersTarget: YOUAttacks
SEVEN HACKERS
Bibliography:
The Psyche of Cybercriminals: A Psycho-Social Perspective
Marcus K. Rogers
http://202.154.59.182/mfile/files/Information%20System/Cybercrimes%20A%20Multidisciplinary%20Analysis/Chapter%2014%20The%20Psyche%20of%20Cybercriminals%3B%20A%20Psycho-Social%20Perspective.pdf
34
SEVEN HACKERS
Bibliography:
Black Market Pricing:
http://www.havocscope.com/black-market-prices/hackers/
35
SEVEN HACKERS
Bibliography:
Live CyberAttack Map, courtesy of Norse CyberSecurity:http://map.ipviking.com/
Data Breaches (Bubble Infographic)http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/static/
36
SEVEN HACKERSScript-KiddiesCyber-PunksHacktivistsThievesMalware WritersCyber-TerroristsProfessionals
SEVEN HACKERS