Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2002 Carnegie Mellon UniversityAttackers: 1 Attackers and Defenders.

Published byBritton Brooks Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2002 Carnegie Mellon UniversityAttackers: 1 Attackers and Defenders."— Presentation transcript:

1 © 2002 Carnegie Mellon UniversityAttackers: 1 Attackers and Defenders

2 © 2002 Carnegie Mellon UniversityAttackers: 2 Overview Hackers/Crackers Defenders

3 © 2002 Carnegie Mellon UniversityAttackers: 3 References http://www.cert.org InfoWar: http://infowar.freeservers.com/index.html http://www.nmrc.org/links/ Culture: http://www.eff.org/pub/Net_culture/ Terrorism: http://www.terrorism.com/terrorism/links.shtml Books : Sterling - The Hacker Crackdown Stoll - The Cuckoo’s Egg Honeynet Project – Know Your Enemy

4 © 2002 Carnegie Mellon UniversityAttackers: 4 Attackers National Security –Critical National Infrastructure –Cyber-Warfare Computer Crime –Organized Crime –Hackers/Crackers –Identity Theft –Extortion –Fraud Non-State Actors –Terrorists –Political Activists

5 © 2002 Carnegie Mellon UniversityAttackers: 5 Transnational Virtual Crime Organized crime Hacktivism Insider crime Hackers/ Crackers Cyber-crime

6 © 2002 Carnegie Mellon UniversityAttackers: 6 Hackers/Crackers Old-Line Hackers Scr1pt Kiddiez Tool Writers / Virus Writers Reverse Engineers / Vulnerability finders Social Engineers Hacktivists

7 © 2002 Carnegie Mellon UniversityAttackers: 7 Attack Sophistication vs. Intruder Technical Knowledge High Low 1980198519901995 2000 password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sweepers sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools Cross site scripting Staged attack

8 © 2002 Carnegie Mellon UniversityAttackers: 8 Advanced Intruders Discover New Vulnerability Crude Exploit Tools Distributed Novice Intruders Use Crude Exploit Tools Automated Scanning/Exploit Tools Developed Widespread Use of Automated Scanning/Exploit Tools Intruders Begin Using New Types of Exploits Vulnerability Exploit Cycle

9 © 2002 Carnegie Mellon UniversityAttackers: 9 Service Shifts

10 © 2002 Carnegie Mellon UniversityAttackers: 10 Incident Data Profile of 2 six-month periods – Sept 1, 2000 – Feb 1, 2001: 1027 incidents – Sept 1, 2001 – Feb 1, 2002: 997 incidents Examined “damaging” incidents, excluding: Simple probes & scans Information Requests Hoaxes False Alarms Overly vague reports

11 © 2002 Carnegie Mellon UniversityAttackers: 11 Method of Attack

12 © 2002 Carnegie Mellon UniversityAttackers: 12 Reporter

13 © 2002 Carnegie Mellon UniversityAttackers: 13 Impact at Reporting Site

14 © 2002 Carnegie Mellon UniversityAttackers: 14 Pace of Attack - 1999 Out-of-the-box Linux PC hooked to Internet, not announced: [30 seconds] First service probes/scans detected [1 hour] First compromise attempts detected [12 hours] PC fully compromised: Administrative access obtained Event logging selectively disabled System software modified to suit intruder Attack software installed PC actively probing for new hosts to intrude Clear the disk and try again!

15 © 2002 Carnegie Mellon UniversityAttackers: 15 Organized Crime Individual crime may be difficult to differentiate from organized crime: –Distribution and Coordination tools –Mass exploitation methods Organized crime exploitation of Information technologies in various ways –Enhanced efficiencies – on-line management of illegal gambling schemes –Intelligence tool for risk management – Cali organization in 1995 had state of the art equipment –Force multiplier – GPS for sea drops New channels and new targets for crime

16 © 2002 Carnegie Mellon UniversityAttackers: 16 European Union Bank Fraud on Line  Russian organized crime figures  Offshore banking – Antigua  Solicited deposits on-line  Warnings form various sources  Bank collapsed

17 © 2002 Carnegie Mellon UniversityAttackers: 17 Chinese Activities What We Have Observed: A series of activities over 3 years from similar network locations A series of attack tools in last 1.5 years QAZ, Red Lyon, Code Red Political timing What We Surmise: Diverse team with resources Using hackers/loose ISP for cover Keeping attacks below threshold Studying reaction/defense

18 © 2002 Carnegie Mellon UniversityAttackers: 18 Cracker Team Structure ISTJ personality Ephemeral teams Little team structure Internal and external friction Occasional persistency

19 © 2002 Carnegie Mellon UniversityAttackers: 19 Staged Attack 1 2 3

20 © 2002 Carnegie Mellon UniversityAttackers: 20 Auto-Coordinated Attack Probe Victim 2 Identity Victim Compromise & Coopt Probe Remote, fast-acting Adapts existing tools Limited deployment Sophisticated reporters

21 © 2002 Carnegie Mellon UniversityAttackers: 21 Defaced Health-care web site in India "This site has been hacked by ISI ( Kashmir is ours), we want a hospital in Kashmir" and signed by Mujahideen-ul-dawat Post-dates activity by Pakistani Hackers Club Linked to G-Force Pakistan Part of larger pattern of influenced hacker activity (3Q99 - 4Q01) – Differing expertise – Multiple actors/teams – Transnational collaborations Hacker to Terrorism?

22 © 2002 Carnegie Mellon UniversityAttackers: 22 Pakistani/Indian Defacements 10/99 7/00 4/00 1/0010/00 4/01 1/01 Well writtenJuvenile No mention of terrorist organizations Mentions terrorist organizations More… Sources: attrition.org, alldas.de

23 © 2002 Carnegie Mellon UniversityAttackers: 23 Cyber Terrorism Cyberterror is still emerging – Evolving threat – Integrating critical missions with general Internet – Increasing damage/speed of attacks – Continued vulnerability of off-the-shelf software Much confusion of descriptions and definitions Widely viewed as critical weakness of Western nations

24 © 2002 Carnegie Mellon UniversityAttackers: 24 Hacktivism Hacking for politics –Primarily websites –High publicity / calls for public participation Examples: –WTO 1999/2000/… –Monsanto / Genetic Engineering of plants

25 © 2002 Carnegie Mellon UniversityAttackers: 25 Cyber-Intifada Prolonged campaign –Palestinian hackers/web defacers –Targeting Israeli and Israel-supporting organizations –Low innovation level Counter-campaigns –Publicity –Counter-hacking: 2xS.co.il

26 © 2002 Carnegie Mellon UniversityAttackers: 26 Insiders Most cyber-crime will be perpetrated by individuals rather than criminal organizations per se Individuals, including insiders, are becoming quick to exploit the transnational nature of the Internet

27 © 2002 Carnegie Mellon UniversityAttackers: 27 Insiders – The Prouty Case American Express – the largest network intrusion and credit card fraud activity in its history – actual losses $8 million – potential losses $20 million –David Prouty worked for POS company providing credit card equipment to restaurants. –August 1999 to January 2001 compromised computer networks of 10 restaurants –Used employment and subsequently social engineering skills (PC Anywhere) and then a “bust out” company to process card numbers

28 © 2002 Carnegie Mellon UniversityAttackers: 28 Cyber Warriors Sociology of warriors vs. hackers –Morale –Organization –Vigilance vs. assumed invulnerability Motivation of warriors vs. hackers –Accountability vs. anarchy –Delayed vs. immediate gratification –Internal vs. external gratification Preparation of warriors vs. hackers –Training –Tool selection –Intelligence Strategy

29 © 2002 Carnegie Mellon UniversityAttackers: 29 Defenders System / Network Administrators White-hat Hackers Red Teams/Tiger Teams Vulnerability / Risk Analysts Intrusion Response Teams

30 © 2002 Carnegie Mellon UniversityAttackers: 30 Defense Flow Analysis & Assessment Remediation Indications & Warnings Mitigation Response Reconstitution Threshold? No Yes

31 © 2002 Carnegie Mellon UniversityAttackers: 31 Internet Growth 1988-1998 BS and MS Degrees in Computer and Information Sciences 1988-1998 1988 1998 0 40,000,000 Source: Digest of Education Statistics 1997, US Office of Educational Research and Improvement, Washington DC, publisher: US Superintendent of Document, 1997 Source: Internet Domain Survey by Network Wizards, WWW.ww.com/zone 50,000 0 1988 1998

32 © 2002 Carnegie Mellon UniversityAttackers: 32 Intrusion Response teams Types: –Automated –Local dedicated or volunteer team –Contracted team Why? –Single-point of contact for fast response –Provide for consistent response –Provide for collateral relationships Problems: –Resources –Authorization to act –Trust

33 © 2002 Carnegie Mellon UniversityAttackers: 33 Summary Increasingly diverse threat Ongoing challenge to track, trend, pursue Who may be as important as what

Download ppt "© 2002 Carnegie Mellon UniversityAttackers: 1 Attackers and Defenders."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Cyber Crime and Technology

Cyber Crime and Technology
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.

1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
(c) 2006 Carnegie Mellon University95752:1-1 95-752 Introduction to Information Security Management Tim Shimeall, Ph.D. 412-268-7611 Office.

(c) 2006 Carnegie Mellon University95752: Introduction to Information Security Management Tim Shimeall, Ph.D Office.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.

Or, How to Spend Your Weekends… Fall 2007 Agenda General Overview of the CISO Arena Technical Security Information Security Strategic Security Kirk Bailey.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security

Similar presentations

Ads by Google