Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCD 303 Essential Computer Security Fall 2017

Published byCassandra Gardner Modified over 5 years ago

Similar presentations

Presentation on theme: "CSCD 303 Essential Computer Security Fall 2017"— Presentation transcript:

1 CSCD 303 Essential Computer Security Fall 2017
Lecture Hackers and Attackers Reading: Chapter 6

2 Overview Hackers and Attackers Definitions History Past Recent
Motivation Glory, Fame Hacktivism CyberCrime Cyberterror Resources

3 Terms Again What is a Hacker?
People engaged in circumvention of computer security, Unauthorized remote computer break-ins, but also includes those who debug or fix security problems Its earliest known meaning referred to an unauthorized user of telephone company network, a phone phreaker

4 More Definitions Blackhat Hackers
Breaks into computers with malicious intent Distinguished from ethical Hackers who break into computers for publicizing security problems Members of this group, destroy data, disrupt services and wreck havoc on computers and users

5 Attacker Groups Greyhat Hackers Hackers in this group are skilled
Often belong to a hacker group L0pht, Masters of Deception ( old groups …)‏ Legion of Doom, Chaos Computer Club Feel they have a mission to improve security of computer world Avoid damage to network and systems Inform and educate system administrators about fixes to their security 5

6 Attacker Groups Whitehat Hackers
Also known as “ethical hackers,” white hat hackers Sometimes paid employees or contractors working for companies as security specialists Attempt to find security holes via hacking Methods White hat hackers use same methods of hacking as black hats, one exception- They do it with permission from the owner of the system first, This makes process legal 6

7 Attacker Groups Psychological Profile of Elite Hackers
Most elite hackers ... Different values and beliefs than society They believe they are performing a service for society by exposing poor security practices Some believe they are smarter than average Examples: Rob Morris, Kevin Mitnick 7

8 More Definitions Script Kiddies Wannabe hackers
Little knowledge of what they are doing Exploits they use, have typically been written by others with more knowledge

9 Definitions Cyber Terrorists
OK, this is an FBI definition “Premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents” James Lewis from Center for Strategic and International Studies Use of computer network tools to shut down critical national infrastructure (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population

10 Hackers Everyone thinks hacker = criminal
What do you think? Hackers have subculture, not-mainstream Dress in black, spend a lot of time in front of their computers, fascinated with technology Can potentially do scary things to people's data All of this creates a mistrust and fear of them Like to hang out in groups too Have strange group names: Cult of the Dead Cow, Demon Industry, Hell of Web

11 Hacker History Phone Phreakers
Learn as much as possible about telephone system without getting caught Use knowledge to their advantage Free phone calls Most famous - John Draper - “Captain Crunch” Why was he called that?

12 History - Phone Phreakers
Captain Crunch Discovered a toy whistle found in a box of Captain Crunch cereal Emitted a tone, 2600 Hz tone Exact frequency needed to tell phone system to hang up the call, but used other tones then to call numbers - result was free phone calls Late 60's and Early 70's, all toll trunks were sensitive to this tone ATT did cost cutting measure, designed system so that signaling and voice used same circuit

13 History - Phone Phreakers
Others discovered secret ... Made devices to emit signal, “blue boxes” Worked until phone companies replaced old switches with newer electronic switching systems Trivia What famous PC computer founder was part of John Draper's computer club ? Steve Wozniak

14 History - Famous Hackers
Eric Corley (also known as Emmanuel Goldstein) Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. hacker conferences. Been part of the hacker community since the late '70s. Kevin Mitnick A former computer hacker who now speaks, consults, and authors books about social engineering and network security. Robert Morris Now a professor at MIT The son of the chief scientist at the National Computer Security Center — part of the National Security Agency (NSA) Cornell University graduate student accidentally unleashed an Internet worm in 1988 (oops ….)‏ Thousands of computers were infected and subsequently crashed. 14

15 History Recent Hackers
Richard Stallman Why is he famous? Recent Black and White Hat Hackers List of hackers including some recent folks can be found here, includes software developers

16 History Famous Hacker Groups
"Goolag - exporting censorship, one search at a time" CULT OF THE DEAD COW, also known as cDc or cDc Communications, is a computer hacker group founded in 1984 Lubbock, Texas Produces an ezine called, Cult of the Dead Cow Responsible for the practice of Hacktivism Combining Hacking with Social justice They targeted Google in allowing China to filter Internet traffic Well known tools Back Orifice - Remote control of others computers Whisker - IDS evasion

17 History - Famous Hacker Groups
L0pht Heavy Industries was famous hacker collective active between 1992 and 2000, physically in Boston, Massachusetts area 1998, all seven members of L0pht (Brian Oblivion, Kingpin, Mudge, Space Rogue, Stefan Von Neumann, John Tan, Weld Pond) Testified before Congress that they could shut down the entire Internet in 30 minutes 2000, L0pht Heavy Industries merged with completing L0pht's slow transition from an underground organization into a "whitehat" computer security company Symantec in 2004 L0pht produced L0phtcrack a password cracker program

18 History - Famous Hacker Groups
Chaos Computer Club (CCC) is one of the biggest and most influential hacker organizations CCC based in Germany and currently has over 4,000 members, CCC more widely known for public demonstrations of security risks 1996, CCC members demonstrated attack against Microsoft's ActiveX technology, changing personal data in a Quicken database from outside In 2008, CCC published fingerprints of German Minister of Interior Wolfgang Schäuble, also included fingerprint on film that readers could use to fool fingerprint readers

19 Hacktivism Motivation: political reasons
Something called “hacktivism” is political motivation combined with cyber activism Example: Defacing certain web sites to embarrass a country or agency FBI and the CIA had their web sites defaced numerous times

20 CIA.gov defacement example

21 A turkish group, known as turkguvenligi
A turkish group, known as turkguvenligi.info, managed to exploit a SQL injection flaw and insert a record that redirected the "events" page to an image with their site name.

22 Hacktivism FloodNet, Java applet that repeatedly sends browser reload commands In theory, when enough EDT participants are simultaneously pointing the FloodNet URL toward an opponent site, critical mass prevents further entry Actually, this was rarely attained Developed before botnets FloodNet's power lies more in simulated threat! 22

23

24 Hacktivism Older Examples
1998 LoU members Bronc Buster and Zyklon disabled firewalls in order to allow China's Internet users uncensored access to Internet 1998 X-Ploit defaced the websites of Mexico's Finance Ministry and Health Ministry to protest government of President Ernesto Zedillo and show solidarity with the Zapatista rebellion 24

25 Current Hacktivism Anonymous
Timeline_of_events_involving_Anonymous Gained worldwide press for Project Chanology, protest against the Church of Scientology 2008, a video produced by Church featuring an interview with Tom Cruise was leaked to Internet and uploaded to YouTube Church of Scientology issued a copyright violation claim against YouTube requesting removal of video Anonymous formulated Project Chanology... said action was Internet censorship DoS against Scientology websites, prank calls, etc

26 Anonymous Extremely active in Occupy Wallstreet events in 2011 and ongoing … Links here: threaten-youtube-anonymous-video

27 Wikileaks, http://wikileaks.org/
Julian Assange – creator WikiLeaks is an international, online, non-profit organization which publishes secret information, news leaks, and classified media from anonymous sources Website, initiated in 2006 in Iceland by organization Sunshine Press, claimed a database of more than 1.2 million documents within a year of its launch April 2010, WikiLeaks published gunsight footage from the 12 July 2007 Baghdad airstrike in which Iraqi journalists were among those killed by an AH-64 Apache helicopter,

28 Wikileaks Where is Julian Assange now?
May 2017, marked the five-year anniversary of Julian Assange's flight to the Ecuadorian Embassy in London to avoid extradition to Sweden in response to a Swedish police request for questioning in relation to a sexual assault investigation The assault investigation has been dropped but the UK police will still arrest him for jumping bail He is seeking asylum in Ecuador eden-drops-julian-assange-rape-investigation/

29 Climategate s The Climategate scandal erupted on November 19, 2009, when a collection of messages, data files and data processing programs were leaked from the University of East Anglia Climatic Research Unit (CRU) located in the UK, revealing scientific fraud and data manipulation by scientists concerning the Global Warming Theory Climategate s and climate data became the subject of intense debate, calling to question assumptions on anthropogenic (man-made) global warming climategate-as-climatism-falters html

30 Climategate 2.0 Two years later ….
November 22, 2011 another batch of s was stolen and released .. showing still more doubts among the key scientists involved These s show that the great man-made global warming scare is not about science but about political activism Read more new- s-confirm-pattern-deception-and-collusio#ixzz2qRWeFhfah mails-rock-the-global-warming-debate/

31 Cybercrime Who is responsible for most Cybercrime? Countries
Russia, US, Eastern Europe, China, Brazil Dave Emm of Kaspersky Labs says “ ... probably China is at the top, and that’s more than 50 per cent Next would be between Russia and Latin America. A lot of the banking Trojans come from Latin America” Roger Thompson, of AVG, believes that cybercrime can come from anywhere: “While there are a lot of malware and web threats coming from Russia and China, there is also lots of activity in Turkey, Romania, Brazil and the US”

32 Cybercrime Motivation is mostly money
Criminals want to make money typically by illegal means Extortion, blackmail, theft, are all alive and well in the cyber world Even physical security can be compromised if we include cyber stalking Maybe other motivation such as malice against a company or government agency

33 Cybercrime Credit Card Theft - Numbers!!
More than 40 million credit card numbers belonging to U.S. consumers were accessed by computer hacker, at risk of being used for fraud, MasterCard International Inc. TJX Cos. (NYSE:TJX) revealed that information from least 45.7 million credit/ debit cards was stolen over an 18-month period Security breach East Coast supermarket chain exposed more than 4 million card numbers led to 1,800 cases of fraud, Hannaford Bros. Grocery Database of Credit Card Breaches 33

34 Cyberterrorism As 2000 approached, fear and uncertainty
As 2000 approached, fear and uncertainty Remember how popular Duck Tape and guns were? Millennium bug promoted interest in potential cyberterrorist attacks Acted as a catalyst in sparking fears of a possibly devastating cyber-attack Real possibility existed for computer based systems such as banks, water supplies and power to be completely disabled

35 Cyberterrorism Good overview of threat of cyber-terrorism
Cyber_Terrorism_new_kind_Terrorism/ Examples of incidents

36 Cyberterrorism On Oct. 21, 2002, a distributed denial of service (DDOS) attack struck the 13 root servers that provide DNS services Nine servers out of these thirteen were jammed. The problem was taken care of in a short period of time. At Worcester, Mass, in 1997, a hacker disabled the computer system of the airport control tower In 2000, someone hacked into Maroochy Shire, Australia waste management control system and released millions of gallons of raw sewage on the town - start real sickness In Russia, 2000, hacker was able to control the computer system that govern the flow of natural gas through the pipelines

37 Example of Cyberterrorism
In May 2007, Estonia subjected to mass cyber-attack in wake of removal of Russian World War II statue Attack was distributed denial of service attack in which selected sites were bombarded with traffic in order to force them offline … successfully Nearly all Estonian government ministry networks plus two major Estonian bank networks were knocked offline Plus, political party website of Estonia's current Prime Minister featured a counterfeit letter of apology for removing the memorial statue

38 Example of Cyberterrorism
At the peak of the crisis, bank cards and mobile-phone networks were temporarily frozen Russia is suspected for the attacks and various groups have claimed responsibility ... no-one knows for sure! Is this in your opinion Cyberterrorism?

39 Example of Cyberterrorism
Stuxnet Worm - Current Example Stuxnet, Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, security firm from Belarus Worm spies on and reprograms industrial systems Attacks Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes It is also first known worm to target critical industrial infrastructure According to news reports infestation by this worm might have damaged Iran's nuclear facilities in Natanz It has infected computers in China, Iran, Indonesia, India, US and others ...

40 Example of Cyberterrorism
Chinese Hackers Attack Energy Facilities Hackers believed to be backed by the Chinese government have continuously broken into computers critical to functioning of the United States' electric grid network All major electricity companies were targeted in attack, with several of their key systems compromised Attacks appeared pervasive across U.S. and don't target a particular company or region

41 Dragonfly Hacker Group Targets Energy Industry
A HACKING group is poised to cripple power grids and cause nationwide blackouts Dragonfly group is targeting energy industry in Europe and US during wave of cyber attacks, tech security experts have warned Energy companies have become a target for cyber attackers because they can be blackmailed for huge amounts of money and have been ...

42 Risks from Attack As a private individual, who is likely to target you and what might be their motivation? Any Ideas?

43 Risks from Attackers Private Individuals At risk from
Credit cards, SSN’s, bank information, medical records, other personal info At risk from Criminals – want to profit from getting and selling your personal data Phishing, Fake virus infections, Social networking sites

44 Risks from Attackers Small Business or Corporation
More at risk from deliberate targeting Know something about company, at least its assets and defenses Use a variety of techniques, technical, social engineering, and phishing to gain access Want user or customer data, company secrets Loss is potentially more severe Direct loss of assets and loss from law suites

45 Risks from Attackers Government, military site or critical infrastructure sites Huge attraction for outside hackers Motivation includes financial but also just pride Hacktivism Could be nation states Skilled attackers trying to get classified information Or, trying to incapacitate Energy or Communications sector … cyber terror Loss can potentially be devastating

46 Hacker Books Books on Hackers Steven Levy
Hackers: Heroes of the Computer Revolution Michelle Slatalla and Joshua Quittner Masters of Deception: The Gang That Ruled Cyberspace, HarperPerennial, 1995 Bruce Stirling The Hacker Crackdown, Bantam, 1992 Paul Taylor Hackers, Routledge, 1999 hacking/lm/26UXHC7HABWSY 46

47 More Hacker Books Cuckoo's Egg - 1995 Clifford Stoll
Clifford Stoll becomes, almost unwillingly, a one-man security force … 75-cent accounting error in a computer log is eventually revealed to be a ring of industrial espionage The Art of Deception Kevin D. Mitnick, William L. Simon Takedown Tsutomu Shimomura and John Markoff Account of Kevin Mitnick’s arrest List of more recent books 47

48 Hacker Websites Attrition Oldest hacker group - Chaos Computer Club
Hacker hall of Fame Shmoo Group Attrition Oldest hacker group - Chaos Computer Club HackThisSite Underground News

49 Journals Phrack 2600 Hakin9 Hackbloc http://www.phrack.com/
Hakin9 Hackbloc

50 Movies War Games - 1983 Link to 20 Recommended Movies
Starring Matthew Broderick Link to 20 Recommended Movies The Net to Sneakers to Many others Hackers, Outlaws and Angels Hackers are People Too Takedown About Kevin Mitnick from “Their” point of view Freedom Downtime Movie about Kevin Mitnick by his friend Emmanuel Goldstein ...

51 The End Lab this Week Nmap

Download ppt "CSCD 303 Essential Computer Security Fall 2017"

Similar presentations

UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Threats I can understand computer threats and how to protect myself from these threats.

Computer Threats I can understand computer threats and how to protect myself from these threats.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)

Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)
HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Hacker Ethics Kim Bissett Sabrina Short. Hacker Ethic: In General  Freedom of Information The web is not physical; it couldn’t be interpreted as property,

Hacker Ethics Kim Bissett Sabrina Short. Hacker Ethic: In General  Freedom of Information The web is not physical; it couldn’t be interpreted as property,
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
CSCD 303 Essential Computer Security Winter 2014 Lecture 4 - Hackers and Attackers Reading: Chapters 3, 7, 16.

CSCD 303 Essential Computer Security Winter 2014 Lecture 4 - Hackers and Attackers Reading: Chapters 3, 7, 16.
Computers in Society Week 8: Computer Security and Hacking.

Computers in Society Week 8: Computer Security and Hacking.
AGAINST HACKING Lysia Moua CIS1055 Sec 005 November 20, 2012.

AGAINST HACKING Lysia Moua CIS1055 Sec 005 November 20, 2012.
1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.

1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Similar presentations

Ads by Google