Presentation is loading. Please wait.

Presentation is loading. Please wait.

Profile, Motives, Skills

Published by坛瑕 朱 Modified over 6 years ago

Similar presentations

Presentation on theme: "Profile, Motives, Skills"— Presentation transcript:

1 Profile, Motives, Skills
CSCD 434 Lecture 5 Spring 2019 Attackers Profile, Motives, Skills 1

2 Topics Motivation for us Identification of Them Skills - Hierarchy
Motives Notable Individuals and Groups - History Impact of Them on us Resources

3 Motivation We need to study attackers Why?
Need to know our adversaries How else can we determine the risk to ourselves and our systems And, devise defense strategies

4 Motivation Sun Tzu on The Art of War, oldest military treatise
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle”

5 Identification of Attackers
Questions Who are they? Why do they want to attack? What do they have to gain? What is our risk? 5

6 Level of Attacks Recall, point of Computer Security Average Attacks
Protect assets from a defined threat So, detailed knowledge of threat helps to create good protection Average Attacks You as individuals won't likely have top-level hackers attacking you Someone has to pay them!!!!! But, you will have script kiddie level to moderate level hackers trying to gain credit card or private data

7 Identification of Attackers
Who are they? Many groups can threaten your systems Not easy to classify them Typical way ... by skill level or potential for damage Can rank them from lowest to highest in skill but doesn’t always correlate with damage potential Good example, virus/worm writers Do a lot of damage but not necessarily the most skilled 7

8 Identification of Attackers
Loosely classify them by skill level and motive Elite Hackers – White Hat Hackers in this group are skilled Often belong to a hacker group L0pht, Masters of Deception ( old groups …)‏ Anonymous, Zeus Gangs Feel they have mission to improve security of computer world Avoid damage to network and systems Inform and educate system administrators about fixes to their security 8

9 Identification of Attackers
Elite Hackers – White Hat Supposedly subscribe to “Hacker Code of Ethics” It said … summarized “ Ethical duty of the hacker to remove barriers, liberate information, decentralize power, honor people based on their ability, create things that are good and life-enhancing through computers.”

10 Identification of Attackers
Elite Hackers – White Hat Another document, “Hacker Manifesto” Provides insight into punk hacker mentality Written after author's arrest, and first published in hacker ezine Phrack

11 Identification of Attackers
Elite Hackers - Black Hats Skilled but do damage Break-in and leave evidence of their presence Need to re-install software Don’t worry about loss of private information Don’t buy into a Code of Ethics Sell their services to highest bidder Corporate espionage, extortion, fraud Criminals .... 11

12 Identification of Attackers
Psychological Profile of Elite Hackers Most elite hackers ... Different values and beliefs than society White hats believe they are performing a service for society by exposing poor security practices Sometimes have a tenuous grasp on reality because they live mostly in the cyber world Examples: Rob Morris, Kevin Mitnick 12

13 Hacker Timeline 1970's - Age of phone phreaking
1970's - Age of phone phreaking Phone phreakers, John Drapper, goal - free phone calls Early 1980's - Groups and zines formed, no laws yet Hacking groups like Legion of Doom in US and Chaos Computer Club in Germany Los Alamos laboratory’s computers for developing nuclear weapons were hacked by the 414 gang A gang that comprised of six teenagers who were later apprehended

14 Hacker Timeline Late 1980's - Law formed, Exploits tested
The Computer Fraud and Abuse Act was passed in 1986 1st self-replicating worm used on government's ARPAnet to test effect on UNIX systems Robert T. Morris, Jr., graduate student at Cornell University .. later spread to 6000 computers Fined 10,000 USD, Public Service German hackers arrested for breaking into United States government and corporate computers and sold operating-system source code to Russian KGB

15 Hacker Timeline 1990's - Gov'ment targets hackers, Internet begins
Kevin Mitnick was arrested for breaking into computers Vladimir Levin and other Russian crackers siphoned 10 million USD from Citibank and transfer it to bank accounts in Finland and Israel Intenet worms and DDoS takes off Attacks launched on Yahoo, Amazon and eBay, denial of service for users - Mafiaboy responsible Break-ins on Microsoft, for latest versions of their products 2001 attack led to prevention of millions of users from reaching Microsoft Web pages for two days. Mafiaboy

16 Hacker Timeline 2010 - Internet worms and DDoS takes off
Sophistication of attacks grows, Storm Botnet, Conficker, Stuxnet is latest Hacking for profit is the norm Spam, phishing, corporate blackmail is profitable Data breaches common Botnets of 100’s of 1000’s systems common

17 Hacker History 1970's Phone Phreakers
John Draper 1970's Phone Phreakers Learn as much as possible about telephone system without getting caught Use knowledge to their advantage Free phone calls Most famous - John Draper - Captain Crunch Why was he called that?

18 Phone Phreakers Captain Crunch - 1971
Discovered a toy whistle found in a box of Captain Crunch cereal Emitted a tone, 2600 Hz tone Exact frequency need to tell phone system to hang up the call, but used other tones then to call numbers - result was free long distance phone call Late 60's and Early 70's, all toll trunks were sensitive to this tone, ATT did fatal cost cutting measure, designed system so that signaling and voice used the same circuit

19 Phone Phreakers Others Discovered Secret
Made devices to emit signal, “blue boxes” Worked until phone companies replaced old switches with newer electronic switching systems History of the boxes, John Draper and more

20 Famous Elite Hackers Eric Corley (also known as Emmanuel Goldstein)
Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. (Hackers on Planet Earth) Been part of the hacker community since the late '70s. Kevin Mitnick A former hacker who now speaks, consults, and authors books about social engineering and network security. Robert Morris Now a professor at MIT The son of the chief scientist at the National Computer Security Center — part of the National Security Agency (NSA) Cornell University graduate student accidentally unleashed an Internet worm in 1988 (oops ….)‏ Thousands of computers were infected and subsequently crashed.

21 Famous Hacker Groups "Goolag - exporting censorship, one search at a time" CULT OF THE DEAD COW, also known as cDc or cDc Communications, computer hacker and DIY media organization founded in 1984 in Lubbock, Texas … still around Produce an ezine called, Cult of the Dead Cow Practiced Hacktivism Combined Hacking with Social justice Targeted Google in allowing China to filter Internet traffic Well Known Tools Back Orifice - Remote control of others computers Whisker - IDS evasion

22 Famous Hacker Groups L0pht Heavy Industries was famous hacker collective active between 1992 and 2000, physically in Boston, Massachusetts area 1998, all seven members of L0pht (Brian Oblivion, Kingpin, Mudge, Space Rogue, Stefan Von Neumann, John Tan, Weld Pond) testified before Congress that they could shut down the entire Internet in 30 minutes 2000, L0pht Heavy Industries merged with transitioned from an underground organization into "whitehat" computer security company Symantec in 2004 L0pht produced L0phtcrack a password cracker program

23 Famous Hacker Groups Chaos Computer Club (CCC)‏
One of biggest and most influential hacker organizations CCC based in Germany and currently has over 4,000 members, CCC more widely known for public demonstrations of security risks In 2008, CCC published fingerprints of German Minister of Interior Wolfgang Schäuble To demonstrate why using fingerprints to secure passports is a bad idea Published print on plastic inside 4,000 copies of its magazine so readers could impersonate minister to biometric readers

24 Identification of Attackers
Virus Writers Another group with some skilled and unskilled members Been around a long time and have been studied the longest This group has been evolving too Sarah Gordon gained fame for profiling this group She maintains archive of articles on the Web site " Not all people who write computer viruses are criminals because writing computer viruses is not (necessarily) illegal.” 24

25 Attacker Groups Virus Writing – Easy?
Searched with string, “How to write a virus” 139,000,000 hits …. keeps going up (2019) Among them, the following … 25

26 Reasons for Writing Viruses
“Virii are wondrous creations written for the sole purpose of spreading and destroying the systems of unsuspecting fools. This eliminates the systems of simpletons who can't tell that there is a problem when a 100 byte file suddenly blossoms into a 1,000 byte file. Duh. These low-lifes do not deserve to exist, so it is our sacred duty to wipe their hard drives off the face of the Earth. It is a simple matter of speeding along survival of the fittest. Why did I create this guide? After writing several virii, I noticed that virus writers generally learn how to write virii either on their own or by examining the disassembled code of other virii This guide will show you what it takes to write a virus and also will give you a plethora of source code to include in your own virii.” Dark Angel phunky-virus-writing-guide.html 26

27 Attacker Groups Hacktivism Groups Fusion of hacking and activism
Hacking for a political cause A clinical definition of hacktivism is: Hacktivism: a policy of hacking, phreaking or creating technology to achieve a political or social goal 27

28 Attacker Groups Hacktivism Groups Examples
In 1998, several targeted events in which computer intrusion and defacement used to protest injustice Milw0rm broke into computer systems at India's Bhabha Atomic Research Centre, Bombay (BARC) in protest against nuclear weapons tests

29 Attacker Groups Hacktavism continued
1998 Legion of the Underground (LoU) members Bronc Buster and Zyklon disabled firewalls in order to allow China's Internet users uncensored access to Internet 1998 X-Ploit defaced the websites of Mexico's Finance Ministry and Health Ministry to protest government of President Ernesto Zedillo and show solidarity with the Zapatista rebellion offensive-against-zapatistas html

30 Hacktivism Final Examples
1998, Electronic Disturbance Theater, experimented with early forms of virtual sit-ins Group created software, FloodNet and invited mass participation in its virtual sit-ins against Mexican government EDT members Carmin Karasic and Brett Stalbaum created FloodNet to direct a "symbolic gesture" against an opponent's web site theater-zapatista-tactical-floodnet-sit-in

31 Hacktivism FloodNet, Java applet that repeatedly sends browser reload commands In theory, when enough EDT participants are simultaneously pointing the FloodNet URL toward an opponent site, critical mass prevents further entry Actually, this has been rarely attained FloodNet's power lies more in simulated threat! 31

32 Screenshot of Original FloodNet Program

33

34 Hacktivism http://www.fraw.org.uk/ehippies/index.shtml
Mission - to assist the process of change towards a more fair and sustainable society using only electrons Actions being protested must be reprehensible to many, not just small group Democratic accountability - people vote with modems Event used to justify DoS attack must provide focus for debate (e.g., World Trade Organization conference)‏

35 Current Hacktivism Wikileaks http://www.wikileaks.org
Publisher of leaked government documents about wars, environmental crimes and other news hidden from the public Became famous when he received and published documents from Bradley (Chelsea) Manning, an analyst with the US Army, secret and classified Amongst them was video known as Collateral Murder where a helicopter kills several people in Bagdad, Iraq and wounds two children Julian Assange

36 Where is Julian Assange?
Julian Assange was given political asylum in Ecuador … but he is holed up in the Ecuador embassy in England Some articles are here yourself.org/cn/julianassangecharacterassassintion20aug12.shtml Latest News .. Assange just arrested by UK Police, April 11th

37 Another Hacker/Activist
Who is this man? Gary McKinnon In 2002, Gary McKinnon was arrested by the UK's national high-tech crime unit, after being accused of hacking into Nasa and the US military computer networks. He says he spent two years looking for photographic evidence of alien spacecraft and advanced power technology

38 How He Did It ... His Interview ...
GM: Unlike the press would have you believe, it wasn't very clever. I searched for blank passwords, I wrote a tiny Perl script that tied together other people's programs that search for blank passwords, so you could scan 65,000 machines in just over eight minutes SK: So you're saying that you found computers which had a high-ranking status, administrator status, which hadn't had their passwords set - they were still set to default? GM: Yes, precisely. =1

39 Current - Hackers and Climategate
s, cover decade of correspondence ... suggest scientists colluded and manipulated data to support their global warming viewpoints ... released about 2009 Highlight one from Phil Jones, director of the research center: “I’ve just completed Mike’s Nature trick of adding in the real temps to each series for the last 20 years (i.e., from onwards) and from 1961 for Keith’s to hide the decline” Climategate 2.0, another s leaked showed evidence of deception of scientists kyotos-coffin/ /Climate-change-this-is-the-worst-scientific-scandal-of-our- generation.html

40 Current Hacktivism Anonymous http://en.wikipedia.org/wiki/
Timeline_of_events_involving_Anonymous Gained worldwide press for Project Chanology, protest against the Church of Scientology 2008, a video produced by Church featuring an interview with Tom Cruise was leaked to Internet and uploaded to YouTube Church of Scientology issued a copyright violation claim against YouTube requesting removal of video Anonymous formulated Project Chanology... said action was Internet censorship DoS against Scientology websites, prank calls, etc

41 Anonymous Extremely active in Occupy Wallstreet events in 2011 and ongoing … Links here threaten-youtube-anonymous-video

42 Impacts of Hacker Groups

43 Low-Skilled Attacker Groups
Script Kiddies Skilled hackers put their tools on-line They appear to want others to use and benefit from their experience Goes along with ethic of sharing information Allows people with limited technical knowledge to do lots of damage since there are lots of them Following quote from a 2002 article where Ed Skoudis discusses damage from low-skilled Kiddies

44 Low Skilled Attacker Groups
Low-Skilled Script Kiddies = Low Damage? “Script Kiddie is typically young male, usually not by any means computer expert, who exploits weaknesses in security systems discovered by someone else

45 Higher Skilled Attacker Groups
Hacking for Profit Famous examples 1999, Maxim broke into CD Universe and stole 300,000 credit card numbers 2001, FBI and NIPC warned that Russian and Ukranian hackers had stolen over 1,000,000 credit cards 2001, Playboy.com was cracked and cards stolen 2002, World Economic Forum had DB broken into and 1400 cards were stolen among them Bill Clinton, Bill Gates, Yassar Arafat and Shimon Perez!

46 Higher Skilled Attacker Groups
Credit Card Theft – Growing problem TJX Cos. (NYSE:TJX) revealed that information from least 45.7 million credit/ debit cards was stolen over an 18-month period Security breach East Coast supermarket chain exposed more than 4 million card numbers led to 1,800 cases of fraud, Hannaford Bros. Grocery 2013 – Security Breach of URM stores consisting of Yokes, Rosaur's, Super 1 Foods, Huckleberries, November 2013 Database of Credit Card Breaches 46

47 Higher Skilled Attacker Groups
Hacking for Profit Fraud in Credit Cards is 3 times rate online than same purchases offline Seems to be growing worse Theft of Trade Secrets Worth great deal of money If sold to the right group Example: New Intel Chip design, what’s it worth? Many examples of cyber related Trade secret theft 47

48 SecureWorks Uncovers $2 Million Russian Hacker Scheme
2007 SecureWorks Security Research Group Discovered trojan that searches for and captures credentials used by several Internet banking and e- commerce websites Trojan, Gozi, forwards captured credentials to online database where they being sold to the highest bidder Security Research Group uncovered a cache of stolen information holding over 10,000 account records containing everything from online banking user credentials to patient healthcare information and even employee login information for confidential government and law enforcement applications Further investigation revealed data was being offered for sale by Russian hackers for over $2 million 48

49 Latest in Skill Levels How about controlling 100's of 1000's of computers? What skill level does that take? For example, Jeanson Ancheta, a 21-year-old hacker and member of a group called the “Botmaster Underground”, reportedly made more than $100,000 from different Internet Advertising companies who paid him to download specially-designed malicious adware onto more than 400,000 vulnerable PCs he had secretly infected and taken over He made tens of thousands more dollars renting his 400,000-unit “botnet herd” to other companies that used them to send out spam, viruses, and other malicious code on the Internet In 2006, Ancheta was sentenced to five years in prison

50 Bots are Highly Profitable
Some botnet owners reportedly rent their huge networks for $200 to $300 an hour, weapon of choice for fraud and extortion Newer methods evolving for distributing “bot” software that may make it even more difficult future for law enforcement to identify and locate originating“botmaster” P2P architecture makes it very difficult to completely shut down some botnets

51 Stuxnet Sophistication at the Highest Level
What is stuxnet? Computer virus/worm that can manipulate and damage real-world physical equipment Targets were nuclear plants in Iran Different from previous malware Authors had a specific facility or facilities in mind and extensive knowledge of system they were targeting Who created it? Guesses. Israeli Mossad and USA Can't be proved (yet)‏

52 Conficker Family Conficker is a family of “worms” (malicious computer software programs)‏ Purpose infect computers and then spread itself to other computers without any human interaction. Currently, there are at least three known variants of Conficker: A, B and C/D. Conficker created as a two-stage threat 1. Conficker responsible for the infection of as many computers as possible. 2. Second stage has yet to materialize

53 Conficker Family However, conficker infected machines Authors?
Capable of becoming huge botnet if necessary Infected about 10 million computers Authors? Unknown ... speculation on China Microsoft has a $250,000 bounty out for author

54 Computer Crime One reason people break into computers for the thrill of it Do people break into banks or homes in the real world just to see if they can do it? Not too likely So, what deters criminals in the real world? 54

55 Computer Crime What deters real-world criminals?
Likelihood of being caught And, prosecuted if caught How likely are you to be caught in the cyber world? It depends … 55

56 Computer Crime Depends on …
In cases where a lot of damage or something valuable is stolen, more incentive to catch you and prosecute Average break-in with little or no damage, unlikely you will be caught or prosecuted Difficult to collect evidence and link your activity to scene of the crime 56

57 What is Current Risk Given monetary incentives of cybercrime, what does this say for risk from cyber threats? Would the risk be different depending on who you are? Government, Banks, Large Corporations different from most users

58 Books, Conferences and Movies

59 Hacker Conferences Reference Link
The hobby and network hacking subculture is supported by regular gatherings, called cons These have drawn more and more people every year including SummerCon (Summer), DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet Earth) and HEU (Hacking at the End of the Universe)‏ Attracted 28,000 people in 2018 59

60 Hacker Books Books on Hackers Steven Levy
Hackers: Heroes of the Computer Revolution Michelle Slatalla and Joshua Quittner Masters of Deception: The Gang That Ruled Cyberspace, HarperPerennial, 1995 Bruce Stirling The Hacker Crackdown, Bantam, 1992 Paul Taylor Hackers, Routledge, 1999 hacking/lm/26UXHC7HABWSY

61 More Hacker Books Cuckoo's Egg - 1995 Clifford Stoll
Clifford Stoll becomes, almost unwillingly, a one- man security force … 75-cent accounting error in a computer log is eventually revealed to be a ring of industrial espionage The Art of Deception Kevin D. Mitnick, William L. Simon Takedown Tsutomu Shimomura and John Markoff Account of Kevin Mitnick’s arrest 61

62 Hacker Websites Attrition Oldest hacker group - Chaos Computer Club
Shmoo Group Attrition Oldest hacker group - Chaos Computer Club Underground News

63 Journals Phrack 2600 Hakin9 Hackbloc http://www.phrack.com/
Hakin9 Hackbloc

64 Movies War Games - 1983 Link to 20 Recommended Movies Takedown - 2000
Starring Matthew Broderick Link to 20 Recommended Movies definitive-list/ The Net to Sneakers to Many others Takedown About Kevin Mitnick from Their point of view Freedom Downtime Movie about Kevin Mitnick by his friend Emmanuel Goldstein ... its online

65 Conclusion Many hacker groups out there with a wide range of skills and motives Lowest level – script kiddie will launch attacks from others Motive – See if I can do it, thrill of it Medium level – can create own attacks, customize other’s attacks Motive – Still see if I can do it, plus monetary reward Highest Level – Both use and create own attacks Motive – Economic espionage, theft, nation states infiltration activity

66 Conclusion Having knowledge about the potential types of crimes and groups Leads to more effective defense!!! 66

67 The End New Assignment Assignment 2 67

Download ppt "Profile, Motives, Skills"

Similar presentations

By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Threats I can understand computer threats and how to protect myself from these threats.

Computer Threats I can understand computer threats and how to protect myself from these threats.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)

Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)
The History of Hacking By: Monica Flores.

The History of Hacking By: Monica Flores.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Wireless Security Threats and Solutions By: Shirene Turpin & Rob Waight.

Wireless Security Threats and Solutions By: Shirene Turpin & Rob Waight.
Computers in Society Week 8: Computer Security and Hacking.

Computers in Society Week 8: Computer Security and Hacking.
AGAINST HACKING Lysia Moua CIS1055 Sec 005 November 20, 2012.

AGAINST HACKING Lysia Moua CIS1055 Sec 005 November 20, 2012.
1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.

1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.

Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Similar presentations

Ads by Google