1. CSCD 303 Essential Computer Security Fall 2010 Lecture 3 - Hackers and Attackers Reading: Chapters 3, 7, 16

2. Overview Hackers and Attackers –Definitions –History Past Recent –Motivation Glory, Fame Hacktivism Money Cyberterror –Resources

3. Terms Again Hacker Defined People engaged in circumvention of computer security, unauthorized remote computer break- ins, but also includes those who debug or fix security problems Its earliest known meaning referred to an unauthorized user of telephone company network, a phone phreaker

4. More Definitions Blackhat Hackers –Breaks into computers with malicious intent –Distinguished from ethical Hackers who break into computers for publicizing security problems –Members of this group, destroy data, disrupt services and wreck havoc on computers and users

5. 5 Attacker Groups Whitehat Hackers Hackers in this group are skilled Often belong to a hacker group – L0pht, Masters of Deception ( old groups …)‏ Feel they have a mission to improve the security of the computer world Avoid damage to network and systems Inform and educate system administrators about fixes to their security

6. 6 Attacker Groups Psychological Profile of Elite Hackers Most elite hackers... Different values and beliefs than society White hats believe they are performing a service for society by exposing poor security practices Sometimes have a tenuous grasp on reality because they live mostly in the cyber world Examples: Rob Morris, Kevin Mitnick

7. More Definitions Script Kiddies –Wannabe hackers –Little knowledge of what they are doing –Exploits they use, have typically been written by others more knowledgeable

8. Definitions Cyber Terrorists –The FBI definition P remeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents –James Lewis from the Center for Strategic and International Studies Use of computer network tools to shut down critical national infrastructure (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population

9. Definitions Cyber Terrorists –Cyber security experts have long worried about cyber terrorists wrecking havoc on our critical infrastructure systems –Has not happened yet on widespread basis –Cyber security experts are divided over whether it is possible –What do you think?

10. Hackers Everyone thinks hacker = criminal Not True!!! –Hackers have subculture not-mainstream Dress in black, spend a lot of time in front of their computers, fascinated with technology, can potentially do scary things to people's data All of this creates a mistrust and fear of them Like to hang out in groups too Have strange group names: Cult of the Dead Cow, Demon Industry, Hell of Web

11. Hacker History Phone Phreakers – Learn as much as possible about telephone system without getting caught – Use knowledge to their advantage Free phone calls – Most famous - John Draper - Captain Crunch – Why was he called that?

12. History - Phone Phreakers Captain Crunch - 1971 – Discovered a toy whistle found in a box of Captain Crunch cereal Emitted a tone, 2600 Hz tone Exact frequency need to tell phone system to hang up the call, but used other tones then to call numbers - result was free phone call Late 60's and Early 70's, all toll trunks were sensitive to this tone, ATT did a fatal cost cutting measure, designed system so that signaling and voice used the same circuit

13. History - Phone Phreakers Others discovered secret... Made devices to emit signal, “blue boxes” Worked until phone companies replaced old switches with newer electronic switching systems Trivia: What famous PC computer founder was part of John Draper's computer club ? http://www.webcrunchers.com/origins.html

14. 14 History - Famous Hackers Eric Corley (also known as Emmanuel Goldstein) Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. Been part of the hacker community since the late '70s. Kevin Mitnick A former computer criminal who now speaks, consults, and authors books about social engineering and network security. Robert Morris Now a professor at MIT The son of the chief scientist at the National Computer Security Center — part of the National Security Agency (NSA) Cornell University graduate student accidentally unleashed an Internet worm in 1988 (oops ….)‏ Thousands of computers were infected and subsequently crashed.

15. History Recent Hackers Recent Black and White Hat Hackers –List of hackers including some recent folks can be found here, includes software developers http://www.autistici.org/rez/hackers.php Richard Stallman

16. History Famous Hacker Groups CULT OF THE DEAD COW, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas – Produce an ezine called, Cult of the Dead Cow http://www.cultdeadcow.com/cms/textfile_index.php3 – Responsible for the practice of Hacktivism Combining Hacking with Social justice They targeted Google in allowing China to filter Internet traffic – Well known tools Back Orifice - Remote control of others computers Whisker - IDS evasion "Goolag - exporting censorship, one search at a time"

17. History - Famous Hacker Groups L0pht Heavy Industries was famous hacker collective active between 1992 and 2000, physically in Boston, Massachusetts area – 1998, all seven members of L0pht (Brian Oblivion, Kingpin, Mudge, Space Rogue, Stefan Von Neumann, John Tan, Weld Pond) famously testified before Congress that they could shut down the entire Internet in 30 minutes – 2000, L0pht Heavy Industries merged with startup @stake, completing L0pht's slow transition from an underground organization into a "whitehat" computer security company Symantec bought @stake in 2004 – L0pht produced L0phtcrack a password cracker program

18. History - Famous Hacker Groups Chaos Computer Club (CCC) is one of the biggest and most influential hacker organizations – CCC based in Germany and currently has over 4,000 members, http://www.ccc.de/?language=en – CCC more widely known for public demonstrations of security risks 1996, CCC members demonstrated attack against Microsoft's ActiveX technology, changing personal data in a Quicken database from outside In 2008, CCC published fingerprints of German Minister of Interior Wolfgang Schäuble, also included fingerprint on film that readers could use to fool fingerprint readers

19. Hacktivism Motivation: political reasons Something called “hacktivism” is political motivation combined with cyber activism Example: Defacing certain web sites to embarrass a country or agency –FBI and the CIA had their web sites defaced numerous times

20. CIA.gov defacement example

21. A turkish group, known as turkguvenligi.info, managed to exploit a SQL injection flaw and insert a record that redirected the "events" page to an image with their site name.

22. 22 Hacktivism FloodNet, Java applet that repeatedly sends browser reload commands – In theory, when enough EDT participants are simultaneously pointing the FloodNet URL toward an opponent site, critical mass prevents further entry – Actually, this has rarely been attained – Developed before botnets FloodNet's power lies more in simulated threat!

23. 23

24. 24 Hacktivism Older Examples – 1998 LoU members Bronc Buster and Zyklon disabled firewalls in order to allow China's Internet users uncensored access to Internet http://www.wired.com/news/print/0,1294,16545,00.html – 1998 X-Ploit defaced the websites of Mexico's Finance Ministry and Health Ministry to protest government of President Ernesto Zedillo and show solidarity with the Zapatista rebellion http://news.bbc.co.uk/2/hi/science/nature/146645.stm

25. Cybercrime Who is responsible for most Cybercrime? –Countries Russia, Eastern Europe, China, Brazil Dave Emm of Kaspersky Labs says –“It’s difficult to put a figure on it, probably China at the top, and that’s more than 50 per cent. »Next would be between Russia and Latin America. A lot of the banking trojans originate out of Latin America” –Roger Thompson, of AVG, believes that cybercrime can come from anywhere: »“While there are a lot of malware and web threats coming from Russia and China, there is also lots of activity in Turkey, Romania, Brazil and the US” http://pcplus.techradar.com/node/3066

26. Cybercrime Motivation is mostly money –Criminals want to make money typically by illegal means –Extortion, blackmail, theft, are all alive and well in the cyber world –Even physical security can be compromised if we include cyber stalking –May be other motivation such as malice against a company or government agency

27. Cybercrime Exploit Users Through Social Network Sites http://www.bmighty.com/security/showArticle.jhtml?articleID=208402877 Unsuspecting individuals frequently download data, could contain malware such as viruses and Trojan horses National Cyber Security Alliance (NSCA) found –83% of users downloaded unknown files from other people's profiles –Potentially opened their PCs to attack 57% of people who use social networking sites admit to worrying about becoming a victim of cybercrime –Many divulge information that could put them at risk –Three out of four users give out personal information e-mail address, name, or birthday that can be used to perpetrate identity theft –According to the NCSA. Amazingly, 4% have even listed their Social Security numbers somewhere on their social network page

28. Cybercrime http://www.out-law.com/page-7791 Cybercrime has become a profession and the demographic of your typical cybercriminal is changing –Was geek, now more organized gangster traditionally associated with drug-trafficking, extortion and money laundering Guillaume Lovet Author

29. Cyber Crime Example … Marketing a stolen online bank account –Sell the information to gain authorized control over a bank account with a six-figure balance –Cost to obtain this information is about $400

30. Cyber Crime The probable marketplace for the sale –A hidden IRC (Internet Relay Chat) chat room –$400 fee will most likely be exchanged in some form of virtual currency such as e-gold –Several different protagonists may be involved in this crime

31. 31 Cybercrime Credit Card Theft – Growing problem – 2005 - More than 40 million credit card numbers belonging to U.S. consumers were accessed by computer hacker, at risk of being used for fraud, MasterCard International Inc. – 2007- TJX Cos. (NYSE:TJX) revealed that information from least 45.7 million credit/ debit cards was stolen over an 18-month period – 2008 - Security breach East Coast supermarket chain exposed more than 4 million card numbers led to 1,800 cases of fraud, Hannaford Bros. Grocery Database of Credit Card Breaches http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP

32. Cyberterrorism http://en.wikipedia.org/wiki/Cyber-terrorism As 2000 approached, there was fear and uncertainty –Millennium bug promoted interest in potential cyberterrorist attacks –Acted as a catalyst in sparking fears of a possibly devastating cyber-attack –Real possibility existed for computer based systems such as banks, water supplies and power to be completely disabled

33. Cyberterrorism Good overview of threat of cyber-terrorism http://www.crime-research.org/articles/ Cyber_Terrorism_new_kind_Terrorism/ Examples of incidents found here

34. Cyberterrorism On Oct. 21, 2002, a distributed denial of service (DDOS) attack struck the 13 root servers that provide the primary road-map for all internet communications. Nine servers out of these thirteen were jammed. The problem was taken care of in a short period of time. At Worcester, Mass, in 1997, a hacker disabled the computer system of the airport control tower. In 2000, someone hacked into Maroochy Shire, Australia waste management control system and released millions of gallons of raw sewage on the town. In Russia In the year 2000, a hacker was able to control the computer system that govern the flow of natural gas through the pipelines.

35. Example of Cyberterrorism http://news.cnet.com/8301-10784_3-9721429-7.html In May 2007, Estonia subjected to mass cyber-attack in wake of removal of Russian World War II statue Attack was distributed denial of service attack in which selected sites were bombarded with traffic in order to force them offline … successfully Nearly all Estonian government ministry networks plus two major Estonian bank networks were knocked offline –Plus, political party website of Estonia's current Prime Minister featured a counterfeit letter of apology for removing the memorial statue

36. Example of Cyberterrorism At the peak of the crisis, bank cards and mobile-phone networks were temporarily frozen, setting off alarm bells in the tech-dependent country Russia is suspected for the attacks and various groups have claimed responsibility... no-one knows for sure! Is this Cyberterrorism?

37. Example of Cyberterrorism Stuxnet Worm - Current Example - 2010 http://www.theaeonsolution.com/security/?p=307 Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus It is the first discovered worm that spies on and reprograms industrial systems Attacks Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes It is also the first known worm to target critical industrial infrastructure According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz It has infected computers in China, Iran, Indonesia, India, US and others...

38. Example of Cyberterrorism Chinese Hackers Attack Energy Facilities - 2009 http://www.theepochtimes.com/n2/content/view/15058/ Hackers believed to be backed by the Chinese communist regime have continuously broken into computers critical to the functioning of the United States' electric grid network All major electricity companies were targeted in the attack, with several of their key systems compromised Attacks appeared pervasive across the U.S. and don't target a particular company or region

39. Risks from Attack As a private individual, who is likely to target you and what is their motivation? –Any Ideas?

40. Risks from Attackers Private Individuals Credit cards, SSN’s, bank information, medical records At risk from –Criminals – want to profit from getting and selling your personal data –Phishing, Fake virus infections, Social networking sites

41. Summary of Risks Small Business or Corporation –More at risk from deliberate targeting –Know something about company, at least its assets and defenses –Use a variety of techniques, technical, social engineering, and phishing to gain access –Want user or customer data, company secrets –Loss is potentially more severe Direct loss of assets and loss from law suites

42. Summary of Risks Government, military site or critical infrastructure sites –Huge attraction for outside hackers –Motivation includes financial but also just pride especially if sophisticated security –Hacktivism – against policy –Could be nation states involved at this level –Meaning very skilled attackers trying to get classified information –Or, trying to incapacitate Energy or Communications sector … cyber terror –Loss can potentially be devastating

43. References Captain Crunch Web Site http://www.webcrunchers.com/crunch/ Cult of the Dead Cow http://www.cultdeadcow.com/ 2600 Magazine http://www.2600.com/ Hacker Hall of Fame http://www.francesfarmersrevenge.com/stuff/misc/hack/hall.htm

44. Hacker Resources Wikipedia site for Hackers has –Books, Movies, other sites http://en.wikipedia.org/wiki/Hacker_(computer_security)‏ One other movie on Kevin Mitnick, Freedom Downtime by Emanual Goldstein http://video.google.com/videoplay?docid=- 6746139755329108302# Another movie, Hackers in Wonderland http://video.google.com/videosearch?q=hackers+in+wonderland& hl=en&emb=0&aq=f#

45. The End Next Time –New Assignment, Assignments page