Uploaded by fakeemail+1

CSS Lecture Notes

advertisement
Computer Systems Security
Unit 1 Lecture 1: Introduction to Ethical Hacking
-
Class MCQ 20% for 28th October
Portfolio Task 1 Draft for 15th November
Portfolio Final Draft for 16th December
Penetration Testing as a security role:
-
Hacker: Tries to get access to a system or network without authorization. Not
necessarily to cause damage. Can be punishable by law.
-
Cracker: Breaks through network system defences to steal/destroy data. For
personal benefit or to cause damage. Punishable by law.
-
Ethical Hacker: Test systems and network defences but performs all the activities
with owners’ permissions.
-
Script Kiddie: Use what other people invented like scripts to hack systems.
An Ethical Hacker must have knowledge of:
-
An operating system inside out
A programming language like ruby or python
Computer networks and learning how to attack a network or network system.
Penetration Testing Methodologies BELOW: [Will be in MCQ]
White Box Testing [CLEAR]:
-
Tester has complete knowledge of the systems and network
Operating systems information and network diagram is provided.
The tester has authorisation to carry out testing.
Black Box Testing [DETECT]:
-
The tester has knowledge of the company, but nothing else, so the user has to
find out everything else.
Company staff don’t know about the test
Permission is again given, but with them aim of testing whether the security
personnel and the security systems will detect an attack.
Should be done during off hours but can be done during working hours.
Gray Box Testing [SCENARIO]:
-
The company gives the tester partial information.
To create scenarios where the attacker has already social engineered
information from insiders.
A scenario where the attacker is a dissatisfied employee with some knowledge of
the company systems.
To test whether the security personnel and the system would detect an attack.
To speed up procedures when the aim of the test is specific.
Red Team Attack:
-
From the methodology: Red Team attacks, Blue Team defends
Involves physical tests, social engineering, applications, data extraction.
Most common at service providers.
Certifications in Network Security:
-
Certified Ethical Hacker: Vulnerabilities and weaknesses on target systems
CCNA: Cisco Certified Network Associates. Network Routing and Switching
CCNP: Cisco Certified Network Professional. Network LANs and WANs.
CISSP: System Security Pro: Security/Risk Management, Asset, Security Eng.
CompTIA Security: Security Functions.
SANS: Sys Admin, Audit, Network, Security.
[Cyber Laws] What Ethical Hackers MUST do:
-
Find out legalities of ethical hacking, before doing activities.
Knowledge of contract laws, consultation with specialists.
Be aware of what is allowed and not allowed for their activities and tools.
[Cyber Laws] Risks:
-
Your activities might be illegal in some countries.
Permission might be obtained from a second party.
Contracts are not explicitly written. Open to interpretation.
There might be tough laws for cybercrime although you think it’s legal.
Recent Hacks:
-
Equifax 2017. 145m records stolen from servers.
Yahoo 2013. 3B accounts stolen.
NSA 2017. Shadow brokers leaked government hacking tools.
WannaCry 2017. Ransomware bought down the business.
NotPetya 2017. Spread worldwide.
UBER 2016. 57M records stolen. 100k ransom but later disclosed.
Unit 2 Lecture 2: Information Operation [Will be coming in exam]
Definitions:
Cyberwarfare:
- Activities designed to participate in cyberattacks and cyberespionage, offensive
or defensive.
Information Operations: COLLECT DATA OF A TARGET.
- To achieve information superiority over a target.
- Continuous operations which enable, enhance and protect the friendly forces
ability to collect, process and act on information to achieve an advantage across
the full range of military operations.
Information Warfare: USING INFO AGAINST A TARGET.
- Applying Information Warfare against a specific target in a time of crisis or war.
- Includes actions for offensive and defensive. To preserve the integrity of one’s
own system from corruption, whist corrupting a targets system using information
advantage.
Traditional Cyberwarfare Targets:
- Military targets in conventional warfare
- Acceptable targets
- Cyber targets in unconventional warfare
- Targets in asymmetric cyberwarfare
- Total cyberwarfare
Non-Traditional Cyberwarfare Targets:
- Political activism and hacktivism: Anonymous, Syrian Electronic Army
- Industrial espionage: Aurora: China vs. Google, Saudi Arabian ARAMCO,
Shamoon.
- Military Cyber Attacks on Non-traditional targets: US vs. Iraq. A cancelled attack.
Domains of Conflict in IW:
- National: Network Warfare, Economic, Political and Command and Control
Warfare.
- Corporate: Espionage, Sabotage, Destroying data, computer theft.
- Personal: E-commerce fraud, spoofing, e-mail harassment, spamming, card theft.
Information has 4 levels of abstraction: EXAM QUESTION
- Data:
o Observation and measurement of unprocessed information at the lowest
level. Example: Human communication, text messages, queries.
- Information:
o Organised and processed sets of data. This is data that is sorted, classed
and indexed. Then put into data elements for searching and analysis.
-
-
Knowledge:
o Information that is analysed and understood. Requires a degree of
comprehension and understanding of the behaviour that object. This
level of understanding is referred as intelligence.
Expertise:
o Information that is greatly understood by experts. The information look
into issues relating to the information and splits into offensive and
defensive warfare.
EXAMPLE OF 4 INFORMATION LEVELS:
- Data: There are high levels of Internet Traffic, Internet slows down.
- Information: Understanding the global flow of Internet Traffic, looking for
patterns.
- Knowledge: Understanding who can be behind this information and causing
traffic.
- Expertise: Knowledge going to experts who can look into this issue. Splits in
Offensive/Defensive Information Warfare.
Cyber Domain Operations:
- Offensive:
o Actions taken to corrupt a targets information or functions
- Defensive:
o Actions taken to protect your information or functions
DEFENSIVE Operations:
-
Threat Intelligence, Indicators and Warnings:
o THREAT ASSESSMENT: Understanding of threats is essential to defence.
▪ Identify potential threat agents. State supported or not.
▪ Determine capability: Technical and time capability.
▪ Establish Indicators and Warnings. To indicate preparations.
▪ Perform vulnerability assessment.
o PROTECTION MEASURES: Includes countermeasures or passive defences
to stop attacks against your information infrastructure.
▪ Strategic level: Deterring my legal means.
▪ Operational level: Security for physical infrastructure, personnel
and information.
▪ Tactical: Protecting hardware/software at their levels.
o ATTACK RESPONSE & RESTORATION: Capability to detect, respond and
restore from an attack.
▪ Defensive response: Alerts, access levels and removing vulnerable
processes.
▪ Offensive response: Deterrent based attacks when source is found
▪ Tactical response: Surveillance, Mode control, Audit, Forensic
Analysis [Determine pattern and behaviour], Reporting.
OFFENSIVE Operations: Requirements: Identify target -> Attack -> Manage Perceptions.
- PERCEPTION MANAGEMENT:
o PUBLIC AFFAIRS -> Friendly forces, media, friendly populations
o CIVIL AFFAIRS -> Foreign authorities, areas of conflict.
o PSYOPS -> Hostile forces, foreign/neutral populations.
o MILITARY -> Hostile military leaders and forces.
[IN EXAM] Why cyber-warfare is asymmetric:
- Don’t need military power to cause havoc on systems. A single person can
execute this. This is why a strong defence is needed.
Forms of Internet Warfare:
- NETWAR: Information related conflict between nation-states at high level.
o Damaging/Modifying target’s information.
o Weapons include: Diplomacy, propaganda, interference with media.
Infiltration of targets computer database.
-
POLITICAL WARFARE: Involves national governments.
o Threats to move to more intense form of war.
-
ECONOMIC WARFARE: Targets economic performance of a target.
o Economic factors are affected of a nation. Next step from political.
-
COMMAND/CONTROL: Conflict by military operations who target another
military. Implements IW on battlefield and Involves physical destruction.
INTERNET OPERATIONS:
- Targets of Information Operations:
o Network Attack -> Networks, computers, technology systems
o Network Defence -> Inbound Attacks, malware, attackers
o Intelligence gathering -> Stored data, communications, LIVE info.
o Electronic warfare -> Broadcasting capabilities, channels, GPS signals
o Psychological operations -> Social media, websites, email, communication
o Operations security -> Attempts to access friendly information.
NOTES:
-
-
-
-
Psychological Operations: Planned operations to convey selected information to
a selected audience to influence the emotions and motives. This involves a
message and media.
Operational Deception: Deliberate mislead a target by making the target do
specific actions that will contribute to your mission. Involves misdirection
Electronic Operations: Attack targets over a radiated electromagnetic spectrum.
And NETOPS which focuses on access to targets via the Global, National and
Defence Information Infrastructure.
Physical Destruction: Physically incapacitating or stopping targets.
Intelligence: Intelligence operations contribute to assessing threats, pre-attack
warnings and post-attack investigation. Structured and Planned attacks require
intelligence. Counterintelligence stops a planned attack.
How intelligence can be obtained: Organisation threat intelligence, Technical
threat intelligence, Suppliers of Anti-Virus, Surveillance to be ‘Pro-Active’,
Penetration to acquire knowledge.
Assets to protect of an Information System:
- Hardware, Software
- Communication and environmental control equipment,
- Documentation
- Data and information
- Personal
Information Security Involves:
- Confidentially: encrypt the data, password protect accounts and emails
- Integrity: check sum or access
- Availability
- Authentication
- Nonrepudiation: Transaction if it happens or not. Someone cannot deny
something.
Nonrepudiation in Operation Security:
Denying information regarding intentions and capabilities and plans by providing functional
and physical protection to the target. This protects IO O/D. This makes sure acceptable risk
measures and maintained.
Operation Security Process:
Identification of Critical information -> Threat Analysis -> Vulnerability Analysis -> Risk
Assessment -> Countermeasures
Unit 3 Lecture 3: Penetration Testing as a defensive operation
CIA Triad:
- Confidentiality: To guarantee the confidentiality of information. Only giving
access to users where they need. No more.
-
Integrity: Relying on the integrity of information. Sender should not be able to
deny sending data. Guaranteeing the authenticity of information.
-
Availability: Information should be available for authorised use.
Price of Security:
- Price paid for security should not exceed the value of the assets that need
protecting. To know what to protect there should be risk analysis and know how
assets can be damaged.
Asset Examples:
- Hardware: Laptops, servers, routers, phones, PDA etc.
- Software: Applications, OS, Databases, Source code, object code etc
- Data: Business data, design plans, customer and personal data
- Services and revenue stats
- Reputation and employees.
Penetration Testing
Penetration Testing: a form of testing that assesses the security of a network.
- Simulates methods used by hackers to get unauthorised access to a system and
compromise the network security.
- Requires proprietary open source tools.
- Can be automated or manually conducted on a target system.
Purpose of Penetration Testing:
- To test security protections.
- Expose vulnerabilities of a system to its owners.
- Provide information to audit teams.
- Minimise the cost of security audits by providing realistic evidence.
- Help prioritize the application security by fixes security patches.
- Find out existing risks in the network and system.
- Discover if the software requires updating.
Importance of Penetration Testing:
- Shows the state of security of any system. Shows how strong the systems
security is for any organisation.
- Points out vulnerabilities and gaps in a company’s security model.
- Documents how a systems weakness can be exploited.
- Reveals how an attacker can exploit a system and hack the system and network
Types of Penetration Testing:
-
-
-
Blackbox Testing
o Zero knowledge testing to simulate real world attacks. No information is
given to the hacker. No network map or OS information.
Whitebox Testing
o Complete knowledge testing to assess the security model of an
organisation.
o Usually a specific kind of attack. Complete information is given to hackers.
Including network map, OS information and more.
o Done with or without informing IT Staff. Only top management are
aware.
Gray-box Testing
o Malicious insider: most common approach to test vulnerabilities.
o Attack teams given same access as normal users.
o Social engineering is used to see if the attack can be done by insiders.
Phases of Penetration Testing:
- Pre-Phase Attack [PLAN]:
o Gathering information about the target system.
o Can be through invasive, scanning information
o Can be non-invasive, reviewing government records.
- Attack Phase:
o Attack strategy is formed and carried out.
- Post-Attack Phase:
o Crucial part of testing, network is restored back to original state
o Cleaning up testing process and removing vulnerabilities.
Common Penetration Testing Techniques:
- Passive Research: Uses public domain sources to show the configuration of an
organisations system.
-
Spoofing: Using one machine to act as another in order to communicate with
other machines. Internal and Externally used in Pen-testing.
-
Network Sniffing: Captures data travelling across a network. Sniffing packets can
show traffic connections and data flow.
-
Trojan Attack: Malicious code or programs. Usually email attachments. These are
sent to networks.
-
Brute-force Attack: Trying to crack passwords using all combinations. Can
overload a system
-
Vulnerability Scanning: Examination of a targets network infrastructure. To test
weaknesses in the system.
- Scenario Analysis: Risk Assessment of vulnerabilities much more accurate.
Social Engineering:
- A technique used to exploit human vulnerabilities.
- Can be through social media or direct contact.
- Can be eavesdropping, dumpster driving, guessing passwords, observing access
screens.
Penetration Testing Methodologies:
1. Proprietary e.g. Foundstone, IBM, EC-Council
2. Open Source and Public Methodologies.
- Open Source Security Testing Methodology Manual OSSTMM
o Includes all steps involved in Penetration Testing. Assess ALL Security.
- NIST Methodology
o Planning – Discovery – Attack – Reporting.
- OWASP Testing Guide
- PCI Penetration Testing Guide
- Penetration Testing Execution Standard PTES
- Penetration Testing Framework
Penetration Testing Required Skills:
- Hardware: TCP/IP, Cabling, Routers, Firewalls
- Software: Exploits, Hacking tools, Databases, Operating Systems
- Open Sources: MySQL, Apache
- Applications: Bluetooth, WAPs, Web servers, mail servers, SNMP/SFTP.
- Services: Broadband, ISDN, VoIP, Troubleshooting.
Rules of Engagement:
- Permission to hack agreement must be signed by both parties
- The scope of the engagement and what part of the system which needs to be
tested must be specified.
- Project duration.
- Methodology used to penetrate the system. What is allowed and disallowed
- Goals of the Pen-testing hack.
- The liabilities and responsibilities. Not breaking into something disallowed.
Causing a denial of service. Or accessing sensitive information.
Unit 4 Lecture 4 – Intelligence Gathering
Threat:
-
Intention to inflict pain or damage on someone.
Intent is an actor’s desire to target an organisation
Capability is their means to do so
Opportunity is the opening the actor needs, such as weaknesses and
vulnerabilities in a system.
Cyber Threat Intelligence:
- Evidence-based knowledge, including context and mechanisms about an existing
asset that can be used to make decisions based on the response of the asset.
Typical situation
BANK NettiCash would like to know who is targeting their cash machine. Can you help?
The brief from the bank says:
●
Currently no visible threat
●
We think we are secure
It is obvious from the diagram that Cyber Threat Intelligence (CTI) methodology is a cycle of
five steps.
Planning & Direction – defines everything. For everything, plan first. This step answers
the question ‘what’, establishing what the target is, what types of data we need to
collect, what strategy we are going to follow, and what we want to achieve (aim, goal,
direction).
● Data Collection and Data Processing – answer the question ‘how’, and they define how
we are going to do what we planned to do.
● Analysis and Production – we identify what is important and why, what the biggest risks
are and why, and we produce something as well.
●
●
Who do we need to involve, who needs to know about the strategy? Who is going to use
the new system? Who is going to get trained?
Actions & Deliverables
The attributes of good intelligence are:
●
1: Must be Relevant, Actionable and Valuable
●
2a: Prompt, some response in configuration
●
2b: Support making an informed decision NOT to act.
As a result, we have to look at three concepts related to the value of intelligence
- Awareness, Actionability and Effectiveness:
Situational Awareness
(Do you know when you are hacked/breached?)
Actionable Events
(Do you get the right information to be able to react?)
Effective Response
(Have you got the right people/tools/process to give the right response?)
●
●
●
Do you know what and when has happened? = Situation Awareness.
Can you do anything about it, does it lead to any actions? = Actionable Events
Do you have everything you need to have, in order to give the right response? =
Effective Response (you need to establish here first, what an effective response is.
1. The division of threat intelligence into four types
Strategic – a Chief Security Officer or a Chief Information Officer think at high level
Operational – a NOC manager, or a Security Centre manager thinks from the
operational perspective
● Tactical - The Incident Response Team will consider the tactical aspects.
● Technical - The cybersecurity specialists dealing with the actual tools and dissecting the
malware or tracing the security breach will be interested in the technical aspects.
●
●
Analytical Model - the Diamond Model
Spiral Processing
Primary Analysis
●
Stage 1: Threat/Adversary Investigation
●
●
●
Stage 2: Victim Investigation
Stage 3: Infrastructure Investigation
Stage 4: Capability Investigation
Grading the Value of Threat Information
The 5x5x5 model is used for grading the information.
Then the final step is to make changes in order to increase security.
These three steps represent the process of using the intelligence to improve maturity and
level of response to security incidents.
Unit 5 Lecture 5: Port Scanning and Enumeration
Detecting information which is useful for a break-in:
- Live Machines
- Network Topology
- Firewall Configuration
- Applications and OS Types
- Vulnerabilities
Port Scanning:
- The process of examining a range of IP addresses to see what services are
running on a network.
- Port Scanning finds open ports and see what services are running.
- Can be complex, useful to know strengths and weaknesses and when to use this.
Example: HTTP uses port 80 to connect to a web service. IIS / Apache.
Requirements:
- IP addresses for the target network. Zone transfer with the Dig command can be
used to obtain a networks IP address.
- Scan all ports when doing a port scan. Not just the well-known ports 1-1023.
- Many programs use port numbers outside well-known ports.
- PCAnywhere operates on ports 65301, 22, 5631, 5632.
SYN SCAN:
- SYN Scan: In a TCP session:
o A packet is sent to another computer with SYN flag set.
o The receiving computer sends back a packet with SYN/ACK packet for
acknowledgment.
o The sending computer sends back a packet with ACK flag set.
o If the destination port is closed, the computer responds with RST/ACK
packet, closing the session.
o If an attacker’s computer receives a SYN/ACK packet, it responds with
RST/ACK, closing the session.
o This is done so a full TCP connection is not made. This can be stealthy as
attackers don’t want a transaction logged showing their connection. This
would list their IP address.
SYN scanning or synchronized scanning is a tactic that a malicious hacker (or cracker) can
use to determine the state of a communications port without establishing a full connection.
This approach, one of the oldest in the repertoire of crackers, is sometimes used to perform
denial-of-service (DoS) attacks.
Connect Scan: This type of scan relies on the attacked computers OS. More risker method.
- Similar to SYN Scan but does not do a three-way handshake.
- This means the attacked computer logs the transaction indicating a session took
place.
- This makes a Connect Scan detectable and not stealthy.
TCP Connect Scan is the default TCP scan type when SYN scan is not an option. This is the
case when a user does not have raw packet privileges or is scanning IPv6 networks. ... The
system call completes connections to open target ports rather than performing the halfopen reset that SYN scan does.
TCP RST packet is the remote side telling you that the connection on which the previous
TCP packet is sent is not recognized, maybe the connection has closed, maybe the
port is not open, and something like these. ... TCP RST means that connection is not valid.
I.e. there is no associated session at remote side.
NULL Scan: All packet flags are turned off. A closed port responds to a NULL scan with an
RST packet, closing the session, so if no packet is received, the best guess is that the port is
open.
A Null Scan is a series of TCP packets that contain a sequence number of 0 and no set flags.
... If the port is closed, the target will send an RST packet in response. Information about
which ports are open can be useful to hackers, as it will identify active devices and their
TCP-based application-layer protocol.
XMAS Scan: In this scan, the FIN, PSH, and URG flags are set.
- Closed ports respond to this type of packet with an RST packet, closing the
session.
-
This scan can be used to see which ports are open.
o Example: an attacker can send a packet to port 53 and see if a RST packet
is returned, if not, the DNS port might be open.
ACK Scan: Attackers use ACK scans to get past firewalls or filtering device. A filtering device
looks for SYN packet, the first packet in a three-way handshake, that the ACK packet is part
of.
SYN Packet Order: SYN -> SYN/ACK -> ACK. If the attacked port returns an RST packet, the
filter was fooled, or the connection is having closed, or there is not packet filtering device.
The attacked port is then considered as unfiltered.
FIN SCAN: a FIN packet is sent to the target computer. If the port is closed, it sends back an
RST packet. When a three-way handshake ends, both parties send a FIN packet to end the
connection.
UDP SCAN: a UDP packet is sent to the target computer. If the port sends back an ICMP Port
Unreachable message, the port is closed. Not getting the message may mean the port is
open, but not always true. A firewall of packet filtering device could be active.
Hundreds of port-scanning tools are available for hackers and testers. Not all are accurate,
so using more than one scanning tool is recommended.
Nmap: This is the most common port scanner. This can be used for network discovery and
security enumeration.
- Example: Nmap 193.145.85.201
- Nmap scans every port on the computer with this IP address.
- Must hide from network devices or IDSs that recognise an inordinate number of
pings or packets being sent to their networks.
- This ACK scan constituted a DoS attack on a network
- Use stealth attack that are more difficult to detect.
A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to
prevent legitimate users from accessing the service. In a DoS attack, the attacker usually
sends excessive messages asking the network or server to authenticate requests that have
invalid return addresses.
TTL: Transport Total Length, Time To LIVE, Topology Transmission Load.
ICMP: Ping, Internet Control Media Protection, Internet Control Message Protocol.
Network Mapping:
- Finding LIVE hosts:
o Ping sweep
o TCP SYN sweep
- Map Network Topology:
o Traceroute
▪ Sends out ICMP or UDP packets with increasing TTL
▪
Gets back ICMP_TIME_Exceeded message from intermediate
routers.
Unicornscan:
- Very fast, use multiple threads. Can handle TCP, ICMP and IP Port Scanning, it
optimises. UDP scanning.
Ping Sweeps:
- Port scanners can be used to conduct ping sweep of a large network. This is to
identity which IP addresses belong to active hosts.
- The problem with relying on ping sweeps to identity love hosts is that a
computer might be shut down at the time of the sweep and indicate that the IP
address doesn’t belong to a live host.
- Another problem is that many network administrators configure nodes to not
respond to ICMP Echo Requests (type 8) to an ICMP Echo Reply (type 0)
Fping: With the Fping tool you can ping multiple IP addresses at the same time on command
prompt. Or you can create file of multiple IP addresses and use it.
- For example: fping -f name.txt uses names as an input file.
- Fping -g 193.145.85.201 193.145.85.220 this looks at IP addresses in this
parameter when no input file is available.
- fping is a like program which uses the Internet Control Message Protocol (ICMP)
echo request to determine if a target host is responding. fping differs from ping
in that you can specify any number of targets on the command line, or specify a
file containing the lists of targets to ping.
HPing: Used to bypass filtering devices by injecting crafted IP packets. Offers a wealth of
features.
- HPing -help
- You can craft any type of packet you like.
- hping is a free packet generator and analyser for the TCP/IP protocol distributed
by Salvatore Sanfilippo (also known as Antirez). It is a one type of a tester for
network security. ... Like most tools used in computer security, hping is useful to
both system administrators and hackers.
Traceroute: Traceroute is a utility that records the route (the specific gateway computers at
each hop) through the Internet between your computer and a specified destination
computer. It also calculates and displays the amount of time each hop took.
R1-R2-R3-www is my path to www.victim.com
R1-R2-R3-db is my path to db.victim.com
R1-R2-R3-mail is my path to mail.victim.com
Enumeration is defined as the process of extracting usernames, machine names, network
resources, shares and services from a system. ... The gathered information is used to
identify the vulnerabilities or weak points in system security and tries to exploit in the
System gaining phase.
- Enumeration tools can be NetBIOS names scanners
-
Share scanners
Nessus to scan vulnerabilities
Defences against Port Scanning:
- Close all unused ports
- Remove unnecessary services
- Filter out unnecessary traffic
- Find openings before the attackers do
- Use smart filtering, based on clients IP.
Firewalls: It is important to determine firewall rules so that packet types don’t get through.
- Find out distance to firewall using traceroute.
- Ping arbitrary destination setting TTL – distance + 1
- If you receive ICMP_TIME_EXCEEDED message, the ping went through
Unit 1: Notes:
Career Path of a Cyber-Criminal
•
Script Kiddies: Lowest level of cyber-criminal. Finds code published on the
internet and changes it slightly to launch a new variant of a virus.
•
Virus Writer:
Has gained more code writing skills. Creates virus code in spare time and either
publishes it on the internet or launches an attack via email.
•
Spare Time “Cyber-Criminal”:
The thrill of virus writing has given way to greater risk taking.
The virus writer has now become entrenched in the cyber
-criminal world. However, still holds down a regular job. A number of spare time cybercriminals have jobs in the IT industry.
•
Professional “Cyber-Criminal”:
Full time cyber-criminal who makes his money from stealing credit card information of
victims or cracking into bank websites and either stealing money
or blackmailing the bank.
•
Phisher:
More complex skill set than a professional cyber-criminal. Creates websites that
look like, for example, a high street bank. He then steals account passwords when users
enter them thinking that they are in their usual site.
•
Cyber Criminal for Hire:
New breed of cyber-criminal that hires out his skills to organised criminals for the highest
price.
Download