Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Hacker Perspectives

advertisement 
Hacker Perspectives
Advanced Computer
Networks
SS 2007
Franz Sommerauer
ACN SS 07 - Hacker Perspectives
Overview






Definition of a Hacker
History of Hacking
How to get into Scene
Information Gathering
Ethical Hacking
Most famous Hackers
ACN SS 07 - Hacker Perspectives
Definition


(see Hacker Jargon file)
1. A person who enjoys learning the details
of programming systems and how to stretch
their capabilities, as opposed to most users
who prefer to learn only the minimum
necessary.
2. One who programs enthusiastically, or
who enjoys programming rather than just
theorizing about programming.
ACN SS 07 - Hacker Perspectives
Types of hackers

White hat
–
–

Grey hat
–
–

A person who is ethically opposed to the abuse of computer
systems (ethical hacker)
Generally focuses on securing IT systems
A skilled hacker who sometimes acts legally, sometimes in
good will, and sometimes not
Hybrid between white and black hat hackers
Black hat
–
–
Someone who compromises the security of a system
without permission from an authorized party
Cracker
ACN SS 07 - Hacker Perspectives
History of hacking

1972
–
John Draper discovers that a 2.6
kHz tone allows to access the
internal trunking mechanism of Ma
Bell



2.6 kHz tone created by a whistle
With a Blue box it was possible to
take internal control of Ma Bell's
long distance switching equipment
1973
–
College students Steve Wozniak
and Steve Jobs begin making and
selling blue boxes
ACN SS 07 - Hacker Perspectives
History of hacking

1981
–

1982
–

Chaos computer Club forms in Germany
Hacker group of six teenage hackers (414’s)
broke into 60 computer systems and instiutitions
(including Los Alamos Labs)
1988
–
Kevin Mitnick secretly monitors the e-Mail of
security officials (sentenced for one year to jail)
ACN SS 07 - Hacker Perspectives
History of hacking

1988
–
Robert T. Morris launches a worm on governments
ARPAnet (precursor of the Internet)





–
The worm spreads to 6000 networked computers
First person indicted under the Computer Fraud and Abuse Act
of 1986
3 years probation
400 hours community service
Fine of $10,050 and cost of his supervision
First National Bank of Chicago became victim of $70-million
computer theft
ACN SS 07 - Hacker Perspectives
History of hacking

1989
–
Hackers in West Germany were arrested


–
Broke into U.S. Government and corporate computers
Sold OS-Sourcecode to Soviet KGB
Fry Guy was arrested


earned the name by hacking into a local McDonald's
computer and giving raises to his hamburger-flipping
friends
Got credit card numbers by social engeneering
ACN SS 07 - Hacker Perspectives
History of hacking

1993
–
During radio station call-in contests, Kevin
Poulsen and 2 friends rigged the stations phone
systm to let their calls through

–
Won 2 Porsches, vacation trips and $20.000
Texas A&M Univerity professor received death
threats because a hacker used his email account
to sent 20.000 racist emails
ACN SS 07 - Hacker Perspectives
History of hacking

1994
–
Vladimir Levin and his group transferred $10
million from Citibank to bank accounts all over the
world


Sentenced to three years in prison
1995
–
Kevin Mitnick arrested again


FBI accused him of stealing 20.000 credit card numbers
stealing files from companies as Motorola and Sun
Microsystems
ACN SS 07 - Hacker Perspectives
History of hacking

1998
–

1999
–

2 hacker were sentenced to death in China for stealing 260.000 Yuan
($31.400)
Unidentified hacker seized control of British military communication
satellite and demanded money in return for control of satellite
2000
–
Hackers broke into Microsoft‘s corporate network

–
Russian cracker attempts to extort $100.000 from online music retailer
CD Universe

–
accessed source code for latest versions of Mircrosoft Windows and Office
software
threatening to expose thousands of customers credit card numbers
I love you virus spread rapidly around the world

infected image and sound files
ACN SS 07 - Hacker Perspectives
History of hacking

2002
–

Mircrosoft sent more than 8.000 programmers to
security training
2004
–
Myron Tereshchuk was arrested


Attempting to extort $17 million from Micropatent
2006
–
Jeanson James Ancheta received a 57 month
prison sentence
ACN SS 07 - Hacker Perspectives
How to get into scene

How to become a hacker
–
–
Learn about the techniques behind (program, UNIX, WWW)
Contribute to a hacker culture


–

You aren't really a hacker until other hackers consistently call you one
Hackers publish their work under real-names, Crackers use
pseudonyms
Experiment and try out things
How to become a cracker
–
–
–
–
Download a script and run it somewhere
Download a file called “40HEX”
Use your hacking skills for bad purpose
The final reason a cracker cracks is for money
ACN SS 07 - Hacker Perspectives
Information gathering


The more you know the easier you can attack.
There are many ways to gather information
–

Footprinting, Ping Sweep, Port Scan, OS Detection, Finger
Giving away knowledge is more dangerous than
running insecure software.
–
–
–
Manuals must be secret!
Never give away secret information over telephone!
Try to conceal what software / hardware / versions you are
using
ACN SS 07 - Hacker Perspectives
Information gathering

Footprinting
–
Learn as much as you can about a system





Remote access possibilities, ports, services …
How does the phone-system work?
How does the back-bone work?
How does the company deal with the system?
Who is responsible, who knows the system?
Read papers, manuals and ask the ones who know
ACN SS 07 - Hacker Perspectives
Information gathering

Social Engineering
–
–
Attacker tries to convince someone to give out information,
passwords
Most innocent questions


–
What is the phone number/IP address for…
Who is responsible for administrating the computer network
Network structure
The technical know-how is less important than
information!
ACN SS 07 - Hacker Perspectives
Information gathering

Ping sweep
Ping a range of IP addresses to find out which
machines are currently running

Port Scan
–
TCP Scan:
Scan ports to see which services are running
–
UDP Scan:
Send garbage packets to ports
ACN SS 07 - Hacker Perspectives
Information gathering

OS Detection
This involves sending illegal ICMP or TCP
packets to a machine

Finger
–
–
Retrieving the User List to get all accounts.
Read Log-Files that show from where and when
users are logging in.
ACN SS 07 - Hacker Perspectives
Ethical Hacking



Best protect a system by probing it while causing no
damage and fixing vulnerabilities found
Simulate how an attacker with no inside knowledge
of a system might try to penetrate
Includes permission to intrude
–
–
–
Consulting services
Hacking contests
Beta testing
ACN SS 07 - Hacker Perspectives
Ethical Hacking

The Problem
–
–
–
–
Current software engineering practices do not produce
systems that are immune from attack
Current security tools only address parts of the problem and
not the system as a whole
→ lack understanding leads to reliance upon partial
solutions
Policy and law in cyberspace is immature and lags the
state-of-the-art in attacks
System administration is difficult and becoming
unmanageable due to patching against increased
vulnerabilities
ACN SS 07 - Hacker Perspectives
Ethical Hacking

The result
–
–
Average time for a PC to be broken into directly
out-of-box from the store and attached to the
Internet is less than 24 hours.
The worst case scenario is about 15 minutes
ACN SS 07 - Hacker Perspectives
Ethical Hacking

Scanning Tools
–
Typical information that can be learnd from a port
scan is:





Existence of computer
OS
Version of OS
Types of available services (smtp, httpd, ftp, telnet…)
Type of computing platform
ACN SS 07 - Hacker Perspectives
Ethical Hacking

Dual nature of a port scanner
–
–
Most powerful tool an ethical hacker can use in
protecting a network of computers
Most powerful tool a cracker can use to generate
attacks
Historically most popular cracker attacks are
those that use scanning tools to target known
vulnerabilities
ACN SS 07 - Hacker Perspectives
Ethical Hacking

Conflicts of interest
–
–
–
Security firms hype and invent threats
Persons who work at security firms have been
known to spend their off-hours creating and
distributing the very attack tools their company
sells to protect against
Due to market pressure, businesses have used
ethical hackers to:


Beta test products
Hacking contests
ACN SS 07 - Hacker Perspectives
Ethical Hacking

Conclusion
–
–
The present poor security on the Internet, ethical
hacking may be the most effective way to
proactively plug security holes an prevent
intrusions.
On the other hand, ethical hacking tools have also
been notorious tools for crackers.
ACN SS 07 - Hacker Perspectives
Most famous Hackers

Black hat hackers
–
Jonathan James




–
installed a backdoor into a Defense Threat Reduction Agency
server
cracked into NASA computers
stealing software worth approximately $1.7 million
started a computer security company
Adrian Lamo


His hits include Yahoo!, Bank of America, Citigroup and
Cingular
Now he is working as journalist and public speaker
ACN SS 07 - Hacker Perspectives
Most famous Hackers
–
Kevin Mitnick


–
Kevin Poulsen


–
He hacked into computers, stole corporate secrets, scrambled
phone networks and broke into the national defense warning
system
is now a computer security consultant, author and speaker
His hacking specialty, however, revolved around telephones
He is now a senior editor for Wired News
Robert Tappan Morris

is currently working as a tenured professor at the MIT
Computer Science and Artificial Intelligence Laboratory
ACN SS 07 - Hacker Perspectives
Most famous Hackers

White hat hackers
–
Stephan Wozniak



–
Co-founded Apple computers with Steve Jobs
got his start in hacking making blue boxes
Wozniak even used a blue box to call the Pope while
pretending to be Henry Kissinger
Tim Berners-Lee



famed as the inventor of the World Wide Web
While working with CERN he created a hypertext prototype
system that helped researchers share and update information
easily
founded the World Wide Web Consortium at MIT (W3C)
ACN SS 07 - Hacker Perspectives
Most famous Hackers
–
Linus Torvalds


–
Richard Stallman

–
Father of Linux
He started with a task switcher in Intel 80386 assembly and a
terminal driver. Then he put out a call for others to contribute
code, which they did. Only about 2% of the Linux kernel is
written by Torvalds himself (most prominent examples of
free/open source software)
Founded the GNU Project to develop a free OS
Tsutomu Shimomura


he was hacked by Kevin Mitnick. Following this personal
attack, he made it his cause to help the FBI capture him
Using Mitnick's cell phone, they tracked him near RaleighDurham International Airport
ACN SS 07 - Hacker Perspectives
Thank you for your attention!
ACN SS 07 - Hacker Perspectives
Related documents
What is Ethical Hacking??
What is Ethical Hacking??
Cause- English for CS I: What`s Wrong With These Cause and Effect
Cause- English for CS I: What`s Wrong With These Cause and Effect
Chps 5, 7, & 12 Topics for paper
Chps 5, 7, & 12 Topics for paper
Hackers (Presentation)
Hackers (Presentation)
Computer Crimes - Bucknell University
Computer Crimes - Bucknell University
0707secnotes - Digital Transactions
0707secnotes - Digital Transactions
toefl speaking
toefl speaking
General Resources: Chapter 1--Meeting New Friends
General Resources: Chapter 1--Meeting New Friends
Download
advertisement