Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Attackers

advertisement 
CSCD 434
Lecture 6
Spring 2014
Attackers
Profile, Motives, Skills
1
Topics
• Motivation for us
• Identification of Them
– Skills - Hierarchy
– Motives
– Notable Individuals and Groups - History
• Impact of Them on us
• Resources
Motivation
• We need to study attackers
– Why?
– Need to know our adversaries
– How else can we determine the risk to
ourselves and our systems
– And, devise defense strategies
Motivation
• Sun Tzu on The Art of War, oldest military treatise
“If you know the enemy
and know yourself, you need not fear the result
of a hundred battles.
If you know yourself but not the enemy, for every
victory gained you will also suffer a defeat.
If you know neither the enemy nor yourself, you will
succumb in every battle”
Identification of Attackers
• Questions
– Who are they?
– Why do they want to attack?
– What do they have to gain?
– What is our risk?
5
Level of Attacks
• Recall, point of Computer Security
– Protect assets from a defined threat
– So, detailed knowledge of threat helps to create
good protection
• Average Attacks
– You as individuals won't likely have top-level hackers
attacking you
• Someone has to pay them!!!!!
– But, you will have script kiddie level to moderate level
hackers trying to gain credit card or private data
Identification of Attackers
• Who are they?
• Many groups can threaten your systems
• Not easy to classify them
– Typical way ... by skill level or potential
for damage
– Can rank them from lowest to highest in
skill but doesn’t always correlate with damage
potential
– Good example, virus/worm writers
•
Do a lot of damage but not necessarily the
most skilled
7
Identification of Attackers
• Loosely classify them by skill level and
motive
Elite Hackers – White Hat
• Hackers in this group are skilled
• Often belong to a hacker group
– L0pht, Masters of Deception ( old groups …)
– Anonymous, Zeus Gangs
• Feel they have mission to improve security of
computer world
• Avoid damage to network and systems
• Inform and educate system administrators about fixes
to their security
8
Identification of Attackers
• Elite Hackers – White Hat
– Supposedly subscribe to “Hacker Code of Ethics”
http://courses.cs.vt.edu/cs3604/lib/WorldCodes/Hackers.Code.html
– It said ...
“ Ethical duty of the hacker to remove barriers,
liberate information, decentralize power, honor
people based on their ability, create things that
are good and life-enhancing through
computers.”
9
Identification of Attackers
• Elite Hackers – White Hat
– Another document, “Hacker Manifesto”
Provides insight into punk hacker mentality
Written after author's arrest, and first published in
hacker ezine Phrack
http://www.mithral.com/~beberg/manifesto.html
10
Identification of Attackers
• Elite Hackers - Black Hats
• Skilled but do damage
• Break-in and leave evidence of their presence
– Need to re-install software
– Don’t worry about loss of private information
– Don’t buy into a Code of Ethics
• Sell their services to highest bidder
– Corporate espionage, extortion, fraud
• Criminals ....
11
Identification of Attackers
• Psychological Profile of Elite Hackers
• Most elite hackers ...
• Different values and beliefs than society
• White hats believe they are performing a service
for society by exposing poor security practices
• Sometimes have a tenuous grasp on reality
because they live mostly in the cyber world
• Examples: Rob Morris, Kevin Mitnick
12
Hacker Timeline
http://besser.tsoa.nyu.edu/impact/f96/Projects/smistry/timeline.html
• 1970's - Age of phone phreaking
– Phone phreakers, John Drapper, goal - free phone
calls
• Early 1980's - Groups and zines formed, no laws yet
– Hacking groups like Legion of Doom in US and Chaos
Computer Club in Germany
– Los Alamos laboratory’s computers for developing
nuclear weapons were hacked by the 414 gang
– A gang that comprised of six teenagers who were later
apprehended
Hacker Timeline
• Late 1980's - Law formed, Exploits tested
– The Computer Fraud and Abuse Act was passed in
1986
– 1st self-replicating worm used on government's
ARPAnet to test effect on UNIX systems
• Robert T. Morris, Jr., graduate student at Cornell
University .. later spread to 6000 computers
• Fined 10,000 USD, Public Service
– German hackers arrested for breaking into United
States government and corporate computers and
sold operating-system source code to Russian KGB
Hacker Timeline
• 1990's - Gov'ment targets hackers, Internet beginsMafiaboy
– Kevin Mitnick was arrested for breaking into
computers
– Vladimir Levin and other Russian crackers siphoned
10 million USD from Citibank and transfer it to bank
accounts in Finland and Israel
• 2000 - Intenet worms and DDoS takes off
– Attacks launched on Yahoo, Amazon and eBay,
denial of service for users - Mafiaboy responsible
– Break-ins on Microsoft, for latest versions of their
products
• 2001 attack led to prevention of millions of users
Hacker Timeline
• 2010 - Internet worms and DDoS takes off
– Sophistication of attacks grows,
• Storm Botnet, Conficker, Stuxnet is latest
– Hacking for profit is the norm
– Spam, phishing, corporate blackmail is profitable
– Data breaches common
– Botnets are common too
Hacker History
• 1970's Phone Phreakers
– Learn as much as possible about telephone
system without getting caught
– Use knowledge to their advantage
• Free phone calls
– Most famous - John Draper - Captain Crunch
– Why was he called that?
Phone Phreakers
• Captain Crunch - 1971
– Discovered a toy whistle found in a box of Captain
Crunch cereal
• Emitted a tone, 2600 Hz tone
• Exact frequency need to tell phone system to hang
up the call, but used other tones then to call
numbers - result was free phone call
• Late 60's and Early 70's, all toll trunks were
sensitive to this tone,
• ATT did fatal cost cutting measure, designed
system so that signaling and voice used the same
circuit
Phone Phreakers
• Others Discovered Secret
• Made devices to emit signal, “blue boxes”
• Worked until phone companies replaced old
switches with newer electronic switching
systems
• History of the boxes and more
http://www.webcrunchers.com/
Famous Elite Hackers
Eric Corley
(also known as Emmanuel Goldstein)
• Long standing publisher of 2600: The Hacker Quarterly and
founder of the H.O.P.E. conferences.
• Been part of the hacker community since the late '70s.
Kevin Mitnick
• A former hacker who now speaks, consults,
and authors books about social engineering
and network security.
Robert Morris
• Now a professor at MIT
• The son of the chief scientist at the National Computer Security
Center — part of the National Security Agency (NSA)
• Cornell University graduate student accidentally unleashed an
Internet worm in 1988 (oops ….)
20
• Thousands of computers were infected and subsequently crashed.
Famous Hacker Groups
"Goolag - exporting censorship, one
search at a time"
• CULT OF THE DEAD COW, also known as cDc or cDc
Communications, computer hacker and DIY media organization
founded in 1984 in Lubbock, Texas
– Produce an ezine called, Cult of the Dead Cow
http://www.cultdeadcow.com/cms/textfile_index.php3
– Practiced Hacktivism
• Combined Hacking with Social justice
• Targeted Google in allowing China to filter Internet traffic
– Well Known Tools
• Back Orifice - Remote control of others computers
• Whisker - IDS evasion
Famous Hacker Groups
• L0pht Heavy Industries was famous hacker collective active
between 1992 and 2000, physically in Boston, Massachusetts
area
– 1998, all seven members of L0pht (Brian Oblivion, Kingpin,
Mudge, Space Rogue, Stefan Von Neumann, John Tan,
Weld Pond) testified before Congress that they could shut
down the entire Internet in 30 minutes
– 2000, L0pht Heavy Industries merged with startup @stake,
transitioned from an underground organization into
"whitehat" computer security company
• Symantec bought @stake in 2004
– L0pht produced L0phtcrack a password cracker program
Famous Hacker Groups
• Chaos Computer Club (CCC)
One of biggest and most influential hacker
organizations
– CCC based in Germany and currently has over 4,000
members, http://www.ccc.de/?language=en
– CCC more widely known for public demonstrations of
security risks
• In 2008, CCC published fingerprints of German Minister
of Interior Wolfgang Schäuble
• Also included fingerprint on film that readers could use
to fool fingerprint readers
Identification of Attackers
• Virus Writers
• Another group with some skilled and unskilled
members
• Been around a long time and have been studied
the longest
• This group has been evolving too
• Sarah Gordon gained fame for profiling this group
• She maintains archive of articles on the Web site
http://www.badguys.org
" Not all people who write computer viruses are
criminals because writing computer viruses is not
(necessarily) illegal.”
24
Attacker Groups
• Virus Writing – Easy?
– Searched with string, “How to write a virus”
– Got 8,200,000 hits
– Among them, the following …
25
Reasons for Writing Viruses
• “Virii are wondrous creations written for the sole purpose
of spreading and destroying the systems of unsuspecting
fools.
– This eliminates the systems of simpletons who can't tell that
there is a problem when a 100 byte file suddenly blossoms into a
1,000 byte file.
– Duh. These low-lifes do not deserve to exist, so it is our sacred
duty to wipe their hard drives off the face of the Earth.
– It is a simple matter of speeding along survival of the fittest.
• Why did I create this guide? After writing several virii, I
noticed that virus writers generally learn how to write virii
either on their own or by examining the disassembled
code of other virii
• This guide will show you what it takes to write a virus and
also will give you a plethora of source code to include in
your own virii.”
Dark Angel
http://vx.netlux.org/lib/static/vdat/tuda0001.htm
http://cyberwidycomunity.blogspot.com/2008/12/dark-angelsphunky-virus-writing-guide.html
26
Attacker Groups
• Hacktivism Groups
– Fusion of hacking and activism
– Hacking for a political cause
– A clinical definition of hacktivism is:
• Hacktivism: a policy of hacking, phreaking or
creating technology to achieve a political or social
goal
http://www.thehacktivist.com/
27
Attacker Groups
• Hacktivism Groups
• Examples
– In 1998, several targeted events in which
computer intrusion and defacement used to
protest injustice
– Milw0rm broke into computer systems at India's
Bhabha Atomic Research Centre, Bombay
(BARC) in protest against nuclear weapons tests
http://www.wired.com/news/technology/0,1282,12717,00.html
28
Attacker Groups
• Hacktavism continued
– 1998 LoU members Bronc Buster and Zyklon disabled
firewalls in order to allow China's Internet users
uncensored access to Internet
http://www.wired.com/news/print/0,1294,16545,00.html
– 1998 X-Ploit defaced the websites of Mexico's
Finance Ministry and Health Ministry to protest
government of President Ernesto Zedillo and show
solidarity with the Zapatista rebellion
http://thehacktivist.com/archive/news/1998/MexicanHackersReuters-1998.pdf
29
Hacktivism – Final Examples
• 1998, Electronic Disturbance Theater, experimented
with early forms of virtual sit-ins
– Group created software, FloodNet and has
invited mass participation in its virtual sit-ins
against Mexican government
• EDT members Carmin Karasic and Brett Stalbaum
created FloodNet to direct a "symbolic gesture"
against an opponent's web site
30
Hacktivism
• FloodNet, Java applet that repeatedly sends
browser reload commands
– In theory, when enough EDT participants are
simultaneously pointing the FloodNet URL
toward an opponent site, critical mass
prevents further entry
– Actually, this has been rarely attained
• FloodNet's power lies more in simulated threat!
31
32
Hacktivism
http://www.fraw.org.uk/ehippies/index.shtml
• Mission - to assist the process of change towards a
more fair and sustainable society using only electrons
• Actions being protested must be reprehensible to
many, not just small group
– Democratic accountability - people vote with
modems
• Event used to justify DoS attack must provide focus
for debate (e.g., World Trade Organization
conference)
Current Hacktivism
• Wikileaks
Julian Assange
• Publisher of leaked government documents about
wars, environmental crimes and other news “they”
don't want us to know
http://www.wikileaks.org
Where is Julian Assange?

Julian Assange has been given political asylum in
Ecuador … but he is holed up in the Ecuador
embassy in England
Some articles are here
http://thetruthisnow.com/headlines/ecuador-accepts-julian-assanges
-bid-for-asylum/
http://educate-yourself.org/cn/
julianassangecharacterassassintion20aug12.shtml
http://rense.com/general95/ecuad.html
Another Hacker/Activist
Who is this man?



Gary McKinnon
In 2002, Gary McKinnon was arrested by the UK's
national high-tech crime unit, after being accused of
hacking into Nasa and the US military computer
networks.
He says he spent two years looking for photographic
evidence of alien spacecraft and advanced power
technology
How He Did It ...



His Interview ...
GM: Unlike the press would have you believe, it
wasn't very clever. I searched for blank passwords, I
wrote a tiny Perl script that tied together other
people's programs that search for blank passwords,
so you could scan 65,000 machines in just over eight
minutes
SK: So you're saying that you found computers which
had a high-ranking status, administrator status, which
Current - Hackers and Climategate
• E-mails, cover decade of correspondence ... suggest
scientists colluded and manipulated data to support their
global warming viewpoints ... released about 2009
• Highlight one 1999 e-mail from Phil Jones, director of the research
center:
“I’ve just completed Mike’s Nature trick of adding in the real
temps to each series for the last 20 years (i.e., from 1981
onwards) and from 1961 for Keith’s to hide the decline”
• Climategate 2.0, 2011 - another 5000 emails leaked
showed evidence of deception of scientists
http://www.examiner.com/article/climategate-climate-center-s-serverhacked-revealing-documents-and-emails
http://newsbusters.org/blogs/noel-sheppard/2011/11/22/climategate-205000-new-emails-confirm-pattern-deception-and-collusio
Current Hacktivism
• Anonymous
http://en.wikipedia.org/wiki/
Timeline_of_events_involving_Anonymous
– Gained worldwide press for Project Chanology, protest
against the Church of Scientology
– 2008, a video produced by Church featuring an interview
with Tom Cruise was leaked to Internet and uploaded to
YouTube
– Church of Scientology issued a copyright violation claim
against YouTube requesting removal of video
– Anonymous formulated Project Chanology... said action was
Internet censorship
• DoS against Scientology websites, prank calls, etc
Anonymous

Extremely active in Occupy Wallstreet
events in 2011 and ongoing …
Links here
http://www.youtube.com/watch?v=HrXyLrTRXso
http://www.theinquirer.net/inquirer/news/2163685/hackersthreaten-youtube-anonymous-video
Impacts of Hacker Groups
41
Low-Skilled Attacker Groups
• Script Kiddies
• Skilled hackers put their tools on-line
• They appear to want others to use and
benefit from their experience
– Goes along with ethic of sharing information
– Allows people with limited technical knowledge
to do lots of damage since there are lots of
them
– Following quote from a 2002 article where Ed
Skoudis discusses damage from low-skilled
Kiddies
42
Low Skilled Attacker Groups
• Low-Skilled Script Kiddies = Low Damage?
• “Script Kiddie is typically young male, usually not by any
means computer expert, who exploits weaknesses in
security systems discovered by someone else
43
Higher Skilled Attacker Groups
• Hacking for Profit
• Famous examples
• 1999, Maxim broke into CD Universe and stole
300,000 credit card numbers
• 2001, FBI and NIPC warned that Russian and
Ukranian hackers had stolen ove
1,000,000 credit cards
• 2001, Playboy.com was cracked and cards stolen
• 2002, World Economic Forum had DB broken into
and
1400 cards were stolen among them Bill Clinton,
Bill Gates, Yassar Arafat and Shimon Perez!
Higher Skilled Attacker Groups
• Credit Card Theft – Growing problem
– 2007- TJX Cos. (NYSE:TJX) revealed that
information from least 45.7 million credit/ debit cards
was stolen over an 18-month period
– 2008 - Security breach East Coast supermarket
chain exposed more than 4 million card numbers
led to 1,800 cases of fraud, Hannaford Bros. Grocery
– 2013 – Security Breach of URM stores consisting of
Yokes, Rosaur's, Super 1 Foods, Huckleberries,
November 2013
Database of Credit Card Breaches
http://www.privacyrights.org/data-breach
45
Higher Skilled Attacker Groups
• Hacking for Profit
• Fraud in Credit Cards is 3 times rate online
than same purchases offline
• Seems to be growing worse with time
– Theft of Trade Secrets
• Worth great deal of money
• If sold to the right group
• Example: New Intel Chip design, what’s it worth?
Many examples of cyber related Trade secret theft
46
SecureWorks Uncovers $2 Million Russian
Hacker Scheme
• 2007 SecureWorks Security Research Group
– Discovered new trojan that searches for and captures
credentials used by several Internet banking and ecommerce websites
– Trojan, Gozi, forwards captured credentials to online
database where they being sold to the highest bidder
– Security Research Group uncovered a cache of stolen
information holding over 10,000 account records
containing everything from online banking user credentials
to patient healthcare information and even employee login
information for confidential government and law
enforcement applications
– Further investigation revealed data was being offered for
47
sale by Russian hackers for over $2 million.
Latest in Skill Levels
• How about controlling 100's of 1000's of computers?
What skill level does that take?
– For example, Jeanson Ancheta, a 21-year-old hacker and
member of a group called the “Botmaster Underground”,
reportedly made more than $100,000 from different Internet
Advertising companies who paid him to download speciallydesigned malicious adware code onto more than 400,000
vulnerable PCs he had secretly infected and taken over
– He made tens of thousands more dollars renting his
400,000-unit “botnet herd” to other companies that used
them to send out spam, viruses, and other malicious code
on the Internet
Bots are Highly Profitable
• Some botnet owners reportedly rent their huge networks for
$200 to $300 an hour, weapon of choice for fraud and
extortion
• Newer methods evolving for distributing “bot” software that
may make it even more difficult future for law enforcement to
identify and locate originating“botmaster”
– P2P architecture makes it very difficult to completely shut
down some botnets
Stuxnet Sophistication
at the Highest Level
• What is stuxnet?
– Computer virus/worm that can manipulate and
damage real-world physical equipment
– Target were nuclear plants in Iran
– Different from previous malware
• Authors had a specific facility or facilities in mind
and extensive knowledge of system they were
targeting.
• Who created it?
– Guesses. Israeli Mossad and USA
– Can't be proved (yet)
http://www.informit.com/articles/article.aspx?p=1686289
Conficker Family
• Conficker is a family of “worms” (malicious computer
software programs)
• Purpose infect computers and then spread itself to
other computers without any human interaction.
– Currently, there are at least three known variants of
Conficker: A, B and C/D.
• Conficker created as a two-stage threat
1. Conficker responsible for the infection of as many
computers as possible.
2. Second stage has yet to materialize
Conficker Family
• However, conficker infected machines
– Capable of becoming huge botnet if necessary
– Infected about 10 million computers
• Authors?
– Unknown ... speculation on China
– Microsoft has a $250,000 bounty out for author
Computer Crime
• One reason people break into computers for the
thrill of it
• Do people break into banks or homes in the
real world just to see if they can do it?
– Not too likely
• So, what deters criminals in the real world?
53
Computer Crime
• What deters real-world criminals?
– Likelihood of being caught
– And, prosecuted if caught
• How likely are you to be caught in the
cyber world?
– It depends …
54
Computer Crime
• Depends on …
• In cases where a lot of damage or
something valuable is stolen, more
incentive to catch you and prosecute
• Average break-in with little or no damage,
unlikely you will be caught or prosecuted
• Difficult to collect evidence and link your
activity to scene of the crime
55
What is Current Risk
• Given monetary incentives of cybercrime,
what does this say for risk from cyber
threats?
• Would the risk be different depending on who
you are?
– Government, Banks, Large Corporations
Books, Conferences and Movies
Hacker Conferences
• Reference Link
http://en.wikipedia.org/wiki/Timeline_of_computer_security_
hacker_history
– The hobby and network hacking subculture is
supported by regular gatherings, called cons
• These have drawn more and more people every year
including SummerCon (Summer), DEF CON, HoHoCon
(Christmas), PumpCon (Halloween), H.O.P.E. (Hackers
on Planet Earth) and HEU (Hacking at the End of the
Universe)
http://www.defcon.org Attracted 15,000 people in 2013
http://www.shmoocom.org
http://ww.summercon.org
http://www.2600.com/hopes.html
58
Hacker Books
• Books on Hackers
– Steven Levy
•Hackers: Heroes of the Computer Revolution
– Michelle Slatalla and Joshua Quittner
•Masters of Deception: The Gang That Ruled
Cyberspace, HarperPerennial, 1995
– Bruce Stirling
•The Hacker Crackdown, Bantam, 1992
– Paul Taylor
•Hackers, Routledge, 1999
http://www.amazon.com/Books-about-computer-hackershacking/lm/26UXHC7HABWSY
59
More Hacker Books
• Cuckoo's Egg - 1995
• Clifford Stoll
• Clifford Stoll becomes, almost unwillingly, a oneman security force … 75-cent accounting error in a
computer log is eventually revealed to be a ring of
industrial espionage
• The Art of Deception - 2003
• Kevin D. Mitnick, William L. Simon
• Takedown - 1996
–Tsutomu Shimomura and John Markoff
• Account of Kevin Mitnick’s arrest
60
Hacker Websites
• Hacker hall of Fame
http://www.francesfarmersrevenge.com/stuff/misc/hack/hall.htm
• Shmoo Group
http://www.shmoo.com
• Attrition
http://www.attrition.org
• Oldest hacker group - Chaos Computer Club
http://www.ccc.de
• Underground News
http://www.undergroundnews.com
Journals
• Phrack
– http://www.phrack.com/
• 2600
– http://www.2600.com/
• Hakin9
– http://hakin9.org/
• Hackbloc
– https://hackbloc.org/
Movies
• War Games - 1983
– Starring Matthew Broderick
• Link to 20 Recommended Movies
– http://www.linuxhaxor.net/?p=432
– The Net to Sneakers to Many others
• Takedown - 2000
– About Kevin Mitnick from Their point of view
• Freedom Downtime - 2001
– Movie about Kevin Mitnick by his friend Emmanuel
Goldstein ... its online
http://video.google.com/videoplay?docid=-6746139755329108302#
Conclusion
• Many hacker groups out there with a wide
range of skills and motives
– Lowest level – script kiddie will launch attacks
from others
• Motive – See if I can do it, thrill of it
– Medium level – can create own attacks,
customize other’s attacks
• Motive – Still see if I can do it, plus monetary
reward
– Highest Level – Both use and create own
attacks
• Motive – Economic espionage, theft, nation states64
infiltration activity
Conclusion
• Having knowledge about the potential
types of crimes and groups
– Leads to more effective defense!!!
65
The End
Stay tuned … New Assignment Will be up by end of today
Assignment 3
66
Related documents
Basement Innovators
Basement Innovators
What is Ethical Hacking??
What is Ethical Hacking??
Cause- English for CS I: What`s Wrong With These Cause and Effect
Cause- English for CS I: What`s Wrong With These Cause and Effect
For Hacker Ethics
For Hacker Ethics
0707secnotes - Digital Transactions
0707secnotes - Digital Transactions
Chps 5, 7, & 12 Topics for paper
Chps 5, 7, & 12 Topics for paper
Hackers (Presentation)
Hackers (Presentation)
Adam Capriola Risks of Computing 9/11/05 Many people don`t
Adam Capriola Risks of Computing 9/11/05 Many people don`t
Download
advertisement