Hackers/Attackers

advertisement
CSCD 303
Essential Computer
Security
Winter 2014
Lecture 4 - Hackers and
Attackers
Reading: Chapters 3, 7, 16
Overview
• Hackers and Attackers
– Definitions
– History
• Past
• Recent
– Motivation
• Glory, Fame
• Hacktivism
• CyberCrime
• Cyberterror
– Resources
Terms Again
• What is a Hacker?
• People engaged in circumvention of computer
security,
• Unauthorized remote computer break-ins, but
also includes those who debug or fix security
problems
• Its earliest known meaning referred to an
unauthorized user of telephone company
network, a phone phreaker
More Definitions
• Blackhat Hackers
– Breaks into computers with malicious intent
– Distinguished from ethical Hackers who break
into computers for publicizing security
problems
– Members of this group, destroy data, disrupt
services and wreck havoc on computers and
users
Attacker Groups
• Whitehat Hackers
• Hackers in this group are skilled
• Often belong to a hacker group
– L0pht, Masters of Deception ( old groups …)
– Legion of Doom, Chaos Computer Club
• Feel they have a mission to improve security of
computer world
• Avoid damage to network and systems
• Inform and educate system administrators about
fixes to their security
5
Meetup Groups
• You can join a Hacker Meetup Group
http://hacking.meetup.com/
– You can join a hacking group through the
meetup organization!!!
Attacker Groups
• Psychological Profile of Elite Hackers
• Most elite hackers ...
• Different values and beliefs than society
• White hats believe they are performing a
service for society by exposing poor security
practices
• Some believe they are smarter than average
• Examples: Rob Morris, Kevin Mitnick
7
More Definitions
• Script Kiddies
– Wannabe hackers
– Little knowledge of what they are doing
– Exploits they use, have typically been written
by others with more knowledge
Definitions
• Cyber Terrorists
– OK, this is an FBI definition
• Premeditated, politically motivated attack against
information, computer systems, computer programs,
and data which result in violence against
noncombatant targets by sub-national groups or
clandestine agents
– James Lewis from Center for Strategic and International
Studies
• Use of computer network tools to shut down critical
national infrastructure (such as energy,
transportation, government operations) or to coerce
or intimidate a government or civilian population
Hackers
• Everyone thinks hacker = criminal
• What do you think?
– Hackers have subculture, not-mainstream
• Dress in black, spend a lot of time in front of their
computers, fascinated with technology
• Can potentially do scary things to people's data
• All of this creates a mistrust and fear of them
• Like to hang out in groups too
• Have strange group names:
Cult of the Dead Cow, Demon Industry, Hell of
Web
Hacker History
• Phone Phreakers
– Learn as much as possible about telephone
system without getting caught
– Use knowledge to their advantage
• Free phone calls
– Most famous - John Draper - “Captain Crunch”
– Why was he called that?
History - Phone Phreakers
• Captain Crunch - 1971
– Discovered a toy whistle found in a box of Captain
Crunch cereal
• Emitted a tone, 2600 Hz tone
• Exact frequency need to tell phone system to hang
up the call, but used other tones then to call
numbers - result was free phone calls
• Late 60's and Early 70's, all toll trunks were
sensitive to this tone
• ATT did cost cutting measure, designed system so
that signaling and voice used same circuit
History - Phone Phreakers
• Others discovered secret ...
• Made devices to emit signal, “blue boxes”
• Worked until phone companies replaced old
switches with newer electronic switching
systems
Trivia
• What famous PC computer founder was part of
John Draper's computer club ?
– Steve Wozniak
http://www.webcrunchers.com/origins.html
History - Famous Hackers
• Eric Corley
(also known as Emmanuel Goldstein)
• Long standing publisher of 2600: The Hacker Quarterly and
founder of the H.O.P.E. hacker conferences.
• Been part of the hacker community since the late '70s.
• Kevin Mitnick
• A former computer hacker who now speaks,
consults, and authors books about social
engineering and network security.
• Robert Morris
• Now a professor at MIT
• The son of the chief scientist at the National Computer Security
Center — part of the National Security Agency (NSA)
• Cornell University graduate student accidentally unleashed an
Internet worm in 1988 (oops ….)
14
• Thousands of computers were infected and subsequently crashed.
History Recent Hackers
Why is he
famous?
Richard
Stallman
• Recent Black and White Hat Hackers
– List of hackers including some recent folks can
be found here, includes software developers
http://www.autistici.org/rez/hackers.php
History Famous Hacker Groups
"Goolag - exporting censorship, one
search at a time"
• CULT OF THE DEAD COW, also known as cDc or cDc
Communications, is a computer hacker group founded in 1984
Lubbock, Texas
– Produces an ezine called, Cult of the Dead Cow
http://www.cultdeadcow.com/cms/textfile_index.php3
– Responsible for the practice of Hacktivism
• Combining Hacking with Social justice
• They targeted Google in allowing China to filter Internet
traffic
– Well known tools
• Back Orifice - Remote control of others computers
• Whisker - IDS evasion
History - Famous Hacker Groups
• L0pht Heavy Industries was famous hacker collective active
between 1992 and 2000, physically in Boston, Massachusetts
area
– 1998, all seven members of L0pht (Brian Oblivion, Kingpin,
Mudge, Space Rogue, Stefan Von Neumann, John Tan,
Weld Pond)
• Testified before Congress that they could shut down the
entire Internet in 30 minutes
– 2000, L0pht Heavy Industries merged with startup @stake,
completing L0pht's slow transition from an underground
organization into a "whitehat" computer security company
• Symantec bought @stake in 2004
– L0pht produced L0phtcrack a password cracker program
History - Famous Hacker Groups
• Chaos Computer Club (CCC) is one
of the biggest and most influential hacker organizations
– CCC based in Germany and currently has over 4,000
members, http://www.ccc.de/?language=en
– CCC more widely known for public demonstrations of
security risks
• 1996, CCC members demonstrated attack against
Microsoft's ActiveX technology, changing personal data
in a Quicken database from outside
• In 2008, CCC published fingerprints of German Minister
of Interior Wolfgang Schäuble, also included fingerprint
on film that readers could use to fool fingerprint readers
Hacktivism
• Motivation: political reasons
• Something called “hacktivism” is political
motivation combined with cyber activism
• Example: Defacing certain web sites to
embarrass a country or agency
– FBI and the CIA had their web sites defaced
numerous times
CIA.gov defacement example
A turkish group, known
as turkguvenligi.info,
managed to exploit a
SQL injection flaw and
insert a record that
redirected the "events"
page to an image with
their site name.
Hacktivism
• FloodNet, Java applet that repeatedly sends
browser reload commands
– In theory, when enough EDT participants are
simultaneously pointing the FloodNet URL
toward an opponent site, critical mass
prevents further entry
– Actually, this was rarely attained
– Developed before botnets
• FloodNet's power lies more in simulated threat!
22
23
Hacktivism
• Older Examples
– 1998 LoU members Bronc Buster and Zyklon disabled
firewalls in order to allow China's Internet users
uncensored access to Internet
http://www.wired.com/news/print/0,1294,16545,00.html
– 1998 X-Ploit defaced the websites of Mexico's
Finance Ministry and Health Ministry to protest
government of President Ernesto Zedillo and show
solidarity with the Zapatista rebellion
http://news.bbc.co.uk/2/hi/science/nature/146645.stm
24
Current Hacktivism
• Anonymous
http://en.wikipedia.org/wiki/
Timeline_of_events_involving_Anonymous
– Gained worldwide press for Project Chanology, protest
against the Church of Scientology
– 2008, a video produced by Church featuring an
interview with Tom Cruise was leaked to Internet and
uploaded to YouTube
•
Church of Scientology issued a copyright
violation claim against YouTube requesting
removal of video
– Anonymous formulated Project Chanology... said action
was Internet censorship
Anonymous


Extremely active in Occupy Wallstreet
events in 2011 and ongoing …
Links here:
http://www.youtube.com/watch?v=HrXyLrTRXso
http://www.theinquirer.net/inquirer/news/2163685/hackersthreaten-youtube-anonymous-video
Wikileaks, http://wikileaks.org/

Julian Assange – creator



WikiLeaks is an international, online, non-profit
organization which publishes secret information,
news leaks, and classified media from
anonymous sources
Its website, initiated in 2006 in Iceland by
organization Sunshine Press, claimed a database
of more than 1.2 million documents within a year
of its launch
April 2010, WikiLeaks published gunsight footage
from the 12 July 2007 Baghdad airstrike in which
Iraqi journalists were among those killed by an
AH-64 Apache helicopter,
http://www.youtube.com/watch?v=5rXPrfnU3G0
Wikileaks

Where is Julian Assange now?
June 2013, marked the one-year anniversary
of Julian Assange's flight to the Ecuadorian
Embassy in London to avoid extradition to
Sweden in response to a Swedish police
request for questioning in relation to a sexual
assault investigation
Climategate Emails


The Climategate scandal erupted on November 19,
2009, when a collection of email messages, data files
and data processing programs were leaked from the
University of East Anglia Climatic Research Unit (CRU)
located in the UK, revealing scientific fraud and data
manipulation by scientists concerning the Global
Warming Theory
Climategate emails and climate data became the subject
of intense debate, calling to question assumptions on
anthropogenic (man-made) global warming
http://beforeitsnews.com/environment/2013/06/revisitingclimategate-as-climatism-falters-2471332.html
Climategate 2.0

Two years later ….



November 22, 2011 another batch of emails was
stolen and released .. showing still more doubts
among the key scientists involved
These emails confirm is that the great manmade global warming scare is not about science
but about political activism
Read more
http://newsbusters.org/blogs/noel-sheppard/2011/11/22/climategate-20-5000new-emails-confirm-pattern-deception-and-collusio#ixzz2qRWeFhfah
http://www.forbes.com/sites/jamestaylor/2011/11/23/climategate-2-0-new-emails-rock-the-global-warming-debate/
http://climateaudit.org/2011/12/28/evading-moshers-foi/
Cybercrime
• Who is responsible for most Cybercrime?
– Countries
• Russia, US, Eastern Europe, China, Brazil
• Dave Emm of Kaspersky Labs says
– “ ... probably China is at the top, and that’s more than 50 per
cent
– Next would be between Russia and Latin America. A lot of
the banking Trojans come from Latin America”
– Roger Thompson, of AVG, believes that cybercrime can
come from anywhere:
– “While there are a lot of malware and web threats coming
from Russia and China, there is also lots of activity in Turkey,
Romania, Brazil and the US”
http://pcplus.techradar.com/node/3066
Cybercrime
• Motivation is mostly money
– Criminals want to make money typically by
illegal means
– Extortion, blackmail, theft, are all alive and well
in the cyber world
– Even physical security can be compromised if
we include cyber stalking
– Maybe other motivation such as malice against
a company or government agency
Cybercrime
Exploit Users Through Social Network Sites
http://www.bmighty.com/security/showArticle.jhtml?articleID=208402877
• National Cyber Security Alliance (NSCA) found
- 83% of users downloaded unknown files from other people's profiles
• Potentially opened their PCs to attack
- 57% of people who use social networking sites admit to worrying about
becoming a victim of cybercrime
–Three out of four users give out personal information
• E-mail address, name, or birthday that can be used to perpetrate
identity theft
• Amazingly, 4% have even listed their Social Security numbers
somewhere on their social network page
Cybercrime
• Credit Card Theft - Numbers!!
– 2005 - More than 40 million credit card numbers
belonging to U.S. consumers were accessed by computer
hacker, at risk of being used for fraud, MasterCard
International Inc.
– 2007- TJX Cos. (NYSE:TJX) revealed that information
from least 45.7 million credit/ debit cards was stolen over
an 18-month period
– 2008 - Security breach East Coast supermarket chain
exposed more than 4 million card numbers led to 1,800
cases of fraud, Hannaford Bros. Grocery
Database of Credit Card Breaches
http://www.privacyrights.org/
34
Cyberterrorism
http://en.wikipedia.org/wiki/Cyber-terrorism
• As 2000 approached, fear and uncertainty
• Remember how popular Duck Tape and guns were?
Millennium bug promoted interest in potential
cyberterrorist attacks
–Acted as a catalyst in sparking fears of a possibly
devastating cyber-attack
–Real possibility existed for computer based
systems such as banks, water supplies and power
to be completely disabled
Cyberterrorism
• Good overview of threat of cyber-terrorism
http://www.crime-research.org/articles/
Cyber_Terrorism_new_kind_Terrorism/
• Examples of incidents
Cyberterrorism
• On Oct. 21, 2002, a distributed denial of service (DDOS)
attack struck the 13 root servers that provide DNS services
– Nine servers out of these thirteen were jammed. The
problem was taken care of in a short period of time.
• At Worcester, Mass, in 1997, a hacker disabled the computer
system of the airport control tower
• In 2000, someone hacked into Maroochy Shire, Australia
waste management control system and released millions of
gallons of raw sewage on the town - start real sickness
• In Russia, 2000, hacker was able to control the computer
system that govern the flow of natural gas through the pipelines
Example of Cyberterrorism
http://news.cnet.com/8301-10784_3-9721429-7.html
• In May 2007, Estonia subjected to mass cyber-attack in
wake of removal of Russian World War II statue
• Attack was distributed denial of service attack in which
selected sites were bombarded with traffic in order to
force them offline … successfully
• Nearly all Estonian government ministry networks plus
two major Estonian bank networks were knocked offline
– Plus, political party website of Estonia's current Prime
Minister featured a counterfeit letter of apology for
removing the memorial statue
Example of Cyberterrorism
• At the peak of the crisis, bank cards and mobile-phone
networks were temporarily frozen
• Russia is suspected for the attacks and various groups
have claimed responsibility ... no-one knows for sure!
• Is this in your opinion Cyberterrorism?
Example of Cyberterrorism
• Stuxnet Worm - Current Example - 2010
http://www.theaeonsolution.com/security/?p=307
• Stuxnet, Windows-specific computer worm first discovered in
June 2010 by VirusBlokAda, security firm from Belarus
• Worm spies on and reprograms industrial systems
• Attacks Supervisory Control And Data Acquisition (SCADA)
systems used to control and monitor industrial processes
• It is also first known worm to target critical industrial
infrastructure
• According to news reports infestation by this worm might
have damaged Iran's nuclear facilities in Natanz
• It has infected computers in China, Iran, Indonesia, India,
US and others ...
Example of Cyberterrorism
• Chinese Hackers Attack Energy Facilities - 2009
http://www.theepochtimes.com/n2/content/view/15058/
• Hackers believed to be backed by the Chinese communist
regime have continuously broken into computers critical to
functioning of the United States' electric grid network
• All major electricity companies were targeted in attack,
with several of their key systems compromised
• Attacks appeared pervasive across U.S. and don't target a
particular company or region
Risks from Attack
• As a private individual, who is likely to
target you and what might be their
motivation?
– Any Ideas?
Risks from Attackers
• Private Individuals
• Credit cards, SSN’s, bank information, medical
records, other personal info
• At risk from
– Criminals – want to profit from getting and
selling your personal data
– Phishing, Fake virus infections,
Social networking sites
Risks from Attackers
• Small Business or Corporation
– More at risk from deliberate targeting
– Know something about company, at least its
assets and defenses
– Use a variety of techniques, technical, social
engineering, and phishing to gain access
– Want user or customer data, company secrets
– Loss is potentially more severe
• Direct loss of assets and loss from law
suites
Risks from Attackers
• Government, military site or critical
infrastructure sites
– Huge attraction for outside hackers
– Motivation includes financial but also just pride
especially if sophisticated security
– Hacktivism
– Could be nation states involved at this level
– Meaning very skilled attackers trying to get
classified information
– Or, trying to incapacitate Energy or
Communications sector … cyber terror
• Loss can potentially be devastating
Hacker Books
• Books on Hackers
– Steven Levy
•Hackers: Heroes of the Computer Revolution
– Michelle Slatalla and Joshua Quittner
•Masters of Deception: The Gang That Ruled
Cyberspace, HarperPerennial, 1995
– Bruce Stirling
•The Hacker Crackdown, Bantam, 1992
– Paul Taylor
•Hackers, Routledge, 1999
http://www.amazon.com/Books-about-computer-hackershacking/lm/26UXHC7HABWSY
46
More Hacker Books
• Cuckoo's Egg - 1995
• Clifford Stoll
• Clifford Stoll becomes, almost unwillingly, a one-man
security force … 75-cent accounting error in a
computer log is eventually revealed to be a ring of
industrial espionage
• The Art of Deception - 2003
• Kevin D. Mitnick, William L. Simon
• Takedown - 1996
–Tsutomu Shimomura and John Markoff
• Account of Kevin Mitnick’s arrest
• List of more recent books
http://www.goodreads.com/list/show/21621.Hacker_nonfiction
47
Hacker Websites
• Hacker hall of Fame
http://www.francesfarmersrevenge.com/stuff/misc/hack/hall.htm
• Shmoo Group
http://www.shmoo.com
• Attrition
http://www.attrition.org
• Oldest hacker group - Chaos Computer Club
http://www.ccc.de
• HackThisSite
http://www.hackthissite.org/
• Underground News
Journals
• Phrack
– http://www.phrack.com/
• 2600
– http://www.2600.com/
• Hakin9
– http://hakin9.org/
• Hackbloc
– https://hackbloc.org/
Movies
• War Games - 1983
– Starring Matthew Broderick
• Link to 20 Recommended Movies
http://www.linuxhaxor.net/?p=432
The Net to Sneakers to Many others
• Hackers, Outlaws and Angels
http://www.youtube.com/watch?v=VmipxAOffwA
• Hackers are People Too
http://www.youtube.com/watch?v=7jciIsuEZWM
• Takedown - 2000
– About Kevin Mitnick from “Their” point of view
• Freedom Downtime - 2001
– Movie about Kevin Mitnick by his friend Emmanuel Goldstein
... its online
http://video.google.com/videoplay?docid=-6746139755329108302#
The End
• Lab this Week
• No class on Monday, Martin Luther
King Day .. see Assignments page
Download