Understanding Cybersecurity Threats

Questions and Answers

What is the primary function of skimmers in retail establishments?

To steal credit card data (correct)

To analyze customer purchasing habits

To enhance customer service

To process payments faster

Techno-criminals possess serious technical skills to conduct their crimes.

False

What technology do modern ATM skimmers use to transmit captured card data?

Text messages or other wireless technologies

A common device used by criminals to modify electricity usage is called an ______.

optical probe

In 2009, what percentage of modified meters was discovered by the FBI in Puerto Rican Electric Utility?

10%

Match the following terms with their descriptions:

Skimmers = Devices that steal credit card data Techno-Criminals = Criminals who use technology for traditional crimes Optical Probe = Device to reprogram energy meters ATM = Machines that dispense cash to users

All skimmer devices are easily accessible for purchase online.

True

What is one method used by individuals to reduce their energy bills, according to the document?

Using a strong magnet to manipulate energy meters

What is one reason organizations may choose not to report security incidents?

Fear of bad publicity

All compromises are reported by organizations after they are discovered.

False

What type of data do ATP hackers prefer to leave behind after a compromise?

None or very minimal

Not all of the discovered compromises are __________.

reported

Match the following terms with their definitions:

ATP = Advanced Persistent Threat Compromise = Unauthorized access to a system Data breach = Exposure of sensitive information Counter hacking = Actions taken to prevent or respond to hacking

Which of the following types of data sources is NOT typically mentioned in the compilation of breach data?

Internal company reports

Organizations are increasingly reporting compromises due to higher detection capabilities.

True

What method does an ATP hacker prefer when compromising targets?

Extremely stealthy methods

What method did Chris Chaney primarily use to access celebrity email accounts?

Guessing email addresses and using the 'forgot password' feature

Chris Chaney had advanced technical skills to access celebrity accounts.

False

What type of content did Chris Chaney share after accessing celebrity email accounts?

Nude photos

One of the common security questions used in the 'forgot password' feature is the name of your favorite _____.

pet

What did Barry Ardolf do to terrorize his neighbor Matt Kostolnik?

Cracked his wireless network and sent malicious emails

Barry Ardolf was captured without any investigation.

False

What type of page did Barry Ardolf post on MySpace to harm Matt Kostolnik?

A rogue MySpace page with child pornography

Match the following actions with the individual responsible:

Chris Chaney = Accessed celebrity email accounts Barry Ardolf = Terrorized his neighbor with malicious emails Matt Kostolnik = Victim of impersonation and defamation WEP = A type of wireless network security breached by Ardolf

What is a common reason organizations choose not to report security incidents?

Fear of bad publicity

Not all compromises are discovered or reported by organizations.

True

What do ATP hackers prefer to use when compromising targets?

Extremely stealthy methods

Many ______ may choose not to report compromises due to fear of legal actions.

organizations

Match the following sources of empirical data with their descriptions:

News stories = Media reports covering security incidents Data dumps from attackers = Information shared by cybercriminals Security researchers = Experts analyzing and reporting on breaches Incident reports = Internal documentation of security events

Which statement best summarizes the problems with breach reporting?

Many compromises are never reported or discovered.

ATP hackers generally leave numerous artifacts on compromised systems for future access.

False

What is one challenge in understanding breach data?

Misleading or incorrect information may be released.

What is a common use of skimmers in retail establishments?

To steal credit card data

Techno-criminals and cyber-criminals have the same skills and methods.

False

What is one method used by criminals to access modified electricity meters?

Using a strong magnet

The ability of new skimmers to send captured data via text messages or other wireless technologies is a form of ________ technology.

wireless

Match the following devices with their purposes:

Skimmer = Captures credit card information Optical probe = Reprograms electricity meters Strong magnet = Modifies energy usage Wireless technology = Transmits stolen data

Which of the following statements is true about the energy meters modifications discovered by the FBI?

10% of the meters were modified.

Skimmers can also include small cameras to capture PIN data.

True

What is the estimated cost incurred annually by the Puerto Rican Electric Utility due to modified meters?

$400 million

What method did Chris Chaney use to gain access to celebrity email accounts?

Using the 'forgot password' feature

Chris Chaney had advanced technical skills that enabled him to hack email accounts.

False

What did Barry Ardolf do to his neighbor, Matt Kostolnik?

He terrorized him by hacking his wireless network and sending malicious emails.

One of the common security questions used in the 'forgot password' feature is the name of your favorite _____ .

pet

Which of the following was a security question used by Chris Chaney to access accounts?

Who was your favorite teacher in school?

Match the following individuals with their actions:

Chris Chaney = Hacked celebrity email accounts Barry Ardolf = Sent malicious emails to neighbor Matt Kostolnik = Victimized by Barry Ardolf Scarlett Johansson = One of the hacked celebrities

Barry Ardolf was captured through investigations of packet data.

True

What type of content did Chris Chaney share after accessing celebrity email accounts?

Nude photos of celebrities.

What do ATP hackers prefer to use when compromising targets?

Stealthy methods

All compromised organizations report security breaches immediately.

False

Name one reason why organizations might choose not to report security incidents.

Fear of bad publicity

Not all compromises are __________.

discovered

Match the following types of data with their sources:

News stories = Example of breach reporting Data dumps = Information from attackers Research data = Insights from security experts Statistics = Data compiled from various breaches

What is a significant challenge in understanding breach data?

Breaches are often reported with misleading facts

What has led many organizations to start reporting compromises?

Increased detection capabilities

All attacks by ATP hackers utilize outdated strategies.

False

What is a common use for skimmer devices?

To steal credit card data

Techno-criminals possess advanced technical skills that allow them to conduct complex cybercrimes.

False

What device do criminals use to reduce their energy bills by modifying electricity meters?

optical probe

New skimmers have the ability to send captured data via ________ technologies.

wireless

Match the following descriptions with the correct terms:

Skimmer = Device to steal credit card data Techno-criminal = Person using technology for traditional crimes Optical probe = Device to modify electricity meters ATM skimmer = Device attached to ATM for stealing card data

What was the estimated annual cost incurred by the Puerto Rican Electric Utility due to modified meters?

$400 million

All skimmer devices are exclusively sold through local electronics stores.

False

In 2009, the FBI discovered that ________ of energy meters were modified.

10%

Which method did Chris Chaney primarily use to access celebrity email accounts?

Guessing email addresses and using the 'forgot password' feature

Chris Chaney required advanced technical skills to hack celebrity email accounts.

False

What type of content did Chris Chaney share after accessing celebrity email accounts?

Nude photos

A common security question used in the 'forgot password' feature is the name of your favorite _____ .

pet

What was the primary action taken by Barry Ardolf against Matt Kostolnik?

Terrorizing him through malicious emails

Match the following individuals with their actions:

Chris Chaney = Hacked celebrity email accounts Barry Ardolf = Sent malicious emails to his neighbor Matt Kostolnik = Victim of harassment Scarlett Johansson = One of the celebrities targeted

Barry Ardolf was discovered through analyzing captured packet data.

True

What did Barry Ardolf post on a rogue MySpace page?

Child pornography

Study Notes

The Big Picture

• Attackers such as Advanced Persistent Threats (ATPs) have superior insight into how organizations are compromised, while organizations must understand the same big picture to protect themselves.
• Understanding how and why organizations get hacked is crucial for effective security.

Data Challenges

• Determining the exact details of how a system was compromised is difficult because of limited reporting and the difficulty in finding and analyzing all relevant information.
• Many compromises are never reported, discovered, or fully investigated.
• The information available may be incomplete, misleading, or even incorrect.

Stealthy Attacker Tactics

• ATPs prioritize covert actions to avoid detection and maintain access to target systems.
• They leave traces only when absolutely necessary to stay connected.
• Organizations often fear negative publicity, damage to reputation, and potential legal issues, leading to a reluctance to report security incidents.
• The increasing number of compromises and improved detection capabilities are driving more organizations to acknowledge and report security breaches.

Evolving Threats and Defense

• Attackers constantly refine their strategies and techniques to exploit new vulnerabilities and create innovative attack methods.
• Defenders are continuously developing new technologies and methods to counter emerging threats.

Techno-Criminals vs. Cybercriminals

• Techno-criminals use technology to facilitate traditional crimes like theft, credit card fraud, and fraud.
• Cybercriminals, on the other hand, primarily use computers and the internet to commit crimes.

Credit Card Skimming

• Physical skimming devices ("skimmers") are used to steal credit card data by physically swiping cards and storing information on the device.
• Skimmers are common in retail establishments and are now increasingly used with ATM machines.
• Skimmers often include cameras to capture PINs, and can send stolen data via text messages or wireless connections.
• These devices are readily available online and within criminal networks.

Hacking Power Systems

• In 2009, the FBI discovered a widespread incident where Puerto Rico Electric Utility customers tampered with energy meters to reduce their bills.
• Customers used strong magnets to reduce energy consumption readings, leading to a loss of approximately $400 million annually for the company.
• Customers could reprogram meters using devices called "optical probes," which required physical access to meters.
• These devices are available for purchase online for around $300.

Unsophisticated Hacking Techniques

• Chris Chaney, a hacker known as the "Hollywood Hacker," accessed the personal email accounts of celebrities using basic techniques.
• He employed common password reset methods by guessing email addresses and answering security questions found online.
• Chaney forwarded emails sent and received from the hacked accounts to his own address.

Neighborly Harassment

• Barry Ardolf, from Minnesota, targeted his neighbor, Matt Kostolnik, by compromising his wireless network and engaging in malicious activities.
• Ardolf cracked Kostolnik's Wired Equivalent Privacy (WEP) secure network and sent malicious emails that appeared to originate from Kostolnik's home.
• He posted child pornography on a fake MySpace page pretending to be Kostolnik and sent emails to Kostolnik's employers impersonating him.
• Ardolf was caught by analyzing captured data packets that revealed his IP address.

Understanding Empirical Data in Cybersecurity

• ATP (Advanced Persistent Threat) actors often employ stealthy methods to compromise targets, minimizing their digital footprint.
• Many organizations do not report security compromises, fearing negative publicity, customer confidence loss, or legal repercussions.
• Organizations are increasingly reporting compromises due to the rise in attacks and improved detection capabilities.
• Attackers continuously evolve their strategies and techniques to exploit vulnerabilities and create new attacks.
• Defenders constantly develop new defensive technologies to counter evolving attack methods.

Examples of Threat Actors

• Techno-Criminals: Utilize technology to enhance traditional crimes rather than being purely digitally focused
• Skimmers: Devices used to steal credit card data by physically swiping cards, often found in retail establishments, ATMs, and increasingly incorporating wireless technology and cameras.
• Hacking Power Systems:
  • Cases of manipulating energy meters in Puerto Rico, costing the utility company millions annually.
  • Attackers used magnets and "optical probes" to manipulate readings and reduce energy bills.
  • Devices are readily available online, requiring minimal technical expertise.

Unsophisticated Threat Actors

• Chris Chaney ("Hollywood Hacker"): Gained access to celebrities' email accounts through simple methods:
  • Guesses email addresses.
  • Exploits "forgot password" features by guessing security questions easily found online.
  • Forwards emails to monitor account activity.
• Barry Ardolf: Terrorized his neighbor using a combination of social engineering and technical tricks.
  • Cracked the neighbor's WEP-secured wireless network.
  • Spread malicious emails traced back to the neighbor's home.
  • Created a fake MySpace page with child pornography and pretended to be the victim.
  • Sent emails impersonating the victim to their employees.
  • Captured network data exposed his IP address and led to his capture.

Understanding Empirical Data in Cybersecurity

• This chapter focuses on providing empirical examples of hacking and counter-hacking.
• These examples offer insights into how attackers compromise organizations and how those organizations respond.

The Problem with Data Sets

• Many incidents go unreported or have limited available information.
• Not all compromises are discovered.
• Not all discovered compromises are reported.
• The full facts surrounding specific compromises are often uncovered.
• Even when facts are released, they may be misleading or incorrect.

Attackers' Operational Methods

• Advanced Persistent Threat (ATP) attackers typically favor stealthy methods to avoid leaving traces.
• These methods can be sophisticated and help them to maintain access to compromised organizations.

Issues Surrounding Reporting Organizational Breaches

• Many organizations choose not to report breaches due to concerns about:
  • Bad publicity
  • Loss of customer confidence
  • Potential legal actions
• The increase in breaches and the ability to detect them has led to a greater willingness among organizations to report.

Evolving Threat Landscape

• Attacker tactics are constantly changing to:
  • Exploit new vulnerabilities
  • Create new attacks
• Defenders develop new technologies to counter these threats.

Techno-Criminals & Skimmers

• Techno-criminals utilize technology to facilitate traditional crimes, unlike Cybercriminals who use computers and the internet for their crimes.
• Skimmers are physical devices used to steal credit card data.
• They are often placed on ATM machines, particularly in areas of high card usage, such as restaurants or retail stores.
• Modern skimmers can send captured data via text messages or wireless methods and often include micro-cameras to capture PINs.
• These devices are readily available through online markets and criminal underground networks.

Hacking Power Systems

• In 2009, the FBI discovered a large-scale scheme in Puerto Rico where customers manipulated energy meters to reduce their bills.
• 10% of the meters were modified, costing the utility company $400 million annually.
• Attackers used strong magnets to slow down the meters, reducing energy readings by 50-75%.
• They also employed devices like “optical probes” to reprogram the meters; these devices require physical access to meters and can be purchased online.
• These techniques highlight the potential vulnerabilities of critical infrastructure to relatively unsophisticated attackers with physical access.

Hollywood Hacker (Chris Chaney)

• Chris Chaney, despite lacking technical skills, targeted celebrities' email accounts.
• He was arrested for distributing nude photos of celebrities, including Scarlett Johansson.
• Chaney employed simple methods to gain access, including:
  • Guessing email addresses
  • Utilizing "forgot password" features of free email services
• He would reset passwords by answering security questions that could be easily found online.
• Chaney also forwarded emails to himself to monitor communications.

The Neighbor (Barry Ardolf & Matt Kostolnik)

• Barry Ardolf, residing in Minnesota, harassed his neighbor Matt Kostolnik.
• Ardolf cracked Kostolnik's WEP-secured wireless network, sent malicious emails to frame him, and even posted child pornography on a fake MySpace page.
• Ardolf was caught by analyzing captured network packets, revealing his IP address.
• This case demonstrates how individuals with limited technical skills can exploit vulnerabilities to disrupt others' lives.

Description

This quiz explores the tactics used by Advanced Persistent Threats (ATPs) and the challenges organizations face in identifying and reporting cyber breaches. It highlights the importance of recognizing how systems are compromised to enhance security measures. Test your knowledge on the stealthy actions employed by attackers and the implications for businesses.