Chapter 2 - Part 1: Empirical Data

Chapter 2 – Part 1 Empirical Data  ATP has an excellent understanding of the Big Picture  ATP see how all the pieces add up to create a perfect path for compromising a target organization.  Organization need to understand also from the Big Picture of how their environment have been introduction compromised through the empirical knowledge  This chapter gives few empirical example but only few of many  There are many assumptions as to what happened in these compromised example of hacking and counter hacking, however they close to the facts  Compilation of example data are from:  News stories  Data dumps from attackers  Data from talented security researchers and organizations that compile and report on data The breaches Problem Many compromised organization and breaches are never reported or limited information available with our Not all compromises are discovered Data Set Not all of the discovered compromises are reported Not all the facts of any specific compromises are always uncovered Some facts released may be misleading or even incorrect  ATP have and will always prefer to use the extremely stealthy methods when compromising targets.  An ATP hacker will avoid leaving artifacts on compromised systems unless it is absolutely necessary to maintain access to the target organization  Even when a compromised is discovered, many The organizations choose not to report it.  Organizations may fear bad publicity, a loss of customer Problem confidence, or potential legal actions and choose not to report security incidents. with Our  Now many organization starting to report compromises due to the level of increase, and also being able to Data Set detect them, and feeling comfortable or more compelled to report compromises.  Attacker are constantly changing their strategies and techniques to take advantage of new vulnerabilities and create new attacks.  Defenders create new defensive technologies to mitigate those attack.  There are many examples some of them new and others old Threat  We will look at few from the basic hardware Examples oriented to more sophisticated examples of ATP hacking Attackers do not posses any serious technical skills but use technology to complement traditional crimes Techno-Criminals use technology to commit crimes as opposed to cyber-criminals who use the computers or the internet Skimmers are physical devices created to steal credit card data by physically swiping a credit card and storing the data on storage Techno- internal to the skimmer. See page 32-33 pictures from the book Most of these devices are used by criminals in restaurants or coffee Criminals shops, and any other retail establishments where credit cards are used Skimmers Now, it is common to see ATM skimmers, which are designed to be placed on top of ATM machines. Typically placed in front of or on top Evolution of the card slot of an ATM. New skimmers have the ability to send captured data via text messages or other wireless technologies Many also include extremely small cameras the user’s PIN data is captured All these technologies can easily be purchased on the internet and criminal underground - In 2009 FBI discovered in Puerto Rican Electric Utility that a large number of customers modified the devices that measure energy usage at their homes and businesses - 10% of the meters modified and cost the company 400 million dollars annually Techno- - They used a strong magnet to reduce energy Criminal: bill by as much 50-75% - Users could reprogram the meters using a Hacking device called “optical probe” which also Power required physical access to the meters. - You can buy these devises from the internet for Systems as much as 300 USD - The open the lock of the meters using the magnet and bypassing any protection. More to be discussed in chapter 9 - There are many other devices but no technical skills are required  Chris Chaney: the so-called “Hollywood Hacker”  With no technical skills managed to access personal email accounts of many celebrities by using very simple methods.  He was caught for sharing nude photos of celebrities like Scarlet Johansson.  He started by attempting to identify email addresses of celebrities by guessing email addresses, he would gain access to the accounts by using Unsophisticat the “forgot password” feature that is so popular in free email services.  In the “forgot password” feature allows a user to reset their password by ed Threat: answering a few supposed personal questions for which the user had previously configured the answers. Hollywood  A few typical “security questions” include: Hacker  The name of your favorite pet  The street you grow up on  Your mother’s maiden name  Your favorite teacher in school  He knew the answer to the questions correctly and then reset the password. Just by searching the net.  If owner of the email account try to reset and change the password, then he would set up an automatic email forwarding to send a copy of all email messages sent and received.  Barry Ardolf from Minnesota.  He terrorized Matt Kostolnik, his neighbor  He cracked his Wired Equivalent Privacy (WEP) secured wireless network, and sending out malicious emails that would be traced back to his neighbor’s home.  In November 2008, he posted child pornography on a rogue MySpace page purporting to be Matt Kostolnik and then posted a message showing Unsophisticat that it is coming from the victim.  He also sent email to the victim employees pretending to be him ed Threat:  He was discovered through investigating the packets captured data Neighbor where showed IP address of the attacker, and this how he was captured.  When they searched his home they found the following various from Hell handbooks and materials including:  Cracking WEP using Backtrack: a beginner Guide  Tutorial simple Simple WEP crack  Cracking WEP with BackTrack 3  Tutorial Cracking WEP using Backtrack 3  A well-known story in IT  He is famous in gaining access to computer systems, confidential information, and source code by primarily using social engineering Smart tactics. Manipulating people. Persistent  He went to jail for seven years and now works as a security consultant, author, and a speaker Threat:  He was calling people with the information he Kevin wanted and asking for it. Mitnick  He compromised many computers and doing simply and effectively  He was effective because of using simple social engineering with technology to make attacks more effective and forceful.

Chapter 2 - Part 1: Empirical Data

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue