Hackers.pptx

Full Transcript

Hackers, Crackers, and
Network Intruders
 Hackers: Hackers are kind of good people who do
hacking for a good purpose and to obtain more
knowledge from it.
Crackers: Crackers are kind of bad people who
break or violate the system or a computer remotely
with bad intentions to harm the data and steal it.
Crackers destroy data by gaining unauthorized
access to the network.
A network intruder is anyone or anything that tries
to get access to any part of your computer system.
An intruder is typically referred to as a hacker
 Outlines
Hackers and their vocabulary
Threats and risks
Types of hackers
Gaining access
Intrusion detection and prevention
Legal and ethical issues
 Hacker Terms

Hacking - showing computer expertise
Cracking - breaching security on software or systems
Phreaking - cracking telecom networks
Spoofing - faking the originating IP address in a datagram
Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
Port Scanning - searching for vulnerabilities
 Hacking through the ages
1969 - Unix ‘hacked’ together
1971 - Cap ‘n Crunch phone exploit discovered
1988 - Morris Internet worm crashes 6,000 servers
1994 - $10 million transferred from CitiBank accounts
1995 - Kevin Mitnick sentenced to 5 years in jail
2000 - Major websites succumb to DDoS
2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked
while web database was undergoing maintenance)
2001 Code Red
– exploited bug in MS IIS to penetrate & spread
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd wave infected 360000 servers in 14 hours
Code Red 2 - had backdoor installed to allow remote control
Nimda -used multiple infection mechanisms email, shares, web client, IIS
2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
The threats
Denial of Service (Yahoo, eBay, CNN, MS)
Defacing, Graffiti, Slander, Reputation
Loss of data (destruction, theft)
Divulging private information (AirMiles,
corporate espionage, personal financial)
Loss of financial assets (CitiBank)
 Types of hackers
Professional hackers
– Black Hats – the Bad Guys
– White Hats – Professional Security Experts
Script kiddies
– Mostly kids/students
User tools created by black hats,
– To get free stuff
– Impress their peers
– Not get caught
Underemployed Adult Hackers
– Former Script Kiddies
Can’t get employment in the field
Want recognition in hacker community
Big in eastern european countries
Ideological Hackers
– hack as a mechanism to promote some political or ideological purpose
– Usually coincide with political events
Types of Hackers
Criminal Hackers
– Real criminals, are in it for whatever they can get no matter who it
hurts
Corporate Spies
– Are relatively rare
Disgruntled Employees
– Most dangerous to an enterprise as they are “insiders”
– Since many companies subcontract their network services a
disgruntled vendor could be very dangerous to the host enterprise
Top intrusion justifications
I’m doing you a favor pointing out your vulnerabilities

I’m making a political statement

Because I can

Because I’m paid to do it
Gaining access
Front door
– Password guessing
– Password/key stealing
Back doors
– Often left by original developers as debug and/or diagnostic tools
– Forgot to remove before release
Trojan Horses
– Usually hidden inside of software that we download and install
from the net (remember nothing is free)
– Many install backdoors
Software vulnerability exploitation
– Often advertised on the OEMs web site along with security patches
– Fertile ground for script kiddies looking for something to do
Back doors & Trojans
e.g. NetBus
Cable modems / DSL very vulnerable
Protect with Virus Scanners, Port Scanners,
Personal Firewalls
Software vulnerability exploitation

Buffer overruns
HTML / CGI scripts
Poor design of web applications
– Javascript hacks
– PHP/ASP/ColdFusion URL hacks
Other holes / bugs in software and services
Tools and scripts used to scan ports for vulnerabilities
Password guessing
Default or null passwords
Password same as user name (use finger)
Password files, trusted servers
Brute force
– make sure login attempts audited!
Password/key theft
Dumpster diving
– Its amazing what people throw in the trash
Personal information
Passwords
Good doughnuts
– Many enterprises now shred all white paper trash
Inside jobs
– Disgruntled employees
– Terminated employees (about 50% of intrusions
resulting in significant loss)
 Once inside, the hacker can...
Modify logs
– To cover their tracks
– To mess with you
Steal files
– Sometimes destroy after stealing
– A pro would steal and cover their tracks so to be undetected
Modify files
– To let you know they were there
– To cause mischief
Install back doors
– So they can get in again
Attack other systems
 Intrusion detection systems (IDS)
A lot of research going on at universities
– Doug Somerville- EE Dept, Viktor Skorman – EE Dept
Big money available due to 9/11 and Dept of Homeland
Security
Vulnerability scanners
– pro-actively identifies risks
– User use pattern matching
When pattern deviates from norm should be investigated
Network-based IDS
– examine packets for suspicious activity
– can integrate with firewall
– require one dedicated IDS server per segment
Intrusion detection systems (IDS)
Host-based IDS
– monitors logs, events, files, and packets sent to
the host
– installed on each host on network

Honeypot
– decoy server
– collects evidence and alerts admin
Intrusion prevention
Patches and upgrades (hardening)
Disabling unnecessary software
Firewalls and Intrusion Detection Systems
‘Honeypots’
Recognizing and reacting to port scanning
 Risk management

Contain & Control Prevent
Probability

(e.g. port scan) (e.g. firewalls, IDS,
patches)

Ignore Backup Plan
(e.g. delude yourself) (e.g. redundancies)

Impact
Legal and ethical questions

‘Ethical’ hacking?
How to react to mischief or nuisances?
Is scanning for vulnerabilities legal?
– Some hackers are trying to use this as a business model
Here are your vulnerabilities, let us help you
Can private property laws be applied on the Internet?
Computer Crimes
Financial Fraud
Credit Card Theft
Identity Theft
Computer specific crimes
– Denial-of-service
– Denial of access to information
– Viruses Melissa virus cost New Jersey man 20 months in jail
Melissa caused in excess of $80 Million
Intellectual Property Offenses
– Information theft
– Trafficking in pirated information
– Storing pirated information
– Compromising information
– Destroying information
Content related Offenses
– Hate crimes
– Harrassment
– Cyber-stalking
Child privacy
Federal Statutes
Computer Fraud and Abuse Act of 1984
– Makes it a crime to knowingly access a federal computer
Electronic Communications Privacy Act of 1986
– Updated the Federal Wiretap Act act to include electronically stored data
U.S. Communications Assistance for Law Enforcement Act of 1996
– Ammended the Electronic Communications Act to require all
communications carriers to make wiretaps possible
Economic and Protection of Proprietary Information Act of 1996
– Extends definition of privacy to include proprietary economic
information , theft would constitute corporate or industrial espionage
Health Insurance Portability and Accountability Act of 1996
– Standards for the electronic transmission of healthcare information
National Information Infrastructure Protection Act of 1996
– Amends Computer Fraud and Abuse Act to provide more protection to
computerized information and systems used in foreign and interstate
commerce or communications
The Graham-Lynch-Bliley Act of 1999
– Limits instances of when financial institution can disclose nonpublic
information of a customer to a third party