Lecture 1-1.txt

Ethical hackers(white hat hackers): good hackers, defenders. Grey hat hacker: between the lines of good and bad hacker. Possibly rehabilitated. Black hat hacker: criminals Cyberterrorists: hackers that are terrorists. Destroy targets and cause physical harm(to the person using the target device). Sometimes their actions are not stealthy. Cyberterrorists aim to cause actual physical injury or danger, going beyond just digital damage. Botnet: a network of computers that are compromised. the botnet herder or botmaster can control and command them using command and control software. Storm botnet: infects machines mostly by malware in email attachments and have them use the eDonkey peer-to-peer network to find other infected machines. It was used not just for spam but for Distributed Denial-of-Service and for harvesting credentials. Conficker botnet: a worm that spreads by exploiting Windows network service vulnerability. generated domain names every day and infected machines are put in those domains which the botmaster had control. a worm is a type of malicious software that self-replicates and spreads across computers and networks without needing to attach itself to a host program. A domain name is a readable address used to access websites on the internet, like "example.com". To put machines into a domain, particularly in the context of botnets and cybersecurity, the botmaster typically uses a method called "domain generation algorithm" (DGA). Here's how it works: 1. **Generate Domains**: The botmaster's malware generates a list of domain names daily. 2. **Register Domains**: The botmaster registers some of these domains. 3. **Malware Connects**: Infected machines (bots) use the same DGA to generate the same list of domains and attempt to connect to them. 4. **Command and Control**: Once a bot connects to a registered domain, it can receive commands and updates from the botmaster. This technique helps the botmaster maintain control over the botnet even if some domains get blocked or taken down. Mirai botnet: a family of botnets that exploits IoT devices. tools and activities used to develop malware: perform research on turning vulnerabilities into exploits. develop remote access trojans that delivers malware. build robust domain generation algorithm software for command and control communications. design specialised payloads for various purposes. A Trojan, or Trojan horse, is a type of malware that disguises itself as legitimate software or is hidden within legitimate software. Once installed, it can perform malicious activities android malware: "Unpatched old Android devices" refers to older Android smartphones or tablets that haven't received recent software updates or security patches. In many countries, they are sources of malware infection. dropper: a type of malware designed to "drop" (delivers and installs) other malware on a target system. Examples: Worm: Malware that copies itself when it is run (Standalone!) Virus: Malware spread through other software as medium, such as macros in documents Payload: An actual code that causes damages. Exfiltrate the victim's data, Encrypt the victim's data, Steal important credentials (passwords, etc.), Surveil the victim's machine, Steal CPU power (to, e.g., mine cryptocurrency), Install some other malware. Ransomware: threatens to publish victim's personal data or block access to it unless a ransom is paid. it encrypts the victim's files, making them inaccessible and demands a ransom payment to decrypt them. Bitcoin and other cryptocurrencies are used as payment methods, making tracing difficult. Scareware is a technique used by cybercriminals. It involves tricking users into thinking their computer is infected with a virus or has some other serious problem, often through fake pop-up alerts or bogus software. The goal is to scare the user into paying for unnecessary or harmful software to "fix" the problem. Ransomware-as-a-Service (RaaS): These platforms allow anyone, even amateurs, to launch ransomware attacks. The operators using these services might not have the technical ability to decrypt files, meaning even if the victim pays the ransom, their files may remain inaccessible. Hactivism: It often involves cyberattacks or digital disruptions against government, corporate, or institutional targets to protest, raise awareness, or enact change in line with the hackers' beliefs or goals. the attacks are usually denial-of-service: Companies or individuals cannot operate normally if they receive a lot of angry emails or tweets and doxing: search for and publish private or identifying information about a particular individual on the internet without their consent, typically with malicious intent. "Published private" refers to personal or confidential information about an individual that has been intentionally disclosed or made public without the individual's consent. "Online shaming" refers to the act of publicly criticizing, ridiculing, or shaming an individual or group through online platforms. eg. dog poo girl mass surveillance: monitor and collect data of a large population without a target in mind to respond to threats, crimes or risks, gather evidence for investigation purposes. Mass surveillance isn't just the government spying on people, though that's a big part of it. It also involves data collection by big companies like social media platforms and tech giants. They gather lots of info for things like targeted ads, but there's always a concern about privacy and how this data might be used or misused. mass surveillance(tempora): to collect data from international fibre optic cables. International fibre optic cables are physical cables that are laid on the ocean floor, connecting continents and countries across vast distances. mass surveillance(Muscular): it collects data as it flowed between the data centres of large service firms such as Yahoo and Google. mass surveillance(XKeyscore) is a search engine used by the NSA and other members of the "Five Eyes" alliance (the US, UK, Canada, Australia, and New Zealand) to search through massive amounts of data. Here's a breakdown of how it works: Data Collection: It gathers data like emails, SMS messages, chats, address book entries, and browsing histories from various sources. Remote Search: Analysts can search this collected data remotely through a distributed database. Tasked Items: Specific data requested by analysts is extracted and sent to them. Notification System (Trafficthief): Alerts analysts when their targets do something noteworthy. Target Discovery: It can also find new targets. For example, analysts can use queries like "Show me all the exploitable machines in country X" to identify vulnerable machines. A tool called Mugshot helps compile machine fingerprints for this purpose. Categories of cybercrime: Identity theft: Stealing of the information that allow a person to impersonate other person(s) for illegal purposes, mainly financial gains such as opening credit card/bank account, obtaining rental properties and etc. Theft of service: Use of phone, Internet, streaming movies or similar items without permission; it usually involves password cracking. Example: Sharing a Netflix account with even friends can be considered as theft and can be prosecuted in certain states of US. Network intrusion or unauthorised access: Most common type of attack; it leads to other cybercrimes. Example: Breaking into your neighbour's WiFi network will open a lot of opportunities of attack. Posting and/or transmitting illegal material: Distribution of pirated software/movies, child pornography. Fraud: Deceiving another party or parties to illicit information or access typically for financial gain or to cause damage Embezzlement: A form of financial fraud involving theft and/or redirection of funds. Dumpster Diving: Gathering information from discarded/unattended material (ATM receipt, credit card statement and etc.),Going through rubbish itself is not illegal but going through rubbish in private property is. Writing malicious codes: Malicious codes refer to items like viruses, worms, spyware, adware, rootkits, ransomware and other types of malware. Unauthorised destruction or alteration of information: This covers modifying, destroying and tampering with information without appropriate permission DoS (Denial of Service) /DDoS (Distributed Denial of Service):Overloading a system's resources so that it cannot provide the required services to legitimate users. DDoS is performed in a larger scale -- It is not possible to prevent DoS by blocking one source. Cyberstalking/Cyberbullying: A relatively new crime on the list. The attacker uses online resources and other means to gather information about an individual and uses this to track, in some cases, to meet the person (cyberstalking); to harass the person (cyberbullying) Cyberterrorism: Attackers make use of the internet to cause significant bodily harm to achieve political gains. The scope of cyberterrorism is controversial. Related to information warfare

Document Details

Tags

Related

Full Transcript