Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.
Post on 18-Dec-2015
238 Views
Preview:
Transcript
Copyright © 2003, Addison-Wesley
Common EC/EB crime targets/victims
Identity theft – is your customer “real”? Credit card number theft – is your
customer’s credit/debit account “real”? Computational embezzlement – fraudulent
creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem)
(Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far
Copyright © 2003, Addison-Wesley
Hacker/Cracker Originally, an expert programmer Today, someone (Cracker) who breaks
into computers Types of hackers
White-hat hackers Black-hat hackers (crackers, dark side
hackers) Elite hackers
Superior technical skills Very persistent Often publish their exploits
Samurai – a hacker for hire
Copyright © 2003, Addison-Wesley
Figure 8.1 A list of postings on a hacker newsgroup.
Source: alt.bio.hackers newsgroup
Copyright © 2003, Addison-Wesley
Figure 8.3 Hackers publish their exploits.
Source: http://packetstormsecurity.org/
Copyright © 2003, Addison-Wesley
Script-kiddies and Phreakers
Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers
Phreaker Person who cracks the telephone network
Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators,
etc. Potentially most dangerous
Copyright © 2003, Addison-Wesley
Why Do Hackers Hack? Government sponsored hacking
Cyberwarfare Cyberterrorism Espionage
Industrial espionage White-hats
Publicize vulnerabilities The challenge – hack mode
Black hats – misappropriate software and personal information
Script kiddies – gain respect Insiders – revenge
Copyright © 2003, Addison-Wesley
Password Theft
Easiest way to gain access/control User carelessness
Poor passwords Easily guessed
Dumpster diving Observation, particularly for insiders
The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University)
Guess the password from the pattern
Copyright © 2003, Addison-Wesley
Rules for Choosing Good Passwords
Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types
Letters, digits, special characters Use an acronym Avoid dictionary words Different account different password Change passwords regularly
Copyright © 2003, Addison-Wesley
Packet Sniffers
Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk
Ethernet and cable broadcast messages Set workstation to promiscuous mode
Legitimate uses Detect intrusions Monitoring
Copyright © 2003, Addison-Wesley
Potentially Destructive Software
Logic bomb (set up by insider) Potentially very destructive Time bomb – a variation
Rabbit Denial of service
Trojan horse Common source of backdoors
Copyright © 2003, Addison-Wesley
Backdoor
Undocumented access point Testing and debugging tool Common in interactive computer games
Cheats and Easter eggs Hackers use/publicize backdoors to gain
access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access
Back Orifice – the Cult of the Dead Cow
Copyright © 2003, Addison-Wesley
Viruses and Worms (most common)
Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies
use these (but most anti-virus software does not!)
Worm Virus-like Spreads without a host program Used to collect information
Sysop – terminal status Hacker – user IDs and passwords
Copyright © 2003, Addison-Wesley
Figure 8.6 Structure of a typical virus.
Payload can be
Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer
Macro viruses (thanks to MS )
Polymorphic viruses E-mail attachments
Today, click attachment Tomorrow, may be
eliminated! Cluster viruses
Spawn mini-viruses Cyberterrorism threat
Reproductionlogic
Concealmentlogic
Payload
Copyright © 2003, Addison-Wesley
Anti-Virus Software
Virus signature Uniquely identifies a specific virus Update virus signatures frequently
Heuristics Monitor for virus-like activity
Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure
Recovery support
Copyright © 2003, Addison-Wesley
Figure 8.8 Security and virus protection in layers.
Defend in depth What one layer
misses, the next layer traps
Firewalls (Chapter 9)
Anti-virus software
Virus protection
Personal virusprotection
Workstation
Host server
Router
Firewall
Internet
Firewall
Firewall
Internet
Copyright © 2003, Addison-Wesley
System Vulnerabilities
Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts
War dialer to find vulnerable computer
Copyright © 2003, Addison-Wesley
Denial of Service Attacks (DoS)
An act of vandalism or terrorism A favorite of script kiddies
Objective Send target multiple packets in brief
time Overwhelm target
The ping o’ death Distributed denial of service attack
Multiple sources
Copyright © 2003, Addison-Wesley
Figure 8.9 A distributed denial of service attack.
Cyber equivalent of throwing bricks
Overwhelm target computer
Standard DoS is a favorite of script kiddies
DDoS more sophisticated
Target system
Copyright © 2003, Addison-Wesley
Spoofing
Act of faking key system parameters
DNS spoofing Alter DNS entry on a server Redirect packets
IP spoofing Alter IP address Smurf attack
Copyright © 2003, Addison-Wesley
Figure 8.10 IP spoofing. Preparation
Probe target (A)
Launch DoS attack on trusted server (B)
Attack target (A) Fake message from B A acknowledges B
B cannot respond DoS attack
Fake acknowledgement from B
Access A via 1-way communication path
Alpha server(the target)
Beta server(trusted source)
Hacker'scomputer
2
Under DoS attack
1
3
4 One-way connection
False message claiming to come from Beta
Counterfeitacknowledgement
Acknowledgement to BetaNo response possible
top related