BA 572 - J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.

BA 572 - J. Galván 1

COMPUTER CRIME

Cybercrime, Cyberterrorism, and Cyberwarfare


Cybercrime

Illegal or criminogenic activities performed in cyberspace


Common EC/EB crime targets/victims

Identity theft – is your customer “real”? Credit card number theft – is your customer’s

credit/debit account “real”? Computational embezzlement – fraudulent

creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem)

(Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far


Hacker/Cracker

Originally, an expert programmer Today, someone (Cracker) who breaks into

computers Types of hackers

White-hat hackers Black-hat hackers (crackers, dark side hackers) Elite hackers

Superior technical skills Very persistent Often publish their exploits

Samurai – a hacker for hire


A list of postings on a hacker newsgroup.

Source: alt.bio.hackers newsgroup


A typical posting.

Source: alt.bio.hackers newsgroup


Hackers publish their exploits.

Source: http://packetstormsecurity.org/


Script-kiddies and Phreakers

Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers

Phreaker Person who cracks the telephone network

Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators, etc. Potentially most dangerous


Why Do Hackers Hack? Government sponsored hacking

Cyberwarfare Cyberterrorism Espionage

Industrial espionage White-hats

Publicize vulnerabilities The challenge – hack mode

Black hats – misappropriate software and personal information

Script kiddies – gain respect Insiders – revenge


Password Theft

Easiest way to gain access/control User carelessness

Poor passwords Easily guessed

Dumpster diving Observation, particularly for insiders

The sticky note on the monitor Human engineering, or social engineering Standard patterns

Guess the password from the pattern


Rules for Choosing Good Passwords

Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types

Letters, digits, special characters Use an acronym Avoid dictionary words Different account different password Change passwords regularly


Packet Sniffers

Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk

Ethernet and cable broadcast messages Set workstation to promiscuous mode

Legitimate uses Detect intrusions Monitoring


Potentially Destructive Software

Logic bomb (set up by insider) Potentially very destructive Time bomb – a variation

Rabbit Denial of service

Trojan horse Common source of backdoors


Backdoor

Undocumented access point Testing and debugging tool Common in interactive computer games

Cheats and Easter eggs

Hackers use/publicize backdoors to gain access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access

Back Orifice – the Cult of the Dead Cow


Viruses and Worms (most common)

Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies use

these (but most anti-virus software does not!) Worm

Virus-like Spreads without a host program Used to collect information

Sysop – terminal status Hacker – user IDs and passwords


Structure of a typical virus.

Payload can be Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer

Macro viruses Polymorphic viruses E-mail attachments

Today, click attachment Tomorrow, may be eliminated!

Cluster viruses Spawn mini-viruses Cyberterrorism threat

Reproductionlogic

Concealmentlogic

Payload


Anti-Virus Software

Virus signature Uniquely identifies a specific virus Update virus signatures frequently

Heuristics Monitor for virus-like activity

Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure

Recovery support


Security and virus protection in layers.

Defend in depth What one layer

misses, the next layer traps

Firewalls Anti-virus software

Virus protection

Personal virusprotection

Workstation

Host server

Router

Firewall

Internet

Firewall

Firewall

Internet


System Vulnerabilities

Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts

War dialer to find vulnerable computer


Denial of Service Attacks (DoS)

An act of vandalism or terrorism A favorite of script kiddies

Objective Send target multiple packets in brief time Overwhelm target

The ping o’ death Distributed denial of service attack

Multiple sources


A distributed denial of service attack.

Cyber equivalent of throwing bricks

Overwhelm target computer

Standard DoS is a favorite of script kiddies

DDoS more sophisticated

Target system


Spoofing

Act of faking key system parameters DNS spoofing

Alter DNS entry on a server Redirect packets

IP spoofing Alter IP address Smurf attack


IP spoofing.

Preparation Probe target (A)

Launch DoS attack on trusted server (B)

Attack target (A) Fake message from B A acknowledges B

B cannot respond DoS attack

Fake acknowledgement from B

Access A via 1-way communication path

Alpha server(the target)

Beta server(trusted source)

Hacker'scomputer

2

Under DoS attack

1

3

4 One-way connection

False message claiming to come from Beta

Counterfeitacknowledgement

Acknowledgement to BetaNo response possible


Cybercrime prevention

Multi-layer security Security vs. privacy?


The service worker

BA 572 - J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.

Documents

hackers newsgroup slide

cyberwarfare slide

sophisticated slide

cyberspace slide

hire slide

dangerous slide

pattern slide

typical virus