Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Chapter 8

Cybercrime, Cyberterrorism, and

Cyberwarfare

Cybercrime

Illegal or criminogenic activities performed in

cyberspace

Copyright © 2003, Addison-Wesley

Common EC/EB crime targets/victims

Identity theft – is your customer “real”? Credit card number theft – is your

customer’s credit/debit account “real”? Computational embezzlement – fraudulent

creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem)

(Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far


Hacker/Cracker Originally, an expert programmer Today, someone (Cracker) who breaks

into computers Types of hackers

White-hat hackers Black-hat hackers (crackers, dark side

hackers) Elite hackers

Superior technical skills Very persistent Often publish their exploits

Samurai – a hacker for hire


Figure 8.1 A list of postings on a hacker newsgroup.

Source: alt.bio.hackers newsgroup


Figure 8.2 A typical posting.

Source: alt.bio.hackers newsgroup


Figure 8.3 Hackers publish their exploits.

Source: http://packetstormsecurity.org/


Script-kiddies and Phreakers

Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers

Phreaker Person who cracks the telephone network

Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators,

etc. Potentially most dangerous


Why Do Hackers Hack? Government sponsored hacking

Cyberwarfare Cyberterrorism Espionage

Industrial espionage White-hats

Publicize vulnerabilities The challenge – hack mode

Black hats – misappropriate software and personal information

Script kiddies – gain respect Insiders – revenge


Password Theft

Easiest way to gain access/control User carelessness

Poor passwords Easily guessed

Dumpster diving Observation, particularly for insiders

The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University)

Guess the password from the pattern


Rules for Choosing Good Passwords

Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types

Letters, digits, special characters Use an acronym Avoid dictionary words Different account different password Change passwords regularly


Packet Sniffers

Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk

Ethernet and cable broadcast messages Set workstation to promiscuous mode

Legitimate uses Detect intrusions Monitoring


Potentially Destructive Software

Logic bomb (set up by insider) Potentially very destructive Time bomb – a variation

Rabbit Denial of service

Trojan horse Common source of backdoors


Backdoor

Undocumented access point Testing and debugging tool Common in interactive computer games

Cheats and Easter eggs Hackers use/publicize backdoors to gain

access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access

Back Orifice – the Cult of the Dead Cow


Viruses and Worms (most common)

Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies

use these (but most anti-virus software does not!)

Worm Virus-like Spreads without a host program Used to collect information

Sysop – terminal status Hacker – user IDs and passwords


Figure 8.6 Structure of a typical virus.

Payload can be

Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer

Macro viruses (thanks to MS )

Polymorphic viruses E-mail attachments

Today, click attachment Tomorrow, may be

eliminated! Cluster viruses

Spawn mini-viruses Cyberterrorism threat

Reproductionlogic

Concealmentlogic

Payload


Anti-Virus Software

Virus signature Uniquely identifies a specific virus Update virus signatures frequently

Heuristics Monitor for virus-like activity

Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure

Recovery support


Figure 8.8 Security and virus protection in layers.

Defend in depth What one layer

misses, the next layer traps

Firewalls (Chapter 9)

Anti-virus software

Virus protection

Personal virusprotection

Workstation

Host server

Router

Firewall

Internet

Firewall

Firewall

Internet


System Vulnerabilities

Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts

War dialer to find vulnerable computer


Denial of Service Attacks (DoS)

An act of vandalism or terrorism A favorite of script kiddies

Objective Send target multiple packets in brief

time Overwhelm target

The ping o’ death Distributed denial of service attack

Multiple sources


Figure 8.9 A distributed denial of service attack.

Cyber equivalent of throwing bricks

Overwhelm target computer

Standard DoS is a favorite of script kiddies

DDoS more sophisticated

Target system


Spoofing

Act of faking key system parameters

DNS spoofing Alter DNS entry on a server Redirect packets

IP spoofing Alter IP address Smurf attack


Figure 8.10 IP spoofing. Preparation

Probe target (A)

Launch DoS attack on trusted server (B)

Attack target (A) Fake message from B A acknowledges B

B cannot respond DoS attack

Fake acknowledgement from B

Access A via 1-way communication path

Alpha server(the target)

Beta server(trusted source)

Hacker'scomputer

2

Under DoS attack

1

3

4 One-way connection

False message claiming to come from Beta

Counterfeitacknowledgement

Acknowledgement to BetaNo response possible


Cybercrime prevention

Multi-layer security Security vs. privacy?

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Documents

addisonwesley figure

hackers newsgroup slide

addisonwesley rules

addisonwesley hackercracker

cyberwarfare slide

cyberspace slide

hire slide

dangerous slide