CYBER ATTACKS: HOW SECURE ARE YOUR SYSTEMS

CYBER ATTACKS: HOW SECURE ARE YOUR SYSTEMS

Greg U. Ezeilo, FCA, CISA, CRISC, CEH, CHFI

Cyber Attacks.....

Agenda Overview of the cyberspace

Essential terminologies

Essential Statistics regarding security concerns

What is computer hacking?

Who are hackers and what do they do?

The 5-phases of hacking activity

Cyber Attacks.....

Agenda

Classification of hackers

Skill profile of a Hacker

Some hacking tools

Some countermeasures

Legal perspectives

Conclusion

Bibliography

Overview of Cyberspace

What is cyberspace?

"Cyberspace" is a term coined by William Gibson in his fantasy novel ‘Neuromancer’ to describe the "world" of computers, and the society that gathers around them

What are the attributes of this society?, is it as civilized at the society we found ourselves?

What laws guide this society? Or is it still in a state of ‘Nature’?

Overview of Cyberspace Nature of the cyberspace

The cyber world is much the same with the physical world in terms of human activities;

Cyber world – A Virtual World

There are interactions

There the good, the good and the ugly,

there are criminals as well as civilised, there are also norms as well as deviant individuals constituting the normless

You can sale and buy in the cyber world, payments can also be made without any physical contact

Overview of Cyberspace

Nature of the cyberspace Marriages can also be consummated in the cyber

world, in fact the fastest and least expensive, it only requires a ‘meeting of minds’. You can also divorce just as fast as you can marry in the cyber world, a divorce that is not possible in the physical world.

You can chat, hold meetings, conferences, workshops, etc

At a level of thinking, the cyber world will change to ‘Cyber-Telepathic -World’

The norm-less will become super-norm-less, as we are going to see very shortly

A quick look at e-commerce. What is e-commerce?

Traditionally, e-commerce was the buying and selling of goods and services over electronic networks linking businesses and their Intermediaries.

Any kind of commercial transaction in which both parties interact electronically.

A quick look at e-commerce.

e-commerce framework

Characteristics of e-commerce

Technology enablement.

System with a lot of processes integrated to provide the service delivered.

Payment is by electronic means.

Exchange of value for goods or service occur when properly consummated

A quick look at e-commerce. Basic Elements include:

Electronic systems and Infrastructure like the network, servers, applications etc.

Intermediaries – Banks, Logistics companies

Integrated business processes e.g. ordering, invoicing, delivery etc.

Consumer making purchases via electronic media

Websites and Web pages serving as interface points between the transacting parties

Goods and Services forming the product of transactions.

Models of e-commerce

E-shops

E-Banking.

E-Finance.

POS

ATM

EDI

Examining Computer Hacking…

Hacking—Essential terminologies

The following terminologies will give an insight into what hacking is all about

Exploit what does it mean to say that an Exploit has occurred?

To understand this, one needs to learn two other terminologies namely:

Threat and Vulnerability.

Threat

Vulnerability

Attack

Examining Computer Hacking…

Threat

A threat refers to any potential source of danger that can cause an undesirable outcome; it could be human or natural phenomena such as earthquakes, tornadoes, etc.

In computer security, such may include:

Hacking

Virus

Technical , etc

Examining Computer Hacking…

Threat Any circumstance or event with potential to

cause harm to a system in the form of destruction, disclosure, modification of data, or denial of service.

A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Examining Computer Hacking…

Threat

In the United States Government usage of the term:

The technical and operational capability of a hostile entity to detect, exploit, or subvert friendly information systems and the demonstrated, presumed, or inferred intent of that entity to conduct such activity.

This immediately brings us to the term—vulnerability

Examining Computer Hacking…

Vulnerability

This has been variously defined in this context as:

A security weakness in the target of evaluation (e.g. due to flaws in analysis, design, implementation, or operation.)

Weaknesses in an information system or components (e.g. systems security procedures, hardware design, or internal controls) that could be exploited to produce an information-related misfortune.

Examining Computer Hacking…

Vulnerability

Vulnerability is the existence of a weakness, design, or implementation error that can lead to an undesired, unexpected compromise in the security of the system, network, application software or protocol involved.

Examining Computer Hacking…

Attack

An attack has been defined as an assault on system security originating from an intelligent threat. This could also be referred to as an ‘incident’ different from and ‘accident’, the former being a premeditated attempt to subvert security. Usually, attacks will follow a methodical approach intelligently designed to circumvent or evade security policies of a system.

Attack is classified into two broad categories, namely;

Examining Computer Hacking…

Attack

Passive

Active

Security Issues….

Statistics regarding the biggest security concerns of corporate companies: 21% Hackers

17% preventing malicious code

15% e-Email security

14% Secure remote access

8% Secure e-commerce

7% VPN development

6% Single Sign-on

19

Security Issues….

Security Statistics of Cyber Crime

Here are some interesting statistics pertaining to cyber crime from the ECCouncil:

Intellectual losses from hacking exceeded $400 billion in 2003.

Eighteen percent of companies whose systems were broken into or

infected with a virus suffered losses of $1 million or more.

20

Security Issues….

Security Statistics of Cyber Crime

Here are some interesting statistics pertaining to cyber crime from the ECCouncil:

A total of 241 U.S. organizations collectively reported losses of $33.5 million from theft of proprietary information.

Approximately 25 percent of all organizations reported attempted break-ins via the Internet.

An FBI survey of 400 companies showed only 40 percent reported break-ins.

One of every five Internet sites have suffered a security breach.

21

Hacking Defined……

What is computer hacking?

In the beginning, to ‘hack’ meant to posses extraordinary computing skills used to stretch system security beyond limits, it is expected that, a hacker should be very proficient in the use and application of computers

But today, the story is different due to ready-made tools freely available on the internet

Malicious hacking….

What does a malicious hacker do?—

Seek for system vulnerabilities

Exploit the vulnerabilities

Attack and re-attack

The process usually adopted is explained next slide

Hacking process......

24

Hacker classes

25

Summary of attacks Kinds of Attacks

Denial of Service(DoS)

DDoS using BOTs/BOTNETS

Social Engineering

Technical

Session Hijacking

SQL Injection

Trojans

XSS

ARP Poisoning

Smurf

Buffer Overflow

Sniffing

Virus

Password Cracking (Dictionary, Brute force and Hybrid)

26

Phases of attack…

The 5-Phases of attack Reconnaissance Preparatory to attack Uses competitive intelligence Sniffs around and gathers as much information as

possible about the target systems May use smooth-talking and social engineering Uses certain tools to detect open ports, accessible

hosts, routers, network mappings, details of operating systems and applications

Phases of attack…

The 5-Phases of attack

Scanning this is the pre-attack phase. In this stage of attack,

the attacker scans the network with specific information gathered during reconnaissance

Uses tools such as network port scanners, war diallers, to detect listening ports

Phases of attack…

The 5-Phases of attack

Scanning Organisations deploying Intrusion Detection

Systems (IDS) still have cause to worry because; attackers can use evasion techniques at both the application and network levels to bypass filters.

Phases of attack…

The 5-Phases of attack

Gaining access this is seen as the most important stage of the

hacking business

Factors that influence whether, a hacker can gain access to the target system include architecture and configuration of the target systems, skill level of the perpetrator and initial level of access obtained such as the discovery of open ports and ascertaining the type of services running on the target machines

Phases of attack…

5-phases of attack

Maintaining access

That is ‘Staying on Board’

As a defense against this kind of attacks, organizations can use IDSs or deploy honey pots and honey nets to detect intruders.

Phases of attack…

5-phases …..

Clearing the tracks this phase closes the loop started with

reconnaissance. Intelligent thieves will always cover their footprints to avoid early detection as long as their interest is sustained.

This involves removing any evidence of their discovery, including destruction of log files, etc.

. Other techniques include: steganography, tunneling, etc

Phases of attack…

Battling the hacker!

As an ethical hacker, you must be aware of the tools and techniques that are deployed by attackers so that you are able to advice and take countermeasures to sustain system protection.

SOME PERPETRATORS AND THEIR BACKGROUND WHO ARE THESE GUY?

Who is this Guy?

Robert Morris, Jr.

Robert Morris, Jr.

Released Morris worm in 1988

First major Internet Worm

Cornell University student (released the worm through MIT)

Morris worm exploited vulnerabilities in sendmail, fingerd, rsh/rexec and weak passwords

Infected 6000 Unix machines

Damage estimate: $10m - $100m

Robert Morris, Jr.

First person to be tried and convicted under the 1986 Computer Fraud and Abuse Act Received 3 years probation and a $10,000 fine

CERT was created in response to the Morris worm

Morris’s father was chief security officer for the National Security Agency (NSA)

Where is he now? A professor at MIT, of course!

Who is this Guy?

Fugitive Hacker

Started as a ‘phreaker’

Inspired by John Draper (Captain Crunch)

Using a modem and a PC, he would take over a local telephone switching office

Kevin Mitnick

Kevin Mitnick

Arrested multiple times

Breaking into Pacific Bell office to steal passwords and operator’s manuals

Breaking into a Pentagon computer

Stealing software from Santa Cruz Operation (SCO)

Stealing software from DEC

Fled when FBI came to arrest him for breaking terms of probation

“The Lost Boy of Cyberspace”

Tsutomu Shimomura helped track down the fugitive Mitnick in 1995. This was documented in the book and movie Takedown.

Kevin served 5 years in federal prison

Where is he now? Author and co-founder of security firm called ‘Defensive Thinking’

His book

Kevin Mitnick

“The simple truth is that Kevin never sought monetary gain from his hacking, though it could have proven extremely profitable. Nor did he hack with the malicious intent to damage or destroy other people's property. Rather, Kevin pursued his hacking as a means of satisfying his intellectual curiosity and applying Yankee ingenuity. These attributes are more frequently promoted rather than punished by society.”

…excerpt from Kevin’s WEB site

Information Sources and Hacking Tools

Information sources

www.archives.org.

http://people.yahoo.com or http://www.intellius.com

Intrusion Approaches Target selection, research and background info

Internet searches

Whois, Nslookup

Preliminary probing - avoid logging - get passwords Sniffing

DNS zone transfer

SMTP probe

Web Spiders

Other simple probes

Search for back doors

Technical attack or social engineering

47

Intrusion Approaches

Preliminary attacks will be to:

Uncover initial information

Locate the network range

Identify active machines

Discover open ports / access points

Detect operating systems

Uncover services on ports

Map the network

48

Cleaning Up After an Attack

Delete tools and work files

Modify logs (Unix example)

Syslog

messages files (especially the mail log)

su log

lastlog (including wtmp and utmp)

daemon logs

transfer logs

49

Bits on IT Security

Concepts Assurance

Identification and Authentication

Accountability

Hacking tools…..

The following are some of the tools usually employed by hackers: Whois

Nslookup

ARIN

Neo Trace

VisualRoute Trace

Smart Whois

Email Tracker Pro

Website watcher

Countermeasures

Defenses

Countermeasures are various security mechanisms devised to protect and monitor enterprise computer networks in order to ward off attacks by crackers. These include but not limited to:

IDS

Firewalls

Biometric devices

Encryption mechanisms

Legal redress

Legal perspectives

Some laws …. To fight hacking

In the US we have:

18 U.S.U s 1029. fraud and related activity in connection with access devices

18 U.S.U s1030. Fraud and related activity in connection with computers

18 U.S.U s 1362. Communication lines, stations, or systems

18 U.S.C s 2510 et seq. Wire and electronic communications interception and interception of oral communications

18 U.S.U s 2701 et seq. stored wire and electronic communications and transactional records access

Legal perspectives

SECTION 1029 The statute Title 18 U.S.C section 1029, also

referred to as the “access device statute” is a highly versatile means of investigating and prosecuting criminal activity involving fraud.

Penalties Offense under 1029(a)(1) attracts a fine of $50,000

or twice the value of the crime and / or up to 15 years in prison, $100,000 and / or up to 20 years if repeat offense.

Legal perspectives

Other countries such as:

Japan

Australia

UK

Germany, etc

See your handout for details of these countries laws relating to hacking and computer crime.

Conclusion

In concluding this paper—

needless to say that the cyber world has come to stay; creating fantastic new business models as well as enormous security challenges. The good, the bad and the ugly of this monumental phenomenon is one dilemma facing all stakeholders in this filed, and everyone, especially, security and systems administrators must brace up to the task of ensuring that those who live this ‘Comfort Zone’ are checkmated at all cost if the very objectives of IT applications in business are to be realised.

Secure your systems, secure your business

58

Bibliography

Other works consulted

EC-Council Courseware on:

Ethical Hacking

Computer Hacking and Forensic Investigation

Certified Ethical Hacking Study Guide – Kimberly Graves

Computer Hacking and Countermeasure – (ICAN MCPE paper 2009 by Greg Ezeilo, FCA)