Hacking and Scams Richard Baskerville Georgia State University Agenda • System Attacks • Social Engineering • Google Hacking • Exploits • Payloads • WiFi Hacking • Phone Hacking System Attacks • Remote or physical access • Password guessing • Password cracking Social Engineering
6
Embed
Hacking and Scams - J. Mack Robinson College of Business · Hacking and Scams Richard Baskerville Georgia State University Agenda • System Attacks • Social Engineering • Google
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Hacking and Scams
Richard Baskerville
Georgia State University
Agenda
• System Attacks
• Social Engineering
• Google Hacking
• Exploits
• Payloads
• WiFi Hacking
• Phone Hacking
System Attacks
• Remote or physical access
• Password guessing
• Password cracking
Social Engineering
Google HackingLong Established
Database of Exploit Queries
Aka “dorks”
GHDB Can Execute Queries on Google
Source: http://wand.5gbfree.com/passes.txt
Exploits and Malware
• Vehicles: Delivering Trojan payloads
• Viruses
• SQL Injection
• Suckers
– Phishing
– Web-page Trojans
– Malicious executables
– Image, music, video Trojans
• Buffer overflows and other exploits in image processing or playback programs
Payloads
• Spyware
• Rootkits
• Keyloggers
• Botnets
• Ransomware
Spyware
• Commonly Browser-Based Attack
• Sometimes semi-legit– Authorized in EULA
– Data for marketing / advertising
• Malicious add-in, helper code
• Collect browser data– Account information
– Passwords
– Browsing habits
• Modify browser or computer configuration
Rootkits
• Permits unauthorized full administrator-level access
• Hides itself
– The files, folders, registry edits, and other components it uses.
• May hide bundled malicious files
Keyloggers
• Ultimate spyware
• Record or transfer keystrokes and data streams
• Conceal their presence
• Compromise personal information like passwords, credit card numbers, bank numbers, etc.
Botnets
• Continuously awaits and processes commands received in a client/server mode.
• Frequently uses IRC chat channels
– Higher degree of anonymity
– High availability
• Purposes
– Distributing denial of service attacks (DDOS)
– Spamming
– Distributing illegal advertising software
– Abuse of ‘pay per click’ systems (Adware models)
– Spread on-demand
Ransomware
• A payload that encrypts files and/or disks on a
computer systems
• It displays a demand for a ransom to be paid
• It promises to deliver the decryption key upon
payment of the ransom
• The ransom is demanded in a
digitally untraceable form, such
as bitcoins
WiFi Hacking
• Wardriving – driving around looking for networks to hack
– Aided by GPS Mapping
• Exploit default configurations
• Weak Link - one mis-configured access point is enough
• Security weaknesses
– WEP
– WPA
– WPA-2
WEP
• 40-bit cipher key simple XOR encryption
• Embeds session key into the packet stream
• Attacks – Flipping bits in the cipher stream
and watching to see which bits are flipped in the resulting plaintext
– Decrypting ciphertexts encrypted with the same keystream
– Attacker can deduce the cipher key by repeating the above