Exploring the Internet The Dark Side of the Internet - 91-113-F10

Transcription

Exploring the Internet The Dark Side of the Internet - 91-113-F10
Exploring the Internet
The Dark Side of the
Internet
91.113-021
Instructor: Michael Krolak
91.113-031
Instructor: Patrick Krolak
See also http://www.cs.uml.edu/~pkrolak/lab1/lab1.html
Authors: P. D. & M. S. Krolak Copyright 2005-2007
Edited by Richard Wright, National Expert Traffic & Information Management, Volpe Center US DOT
The Internet and Security
The Dark Side of the
Internet
Hoaxes create anxiety,
worries, and in some
cases real problems
With the advent of the Internet social
networks, chat rooms, and blogs
rumors and hoaxes can travel
around the world and reach millions
in days if not minutes.
Hoaxes – the chain email
•  In the days of snail mail, the chain letter that offer some
reward, prayer answer, good luck for the receiver of the
letter if they then copied it and sent 10 copies to others.
In some cases they asked that the person put their name
and address on a list and send money to the person
higher on the list.
•  Today hoax emails ask that the user say a prayer, do a
good deed, send money to a charity, etc. In addition the
person is asked to forward it to at least 10 friends. At the
very least this clogs the email system with junk. At worse
it is a scam that may harm your computer or add your
email to a spam or sucker list.
•  Action – Delete the email immediately and/or notify your
system administrator so it can be blocked. For more see
the Pyramid Scheme Section.
Urban Legend also urban
myth or urban tale
An urban legend, urban myth, urban tale, or a
contemporary legend, is a form of modern folklore
consisting of apocryphal stories believed by their tellers to
be true. As with all folklore and mythology, the designation
suggests nothing about the story's factuality or falsehood,
but merely that it is in non-institutional circulation, exhibits
variation over time, and carries some significance that
motivates the community in preserving and propagating it.
Source: http://en.wikipedia.org/wiki/Urban_legend
Urban legend
•  Despite its name, a typical urban legend does not
necessarily originate in an urban area. Rather, the term
is used to differentiate modern legend from traditional
folklore in preindustrial times. For this reason,
sociologists and folklorists prefer the term contemporary
legend.
•  Urban legends are sometimes repeated in news stories
and, in recent years, distributed by e-mail. People
frequently allege that such tales happened to a "
friend of a friend" -- so often, in fact, that "friend of a
friend," ("FOAF") has become a commonly used term
when recounting this type of story.
Belief and relation to mythology
•  The earliest term by which these narratives were known,
“urban belief tales,” highlights what was then thought to
be a key property: they were held, by their tellers, to be
true accounts, and the device of the FOAF was a
spurious but significant effort at authentication.[16] The
coinage leads in turn to the terms "FOAFlore" and
"FOAFtale".
•  Recently social scientists have started to draw on urban
legends in order to help explain complex sociopsychological beliefs, such as attitudes to crime,
childcare, fast food, SUVs and other 'family' choices.[20]
Debunking or Fact Checking
•  Urban myths - http://www.urbanmyths.com/
•  FactCheck.org - Annenberg Political Fact
Check
•  snopes.com: Urban Legends Reference Pages
•  PolitiFact | Sorting out the truth in politics
Spam
Source: http://www.unt.edu/benchmarks/archives/2005/february05/spamandcookiescolor.gif
• Spam is electronic junk mail that clogs our internet like the fatty canned
meat of the same name clogs our arteries.
– Communication lines back up at an alarming rate,
– Storage is gobbled up,
– Servers and processors thrash, and
– Users are irritated at best – incapacitated at worst.
• Spam costs the ISPs and others a fortune to prevent and/or to remove.
• At its worst spam is used by scammers, hackers, and others to market
and prey on literally millions of users at a very low cost.
Spam
•  What is Spam?
Junk email – unwanted, resource robbing, and often contains viruses, worms,
and scams.
•  Why is it an increasing problem?
Spam is the fastest growing component of messages on the Internet that
consumes bandwidth, storage, and angers the user. ISPs and some
consumer groups are attempting to shut down the worst offenders.
Spam as harassment.
Spam as DoS (Denial of Service) attack.
Spam as Phishing (attempt to obtain a person’s ID, password, etc, by
pretending to be a legitimate request.)
•  What can be done about it? (Discussion questions)
–  Closing down ISPs that permit email relaying (Is this too draconian?).
–  Apply filters and tools to remove it (Can they be by-passed?).
–  Lobby for federal legislation to create civil and criminal penalties for those
who send Spam. (Does this interfere with free speech?)
–  A recently passed law to prosecute commercial spammers. (When is
Internet advertising legitimate and when is it Spam?)
Why Estimate the Cost of Spam?
• 
Important for policy reasons to know severity of problem –
helps in assigning priority to issue;
• 
To determine which economic actors have to bear costs – also
important in focusing on solutions;
• 
Spam imposes negative externality on society (similar to
pollution in the manufacturing economy): economic damage
and cost borne by third parties resulting in an overall loss of
welfare for society;
• 
If costs of spam are unacceptable then have to put in place
mechanisms to change behavior of producers of spam;
• 
• 
Provides metric to “let the punishment fit the crime.”
Market itself does not provide mechanism to correct for costs
inflicted by spam. If economic solutions are used to combat
spam, cost data can help determine prices applied to reduce or
eliminate spam;
http://www.oecd.org/dataoecd/47/5/26618988.pdf
Spam Impact on Consumers
•  E-mail has value to recipient which varies with the
content and should at least equal processing cost;
•  Each e-mail entails the same receiving/processing cost
for consumer. For spam the value of the e-mail content is
negative and to this must be added the processing cost;
•  If the amount of spam received is extremely high it could
conceivably outweigh the positive value of receiving email;
•  Costs to consumers for processing mail are declining as
consumers switch to broadband from dial-up (where time
based Internet access charges exist) and because of
quicker download times;
•  But increase in volume of spam is likely to result in net
increase in costs – if you can go fast but you produce
crap, all you get is more crap;
http://www.oecd.org/dataoecd/47/5/26618988.pdf
Overall Cost: Some Estimates
•  Reduced use of an efficient and cheap means of
communications among economic actors – slows down growth
of e-commerce and development of digital economy.
Total economic impact of spam – estimates vary:
•  Global cost “conservatively” estimated at estimated at €10
Billion (European Commission Study 2001);
•  Ferris Research (Jan. 2003) estimated that spam cost US
companies $8.9 billion dollars in 2002. The same study
estimated the cost of spam in Europe as US$2.5 billion.
•  UNCTAD (2003): $20 billion;
•  Cost to Hong Kong economy $1.3 billion (HKISPA 2004);
•  $2 - $20 Billion per year and growing.
http://www.oecd.org/dataoecd/47/5/26618988.pdf
Crimes of Persuasion
Crimes of persuasion are scams that appeal to
peoples’ greed, goodwill, or other emotions to
use the victim to provide the access and
assistance to information, the money or other
resources, that are the target of the criminal.
In other words – A Con Game
Internet Scams
Internet Scams
•  Scams over the Internet unlike the fraud and similar crime can be
difficult to detect, prosecute, and prevent – and easy to perpetrate.
•  Email can be used to reach 250 million with a simple program and
a CD-ROM with the email addresses.
•  Example - The African businessman who offers to split a large
sum of money (like, $20M) if he can only electronically wire it to
your checking account. He also requires a (small) fee ($250.)
wired to his account to bribe fellow country men. Your fee and your
bank account are immediately seen to vanish.
•  See:
http://www.cnn.com/2000/TECH/computing/10/31/ftc.web.scams/
Internet Pyramid schemes
What is a Pyramid Scheme?
•  Pyramid schemes, also referred to as "chain referral", "binary
compensation" or "matrix marketing" schemes, are marketing
and investment frauds which reward participants for inducing
other people to join the program. Ponzi schemes, by contrast,
operate strictly by paying earlier investors with money deposited
by later investors without the emphasis on recruitment or
awareness of participation structure.
•  Pyramid schemes focus on the exchange of money and
recruitment. At the heart of each pyramid scheme there is typically a
representation that new participants can recoup their original
investments by inducing two or more prospects to make the same
investment.
•  For each person you bring in you are promised future monetary
rewards or bonuses based on your advancement up the structure.
Over time, the hierarchy of participants resembles a pyramid as newer,
larger layers of participants join the established structure at the bottom.
Source: http://www.crimes-of-persuasion.com/Crimes/Delivered/pyramids.htm
Internet Pyramid schemes (more)
•  They say you will have to do "little or no work because the
people below you will". You should be aware that the actual
business of sales and supervision is hard work. So if everyone is
doing little or no work, how successful can a venture be? Too good
to be true!
•  The marketing of a product or service, if done at all, is only of
secondary importance in an attempt to evade prosecution or
to provide a corporate substance. Often there is not even an
established market for the products so the "sale" of such
merchandise, newsletters or services is used as a front for
transactions which occur only among and between the operation's
distributors.
•  Therefore, your earning potential depends primarily on how
many people you sign up, not how much merchandise is sold.
•  When the Pyramid gets too big, the whole scheme collapses and
the people who lose are the people at the bottom.
Internet Pyramid schemes (more)
•  Pyramid schemes are not the same as Ponzi
schemes which operate under false pretences
about how your money is being invested and
normally benefit only a central company or person
along with possibly a few early participants who
become unwitting shills.
•  Pyramid schemes involve a hierarchy of investors
who participate in the growth of the structure with
profits distributed according to one's position
within the promotional hierarchy based on active
recruitment of additional participants.
•  Both are fraudulent, because they induce an
investment with no intention of using the funds as
stated to the investor.
Email Fraud
Fraud has existed perhaps as long or longer
than money. Any new sociological change
can engender new forms of fraud, or other
crime.
Source: http://en.wikipedia.org/wiki/Email_fraud
Email Fraud
•  Almost as soon as e-mail became widely used, it
began to be used to defraud people via E-mail fraud.
•  E-mail fraud can take the form of a "con game" or
scam.
•  Confidence tricks tend to exploit the inherent greed
and dishonesty of their victims: the prospect of a
'bargain' or 'something for nothing' can be very
tempting.
•  E-mail fraud, as with other 'bunco schemes' relies on
naive individuals who put their confidence in getrich-quick schemes such as 'too good to be true'
investments or offers to sell popular items at
'impossibly low' prices. Many people have lost their
life savings due to fraud. (Including E-Mail fraud!)
Avoiding e-mail fraud
E-mail fraud may be avoided by:
•  Keeping one's e-mail address as secret as possible,
•  Ignoring unsolicited e-mails of all types, simply deleting
them,
•  Not giving in to greed, since greed is the element that
allows one to be 'hooked‘, and
•  If you have been defrauded, report it to law enforcement
authorities -- many frauds go unreported, due to shame,
guilty feelings or embarrassment.
Source: http://en.wikipedia.org/wiki/Email_fraud
Identity Theft on the
Internet
Identity theft involves finding out the
user’s personal information and
then using it commit fraud and
other crimes.
Identity Theft
“But he that filches from
me my good name
Robs me of that which not
enriches him
And makes me poor
indeed." Shakespeare, Othello,
Act III. Scene III.
What is Identity Theft?
•  A Federal crime where someone wrongfully
obtains and uses another person's personal
data in some way that involves fraud or
deception, typically for economic gain.
•  In 2004, almost 250,000 claims of Identity
Theft within the US alone (1:1000)
•  More than $500 million in reported losses
Source: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf
Categories of Identity Theft
According to the non-profit Identity Theft Resource Center,
identity theft is "sub-divided into four categories:
1. Financial Identity Theft (using another's name and SSN
to obtain goods and services),
2. Criminal Identity Theft (posing as another when
apprehended for a crime),
3. Identity Cloning (using another's information to assume
his or her identity in daily life) and
4. Business/Commercial Identity Theft (using another's
business name to obtain credit)."
Source: http://en.wikipedia.org/wiki/Identity_theft
Tiger Woods
“A man who used Tiger Woods' identity to
steal $17,000 worth of goods was
sentenced to 200 years-to-life in prison.
Anthony Lemar Taylor was convicted of
falsely obtaining a driver's license using
the name Eldrick T. Woods, Woods'
Social Security number and his birth date.
Though he looks nothing like golf's best
player, the 30-year-old Taylor then used
the false identification and credit cards to
buy a 70-inch TV, stereos and a used
luxury car between August 1998 and
August 1999.
Judge Michael Virga gave Taylor the
maximum sentence under California's
three-strikes law...”
Identity Theft by Age
Souce: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf
Identity Theft
•  Identity Theft – the acquiring of personal and financial information
about a person for criminal purposes.
•  Your Social Security Number, credit card numbers, and passwords
on your machine can be used to gain information about you from
the web sources.
•  Once the information is gained it is used to charge large amounts
for plane tickets, etc.
•  The criminal can also assume your identity for fraud and terrorism.
•  Some rings communicate data gathered to accomplices in other
countries where the fraudulent charges are actually made.
•  It can take up to 18 months and thousands of dollars to restore
your credit.
See http://www.newsfactor.com/perl/story/15965.html
The role of private industry
and government in identity
theft
Techniques for obtaining
information
Low Tech – Social Engineering
•  Stealing (snail) mail or rummaging through rubbish (dumpster diving)
•  Eavesdropping on public transactions to obtain personal data
(shoulder surfing)
•  Obtaining castings of fingers for falsifying fingerprint identification
High Tech – Internet Approaches
•  Stealing personal information in computer databases [Trojan horses,
hacking] – Including theft of laptops with personal data loaded.
•  The infiltration of organizations that store large amounts of personal
information
•  Impersonating a trusted organization in an electronic communication
(phishing) .
•  Spam (electronic): Some, if not all spam entices you to respond to
alleged contests, enter into "Good Deals", etc.
•  Browsing social network (MySpace, Facebook, Bebo etc) sites,
online for personal details that have been posted by users in public
domains.
Soruce: http://en.wikipedia.org/wiki/Identity_theft
What is Pharming?
Pharming is the exploitation of a vulnerability in the DNS
server software that allows a hacker to acquire the
Domain Name for a site, and to redirect traffic from that
website to another web site.
DNS servers are the machines responsible for resolving
internet names into their real Internet Protocol (IP)
addresses - the "signposts" of the internet. (e.g.,
Good_Stuff.com will translate to an address like 152 145
72 30 – i.e. four groups of base 8 (octal) numbers in IP
version 4 (IPv4) or eight groups in base 16 (hex) in IP
version 6 (IPv6). The Internet has thousands of DNS
servers – each one a target for determined hackers.
Phishing
What is Phishing?
–  Using email or web sites to look like authentic
corporate communications and web sites to trick
people into giving personal and financial information.
–  FBI sees this a fast growing form of fraud and can
lead to theft of identity.
See http://www.crimes-of-persuasion.com/Crimes/Delivered/internet.htm
What is Phishing?
phishing (also known as carding and spoofing)
n.
1. The act of attempting to fraudulently acquire
sensitive information, such as passwords and
credit card details, by masquerading as a
trustworthy person or business with a real need
for such information in a seemingly official
electronic notification or message (most often an
email, or an instant message).
Source: http://en.wikipedia.org/wiki/Phishing
Phishing Example
From: eBay Billing Department <[email protected]>
To: [email protected]
Subject: Important Notification
Register for eBay
Dear valued customer
Need Help?
This link points to a bogus site
that often will infect and attempt
to corrupt or steal data from your
computer or to coerce you into
divulging private information when
You access it.
We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this
problems please click here and re-enter your account information. If your problems could not be resolved your account will be
suspended for a period of 3-4 days, after this period your account will be terminated.
For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your
membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you,
our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering
of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe
to eBay.
Regards,
Safeharbor Department
eBay, Inc
The eBay team.
This is an automatic message. Please do not reply.
Source: http://en.wikipedia.org/wiki/Phishing
Spoofing
Spoofing
•  E-mail sent from someone pretending to be
someone else is known as spoofing. Spoofing
may take place in a number of ways. Common to
all of them is that the actual sender's name and
the origin of the message are concealed or
masked from the recipient. Many, if not most,
instances of e-mail fraud use at least minimal
spoofing, as most frauds are clearly criminal acts.
Criminals typically try to avoid easy traceability.
Source: http://en.wikipedia.org/wiki/Email_fraud
Methods to Steal an Identity
•  TCP Spoofing
–  Establish a fake session and act to the user like the real
application the user thought was connected.
–  Can be done by substituting valid access software with
“hacked” software after compromising a host or server machine
•  DNS Spoofing
–  Mentioned previously
–  Substitutes a fake IP address for the real one in the DNS table
•  Typo Squatting (e.g. www.goolge.com)
–  Set up a real web site with URL that represents common typo.
Make site look enough like real one and try to get passwords,
ID, etc.
–  Similar to phishing, but the “phish” catches himself!
Internet and Security
The Internet is a paradox like almost everything in modern
society. It offers many benefits yet it also opens us to a
variety of evils. It is a tool to leverage the power of
advanced computing – for good OR evil.
What is computer security?
computer security
n.
1. The systematic methods and procedures
employed to protect information assets on
computer systems to protect against intentional
and unintentional use, modification, deletion,
manipulation, access, or corruption.
What is malware?
•  malware (mal´wãr) (n.) Short for malicious
software, software designed specifically to
damage or disrupt a system, such as a virus or a
Trojan horse.
Source:: http://www.webopedia.com/TERM/m/malware.html
As we explore the Internet we must
also protect ourselves from evil
•  First we must make sure our
computer is secure or at least
that we make difficult for
trespassers and other evil
doers to enter it and attack it.
•  Second we must secure our
browsers and email system.
•  Third we must protect our
network portal and our
communications.
•  Finally we must prepare to be
attacked and have a plan for
minimizing the damage.
Cartoon Source: http://www.offthemarkcartoons.com/cartoons/2002-12-21.gif
What is a virus?
Virus
n.
1. A self-replicating
software program that
spreads by inserting
copies of itself into other
executable code or
documents.
Source: www.wikipedia.org
Annual Cost of Viruses to Businesses
What is a Trojan Horse?
Trojan horse
n.
1. A malicious program that is disguised as legitimate software.
Trojan horses can
– 
– 
– 
– 
– 
– 
– 
– 
Erase or overwrite data on a computer,
Corrupt files in a subtle way,
Spread other malware,
Set up networks of zombie computers (subverted to execute
commands of the hacker instead of your programs) in order to
launch DDoS (Distributed Denial of Service) attacks or send
spam,
Spy on the user of a computer and covertly report data like
browsing habits to other people,
Log keystrokes to steal information such as passwords and
credit card numbers,
Phish for bank or other account details, which can be used for
criminal activities, or
Install a backdoor on a computer system to facilitate future
hacking.
•  A “Trojan horse” program may force your computer to do any or all of these things without
your knowledge!
•  Individuals have actually been prosecuted for actions committed by their computer while
under control of a Trojan horse.
Source: www.wikipedia.org
What are worms?
worm n.
1. A self-replicating piece of code that uses
security lapses to travel from machine to
machine, placing copies of itself everywhere and
then using those newly compromised machines
as bases to attack further systems.
–  The worm is the chunk of code that does the traveling
and implanting. Hackers attach other malware to the
worm which then carries it along.
Source: www.nndb.com
Famous Worms
Name/Date
Comment
Est. Cost
Melissa 3/26/1999
$1.1B
NIMDA 9/2001
$645M
Sobig 1/2003
Variant Sobig.f used its own
SMTP (Simple Mail Transfer
Protocol) to email from user
address to others in user’s
addressbook. Largest vol. of
emails.
$36.1B
Source: Computer Worms: Past, Present, and Future, Craig Fosnock (CISSP, MCSE, CNE)
East Carolina University
Famous Worms (continued)
Name/Date
Comment
Est. Cost
Mydoom
Appearing January 26, 2004
and primarily transmitted via E-mail to
appear as a transmission error.
•  Mydoom’s becomes the fastest
spreading email worm ever.
• It slowed overall Internet performance by
about 10%, and average web page load
times by about 50%.
$38.5 B
Witty
Appearing March 19, 2004,
• was the fastest developed worm to date
as there was only 36 hours after the
release of the advisory to the released
virus.
•  Witty infected the entire exposed
population of twelve thousand machines
in 45 minutes, and
•  it was the first worm that destroyed the
hosts infected (by randomly erasing a
section of the hard drive)
$11 million
Early Viruses
•  Brain Virus from Pakistan (1986)
–  First PC virus
–  Affected only certain types of floppy drives
•  Dark Avenger.1800 virus (1989)
–  Written in Sophia, Bulgaria.
–  Posed the first international virus threat.
–  Used anti-virus software to spread.
•  Michelangelo (1992)
–  5 million systems were predicted to be affected.
–  Only 10,000 systems were ever infected.
–  A boon for anti-virus software companies.
Source: http://www.research.ibm.com/antivirus/timeline.htm
Trojan Horses
•  These actions range from harmless messages to
destruction of user files, denial of service, or stealing
personal data.
•  Lately hackers have taken over thousands of computers
to launch attacks on other sites (using Trojan horse
techniques).
What is a rootkit?
•  A type of Trojan that keeps itself, other files,
registry keys and network connections hidden
from detection.
•  It enables an attacker to have "root" access to the
computer, which means it runs at the lowest level
of the machine.
•  A rootkit typically intercepts common API calls so
antivirus scans never see the rootkit programs.
What’s a Wabbit?
wabbit
n.
1. A program that replicates itself on a computer but does not
touch other documents or executables. It is not spread
through the Internet. It makes so many copies of a program
that the computer cannot even start the program that would
allow the user to terminate the wabbit program.
What’s a backdoor?
•  Code that allows access
of the computer through
O/S or application.
•  In some cases this is
intentional and in others
it’s a bug. In any case it is
a dangerous problem and
requires that the user get
the latest patches to the
O/S and applications.
Source: http://cluestick.me.uk/burrow/gallery/cartoons/
Malware Detection
•  Norton Anti-Virus
•  McAfee Anti-Virus
•  Panda Software
Software designed to spy
on you
1.  Adware
2.  Spyware
What is Adware?
•  Adware or advertising-supported software is any software
package which automatically plays, displays, or downloads
advertising material to a computer after the software is installed on
it or while the application is being used.
•  Adware programs other than spyware do not invisibly collect and
upload this activity record or personal information when the user of
the computer has not expected or approved of the transfer, but
some vendors of adware maintain that their application which
does this is not also spyware, due to disclosure of program
activities: for example, a product vendor may indicate that since
somewhere in the product's Terms of Use, there is a clause that
third-party software will be included that may collect and may
report on computer use, that this Terms of Use disclosure means
the product is just adware.
http://en.wikipedia.org/wiki/Adware
What are Popup ads?
•  A popup, is a new browser window, usually with ad content, that
opens over your current one.
•  A popunder, which is supposedly less annoying, is a new browser
window that opens (duh) under the current one.
•  A popover (also known as an overlay) is an animated graphic that
doesn't have a window in the usual sense but rather materializes
on top of the current window.
•  Sometimes popovers have a click-the-X box that enables you to
get rid of them; others don't (or carefully disguise it) and you have
to wait till they go away on their own.
•  Interstitial ads appear after you click on a hyperlink, but before
you get to the page you actually want.
•  Rich media refers to fancy, often interactive, animated graphics
that move around the page, etc. Rich media is the hot trend in
online advertising since it's difficult to ignore; it typically makes use
of a technology aptly called Flash. Flash is often used for
popovers.
http://www.straightdope.com/columns/041015.html
Spyware
•  Spyware – software that gathers information
about a person or computer without permission or
knowledge.
•  Once loaded unto a computer sends data back to
the site that launched them.
•  Can be very dangerous and used in identity theft
and other forms of fraud.
•  Can make your computer appear to be slow and
unresponsive.
What is spyware?
spyware n.
1. a broad category of malicious software intended to intercept or
take partial control of a computer's operation without the user's
informed consent. Unlike viruses, it does not usually self-replicate.
Spyware is designed to exploit infected computers for the
commercial gain of third parties. Typical tactics furthering this goal
include delivery of unsolicited pop-up advertisements; theft of
personal information (including financial information such as credit
card numbers); monitoring of web-browsing activity for marketing
purposes; or routing of HTTP requests to advertising sites.
As of 2005, spyware affects only computers running Microsoft
Windows. There have been no reported observations of
spyware for Mac OS X, Linux, or other platforms
Source: www.wikipedia.org
What does Spyware/Malware specifically do to my
computer?
Malware will perform a variety of nasty activities, ranging from
simple email advertising all the way to complex identity-theft and
password-stealing. New nasty functions are created every week
by malware programmers, but the most common malware
functions are:
– 
Malware steals your personal information and address book (identity theft and
keystroke-logging).
– 
Malware floods your browser with pop-up advertising.
– 
Malware spams your inbox with advertising email.
– 
Malware slows down your connection.
– 
Malware hijacks your browser and redirects you to an advertising or a phishing-con
web page.
– 
Malware uses your computer as a secret server to broadcast pornography files.
– 
Malware slows down or crashes your computer.
How to prevent / detect spyware
•  Adaware
–  www.lavasoft
•  WebRoot’s SpySweeper
–  www.WebRoot.com
•  Spy Bot
•  Spyware Doctor
•  HijackThis
•  Microsoft Anti Spyware Beta
–  http://www.microsoft.com/athome/security/spyware/software/default.mspx
What are cookies?
cookies
n.
1. Small data files written to your
hard drive by some Web sites when
you view them in your browser.
These data files contain information
the site can use to track such things
as passwords, lists of pages you've
visited, and the date when you last
looked at a certain page.
Source: http://www.cnet.com/Resources/Info/Glossary/Terms/cookie.html
Source: http://sarahmorgan73.tripod.com/pers.html
Cookies can serve a useful purpose
•  Cookies can be useful. In general web pages are
stateless, i.e. they do not remember material from
one page in a site to another. For instance, a
cookie allows e-commerce to create a market
basket of items of things your are ordering while
you are shopping through the site’s online
catalogue.
•  It also allows sites to remember you from after
you log in to a site. Thus if you are a distance
learning student it will remember the pages you
visited and the answers you gave to questions.
DoubleClick and other cookie
exploiters
•  DoubleClick is an aggressive tracking tool. In
general a cookie can only be opened by the site
that created it. DoubleClick sets its cookies
through its ads on the downloaded page.
Because its cookie contains the page which
contained the ad the cookies will report the sites
that you visit with DoubleClick ads. Thus it can
track you from site to site.
What do companies know
about you?
Cookies, flash cookies and beacons -all new tools to gather information
about you.
In the best case it invades your
privacy,
In the worst case it attacks your
privacy and your identity.
Source: http://www.eff.org/deeplinks/2010/08/what-they-know
Flash Cookies
Removing Flash Cookies
Earthlink SpyAudit Report
• 
• 
• 
• 
4,610,738 computers scanned
769,330 Trojan Horses were detected
24,395,256 Spyware programs were detected
90,594,556 Sypware cookies were detected.
Wireless Dangers
• 
• 
• 
• 
War Driving
Virtual Intrusion
Other means
Security Measures
Wardriving
•  Wardriving is the act of searching for Wi-Fi
wireless networks by a person in a moving vehicle
using a Wi-Fi-equipped computer, such as a
laptop or a PDA. It is similar to using a radio
scanner, or to the ham radio practice of DXing.
•  Connecting to the network and using its services
without explicit authorization is referred to as
piggybacking.
Source: http://en.wikipedia.org/wiki/War_driving
Further References
•  http://courses.washington.edu/info100/classwork/
slides/files/fit100-21-darkside.ppt
More Serious Internet Age
Problems
Cyber Bullying
Cyber bullying is a controversial
area of Internet abuse.
Cyber-Bullying
•  Cyberbullying is willful and involves recurring or
repeated harm inflicted through the medium of
electronic text, such as e-mail or instant
messaging are just two ways but cyber bullying
can occur in any way if it is on the internet.
•  According to R.B. Standler[1]bullying intends to
cause emotional distress and has no legitimate
purpose to the choice of communications.
Source: http://en.wikipedia.org/wiki/Cyber-bullying
Cyber-Bullying (More)
•  Cyberbullying can be as simple as continuing to
send e-mail to someone who has said they want
no further contact with the sender.
•  Cyberbullying may also include threats, sexual
remarks, pejorative labels (i.e., hate speech).
•  Cyber-bullies may publish personal contact
information for their victims at websites. They may
attempt to assume the identity of a victim for the
purpose of publishing material in their name that
defames or ridicules them.
Cyber Bullying can be deadly
•  The issue of cyber bullying is not a trivial right of passage
in middle and high school
•  In the last several years the news has reported 3-4 teens
driven to suicide after cyber bullying often the victims are
girls as are the bullies.
•  In Jan, 2010 a young girl whose family moved from
Ireland committed suicide in western Ma after she was
bullied by group of high school girls.
•  Advice for parents and teachers can be found in
http://kimberlybennett.net/APU/The%20Dark%20Side
%20of%20the%20Internet-kbennett.ppt
Suggestions for parents
If an adult suspects a child is having suicidal thoughts or behaviors as
a way of escaping bullying and other problems, here are some
suggestions:
•  Notify school personnel if bullying is identified.
•  Seek an evaluation from a professional. Suicidal thoughts and
behaviors are often linked to depression, which can be treated.
•  Listen to the child.
•  Help the child understand these feelings and thoughts are
temporary and there are solutions.
•  Brainstorm on how the child can react to bullying.
•  If suicidal urges/behaviors are serious, take the child to the
emergency room, don't leave him or her alone, and keep firearms,
drugs and sharp objects away from the child.
Source:http://cbs4.com/local/Celine.Okwuone.Port.2.1708481.html
A Few High Profile Cases
We examine cases that illustrate
particularly egregious examples of
cyber bullying.
Megan Meier
•  St. Louis, Missouri, teenager Megan Meier committed
suicide after a girl down the street disguised herself
as a teenage boy on MySpace and taunted the 13year-old about her weight and sexuality. Megan was
three days away from her 14th birthday in October of
2006
•  The Missouri officials and Federal officials could not
find a crime Finally a charge of computer fraud was
filed in California for misrepresentation of the child’s
age to use Myspace against the mother.
•  The following video discusses the legal issues. Note
the jury found Laurie Drew not guilty on but one
charge which was also dropped by the judge.
Megan Meier Case Legal Issues
Phoebe Prince
•  Phoebe Prince was an Irish immigrant to Massachusetts
when she took her own life in January of 2010. Phoebe
was a victim of cyberbullying at South Hadley High
School in western Massachusetts.
Her parents, who brought Phoebe to America from their
small Irish village, said that she had trouble adjusting to
life in America. Even though she had just accepted a
date to the school dance, Phoebe committed suicide
after receiving several taunting comments on her
Facebook page.
•  Charges were brought against the mean girls and the
older boys who slept with her.
Phoebe Prince Case and Legal
Issues
Rutgers Case
•  The gay 18-year-old ended his life Sept. 22 by
jumping off a bridge, after authorities said two
other students streamed his private sexual
encounter online.
•  One of the students, the room mate, planted the
web camera.
•  One major issue is what the two students should
be charged with.
•  The invasion of privacy and the death shocked
the campus.
Rutgers University
Legal & Ethical Issues
Sexting
Sexting -- Teens text messages
including explicit pictures of
themselves is raising issues
• Is it pornography and if so what
should be the punishment for the
sender and the receiver.
• Is it a new form of Cyber Bullying
when the boy or girl friend sends posts
those private photos on the web.
One in Five Teens are involved
The dangers of Sexting lead to criminal
charges, registered as sex offenders, and
cyberbullying, and has lead to suicide
Is Sexting Child Pornography?
Source:
http://www.youtube.com/watch?v=mYrXG1Yze68&feature=fvst
Trolling
“Trolling” means mean-spirited
searching of the internet for victims
to send harassing, often anonymous
messages.
Source:
http://www.cyberbullyingnews.com/2010/03/cyberbullying-current-newstrolling-the-suicide-of-alexis-pilkington
/
New variation of CyberBullying -Trolling
Post-Death Harassment after a suicide
•  A new variation of trolling involves post-suicide
harrassment of family and friends the victim: When
families and friends set up memorial “sites” on Facebook
and other sites, “trolls” from around the world send or
post harassing, often anonymous messages regarding
the victim. Depending on the site, the family may have no
control over the postings that are added.
•  At first glance, one might ask “is this really cyberbullying,
because the victim is already dead?” However, when you
realize that other youth, classmates, friends and family
are reading the site, the message is “victim was a loser
and deserved to die – if you are a loser like her, you
deserve to die too.”
Online Crimes against
persons -- by rapists,
pedophiles, etc.
Because of the nature of online cyber
relationships it is often the case that criminals
can gain the confidence of lonely vulnerable
people. Pedophiles in particular use it to
attract and lure children into meetings for sex,
pornography, and abduction.
Youth Internet Safety Survey
•  National Center for Missing & Exploited Children
(NCMEC) provided funding to Dr. David Finkelhor,
Director of the Crimes Against Children Research Center
at the University of New Hampshire, to conduct a
research survey in 1999 on Internet victimization of
youth. His research provides the best profile of this
problem to date.
•  Crimes Against Children Research Center staff
interviewed a nationally representative sample of 1,501
youth, aged 10 to 17, who used the Internet regularly.
“Regular use” was defined as using the Internet at least
once a month for the past 6 months on a computer at
home, at school, in a library, at someone else’s home, or
in some other place.
Source: http://www.ojp.usdoj.gov/ovc/publications/bulletins/internet_2_2001/internet_2_01_6.html
The survey looked at four types of
online victimization of youth
• 
Sexual solicitation and approaches: Requests to engage in
sexual activities or sexual talk or to give personal sexual
information that were unwanted or, whether wanted or not, made
by an adult.
• 
Aggressive sexual solicitation: Sexual solicitations involving
offline contact with the perpetrator through mail, by telephone, or
in person, or attempts or requests for offline contact.
• 
Unwanted exposure to sexual material: When online, opening email, or opening e-mail links, and not seeking or expecting
sexual material, being exposed to pictures of naked people or
people having sex.
• 
Harassment: Threats or other offensive content (not sexual
solicitation) sent online to the youth or posted online for others to
see.
Survey Findings
•  One in 5 youth received a sexual approach or solicitation over the
Internet in the past year.
•  One in 33 youth received an aggressive sexual solicitation in the
past year. This means a predator asked a young person to meet
somewhere, called a young person on the phone, and/or sent the
young person correspondence, money, or gifts through the U.S.
Postal Service.
•  One in 4 youth had an unwanted exposure in the past year to
pictures of naked people or people having sex.
•  One in 17 youth was threatened or harassed in the past year.
•  Most young people who reported these incidents were not very
disturbed about them, but a few found them distressing.
Finally -- Survey Shows a Disturbing
Trend of Not Seeking Help
• 
Only a fraction of all episodes was reported to authorities such as the
police, an Internet service provider, or a hotline.
• 
About 25 percent of the youth who encountered a sexual approach or
solicitation told a parent. Almost 40 percent of those reporting an
unwanted exposure to sexual material told a parent.
• 
Only 17 percent of youth and 11 percent of parents could name a specific
authority, such as the Federal Bureau of Investigation (FBI), CyberTipline,
or an Internet service provider, to which they could report an Internet
crime, although more indicated they were vaguely aware of such
authorities.
• 
In households with home Internet access, one-third of parents said they
had filtering or blocking software on their computers.
The Dark Side of Craigslist
and Social Networks -Cyber Crime
Craigslist
•  Craigslist is a centralized network of online
communities, featuring free online classified
advertisements – with sections devoted to jobs,
housing, personals, for sale, services, community,
gigs, résumés, and discussion forums.
•  Craig Newmark began the service in 1995 as an email
distribution list of friends, featuring local events in
the San Francisco Bay Area, before becoming a webbased service in 1996.
•  Craigslist has a business model of free or low cost
ads that attacks one major leg of the newspaper of
revenue.
http://en.wikipedia.org/wiki/Craigs_list
Craigslist Crimes and Controversies
•  The Erotic Section has been the source of
controversy and crime, Prostitution, sex crimes,
and even murder (Craigslist murderer in spring
2009)
•  Major state and cities have begun criminal and
civil legal proceedings to address the issue.
•  Craigslist has in summer of 2010 removed the
section.
Danger of children using Social
Networks
Why you should avoid sharing
certain things on the Internet
•  Burglars Said to Have Picked Houses Based on
Facebook Updates (Sept. 2010):
http://bits.blogs.nytimes.com/2010/09/12/burglarspicked-houses-based-on-facebook-updates/
•  Diamond Ring Ad on Craigslist Leads to Murder
(happened Spring 2010):
http://www.aolnews.com/crime/article/diamondring-ad-on-craigslist-leads-to-murder/19469483
Twitter Got Me Fired!!!
Sometimes the voice of youth is compelling
caution to other youths.
Source: http://www.youtube.com/watch?v=_TJ-V8wI7Sk
MA Teacher Fired for Facebook
Posting
Source: http://www.youtube.com/watch?v=zU8m-4_CmtU
Oct 2010 New York City Schools
•  After a number of incidents between both male
and female teachers and students involving
Facebook postings that were sexual, lead to
teachers being fired and/or arrested.
•  NYC found it needed to define appropriate
Facebook behavior because it had no policy.
7 Deadly Sins of Social Networks
Spammers attacks in Social Networks:
1. Dating spam – a personal message, often from a woman, to
a male social network user inviting them to start a romantic
relationship. Once contact is secured, this attack proceeds in
much the same way as bride email scams;
2. Profile and IM lures – spammers act as legitimate friends or
potential new friends interested in getting to know the user in
order to lure them to a fake profile page or Instant Messenger
conversation;
3. Redirection to inappropriate or dangerous websites – a
message is sent to a user, warning them that photographs or
rumors about them have been posted on an external site and
urging them to go to the site to view;
http://www.crime-research.org/news/02.27.2009/3720/
7 Deadly Sins (More)
4. Nigerian attacks – similarly to Nigerian 419 spam traditionally seen over
email, social networking users are targeted with messages alerting them
to a fake inheritance or access to a rich stranger’s fortune;
5. Fake jobs – sending personal messages or wall posts, spammers, posing
as an employer, offer social network users fantastic job opportunities in
order to spark conversation that will allow an avenue for further spam,
phishing, malware or scams;
6. Competitor social network lure – invitations that seem to be from legitimate
friends are sent to users via wall posts or personal messages urging them
to visit virtually unknown social networking sites;
7. Religious based spam – spammers use social networking sites to preach
to, and attempt to proselytize, users for various religions.
Social Networking Sites Help Combat
Crime
•  Police dept. are using social nets to solve crimes,
i.e. pictures and videos of the crimes. Teen beat
downs, riots and in some cases serious crimes
and gang behavior.
•  In Baltimore, police charged a student after her
attack on a teacher was placed on a personal
MySpace page.
•  In St. Paul, Minn., a woman was charged with
vandalism after she posted pictures of her exboyfriend's ransacked apartment.
Source:http://cbs4denver.com/consumer/facebook.myspace.social.2.958939.html
Social Networking Sites Help Combat
Crime (more)
•  Amateur cyber sleuths like Tracie Edwards. When her
15-year-old son was attacked by a local gang, Edwards
tapped into MySpace. Starting with just one name, she
followed an interlinking trail from one suspect to another.
•  "I started typing in these names and boom," Edwards
said. "Got my son in front of the computer and I was like,
'Do you know this little boy? Do you know this boy?' And
he was like 'this is the boy who did it.'"
•  Eventually, five people were charged.
Chat Roulette
1. 
2. 
3. 
Random chat encounters requiring the users
have a web cam
Can involve teenagers and adults who
maybe naked or other in appropriate
behavior.
Created by a 17 old Russian and it has
rapidly grown to 34 Million daily users
Crimes against commercial
and government web sites
and servers
•  Denial of service
•  Stealing credit card and other data
•  Industrial espionage
•  Blackmail and protection
What are Denial of Service (DOS)
Attacks?
DoS attack
Short for denial-of-service attack, a type of attack
on a network that is designed to bring the network
to its knees by flooding it with useless traffic.
Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP
protocols. For all known DoS attacks, there are
software fixes that system administrators can
install to limit the damage caused by the attacks.
But, like viruses, new DoS attacks are constantly
being dreamed up by hackers.
Source: http://www.webopedia.com/TERM/D/DoS_attack.html
What are Denial of Service Attacks?
denial of service
n.
1. An attack on a computer system or network that causes a loss
of service to users, typically the loss of network connectivity and
services by consuming the bandwidth of the victim network or
overloading the computational resources of the victim system.
Examples
–  Teardrop attack
•  The attacker floods the victim with improperly formatted packets.
–  Synflood Attack
•  The attacker simulates many users starting requests for data but not completing
the request. The victim is stuck waiting for the attacker to complete the
requests.
Source: www.wikipedia.org
Distributed Denial Of Service (DDOS)
Attacks
DDOS – Short for Distributed Denial of Service, it is an
attack where multiple compromised systems (which are
usually infected with a Trojan Horse) are used to target a
single system causing a Denial of Service (DoS) attack.
Victims of a DDoS attack consist of both the end targeted
system and all systems maliciously used and controlled
by the hacker in the distributed attack.
The DDOS normally has a primary infected computer called
a master that infects the other computers called ‘slaves’
or ‘zombies’. The attacker then commands the
computers to start sending useless messages to the
targeted web site.
Source: http://sbc.webopedia.com/TERM/D/DDoS_attack.html
Stealing Credit Card and
other data from
Corporations and
Government
Gaining access to information of a
personal or sensitive nature from
government, private industry,
hospitals, etc. is almost too easy
Loss of data through poor process
•  Credit card and similar data has been
compromised through human error and/or failure
to create a secure process or method to store or
transmit data, e.g. Dana Farber sends patient
data to the wrong fax number.
•  Failure to screen personnel for character or
criminal background.
•  Failure to train All the personnel in need for
security and secure processes.
Attacking the vast amount of
information distributed thought out
the organization
•  The advent of laptops and multi-GB portable storage
devices create an environment for disclosure of
thousands if not millions of credit card and social security
numbers and other person record files.
•  Government and private industry laptops stolen or lost at
airports, etc. that contain unsecured (unencrypted)
personal records have resulted in massive identity thefts,
and/or corporate sensitive or government classified
breaches.
•  Internet rings sell the data to credit card and document
forgers who in turn sell them to the criminal who uses the
credit card or ID.
•  The crimes may involve fraud, illegal aliens, terrorists,
etc.
Hacking the corporate databases
Over the last decade the corporation has begun acquiring
millions of bytes on each and everyone of us – this is done
in numerous ways:
1.  So called loyalty cards (those pieces of plastic that hang off
your key chain).
2.  Credit card purchases and retail store charge cards which
can be used to expose your SSN, driver’s license, etc.
3.  Internet e-commerce application including tracking cookies,
• 
This massive amount of personal data leads to data mining and
other marketing techniques to target individual groups with
specific ads and products.
• 
Increasingly these massive data sources are tempting
targets for sophisticated hacker gangs and making the
acquiring and storage of this data a massive liability for the
corporation.
• 
These gangs use the Internet to carry out their attacks and
often do it from sites that make prosecution difficult if not
impossible.
Hacking Corporate Data
Material Source:
http://online.wsj.com/article_email/article_print/SB117824446226991797.html
The TJX Corp. -- A cautionary tale
•  TJX is a local firm that includes Marshalls, TJ Maxx, etc.
announced in Jan, 2007 that its 45 Million customers
credit cards and personal data (SNN, drivers lic., etc)
had been compromised over a two year period.
•  This theft of information has caused banks to issue new
credit and debit cards to these customers and have
resulted in lawsuits and goodwill losses to TJX that will
cost $B.
•  It is estimated that it cost the banks $300M to replace the
cards and TJX estimates $20M in fraudulent charges.
Material Source:
http://online.wsj.com/article_email/article_print/SB117824446226991797.html
How did it happen?
•  WSJ reports that the source of the theft was a
wireless hack in Minn.
•  Wireless networks entered retail store IT in 2000.
•  Wireless Equivalent Privacy (WEP) security
encryption was replaced when security experts
breached several retail chains.
•  WI-FI Protected Access (WAP) is a more complex
encryption adopted by some retailers but only slowly
by TJX
•  Hand held devices used in pricing and inventory
control that communicate to store computers were
hacked.
•  Once the codes were broken the hackers advanced
to attacking the headquarters computer databases
(Framingham MA) by capturing employee userids
and passwords.
The Hackers
•  The so called, “Bonny and Clyde”, hackers break
in with a quick attack and often leave clues and
other artifacts behind that signal the their
presence.
•  TJX was the hallmark of Russian and eastern
European gangs that scout for the weakest link in
the security and with careful planning attack it.
How did work?
•  Based on some recent arrests it appears that an eastern
European gang penetrated TJX and then bundled the
credit card data and personal data into 10,000 IDs and
then sold them over the Internet.
•  Gangs who purchased the data such as happened in
Florida then created credit cards and IDs and used them
to purchase gift cards and other expensive items.
•  One woman found her Bank of Am card with $45,000 in
fraudulent charges (repeated $450 gift card purchases).
The Second Act
It is said that in America there are no
second acts. But recently the gang
that brought you TJX is accused of a
new theft involving over 130 M credit
and debit cards.
Albert Gonzales
•  Albert Gonzalez, a Miami hacker who once
worked as a government mole tracking down
identity thieves, is accused of playing a critical
role in all the largest credit-card heists on record.
•  He was previously charged in other computer
break-ins, most significantly at TJX Cos., the
chain that owns discount retailers T.J. Maxx and
Marshalls, in which as many as 100 million
accounts were lifted.
Source: http://www.google.com/hostednews/ap/article/ALeqM5ij90CNbO
Summer 2009 -- The Second Act
Justice Department says he helped steal:
•  130 million card numbers from payment
processor Heartland Payment Systems,
•  4.2 million card numbers from East Coast grocery
chain Hannaford Bros. and
•  An undetermined number of cards from 7-Eleven.
Gonzalez is in jail and awaiting trial in New York for
allegedly helping to hack the computer network of
the Dave and Buster's restaurant chain.
The Awful Bad News
•  The underlying security holes mined by the
hackers still exist in many payment networks.
•  The fact that hundreds of millions of card
numbers could be stolen from retailers illustrates
the flaws in a payment system that's built more for
speed than security.
•  Gonzalez and his associates exploited
vulnerabilities that remain widespread.
Prosecution of Hackers outside US is
Difficult
•  Ori Eisen, founder of Scottsdale, Ariz.-based
security firm 41st Parameter and previously
worldwide fraud director for American Express,
noted that Gonzalez is "most likely not the
kingpin.
•  The kingpin would not risk being in the United
States. They operate out of the Ukraine or
Russia, and they're former militants or ex-KGB
who know their way around just enough not to get
caught."
Privacy and Security References
•  Holtzman, D,“Privacy lost : how technology is
endangering your privacy”, Jossey-Bass,
(2006).
The Internet and the law
Dark side of the Internet
and the law
CAN SPAM Law of 2003
CAN-SPAM Act of 2003 (Pub. L. 108-187, S. 877)
•  The Controlling the Assault of Non-Solicited Pornography
and Marketing Act requires unsolicited commercial e-mail
messages to be labeled (though not by a standard
method) and to include opt-out instructions and the
sender's physical address. It prohibits the use of
deceptive subject lines and false headers in such
messages. The FTC is authorized (but not required) to
establish a "do-not-email" registry. State laws that
require labels on unsolicited commercial e-mail or
prohibit such messages entirely are pre-empted,
although provisions merely addressing falsity and
deception would remain in place. The CAN-SPAM Act
took effect on January 1, 2004.
Cyber-Warfare
Cyber-Warfare uses computers and the
Internet to wage war. This mode of
warfare is being used in hot and cold wars
as well as by both sides of in the war on
terrorism.
Source for Cyber Warfare : http://en.wikipedia.org/wiki/Cyber-warfare
An Electronic Pearl Harbor
“It may even be unclear what constitutes an act of
war. If U.S. satellites suddenly go blind and the
telephone network on the eastern seaboard goes
down, it is possible that the United States could
not even identify the enemy. Its strategic stockpile
of weapons would be of little use. There would be
no big factory to bomb -- only a person
somewhere writing software. The possibility of an
electronic Pearl Harbor has sparked a debate on
how to counter the threat.”
Source: “Bits, bytes, and diplomacy” Walter Wriston (Foreign Affairs, Sept-Oct 1997
v76 n5 p172(11)
Types of attacks
There are several methods of attack in cyber-warfare, this list is
ranked in order of mildest to most severe.
•  Web vandalism: Attacks that deface webpages, or
denial-of-service attacks. This is normally swiftly combated and of
little harm.
•  Propaganda: Political messages can be spread through or to
anyone with access to the internet.
•  Gathering data. Classified information that is not handled
securely can be intercepted and even modified, making espionage
possible from the other side of the world.
•  Denial-of-Service Attacks: Large numbers of computers in one
country launch a DoS attack against systems in another country.
•  Equipment disruption: Military activities that use computers and
satellites for co-ordination are at risk from this type of attack.
Orders and communications can be intercepted or replaced,
putting soldiers at risk.
•  Attacking critical infrastructure: Power, water, fuel,
communications, commercial and transportation are all vulnerable
to a cyber attack
Cyber-Warfare -- Major Powers
•  September, 2007 the Pentagon and several European
organizations reported penetration by hackers from
China reported to be Peoples Liberation Army (PLA).
In diplomatic meetings with Germany, Great Britain,
and the US, China claimed that it was not
responsible for the attacks.
•  The US has been under attack by Chinese and
Russian hackers for the last several years for details
see:
–  Titan Rain -- http://en.wikipedia.org/wiki/Titan_Rain, and
–  Moonlight Maze -http://en.wikipedia.org/wiki/Moonlight_Maze
Eligible Receiver
•  Eligible Receiver, code name of a 1997 internal exercise
initiated by the Department of Defense.
•  A "red team" of hackers from the National Security
Agency (NSA) was organized to infiltrate the Pentagon
systems.
•  The red team was only allowed to use publicly available
computer equipment and hacking software.
•  Although many details about Eligible Receiver are still
classified, it is known that the red team was able to
infiltrate and take control of the Pacific command center
computers, as well as power grids and 911 systems in
nine major U.S. cities.
Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/hamre.html
Moonlight Maze
•  Moonlight Maze refers to a highly classified incident in which U.S.
officials accidentally discovered a pattern of probing of computer
systems at the Pentagon, NASA, Energy Department, private
universities, and research labs.
•  It began in March 1998 and had been going on for nearly two
years.
•  The invaders were systematically marauding through tens of
thousands of files -- including maps of military installations, troop
configurations and military hardware designs.
•  The Defense Department traced the trail back to a mainframe
computer in the former Soviet Union but the sponsor of the attacks
is unknown and Russia denies any involvement.
Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings/#maze
Titan Rain
•  In 2005 a cyber attack, code named, Titan Rain
was exposed. It was targeted at military and
secret government sites world wide.
•  Using computer forensics techniques and hacking
into the offending systems, Shawn Carpenter was
able to use the compromised systems against
themselves and find the actual origin of the
attacks. Doing things that official government
agents could not, he determined that the root of
the attacks was inside China.
Source: http://www.time.com/time/printout/0,8816,1098961,00.html
Estonia -- Perhaps the First 21st
Century Cyber-Warfare Attack
•  May 17, 2007 saw a Distributed Denial of Service
(DDOS) attack on Estonia.
•  Prior to the attack the Estonian government
removed the "Bronze Soldier", a Russian war
monument from the center of Tallinn to a
cemetery.
•  The DDOS attacks were aimed at the banking,
government, and major economic uses of the
Internet.
•  The Estonian government blamed the Russian
government for the attack
The Estonia DDOS Attack
•  The attacks whether organized by or sanctioned
by the Russian government drew the attention
and assistance of the US, NATO, and European
nations.
•  The attack is thought to involve rented networks
of zombie computers and millions of other
computers infected with a bot program to attack
fundamental institutions of the Estonian
government and economy.
China Presents Unique Resources
•  High Tech and skilled programmers
•  As the manufacturer of computer hardware,
software, and other critical electronic components
that could have Trojan horse and other programs
that would be difficult to detect and remove.
•  A Chinese general has stated that China would
attack the US communication and electrical
networks before starting an attack.
United States Reorganizes the
Military
•  On Sept. 18, 2007 the United States Air Force
announced the creation of a Cyber Command.
•  One of the problems has been that military people
did not perceive the threat in manner as real war,
i.e. – “Software does not kill, bullets do”.
President Obama creates a cyber
security czar
Attacking the Critical
Infrastructure
The US has not been an agrarian society
for two centuries, and in the 21st century
we now are highly dependent on an interconnected system of networks for the
goods and services that sustain us.
Includes slides from:
http://www.infragard.net/library/congress_05/drinking_water/
drinking_water_threats.ppt
The Nation’s Infrastructure is a
Complex “System of Systems”
The National Infrastructure Protection Plan
defines 17 Sectors and Key Resources
•  Agriculture & Food
•  Banking and Finance
•  Chemical & Hazardous
Materials Industry
•  Defense Industrial
Base
•  Energy
•  Emergency Services
•  Information
Technology
•  Telecommunications
• 
• 
• 
• 
• 
• 
• 
• 
• 
Postal & Shipping
Public Health
Transportation
Water
National Monuments
and Icons
Commercial Assets
Government Facilities
Dams
Nuclear Power Plants
Most of the U.S. Infrastructure is privately owned!
U.S. Critical Infrastructure
Protection Challenge
•  1,912,000 Farms
•  87,000 food-processing
plants
•  5,800 registered hospitals
•  87,000 emergency services
entities
•  2 billion miles of telecomm
cable
•  2,800 electric power plants
•  104 commercial nuclear
power plants
•  300,000 oil and natural gas
sites
•  460 skyscrapers
•  …
•  5,000 public airports
•  120,000 miles of major
railroads
•  590,000 highway bridges
•  2,000,000 miles of pipelines
•  500 urban public transit
systems
•  26,600 banks & financial
institutions
•  66,000 chemical plants
•  80,000 dams
•  3,000 federal government
facilities
•  …
The threat is real!
•  Unstructured adversaries
–  Cracker, hacker, script-kiddie
–  Competitors
–  Criminals
•  Structured adversaries
–  Terrorists, hactivists (hacker-activist)
–  Organized crime
Three levels of “Terrorist”
–  Foreign nations
•  Independent
•  Supported
•  Insiders
•  Foreign agent
–  Witting
–  Unwitting
–  Half-witting (You can’t fix “stupid”)
Source: http://www.iti.uiuc.edu/events/2005_09_15_Jeff_Dagle.pdf
A “System of Systems” Perspective Is Needed for
Analyzing Infrastructure Interdependencies
Fuels, Lubricants
Fuel Transport,
Shipping
Power for
Signaling,
Switches
Transportation
Water for Production,
Cooling, Emissions
Reduction
SCADA, Communications
Fuels, Lubricants
Fuel
Transport,
Shipping
Power for Pumping
Stations, Storage,
Control Systems
Power for Pump
and Lift Stations,
Control Systems
or
Water f ,
Cooling s
n
Emissio n
io
t
Reduc
Water
SCA
DA,
Electric
Power
Power for
Compressors,
Storage,
Natural
Control
Systems
Gas
r
o
f
l
Fue ors
at
Gener
S
Com CADA,
mun
icatio
ns
Wat
e
Coo r for
ling
Com
mun
icati
ons
ors
Fuel for Generat
Heat
SCADA,
Communications
Oil
Fuel for Generators,
Lubricants
,
DA ons
SCAnicati
mu
Com
Telecom
ping
Ship
ction
Redu
s
n
o
i
s
Emis
ooling,
C
,
n
io
ct
u
Water for Prod
Types of Threats / Means of Attack
Nuclear Weapon/Explosive
Radiological Dispersal Device
Biological Weapon/Material
Chemical Weapon/Material
Conventional Explosive
Physical Force
Cyber Means
Insider
Emerging Threats
…
Complex Interdependencies
Prevent Attacks
Reduce Vulnerability
Minimize Damage & Recover
“Targets”
and
Vulnerabilities
Attacking the nation’s networks
•  While DDoS can be used to attack government
and economic sites it is not a long term crippling
attack.
•  Attacking the communication, energy (pipelines),
and transportation networks can provide
devastating damage to the economy, crippling to
the military, and demoralizing to the population.
•  Supervisory Control and Data Acquisition
(SCADA) system is the Achilles' heel of the above
networks.
SCADA attacks
•  SCADA was designed for automated plant
process control. Its original design did not
envision its use over the Internet and/or security.
•  SCADA was adopted by electrical grids, pipelines,
and transportation networks.
Source: http://www.pcworld.com/article/id,137845-c,networksecurity/article.html
Proof of SCADA attack concept
•  The Idaho National
Laboratory prepared the
demonstration, in March
2007,for the U.S.
Department of Homeland
Security (DHS).
•  The simulated attack took
advantage of a known
SCADA software
vulnerability and showed
how a motor-generator
could be driven into
failure.
Photo is from a video of the SCADA
attack. Video Is no longer on the web.
Source: http://www.zdnet.com/blog/btl/blowing-up-generators-remotely/6451
Stuxnet first SCADA
Malware/Worm
New computer worm, 2009-2010, has appeared
that attacks industrial networks and plants. The
worm is called Stuxnet
It attacks the Windows 7 operating system and
Siemens industrial control and SCADA software
such that the found in pipeline, power networks,
etc.
Stuxnet is sophisticated and appears
expensive to develop
•  It is claimed that the level of effort and the
sophistication of the worm indicate that only a well
financed and motivated professional group could
have created it. Siemens reports that at least 4
industrial sites in Germany and many other places
in the world have been attacked by the worm. The
worm has been around for a year (2010) and both
Microsoft and Siemens claim to have patches for
the worm.
How does Stuxnet work?
Langner, one of the first experts to report on Stuxnet states:
•  "Langner's analysis also shows, step by step, what happens after
Stuxnet finds its target. Once Stuxnet identifies the critical function
running on a programmable logic controller, or PLC, made by
Siemens, the giant industrial controls company, the malware takes
control. One of the last codes Stuxnet sends is an enigmatic
“DEADF007.” Then the fireworks begin, although the precise
function being overridden is not known, Langner says. It may be
that the maximum safety setting for RPMs on a turbine is
overridden, or that lubrication is shut off, or some other vital
function shut down. Whatever it is, Stuxnet overrides it, Langner’s
analysis shows. " http://news.yahoo.com/s/csm/327178
What might have been the Stuxnet
target?
Stuxnet References
•  http://en.wikipedia.org/wiki/Stuxnet
•  http://www.google.com/hostednews/ap/article/
ALeqM5jam2yTGb8W1t53gQ6SRbSquSmiAD9IFORD00
•  http://volokh.com/2010/09/22/vc-scoops-thesecurity-pros-by-two-months/
•  NYT links Iran worm to bible
•  Stuxnet 'cyber superweapon' moves to China
More Technical Information
SCADA Security:
•  SCADA Tutorial
http://www.uoregon.edu/~joe/scada/SCADAsecurity.ppt
•  http://www.esisac.com
•  Hackers Target U.S. Power Grid
http://navastream.com/
News_Releases_03112005.shtml
•  Staged Attack Causes Generator to Self-Destruct
http://www.schneier.com/blog/archives/2007/10/
staged_attack_c.html
The Bellingham WA June 10, 1999
Gasoline Pipeline Rupture and Fire…
El Paso Natural Gas 30” Pipeline Rupture and Fire Near Carlsbad
NM, August 19, 2000
The Boden Incident Wasn’t Unusual…
Wireless Network Porosity Is Common
•  ‘Paul Blomgren […] measures control system vulnerabilities. Last
year, his company assessed a large southwestern utility that
serves about four million customers.“ Our people drove to a
remote substation," he recalled. "Without leaving their vehicle,
they noticed a wireless network antenna. They plugged in their
wireless LAN cards, fired up their notebook computers, and
connected to the system within five minutes because it wasn't
using passwords. […] Within 15 minutes, they mapped every
piece of equipment in the operational control network. Within 20
minutes, they were talking to the business network and had
pulled off several business reports.’ http://www.memagazine.org/
backissues/dec02/
features/scadavs/scadavs.html
Cyber Warriors
Cyber Warrior – Richard A. Clarke
•  Richard A. Clarke served 4
presidents. A highly
controversial figure with over
30 years in anti- terrorism.
•  He was the head of counterterrorism under Clinton and
was carried over to George W.
Bush.
•  He was outspoken on cyberterrorism in the 90’s.
•  He left government after 9-11
and has been highly critical of
the Bush administration.
Cyber Warrior -- Shawn Carpenter
•  Shawn worked on tracking
down the Chinese connection
to the Titan Rain.
•  He hunted them despite being
pulled off the trail by his
government lab employer and
he eventually got fired. The
FBI used him and encouraged
him to track but later turned on
him.
•  The Chinese did not
cooperate as is normal for
private hackers.
•  The red tape showed the
difficulty of countercyberwarfare.
Source: http://www.time.com/time/printout/0,8816,1098961,00.html
Cyber Warfare/Terrorism References
•  Alexander, Y and Swetnam, M, “Cyber Terrorism and
Information Warfare: Threats and Responses” Transnational
Pub, Inc. (2001)
•  Branigan, S. , “High-Tech Crimes Revealed”, Addison Wesley,
(2005).
•  Chirillo, J., “Hack Attacks Encyclopedia”, John Wiley, (2001).
•  Clarke, R. A., “Against All Enemies”, Thorndike Press, (2004).
•  Verton, D, “Black Ice The Invisible Threat of Cyber-terrorism”,
McGraw Hill, (2003).
•  Weimann, G, “Terror on the Internet”, United States Institute of
Peace Press, (2006).
•  Winkler, I., “Spies Among Us”, Wiley, (2005).
Hackers
The term hacker goes back to early days
of computers and originated with a group
of computer students at MIT
Who are hackers?
hacker
n.
1. A computer expert
2. A person that intentionally circumvents
computer security systems (more often used by
the media)
Hackers
•  Hackers were originally those people with intense
interest and computer skills.
•  Hackers are now people who use their computer
skills to break into secure computer sites, disrupt
Internet communications, steal information, etc.
•  In the early days of the transition hackers were
sort of seen as teenage (mostly male) geeks who
broke into sites and looked around.
•  The world became less tolerant as the costs rose
rapidly and the behavior is now seen as the work
of terrorists and criminals.
Cracker or Black Hat
•  For other uses, see Black hat (disambiguation).
•  A black hat is a person who compromises the security of
a computer system without permission from an
authorized party, typically with malicious intent. The term
white hat is used for a person who is ethically opposed to
the abuse of computer systems, but is frequently no less
skilled.
•  The term cracker was coined by Richard Stallman to
provide an alternative to using the existing word hacker
for this meaning.[1] The somewhat similar activity of
defeating copy prevention devices in software which may
or may not be legal in a country's laws is actually
software cracking.
Source: http://en.wikipedia.org/wiki/Black_hat
Script Kiddie
•  In hacker culture, a script kiddie (occasionally
script bunny, skidie, script kitty, script-running
juvenile (SRJ), or similar) is a derogatory term
used for an inexperienced malicious cracker who
uses programs developed by others to attack
computer systems, and deface websites. It is
generally assumed that script kiddies are kids
who lack the ability to write sophisticated hacking
programs on their own,[1] and that their objective
is to try to impress their friends or gain credit in
underground cracker communities.[1]
What is phone phreaking?
Phone Phreaks
•  The ``phone phreak'' (phreak for short) is a specific breed of hacker. A phreak is
someone who displays most of the characteristics of a hacker, but also has a
specific interest in the phone system and the systems that support its
operations. Additionally, most of the machines on the Internet, itself a piece of
the Public Switched Network, are linked together through dedicated, commercial
phone lines. A talented phreak is a threat to not only the phone system, but to
the computer networks it supports.
•  There are two advantages of attacking systems through the phone system. The
first advantage is that, phone system attack are hard to trace. It is possible to
make connections through multiple switching units or to use unlisted or unused
phone numbers to confound a tracing effort. Also by being in the phone system,
it is sometimes possible to monitor the phone company to see if a trace is
initiated.
•  The second advantage to using the phone system is that a sophisticated host
machine is not needed to originate an attack nor is direct access to the network
to which the target system is attached. A simple dumb terminal connected to a
modem can be used to initiate an attack. Often, an attack consists of several
hops, a procedure whereby one system is broken into and from that system
another system is broken into, etc. This again makes tracing more difficult.
http://csrc.nist.gov/publications/nistir/threats/subsection3_4_3.html
Infamous Hackers
A Rogues Gallery of Hackers along with the damage to
private industry, society, and government.
Stanley Mark Rifkin (Social Engineer)
• 
Rifkin in 1978 pulled off one of the
largest bank thefts ever. Using
social engineering to get bank
information and codes he
transferred $10.2 M from the
Security Pacific Bank in LA to a
Swiss bank account and then
converted the funds to $8.2 M
worth of Russian commercial
diamonds.
Footnote –
Rifkin returned to the US and
believing that the diamonds could be
sold at a profit attempted to sell
them to local jewelry outlets for
$13.2M. Working on a tip he was
turned in.
The bank after the trial believed that
it could now sell the diamonds at a
profit via auction. After a year of
trying the bank sold them at greatly
less than the original price.
Lesson – DIAMONDS are greatly over
inflated in value and are a classic
example of social engineering. Their
value as an investment is highly
doubtful.
See
John Draper (a.k.a Cap’n Crunch)
•  Used a Cap’n Crunch toy
whistle to make unlimited
free payphone calls.
•  The whistle, unbeknownst
to General Mills (the
manufacturer of Cap’n
Crunch) created a 2600
Hz tone.
•  This frequency was the
same used by phone
technicians to test
payphones and make free
phone calls.
Ian Murphy
•  Changed the internal
clocks at AT&T.
•  Impact: Phone bills
were universally
incorrect. Late night
discounts were given
to daytime users and
late night users were
subject to high bills.
•  First hacker to go to
jail.
•  Inspired the movie,
Sneakers
Robert Morris
•  Son of chief scientist at the
National Security Agency
(NSA)
•  In 1988, he wrote the first
worm that was released to
the public.
•  He claimed he was trying
to determine the size of the
Internet.
•  Affected 6,000 systems
•  3 yrs probation
•  400 hours of community
service
•  Fined $10,400.
Source: www.nndb.com
Erik Bloodaxe (a.k.a. Chris Goggans)
•  Member of Legion of
Doom
•  Texas Hacker
•  Starts feud with
Masters of Deception.
•  Two year hacker war
ensues.
•  Telephone systems
and credit cards are
the victims.
Vladimir Levin
• 
• 
• 
• 
Hacked Citibank
Stole $10 – 12 million
Arrested in 1995.
Fought extradition for
two years
•  3 yrs in prison
•  Had to return
$240,015 to Citibank
David L. Smith
•  Creator of “Melissa”
virus
•  The Melissa virus was
named after a stripper
and was send as an
email attachment.
•  Caught by hard work
and luck
Ehud Tenebaum
•  18-year-old Israeli who
created "the most
organized and
systematic attack the
Pentagon has seen to
date."
Kevin Mitnick
•  Hacked
–  PACBell
–  The Pentagon
–  North American Air Defense
Command
–  MCI
–  Digital Equipment Co.
–  Nokia
–  Motorola
–  Novell
–  Fujitsu
–  NEC
–  Sun
•  Prison Term: 5 yrs.
•  Fines: $4,000
•  Not allowed to touch a
computer for three years
Kevin Mitnick
•  After being convicted and
serving 4 yrs., he became a
security professional.
•  While the media portrayed him
as a computer genius, he
exploited human weakness
through social engineering for
his exploits
•  See “Art of Deception” by K.D.
Mitnick & Wm. L. Simon, Wily
(2002). A compendium of
cons for getting information
including private,
governmental, and corporate
data and ways to prevent
them.
Source: http://www.mccullagh.org/image/10d-9/kevin-mitnick.html
Shown at Los Vegas Def Con selling his services as a security professional
Hao Jinglong and Hao Jingwen
•  Hacked
–  Commercial Bank
of China in 1999
•  Stole: $87,000
•  Hao Jinglong
–  Prison Term: Life
•  Hao Jingwen
–  Death Penalty
Source: http://www.computerworld.com.au/index.php/id;1224861705;relcomp;1
Reomel Lamores
•  Author of the Love Bug
•  Damage caused to
international
businesses estimated
at over $100 million
•  Prison term: None
•  Fine: $0
•  Hacking is not a crime
in the Phillipines
Adrian Lamo
•  Homeless hacker who
only performs intrusion
analysis for free for large
companies.
•  Hacked into
– 
– 
– 
– 
– 
– 
MCI WorldCom
New York Times Co.
Microsoft
AOL Time Warner
CSC
NBC
•  NYT pressed charges
against him.
•  1 year home probation.
The Worcester Phreaker
Caused computer crash that
disabled Massachusetts airport
March 18, 1998
• 
Web posted at: 10:40 p.m. EST (0340
GMT) BOSTON (CNN) -- A
Massachusetts teen hacker who
disabled communications to the air
traffic control tower at the Worcester,
• 
Massachusetts, airport in 1997 has
become the first juvenile charged in
federal court with computer hacking.
The boy, whose age, identity and
hometown have not been disclosed,
has agreed to plead guilty in return for
two years probation, a fine and
community service, according to
documents released Wednesday by the
U.S. Department of Justice.
On March 10, 1997, the unidentified
hacker broke into a Bell Atlantic
computer system, causing a crash
that disabled the phone system at
the airport for six hours.
The crash of the switch knocked out
phone service at the control tower,
airport security, the airport fire
department, the weather service,
and carriers that use the airport.
Also, the tower's main radio
transmitter and another transmitter
that activates runway lights were
shut down, as well as a printer that
controllers use to monitor flight
progress.
http://www.cnn.com/TECH/computing/9803/18/juvenile.hacker/
Super Hacker
• 
• 
• 
• 
• 
Gary Mc Kinnon, is alleged to have
hacked over 90 U.S. military
computers and NASA before and
after 9/11
Looking for existence of UFOs and
to prove inadequacies in US
Security
He supposedly stole 950 passwords
from one military system and
prevented naval email traffic being
routed across the internet for a
month.
The US investigation was carried out
with the aid of the UK's national hitech crime unit.
He eventually could face a total of
up to 70 years in a US jail.
http://www.superhacker.com/hacker.html
The criminal hacker as entrepreneur
•  Jeanson James Ancheta, who prosecutors said was a well-known
member of the "Botmaster Underground" -- a secret network of
hackers skilled in "bot" attacks -- was arrested in November in
what prosecutors said was the first such case of its kind.
•  "He hijacked somewhere in the area of half a million computer
systems. This not only affected computers like the one in your
home, but it allowed him and others to orchestrate large scale
attacks."
•  Prosecutors say the case was unique because Ancheta was
accused of profiting from his attacks by selling access to his "bot
nets" to other hackers and planting adware, software that causes
advertisements to pop up, into infected computers.
•  He agreed to pay some $15,000 in restitution to the military
facilities and forfeit the proceeds of his illicit activities, including
more than $60,000 in cash, a BMW automobile and computer
equipment.
Source: 'Botmaster' pleads guilty to computer crimes
Tue Jan 24, 2006 8:53 AM ET, Reuters
Emulex Corporation
• 
• 
• 
• 
• 
• 
• 
August 25, 2000 the media reported
that Emulex was under investigation
by the Securities and Exchange
Commission for accounting fraud. In
response to the investigation, the
media further reported, the CEO
would be stepping down.
Within hours, Emulex had lost 62% of
its value or $2.2 billion in market
capitalization.
By the end of the day, it was
discovered that it was a hoax.
Within a week, it was tracked to a
community college student name
Mark Jacob.
Jakob had made over $250,000 by
shorting the stock.
Prison term: 3 yrs. 8 mos.
Fine: Forfeit all profits and $103,000
in punitive fines.
The Good Guys who track
the hackers down
Cyber Crime Reference
•  While the current presentation is extensive the
following is recommended for any one looking for
a presentation that was designed for law school
student, IT, or criminal justice and includes
extensive and current cases.
http://www.law.uoregon.edu/faculty/shoar/docs/
cc10/darkside.ppt
Clifford (Cliff) Stoll
•  Astronomer and systems
analyst.
•  Tracked down, Markus Hess,
a German hacker working for
the KGB attacking and spying
on government sites.
•  Wrote a book about his
exploits,
The Cuckoo's Egg: Tracking a
Spy Through the Maze of
Computer Espionage
http://www.pro-linux.de/berichte/jpgs/cliff_interview.jpg
Hacker Trackers
•  Kevin Mitnick was tracked
down in part by Tsutomu
Shimomura.
•  See “Take Down”, T.
Shimomura & J. Markoff,
Hyperion Press, (1996).
The Tools of Hackers
Soft tech tools -- social engineering uses
deception and hard work.
High tech tools are often developed by
systems administrators to test and explore
their networks and computer assets for holes
and exploits. These same tools are in turn
used by the hacker for break-ins and exploits.
Techniques for obtaining
information
Low Tech – Social Engineering
•  stealing mail or rummaging through rubbish
(dumpster diving)
•  eavesdropping on public transactions to
obtain personal data (shoulder surfing)
•  Obtaining castings of fingers for falsifying
fingerprint identification
Soruce: http://en.wikipedia.org/wiki/Identity_theft
Social Engineering
While the media portrays the hacker as a
super smart geek, in fact many of the best
“hackers” use social engineering to
accomplish their criminal acts.
Social Engineering
In the field of computer security, social engineering is the
practice of obtaining confidential information by
manipulation of legitimate users.
A social engineer will commonly use the telephone or
Internet to trick people into revealing sensitive information
or getting them to do something that is against typical
policies.
By this method, social engineers exploit the natural
tendency of a person to trust his or her word, rather than
exploiting computer security holes.
It is generally agreed upon that “users are the weak link” in
security and this principle is what makes social engineering
possible.
Source: http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29
The High Tech Hacker
High Tech – Internet Approaches
•  Stealing personal information in computer databases
[Trojan horses, hacking]
•  infiltration of organizations that store large amounts of
personal information
•  Impersonating a trusted organization in an electronic
communication (phishing) .
•  Spam (electronic): Some, if not all spam requires you to
respond to alleged contests, enter into "Good Deals",
etc.
•  Browsing social network (MySpace, Facebook, Bebo etc)
sites, online for personal details that have been posted
by users in public domains.
The Dark Side of Google
Using the advance search features
to find private individual’s private
and other confidential information
Intro to Google Hacking
•  "Google Hacking” is the use of Google’s data stores for
naughty things.
•  Makes extensive use of the advanced Google syntaxes.
•  Is trivially easy to do and is rather trendy.
•  An excellent guide to get up to speed on the techniques of
"Google Hacking” is the O'reily book Google Hacks by Tara
Calishain. Makes extensive use of the advanced Google
syntaxes.
•  Is trivially easy to do and is rather trendy.
•  An excellent guide to get up to speed on the techniques of
"Google Hacking” is the O'reily book Google Hacks by Tara
Calishain.
An Invitation to Data Mining
http://www.romanpoet.org/1/iz4__Invitation_to_DataMining.ppt
Google Hacking
University of Sunderland
CSEM02
Harry R Erwin, PhD
Peter Dunne, PhD
Section taken from web posted by Erwin
Basics
• 
• 
• 
• 
• 
Web Search
Newsgroups
Images
Preferences
Language Tools
Google Queries
• 
• 
• 
• 
• 
• 
• 
Non-case sensitive
* in a query stands for a word
‘.’ in a query is a single character wildcard
Automatic stemming
Ten-word limit
AND (+) is assumed, OR (|) and NOT (-) must be entered
“” for a phrase
More Queries
•  You can control the language of the pages and
the language of the reports
•  You can restrict the search to specific countries
Controlling Searches
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
Intitle, allintitle
Inurl, allinurl
Filetype
Allintext
Site
Link
Inanchor
Daterange
Cache
Info
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
Related
Phonebook
Rphonebook
Bphonebook
Author
Group
Msgid
Insubject
Stocks
Define
Controlling Searches (II)
•  These operators can be used to restrict searches.
•  To restrict the search to the university:
site:sunderland.ac.uk
•  Or to search for seventh moon merlot in the uk:
“seventh moon” merlot site:uk
Typical Filetypes
• 
• 
• 
• 
• 
• 
• 
Pdf
Ps
Xls
Ppt
Doc
Rtf
Txt
Why Google
•  You access Google, not the original website.
•  Most crackers access any site, even Google via a
proxy server.
•  Why? If you access the cached web page and it
contains images, you will get the images from the
original site.
Directory Listings
• 
• 
• 
• 
• 
• 
• 
Search for intitle:index.of
Or intitle:index.of “parent directory”
Or intitle:index.of name size
Or intitle:index.of inurl:admin
Or intitle:index.of filename
This can then lead to a directory traversal
Look for filetype:bak, too, particularly if you want to
expose sql data generated on the fly
Commonly Available Sensitive
Information
• 
• 
• 
• 
• 
• 
• 
HR files
Helpdesk files
Job listings
Company information
Employee names
Personal websites and blogs
E-mail and e-mail addresses
Network Mapping
•  Site:domain name
•  Site crawling, particularly by indicating negative
searches for known domains
•  Lynx is convenient if you want lots of hits:
–  lynx -dump “http://www.google.com/search?\
–  q=site:name+-knownsite&num=100” >\
–  test.html
•  Or use a Perl script with the Google API
Link Mapping
•  Explore the target site to see what it links to. The
owners of the linked sites may be trusted and yet
have weak security.
•  The link operator supports this kind of search.
•  Also check the newsgroups for questions from
people at the organization.
Web-Enabled Network Devices
•  The Google webspider often encounters webenabled devices. These allow an administrator to
query their status or manage their configuration
using a web browser.
•  You may also be able to access network statistics
this way.
Searches to Worry About
• 
• 
• 
• 
• 
Site:
Intitle:index.of
Error|warning
Login|logon
Username|userid|
employee.ID| “your
username is”
•  Password|passcode|
“your password is”
•  Admin|administrator
•  -ext:html -ext:htm
ext:shtml -ext:asp
ext:php
•  Inurl:temp|inurl:tmp|
inurl:backup|inurl:bak
•  Intranet|help.desk
Protecting Yourselves
• 
• 
• 
• 
• 
Solid security policy
Public web servers are Public!
Disable directory listings
Block crawlers with robots.txt
<META NAME=“ROBOTS”
CONTENT=“NOARCHIVE”>
•  NOSNIPPET is similar.
More Protection
•  Passwords
•  Delete anything you don’t need from the standard
webserver configuration
•  Keep your system patched.
•  Hack yourself
•  If sensitive data gets into Google, use the URL
removal tools to delete it.
Google Hacks for Web cams
•  One trick to find and search for open unprotected
Internet webcams that broadcast to the web, is by
using the following query:
•  inurl:/view.shtml
•  or
•  intitle:”Live View / – AXIS” | inurl:view/view.shtml^
Source: Unknown web page
More patterns for finding web cams
•  If you know the unique pattern of URL or link, or
title pattern that other manufacturers’ webcams’
or IP network cameras’ software used, you can
also easily locate and crack those unprotected
that are released or leaked to the public Internet
insecure cameras or webcams by using Google.
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
More patterns for finding web cams
•  inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:”live view” intitle:axis
intitle:liveapplet
allintitle:”Network Camera NetworkCamera”
intitle:axis intitle:”video server”
intitle:liveapplet inurl:LvAppl
intitle:”EvoCam” inurl:”webcam.html”
More patterns for finding web cams
•  intitle:”Live NetSnap Cam-Server feed”
intitle:”Live View / – AXIS”
intitle:”Live View / – AXIS 206M”
intitle:”Live View / – AXIS 206W”
intitle:”Live View / – AXIS 210″
inurl:indexFrame.shtml Axis
inurl:”MultiCameraFrame?Mode=Motion”
intitle:start inurl:cgistart
intitle:”WJ-NT104 Main Page”
More patterns for finding web cams
•  intext:”MOBOTIX M1″
intext:”Open Menu”
intext:”MOBOTIX M10″
intext:”Open Menu”
intext:”MOBOTIX D10″
intext:”Open Menu”
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30
inurl:home/
•  intitle:”sony network
camera snc-p1″
intitle:”sony network
camera snc-m1″
site:.viewnetcam.com www.viewnetcam.com
intitle:”Toshiba Network
Camera” user login
intitle:”netcam live image”
intitle:”i-Catcher Console
– Web Monitor”
The Dark Side of Googling
References
• 
• 
• 
• 
Dornfest, Rael, Google Hacks 3rd ed, O’Rielly, (2006)
Ethical Hacking,
http://www.nc-net.info/2006conf/
Ethical_Hacking_Presentation_October_2006.ppt
A great cheat sheet of Google search features:
http://www.google.com/intl/en/help/features.html
A valuable Cheat Sheet for Google Search Hacks -how to find information fast and efficiently
http://www.expertsforge.com/Security/hackingeverything-using-google-3.asp
The Dark Side of Googling
References (more)
• 
• 
• 
Henk Van Ess, Hacking with Google,
http://www.zoekzone.com/gijc2005_vaness3.pdf A
tutorial for finding things like social security numbers,
phone directories, and similar items that should not be
left lying about on the Web. This is done to illustrate
how to protect your web site and your personal data.
Google Hacking,
http://osiris.sunderland.ac.uk/~cs0her/
CSEM02%20Lectures/GoogleHacking.ppt
Google Hacks 101
http://osiris.sunderland.ac.uk/~cs0her/
CSEM02%20Lectures/GoogleHacking.ppt
Google Hacks webcam reference
•  How to Find and View Millions of Free Live Web
Cams -http://www.traveltowork.net/2009/02/how-to-findview-free-live-web-cams/
•  How to Hack Security Cameras,
http://www.truveo.com/How-To-Hack-SecurityCameras/id/180144027190129591
•  How to Hack Security Cams all over the World
http://www.youtube.com/watch?
v=9VRN8BS02Rk&feature=related
Tools for Hacking
Password Cracking
•  Password cracking is the process of recovering
secret passwords from data that has been stored
in or transmitted by a computer system. A
common approach is to repeatedly try guesses for
the password.
•  Password cracking works in a number of ways:
–  Guessing common words, birth dates, etc.
–  Dictionary attacks- trying all the words in a dictionary
–  Brute force based on the hashing system used by the
operating system
Source:http://en.wikipedia.org/wiki/Password_cracking
Password cracking programs
• 
• 
• 
• 
• 
• 
Ophcrack - Open source
Crack
Cain
John the Ripper
LC5 (formerly L0phtCrack)
RainbowCrack
Packet Sniffers
•  A sniffer is a program that monitors and analyzes
network traffic, detecting bottlenecks and problems.
•  Ethernet protocol works by sending packet information to
all the hosts on the same circuit. A machine that is
accepting all packets, no matter what the packet header
says, is said to be in promiscuous mode.
•  Because, in a normal networking environment, account
and password information is passed along Ethernet in
clear-text, it is not hard for an intruder once they obtain
root to put a machine into promiscuous mode and by
sniffing, compromise all the machines on the net.
Source:http://cs.baylor.edu/~donahoo/tools/sniffer/packetsniffers.htm
Packet Sniffers
The popularity of packet sniffing stems from the fact that it
sees everything. Typical items sniffed include:
•  SMTP, POP, IMAP traffic
•  Allows intruder to read the actual e-mail.
•  POP, IMAP, HTTP Basic, Telnet authentication
•  Reads passwords off the wire in clear-text.
•  SMB, NFS, FTP traffic
•  Reads files of the wire.
•  SQL databse
•  Reads financial transactions and credit card numbers.
Source:http://cs.baylor.edu/~donahoo/tools/sniffer/packetsniffers.htm
Packet Sniffers
Source: http://sectools.org/sniffers.html
Cryptography and encryption
Network tools -http://networktools.nl/
• 
• 
• 
• 
Nslookup
Whois
Ping
Traceroute
Hacking Wireless Networks Tools
Keystroke Logging
•  Keystroke logging is the program installed on a
computer to record every keystroke that the user
makes. Typically it is hidden in a Trojan horse.
•  The keystroke logger can reveal user ids and
passwords, scripts, etc.
•  The data can be downloaded and also used to
upload other damaging programs or to create a
slave computer that obeys a master in DDOS
attacks.
Hacking Tool References
•  Schwartau, W., ”CyberShock”, Thunder Mouth
Press, (2000).
Securing your computer
and website
There is no foolproof mechanism for securing
your computer or your website from attach.
However, you can make it very difficult and time
consuming to attack with some simple and
inexpensive (relative to the cost of the attack)
means.
Simple Protection against Hackers
•  Simplest security – Username and Password
–  Statistic about password frequency
–  Passwords should contain letters, numbers and other
assorted symbols.
•  Use
–  @ instead of a
–  $ instead of s
–  3 instead of E
–  & instead of et
–  1 or ! instead of i
–  1 instead of l (depending on if you use ! instead of i)
–  Ex. Instead of using the password “mainstreet” use “m@1n$tr3&”
What is a firewall?
(fīr´wâl) (n.) A system designed to prevent
unauthorized access to or from a private network.
Firewalls can be implemented in both hardware
and software, or a combination of both. Firewalls
are frequently used to prevent unauthorized
Internet users from accessing private networks
connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass
through the firewall, which examines each
message and blocks those that do not meet the
specified security criteria.
Source: http://www.webopedia.com/TERM/f/firewall.html
How does a firewall work?
There are several types of firewall techniques:
• 
• 
• 
• 
Packet filter: Looks at each packet entering or leaving the network and accepts
or rejects it based on user-defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible to
IP spoofing.
Application gateway: Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very effective, but can impose a
performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can
flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses.
In practice, many firewalls use two or more of these techniques in concert.
A firewall is considered a first line of defense in protecting private information. For
greater security, data can be encrypted
Source: http://www.webopedia.com/TERM/f/firewall.html
Protecting Yourself on the Internet
•  Firewalls (both HDW and SFW)
•  Anti-Virus & Anti-Spyware
•  Never open an attachment that you were not
expecting. If in doubt call the person.
•  Always backup the critical data
•  Always use the current patches to your O/S and
applications.
•  Always use the most current updates to your antimalware.
A more complex strategy – Honeypot
•  A server that is configured to detect an intruder by
mirroring a real production system. It appears as an
ordinary server doing work, but all the data and
transactions are phony.
•  Located either in or outside the firewall, the honeypot is
used to learn about an intruder's techniques as well as
determine vulnerabilities in the real system.
•  Honeynets
•  A "honeynet" is a network containing honeypots. A
"virtual honeynet" is one that resides in a single server,
but pretends to be a full network. See firewall, darknet,
honeyproxy and honeymonkey.
Source: http://www.answers.com/
The DMZ (DeMilitarized Zone)
•  A middle ground between an
organization's trusted internal
network and an untrusted,
external network such as the
Internet. The DMZ is a
subnetwork (subnet) that may
sit between firewalls or off one
leg of a firewall. Organizations
typically place their Web, mail
and authentication servers in
the DMZ. DMZ is a military
term that refers to the area
between two enemies.
http://www.answers.com/
DMZ with Honeypots
Source:http://www.securitydocs.com/library/2692
Protecting Your Identity
•  Never enter personal information (Acquired Characteristics) into a
web site that uses only http (as opposed to https)
•  Never send acquired characteristics (except your name) through
the email.
•  Unless you encrypt your email, expect that anyone can read it.
•  Always pay close attention to the spelling of the URL (web
address) when paying for anything on line.
•  Do not respond to unsolicited emails.
•  Shred all snail mail that contains personal information (especially
credit card offers!!)
•  Expect that once you throw something away, you are legally giving
it to the public.
•  Use only one credit card for online purchases
•  Keep your browsers up to date. Install security patches when they
are released.
Credit cards and the Internet
•  Credit and debit cards are now used routinely to
purchase airline tickets, gifts and flowers, and
thousands of other items from e-tailers,
Amazon.com, Ebay, etc. The internet is a rapidly
growing source of e-commerce involving $Billions.
•  The consumer is probably no more at risk than at
any other type of credit card transaction.
However, this is by no means a riskless
environment and the user should take at least as
much care as with any transaction.
Common Sense Protection Advice
Precautions:
• 
• 
Shopping on the Internet is no less safe than shopping in a store or by mail.
Keep the following tips in mind to help ensure that your online shopping
experience is a safe one.
Use a secure browser - software that encrypts or scrambles the purchase
information you send over the Internet - to help guard the security of your
information as it is transmitted to a website. When submitting your purchase
information, look for the "lock" icon on the browser's status bar, and the phrase
"https" in the URL address for a website, to be sure your information is secure
during transmission.
Check the site's privacy policy, before you provide any personal financial
information to a website. In particular, determine how the information will be
used or shared with others. Also check the site's statements about the security
provided for your information. Some websites' disclosures are easier to find than
others - look at the bottom of the home page, on order forms or in the "About" or
"FAQs" section of a site. If you're not comfortable with the policy, consider doing
business elsewhere.
http://tutorials.freeskills.com/read/id/646
Common Sense Protection Advice (more)
• 
• 
• 
• 
• 
Read and understand the refund and shipping policies of a website you
visit, before you make your purchase. Look closely at disclosures about the
website's refund and shipping policies. Again, search through the website for
these disclosures.
Keep your personal information private. Don't disclose your personal
information - your address, telephone number, bank account number or e-mail
address - unless you know who's collecting the information, why they're
collecting it and how they'll use it.
Give payment information only to businesses you know and trust, and
only when and where it is appropriate - like an order form. Never give your
password to anyone online, even your Internet service provider.
Keep records of your online transactions and check your e-mail for
contacts by merchants with whom you're doing business. Merchants may
send you important information about your purchases.
Review your monthly credit card and bank statements for any errors or
unauthorized purchases promptly and thoroughly. Notify your credit or debit
card issuer immediately if your credit or debit card is lost or stolen, or if you
suspect someone is using your accounts without your permission.
What to do if your credit
card is lost, stolen, or
disclosed?
Recently millions of credit card numbers and Social
Security Numbers were disclosed when hackers broke
in and stole them from TJX company, and Dana Farber
sent out patient information to a wrong fax number.
In other cases they were on laptops that were stolen or
lost at airports, in poorly secured databases, etc.
Actions to take
•  Call and report all lost or compromised credit and debit
cards immediately. Your liability for loss is often
dependent on quick reporting. Remember driver
licenses, passports, and other id as well.
–  Carry a list of your credit/debit cards, their numbers, and phone
numbers in a separate place than the cards.
•  Call the hot line at the Credit reporting agencies.
–  Each of the big three has a single hot line to alert creditors to
protect you from having some else issue new cards/or lines of
credit in your name.
–  It will require you to go through extra steps to get new credit
cards etc. but will save your thousands and grief.
The 3 Credit Card Phone Numbers to
call
•  Keep these phone
numbers handy if you
suspect your credit or
identity has been
compromised.
•  It will cause your credit
lines to be flagged and
may on occasion cause
some transactions to be
questioned but it will also
keep your finances
secure.
Experian
1 888-397-3742
1 800-583-4080
EQUIFAX 1 800-685-1111
1 800-349-9960
TRANS
UNION
1 800-916-8800
References
•  Standler, R.B., Computer Crime,
http://www.rbs2.com/ccrime.htm (2002)
The Dark Side of the
Internet in the novel,
movies, television
In the age of international terrorism
and cyber crime is spawning a new
genre of crime and spy novels
featuring the white hat hacker and
the black hat hacker villains.
Movies
•  Hackers (1995) starring a very young Angelina
Jolie
•  Takedown (2000) A cult classic about the phone
phreaker, Kevin Mitchnik
•  The Score (2001) Ed Norton and Robert De Niro
in a crime set in Canada
•  Live Free or Die Hard (2007) A Bruce Willis flix,
The attacking the nation’s infrastructure thru its
interlocking grids.
Source:
http://netforbeginners.about.com/od/hacking101/a/
hackermovies.htm
Dark Side of the Internet Fiction
References:
Deaver, Jeffery. The blue nowhere New York :
Simon & Schuster, c2001.
Deaver, Jeffery. The broken window [sound
recording], Simon and Schuster Audio, p2008.