Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare Cybercrime Illegal or criminogenic activities performed in cyberspace Common EC/EB crime targets/victims Identity theft – is your customer “real”? Credit card number theft – is your customer’s credit/debit account “real”? Computational embezzlement – fraudulent creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem) (Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far Copyright © 2003, Addison-Wesley Hacker/Cracker Originally, an expert programmer Today, someone (Cracker) who breaks into computers Types of hackers White-hat hackers Black-hat hackers (crackers, dark side hackers) Elite hackers Superior technical skills Very persistent Often publish their exploits Samurai – a hacker for hire Copyright © 2003, Addison-Wesley Figure 8.1 A list of postings on a hacker newsgroup. Source: alt.bio.hackers newsgroup Copyright © 2003, Addison-Wesley Figure 8.2 A typical posting. Source: alt.bio.hackers newsgroup Copyright © 2003, Addison-Wesley Figure 8.3 Hackers publish their exploits. Source: http://packetstormsecurity.org/ Copyright © 2003, Addison-Wesley Script-kiddies and Phreakers Script-kiddie (packet monkeys, lamerz) Phreaker Hacker in training Disdained by the elite hackers Person who cracks the telephone network Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators, etc. Potentially most dangerous Copyright © 2003, Addison-Wesley Why Do Hackers Hack? Government sponsored hacking Cyberwarfare Cyberterrorism Espionage Industrial espionage White-hats Publicize vulnerabilities The challenge – hack mode Black hats – misappropriate software and personal information Script kiddies – gain respect Insiders – revenge Copyright © 2003, Addison-Wesley Password Theft Easiest way to gain access/control User carelessness Poor passwords Dumpster diving Observation, particularly for insiders Easily guessed The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University) Guess the password from the pattern Copyright © 2003, Addison-Wesley Rules for Choosing Good Passwords Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types Letters, digits, special characters Use an acronym Avoid dictionary words Different account different password Change passwords regularly Copyright © 2003, Addison-Wesley Packet Sniffers Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk Ethernet and cable broadcast messages Set workstation to promiscuous mode Legitimate uses Detect intrusions Monitoring Copyright © 2003, Addison-Wesley Potentially Destructive Software Logic bomb (set up by insider) Rabbit Potentially very destructive Time bomb – a variation Denial of service Trojan horse Common source of backdoors Copyright © 2003, Addison-Wesley Backdoor Undocumented access point Testing and debugging tool Common in interactive computer games Cheats and Easter eggs Hackers use/publicize backdoors to gain access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access Back Orifice – the Cult of the Dead Cow Copyright © 2003, Addison-Wesley Viruses and Worms (most common) Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies use these (but most anti-virus software does not!) Worm Virus-like Spreads without a host program Used to collect information Sysop – terminal status Hacker – user IDs and passwords Copyright © 2003, Addison-Wesley Figure 8.6 Structure of a typical virus. Reproduction logic Macro viruses (thanks to MS ) Polymorphic viruses E-mail attachments Concealment logic Payload can be Today, click attachment Tomorrow, may be eliminated! Spawn mini-viruses Cyberterrorism threat Cluster viruses Payload Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer Copyright © 2003, Addison-Wesley Anti-Virus Software Virus signature Heuristics Uniquely identifies a specific virus Update virus signatures frequently Monitor for virus-like activity Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure Recovery support Copyright © 2003, Addison-Wesley Figure 8.8 Security and virus protection in layers. Internet Internet Router Defend in depth Firewall What one layer misses, the next layer traps Firewalls (Chapter 9) Anti-virus software Host server Virus protection Firewall Workstation Personal virus protection Firewall Copyright © 2003, Addison-Wesley System Vulnerabilities Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts War dialer to find vulnerable computer Copyright © 2003, Addison-Wesley Denial of Service Attacks (DoS) An act of vandalism or terrorism Objective A favorite of script kiddies Send target multiple packets in brief time Overwhelm target The ping o’ death Distributed denial of service attack Multiple sources Copyright © 2003, Addison-Wesley Figure 8.9 A distributed denial of service attack. Cyber equivalent of throwing bricks Overwhelm target computer Standard DoS is a favorite of script kiddies DDoS more sophisticated Target system Copyright © 2003, Addison-Wesley Spoofing Act of faking key system parameters DNS spoofing Alter DNS entry on a server Redirect packets IP spoofing Alter IP address Smurf attack Copyright © 2003, Addison-Wesley Figure 8.10 IP spoofing. 1 False message claiming to come from Beta Preparation 3 Alpha server (the target) 4 Counterfeit acknowledgement Hacker's computer One-way connection 2 Acknowledgement to Beta No response possible Probe target (A) Launch DoS attack on trusted server (B) Attack target (A) Fake message from B A acknowledges B Beta server (trusted source) B cannot respond DoS attack Fake acknowledgement from B Access A via 1-way communication path Under DoS attack Copyright © 2003, Addison-Wesley Cybercrime prevention Multi-layer security Security vs. privacy? Copyright © 2003, Addison-Wesley