Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts
no text concepts found
Transcript 
HACKED!!! – Kuala Lumpur, Malaysia
Network Security
Outsmarting Cyber Villains
Ankit Fadia
Intelligence Consultant and Author
[email protected]
http://www.hackingmobilephones.com
How to become a Computer Security Expert?
 THINGS TO DO:
Learn at least one Programming Language.
Become a Networking Guru.
Learn to work in the UNIX Shell.
Get the ‘Hacking’ attitude.
Read, Read and Read as much as you can!!!!
http://www.hackingmobilephones.com
Hacker VS Cracker
 Qualities of a Hacker :
Lots of Knowledge & Experience.
Good Guy.
Strong Ethics.
Never Indulges in Crime.
Catches Computer Criminals.
 Qualities of a Cracker :
Lots of Knowledge & Experience.
Bad Guy.
Low Ethics.
Mostly Indulges in Crime.
Is a Computer Criminal himself.
http://www.hackingmobilephones.com
Facts and Figures
FBI INTELLIGENCE REPORT
120,000
101,311
87,770
100,000
80,000
60,000
64,981
52,658
40,000
21,756
20,000 9,859
0
1999 2000 2001 2002 2003 2004
http://www.hackingmobilephones.com
Incidents
Recorded
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
 Privacy Attacks
 Email Forging Attacks
 Sniffer Attacks
 Keylogger Attacks
 DOS Attacks
http://www.hackingmobilephones.com
Individual Internet User
Mumbai Lady Case
•
A lady based in Mumbai, India lived in a one-room
apartment.
•
Was a techno-freak and loved chatting on the Internet.
•
Attacker broke into her computer & switched her web
camera on!
•
Biggest cyber crime involving privacy invasion in the
world!
http://www.hackingmobilephones.com
Government Sector
NASA
•
The premier space research agency in the world.
•
Had just finished a successful spaceship launch,
when the unexpected happened.
•
The path of the spaceship was changed remotely
by a 11 year old Russian teenager.
•
Loss of money. Unnecessary worry.
http://www.hackingmobilephones.com
TROJANS
TROJANS
Definition:
Trojans act as RATs or Remote Administration Tools that
allow remote control and remote access to the attacker.
Working: See Demo.
Threats:
Corporate Espionage, Password Stealing, IP Violation,
Spying, etc.
Tools:
Netbus, Girlfriend, Back Orrifice and many others.
http://www.hackingmobilephones.com
TROJANS
COUNTERMEASURES
•
Port Scan your own system regularly.
•
If you find a irregular port open, on which you usually
do not have a service running, then your system might
have a Trojan installed.
•
One can remove a Trojan using any normal Anti-Virus
Software.
•
Monitor start up files and port activity.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Keylogger Attacks

DOS Attacks
http://www.hackingmobilephones.com
Consumer Electronic Goods Sector
TV Group
•
One of the largest manufacturers of televisions
and other electronic goods in the world.
•
Attacker sent an abusive forged email to all
investors, employees and partners worldwide
from the Chairman’s account.
•
Tainted relations.
http://www.hackingmobilephones.com
Email Forging
Email Forging
Definition:
Email Forging is the art of sending an email from the victim’s
email account without knowing the password.
Working:
ATTACKER-----Sends Forged email----- FROM VICTIM
Tools:
None required! DEMO
http://www.hackingmobilephones.com
Email Forging
COUNTERMEASURES

NOTHING can stop the attacker.

Use Secure email systems like PGP.

Digitally sign your emails.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Keylogger Attacks

DOS Attacks
http://www.hackingmobilephones.com
Healthcare Sector
Healthcare Group
•
One of the largest shaving solutions
companies in the world.
•
Attacker broke into network and cancelled
approximately 35 different orders of raw
materials from supplier.
•
Loss of revenue. Delay in Product launch.
http://www.hackingmobilephones.com
Government Sector
BARC Group
•
One of the most sensitive atomic and
missile research facilities in India.
•
Pakistani criminal organizations broke into
network and stole sensitive missile info.
•
Loss of sensitive data. Threat to national
security.
http://www.hackingmobilephones.com
SNIFFERS
SNIFFERS
Definition:
Sniffers are tools that can capture all data packets being sent
across the entire network in the raw form.
Working: ATTACKER-----Uses sniffer for spying----- VICTIM
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying, etc.
Tools:
Tcpdump, Ethereal, Dsniff and many more.
http://www.hackingmobilephones.com
SNIFFERS
COUNTERMEASURES


Switch to Switching Networks. (Only the packets meant
for that particular host reach the NIC)
Use Encryption Standards like SSL, SSH, IPSec.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Keylogger Attacks

DOS Attacks
http://www.hackingmobilephones.com
Fashion Entertainment Sector
Fashion House Group
•
One of the most successful fashion
designers in Europe.
•
Stole all designs and marketing plans.
•
Came out with the same range of
clothes a week before.
•
Loss of Revenue. R&D & creative
work down the drain.
http://www.hackingmobilephones.com
KEYLOGGERS
KEYLOGGERS
Definition:
They are spying tools that record all keystrokes made on the
victim’s computer.
Working: ATTACKER-----Uses keylogger for spying----- VICTIM
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying, etc.
Tools:
Thousands of Keyloggers available on the Internet.
http://www.hackingmobilephones.com
KEYLOGGERS
COUNTERMEASURES

Periodic Detection practices should be made mandatory.

A typical Key Logger automatically loads itself into the
memory, each time the computer boots.

Hence, one should search all the start up files of the system
and remove any references to suspicious programs.

This should protect you to a great extent!
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Keylogger Attacks

DOS Attacks
http://www.hackingmobilephones.com
Internet Services Sector
Internet Services
•
Yahoo, Amazon, Ebay, BUY.com brought
down for more than 48 hours!
•
All users across the globe remained
disconnected.
•
Attackers were never caught.
•
Loss of Revenue. Share values down.
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
DOS ATTACKS
Definition:
Such an attack clogs up so much bandwidth on the target system
that it cannot serve even legitimate users.
Working:
ATTACKER-----Infinite/ Malicious Data----- VICTIM
Tools:
Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]
Trin00, Tribal Flood Network, etc [TOOLS]
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
BUSINESS THREATS
•All services unusable.
•All users Disconnected.
•Loss of revenue.
•Deadlines can be missed.
•Unnecessary Inefficiency and Downtime.
•Share Values go down. Customer Dissatisfaction.
http://www.hackingmobilephones.com
DOS Attacks
COUNTERMEASURES









Separate or compartmentalize critical services.
Buy more bandwidth than normally required to count
for sudden attacks.
Filter out USELESS/MALICIOUS traffic as early as
possible.
Disable publicly accessible services.
Balance traffic load on a set of servers.
Regular monitoring and working closely with ISP will
always help!
Patch systems regularly.
IPSec provides proper verification and authentication in
the IP protocol.
Use scanning tools to detect and remove DOS tools.
http://www.hackingmobilephones.com
Recommendations and Countermeasures
•
National CERTS and Cyber Cops.
•
Security EDUCATION and TRAINING.
•
Increase Security budgets.
•
Invest on a dedicated security team.
•
Security by obscurity?
http://www.hackingmobilephones.com
THE FINAL WORD
THE FINAL WORD
•The biggest threat that an organization faces continues to be from….
THEIR OWN EMPLOYEES!
http://www.hackingmobilephones.com
Is Internet Banking Safer than ATM Machines?
ATM MACHINES VS INTERNET BANKING
ATM Machines
Easier to crack.
Internet Banking
Difficult to crack, if latest SSL used.
Soft Powdery Substance.
Earlier SSL standards quite weak.
Unencrypted PIN Number.
Software/ Hardware Sniffer.
Fake ATM Machine
http://www.hackingmobilephones.com
Mobile Phone Hacking
Mobile Phone Attacks

Different Types:










BlueJacking
BlueSnarfing
BlueBug Attacks
Failed Authentication Attacks
Malformed OBEX Attack
Malformed SMS Text Message Attack
Malformed MIDI File DOS Attack
Jamming
Viruses and Worms
Secret Codes: *#92702689# or #3370*
http://www.hackingmobilephones.com
AN ETHCAL GUIDE TO HACKING MOBILE PHONES
Hacking Mobile Phones
Title: An Ethical Hacking Guide
to Hacking Mobile Phones
Author: Ankit Fadia
Publisher: Thomson Learning
JUST RELEASED!
http://www.hackingmobilephones.com
THE UNOFFICIAL GUIDE TO ETHICAL HACKING
Ankit Fadia
Title: The Unofficial Guide To
Ethical Hacking
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
NETWORK SECURITY: A HACKER’S PERSPECTIVE
Ankit Fadia
Title: Network Security: A
Hacker’s Perspective
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY
Network Security
Title: The Ethical Hacking Guide to
Corporate Security
Author: Ankit Fadia
Publisher: Macmillan India Ltd.
http://www.hackingmobilephones.com
HACKED!!! – Kuala Lumpur, Malaysia
Network Security
Questions?
Ankit Fadia
Intelligence Consultant cum Author
[email protected]
http://www.hackingmobilephones.com
Related documents
No Slide Title
No Slide Title
dos_nanog
dos_nanog
Honeynet Project
Honeynet Project
Systems Security
Systems Security
Research Areas - The George Washington University
Research Areas - The George Washington University
Malicious code, Mobile Code and Denial of Service attacks
Malicious code, Mobile Code and Denial of Service attacks
Heart Attack - Coffee Regional Medical Center
Heart Attack - Coffee Regional Medical Center
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Chapter 1 Exploring the Network
Chapter 1 Exploring the Network
Introduction - Computer Science
Introduction - Computer Science
Lecture 1 - WordPress.com
Lecture 1 - WordPress.com