CC-Note2
-
Upload
srijan-tripathi -
Category
Documents
-
view
215 -
download
0
Transcript of CC-Note2
-
8/4/2019 CC-Note2
1/19
What Hackers Do?
Breaks into the network via Internet by
spoofing the identity of computers thatthe network expects to be present!
-
8/4/2019 CC-Note2
2/19
Modern Day Robin Hood
Most dont consider themselves as criminals
They are only making copies of software or
data and utilizing unused computerresources, CPU, disk and networking
Not depriving anyone and original copy of the
information is still where it was unaltered
Defenders of the digital frontier
-
8/4/2019 CC-Note2
3/19
Releasing information Hackers believe information must be free
Releasing software Disagree with software licensing policy; does not allowed
multiple copies of it on several computers although you arethe only one using them
Release crack info for license codes
Consuming unused resources Network bandwidth, computer cycles, telephone lines
Over consumption of those often lead company to buymore of these resources
Eg: David McOwen; system administrator at DeKlabTechnical College; connecting computers to Distributed.netso that the spare computing cycles could assist in acommunal code-breaking challenge;
-
8/4/2019 CC-Note2
4/19
Discover and document vulnerabilities
Disclose systems vulnerabilities to others
Those without skills now can make use of these info to
create their own hacking tools
Eg: Adrian Lamo; exploring the inner workings of corporate
computer networks in search of system weaknesses; had
successfully hack into Worldcom, America Online Inc.,Excite
@Home, Yahoo Inc., Microsoft Corp., and NY Times
Finding fame
Virus, website defacements
To prove their skills
Eg: Kevin Mitnick; hired in Alias tv series
-
8/4/2019 CC-Note2
5/19
Digital Dillinger
Information security professional must ensuresystem availability, maintain informationconfidentiality and integrity
They look at hackers as Theft of information
Hacker steal information to prove themselves
Electronic fund transfer network inviting the most attack
Intercept bank card numbers and PIN numbers Eg: Suzanne Scheller; FI employee; accessed the FI
computer system and searched for potential customersfor a friend who was starting a real estate business
-
8/4/2019 CC-Note2
6/19
They look at hackers as Software piracy
Many organizations secrets are contained not only in the information
they have, but are also embedded in the software that they havecreated (internal software)
Theft of these software may disclose organizations most privatesecrets
Damage to the original copy will lead to disability to continue to dobusiness
Eg: Chung-Yuh Soong a SE works for Kodak for a year before
resigning, transmitting a large data files containing softwareprograms used in Kodak digital cameras and other digital devices toXerox computer
Theft of resources Difficult to prove at court; hard to prove lost of revenues
Eg: Raymond Torricelli; known as rolex a member of a hackingorganization known as #conflict; used his PC from home to search
Internet for vulnerable computers for intrusion; located the computer,obtained unauthorized access and uploading a program that allowhim to gain complete access to all the computers functions;accessed NASA, Jet Propulsion Lab, San Jose Stat U loadinghostile program used mostly for hosting chat-room discussions, usedchat room to invite for pornographic images cost 18 cents per visit
-
8/4/2019 CC-Note2
7/19
Compromising systems
Will cause organizations although no damage occur
They need to spend time and resources (manpower) to findwhether there is damage or not
Hackers will apply rootkit which changes the systems
software so that it does not report his presence or his tools
Eg: Jason Allen Diekman; hack into NASA and stole and used
credit card numbers to purchase electronic equipment; gainunauthorized access to Oregon State U using a stolen student
account id; store a program to control IRC channels
Website vandalism
Most visible to attack
Stolen password accounts Websites generally selected due to hackers ability to exploit
the system, systems visibility, sites owner
-
8/4/2019 CC-Note2
8/19
How Hackers Do What They Do?
The process of hacking computer systems
has become automated
Many tools easily available to identify and
exploit vulnerabilities to compromise a
system
Powerful software tools for breaking into
networks are freely distributed; require littleknowledge and virtually undetectable until
damage is done
-
8/4/2019 CC-Note2
9/19
Malicious code
Logic bomb
Program that lies dormant until it is activated (by any event
computer system can detect)
Often time-based or based on presence or absence of data(programmers name)
Once triggered, will deliver its payload often destructive
which consume resources or delete files
Eg: Timothy Lloyd a former chief computer network
program designer for Omega Engineering; terminated andactivated a time bomb which permanently delete all of the
companys sophisticated manufacturing software programs
-
8/4/2019 CC-Note2
10/19
Parasite
A code which added to existing program and draws
information from the original program; will change some ofthe programs attributes such as program size, timestamp,
its permission, ownership etc
To gather information the hackers does not have privileges
A covert, nondestructive program
Trojan Horse
Program looks like a useful program that has an alternate
agenda
How it is plant? Requires social engineering need to be
advertised so that people will run it. Normally distributed as
a trial version games
-
8/4/2019 CC-Note2
11/19
Virus
A program that infects another program by replicating itself
into the host program; mostly destructive; some are not butwill replicate consuming resources this is called as
rabbits or bacteria
3 phases
Infection phase host is infected from a previously existing
virus
Activation phase new copy is triggered to find another host
to infect
Replication phase virus find a suitable host and copy itself to
the host
Environment where freeware is prevalent and people
regularly bring software onto your system; greater risk of
virus infection
-
8/4/2019 CC-Note2
12/19
Worms
A program used as a transport mechanism for other programs
Utilizes the network to spread programs from one system toanother
Utilizes flaw in a network transport such as network mail orremote process execution
3 processes
Search for receptive system
Establish connection to that system Transport its program to the remote system and execute the program
Eg: Franklin Wayne Adam created a worm that seeks computerson the Internet that have certain sharing capabilities enabled, anduses them for the mass replication of the worm; courses the harddrives to be erased; computers with hard drives not erased willscan another computers to be infected which lead thesecomputers to dial 911. caused 911 emergency system to a denialof service (overloaded)
-
8/4/2019 CC-Note2
13/19
Modified Source Code
Source code which is freely available and widely distributed(eg. Linux)
Skilled hackers have the ability to create their own backdoors or data capture routines
Dynamically Loadable Modules
Allow the system to load the module only when it is neededinstead of integrating it into the software program
Available at user space, shared libraries and in kernelspace Shared library - is a library of utilities that can be called from any
program
Shared library differ from archive library in that they are not loadableinto the executable program at program link time; they are pointed tofrom the executable and are executed at run time; any modificationsto the shared libraries are immediately realized by the program thatuse them
-
8/4/2019 CC-Note2
14/19
If a hacker replaces a utility in the shared library, all
programs which use this utility will be compromised
Thus, shared library should be given more protections Dynamically loadable kernel modules works in the
same; they are not statically link into the kernel; they are
loaded when the system that uses the module is initiated
Open the doors for hackers to install kernel level code
into the system since unload and reload of these
modules provides the ability to update modules without
having to shut down the system
-
8/4/2019 CC-Note2
15/19
Software developers Due to codes moved into production while it still contains
debugging information or developer hooks Need to review software design
Exploiting network protocols Hundreds of network services which hackers can choose to
attack
Internet daemon, inetd, controls some of the processes thatcommunicate over the network; it listen to each port andwhen a connection is identified, it passes control of socketto the associated program
A hacker can add a back door into a system by adding a
line in /etc/inetd.confthat will attach a shell with rootprivileges to a specific socket
hack stream tcp nowait root/bin/csh csh i
a too visible approach; easily detected
-
8/4/2019 CC-Note2
16/19
E-mail spoofing Most trivial of all spoofs
SMTP consists of simple ASCII commands
These commands can be easily input manually byusing a telnet connection to the systems SMTPport
telnet victim.com smtp Email forgery does not require access or
authorizations that have to be obtained improperly Once connected, hacker can type the mail protocol
command directly to the port. Identifying someone elsein the mail From: command will show the mail sentfrom the user identified. This technique can be used tosend mail to other systems by entering a To: commandto another system
-
8/4/2019 CC-Note2
17/19
IP spoofing The act of sending packets with source addresses other
than actual address of the originating host Either unsigned address or addresses belong to another
host
Currently no way to stop IP spoofing
The best is to stop our network from being the source of
such attack. How? The border routers should be configuredto drop any packet exiting the internal network with asource address that does not belong to the internal network
Source routing
A feature of IP that allows the packet to define the path that thereturn packet should take to find its way back to the source host
Virtually never been used since Internet utilizes dynamic routingprotocols to optimize the traffic
Mostly being used by hackers who used IP spoofing to getpackets returned so this utility should be disabled on all hosts androuters; routers should be configured to drop any packet thatcontains a course route
-
8/4/2019 CC-Note2
18/19
Network flooding
The process of creating more network traffic than the
network is able to process; making the network unavailableto legitimate traffic and the host that requires that network
to communicate unreachable
SYN flooding
Sends a large number of spoofed TCP connection
requests. These requests utilize data structures in the target machine
which consume memory and kernel resources and may
caused legitimate connections to be denied
Smurf
This attack used forged ICMP echo request packetsdirected to IP broadcast addresses from remote location to
generate denial-of-service attacks
3 parties involve: attacker, intermediary, victim
-
8/4/2019 CC-Note2
19/19
System flooding
The process of consuming a resource or resources on a
system until it makes the system unable to useful work Memory, storage, computation, buffers, queues
Mass-mailings
Mail flooding has become popular attack
Mail messages containing virus