Information Security, Hackers and Today's Trendsprofesor.uprb.edu/jsola/ppts/hacks.pdfHackers...
Transcript of Information Security, Hackers and Today's Trendsprofesor.uprb.edu/jsola/ppts/hacks.pdfHackers...
Information Security, Hackers and Today's Trends
Dr. Juan M. Sola-Sloan (UPR-Bayamon)
Agenda
Hackers Definitions Classical subculture Today's profile
Today's trendsVulnerabilitiesProtection
Thieves that use computers
Are they really hackers?
HackersPersons who create or modify computer software or hardware, typically with the goal of using software in a manner not intended by the original computer programmer.
Hackers
The motives from hacking can vary widely, from simply curiosity to malice or illegal acts.A hacker is a person in one of several distinct, but somewhat overlapping, communities and subcultures
Hackers “Classic” definition
A community of enthusiast computer programmers and systems designers, originated in the 1960s around the MIT Artificial Intelligence Laboratory.This community is notable for launching the free software movement.The World Wide Web, the Internet, Ipod, Iphone are also hacker artifacts.
Classical Subculture-Hackers
Steve Jobs and Steve Wozniak
Phone Phreaks → Hackers
Hackers Subculture Today
Hackers are also...
People committed to circumvent computer security also known as crackers.
This primarily concerns unauthorized remote computer break-ins via a communication networks such as the Internet
...for mainstream media
Refers to computer criminals, due to the mass media usage of the word since the 1980s. a hacker is a person who breaks into computers and computer networks, either for profit or motivated by the challenge.
...for mainstream media
Includes “script kiddies” people breaking into computers using
programs written by others, with very little knowledge about the way they work.
...mainstream media.
Hacker
Black Hat Bad guys!
White Hat Good guys
Grey Hat Philosophically/Politically challenged
Sometimes good!Sometimes bad!
Morally ambiguos
What is a hacker then?
Hacker Definition
...mediadefinition
Hacker “Other” Defintion
"a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular."A “hack” can be made either in software or in hardware.
Contemporary “hackers”Profile: Male Between 14 and 34 years of age Computer addicted No permanent girlfriend
No Commercial Interest !!!Source: Raimund Genes
Hackers are Typical Botherder: 0x80" (pronounced X-eighty)
High school dropout “…most of these people I infect are so stupid they really ain't got
no business being on the Internet in the first place.“
Working hours: approx. 2 minutes/day to manage Botnet
Monthly earnings: $6,800 on averageDaily Activities:
Chatting with people while his bots make him money Recently paid $800 for an hour alone in a VIP room with several
dancers
18
Washington Post: Invasion of the Computer Snatchers
Hackers are Typical Botherder: 0x80" (pronounced X-eighty)
Job Description: Controls 13,000+ computers in more than 20 countries Infected Bot PCs download Adware then search for new victim
PCs Adware displays ads and mines data on victim's online browsing
habits. Bots collect password, e-mail address, SS#, credit and banking
data Gets paid by companies like TopConverting.com,
GammaCash.com, Loudcash, or 180Solutions.
19
Washington Post: Invasion of the Computer Snatchers
Hacker Software
Botnet
is a collection of software agents, or robots, that run autonomously and automatically.Malicious Hackers infect computers using this bots.
Botnet1. The botnet operator send malicious code to the compromise PCs.
2. The infected PCs enter via IRC or other services where the bot resides.
3. The spammer buys access from the bot operator to use the botnet.
Botnet4. The Spammer sends instructions to the infected PCs.
5. … using the infected ones installs adware or sends tons of email
Adware
AdwareAdvertising-supported Software is any software package which
automatically plays, displays, or downloads advertisements to a computer. Honest and Dishonest
generates revenue for its author. is harmless; some includes spyware:
keyloggers other privacy-invasive software
Key loggers
The action of tracking or logging keys in a covert manner.The person using the keyboard is unaware that their actions are being monitored.Software Hardware base
Software Keyloggers Hypervisor based
Virtualization Kernel Base
Compiled at the OS Difficult to detect
Keyboard Driver API-Based
Software attach to on Keypress(); Form Grabber
Grabs whenever forms are filled on HTML forms
Spyware
is a type of malwarethat is installed on computers and collects information about a user without their knowledge. hidden from the user, and can be difficult to detect.
Malware
Malware = Malicious Software Also known as pestwareis a software designed to secretly access a computer system without the owner's informed consent.
Malware Includes:
Computer virusesWormsTrojan horsesSpywareDishonest adwareScarewareCrimewareRootkitsOther malicious and unwanted software
or program.
Trojan HorsesIs a software that appears to perform a desirable function for the user prior to run or install
but steals information or compromises the system.
The term is derived from the Trojan Horse story in Greek mythology. Beast RAT
Scareware
Scam software are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause: shock, anxiety, or the perception of a
threat, generally directed at an unsuspecting user.
Some forms of spyware and adware also use scareware tactics.
Scareware
Crimewarea class of malware designed specifically to automate cybercrime.
is designed to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers. Banks PayPal Ebay Social Security Credit Cards
Crimeware
purpose is stealing funds from consumers often has the intent to export confidential or sensitive information from a network for financial exploitation.
Today's trends...Nigerian letter (419 Scams) still works: Michigan Treasurer Sends 1.2M USD of State
Funds !!!
Many zero-day attacks in 2007-08 Google, Excel, Word, Powerpoint, Office …
Criminal access to important devices Numerous lost, stolen laptops, storage media,
containing customer information Second-hand computers (hard drives) pose risk
Vint Cerf estimates ¼ of PCs on Internet are bots
36
SilentBanker
Proxy intercepts
request and adds fields
Bank sends login page needed to log in
When user submits information, also sent to attacker
Steal cars with a laptop
NEW YORK - Security technology created to protect luxury vehicles may now make it easier for tech-savy thieves to drive away with them. In April ‘07, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months.… Beckham's BMW X5s were stolen by thieves who hacked into the codes for the vehicles' RFID chips …
38
39
•Spam service•Rent-a-bot•Cash-out•Pump and dump•Botnet rental
Underground goods and services
Rank
Last
Goods and services
Current
Previous
Prices
1 2 Bank accounts 22% 21% $10-1000
2 1 Credit cards 13% 22% $0.40-$20
3 7 Full identity 9% 6% $1-15
4 N/R Online auction site accounts
7% N/A $1-8
5 8 Scams 7% 6% $2.50/wk - $50/wk (hosting); $25 design
6 4 Mailers 6% 8% $1-10
7 5 Email Addresses 5% 6% $0.83-$10/MB
8 3 Email Passwords 5% 8% $4-30
9 N/R Drop (request or offer)
5% N/A 10-50% of drop amount
10 6 Proxies 5% 6% $1.50-$30
Credit: Zulfikar Ramzan
Social engineering Many attacks don't use computers Call system administrator Dive in the dumpster
Online versions send trojan in email picture or movie (disguise) with malicious
code
How can we protect ourselves?
How can we protect ourselves?
Is easy, your mother or grandmother told you to. Don't TALK TO STRANGERS!!!
Don't talk to strangers!!!
This applies to: The fake email The fake website Untrusted software
Do not accept email attachment from strangers.Always scan any software package you downloadDon't visit websites of dubious reputation.
Protection!!!
Install/run anti-malware software and keep it up to date For example Ad aware
Install/run anti-virus software and keep it up to date
Protection!!!
Beware when installing software Try to know if someone has install the
same software before.
READ ALL THE MESSAGES when installing new software. Some free software includes toolbars
that contains untrusted software.
Protection!!!
Avoid the classic clicking withour reading. Do not do: NEXT → NEXT → NEXT (NOOO!) YES → YES → YES
NO → NO → NO
Protection!! BEWARE!!
Protection!!!! You WON!
You WON!!!.... Yeah Sure!! Laptops Ipads Ipods Iphones Lottery
DON'T TRUST!!!!Hackers use this exploit for social engineering purposes
Protection!!! Email
Have various email addresses One for junk mail One public One private
Summary
Hackers Definitions Classical subculture Today's profileToday's trendsVulnerabilitiesProtection!!
Questions?