L6. Hacking, Malware, and Cyber Warfareeliza.newhaven.edu/ethics/attach/L6_Hacking.pdfI Anti-Spyware...

Outline Malware: Definitions and Examples Cyber Warfare

L6. Hacking, Malware, and Cyber Warfare

Alice E. Fischer

September 18, 2018

L6. Hacking. . . 1/25


Malware: Definitions and Examples

Cyber Warfare

L6. Hacking. . . 2/25


Dishonesty on the Internet

Malware comes in may forms

I Root kits, Viruses, worms, and Trojan horses

I Spyware and weapons.

I Dishonest adware.

I Fake people, fake news, and “trending”.

Much of today’s information is adapted from Wikipedia.

L6. Hacking. . . 3/25


Viruses

Virus: a computer program that can replicate itself.

I It must attach itself to another piece of software, and runswhen that other software is activated.

I January 1986: the Brain boot sector virus became the firstvirus epidemic. It infected IBM-compatible hardware. it wascreated in Lahore, Pakistan by 19 year old Pakistaniprogrammer and his brother.

I August 2012: Shamoon is designed to target computersrunning Microsoft Windows in the energy sector. Symantec,Kaspersky Lab and Seculert announced its discovery.

L6. Hacking. . . 4/25


WormsWorm: a standalone malware computer program that replicatesitself in order to spread

I November 2 1988: The Internet worm, created by Robert T.Morris, infected DEC VAX and Sun machines running BSDUNIX connected to the Internet. It became the first worm tospread extensively ”in the wild”, and one of the firstwell-known programs exploiting buffer overrun vulnerabilities.

I November 21 2008: Computer worm Conficker infectsanywhere from 9 to 15 million Microsoft server systemsrunning everything from Windows 2000 to the Windows 7Beta. The French Navy, UK Ministry of Defense (includingwarships and submarines), Sheffield Hospital network, GermanBundeswehr, and Norwegian Police were all affected.

L6. Hacking. . . 5/25


Trojan Horses

Trojan Horse: malware that masquerades as a legitimate file or ahelpful program. When installed, it will give a hacker remoteaccess to a targeted computer. Typical purposes:

I Enroll the machine as part in a botnet

I Data theft

I Installation of third-party add-ons

I Downloading, deletion of, or uploading files

I Keystroke logging

I Watching the user’s screen

I Crashing the computer

I Anonymizing internet viewing

L6. Hacking. . . 6/25


Trojan Horses

Trojans are currently becoming more prevalent.

I 1974: ANIMAL, by John Walker for the UNIVAC 1108became the first trojan to propagate itself “in the wild”. Itplayed a harmless guessing game, but also made copies ofitself in all directories to which the user had access.

I Anti-Spyware 2011, a trojan which attacks Windows 9x, 2000,XP, Vista, and Windows 7, posing as an anti-spywareprogram. It actually disables the security-related processes ofanti-virus programs, while also blocking access to the Internetto prevent updates.

I Is Kaspersky’s antivirus a Trojan horse whose purpose is togain access to U.S. defense systems?

L6. Hacking. . . 7/25


Spyware

Malware that collects information without the user’s knowledge.

I In 2005, 61% of surveyed users’ computers were infected withspyware.

I Microsoft used to claim the right to install or remove softwareon any machine that ran Windows.

I Keyloggers. (Several years ago at UNH. . . )I Installed by employers to monitor employee usage.I Installed by crooks to get passwords.

L6. Hacking. . . 8/25


Spyware

Major companies install spyware to collect personal information.Some of the products are aimed at children.

I 2000: The Mattel toy company sold “Reader Rabbit”educational software that sent usage data back to Mattel.

I 2011: Android malware was found in Angry Birds add-on apps.

I Alexa records conversations in your home and reports them toGoogle. It is often in the news because of newly discoveredsurveillance issues.

I Barbie relays conversations with children back to thecompany’s processing center.

L6. Hacking. . . 9/25


Weapon-Malware

The use of malware as a weapon is relatively new. I can find nomention of this before Stuxnet, in June 2010.Sept. 2011: Gauss

I Gauss appears to be a cyber-espionage weapon designed by acountry to target and track specific individuals. It’s notknown yet who created it.

I Of the 2,500 or so discovered instances of Gauss across theworld, about 1,660 of them were found in Lebanon.

I The virus is specifically designed to target customers ofLebanese banks, aCitibank, eBay, and PayPal.

L6. Hacking. . . 10/25


Weapon-Malware

Flame (September, 2012), a spy vs. spy weapon.

I It attacks computers running the Microsoft Windows

I It uses multiple encryption techniques and spreads throughfour different transfer protocols.

I It record local activity and network traffic and attempts todownload information from nearby computers. This info, pluslocal documents, is sent to one of several command servers.

I It can delete itself it it receives a “kill” command.

I Victims include governmental organizations, educationalinstitutions and private individuals. At that time 65% of theinfections happened in Iran, Israel, Sudan, Syria, Lebanon,Saudi Arabia, and Egypt,

L6. Hacking. . . 11/25


Root Kit: Sony 2003? – November 2005A set of tools that disable the diagnostic tools that are designed tolet you discover that your system has been compromised. Thisgives the attacker privileged access to a computer, any time.

I August 2000: Designed to combat Napster in an effectiveway, the XCP software was installed on Sony BMG musicCDs. A detailed description and technical analysis waspublished in Oct. 2005.

I XCP was installed silently, the EULA does not mention it,there was no uninstaller, and it created security holes. All areillegal in various ways and places.

I Inexpert attempts to uninstall the software could lead toWindows failing to recognize an existing drive.

I It used unsafe procedures to start/stop the rootkit, whichcould lead to the Blue Screen of Death.

L6. Hacking. . . 12/25


Phishing and Pharming

I Phishing: Often delivered as spam, a phishing message triesto induce you to give up personal information that can beused to defraud you.

I Pharming is a scamming practice in which malicious code isinstalled on a personal computer or server, misdirecting usersto fraudulent Web sites without their knowledge or consent.Pharming has been called “phishing without a lure.”

L6. Hacking. . . 13/25


How does it get in the door?

I It was put there when the equipment was manufactured or thesystem was installed.

I System vulnerability + some level of access + known exploit

I Plugging in an infected stick / disk.

I Mis-designed features: autoexec.bat

I Password cracking.

I On-site collaborators: Firewalls are often configured to filterout tcp connection packets. But an insider can establish aconnection to the outside, which then becomes a 2-way street.

L6. Hacking. . . 14/25


Fake people, Fake News, and “Trending”These are indirect cyber tools that foster “group-think” and caninfluence large numbers of people to believe things that are nottrue.I From Hitler, we learned that people will believe anything they

hear over and over and over, from sources all around them.I Putin uses the same technique to control his own country.I During the 2016 presidential election, Russian hackers created

multitudes of fake people (Facebook and Twitter accounts).They injected fake news into the network, and ensured that itwas “liked” and “retweeted” again and again. The “trending”lies were picked up by thousands of unwary Americans andpassed on to their friends.

I By election day, hundreds of thousands of people did not knowwhat was true. They had no idea that the news was planted.

L6. Hacking. . . 15/25


The Business of Hacking

I Social Engineering: DefCon.pdf, http://www.defcon.org/

I Zero-Day.pdf: A price list for secret exploitsI Who are the Hackers?

I Government agencies: powerGrid.pdf, GoogleHacked.pdfI Military organizations.I Bored kids: ClassExercise.emlI Bright, angry young adults: PayForPlay.pdfI Professional thieves: FreeApps.rtf

L6. Hacking. . . 16/25


Definition and Overview

An act is Cyber Warfare if it uses the internet and/or computertechnology to attack another country’s economy, infrastructure,government, or people.Motivations might be:

I To weaken or destabilize an economy.

I To damage the military readiness of a country.

I Stealing military or industrial secrets and/or plans

I Identifying the people who are spying on your country.

L6. Hacking. . . 17/25


Weapon-Malware

The use of malware as a weapon is relatively new. I can find nomention of this before Stuxnet, in June 2010.Sept. 2011: Gauss

I Gauss appears to be a cyber-espionage weapon designed by acountry to target and track specific individuals. It’s notknown yet who created it.

I Of the 2,500 or so discovered instances of Gauss across theworld, about 1,660 of them were found in Lebanon.

I The virus is specifically designed to target customers ofLebanese banks, aCitibank, eBay, and PayPal.

L6. Hacking. . . 18/25


Weapon-Malware

Flame (September, 2012), a spy vs. spy weapon.

I It attacks computers running the Microsoft Windows

I It uses multiple encryption techniques and spreads throughfour different transfer protocols.

I It record local activity and network traffic and attempts todownload information from nearby computers. This info, pluslocal documents, is sent to one of several command servers.

I It can delete itself it it receives a “kill” command.

I Victims include governmental organizations, educationalinstitutions and private individuals. At that time 65% of theinfections happened in Iran, Israel, Sudan, Syria, Lebanon,Saudi Arabia, and Egypt,

L6. Hacking. . . 19/25


The U.S. Electric Grid: 2015–2016

I The hacking below is espionage – with the potential, ifneeded, for sabotage.

I Target sectors: energy, nuclear, water, aviation, commercial,and critical manufacturing.

I The economic and defense disruptions from a blackout wouldbe enormous.

I Late 2015: As the first stage of penetration, malicious emailwas sent to Engineers and staff at critically importantorganizations with access to controls.

I March 2016: Small commercial networks that were less securewere targeted with malware.

L6. Hacking. . . 20/25


The U.S. Electric Grid - March 2018

Homeland Security investigated and reported this multi-stageattack by Russia.

I The report did not say whether the campaign was still ongoing

I It is not provide specifics on which targets were breached, orhow close hackers may have gotten to operational controlsystems.

I We learn only that “We did not see them cross into thecontrol networks,”

Note: Security agencies will never release many details aboutanything.

L6. Hacking. . . 21/25


Russian Attack on American Election: Fall 2016

I 2016: Homeland Security reported that voter registration rollsof 21 states were targeted. A small number of them werepenetrated. Rumors say that was 7 states: Alaska, Arizona,California, Florida, Illinois, Texas, Wisconsin.

I Penetrations varied, state by state:I Entry into state websitesI Penetration of voter registration databasesI Other subsystems were probed.I They say no votes were changed, and no voters removed from

the rolls.

L6. Hacking. . . 22/25



I A number of the Russia-linked Facebook ads weregeographically targeted to reach residents of Michigan andWisconsin, both battleground states. Trump defeated Clintonby a narrow margin there. (October 2017, CNN)

I Facebook estimates that the entire Russian effort was seen by10 million people.

I A group of Russian trolls posed as Black Lives Matteractivists during the campaign, using a variety of platformsincluding Tumblr and Pokemon Go to reach voters. (October2017, CNN)

I Facebook announced that more than 3,000 Russian ads wereposted on the site between June 2015 and May 2017.

L6. Hacking. . . 23/25



I The Justice Department announced indictments against 12members of the Russian intelligence agency, GRU. (July 2018)

I The indictment charges them with making a sustained effortto hack Democratic party emails and networks during the2016 campaign.

I These emails were released online by Wikileaks.

I Identities or the hackers were traced through their Bitcointransactions. (Who was paying them?)

L6. Hacking. . . 24/25


Short Essay 2: Internet Ugliness

This lecture skims quickly over a very large number of problemsand abuses that affect everyone. Choose a sub-topic from one ofthese areas:

1. Illegal use of technology: hacking into private systems.

2. Cyberwarfare

3. Sick uses of the internet

4. Internet abuses: drowning in spam, phishing, etc.

Read the given case studies or references and find at least twomore related references. Describe the problem, specific examples,and anything being done to address the problem. Include your ownopinions and reactions. Provide an introduction, summary, andbibliography. Make it clear that you have spent time thinking.

L6. Hacking. . . 25/25

L6. Hacking, Malware, and Cyber Warfareeliza.newhaven.edu/ethics/attach/L6_Hacking.pdfI Anti-Spyware...

Documents

Transcript of L6. Hacking, Malware, and Cyber Warfareeliza.newhaven.edu/ethics/attach/L6_Hacking.pdfI Anti-Spyware...