SEAN HANNA GRC & CYBER WARFARE CONSULTANT Presentations/Client... · Show Me The Money ! • With...

SEAN HANNA

GRC & CYBER WARFARE CONSULTANT

CISM, CISA, LPT, ECSA, CEH, CHFI, CISSP, GSEC, GCIA, GCIH, PRINCE2, CCNA, MCT, MCSE+Security

EC-Council Instructor of the Year 2007, 2008, 2010 & 2011

EC-Council Circle of Excellence Member 2012

Director at Nemstar - Offering Cyber Security Consultancy & Training services in Ireland, the UK and throughout EMEA

[email protected]

HACK!Client Side

The Next Target

Sean Hanna

© Sean Hanna Nemstar Ltd 2013

BOOMERANGS

Be scared, very scared…


WHAT IS CLIENT SIDE HACKING?

The Server Side Tradition

• Historically valuable data resides on the server

• Hackers targeted server side systems and data

– Domain Controllers

– Web Servers

– SQL Servers

– Data Centres

• They still do !

Show Me The Money !

• With server systems progressively well

protected

• And more and more data stored on the client

• Increasingly the client is the new target

• But could there be other factors at play?

Client Side Hacking

• Laptops

• Mobile devices

• Wireless connections

• Online banking

• The social media community

• The App phenomena

• User centric data and systems

The Goal

• The goal is money

– Directly

– As part of bigger plan

• But could there be other reasons?


LETS GO BACK TO THE START

What Is A Hack?

• Lets spend a few minutes looking at the

architecture of a hack:

– Vulnerabilities

– Exploits

– Payloads

– Frameworks


VULNERABILITIES

Research is where it all starts…

Weapons R&D

• Finding the next Vulnerability is highly technical

• Greatest challenge for coders

• Years of experience required

• Reverse Engineering

• Zero Day Attacks

For Example…

• MS08-067: Vulnerability in Server service

could allow remote code execution

• Remote Code Buffer Overflows occurs when

data written to a buffer, due to insufficient

bounds checking, corrupts data values in

memory addresses adjacent to the allocated

buffer and may allow remote code to be run


EXPLOITS

Exploits

The Exploits

• Buffer Overflows

• SQL Injection

• XSS

• Unicode Injection

• Trojans

• Virus

• Social Engineering

“Delivery Method”

MS08-067 Exploit

• Exploits a parsing flaw in the path

canonicalization code of NetAPI32.dll

• Capable of bypassing NX


REMOTE CODE BUFFER OVERFLOW

DEMO


PAYLOADS

Payloads

The Payloads

• Shells

• Reverse Shells

• HTTP

• Reverse HTTP

• VNC

• Password Collector

• Visa Collector

• Bombs

“Dangerous Weapon”

For Example…

• A botnet is a collection of compromised

computers, each of which is known as a 'bot',

connected to the Internet.

• Shark

– Botnet Payload

– Botnet C&C Server


SHARK BOTNET

Demo


FRAMEWORKS

Frameworks

Every attack requires coding

• Assembly Language

• C+ or C++

• Perl

• Ruby

• Visual Basic

• Java

• .NET Framework

• So its NOT easy !!!!

Exploit Lifecycle

The Frameworks

• There are various

frameworks

– Underground

– Commercial

• These are the engines

of hacking

Frameworks

What would Dr Strangelove do

next….

if you’ve got it then you might as

well …

For Example…

• Metasploit a well-known Framework, a tool

for developing and executing exploit code

against a remote target machine

• Contains many plug-ins

– SET


SET ON METASPLOIT

DEMO

The Hack !


THE END.


OR IS IT…

Random Demos?

• Were these just 3 random demos, or was

there something more behind them?

• Each of the demos targeted a client system

• This is only the start of our story…

The Arms Race

• The term arms race in its original usage describes a competition between two or more parties for military supremacy. Each party competes to produce larger numbers of weapons, greater armies, or superior military technology in a technological escalation

• Source: Wiki

The Ingredients Of An Arms Race

• A new technology that might have a use a

weapon

• Existing research in non-weapon areas

• An accidental or deliberate demonstration of

its potential

• One government to use it against another

• Big business to see the chance of massive

profits

The Dawn of a New Era

• We have just entered the dawn of new era

• Cyber Warfare is not the stuff of science

fiction

• Militaries around the world deploy Cyber

Warfare Weaponry on an hourly bases

• The technologies is in use in live operational

theatres around the world


WHY SHOULD THIS CONCERN ME?

China military unit

'behind prolific hacking'

• BBC News @ 10:00 this Tuesday

• A secretive branch of China's military is

probably one of the world's "most prolific

cyber espionage groups”

2nd Bureau of the

People’s Liberation Army

• General staff 3rd Department

• Unit 61398’s

• AKA - APT1

APT1

• Systematically stolen 100’s Tb of data

• Hit at least 141 organizations

• Has demonstrated its capability and intent

• Steals intellectual property:– technology blueprints

– proprietary manufacturing processes

– Test results

– business plans

– pricing documents

– partnership agreements

– victim organizations’ leadership data


APT1 Targets

• APT1 doesn’t just target

government agencies

• They target commercial

interests

• Their goal is giving

China an economic

advantage

This Time Its Different

• The human race has always been careful to

control the availability of weapons

• This time we can’t


CYBER WARFARE

Cyber Weaponry

• When a solider leaves the army

– You can take his gun of him

• When a sailor leaves the navy

– You can take his ship of him

• When a pilot leaves the air force

– You can take his plane of him


CYBER WEAPONRY IS KNOWLEDGE

RISK

• Your job is managing Information RISK

• The risk profile id constantly changing

• New threats are constantly emerging

• Everything is a state of constant flux

What Is About To Come Next..

Journey

• Let me take you on journey through hacking

• From the start though the years to today

• Then on towards the future

• Let me share why things are about to change

• FOREVER.


FROM THE BEGINNING…


THE FOUR PHASES OF HACKING

Evolution

• Hacking is continuing to evolve

• If we understand how it has evolved..

• We might see how it will evolve in the future

Timeline


PHASE1

Hobbyist Hackers

• C0mrade

– hacked into NASA

– downloaded the source code of the

International Space Station

– $1.7 million

• Kevin Mitnick

– most wanted computer criminal in U.S.

history

– breached the national defence system

Hobbyist Hackers

• Started the whole process

• Limited success

• Limited resources

• Limited skills


PHASE2

Security Research Companies

• HP Fortify

– largest commercial research organization in the

world

– Identified over 430 vulnerability categories across

18 programming languages

– Discovered two entirely new categories of

vulnerabilities (JavaScript Hijacking and Cross-

Build Injection)


PHASE3

Criminal Gangs

• 431 million adults worldwide were victims of

cyber crime last year (Norton Cyber Crime

Report 2011)

• $388 billion is lost globally each year to cyber

crime (Norton Cyber Crime Report 2011)

Criminal Gangs

• Russian cybercriminals (Mafia Today)

– raked in over $4 billion in 2011

– consolidated their efforts; organized crime groups

are clamoring for a piece of the action

– most lucrative form of Russian cybercrime last

year was online fraud

– “The cybercrime market originating from Russia

costs the global economy billions of dollars every

year,” Ilya Sachkov, Group-IB’s CEO

Criminal Gangs

• Cyber crime costs the UK economy £27bn a

year, the government has said.

• £21bn of costs to businesses

• £2.2bn to government

• £3.1bn to citizens

• Security minister Baroness Neville-Jones said

the government was determined to work with

industry to tackle cyber crime.

Criminal Gangs

• Took the process to third stage

• Invested money to make money

• Professional career hackers

• Large budgets

• Large multi-skills teams

• Results in the production of commercial quality hacks:

– Crimeware is born

Crimeware

• Crimeware is a class of malware designed

specifically to automate cybercrime

• The term was coined by Peter Cassidy,

Secretary General of the Anti-Phishing

Working Group

• Crimeware is said to started around 2003

• Crimeware has made rapid advancements in

the last 9 years

Crimeware Part 1

• Advancement 1:

– Form-grabbing (spyware)

• Advancement 2:

– Anti-detection (stealth)

• Advancement 3:

– Web-injects (man-in-the-browser)

• Advancement 4:

– Expanded Target Support

Crimeware Part 2

• Advancement 5:

– Source Code Availability/Release

• Advancement 6:

– Mobile Device Support (man-in-the-mobile)

• Advancement 7:

– Anti-removal (persistence)

• Advancement 8:

– Commercialisation (market)


PHASE4

Cyber Warfare

• “actions by a nation-state to penetrate

another nation's computers or networks for

the purposes of causing damage or

disruption”

• “the fifth domain of warfare”

• “as critical to military operations as land, sea,

air, and space”

Cyber Warfare - History

• March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military intervention

in Kosovo.

• May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of

cyberattacks from China against U.S. government Web sites.

• 2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for

years. The government code names the attacks Titan Rain and eventually traces them to China.

• April-May 2007: Hackers believed to be linked to the Russian government bring down the Web

sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters.

• June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked, and

some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers.

• August 2008: Cyber attackers hijack government and commercial Web sites in Georgia during a

military conflict with Russia.

• January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers

during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition party.

• April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.

US First Cyber Warfare General

• The US military appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace.

• The creation of Cyber Command is in response to increasing anxiety over the vulnerability of the US's military and other networks to a cyber attack

• The US air force discloses that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare".

• May 2010 – The Guardian Newspaper UK

9ec4c12949a4f31474f299058ce2b22a

Cyber Warfare

• A cyber attack by one state on another could

be considered an "act of war", former top

national security adviser (BBC News)

• William Hague: UK is under cyber-attack (BBC

News)

White House warns of Cyber Warfare

boomerangs

• Unlike a bullet or missile fired at an enemy, a

Cyber Weapon that spreads across the

Internet may circle back accidentally to infect

computers it was never supposed to target.

• The Homeland Security Department’s warning

about the new virus, known as “Flame,”

• Source - The White House

Germany prepares special unit to

tackle cyber attack

• BERLIN: Germany has prepared a special cyber

warfare unit of its military to conduct

offensive operations against computer

hackers, who attack key installations or

engage in espionage activities, defence

ministry has said.

• Source – Economic Times

The Government Wants You

• Agencies need to hack clients

• Al Qaeda operatives for example

• Millions have been spent in developing the

next generation of client side hacking tools

Client Side Hacking

• The target is you

• Your data

• Your devices

• This is biggest area for research and development

• What they have one year…

• The hacker has next !

PHASE 5

Sean Hanna

• GRC & Cyber Warfare Consultant

• Security Consultancy & Training

• Delivering World Class Training in Belfast

– 18th March - Forensics

– 25th March – Ethical Hacking

• [email protected]

• Look me up ☺

Sean Hanna

SEAN HANNA GRC & CYBER WARFARE CONSULTANT Presentations/Client... · Show Me The Money ! • With...

Documents

Transcript of SEAN HANNA GRC & CYBER WARFARE CONSULTANT Presentations/Client... · Show Me The Money ! • With...