Scribd Logo
Importer

Bienvenue sur Scribd !

  • Lurking Hackers Get Harder To Deteck, Study Reports

    Transféré par

    Intizor Aliyorov
    39 vues6 pages
    A new report details inventive ways criminals are figuring out ways to make money online. Hackers are sometimes breaking into online businesses and not stealing anything. A small subset of hackers have concerned themselves with stealing only a very specific thing.

    Description originale:

    Titre original

    Hackers

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    DOC, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    A new report details inventive ways criminals are figuring out ways to make money online. Hackers are sometimes breaking into online businesses and not stealing anything. A small subset of hackers have concerned themselves with stealing only a very specific thing.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    39 vues6 pages

    Lurking Hackers Get Harder To Deteck, Study Reports

    Transféré par

    Intizor Aliyorov
    A new report details inventive ways criminals are figuring out ways to make money online. Hackers are sometimes breaking into online businesses and not stealing anything. A small subset of hackers have concerned themselves with stealing only a very specific thing.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 6

    Cs 121 12/03/08 Hackers

    What do you think of when you hear the word hacker? Like other people, to me, hackers mean the bad guys. Are they really the bad guys or are they good guys? I am going to try to clarify the confusion that people get from the media by pointing out few articles from different websites. In an article from newsok.org the author refers to hackers as the internet criminals and says that they are trying to get access into companys payment programs in order to get their customers credit card numbers. The article is given bellow:

    Lurking hackers get harder to deteck, study reports


    LURKING HACKERS GET HARDER TO DETECT, STUDY REPORTS
    Comments 0 By THE ASSOCIATED PRESS Published: November 25, 2008

    SAN JOSE, Calif. Internet criminals have been getting more "professional for years, trying to run their businesses like Big Business to get better and more profitable at selling stolen data online. Now the bad guys of the cyber-underworld are exhibiting other unexpected traits: remarkable patience and restraint in stalking their unsuspecting victims. A new report by antivirus software vendor Symantec Corp. details a trend that highlights the inventive ways criminals are figuring out ways to make money online. Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the bull-in-the-China-shop days of plundering everything in sight once theyve found a security hole.

    SPECIALIZED FRAUD
    Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing from the vendors they breach they want access to the compromised companies payment-processing systems and nothing else, according to the "Symantec Report on the Underground Economy, released Monday. Those systems allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not. Its a service the crooks sell to other fraudsters who dont trust that the stolen card numbers theyre buying from someone else will actually work.

    QUICK AND EASY

    The bad guys hardly touch anything. The customer data for that stores clientele remains intact. The hackers dont install malicious software that turns the compromised machines into spam-spewing robots. Think of it like taking a used car to a mechanic for an inspection before buying. Only in this case, the mechanics a squatter whos holed up illegally in some other guys shop and using the other guys tools when no ones around at night. And he cleans up spotlessly, once hes done. "They treat these things fairly pristinely so they can maintain access, said Alfred Huger, vice president for Symantec Security Response. In the companys yearlong look at 135 so-called "underground economy servers all public servers hosting mostly legitimate chat channels, with a few bad ones catering to cyber crooks researchers found criminals have latched on to this tactic as a way to make money and self-police peers. The company says it didnt get inside the compromised servers that carry even more secretive back-channel conversations, because doing so would have broken the law. Fortunately, other websites are trying to explain the actual meaning of hackers. In an article from http://cactus.eas.asu.edu the author is explaining the actual meaning of the word hackers and who the hackers are. He point out that hackers are both good and bad guys. He says that the people to whom we refer as bad guys should be called crackers not hackers. Because of us calling them hackers, the whole meaning of hacker is starting to have negative meaning to people. Bellow is the article from the website.
    BAD HACKER, GOOD HACKER

    GOOD HACKERS GO TO HEAVEN, BAD HACKERS GO EVERYWHERE. BUT WHO ARE THESE HACKERS AND WHAT IS SO BAD OR SO GOOD ABOUT THEM? WHAT DO THEY DO? WHERE DO THEY GO? TRYING TO ANSWER THESE QUESTIONS RAISES EVEN MORE. CONSIDER THE FOLLOWING RECENT INCIDENCES.

    THE CODE RED WORM STARTED ITS ATTACK AROUND JULY 13 T H , BURROWING INTO A KNOWN HOLE OR VULNERABILITY IN THE WEB-SERVER SOFTWARE FROM MICROSOFT (CALLED IIS). THE WORM COMPROMISED THE SERVERS AND DEFACED WEB SITES BY REPLACING THE CONTENTS WITH A

    PAGE THAT PROCLAIMED HACKED BY CHINESE. CODE RED NOT ONLY DEFACED WEB SITES, BUT ALSO INJECTED PROGRAMS INTO THE COMPROMISED SERVERS THAT STARTED ATTACKING THE US PRESIDENTS WEB SITE, USING A DISTRIBUTED DENIAL OF SERVICE (OR DDOS) ATTACK. THE DDOS ATTACK IS A PARTICULARLY HEINOUS GIMMICK THAT USES HUNDREDS OF THOUSANDS OF COMPROMISED COMPUTERS TO SIMULTANEOUSLY SEND A FLOOD OF SPURIOUS MESSAGES TO A PARTICULAR WEB SITE. THIS FLOOD CAUSES THE COMPUTERS AT THE ATTACKED SITE TO GET BOGGED DOWN, AND UNABLE TO FUNCTION NORMALLY. AGAIN ON AUGUST 1 S T , THE WORM REAPPEARED AND CAUSED PLENTY OF WOES.

    DMITRY SKLYAROV IS A 26-YEAR-OLD RUSSIAN CITIZEN AND A PH.D. STUDENT WHO STUDIES CRYPTOGRAPHY. HE ALSO WORKS FOR A RUSSIAN COMPANY CALLED ELMCOMSOFT, AND IS THE MAIN DEVELOPER OF A SOFTWARE SYSTEM CALLED THE ADVANCED EBOOK PROCESSOR. THE AEBP SOFTWARE BREAKS THE SO-CALLED SECURE ENCRYPTION BUILT INTO ELECTRONIC BOOKS (AN INVENTION OF ADOBE SYSTEMS). DMITRY ARRIVED IN THE UNITED STATES AS AN INVITED SPEAKER, TO TALK TO A RATHER LARGE GROUP OF COMPUTER SECURITY EXPERTS AT A CONFERENCE CALLED DEFCON, IN LAS VEGAS. AFTER HIS SPEECH, FEDERAL AGENTS ACTING ON A TIP-OFF BY ADOBE SYSTEMS STORMED HIS HOTEL ROOM (ON JULY 17 T H ) AND ARRESTED HIM FOR VIOLATING US LAWS ON HACKING. HE IS IN JAIL.

    CARNEGIE MELLON UNIVERSITY HAD A TEAM OF VERY DEDICATED PEOPLE WHO WORKED ON DEFLECTING ATTACKS ON COMPUTER SYSTEMS. THIS TEAM WAS KNOWN AS THE COMPUTER EMERGENCY RESPONSE TEAM, BUT NOW IS CALLED THE CERT COORDINATION CENTER. THE CERT DELVES INTO THE INNER MECHANISMS OF WORMS AND VIRUSES, FIGURING OUT HOW EACH ONE WORKS AND HOW TO STOP THE SPREAD. CERT SENDS OUT IMMEDIATE BULLETINS TO MILLIONS OF SUBSCRIBERS AS SOON AS A

    NAUGHTY BUG IS DETECTED. SIMILAR GROUPS OF PEOPLE EXIST AT UNIVERSITIES AND ORGANIZATIONS WHO PURPOSELY HACK INTO SYSTEMS, DISSECT SOFTWARE AND UNCOVER VULNERABILITIES. THEY PUBLISH THEIR FINDINGS URGING SOFTWARE MANUFACTURERS TO PLUG THE HOLES.

    SOFTWARE THAT MESSES UP COMPUTER SYSTEMS ARE CALLED VIRUSES AND WORMS. THE PEOPLE WHO PLAY WITH THESE THINGS ARE OFTEN CALLED HACKERS. CODE RED IS ONE OF THOUSANDS OF WORMS UNLEASHED ON THE INTERNET. THE DESIGNERS OF CODE RED ARE BAD HACKERS AND ARE CRIMINALS. THE CERT PEOPLE AND THEIR ILK ARE THE GOOD HACKERS WHO PROVIDE A VALUABLE SERVICE TO THE COMMUNITY.

    DMIRTY IS ALSO A HACKER, WHO PROBABLY DID NO HARM. HE INVENTED A WAY OF DEFEATING THE ENCRYPTION ON THE EBOOK SYSTEM. THE ENCRYPTION WAS BROKEN TO START WITH (BAD DESIGN). DMITRYS CRIME WAS THAT HE TOLD PEOPLE HOW TO BREAK THE ENCRYPTION AT HIS CONFERENCE SPEECH. WHILE FREE SPEECH IS PROTECTED IN THE US, A SINISTER LAW CALLED THE DMCA (DIGITAL MILLENNIUM COPYRIGHT ACT), MAKES IT ILLEGAL TO DISTRIBUTED METHODS FOR BREAKING SECURITY ON COPYRIGHTED MATERIAL. HENCE, DMITRY IS TECHNICALLY A CRIMINAL, BUT HOPEFULLY, THE LAW WILL BE FOUND TO BE GROSSLY OVERBEARING.

    THE WORD HACKER HAS A CHECKERED PAST. ORIGINALLY THE WORD WAS COINED TO MEAN AN EXTREME PROGRAMMER. NORMAL PROGRAMMERS WRITE PROGRAMS THAT DO NORMAL THINGS. HACKERS ARE VERY SHARP PEOPLE WITH A DEEPER UNDERSTANDING OF HOW COMPUTERS WORK AND CAN WRITE PROGRAMS THAT DO THINGS PROGRAMS ARE NOT SUPPOSED TO DO. PROGRAMMERS CAN MAKE COMPUTERS COMPUTE, HACKERS CAN MAKE A COMPUTER SING, DANCE AND FLYOR CRASH.

    AFTER THE ANTICS OF SOME DESTRUCTIVE HACKERS WERE PUBLICLY KNOWN, THE NEWS MEDIA STARTED CALLING THOSE DESTRUCTIVE PEOPLE HACKERS. THE HACKER COMMUNITY WAS QUITE UPSET. HACKERS ARE GOOD PEOPLE, THEY CRIED. THESE CRIMINALS SHOULD BE CALLED CRACKERS. HOWEVER, THE DAMAGE WAS DONE, TODAY, HACKER MEANS A BAD PERSON, WHO WRITES PROGRAMS DESIGNED TO CAUSE HARM.

    WORMS AND VIRUSES ARE THE INFECTIONS OF THE COMPUTER WORLD. THE WORM IS A SELF-CONTAINED, REPLICATING PROGRAM THAT BURROWS ITS WAY FROM COMPUTER TO COMPUTER, CAUSING HARM. A VIRUS IS A PROGRAM FRAGMENT THAT NEEDS TO ATTACH ITSELF TO A HOST PROGRAM IN ORDER TO LIVE. ONCE A VIRUS ATTACHES ITSELF, THEN IT CAN REPLICATE AND TRAVEL AND CAUSE HARM. AS FOR THE EFFECTS THEY CAN CAUSE, WORMS AND VIRUSES ARE IDENTICAL.

    IN THEORY, WORMS AND VIRUSES CANNOT EXIST. COMPUTER OPERATING SYSTEMS ARE DESIGNED SUCH THAT EXTERNAL PROGRAMS CANNOT BE INJECTED INTO THEM. BUT OBVIOUSLY THIS IS NOT TRUE. THE FIRST INTERNET WORM WAS WRITTEN ALMOST BY ACCIDENT. A GRADUATE STUDENT AT MIT, CALLED ROBERT MORRIS, THOUGHT HE HAD FOUND A FLAW IN THE WAY EMAIL SOFTWARE WORKS. HE THEN WROTE A PROGRAM TO EXPLOIT THE FLAW AND TO TEST HIS HYPOTHESIS. HIS PROGRAM SENT MESSAGES OVER THE INTERNET TO EVERY MACHINE IT COULD FIND AND MADE THESE MACHINES SEND MORE MESSAGES OVER THE INTERNET. OF COURSE, GENERAL CONSENSUS WAS THAT WRITING SUCH PROGRAMS ARE NOT POSSIBLE, BECAUSE ONE MACHINE CANNOT MAKE ANOTHER MACHINE DO SOMETHING IT IS NOT SUPPOSED TO DO.

    MORRIS HAD INVENTED THE BUFFER OVERFLOW ATTACK, THE SAME TECHNIQUE USED BY THE CODE RED WORM. THIS TECHNIQUE WORKS AS

    FOLLOWS. SUPPOSE A COMPUTER CONNECTED TO THE INTERNET IS WAITING TO RECEIVE A MESSAGEIT EXPECTS A MESSAGE OF MAYBE 10 WORDS. WE SEND IT A HUMONGOUS MESSAGESEVERAL MILLION WORDS LONG. THE COMPUTER STORES THE MESSAGE AND THEN LOOKS AT IT. HOWEVER, WHILE STORING THE MESSAGE, THE FAULTY SOFTWARE DID NOT CHECK TO SEE IF THERE WAS ENOUGH FREE MEMORY. SO THE MESSAGE ENDED UP BEING STORED ON TOP OF PROGRAMS THAT WERE ALREADY IN THE COMPUTER MEMORY (OVERWRITING THESE PROGRAMS). SUBSEQUENTLY WHEN THE COMPUTER TRIED TO EXECUTE SOME OF THE NOW OVERWRITTEN PROGRAMS, IT ENDS UP EXECUTING THE CONTENTS OF THE LONG MESSAGE. THIS CAUSES THE SENDER OF THE MESSAGE TO OBTAIN COMPLETE CONTROL OF WHAT THE COMPUTER EXECUTES.

    OVER THE YEARS THE HACKERS HAVE FOUND, INVENTED, PERFECTED AND FINESSED A WHOLE SLEW OF INNOVATIVE TRICKS TO FOOL THE PROTECTIONS BUILT INTO THE COMPUTER OPERATING SYSTEMS. BEFORE THE DAYS OF THE INTERNET, THE VIRUSES WERE BOOT-SECTOR VIRUSES. THESE PROGRAM FRAGMENTS LIVED ON DISKETTES, AND WHEN THE DISKETTE WAS PUT INTO A MACHINE, ATTACHED THEMSELVES INTO SOME PART OF THE OPERATING SYSTEM. SUBSEQUENTLY, ANY DISKETTE WRITTEN ON THE INFECTED MACHINE CARRIED THE VIRUS. THEN CAME MACRO VIRUSES, USING THE PROGRAMMING LANGUAGE BUILT INTO MS WORD. AN INNOCUOUS DOCUMENT IS MAILED TO A USER WHO OPENS IT, AND THE MACRO IN THE DOCUMENT COMES TO LIFE AND DAMAGES THE COMPUTER. EVEN MAYBE SENDS ITSELF OUT VIA EMAIL FROM THE VICTIMS COMPUTER. QUITE EASY TO WRITE, BUT ALSO QUITE INSIDIOUS. THEN CAME MANY MORE EMAIL VIRUSES AND WORMS THAT USED A PLETHORA OF TRICKS CALLED TROJAN HORSES. A COMPLETE DOCUMENTATION OF THE TYPES AND TECHNIQUES WOULD FILL VOLUMES.

    Vous aimerez peut-être aussi