Vous êtes sur la page 1sur 24

Chapter 8

Cybercrime,
Cyberterrorism, and
Cyberwarfare
Cybercrime

Illegal or criminogenic
activities performed in
cyberspace
Common EC/EB crime
targets/victims
 Identity theft – is your customer “real”?
 Credit card number theft – is your
customer’s credit/debit account “real”?
 Computational embezzlement –
fraudulent creation/manipulation of
financial info regarding EC/EB
transactions or accounts (biggest
corporate problem)
 (Security) Vulnerability and exploit
attacks (most pervasive problem).
EC/EB system targeted attacks mostly
Copyright © 2003, Addison-Wesley
Hacker/Cracker
 Originally, an expert programmer
 Today, someone (Cracker) who breaks
into computers
 Types of hackers
 White-hat hackers
 Black-hat hackers (crackers, dark side
hackers)
 Elite hackers
 Superior technical skills

Very persistent

Often publish their exploits
 Samurai – a hacker for hire
Copyright © 2003, Addison-Wesley
Figure 8.1 A list of postings on a
hacker newsgroup.

Source: alt.bio.hackers newsgroup


Copyright © 2003, Addison-Wesley
Figure 8.2 A typical posting.

Source: alt.bio.hackers newsgroup


Copyright © 2003, Addison-Wesley
Figure 8.3 Hackers publish their
exploits.

Source: http://packetstormsecurity.org/
Copyright © 2003, Addison-Wesley
Script-kiddies and Phreakers
 Script-kiddie (packet monkeys, lamerz)
 Hacker in training
 Disdained by the elite hackers
 Phreaker
 Person who cracks the telephone network
 Insider/outsider using “social
engineering”
 Trusted employee turned black-hat hacker
 Dumpster divers; help desk impersonators,
etc.
 Potentially most dangerous
Copyright © 2003, Addison-Wesley
Why Do Hackers Hack?
 Government sponsored hacking
 Cyberwarfare
 Cyberterrorism

Espionage
 Industrial espionage
 White-hats
 Publicize vulnerabilities
 The challenge – hack mode
 Black hats – misappropriate software and
personal information
 Script kiddies – gain respect
 Insiders – revenge
Copyright © 2003, Addison-Wesley
Password Theft
 Easiest way to gain access/control
 User carelessness
 Poor passwords

Easily guessed
 Dumpster diving
 Observation, particularly for insiders

The sticky note on the monitor
 Human engineering, or social engineering
 Standard patterns (e.g., Miami University)
 Guess the password from the pattern

Copyright © 2003, Addison-Wesley


Rules for Choosing Good Passwords
 Easy to remember, difficult to guess
 Length – 6 to 9 characters
 Mix character types
 Letters, digits, special characters
 Use an acronym
 Avoid dictionary words
 Different account  different password
 Change passwords regularly

Copyright © 2003, Addison-Wesley


Packet Sniffers
 Software wiretap
 Captures and analyzes packets
 Any node between target and Internet
 Broadcast risk
 Ethernet and cable broadcast messages
 Set workstation to promiscuous mode
 Legitimate uses
 Detect intrusions
 Monitoring

Copyright © 2003, Addison-Wesley


Potentially Destructive Software
 Logic bomb (set up by insider)
 Potentially very destructive
 Time bomb – a variation
 Rabbit
 Denial of service
 Trojan horse
 Common source of backdoors

Copyright © 2003, Addison-Wesley


Backdoor
 Undocumented access point
 Testing and debugging tool
 Common in interactive computer games

Cheats and Easter eggs
 Hackers use/publicize backdoors to gain
access
 Programmer fails to close a backdoor
 Trojan horse
 Inserted by hacker on initial access

Back Orifice – the Cult of the Dead Cow

Copyright © 2003, Addison-Wesley


Viruses and Worms (most common)
 Virus
 Parasite
 Requires host program to replicate
 Virus hoaxes can be disruptive
 Virus patterns/generators exist; script
kiddies use these (but most anti-virus
software does not!)
 Worm
 Virus-like
 Spreads without a host program
 Used to collect information
 Sysop – terminal status
 Hacker – user IDs and passwords
Copyright © 2003, Addison-Wesley
Figure 8.6 Structure of a typical
virus.

Reproduction Concealment
Payload
logic logic

 Macro viruses (thanks  Payload can


to MS )
 Polymorphic viruses
be
 Trivial
 E-mail attachments
 Today, click attachment
 Logic bomb
 Tomorrow, may be  Time bomb
eliminated!  Trojan horse
 Cluster viruses  Backdoor
 Spawn mini-viruses  Sniffer
 Cyberterrorism threat

Copyright © 2003, Addison-Wesley


Anti-Virus Software
 Virus signature
 Uniquely identifies a specific virus
 Update virus signatures frequently
 Heuristics
 Monitor for virus-like activity
 Virus detection and removal to be
pushed “upstream” in the IT supply
chain infrastructure
 Recovery support

Copyright © 2003, Addison-Wesley


Figure 8.8 Security
and virus protection in Internet
I n t e r n e t

layers.
Router

 Defend in depth
Firewall
 What one layer
misses, the next Host server

layer traps Virus protection

Firewall
 Firewalls (Chapter 9)
 Anti-virus Workstation

software
Personal virus
protection
Firewall

Copyright © 2003, Addison-Wesley


System Vulnerabilities
 Known security weak points
 Default passwords – system
initialization
 Port scanning
 Software bugs
 Logical inconsistencies between
layers
 Published security alerts
 War dialer to find vulnerable
Copyright © 2003, Addison-Wesley
Denial of Service Attacks (DoS)
 An act of vandalism or terrorism
 A favorite of script kiddies
 Objective
 Send target multiple packets in brief
time
 Overwhelm target
 The ping o’ death
 Distributed denial of service attack
 Multiple sources
Copyright © 2003, Addison-Wesley
Figure 8.9 A distributed denial of
service attack.

 Cyber
equivalent of
throwing
bricks
 Overwhelm Target system

target
computer
 Standard DoS
is a favorite of
script kiddies
 DDoS more
Copyright © 2003, Addison-Wesley
Spoofing
 Act of faking key system
parameters
 DNS spoofing
 Alter DNS entry on a server
 Redirect packets
 IP spoofing
 Alter IP address
 Smurf attack
Copyright © 2003, Addison-Wesley
Figure 8.10 IP spoofing.
1 False message claiming to come from Beta  Preparation
 Probe target (A)
Counterfeit
3
acknowledgement
Alpha server
(the target)
Hacker's
computer
 Launch DoS attack on
trusted server (B)
4 One-way connection

 Attack target (A)


Acknowledgement to Beta
2
No response possible
 Fake message from B
 A acknowledges B
 B cannot respond

DoS attack
Beta server  Fake acknowledgement
(trusted source)
from B
 Access A via 1-way
communication path
Under DoS attack

Copyright © 2003, Addison-Wesley


Cybercrime prevention
 Multi-layer security
 Security vs. privacy?

Copyright © 2003, Addison-Wesley