Download - CYBER ATTACKS: HOW SECURE ARE YOUR SYSTEMS
Cyber Attacks.....
Agenda Overview of the cyberspace
Essential terminologies
Essential Statistics regarding security concerns
What is computer hacking?
Who are hackers and what do they do?
The 5-phases of hacking activity
Cyber Attacks.....
Agenda
Classification of hackers
Skill profile of a Hacker
Some hacking tools
Some countermeasures
Legal perspectives
Conclusion
Bibliography
Overview of Cyberspace
What is cyberspace?
"Cyberspace" is a term coined by William Gibson in his fantasy novel ‘Neuromancer’ to describe the "world" of computers, and the society that gathers around them
What are the attributes of this society?, is it as civilized at the society we found ourselves?
What laws guide this society? Or is it still in a state of ‘Nature’?
Overview of Cyberspace Nature of the cyberspace
The cyber world is much the same with the physical world in terms of human activities;
Cyber world – A Virtual World
There are interactions
There the good, the good and the ugly,
there are criminals as well as civilised, there are also norms as well as deviant individuals constituting the normless
You can sale and buy in the cyber world, payments can also be made without any physical contact
Overview of Cyberspace
Nature of the cyberspace Marriages can also be consummated in the cyber
world, in fact the fastest and least expensive, it only requires a ‘meeting of minds’. You can also divorce just as fast as you can marry in the cyber world, a divorce that is not possible in the physical world.
You can chat, hold meetings, conferences, workshops, etc
At a level of thinking, the cyber world will change to ‘Cyber-Telepathic -World’
The norm-less will become super-norm-less, as we are going to see very shortly
A quick look at e-commerce. What is e-commerce?
Traditionally, e-commerce was the buying and selling of goods and services over electronic networks linking businesses and their Intermediaries.
Any kind of commercial transaction in which both parties interact electronically.
A quick look at e-commerce.
e-commerce framework
Characteristics of e-commerce
Technology enablement.
System with a lot of processes integrated to provide the service delivered.
Payment is by electronic means.
Exchange of value for goods or service occur when properly consummated
A quick look at e-commerce. Basic Elements include:
Electronic systems and Infrastructure like the network, servers, applications etc.
Intermediaries – Banks, Logistics companies
Integrated business processes e.g. ordering, invoicing, delivery etc.
Consumer making purchases via electronic media
Websites and Web pages serving as interface points between the transacting parties
Goods and Services forming the product of transactions.
Examining Computer Hacking…
Hacking—Essential terminologies
The following terminologies will give an insight into what hacking is all about
Exploit what does it mean to say that an Exploit has occurred?
To understand this, one needs to learn two other terminologies namely:
Threat and Vulnerability.
Threat
Vulnerability
Attack
Examining Computer Hacking…
Threat
A threat refers to any potential source of danger that can cause an undesirable outcome; it could be human or natural phenomena such as earthquakes, tornadoes, etc.
In computer security, such may include:
Hacking
Virus
Technical , etc
Examining Computer Hacking…
Threat Any circumstance or event with potential to
cause harm to a system in the form of destruction, disclosure, modification of data, or denial of service.
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
Examining Computer Hacking…
Threat
In the United States Government usage of the term:
The technical and operational capability of a hostile entity to detect, exploit, or subvert friendly information systems and the demonstrated, presumed, or inferred intent of that entity to conduct such activity.
This immediately brings us to the term—vulnerability
Examining Computer Hacking…
Vulnerability
This has been variously defined in this context as:
A security weakness in the target of evaluation (e.g. due to flaws in analysis, design, implementation, or operation.)
Weaknesses in an information system or components (e.g. systems security procedures, hardware design, or internal controls) that could be exploited to produce an information-related misfortune.
Examining Computer Hacking…
Vulnerability
Vulnerability is the existence of a weakness, design, or implementation error that can lead to an undesired, unexpected compromise in the security of the system, network, application software or protocol involved.
Examining Computer Hacking…
Attack
An attack has been defined as an assault on system security originating from an intelligent threat. This could also be referred to as an ‘incident’ different from and ‘accident’, the former being a premeditated attempt to subvert security. Usually, attacks will follow a methodical approach intelligently designed to circumvent or evade security policies of a system.
Attack is classified into two broad categories, namely;
Security Issues….
Statistics regarding the biggest security concerns of corporate companies: 21% Hackers
17% preventing malicious code
15% e-Email security
14% Secure remote access
8% Secure e-commerce
7% VPN development
6% Single Sign-on
19
Security Issues….
Security Statistics of Cyber Crime
Here are some interesting statistics pertaining to cyber crime from the ECCouncil:
Intellectual losses from hacking exceeded $400 billion in 2003.
Eighteen percent of companies whose systems were broken into or
infected with a virus suffered losses of $1 million or more.
20
Security Issues….
Security Statistics of Cyber Crime
Here are some interesting statistics pertaining to cyber crime from the ECCouncil:
A total of 241 U.S. organizations collectively reported losses of $33.5 million from theft of proprietary information.
Approximately 25 percent of all organizations reported attempted break-ins via the Internet.
An FBI survey of 400 companies showed only 40 percent reported break-ins.
One of every five Internet sites have suffered a security breach.
21
Hacking Defined……
What is computer hacking?
In the beginning, to ‘hack’ meant to posses extraordinary computing skills used to stretch system security beyond limits, it is expected that, a hacker should be very proficient in the use and application of computers
But today, the story is different due to ready-made tools freely available on the internet
Malicious hacking….
What does a malicious hacker do?—
Seek for system vulnerabilities
Exploit the vulnerabilities
Attack and re-attack
The process usually adopted is explained next slide
Summary of attacks Kinds of Attacks
Denial of Service(DoS)
DDoS using BOTs/BOTNETS
Social Engineering
Technical
Session Hijacking
SQL Injection
Trojans
XSS
ARP Poisoning
Smurf
Buffer Overflow
Sniffing
Virus
Password Cracking (Dictionary, Brute force and Hybrid)
26
Phases of attack…
The 5-Phases of attack Reconnaissance Preparatory to attack Uses competitive intelligence Sniffs around and gathers as much information as
possible about the target systems May use smooth-talking and social engineering Uses certain tools to detect open ports, accessible
hosts, routers, network mappings, details of operating systems and applications
Phases of attack…
The 5-Phases of attack
Scanning this is the pre-attack phase. In this stage of attack,
the attacker scans the network with specific information gathered during reconnaissance
Uses tools such as network port scanners, war diallers, to detect listening ports
Phases of attack…
The 5-Phases of attack
Scanning Organisations deploying Intrusion Detection
Systems (IDS) still have cause to worry because; attackers can use evasion techniques at both the application and network levels to bypass filters.
Phases of attack…
The 5-Phases of attack
Gaining access this is seen as the most important stage of the
hacking business
Factors that influence whether, a hacker can gain access to the target system include architecture and configuration of the target systems, skill level of the perpetrator and initial level of access obtained such as the discovery of open ports and ascertaining the type of services running on the target machines
Phases of attack…
5-phases of attack
Maintaining access
That is ‘Staying on Board’
As a defense against this kind of attacks, organizations can use IDSs or deploy honey pots and honey nets to detect intruders.
Phases of attack…
5-phases …..
Clearing the tracks this phase closes the loop started with
reconnaissance. Intelligent thieves will always cover their footprints to avoid early detection as long as their interest is sustained.
This involves removing any evidence of their discovery, including destruction of log files, etc.
. Other techniques include: steganography, tunneling, etc
Phases of attack…
Battling the hacker!
As an ethical hacker, you must be aware of the tools and techniques that are deployed by attackers so that you are able to advice and take countermeasures to sustain system protection.
Robert Morris, Jr.
Released Morris worm in 1988
First major Internet Worm
Cornell University student (released the worm through MIT)
Morris worm exploited vulnerabilities in sendmail, fingerd, rsh/rexec and weak passwords
Infected 6000 Unix machines
Damage estimate: $10m - $100m
Robert Morris, Jr.
First person to be tried and convicted under the 1986 Computer Fraud and Abuse Act Received 3 years probation and a $10,000 fine
CERT was created in response to the Morris worm
Morris’s father was chief security officer for the National Security Agency (NSA)
Where is he now? A professor at MIT, of course!
Who is this Guy?
Fugitive Hacker
Started as a ‘phreaker’
Inspired by John Draper (Captain Crunch)
Using a modem and a PC, he would take over a local telephone switching office
Kevin Mitnick
Kevin Mitnick
Arrested multiple times
Breaking into Pacific Bell office to steal passwords and operator’s manuals
Breaking into a Pentagon computer
Stealing software from Santa Cruz Operation (SCO)
Stealing software from DEC
Fled when FBI came to arrest him for breaking terms of probation
Tsutomu Shimomura helped track down the fugitive Mitnick in 1995. This was documented in the book and movie Takedown.
Kevin Mitnick
“The simple truth is that Kevin never sought monetary gain from his hacking, though it could have proven extremely profitable. Nor did he hack with the malicious intent to damage or destroy other people's property. Rather, Kevin pursued his hacking as a means of satisfying his intellectual curiosity and applying Yankee ingenuity. These attributes are more frequently promoted rather than punished by society.”
…excerpt from Kevin’s WEB site
Information Sources and Hacking Tools
Information sources
www.archives.org.
http://people.yahoo.com or http://www.intellius.com
Intrusion Approaches Target selection, research and background info
Internet searches
Whois, Nslookup
Preliminary probing - avoid logging - get passwords Sniffing
DNS zone transfer
SMTP probe
Web Spiders
Other simple probes
Search for back doors
Technical attack or social engineering
47
Intrusion Approaches
Preliminary attacks will be to:
Uncover initial information
Locate the network range
Identify active machines
Discover open ports / access points
Detect operating systems
Uncover services on ports
Map the network
48
Cleaning Up After an Attack
Delete tools and work files
Modify logs (Unix example)
Syslog
messages files (especially the mail log)
su log
lastlog (including wtmp and utmp)
daemon logs
transfer logs
49
Hacking tools…..
The following are some of the tools usually employed by hackers: Whois
Nslookup
ARIN
Neo Trace
VisualRoute Trace
Smart Whois
Email Tracker Pro
Website watcher
Countermeasures
Defenses
Countermeasures are various security mechanisms devised to protect and monitor enterprise computer networks in order to ward off attacks by crackers. These include but not limited to:
IDS
Firewalls
Biometric devices
Encryption mechanisms
Legal redress
Legal perspectives
Some laws …. To fight hacking
In the US we have:
18 U.S.U s 1029. fraud and related activity in connection with access devices
18 U.S.U s1030. Fraud and related activity in connection with computers
18 U.S.U s 1362. Communication lines, stations, or systems
18 U.S.C s 2510 et seq. Wire and electronic communications interception and interception of oral communications
18 U.S.U s 2701 et seq. stored wire and electronic communications and transactional records access
Legal perspectives
SECTION 1029 The statute Title 18 U.S.C section 1029, also
referred to as the “access device statute” is a highly versatile means of investigating and prosecuting criminal activity involving fraud.
Penalties Offense under 1029(a)(1) attracts a fine of $50,000
or twice the value of the crime and / or up to 15 years in prison, $100,000 and / or up to 20 years if repeat offense.
Legal perspectives
Other countries such as:
Japan
Australia
UK
Germany, etc
See your handout for details of these countries laws relating to hacking and computer crime.
Conclusion
In concluding this paper—
needless to say that the cyber world has come to stay; creating fantastic new business models as well as enormous security challenges. The good, the bad and the ugly of this monumental phenomenon is one dilemma facing all stakeholders in this filed, and everyone, especially, security and systems administrators must brace up to the task of ensuring that those who live this ‘Comfort Zone’ are checkmated at all cost if the very objectives of IT applications in business are to be realised.