hacker culture
TRANSCRIPT
![Page 1: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/1.jpg)
Introduction to Computer Securityand Information Assurance
Cyber Security Pilot Course
Summer 2011
Draft 1Lesson 3
![Page 2: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/2.jpg)
Introduction to Computer Securityand Information Assurance
Lesson 3: Hacker Culture
Cyber Security 1 PilotSummer 2011
DRAFT - Lesson 3
![Page 3: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/3.jpg)
Draft Lesson 1 © 3
Copyright Notice
This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License.
Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, [email protected], or MITRE's Technology Transfer Office, 703-983-6043).
For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
This work is copyright of the Career Technical Education Foundation, Inc.
Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. ([email protected], (407) 491-0903).
![Page 4: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/4.jpg)
Introduction to Computer Securityand Information AssuranceLesson Objectives
• Understand Hacking• Recognize the mentality of the Hacker• Recognize common hacker methodologies• Learn about some example cyber war stories
4DRAFT - Lesson 3
![Page 5: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/5.jpg)
Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
-Sun Tzu “On the Art of War”
5DRAFT - Lesson 3
![Page 6: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/6.jpg)
Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?
2008 FBI/CSI Cyber Crime Survey
Companies Experiencing Computer Security Incidents
6DRAFT - Lesson 3
![Page 7: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/7.jpg)
Introduction to Computer Securityand Information Assurance20 Year Trend
passwordguessing
self-replicatingcode
passwordcracking
exploitingknown
vulnerabilities
disablingaudits
backdoors
hijackingsessions
sniffer /sweepers
stealthdiagnostics
packet forging /spoofing
GUI
Hacking Tools
AverageIntruder
1980 1985 1990 1995
Rel
ativ
e Te
chni
cal C
ompl
exity
Source: GAO Report to Congress, 1996 via Divinci Group
7DRAFT - Lesson 3
![Page 8: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/8.jpg)
Introduction to Computer Securityand Information AssuranceAnd a bit more recently
Windows RemoteControl
Stacheldraht
Trinoo
Melissa
PrettyPark?
DDoS Insertion
Tools
HackingTools
KiddieScripterR
elat
ive
Tech
nica
l Com
plex
ity
1998 1999 2000 2001
8DRAFT - Lesson 3
![Page 9: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/9.jpg)
Introduction to Computer Securityand Information AssuranceWho are they?
National National InterestInterest
PersonalPersonalGainGain
PersonalPersonalFameFame
CuriosityCuriosity
Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist
Vandal
Thief
Spy
Trespasser
SOURCE: SOURCE: Microsoft and Accenture Microsoft and Accenture via Divinci Groupvia Divinci Group
Author
Mot
ives
Knowledge Level9DRAFT - Lesson 3
![Page 10: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/10.jpg)
Introduction to Computer Securityand Information AssuranceTaxonomy of Hackers
• Novice – Least experienced, focused on mischief• Student – Bright, bored and looking for
something other than homework• Tourist – Hack out of sense of adventure, need to
test themselves• Crasher – Destructive who intentionally damaged
IS systems• Thief - Rarest of Hackers – profited from their
activities – and most professionalLandreth, 1985
10DRAFT - Lesson 3
![Page 11: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/11.jpg)
Introduction to Computer Securityand Information AssuranceType of Hackers
• White Hats– Good guys, ethical hackers
• Black Hats– Bad guys, malicious hackers
• Gray Hats– Good or bad hacker; depends on the situation
DRAFT - Lesson 1 11
![Page 12: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/12.jpg)
Introduction to Computer Securityand Information AssuranceHacker Tendencies
• Invests significant amounts of time on study of documentation, giving special attention to border cases of standards
• Insists on understanding and implementing the underlying API – often confirming documentation claims
• Second guesses implementer’s logic• Insists on tools for examining the full state of
system across interface layers and for modifying these states bypassing the standard development API.
12DRAFT - Lesson 3
![Page 13: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/13.jpg)
Introduction to Computer Securityand Information AssuranceWhy these tendencies?
Developers under pressure to
‘make it work’
Developers ‘trained’ away from exploring underlying API
Developers directed to ignore specific problems
as the responsibility of
others
Developers must comply with lack
of tools to explore outside their systems.
Force cutting of corners
Forces lack of understanding of their choices
Forces Developer’s lack of Concern for a valid solution
Prevents Developer from
expanding beyond his area of study
Bratus, 2008
Economics of Insecure Hardware/Software
13DRAFT - Lesson 3
![Page 14: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/14.jpg)
Introduction to Computer Securityand Information Assurance
Developers under
pressure to ‘make it work’
Developers ‘trained’ away from exploring
underlying APIs
Developers directed to
ignore specific problems as
the responsibility
of others
Developers must comply with lack of
tools to explore
outside their system
Forces cutting of corners
Forces lack of understanding of their
choices
Forces developer’s lack of concern for a valid solution
Why these tendencies?Economics of Insecure Hardware/Software
OPPORTUNITY!!!!
14DRAFT - Lesson 3
![Page 15: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/15.jpg)
Introduction to Computer Securityand Information AssurancePhases of Ethical Hacking
DRAFT - Lesson 3 15
![Page 16: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/16.jpg)
Introduction to Computer Securityand Information AssuranceBasic Hacker Methodology
16DRAFT - Lesson 3
![Page 17: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/17.jpg)
Introduction to Computer Securityand Information AssuranceInformation Gathering/ Fingerprinting
• Gathering information about targeted network addressing scheme prior to launch of attack– IP addressing– Domain Names– Network Protocols– Activated Services
17DRAFT - Lesson 3
![Page 18: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/18.jpg)
Introduction to Computer Securityand Information AssuranceScanning/Probing
• Using Automated tools to scan a system for computers advertising application services
• Look for potential targets with possible vulnerabilities
• Look for targets running specific operating systems.
18DRAFT - Lesson 3
![Page 19: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/19.jpg)
Introduction to Computer Securityand Information AssuranceGaining Access
• Target Specific Vulnerabilities:– Operating System– Network Devices– Software Applications
• Malicious Code– Delivered via E-mail
• Social Engineering
19DRAFT - Lesson 3
![Page 20: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/20.jpg)
Introduction to Computer Securityand Information AssuranceElevating Privilege
• Why Elevate privileges?– Access User Account– Access Super User– Install Backdoors
• Password Crackers!
20DRAFT - Lesson 3
![Page 21: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/21.jpg)
Introduction to Computer Securityand Information AssuranceExploiting
• Use victim to launch attacks against others• Stealing sensitive information• Crash systems• Web Server Defacements
21DRAFT - Lesson 3
![Page 22: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/22.jpg)
Introduction to Computer Securityand Information AssuranceInstalling Back Doors
• Add user accounts that look ‘normal’• Open ports
– Allow access to system services or provide command shell access
• Cover tracks to prevent detection• Move malicious code to program
– Trojan.exe -> notepad
22DRAFT - Lesson 3
![Page 23: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/23.jpg)
Introduction to Computer Securityand Information AssuranceChinese Hacker Methodology
23DRAFT - Lesson 3
![Page 24: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/24.jpg)
Introduction to Computer Securityand Information AssuranceAnd So…
• Need to know how different hackers operate and what their motives are
• Need to learn how to attack so can defend well• Need to mitigate vulnerabilities• Need to stay one step ahead of the attack to
reduce damages• Best case scenario:
– let people in who should be in– keep everyone else out!!
24DRAFT - Lesson 3
![Page 25: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/25.jpg)
Introduction to Computer Securityand Information Assurance
Cyberwar Stories
25DRAFT - Lesson 3
![Page 26: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/26.jpg)
Introduction to Computer Securityand Information AssuranceGhostNet
• 10-month cyber-espionage investigation– 1,295 computers in 103 countries belonging to
international institutions spied on– Sensitive documents stolen and ability to
completely controlled infected computers– Used root kits, keyloggers, backdoors and social
engineering– Operation began in 2004– Evidence that China behind it
26DRAFT - Lesson 3
![Page 27: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/27.jpg)
Introduction to Computer Securityand Information Assurance
DRAFT - Lesson 3 27
![Page 28: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/28.jpg)
Introduction to Computer Securityand Information AssuranceDalai Lama
• One target the Office of His Holiness the Dalai Lama (OHHDL)– Sensitive documents stolen– Malicious emails sent to Tibet-
affiliated organizations– Investigation into GhostNet
began when OHHDL suspected malware and contacted the Munk Center for International Studies
28DRAFT - Lesson 3
![Page 29: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/29.jpg)
Introduction to Computer Securityand Information AssuranceUnique Aspects
• In addition to stealing documents, GhostNet had other capabilities– Reportedly turn on webcams and audio recording
functions of an infected computer– Essentially, turn infected computer into a large
“bug” for spying on office• Used a “control panel” reachable by a
standard web browser to manipulate the computers it had infected
29DRAFT - Lesson 3
![Page 30: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/30.jpg)
Introduction to Computer Securityand Information AssuranceSo how did they detect it?
• Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software
• Googled it• Led him to web site in China• Commanded system to infect system in their
lab and watched commands
30DRAFT - Lesson 3
![Page 31: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/31.jpg)
Introduction to Computer Securityand Information AssuranceAnd, of course
China Denies Any Role in 'GhostNet' Computer Hacking Beijing31 March 2009
Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China.
Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so-called Chinese computer spies."
31DRAFT - Lesson 3
![Page 32: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/32.jpg)
More Cyber Stories:Understanding the Hacker
![Page 33: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/33.jpg)
![Page 34: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/34.jpg)
Introduction to Computer Securityand Information AssuranceLesson Summary Key Points
• Hacking is illegal (most of the time)– Understand the laws– Port Scanning can be considered illegal
• Post 9/11 can be act of terrorism
34DRAFT - Lesson 3
![Page 35: hacker culture](https://reader035.vdocuments.us/reader035/viewer/2022062400/58725def1a28ab31498b4e1f/html5/thumbnails/35.jpg)
Introduction to Computer Securityand Information Assurance
Questions?
Draft 35