This document summarizes a presentation given by Sean Hanna on client side hacking. The presentation discussed how hacking has evolved from hobbyists to security research companies to organized criminal gangs producing crimeware. It noted how governments are now developing cyber warfare capabilities in a growing arms race. The presentation demonstrated hacking tools and warned that client systems are increasingly being targeted, and that future threats will be even more advanced as hacking continues to evolve.
2. About New Horizons
World’s largest IT training company since 2002 (IDC)
Recognized among the world's Top 20 IT training companies four out
of four years (Trainingindustry.com)
Deliver a full range of technical, application, and business skills training
solutions
Advanced technical solutions (Microsoft, IBM, CompTIA, Adobe, ITIL,
and various Information Security offerings);
Desktop applications (Microsoft Project, Excel, Access, PowerPoint;
Adobe Photoshop, Illustrator, InDesign);
Business skills (project management, practical selling skills,
time management, effective presentations, etc.)
Offer more courses, at more times, and in more locations
than any other computer and business training company
16. Weapons R&D EC-Council
Finding the next Vulnerability is highly technical
Greatest challenge for coders
Years of experience required
Reverse Engineering
Zero Day Attacks
17. For Example… EC-Council
Wi-Fi Protected Setup is designed to ease the
task of setting up and configuring security on
wireless local area networks
It has many weaknesses
External Registrar option does not require any kind
of authentication apart from providing the PIN, it is
potentially vulnerable to brute force attacks.
22. For Example… EC-Council
Remote Code Buffer Overflows occurs when
data written to a buffer, due to insufficient
bounds checking, corrupts data values in
memory addresses adjacent to the allocated
buffer and may allow remote code to be run
Microsoft DNS RPC Service
extractQuotedChar() Overflow (TCP)
MS07-029
26. The Payloads EC-Council
Shells “Dangerous Weapon”
Reverse Shells
HTTP
Reverse HTTP
VNC
Password Collector
Visa Collector
Bombs
27. For Example… EC-Council
A botnet is a collection of compromised
computers, each of which is known as a 'bot',
connected to the Internet.
Shark
Botnet Payload
Botnet C&C Server
36. if you’ve got it then you might as
EC-Council
well …
37. For Example… EC-Council
Metasploit a well-known Framework, a tool for
developing and executing exploit code against a
remote target machine
Contains many plug-ins
SET
41. Random Demos? EC-Council
Were these just 3 random demos, or was there
something more behind them?
Each of the demos targeted a client system
This is only the start of our story…
43. The Arms Race EC-Council
The term arms race in its
original usage describes a
competition between two or
more parties for military
supremacy. Each party
competes to produce larger
numbers of weapons,
greater armies, or superior
military technology in a
technological escalation
Source: Wiki
45. The Ingredients Of An Arms Race EC-Council
A new technology that might have a use a
weapon
Existing research in non-weapon areas
An accidental or deliberate demonstration of its
potential
One government to use it against another
Big business to see the chance of massive
profits
46. The Dawn of a New Era EC-Council
We have just entered the dawn of new era
Cyber Warfare is not the stuff of science fiction
Militaries around the world deploy Cyber
Warfare Weaponry on an hourly bases
The technologies is in use in live operational
theatres around the world
48. This Time Its Different EC-Council
The human race has always been careful to
control the availability of weapons
This time we can’t
49. Cyber Weaponry EC-Council
When a solider leaves the army
You can take his gun of him
When a sailor leaves the navy
You can take his ship of him
When a pilot leaves the air force
You can take his plane of him
51. RISK EC-Council
Your job is managing Information RISK
The risk profile id constantly changing
New threats are constantly emerging
Everything is a state of constant flux
53. Journey EC-Council
Let me take you on journey through hacking
From the start though the years to today
Then on towards the future
Let me share why things are about to change
FOREVER.
60. Hobbyist Hackers EC-Council
C0mrade
hacked into NASA
downloaded the source code of the
International Space Station
$1.7 million
Kevin Mitnick
most wanted computer criminal in
U.S. history
breached the national defence system
61. Hobbyist Hackers EC-Council
Started the whole process
Limited success
Limited resources
Limited skills
63. Security Research Companies EC-Council
HP Fortify
Largest commercial research organization in the
world
Identified over 430 vulnerability categories across 18
programming languages
Discovered two entirely new categories of
vulnerabilities (JavaScript Hijacking and Cross-Build
Injection)
65. Criminal Gangs EC-Council
431 million adults worldwide were victims of
cyber crime last year (Norton Cyber Crime
Report 2011)
$388 billion is lost globally each year to cyber
crime (Norton Cyber Crime Report 2011)
67. Criminal Gangs EC-Council
Russian cybercriminals (Mafia Today)
raked in over $4 billion in 2011
consolidated their efforts; organized crime groups
are clamoring for a piece of the action
most lucrative form of Russian cybercrime last year
was online fraud
“The cybercrime market originating from Russia
costs the global economy billions of dollars every
year,” Ilya Sachkov, Group-IB’s CEO
68. Criminal Gangs EC-Council
Cyber crime costs the UK economy £27bn a
year, the government has said.
£21bn of costs to businesses
£2.2bn to government
£3.1bn to citizens
Security minister Baroness Neville-Jones said
the government was determined to work with
industry to tackle cyber crime.
69. Criminal Gangs EC-Council
Took the process to second stage
Invested money to make money
Professional career hackers
Large budgets
Large multi-skills teams
Results in the production of commercial quality
hacks:
Crimeware is born
70. Crimeware EC-Council
Crimeware is a class of malware designed
specifically to automate cybercrime
The term was coined by Peter Cassidy,
Secretary General of the Anti-Phishing Working
Group
Crimeware is said to started around 2003
Crimeware has made rapid advancements in
the last 9 years
74. Cyber Warfare EC-Council
“actions by a nation-state to penetrate another
nation's computers or networks for the
purposes of causing damage or disruption”
“the fifth domain of warfare”
“as critical to military operations as land, sea,
air, and space”
75. Cyber Warfare - History EC-Council
March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military
intervention in Kosovo.
May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of
cyberattacks from China against U.S. government Web sites.
2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for
years. The government code names the attacks Titan Rain and eventually traces them to
China.
April-May 2007: Hackers believed to be linked to the Russian government bring down the
Web sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters.
June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked,
and some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers.
August 2008: Cyber attackers hijack government and commercial Web sites in Georgia
during a military conflict with Russia.
January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers
during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition
party.
April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.
76. US First Cyber Warfare General EC-Council
The US military appointed its first senior general to direct
cyber warfare – despite fears that the move marks another
stage in the militarisation of cyberspace.
The creation of Cyber Command is in response to increasing
anxiety over the vulnerability of the US's military and other
networks to a cyber attack
The US air force discloses that some 30,000 of its troops had
been re-assigned from technical support "to the frontlines of
cyber warfare".
May 2010 – The Guardian Newspaper UK
78. Cyber Warfare EC-Council
A cyber attack by one state on another could be
considered an "act of war", former top national
security adviser (BBC News)
William Hague: UK is under cyber-attack
(BBC News)
79. White House warns of Cyber Warfare
boomerangs
EC-Council
Unlike a bullet or missile fired at an enemy, a
Cyber Weapon that spreads across the Internet
may circle back accidentally to infect computers
it was never supposed to target.
The Homeland Security Department’s warning
about the new virus, known as “Flame,”
3 Days ago – The White House
80. Germany prepares special unit to EC-Council
tackle cyber attack
BERLIN: Germany has prepared a special
cyber warfare unit of its military to conduct
offensive operations against computer hackers,
who attack key installations or engage in
espionage activities, defence ministry has said.
36 Hours ago – Economic Times
81. The Government Wants You EC-Council
Agencies need to hack clients
Al Qaeda operatives for example
Millions have been spent in developing the next
generation of client side hacking tools
84. Questions and Answers
New Horizons Bulgaria
36 Dragan Tsankov blvd.
Interpred, block A, floor 6
Phone : +359 2 421 0040
Email: office@newhorizons.bg
Web: www.newhorizons.bg
Blog: newhorizons.bg/blog
Editor's Notes
Licensed Penetration Tester (LPT),EC-Council Certified Security Analyst (ECSA), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH); Director at Nemstar- Offering IT Security, Consultancy & Training services in Ireland, the UK and Europe