Pad 750 podcast
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
753
On Slideshare
752
From Embeds
1
Number of Embeds
1

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 1

http://www.slideshare.net 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Real World Hackers The Future – Hacking for Profit by Anthony Raffelli and Inga Brel www.themegallery.com
  • 2. Scams
    • Nigerian Scams
      • Advance fee fraud / 419 scam / fax scam
      • Dear Sir letter
      • Seemingly legitimate
      • Request for money
    • Ponzi schemes
        • Relies on current investors to pay current recipients
        • Creates “aura of exclusivity” – Bernie Madoff
        • Similar to Social Security
        • Most prevalent type of investor fraud
        • Difficult to detect (unless complaint is received)
        • Promise of high return / short time
  • 3. Internet-Based Scams
    • Packet sniffers
      • Intercepts info via ‘sniffer’ installed by hacker
      • Collects credit card info
    • Phishing
      • Bogus emails
      • Request personal / financial info
      • Averaged 0.86% of emails last year
      • Most common attacks – PayPal & eBay
    • Social engineering
  • 4. Internet-Based Scams
    • Web spoofing
      • Counterfeit URL (misspelling)
      • Solicits credit card / personal information
      • www.spoofem.com – ‘ispoofem’ software: allows spoofed texts, caller ids, emails (now for Google phones)
    • Keystroke loggers
      • Software / hardware device (keyboard / connector)
      • Records users’ keystrokes
      • www.keyghost.com – source for keyloggers
      • Can be remotely installed
        • Remote access trojan horse (RAT)
        • via email
        • Scans for presence of keylogger
            • www.spycop.com
            • www.trapware.com
  • 5. Internet-Based Scams
    • Porn dialers
      • Access to free pornography
      • Connection via L.D. / foreign internet service provider (ISP)
      • Charges appear on tel. bill / connection fee
        • Not via cable or DSL modem
  • 6. Finding People on the Internet
    • Avenues of information
      • Email
      • Instant messaging ID
      • IP address
      • WHOIS (www.whois.net)
    • Stalking
      • Enforcement
        • Lack of applicable statutes
        • Ignorance / inexperience of law enforcement
        • Lack of resources of investigative authority
        • Jurisdictional issues
        • NJ Internet Stalking Law provision (NJ Assembly Bill No. 2143)
          • Expands prohibited contact to include email via internet
  • 7. Propaganda as News and Entertainment
    • Deceptive news stories
      • 2003 President Bush with staged supporters @ Medicare press conference
      • Photos of soldiers copied / pasted into TV ad
      • Altered military operations – Marja, Afghanistan
        • Limits on air support
        • Result of propaganda reports of civilian casualties
  • 8. Hacktivism – Online Activism
    • Virtual sit-ins / blockades
      • Goals: shut down access / gain publicity
      • Result in denial of service (DOS) attack
    • Email bombing
      • Floods target’s mailbox
      • Prevents receipt of legit / wanted messages
      • Use of rapid email software (Rapid E-mailer v.2.0.1)
    • Web-Hacking / Computer break-ins
      • Google & China
  • 9. Hate Groups and Terrorists on the Internet
    • Hate groups
      • Threatening behavior
      • Intimidation tactics
      • Rhetoric
    • Terrorists
      • Desire to kill
      • Internet advantages
        • Anonymity
        • Global access
        • Ease of use
  • 10. Hate Groups and Terrorists on the Internet
    • Fear of cyber-terrorism
      • Target infrastructure
        • Air-traffic control hacking
        • Food manufacturing processes
        • Control of banking
      • NOT probable
        • Difficult
        • Expensive
        • Less dramatic than physical attack
  • 11. SPAM
    • Sending unsolicited messages to multiple email accounts or Usenet groups
    • FREE advertisement
    • Phishing for personal information to steal your identity
    PAD 750
  • 12. Collecting E-Mail Addresses
    • Newsgroup extractors – emails stored in Usenet groups
    • Website extractors – emails stored on websites
    • SMTP (Simple Mail Transfer Protocol) server extractors – software allows spammers to ask ISPs whether email is valid
    • P2P network – file sharing networks
    • Do Not Spam list – Phishing for emails
    PAD 750
  • 13. Masking Spammers Identity
    • Temporary email accounts
    • Forging sender’s email
    • “Zombie” computers
    • Hijacking email account
    PAD 750
  • 14. Spam Filters
    • Content Filtering
      • Text analysis
    • Blacklists
      • List of spammers
    • Whitelists
      • Acceptable recipients
    • DNS Lookup Lists
      • Known lists of spam domain names
      • SpamCop
    • Attachment filtering
      • Graphic/ image analysis
    PAD 750
  • 15. Future Solutions to Spam
    • Bill Gates – buying postage (with time, not money)
      • Sender performs a simple math problem before sending an email
      • Ties up resources when sending 10,000 emails
      • Can only work if all email providers and bulk email programs utilize the postage method
      • Demand: Spammers have a vested interest in sending thousands of spam messages with a click of a button
      • Supply: Spammers would not pay for bulk email software if they couldn’t send thousands of messages with a click of a button
    • Yahoo’s DomainKeys – domain name encryption
      • Encrypting the sender’s domain name so that if the sender tries to forge or change it before sending the email, the message will automatically get flagged as spam
      • Can only work if all email providers and bulk email programs adopt this methodology
      • Demand: Spammers want to disguise their domain names
      • Supply: Spammers would not pay for bulk email services if they could not disguise their identity
    PAD 750
  • 16. WEB BUGS
    • Track how many people look at an ad and who they are
    • Track what websites you visit
    • HTML Code such as <IMG SRC=“url”><IMG> is an example of a web bug
    • So when the server sends the bug to the site, DoubleClick.net server can identify:
      • IP address of your computer
      • Specific web page containing the web bug
      • The time and date the bug was retrieved
      • The type of browser you use
    • When web bugs are used with browser cookies, they can track what websites you use and tailor advertisements to your interests
    • Cookies are just another way of identifying what website you visited and what items you looked at
    • Done to spy on your buying habits
    PAD 750
  • 17. WEB BUGS IN SPAM
    • Web bugs can identify your IP address, operating system, and when you viewed spam
    • This can tell spammer that your email address is valid
    • If you don’t open spam, it would tell advertiser that either your email is not valid or you did not care looking at it and they would likely remove you from their list
    PAD 750
  • 18. SPAMDEXING: SEARCH ENGINE SPAMMING
    • Keyword Stuffing
      • Stuff a pirated software site with keywords such as games to get people who look for games to buy their pirated software
    • Keyword content creators
      • Software such as ArticleBot creates content using keywords (“games”) to get the (pirated software) site on top
    • Link Framing
      • Create bogus sites called link farms that contain nothing but links to the (pirated software) site whose rating they want to boost
    • Doorway pages
      • Pages that display a graphic animation with the words “enter” to access the site
      • Spammers trying to promote a porn or pirated software site stuff their doorway page with keywords “games” to get the user who searches for games to enter their site.
    PAD 750
  • 19. ADWARE VS. SPYWARE
    • SPYWARE
    • Pop-Up advertisements to get consumer to click on ads or steal personal information
    • Cannot be removed by uninstalling the program
    • Interferes with other programs/ memory usage/ internet
    PAD 750
    • ADWARE
    • Advertisements in programs to keep the program free or at low cost
    • Removed when the program is uninstalled
    • Does not interfere with other programs/ memory/ internet
  • 20. WHAT SPYWARE DOES
    • Unlike viruses and worms, spyware does not replicate nor intentionally damage the system. Damage occurs as a result of its operation – FORCE YOU TO LOOK AT ADS/ COLLECT CONSUMER INFORMATION
    • Spyware does the following:
    PAD 750 1 DISPLAYS POP-UP ADS Once you connect to the Internet, Spyware contacts the server that supplies it with pop-up ads 2 HIJACKS HOME PAGE Displays advertisements on web browsers homepages Monitors sites visited and display competitor's sites Manipulates/ changes search results Adds new bookmarks containing pornography by disguising them with innocent names 3 STEALS INFORMATION May record keystrokes to steal passwords, bank account #’s, Social Security #’s (will not let the user know its there by pop-ups)
  • 21. WHY ADVERTISE USING SPYWARE?
    • Big companies
      • Can spread advertisements all over the internet/ user’s computer
    • Advertisement brokers
      • Can distribute their clients’ ads to as many people as possible
    • Spyware companies
      • Can get paid by internet advertising brokers
    • Software bundlers
      • Can get paid by spyware companies
    • Affiliates
      • Can get paid using spyware every time someone clicks the ad
    PAD 750
  • 22. HOW YOU CAN GET SPYWARE
    • Install Infected File
      • Install infected file by downloading music, movies, games, browser add-on’s, etc.
    • Install Anti-Spyware
      • Attempt to remove spyware with anti-spyware programs disguised as spyware
    • Drive-by Downloads
      • Website lures the user to visit it with bait such as music, software, pornography, etc
      • Uses ActiveX Control to secretly install spyware
    • Spyware-Infected Spyware
      • Spyware cannot replicate itself like viruses and worms
      • Spyware can keep downloading more spyware from the Internet until you remove it or your computer crashes
    PAD 750
  • 23. WHERE SPYWARE HIDES
    • Windows Registry
      • Buries information in registry and copies it onto the hard disk within hidden files and folders
      • Scatters information in multiple places on hard disk, making it impossible to find/ remove
      • If you did not delete all files, the moment you access the internet, spyware will install again
      • Spyware copies files onto hard disk
      • Hides within hidden files and folders
    PAD 750
  • 24. ELIMINATE SPYWARE
    • Never gone forever  $$$$$
    • Raise the security level of Internet browser
    • Install a firewall
    • Monitor start programs
    • Use a minimum of 2 anti-spyware programs
    PAD 750