Sit presentation - Hacking
Upcoming SlideShare
Loading in...5
×
 

Sit presentation - Hacking

on

  • 1,311 views

 

Statistics

Views

Total Views
1,311
Views on SlideShare
1,252
Embed Views
59

Actions

Likes
0
Downloads
37
Comments
0

1 Embed 59

http://vsites.villanova.edu 59

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Sit presentation - Hacking Sit presentation - Hacking Presentation Transcript

  • HACKINGRyan Mauer, Monica Solis, Francis Tienzo, and MikeWong
  • Hacking: The Basics The term hacking itself is broad in that it encompasses all forms (i.e. phones, computers, computer systems) of gathering information about another person, usually illegally and for profitable reasons. http://www.youtube.com/watch?v=uV5u5Nl3bjM
  • Classifications of Hacking White Hat – an ethical hacker who helps test security systems. Black Hat – a hacker who breaks into a computer security system for personal gain or malicious intent. Grey Hat – a mix of the white and black hat, this hacker may break into a computer system, then offer to help the company protect against hackers for a fee. Elite Hacker – extremely skilled hackers. Script Kiddie – a non-expert who cracks into a computer system using pre-constructed tools (i.e. another hacker‟s technique) to do so. Neophyte – also known as a “n00b” or a “newbie” is someone who is new to hacking and knows very little about it. Hacktivist – a hacker who breaks into websites and reorganizes them with a political, social, or otherwise ideological message.
  • Techniques Vulnerability Scanner – a tool that scans a computer to see which networks or files are „open‟ to corrupt. Password cracking – discovering a password by finding old data stored on a computer (can be as simple as guessing a password). Spoofing attack (Phishing) – falsely advertising to be another website or program, and when downloaded can take personal info. Social engineering – when a hacker tries to convince a system administrator that he is a user or supervisor who needs assistance gaining access
  • Techniques continued… Trojan Horses – a program that appears to be doing one thing while really serving another purpose. Viruses – a self-replicating program that spreads by duplicating copies of itself. Worms – similar to a virus in that it is a self-replicating program, but it does not have to be opened by the user in order to infect a computer. Key Loggers – a tool that records each key stroke made so as to retrieve passwords or private data.
  • The History of Hacking: A Timeline 1870s 1960s 1970s 1980s 1990s 2000First Instance Positive term John Draper, One of the Creation of Microsoft is aof phone for hackers one of the first arrests the National victim of a newhacking develops most famous of the Infrastructur type of hackingexhibited by through phone Milwaukee- e Protectionteenagers. MIT‟s hackers, based 414 Center. Chinese artificial nicknamed hackers. hackers claim intelligence “Captain to gain access lab. Crunch” to sensitive sites. YouTube Sesame Street hacking controversy.
  • Notorious “Black Hat” Hackers  Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking at age 16. Created a backdoor to the department of defense which enabled him to view sensitive emails and capture employee usernames and passwords.  Adrian Lamo: Broke into major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinkos, coffee shops and libraries to do his intrusions so as to remain „untraceable‟.
  • Famous “White Hat” Hackers  Stephen Wozniak: "Woz" is famous for being the "other Steve" of Apple.  Tim Berners-Lee: Berners- Lee is famed as the inventor of the World Wide Web
  • Hacking Today: Stuxnet A computer worm discovered in June of 2010. It is the first discovered malware what spies on and subverts industrial systems. Specifically targeted an Iranian Nuclear Facility. Brings up the question as to whether the framework will be used for future super viruses. Azerbaijan 2.57% United States Country Infected computers: 1.56%  Iran 58.85% Pakistan 1.28%  Indonesia 18.22% Others 9.2%
  • Illegality of Hacking Computer Fraud & Abuse Act – 1984  Put in place to reduce cracking of computer systems (hacking) and to address federal computer-related offenses.  Initially governed only cases with a compelling federal interest  After amendments, many people feel that the law is too broad
  • Illegal Actions under the Act1. Knowingly accessing a computer without authorization for purposes of obtaining national security data2. Knowingly and intentionally accessing a computer without authorization in order to gain information from a financial institution, any U.S. department or agency, or any protected computer.3. Intentionally accessing without authorization a government computer to affect the government‟s use of it.4. Knowingly accessing a protected computer with the intent to defraud.5. Knowingly causing the transmission of a program, information, code, or command which leads to damage or accessing a computer without authorization, which leads to significant damages.6. Knowingly and with the intent to defraud, trafficking a password or similar information through which a computer may be accessed without authorization.
  • CFAA in the News Violating an internet service provider‟s terms of service agreement is now subject to criminal prosecution. Cyber bullying – 2008, woman from Missouri charged for leading a teenage girl to commit suicide via MySpace. Guilty verdict thrown out on vagueness of the CFAA Amendment to pending bill approved by U.S. Senate:  Would limit the interpretation of the CFAA. Would not include violation of a contractual obligation or agreement.  This would protect people for merely violating a contractual agreement with a web site or their ISP from being subject to criminal charges (vs. civil charges) Criminalized conduct also includes: using a fake name on Facebook, lying about your weight on an online dating profile, etc.
  • Anonymous (Hacking Group) “Hactivism” Target mainly institutions, organizations, and government departments that the group protests against. Aims to spread a message with each attack. Examples: Department of Justice (after MegaUpload), Colombia‟s Defense Ministry (arrests made by Interpol)
  • Memorable events:US Government & Hacking 1999 – President Clinton passes government computer security initiative 2000 – “I Love You” virus hits the globe 2002 – President Bush creates the Department of Homeland Security. 2005 – NSA illegal wiretapping controversy 2010 – Obama administration ends wiretapping 2010 – Wikileaks controversy 2011- Cyber security legislation goes through Congress 2011 – Foreign hackers steal 24,000 Pentagon files.
  • “I Love You” Virus – May 4,2000 Email subject line: “I Love You” Attachment :“LOVE-LETTER-FOR- YOU.TXT.vbs” Replaced multimedia files with itself Sent to everyone in Outlook address book Hit 45 million people in one day OnelDe Guzman and Reomel Ramones of the Philippines arrested, then released  BEFORE: malware thought of as “urban myth”  AFTER: US signs Council of Europe Cybercrime Treaty to harmonize laws
  • Wikileaks Controversy Private Bradley Manning  Gave stolen diplomatic memos to WikiLeaks  260,000 files, airstike videos from Iraq and Afghanistan  Replaced music on a Lady Gaga CD with secret files  Reported by hacker friend Adrian Lamo  Charged in Military Court & staying in medium security facility. Pentagon‟s Response  Disable drives prom accessing data  Restricted use of memory devices  Defense Department installed fraud detection
  • Hackers steal Pentagon files – March 2011 Plans for missile tracking systems, satellite navigation systems, surveillance drones, and jet fighters were taken. Didn‟t say which data system was hacked and who they suspected. Other breaches: Lockheed, Martin, RSA Security New cyber strategy  Tighter defense, collective effort, technological innovation Military‟s Cyber Command coordinates operations for computer networks. Incentives Taken:  National data breach reporting, increased penalties, possible military action response, cybersecurity (DoD, DHS, and private sector)
  • Questions: Do you think that the US government should invest more into preventing hacking? Do you think cyberspace is a new frontier for possible terrorist attacks? (i.e. Stuxnet) Have any of you ever been a victim of hacking? Should the CFAA definition be narrowed to better define what should be punished related to hacking? What do you think about the concept of hactivism? Are there other channels for
  • Bibliography: "Bush says he signed NSA wiretap order." CNN.com. CNN, 2005. Web. 21 Mar 2012. http://articles.cnn.com/2005-12-17/politics/bush.nsa_1_wiretaps-constitutional-responsibilities-and-authorities- national-security-agency?_s=PM:POLITICS Hamblen, Matt. "Clinton commits 1.46B to fight cyberterrorism." CNN.com. CNN, 1999. Web. 21 Mar 2012. http://articles.cnn.com/1999-01-26/tech/9901_26_clinton.idg_1_detection-security-cyberterrorists?_s=PM:TECH "ILOVEYOU virus." TechTarget.com. TechTarget, 2012. Web. 21 Mar 2012. http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus Kleinbard, David. "U.S. catches Love virus." CNN.com. CNNMoney, 2000. Web. 21 Mar 2012. http://money.cnn.com/2000/05/05/technology/loveyou/ Reporter, Staff. "Pentagon Releases Cyberspace Strategy After Hackers Stole 24K Files." IBTimes.com. International Business Times, 2011. Web. 21 Mar 2012. http://www.ibtimes.com/articles/180746/20110715/united- states-secretary-of-defense-dod-william-lynn-department-of-defense-pentagon-online-security-d.htm Shanker, Tom. "Hackers Gained Access to Sensitive Military Files." NYTimes.com. New York Times, 2011. Web. 21 Mar 2012. http://www.nytimes.com/2011/07/15/world/15cyber.html?_r=1&pagewanted=all "Wikileaks suspect believed to have used CD, memory stick to get past Pentagon security."DallasNews.com. The Associated Press, 2010. Web. 21 Mar 2012. http://www.dallasnews.com/news/washington/20101130-wikileaks- suspect-believed-to-have-used-cd-memory-stick-to-get-past-pentagon-security.ece http://www.wired.com/threatlevel/2011/11/anti-hacking-law-too-broad/ http://www.nytimes.com/2012/01/21/technology/megaupload-indictment-internet-piracy.html?_r=1 http://www.law.cornell.edu/uscode/text/18/1030 Trigaux, R.. "A history of hacking." http://www.sptimes.com/Hackers/history.hacking.html. N.p., 2000. Web. 20 Mar 2012. http://www.sptimes.com/Hackers/history.hacking.html IT Security Editors, Top 10 most famous hackers of all time. N.p., 2011. Web. 20 Mar 2012. http://www.focus.com/fyi/top-10-most-famous-hackers-all-time/Broad, W. J., J. Markoff, and D. E. Sanger. "Israeli Test on Worm Called Crucial in Iran Nuclear Delay." New york times. New York Times, 2011. Web. 20 Mar 2012. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all