HACKINGRyan Mauer, Monica Solis, Francis Tienzo, and MikeWong
Hacking: The Basics The term hacking itself is broad in that it encompasses all forms (i.e. phones, computers, computer systems) of gathering information about another person, usually illegally and for profitable reasons. http://www.youtube.com/watch?v=uV5u5Nl3bjM
Classifications of Hacking White Hat – an ethical hacker who helps test security systems. Black Hat – a hacker who breaks into a computer security system for personal gain or malicious intent. Grey Hat – a mix of the white and black hat, this hacker may break into a computer system, then offer to help the company protect against hackers for a fee. Elite Hacker – extremely skilled hackers. Script Kiddie – a non-expert who cracks into a computer system using pre-constructed tools (i.e. another hacker‟s technique) to do so. Neophyte – also known as a “n00b” or a “newbie” is someone who is new to hacking and knows very little about it. Hacktivist – a hacker who breaks into websites and reorganizes them with a political, social, or otherwise ideological message.
Techniques Vulnerability Scanner – a tool that scans a computer to see which networks or files are „open‟ to corrupt. Password cracking – discovering a password by finding old data stored on a computer (can be as simple as guessing a password). Spoofing attack (Phishing) – falsely advertising to be another website or program, and when downloaded can take personal info. Social engineering – when a hacker tries to convince a system administrator that he is a user or supervisor who needs assistance gaining access
Techniques continued… Trojan Horses – a program that appears to be doing one thing while really serving another purpose. Viruses – a self-replicating program that spreads by duplicating copies of itself. Worms – similar to a virus in that it is a self-replicating program, but it does not have to be opened by the user in order to infect a computer. Key Loggers – a tool that records each key stroke made so as to retrieve passwords or private data.
The History of Hacking: A Timeline 1870s 1960s 1970s 1980s 1990s 2000First Instance Positive term John Draper, One of the Creation of Microsoft is aof phone for hackers one of the first arrests the National victim of a newhacking develops most famous of the Infrastructur type of hackingexhibited by through phone Milwaukee- e Protectionteenagers. MIT‟s hackers, based 414 Center. Chinese artificial nicknamed hackers. hackers claim intelligence “Captain to gain access lab. Crunch” to sensitive sites. YouTube Sesame Street hacking controversy.
Notorious “Black Hat” Hackers Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking at age 16. Created a backdoor to the department of defense which enabled him to view sensitive emails and capture employee usernames and passwords. Adrian Lamo: Broke into major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinkos, coffee shops and libraries to do his intrusions so as to remain „untraceable‟.
Famous “White Hat” Hackers Stephen Wozniak: "Woz" is famous for being the "other Steve" of Apple. Tim Berners-Lee: Berners- Lee is famed as the inventor of the World Wide Web
Hacking Today: Stuxnet A computer worm discovered in June of 2010. It is the first discovered malware what spies on and subverts industrial systems. Specifically targeted an Iranian Nuclear Facility. Brings up the question as to whether the framework will be used for future super viruses. Azerbaijan 2.57% United States Country Infected computers: 1.56% Iran 58.85% Pakistan 1.28% Indonesia 18.22% Others 9.2%
Illegality of Hacking Computer Fraud & Abuse Act – 1984 Put in place to reduce cracking of computer systems (hacking) and to address federal computer-related offenses. Initially governed only cases with a compelling federal interest After amendments, many people feel that the law is too broad
Illegal Actions under the Act1. Knowingly accessing a computer without authorization for purposes of obtaining national security data2. Knowingly and intentionally accessing a computer without authorization in order to gain information from a financial institution, any U.S. department or agency, or any protected computer.3. Intentionally accessing without authorization a government computer to affect the government‟s use of it.4. Knowingly accessing a protected computer with the intent to defraud.5. Knowingly causing the transmission of a program, information, code, or command which leads to damage or accessing a computer without authorization, which leads to significant damages.6. Knowingly and with the intent to defraud, trafficking a password or similar information through which a computer may be accessed without authorization.
CFAA in the News Violating an internet service provider‟s terms of service agreement is now subject to criminal prosecution. Cyber bullying – 2008, woman from Missouri charged for leading a teenage girl to commit suicide via MySpace. Guilty verdict thrown out on vagueness of the CFAA Amendment to pending bill approved by U.S. Senate: Would limit the interpretation of the CFAA. Would not include violation of a contractual obligation or agreement. This would protect people for merely violating a contractual agreement with a web site or their ISP from being subject to criminal charges (vs. civil charges) Criminalized conduct also includes: using a fake name on Facebook, lying about your weight on an online dating profile, etc.
Anonymous (Hacking Group) “Hactivism” Target mainly institutions, organizations, and government departments that the group protests against. Aims to spread a message with each attack. Examples: Department of Justice (after MegaUpload), Colombia‟s Defense Ministry (arrests made by Interpol)
Memorable events:US Government & Hacking 1999 – President Clinton passes government computer security initiative 2000 – “I Love You” virus hits the globe 2002 – President Bush creates the Department of Homeland Security. 2005 – NSA illegal wiretapping controversy 2010 – Obama administration ends wiretapping 2010 – Wikileaks controversy 2011- Cyber security legislation goes through Congress 2011 – Foreign hackers steal 24,000 Pentagon files.
“I Love You” Virus – May 4,2000 Email subject line: “I Love You” Attachment :“LOVE-LETTER-FOR- YOU.TXT.vbs” Replaced multimedia files with itself Sent to everyone in Outlook address book Hit 45 million people in one day OnelDe Guzman and Reomel Ramones of the Philippines arrested, then released BEFORE: malware thought of as “urban myth” AFTER: US signs Council of Europe Cybercrime Treaty to harmonize laws
Wikileaks Controversy Private Bradley Manning Gave stolen diplomatic memos to WikiLeaks 260,000 files, airstike videos from Iraq and Afghanistan Replaced music on a Lady Gaga CD with secret files Reported by hacker friend Adrian Lamo Charged in Military Court & staying in medium security facility. Pentagon‟s Response Disable drives prom accessing data Restricted use of memory devices Defense Department installed fraud detection
Hackers steal Pentagon files – March 2011 Plans for missile tracking systems, satellite navigation systems, surveillance drones, and jet fighters were taken. Didn‟t say which data system was hacked and who they suspected. Other breaches: Lockheed, Martin, RSA Security New cyber strategy Tighter defense, collective effort, technological innovation Military‟s Cyber Command coordinates operations for computer networks. Incentives Taken: National data breach reporting, increased penalties, possible military action response, cybersecurity (DoD, DHS, and private sector)
Questions: Do you think that the US government should invest more into preventing hacking? Do you think cyberspace is a new frontier for possible terrorist attacks? (i.e. Stuxnet) Have any of you ever been a victim of hacking? Should the CFAA definition be narrowed to better define what should be punished related to hacking? What do you think about the concept of hactivism? Are there other channels for
Bibliography: "Bush says he signed NSA wiretap order." CNN.com. CNN, 2005. Web. 21 Mar 2012. http://articles.cnn.com/2005-12-17/politics/bush.nsa_1_wiretaps-constitutional-responsibilities-and-authorities- national-security-agency?_s=PM:POLITICS Hamblen, Matt. "Clinton commits 1.46B to fight cyberterrorism." CNN.com. CNN, 1999. Web. 21 Mar 2012. http://articles.cnn.com/1999-01-26/tech/9901_26_clinton.idg_1_detection-security-cyberterrorists?_s=PM:TECH "ILOVEYOU virus." TechTarget.com. TechTarget, 2012. Web. 21 Mar 2012. http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus Kleinbard, David. "U.S. catches Love virus." CNN.com. CNNMoney, 2000. Web. 21 Mar 2012. http://money.cnn.com/2000/05/05/technology/loveyou/ Reporter, Staff. "Pentagon Releases Cyberspace Strategy After Hackers Stole 24K Files." IBTimes.com. International Business Times, 2011. Web. 21 Mar 2012. http://www.ibtimes.com/articles/180746/20110715/united- states-secretary-of-defense-dod-william-lynn-department-of-defense-pentagon-online-security-d.htm Shanker, Tom. "Hackers Gained Access to Sensitive Military Files." NYTimes.com. New York Times, 2011. Web. 21 Mar 2012. http://www.nytimes.com/2011/07/15/world/15cyber.html?_r=1&pagewanted=all "Wikileaks suspect believed to have used CD, memory stick to get past Pentagon security."DallasNews.com. The Associated Press, 2010. Web. 21 Mar 2012. http://www.dallasnews.com/news/washington/20101130-wikileaks- suspect-believed-to-have-used-cd-memory-stick-to-get-past-pentagon-security.ece http://www.wired.com/threatlevel/2011/11/anti-hacking-law-too-broad/ http://www.nytimes.com/2012/01/21/technology/megaupload-indictment-internet-piracy.html?_r=1 http://www.law.cornell.edu/uscode/text/18/1030 Trigaux, R.. "A history of hacking." http://www.sptimes.com/Hackers/history.hacking.html. N.p., 2000. Web. 20 Mar 2012. http://www.sptimes.com/Hackers/history.hacking.html IT Security Editors, Top 10 most famous hackers of all time. N.p., 2011. Web. 20 Mar 2012. http://www.focus.com/fyi/top-10-most-famous-hackers-all-time/Broad, W. J., J. Markoff, and D. E. Sanger. "Israeli Test on Worm Called Crucial in Iran Nuclear Delay." New york times. New York Times, 2011. Web. 20 Mar 2012. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all