0
Wisconsin Union Directorate
Cybersecurity, Hacking, Privacy
April 28, 2014
Nicholas Davis,
CISSP, CISA
Agenda
• Introduction
• Hacking
• Botnets
• Deep Web
• Target Breach
• Ransomware
• Q&A – Anything goes!
Nicholas Davis
• Undergraduate degree, UW-
Madison
• Graduate degree UW-Madison
• Been around a few places
• Taught at UW-...
Computer Hacking
In the computer security context, a
hacker is someone who seeks and
exploits weaknesses in a computer
sys...
Types of Hackers
• White hat
• Black hat
• Grey hat
• Elite hacker
• Script kiddie
• Neophyte
• Blue hat
• Hacktivist
• Na...
Hacking Methods
A typical approach in an attack on
Internet-connected system is:
Network enumeration: Discovering
informat...
Security Exploits Used By
Hackers
A security exploit is a prepared application
that takes advantage of a known weakness.
C...
Techniques
Vulnerability scanner
A vulnerability scanner is a tool used
to quickly check computers on a
network for known ...
Techniques
Password cracking
Password cracking is the process of
recovering passwords from data that
has been stored in or...
Brute Force vs Dictionary
Techniques
Packet sniffer
A packet sniffer is an application that
captures data packets, which can be
used to capture pass...
Packet Sniffer
Techniques
Spoofing attack (Phishing)
A spoofing attack involves one
program, system or website that
successfully masquera...
Phishing
Techniques
Rootkit
A rootkit is a program that uses low-
level, hard-to-detect methods to
subvert control of an operating ...
Rootkit – Sick Computer
Techniques – Social
Engineering
Intimidation As in the "angry
supervisor" technique above, the
hacker convinces the person...
Techniques – Social
Engineering
Helpfulness The opposite of intimidation,
helpfulness exploits many people's natural
insti...
Social Engineering
Example Technique
Techniques – Social
Engineering
Name-dropping The hacker uses
names of authorized users to
convince the person who answers...
Techniques – Social
Engineering
Technical Using technology is also a
way to get information. A hacker can
send a fax or em...
Social Engineering Works!
Trojan Horse
A Trojan horse is a program that
seems to be doing one thing but is
actually doing another. It can be used
to...
Virus
A virus is a self-replicating program
that spreads by inserting copies of
itself into other executable code or
docum...
Computer Worm
Like a virus, a worm is also a self-
replicating program. It differs from a
virus in that (a.) it propagates...
Keylogger
A keylogger is a tool designed to
record ("log") every keystroke on an
affected machine for later retrieval,
usu...
Can Be Bought at Amazon!
Botnets
A botnet is a collection of Internet-connected
programs communicating with other similar
programs in order to perf...
Legal Botnets
The term botnet is widely used when
several IRC bots have been linked
and may possibly set channel modes
on ...
Illegal Botnets
Botnets sometimes compromise computers whose
security defenses have been breached and control
conceded to ...
Annoying Botnets
Botnet Recruitment
Computers can be co-opted into a botnet when
they execute malicious software. This can be
accomplished ...
How A Botnet Works
The Deep Web
The Deep Web (also called the
Deepnet, Invisible Web, or Hidden
Web is World Wide Web content that
is not par...
Deep Resources
Dynamic content: dynamic pages
which are returned in response to a
submitted query or accessed only
through...
Deep Resources
Unlinked content: pages which are not
linked to by other pages, which may
prevent Web crawling programs fro...
Deep Resources
Private Web: sites that require
registration and login (password-
protected resources).
Silk Road
Deep Resources
Contextual Web: pages with content
varying for different access contexts
(e.g., ranges of client IP address...
Deep Resources
Limited access content: sites that limit
access to their pages in a technical
way (e.g., using the Robots E...
Deep Resources
Scripted content: pages that are only
accessible through links produced by
JavaScript as well as content
dy...
Deep Resources
Non-HTML/text content: textual
content encoded in multimedia (image
or video) files or specific file format...
Steganography
Crawling the Deep Web
• Selecting input values for text
search inputs that accept keywords,
• Identifying inputs which acc...
TOR (The Onion Router)
• Uses encryption
• Uses randomness to select hosts
• Tor (anonymity network)
Ahmia.fi: Deep Web Search Engine for Tor Hidden Services
https://ahmia.fi/search
The Target Data Breach
How Did it happen?
Why didn’t Target detect it?
What damage was caused?
Could it happen again?
Cryptolocker
A ransomware trojan which targets
computers running Microsoft Windows
and first surfaced in September 2013.
A...
Cryptolocker
When activated, the malware encrypts
certain types of files stored on local
and mounted network drives using
...
Cryptolocker
Threatens to delete the private key if
the deadline passes. If the deadline is
not met, the malware offers to...
Money Paid
In December 2013 ZDNet traced four
Bitcoin addresses posted by users
who had been infected by
CryptoLocker, in ...
Money Paid
A survey by researchers at the
University of Kent found that 41% of
UK respondents who were
Cryptolocker victim...
Bitcoin Payment Addresses
https://
blockchain.info/address/18iEz617DoD
https://blockchain.info/address/1KP7
What is Bitcoin?
Bitcoin is a peer-to-peer payment
system introduced as open source
software in 2009 by developer Satoshi
...
How Are Bitcoins Created?
Bitcoins are created as a reward for
payment processing work in which
users who offer their comp...
Bitcoin Mining Equipment
Bitcoin Anonymity?
The public nature of bitcoin means
that, while those who use it are not
identified by name, linking
tra...
Bitcoin Anonymity
In order to obfuscate the link between
individual and transaction, some use a
different bitcoin address ...
Bitcoin Proof of Ownership
The ownership of bitcoins associated
with a certain bitcoin address can be
demonstrated with kn...
Bitcoin Wallet
Buying and Selling Bitcoins
Bitcoins can be bought and sold with
many different currencies from
individuals and companies....
Status of Bitcoin (IRS)
The US Government Accountability Office reviewed
virtual currencies upon the request of the Senate...
Q&A Session
Anything Goes!
Nicholas Davis
https://www.facebook.com/nicholas.a.davis
Email ndavis1@wisc.edu
Thank you!
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Upcoming SlideShare
Loading in...5
×

Cybersecurity, Hacking, and Privacy

169

Published on

A presentation I am giving this evening, as a guest speaker, invited by the Wisconsin Union Directorate, on the topics of cybersecurity, hacking, and privacy. The presentation covers some timely topics, such as: Hacking, Botnets, Deep Web, Target Stores Data Breach, Bitcoin and Ransomware. The presentation is designed to educate, stimulate conversation and entertain and is open to all students, faculty and staff of UW-Madison, who are interested in learning more about computer security and IT threats.

Published in: Internet, Technology
1 Comment
0 Likes
Statistics
Notes
  • download here link 100% working:https://app.box.com/s/olzwnk240vfm2ir8yfdw
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
169
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
11
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Cybersecurity, Hacking, and Privacy "

  1. 1. Wisconsin Union Directorate Cybersecurity, Hacking, Privacy April 28, 2014 Nicholas Davis, CISSP, CISA
  2. 2. Agenda • Introduction • Hacking • Botnets • Deep Web • Target Breach • Ransomware • Q&A – Anything goes!
  3. 3. Nicholas Davis • Undergraduate degree, UW- Madison • Graduate degree UW-Madison • Been around a few places • Taught at UW-Madison, MATC, Cardinal Stritch • Work at DoIT • CISSP, CISA
  4. 4. Computer Hacking In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge
  5. 5. Types of Hackers • White hat • Black hat • Grey hat • Elite hacker • Script kiddie • Neophyte • Blue hat • Hacktivist • Nation state • Organized criminal gangs
  6. 6. Hacking Methods A typical approach in an attack on Internet-connected system is: Network enumeration: Discovering information about the intended target. Vulnerability analysis: Identifying potential ways of attack. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
  7. 7. Security Exploits Used By Hackers A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.
  8. 8. Techniques Vulnerability scanner A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer.
  9. 9. Techniques Password cracking Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
  10. 10. Brute Force vs Dictionary
  11. 11. Techniques Packet sniffer A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.
  12. 12. Packet Sniffer
  13. 13. Techniques Spoofing attack (Phishing) A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program—usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.
  14. 14. Phishing
  15. 15. Techniques Rootkit A rootkit is a program that uses low- level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security.
  16. 16. Rootkit – Sick Computer
  17. 17. Techniques – Social Engineering Intimidation As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
  18. 18. Techniques – Social Engineering Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
  19. 19. Social Engineering Example Technique
  20. 20. Techniques – Social Engineering Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate users him- or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents
  21. 21. Techniques – Social Engineering Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record- keeping purposes.
  22. 22. Social Engineering Works!
  23. 23. Trojan Horse A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later.
  24. 24. Virus A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
  25. 25. Computer Worm Like a virus, a worm is also a self- replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any self- propagating program.
  26. 26. Keylogger A keylogger is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine.
  27. 27. Can Be Bought at Amazon!
  28. 28. Botnets A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of- service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.
  29. 29. Legal Botnets The term botnet is widely used when several IRC bots have been linked and may possibly set channel modes on other bots and users while keeping IRC channels free from unwanted users. A common bot used to set up botnets on IRC is eggdrop.
  30. 30. Illegal Botnets Botnets sometimes compromise computers whose security defenses have been breached and control conceded to a third party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards- based network protocols such as IRC and Hypertext Transfer Protocol
  31. 31. Annoying Botnets
  32. 32. Botnet Recruitment Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive- by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.
  33. 33. How A Botnet Works
  34. 34. The Deep Web The Deep Web (also called the Deepnet, Invisible Web, or Hidden Web is World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines.. Some prosecutors and government agencies think that the Deep Web is a haven for serious criminality.
  35. 35. Deep Resources Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open- domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge.
  36. 36. Deep Resources Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content. This content is referred to as pages without backlinks (or inlinks).
  37. 37. Deep Resources Private Web: sites that require registration and login (password- protected resources). Silk Road
  38. 38. Deep Resources Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation sequence).
  39. 39. Deep Resources Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies
  40. 40. Deep Resources Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web servers via Flash or Ajax solutions.
  41. 41. Deep Resources Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines. Steganography
  42. 42. Steganography
  43. 43. Crawling the Deep Web • Selecting input values for text search inputs that accept keywords, • Identifying inputs which accept only values of a specific type (e.g., date), • Selecting a small number of input combinations that generate URLs suitable for inclusion into the Web search index.
  44. 44. TOR (The Onion Router) • Uses encryption • Uses randomness to select hosts • Tor (anonymity network)
  45. 45. Ahmia.fi: Deep Web Search Engine for Tor Hidden Services https://ahmia.fi/search
  46. 46. The Target Data Breach How Did it happen? Why didn’t Target detect it? What damage was caused? Could it happen again?
  47. 47. Cryptolocker A ransomware trojan which targets computers running Microsoft Windows and first surfaced in September 2013. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment.
  48. 48. Cryptolocker When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline.
  49. 49. Cryptolocker Threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
  50. 50. Money Paid In December 2013 ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators' takings. The four addresses showed movement of 41,928 BTC between October 15 and December 18, about US$27 million at the time
  51. 51. Money Paid A survey by researchers at the University of Kent found that 41% of UK respondents who were Cryptolocker victims claimed to have agreed to pay the ransom, a figure much larger than expected; 3% had been conjectured by Symantec, and 0.4% by Dell SecureWorks. The average amount per infection in the U.S. is $300.
  52. 52. Bitcoin Payment Addresses https:// blockchain.info/address/18iEz617DoD https://blockchain.info/address/1KP7
  53. 53. What is Bitcoin? Bitcoin is a peer-to-peer payment system introduced as open source software in 2009 by developer Satoshi Nakamoto.[4] The digital currency created and used in the system is also called bitcoin
  54. 54. How Are Bitcoins Created? Bitcoins are created as a reward for payment processing work in which users who offer their computing power verify and record payments into a public ledger. Called mining, individuals engage in this activity in exchange for transaction fees and newly minted bitcoins.
  55. 55. Bitcoin Mining Equipment
  56. 56. Bitcoin Anonymity? The public nature of bitcoin means that, while those who use it are not identified by name, linking transactions to individuals and companies can be done. Additionally, many jurisdictions require exchanges, where people can buy and sell bitcoins for cash, to collect personal information
  57. 57. Bitcoin Anonymity In order to obfuscate the link between individual and transaction, some use a different bitcoin address for each transaction and others rely on so- called mixing services that allow users to trade bitcoins whose transaction history implicates them for coins with different transaction histories
  58. 58. Bitcoin Proof of Ownership The ownership of bitcoins associated with a certain bitcoin address can be demonstrated with knowledge of the private key belonging to the address. For the owner, it is important to protect the private key from loss or theft. If a private key is lost, the user cannot prove ownership by other means. The coins are then lost and cannot be recovered.
  59. 59. Bitcoin Wallet
  60. 60. Buying and Selling Bitcoins Bitcoins can be bought and sold with many different currencies from individuals and companies. Perhaps the fastest way to purchase bitcoins is in person or at a bitcoin ATM for cash.
  61. 61. Status of Bitcoin (IRS) The US Government Accountability Office reviewed virtual currencies upon the request of the Senate Finance Committee and in May 2013 recommended[136] that the IRS formulate tax guidance for bitcoin businesses. On 25 March 2014, in time for 2013 tax filing, the IRS issued guidance that virtual currency is treated as property for US federal tax purposes and that "an individual who 'mines' virtual currency as a trade or business [is] subject to self-employment tax
  62. 62. Q&A Session Anything Goes! Nicholas Davis https://www.facebook.com/nicholas.a.davis Email ndavis1@wisc.edu Thank you!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×