551 2006 3


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

551 2006 3

  1. 1. Kevin Mitnick Presenters: Eric Caspary and Bill Giallourakis “ The World’s Most Famous Hacker”
  2. 2. The Kevin Mitnick/Tsutomu Shimomura Affair Presenter: Bill Giallourakis
  3. 3. The Players <ul><li>Kevin Mitnick </li></ul><ul><ul><li>An accomplished hacker </li></ul></ul><ul><ul><li>Had already been arrested for various computer crimes </li></ul></ul><ul><li>Tsutomu Shimomura </li></ul><ul><ul><li>Computer security researcher working at the San Diego Supercomputer Center </li></ul></ul>
  4. 4. The Target <ul><li>Tsutomu’s Computers in San Diego </li></ul><ul><ul><li>Ariel: Contained research and technology information about computer security and cellular technology . </li></ul></ul><ul><ul><li>This information could be used to anonymously break into many other systems. </li></ul></ul><ul><ul><li>Note: Hacker previously tried to get this cellular technology from another system, but failed. </li></ul></ul>
  5. 5. The Attack <ul><li>Took place on Christmas Day, 1994 </li></ul><ul><li>Mitnick remotely took control of a PC at Toad.com </li></ul><ul><ul><li>He used this PC to launch the attack </li></ul></ul><ul><ul><li>Note: Ironically, Tsutomu was spending time with a friend at Toad Hall during the exact time the hacker took over the computer and attacked his systems. </li></ul></ul>
  6. 6. Attack Details <ul><li>Two different attack mechanisms were used: </li></ul><ul><ul><li>IP source address spoofing </li></ul></ul><ul><ul><li>TCP sequence number prediction </li></ul></ul><ul><li>Gained access to a x-terminal workstation </li></ul><ul><ul><li>Mitnick got root access </li></ul></ul><ul><ul><li>Hijacked an existing connection and got access to the rest of the system </li></ul></ul>
  7. 7. The Defense, Part 1 <ul><li>Shimomura did not have a firewall </li></ul><ul><ul><li>Thought they were too restrictive </li></ul></ul><ul><li>Used encryption </li></ul><ul><li>Used a set of log files to track activity on his machines: </li></ul><ul><ul><li>Logs emailed to a research assistant to check for intrusions </li></ul></ul><ul><ul><li>During the break in, Mitnick deleted the log file to cover his tracks </li></ul></ul>
  8. 8. The Defense, Part 2 <ul><li>After the attack, the log files were emailed to the research assistant </li></ul><ul><li>An automated process compared all log files mathematically with one another. </li></ul><ul><li>An inconsistency was found and the assistant contacted Shimomura </li></ul>
  9. 9. Application to CSE 551 <ul><li>Obsolete Technology </li></ul><ul><li>No Firewall </li></ul><ul><li>Availability vs. Security </li></ul><ul><li>Log-based Intrusion Detection </li></ul>
  10. 10. Messages <ul><li>Mitnick left taunting messages behind on Tsutomu’s computers </li></ul><ul><li>He also made taunting phone calls to Tsutomu’s voicemail </li></ul><ul><ul><li>“ Kung Fu” </li></ul></ul><ul><ul><li>Some of the calls threatened Shimomura’s life </li></ul></ul>
  11. 11. The Pursuit, Part 1 <ul><li>Tsutomu had his machines “halted” </li></ul><ul><li>Took the disks to the San Diego Supercomputing center to analyze them </li></ul><ul><li>He looked at the very basic data structure of the disk to recreate the deleted log file </li></ul><ul><ul><li>Tsutomu and his assistant created various programs to analyze the bit patterns on the disk to retrieve the log information </li></ul></ul>
  12. 12. The Pursuit, Part 2 <ul><li>Shimomura’s stolen files were found on a commercial network called The Well. </li></ul><ul><li>This network was a staging point for many of the intruder’s attacks. </li></ul><ul><li>Mitnick was using modified cellular technology to try to hide himself. </li></ul>
  13. 13. The Pursuit, Part 3 <ul><li>Shimomura teamed up with federal agents on February 8, 1994 as the hunt intensified. </li></ul><ul><li>It was discovered that Mitnick was accessing The Well through Netcom, a large ISP. </li></ul><ul><li>Mitnick’s phone activity was traced to the Raleigh-Durham area. </li></ul><ul><ul><li>The police could not trace the exact location because Mitnick had engineered a looping switch. </li></ul></ul>
  14. 14. The Capture <ul><li>Shimomura’s used his own modified cellular technology to track Mitnick </li></ul><ul><ul><li>Semi-Legal </li></ul></ul><ul><li>Once they found the source of the calls, Shimomura and his team called in the FBI. </li></ul><ul><li>Kevin Mitnick was arrested at his apartment in Raleigh, North Carolina at 1:30 am on February 15, 1995 </li></ul>
  15. 15. Kevin Mitnick: “The Showdown in R-Town” Presenter: Eric Caspary
  16. 16. Nature of the Crime, Part 1 <ul><li>Kevin Mitnick committed a series of federal offenses in a 2½-year computer hacking spree </li></ul><ul><li>In 1993, California state police issued a warrant for the arrest of Kevin Mitnick </li></ul><ul><li>Accused of wiretapping calls from the FBI to the California Department of Motor Vehicles and using law-enforcement access codes gleaned from the wiretaps to illegally gain entry to the driver’s license database </li></ul><ul><li>In December 1994, Mitnick was involved in stealing software, email and other files from a computer belonging to Tsutomu Shimomura, a computational physicist and computer security expert at the San Diego Supercomputer Center </li></ul>
  17. 17. Nature of the Crime, Part 2 <ul><li>In February 1995, Kevin Mitnick was arrested in Raleigh, North Carolina, after more than two years on the run </li></ul><ul><li>Kevin Mitnick pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication </li></ul><ul><li>In a global plea agreement he admitted that he broke into a number of computer systems and stole proprietary software belonging to Motorola, Novell, Fujitsu, Sun Microsystems and other companies </li></ul>
  18. 18. How Information Security Was an Issue <ul><li>Mitnick admitted using a number of tools to commit his crimes, including &quot;social engineering“ </li></ul><ul><li>He also use cloned cellular telephones, &quot;sniffer&quot; programs placed on victims' computer systems and hacker software programs </li></ul><ul><li>As part of his scheme, Mitnick acknowledged altering computer systems belonging to the University of Southern California </li></ul><ul><li>He also admitted that he stole E-mails, monitored computer systems and impersonated employees of victim companies </li></ul>
  19. 19. What Laws Were Applied <ul><li>18 U.S.C. § 1030.  Fraud and Related Activity in Connection with Computers </li></ul><ul><li>Whoever: </li></ul><ul><ul><li>Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--(A) information contained in a financial record of a financial institution, or of a card issuer; </li></ul></ul><ul><ul><li>Knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value; </li></ul></ul><ul><ul><li>Knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; </li></ul></ul><ul><ul><li>shall be punished as provided in subsection (c) of this section. </li></ul></ul>
  20. 20. What Laws Were Applied, Part 2 <ul><li>18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications </li></ul><ul><li>Any person who: </li></ul><ul><ul><li>Intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication; </li></ul></ul><ul><ul><li>Intentionally uses, or endeavors to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection; </li></ul></ul><ul><ul><li>Intentionally uses, endeavors to use, or procures any other person to use or endeavor to use any electronic, mechanical, or other device to intercept any oral communication; </li></ul></ul><ul><ul><li>shall be punished as provided in subsection (4) or shall be subject to suit as provided in subsection (5). </li></ul></ul>
  21. 21. What Laws Were Applied, Part 3 <ul><li>18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access </li></ul><ul><li>Whoever: </li></ul><ul><ul><li>Intentionally accesses without authorization a facility through which an electronic communication service is provided; </li></ul></ul><ul><ul><li>Intentionally exceeds an authorization to access that facility; </li></ul></ul><ul><ul><li>and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section. </li></ul></ul>
  22. 22. What Laws Were Applied, Part 4 <ul><li>18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices </li></ul><ul><li>Whoever: </li></ul><ul><ul><li>Knowingly and with intent to defraud produces, uses, or traffics in one or more counterfeit access devices; </li></ul></ul><ul><ul><li>Knowingly and with intent to defraud uses, produces, traffics in, has control or custody of, or possesses a telecommunications instrument that has been modified or altered to obtain unauthorized use of telecommunications services; </li></ul></ul><ul><ul><li>Knowingly uses, produces, traffics in, has control or custody of, or possesses hardware or software, knowing it has been configured to insert or modify telecommunication identifying information associated with or contained in a telecommunications instrument so that such instrument may be used to obtain telecommunications service without authorization; </li></ul></ul><ul><ul><li>shall, if the offense affects interstate or foreign commerce, be punished as provided in subsection (c) of this section. </li></ul></ul>
  23. 23. Were Applicable Laws Well Thought-Out? <ul><li>The case against Mitnick tested then-nascent laws that had been enacted for dealing with computer crime, and it raised public awareness of security issues involving networked computers </li></ul><ul><li>At the time of his capture and subsequent prosecution, I imagine the laws applicable to his case were not as thorough, well thought-out, or all-encompassing as they are now </li></ul><ul><li>Due in part to mass paranoia, Mitnick was held without bail for over two years before sentencing following his 1995 arrest </li></ul><ul><li>He has said that he set some kind of United States record by being held for four and a half years without a bail hearing, while also held in solitary confinement for eight months &quot;in order to prevent a massive nuclear strike from being initiated by me via a prison payphone&quot; </li></ul><ul><li>This gives one an idea about how computer criminals may have been treated in the 80’s and 90’s and how the legislation at that time may have been somewhat inappropriate </li></ul>
  24. 24. Missing Legislation? <ul><li>At the time of Mitnick’s trial, some legislation was very likely incomplete </li></ul><ul><li>The “new technological frontier,” was just that, new, and it probably took a few years for legislation to catch up with technology </li></ul><ul><li>In later years, however, anti-hacking legislation was greatly expanded. I believe that the currently existing legislation applicable to Mitnick’s case is sufficient and that no further legislation is necessary at this time </li></ul>
  25. 25. Digital Evidence, Part 1 <ul><li>Here are excerpts of the letters sent to the FBI that were used to help calculate the damages caused by Kevin Mitnick in which the companies involved specified damages: </li></ul><ul><ul><li>Sun Microsystems: values the current (Solaris software) product in the hundreds of millions of dollars </li></ul></ul><ul><ul><li>NEC America, Inc: the (stolen) software design for a NEC cellular mobile telephone…is valued at one million seven hundred fifty thousand dollars ($1,750,000.00) </li></ul></ul><ul><ul><li>NOKIA Mobile Phones (UK) LTD: a minimum loss estimated to total US $135 Million </li></ul></ul><ul><ul><li>NOVELL: the cost associated with the development of the source code is well in excess of $75,000,000 </li></ul></ul><ul><ul><li>Fujitsu: GRAND TOTAL: $5,517,389.61. Total recall cost (for source code rework) for 96,441 unit population </li></ul></ul>
  26. 26. Evidence, Part 2 <ul><li>Evidence against Mitnick also includes: </li></ul><ul><ul><li>Voice mail messages to Tsutomu </li></ul></ul><ul><ul><li>Call to Mark Lottor </li></ul></ul><ul><ul><li>Mitnick’s on-line sessions </li></ul></ul><ul><ul><li>Analysis of the machine state after the break-in </li></ul></ul><ul><ul><li>Photo from files stolen from Tsutomu </li></ul></ul><ul><ul><li>Netcom login records for gkremen (a stolen account) </li></ul></ul>
  27. 27. How Evidence Was Handled <ul><li>Mitnick’s attorney, Donald Randolph, tried repeatedly to get Mitnick a computer so he could review evidence that reportedly includes witness statements totaling 1,400 pages, 10 gigabytes of electronic evidence and 1,700 exhibits in all </li></ul><ul><li>But after one hearing, Randolph told reporters that Judge Pfaelzer &quot;didn't seem to want to hear 'computer' and 'Mitnick' in the same sentence&quot; </li></ul><ul><li>The court ultimately allowed Mitnick access to a laptop </li></ul>