Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hackers
Why? Who? What do they want?
Where are you most vulnerable?
SKEEVE STEVENS
[Former(?) Hacker]
I.T Security Consult...
! Australian Computer Crime and Security Survey (May 02)
n  ACCS Survey (only every survey of its kind in .au) reports mo...
Why? - Hacker Motivations
! There are many different motivations to hack
n  Experimentation and desire to learn
n  “Gang...
Types of Hackers
Shades of Grey - Are all Hackers Bad?
! Black Hats (The Bad Ones)
n  Professional Crackers (Crime Gangs)...
Who are the Hackers?
! 49% are inside employees or contractors on the internal network
! 17% come from dial-up (still insi...
Perimeter Security Is Not Enough
! Even the best perimeter firewall
can be breached
! What happens to your corporate
asset...
Perimeter Security Is Not Enough
! Many companies with “insider access” - dissolve the
perimeter protection (firewalls):
n...
Typical Inside Network Attacks
! Insider attack
! Social engineering
! Virus infiltration
! Denial of Service
! OS or appl...
Biggest Mistakes in Internal Security
! Everybody trusts everybody
! “Any” theory: “We don’t have anything anyone
would wa...
Network Security IS a Serious Issue
! $202 Billion Lost every year by companies to “e-Crime” in
the US, Australian/rest of...
eSecurity / Hacking Insurance Policies
! Yes, you can actually buy hacking insurance
policies for some situations
! One le...
????????????Future Server Threats
! Digital Nervous System components
! Infrastructure Dependencies
n  Index Server/LDAP ...
$
Information Store
A company’s most valuable assets are on its Information Store
An attack on your Information Store
can ...
Summary (I)
! It is a matter of “when” not a matter of “if” you will be
attacked or hacked - the statistics are against yo...
Summary (II)
! A Hacker can be anyone – an employee with a grudge, a
contractor, a family member. They just want something...
Computerworld Conference (2002)
Upcoming SlideShare
Loading in …5
×

Computerworld Conference (2002)

326 views

Published on

Computerworld Conference (2002)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Computerworld Conference (2002)

  1. 1. Hackers Why? Who? What do they want? Where are you most vulnerable? SKEEVE STEVENS [Former(?) Hacker] I.T Security Consultant Specialising in Security Theory, Trends, Policy, Disaster Prevention Email: skeeve@skeeve.org www.skeeve.org Copyright © 2002 by Skeeve Stevens All Rights Reserved
  2. 2. ! Australian Computer Crime and Security Survey (May 02) n  ACCS Survey (only every survey of its kind in .au) reports more than 67% of respondents have been attacked/hacked during the 2001 period – 7% higher than the U.S in the same period. ! InternetWeek n  50% of U.S Corporations have had 30 or more penetrations n  60% lost up to $200K/intrusion ! Federal Computing World n  Over 50% of (U.S) Federal government agencies report unauthorised access (some are massive numbers) ! FBI/Computer Security Institute n  48% of all attacks originated from within the organization ! WarRoom Research Survey n  90% of Fortune 500 companies in the U.S surveyed admitted to inside security breaches ! Very few companies will talk. Too much fear of losing investor confidence and perhaps panicking the customer base (i.e. banks) Networks Under Assault
  3. 3. Why? - Hacker Motivations ! There are many different motivations to hack n  Experimentation and desire to learn n  “Gang” mentality n  Psychological needs (i.e.. to be noticed?) n  Misguided trust in other individuals n  Altruistic reasons n  Self-gratification n  Revenge and malicious reasons n  Emotional issues n  Desire to embarrass the target (many reasons) n  “Joyriding” n  “Scorekeeping” n  Espionage (corporate, governmental) n  Criminal – Stalking, Intimidation, Hostage, Blackmail
  4. 4. Types of Hackers Shades of Grey - Are all Hackers Bad? ! Black Hats (The Bad Ones) n  Professional Crackers (Crime Gangs) n  Corporate Espionage (Criminal in a suit – more common than companies realise – everyone has a competitor.) n  e-Terrorists (with or without a motivation [eco-hackers]) n  ? ! White Hats (The Good Ones) n  Corporate Security n  Tiger Teams (with reputations – ISS) n  Big 5 Audit/Testing Teams (PWC, etc) n  Law Enforcement Hackers / Military eSecurity ! Grey Hats (The Not-so-Bad / Not-so-Good Ones) n  Depends who’s paying n  Freelancers – to the highest bidder, which can include LEAs
  5. 5. Who are the Hackers? ! 49% are inside employees or contractors on the internal network ! 17% come from dial-up (still inside people) ! 34% are from Internet or an external connection to another company of some sort ! The major area of financial loss in hacking is internal: more money is lost via internal hacking and exploitation (by a factor of 30 or more) ! Most of the hacking that is done is from technical personnel in technical positions within the company
  6. 6. Perimeter Security Is Not Enough ! Even the best perimeter firewall can be breached ! What happens to your corporate assets if the perimeter is breached? ! What protects your internal network if the perimeter security fails? Most Businesses = Nothing ! How do you know you have been breached? Most Businesses = Never Know INTERNET Firewall External Router Internal Servers Production Network Desktops Workstations
  7. 7. Perimeter Security Is Not Enough ! Many companies with “insider access” - dissolve the perimeter protection (firewalls): n  customers, consultants, contractors, temps, supply chain partners, employees – unhappy / rogue (espionage) / snoopy (the curious/ambitious) / terminated (fired) ! Many widely disseminated vulnerabilities, backdoors, firewall holes, firewall pole vaults - such as dial-up modems, shareware password crackers ! Majority of breaches and financial losses - from those with “insider access”
  8. 8. Typical Inside Network Attacks ! Insider attack ! Social engineering ! Virus infiltration ! Denial of Service ! OS or application bug ! Infiltration via passwords ! Infiltration via “no security” ! Spoofing ! Trojan horse ! Brute force ! Stealth infiltration ! Protocol flaw or exploit
  9. 9. Biggest Mistakes in Internal Security ! Everybody trusts everybody ! “Any” theory: “We don’t have anything anyone would want anyway” – never true ! No internal monitoring of any kind ! No internal intrusion detection ! No internal network isolation methods ! No separation of critical networks or subnetworks via VLAN or VPNs ! Infrastructure ignorance
  10. 10. Network Security IS a Serious Issue ! $202 Billion Lost every year by companies to “e-Crime” in the US, Australian/rest of the world statistics are hard to estimate. ! 90% of e-Crime financial losses are INTERNAL ! U.S. Government alone will experience over 300,000 Internet attacks this year, Australian Government has not publicised any numbers ! Hundreds of thousands of websites contain some form of Hacker Tools / Information ! e-Crimes are estimated to take place every 20 seconds...
  11. 11. eSecurity / Hacking Insurance Policies ! Yes, you can actually buy hacking insurance policies for some situations ! One level allows for liability reduction due to protective measures taken (What sort of firewalls / policies / operating systems / training / etc…) ! Another provides a vendor security warranty level of assurance ! Others on their way…
  12. 12. ????????????Future Server Threats ! Digital Nervous System components ! Infrastructure Dependencies n  Index Server/LDAP Servers n  Terminal Server with thin clients n  Exchange servers being used for office and workgroup flow applications n  DNS and other naming services servers n  Voice over IP (VoIP) n  Telephony servers for desktop telephony n  Netmeeting / Video collaboration servers n  NT servers being implemented in factories and industrial networks for process control. These require real-time network security features ! Home implementations for broadband/DSL access ! Small business via broadband/DSL access ! Seasonal threats (holiday hacker gangs)
  13. 13. $ Information Store A company’s most valuable assets are on its Information Store An attack on your Information Store can result in: Loss of access Loss of data integrity Theft of data Loss of privacy Legal liability Loss of Confidence (Owners/Stock market/Customers) Financial Loss (Fraud) Financials HR Records Patient Medical Records R&D Information Legal Records
  14. 14. Summary (I) ! It is a matter of “when” not a matter of “if” you will be attacked or hacked - the statistics are against you ! Internal network security is still the most pervasive corporate threat ! Many different levels of security are necessary to deal with the threats ! Apply internal security in proper measure to meet the actual or perceived threat environment
  15. 15. Summary (II) ! A Hacker can be anyone – an employee with a grudge, a contractor, a family member. They just want something they are not supposed to have. ! Hacking is gaining access to anything you shouldn’t have access to, using means you shouldn’t be using (illegal?) ! eSecurity is as important as real security. If you have a security guard to protect you, you should have an eSecurity guard. ! Many different levels of security are necessary to deal with the threats

×