Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Information Security
Chapter 2
Attackers & Attacks

Information Security © 2006 Eric Vanderburg

Hacker
• “Hacker” – Someone who likes to play with
and learn new things about computers
• Hacker – someone who breaks into
computer systems
• Ethical Hacker – Hacks systems to find
and report vulnerabilities. Employed or
freelance
• Hacker code of ethics – Break into
systems but do not steal, vandalize, or
release information from a target.

Cracker
•
•
•
•
•
•

Violates system security maliciously
Destroy data
Make data or services unavailable
Tamper with information
Create and deploy viruses
Coined in 1985 by ethical hackers


Script Kiddie
•
•
•
•

Low skilled
Use hacking tools
Random targets
Attack to build ego or gain credibility


Spy
• Hired to obtain information or sabotage
operations
• Highly skilled
• Could be employed by a government or
military organization
• Could be an organized attack


Employee
• Could be accidental
• Could be acting as a result of social
engineering
• Could be malicious
– Ego building
– Revenge
– Monetary gain

• Easier because they are a trusted
individual

Hacktivist
•
•
•
•
•
•

Skill level varies
Tries to bring attention to a cause
Deface sites
Steal and release confidential information
Damage operations
Hacktivist Bronc Buster disabled firewalls to
allow Chinese Internet users uncensored
Internet access.
• Hacktivists worked to slow, block, and reroute
traffic for web servers associated with the World
Trade Organization, the World Economic Forum,
and the World Bank.

Cyberterrorist
•
•
•
•
•

Spreads propaganda
Damages operations
Corrupts data
Organized attack
Could target the Internet itself


Types of Attackers
Attacker
Hacker
Cracker
Script Kiddie
Spy
Employee
Hacktivist
Cyberterrorist

Skill Level
High
High
Low
High
Varies
Varies
High

Motivation
Improve Security
Harm Systems
Gain Recognition
Earn Money
Varies
Promote cause
Support Ideology


Attacks
• Social Engineering
• Dumpster Diving – going through trash to
find confidential information
• Phishing – Spoofing a request for
information
• Pharming – Redirect DNS queries to an
alternative site to gain information
• Buffer Overflow
• Mathematical attack – compare encrypted
data to find keys

Attacks
• Password guessing – automated / brute force /
dictionary attack
– Use strong passwords
•
•
•
•
•
•

Alphanumeric
Special characters
Not words
No personal information
Different passwords for different accounts
Change regularly

• Finding weak keys to decrypt messages
– Key – encryption seed for an algorithm
– Algorithm – mathematical formula used for encryption

Attacks
• Birthday attack – Randomly selected values result in
duplicate keys much sooner than if a pattern was used.
Duplicate keys are useful in cracking the encryption so
they should be avoided.
– Birthday paradox – the probability of finding someone else with
the same birthday increases much faster as you meet more
people. 23 people, 50% chance, 60 people, 99% chance.

• Man in the Middle
• Replay attack
• Hijacking / Spoofing
–
–
–
–

IP Spoofing
ARP Spoofing – change ARP table
MAC Spoofing
SSID Spoofing


Attacks
• DoS (Denial of Service)
• DDoS (Distributed Denial of Service)
– Handler – distributor of hijacking software
– Zombie / Bot – hijacked computer that can be
used together with others to perform an attack

• Smurf attack – send a spoofed ping to all
computers on a network and the
responses overwhelm the spoofed server


Malware
• Virus - self-replicating code segment which is be
attached to an executable. When the program is
started, the virus code may also run. If possible,
the virus will replicate by attaching a copy of
itself to another file.
– Logic Bomb - A virus with an additional payload that
runs when specific conditions are met.
– Macro Virus – A virus written with preprogrammed
steps performed by a user. These steps are
performed automatically to do some malicious act.

• Worm - self-replicating program, does not
require a host program, creates a copy and
causes it to execute; no user intervention is
required. Worms commonly utilize network
services to propagate to other computer
systems

Malware
• Trojan horse - malicious code pretending to be
a legitimate application. The user believes they
are running an innocent application when the
program is actually initiating its ulterior activities.
Trojan horses do not replicate.
• Spyware - a program that secretly monitors your
actions. Could be a remote control program
used by a hacker, or it could be used to gather
data about users for advertising,
aggregation/research, or preliminary information
for an attack. Some spyware is configured to
download other programs on the computer.

Protection
• Hygiene
– Antivirus
– Antispyware
– Software patches
– Backup data regularly

• Techniques
– Firewall


Other access methods
• Backdoors
– Created by programmers
– Added by hackers

• Rootkit - conceal running processes, files
or system data. Helps an intruder
maintain access to a system without the
user's knowledge.
– Rooted computer – A computer with a rootkit
installed
– Many times used on a handler or illegal server

Acronyms
•
•
•
•

ARP, Address Resolution Protocol
DoS, Denial of Service
DDoS, Distributed Denial of Service
MAC, Media Access Control


Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Similar to Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg (20)

More from Eric Vanderburg

More from Eric Vanderburg (20)

Recently uploaded

Recently uploaded (20)

Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg