SlideShare a Scribd company logo
1 of 25
Hackers, Crackers, and
Network Intruders
Agenda
• Hackers and their vocabulary
• Threats and risks
• Types of hackers
• Gaining access
• Intrusion detection and prevention
• Legal and ethical issues
Hacker Terms
• Hacking - showing computer expertise
• Cracking - breaching security on software or systems
• Phreaking - cracking telecom networks
• Spoofing - faking the originating IP address in a datagram
• Denial of Service (DoS) - flooding a host with sufficient
network traffic so that it can’t respond anymore
• Port Scanning - searching for vulnerabilities
Hacking through the ages
• 1969 - Unix ‘hacked’ together
• 1971 - Cap ‘n Crunch phone exploit discovered
• 1988 - Morris Internet worm crashes 6,000 servers
• 1994 - $10 million transferred from CitiBank accounts
• 1995 - Kevin Mitnick sentenced to 5 years in jail
• 2000 - Major websites succumb to DDoS
• 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked
while web database was undergoing maintenance)
• 2001 Code Red
– exploited bug in MS IIS to penetrate & spread
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd
wave infected 360000 servers in 14 hours
• Code Red 2 - had backdoor installed to allow remote control
• Nimda -used multiple infection mechanisms email, shares, web client, IIS
• 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
The threats
• Denial of Service (Yahoo, eBay, CNN, MS)
• Defacing, Graffiti, Slander, Reputation
• Loss of data (destruction, theft)
• Divulging private information (AirMiles,
corporate espionage, personal financial)
• Loss of financial assets (CitiBank)
CIA.gov defacement example
Web site defacement example
Types of hackers
• Professional hackers
– Black Hats – the Bad Guys
– White Hats – Professional Security Experts
• Script kiddies
– Mostly kids/students
• User tools created by black hats,
– To get free stuff
– Impress their peers
– Not get caught
• Underemployed Adult Hackers
– Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern european countries
• Ideological Hackers
– hack as a mechanism to promote some political or ideological purpose
– Usually coincide with political events
Types of Hackers
• Criminal Hackers
– Real criminals, are in it for whatever they can get no matter who it
hurts
• Corporate Spies
– Are relatively rare
• Disgruntled Employees
– Most dangerous to an enterprise as they are “insiders”
– Since many companies subcontract their network services a
disgruntled vendor could be very dangerous to the host enterprise
Top intrusion justifications
• I’m doing you a favor pointing out your vulnerabilities
• I’m making a political statement
• Because I can
• Because I’m paid to do it
Gaining access
• Front door
– Password guessing
– Password/key stealing
• Back doors
– Often left by original developers as debug and/or diagnostic tools
– Forgot to remove before release
• Trojan Horses
– Usually hidden inside of software that we download and install
from the net (remember nothing is free)
– Many install backdoors
• Software vulnerability exploitation
– Often advertised on the OEMs web site along with security
patches
– Fertile ground for script kiddies looking for something to do
Back doors & Trojans
• e.g. Whack-a-mole / NetBus
• Cable modems / DSL very vulnerable
• Protect with Virus Scanners, Port Scanners,
Personal Firewalls
Software vulnerability exploitation
• Buffer overruns
• HTML / CGI scripts
• Poor design of web applications
– Javascript hacks
– PHP/ASP/ColdFusion URL hacks
• Other holes / bugs in software and services
• Tools and scripts used to scan ports for vulnerabilities
Password guessing
• Default or null passwords
• Password same as user name (use finger)
• Password files, trusted servers
• Brute force
– make sure login attempts audited!
Password/key theft
• Dumpster diving
– Its amazing what people throw in the trash
• Personal information
• Passwords
• Good doughnuts
– Many enterprises now shred all white paper trash
• Inside jobs
– Disgruntled employees
– Terminated employees (about 50% of intrusions
resulting in significant loss)
Once inside, the hacker can...
• Modify logs
– To cover their tracks
– To mess with you
• Steal files
– Sometimes destroy after stealing
– A pro would steal and cover their tracks so to be undetected
• Modify files
– To let you know they were there
– To cause mischief
• Install back doors
– So they can get in again
• Attack other systems
Intrusion detection systems (IDS)
• A lot of research going on at universities
– Doug Somerville- EE Dept, Viktor Skorman – EE Dept
• Big money available due to 9/11 and Dept of Homeland
Security
• Vulnerability scanners
– pro-actively identifies risks
– User use pattern matching
• When pattern deviates from norm should be investigated
• Network-based IDS
– examine packets for suspicious activity
– can integrate with firewall
– require one dedicated IDS server per segment
Intrusion detection systems (IDS)
• Host-based IDS
– monitors logs, events, files, and packets sent to
the host
– installed on each host on network
• Honeypot
– decoy server
– collects evidence and alerts admin
Intrusion prevention
• Patches and upgrades (hardening)
• Disabling unnecessary software
• Firewalls and Intrusion Detection Systems
• ‘Honeypots’
• Recognizing and reacting to port scanning
Risk management
Probability
Impact
Ignore
(e.g. delude yourself)
Prevent
(e.g. firewalls, IDS,
patches)
Backup Plan
(e.g. redundancies)
Contain & Control
(e.g. port scan)
Legal and ethical questions
• ‘Ethical’ hacking?
• How to react to mischief or nuisances?
• Is scanning for vulnerabilities legal?
– Some hackers are trying to use this as a business model
• Here are your vulnerabilities, let us help you
• Can private property laws be applied on the Internet?
Port scanner example
Computer Crimes
• Financial Fraud
• Credit Card Theft
• Identity Theft
• Computer specific crimes
– Denial-of-service
– Denial of access to information
– Viruses Melissa virus cost New Jersey man 20 months in jail
• Melissa caused in excess of $80 Million
• Intellectual Property Offenses
– Information theft
– Trafficking in pirated information
– Storing pirated information
– Compromising information
– Destroying information
• Content related Offenses
– Hate crimes
– Harrassment
– Cyber-stalking
• Child privacy
Federal Statutes
• Computer Fraud and Abuse Act of 1984
– Makes it a crime to knowingly access a federal computer
• Electronic Communications Privacy Act of 1986
– Updated the Federal Wiretap Act act to include electronically stored data
• U.S. Communications Assistance for Law Enforcement Act of 1996
– Ammended the Electronic Communications Act to require all
communications carriers to make wiretaps possible
• Economic and Protection of Proprietary Information Act of 1996
– Extends definition of privacy to include proprietary economic information
, theft would constitute corporate or industrial espionage
• Health Insurance Portability and Accountability Act of 1996
– Standards for the electronic transmission of healthcare information
• National Information Infrastructure Protection Act of 1996
– Amends Computer Fraud and Abuse Act to provide more protection to
computerized information and systems used in foreign and interstate
commerce or communications
• The Graham-Lynch-Bliley Act of 1999
– Limits instances of when financial institution can disclose nonpublic
information of a customer to a third party
Legal Recourse
• Average armed robber will get $2500-$7500 and risk
being shot or killed; 50-60% will get caught , convicted
and spent an average of 5 years of hard time
• Average computer criminal will net $50K-$500K with a
risk of being fired or going to jail; only 10% are caught, of
those only 15% will be turned in to authorities; less than
50% of them will do jail time
• Prosecution
– Many institutions fail to prosecute for fear of advertising
• Many banks absorb the losses fearing that they would lose more if
their customers found out and took their business elsewhere
– Fix the vulnerability and continue on with business as usual

More Related Content

What's hot

Etical hacking
Etical hackingEtical hacking
Etical hacking
talhaabid
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 

What's hot (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yours
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Cybercrime And Cyber forensics
Cybercrime And  Cyber forensics Cybercrime And  Cyber forensics
Cybercrime And Cyber forensics
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 

Viewers also liked

Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
lbcollins18
 
04b storing data - storage devices
04b   storing data - storage devices04b   storing data - storage devices
04b storing data - storage devices
horrorland
 
Ch2 presenting the internet.
Ch2 presenting the internet.Ch2 presenting the internet.
Ch2 presenting the internet.
cs001
 
Interacting with Your Computer
Interacting with Your ComputerInteracting with Your Computer
Interacting with Your Computer
Ujjwal 'Shanu'
 
Ch5 storagedevices(updated)
Ch5 storagedevices(updated)Ch5 storagedevices(updated)
Ch5 storagedevices(updated)
cs001
 

Viewers also liked (20)

DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.pl
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
UAS TESTING
UAS TESTINGUAS TESTING
UAS TESTING
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Measuring & improving drive performance
Measuring & improving drive performanceMeasuring & improving drive performance
Measuring & improving drive performance
 
Hacker&cracker
Hacker&crackerHacker&cracker
Hacker&cracker
 
04b storing data - storage devices
04b   storing data - storage devices04b   storing data - storage devices
04b storing data - storage devices
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
 
Ch2 presenting the internet.
Ch2 presenting the internet.Ch2 presenting the internet.
Ch2 presenting the internet.
 
Network structure and data sources
Network structure and data sourcesNetwork structure and data sources
Network structure and data sources
 
Computer organisation
Computer organisationComputer organisation
Computer organisation
 
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan KomputerPresentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
 
Interacting with Your Computer
Interacting with Your ComputerInteracting with Your Computer
Interacting with Your Computer
 
Ch5 storagedevices(updated)
Ch5 storagedevices(updated)Ch5 storagedevices(updated)
Ch5 storagedevices(updated)
 
Input devices [autosaved]
Input devices [autosaved]Input devices [autosaved]
Input devices [autosaved]
 

Similar to Hackers Cracker Network Intruder

Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
EndAlk15
 

Similar to Hackers Cracker Network Intruder (20)

Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
9. Computer Ethics.ppt
9. Computer Ethics.ppt9. Computer Ethics.ppt
9. Computer Ethics.ppt
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Web security
Web securityWeb security
Web security
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5   session 1 - st dev con 2016 - need for security for iotTrack 5   session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
9 - Security
9 - Security9 - Security
9 - Security
 
Chapter5.ppt
Chapter5.pptChapter5.ppt
Chapter5.ppt
 
Hacking
Hacking Hacking
Hacking
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
cybersecurity notes important points.pptx
cybersecurity notes important points.pptxcybersecurity notes important points.pptx
cybersecurity notes important points.pptx
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 

More from Erdo Deshiant Garnaby

More from Erdo Deshiant Garnaby (16)

Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Org Design
Org DesignOrg Design
Org Design
 
HOS Talent management presentation
HOS Talent management presentationHOS Talent management presentation
HOS Talent management presentation
 
Talent management
Talent managementTalent management
Talent management
 
Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resources
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoring
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+security
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machines
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurity
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 

Recently uploaded

一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
huskn
 
Drug Regulatory Authority of Pakistan (DRAP).pptx
Drug Regulatory Authority of Pakistan (DRAP).pptxDrug Regulatory Authority of Pakistan (DRAP).pptx
Drug Regulatory Authority of Pakistan (DRAP).pptx
ShafaatHussain20
 
一比一原版(UW毕业证)华盛顿大学毕业证成绩单
一比一原版(UW毕业证)华盛顿大学毕业证成绩单一比一原版(UW毕业证)华盛顿大学毕业证成绩单
一比一原版(UW毕业证)华盛顿大学毕业证成绩单
huskn
 
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
azfuce
 
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
efbuqu
 
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
ahgeo
 
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
GilbertChia4
 
Functional properties of egg.123456789123456789123456789
Functional properties of egg.123456789123456789123456789Functional properties of egg.123456789123456789123456789
Functional properties of egg.123456789123456789123456789
eshakanwal932
 
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
ahgeo
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
azfuce
 

Recently uploaded (19)

Roskill Fish and Chips | Auckland | New
Roskill Fish and Chips | Auckland  | NewRoskill Fish and Chips | Auckland  | New
Roskill Fish and Chips | Auckland | New
 
ice cream manufacturing process and standards.ppt
ice cream manufacturing process and standards.pptice cream manufacturing process and standards.ppt
ice cream manufacturing process and standards.ppt
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单
 
Health Benefits of Turnips - Turning up the Nutritional Value.pdf
Health Benefits of Turnips - Turning up the Nutritional Value.pdfHealth Benefits of Turnips - Turning up the Nutritional Value.pdf
Health Benefits of Turnips - Turning up the Nutritional Value.pdf
 
Drug Regulatory Authority of Pakistan (DRAP).pptx
Drug Regulatory Authority of Pakistan (DRAP).pptxDrug Regulatory Authority of Pakistan (DRAP).pptx
Drug Regulatory Authority of Pakistan (DRAP).pptx
 
一比一原版(UW毕业证)华盛顿大学毕业证成绩单
一比一原版(UW毕业证)华盛顿大学毕业证成绩单一比一原版(UW毕业证)华盛顿大学毕业证成绩单
一比一原版(UW毕业证)华盛顿大学毕业证成绩单
 
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
一比一原版(SFU毕业证)西蒙弗雷泽大学毕业证成绩单
 
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
一比一原版(UC Davis毕业证)加州大学|戴维斯分校毕业证成绩单
 
Steak Tenderizing Case Study by Adam Wojtow, Steak Revolution Founder
Steak Tenderizing Case Study by Adam Wojtow, Steak Revolution FounderSteak Tenderizing Case Study by Adam Wojtow, Steak Revolution Founder
Steak Tenderizing Case Study by Adam Wojtow, Steak Revolution Founder
 
Understanding the Food Industry of India
Understanding the Food Industry of IndiaUnderstanding the Food Industry of India
Understanding the Food Industry of India
 
5 Ways Sea Moss Can Improve Thyroid Function
5 Ways Sea Moss Can Improve Thyroid Function5 Ways Sea Moss Can Improve Thyroid Function
5 Ways Sea Moss Can Improve Thyroid Function
 
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
一比一原版(UCB毕业证)加利福尼亚大学|伯克利分校毕业证成绩单
 
How do microorganisms contribute to food flavour development .pptx
How do microorganisms contribute to food flavour development .pptxHow do microorganisms contribute to food flavour development .pptx
How do microorganisms contribute to food flavour development .pptx
 
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
496838544-Boy-in-the-Striped-Pajamas-Questions-With-Answers (1).pdf
 
Functional properties of egg.123456789123456789123456789
Functional properties of egg.123456789123456789123456789Functional properties of egg.123456789123456789123456789
Functional properties of egg.123456789123456789123456789
 
Assessing the COOKING SKILLS Development of Grade 11 Cookery Students in Cari...
Assessing the COOKING SKILLS Development of Grade 11 Cookery Students in Cari...Assessing the COOKING SKILLS Development of Grade 11 Cookery Students in Cari...
Assessing the COOKING SKILLS Development of Grade 11 Cookery Students in Cari...
 
NO1 Qari Amil Baba Bangali Baba | Aamil baba Taweez Online Kala Jadu kala jad...
NO1 Qari Amil Baba Bangali Baba | Aamil baba Taweez Online Kala Jadu kala jad...NO1 Qari Amil Baba Bangali Baba | Aamil baba Taweez Online Kala Jadu kala jad...
NO1 Qari Amil Baba Bangali Baba | Aamil baba Taweez Online Kala Jadu kala jad...
 
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
一比一原版(UCLA毕业证)加利福尼亚大学|洛杉矶分校毕业证成绩单
 
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
一比一原版(UIUC毕业证)伊利诺伊大学|厄巴纳-香槟分校毕业证成绩单
 

Hackers Cracker Network Intruder

  • 2. Agenda • Hackers and their vocabulary • Threats and risks • Types of hackers • Gaining access • Intrusion detection and prevention • Legal and ethical issues
  • 3. Hacker Terms • Hacking - showing computer expertise • Cracking - breaching security on software or systems • Phreaking - cracking telecom networks • Spoofing - faking the originating IP address in a datagram • Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore • Port Scanning - searching for vulnerabilities
  • 4. Hacking through the ages • 1969 - Unix ‘hacked’ together • 1971 - Cap ‘n Crunch phone exploit discovered • 1988 - Morris Internet worm crashes 6,000 servers • 1994 - $10 million transferred from CitiBank accounts • 1995 - Kevin Mitnick sentenced to 5 years in jail • 2000 - Major websites succumb to DDoS • 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) • 2001 Code Red – exploited bug in MS IIS to penetrate & spread – probes random IPs for systems running IIS – had trigger time for denial-of-service attack – 2nd wave infected 360000 servers in 14 hours • Code Red 2 - had backdoor installed to allow remote control • Nimda -used multiple infection mechanisms email, shares, web client, IIS • 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
  • 5. The threats • Denial of Service (Yahoo, eBay, CNN, MS) • Defacing, Graffiti, Slander, Reputation • Loss of data (destruction, theft) • Divulging private information (AirMiles, corporate espionage, personal financial) • Loss of financial assets (CitiBank)
  • 8. Types of hackers • Professional hackers – Black Hats – the Bad Guys – White Hats – Professional Security Experts • Script kiddies – Mostly kids/students • User tools created by black hats, – To get free stuff – Impress their peers – Not get caught • Underemployed Adult Hackers – Former Script Kiddies • Can’t get employment in the field • Want recognition in hacker community • Big in eastern european countries • Ideological Hackers – hack as a mechanism to promote some political or ideological purpose – Usually coincide with political events
  • 9. Types of Hackers • Criminal Hackers – Real criminals, are in it for whatever they can get no matter who it hurts • Corporate Spies – Are relatively rare • Disgruntled Employees – Most dangerous to an enterprise as they are “insiders” – Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise
  • 10. Top intrusion justifications • I’m doing you a favor pointing out your vulnerabilities • I’m making a political statement • Because I can • Because I’m paid to do it
  • 11. Gaining access • Front door – Password guessing – Password/key stealing • Back doors – Often left by original developers as debug and/or diagnostic tools – Forgot to remove before release • Trojan Horses – Usually hidden inside of software that we download and install from the net (remember nothing is free) – Many install backdoors • Software vulnerability exploitation – Often advertised on the OEMs web site along with security patches – Fertile ground for script kiddies looking for something to do
  • 12. Back doors & Trojans • e.g. Whack-a-mole / NetBus • Cable modems / DSL very vulnerable • Protect with Virus Scanners, Port Scanners, Personal Firewalls
  • 13. Software vulnerability exploitation • Buffer overruns • HTML / CGI scripts • Poor design of web applications – Javascript hacks – PHP/ASP/ColdFusion URL hacks • Other holes / bugs in software and services • Tools and scripts used to scan ports for vulnerabilities
  • 14. Password guessing • Default or null passwords • Password same as user name (use finger) • Password files, trusted servers • Brute force – make sure login attempts audited!
  • 15. Password/key theft • Dumpster diving – Its amazing what people throw in the trash • Personal information • Passwords • Good doughnuts – Many enterprises now shred all white paper trash • Inside jobs – Disgruntled employees – Terminated employees (about 50% of intrusions resulting in significant loss)
  • 16. Once inside, the hacker can... • Modify logs – To cover their tracks – To mess with you • Steal files – Sometimes destroy after stealing – A pro would steal and cover their tracks so to be undetected • Modify files – To let you know they were there – To cause mischief • Install back doors – So they can get in again • Attack other systems
  • 17. Intrusion detection systems (IDS) • A lot of research going on at universities – Doug Somerville- EE Dept, Viktor Skorman – EE Dept • Big money available due to 9/11 and Dept of Homeland Security • Vulnerability scanners – pro-actively identifies risks – User use pattern matching • When pattern deviates from norm should be investigated • Network-based IDS – examine packets for suspicious activity – can integrate with firewall – require one dedicated IDS server per segment
  • 18. Intrusion detection systems (IDS) • Host-based IDS – monitors logs, events, files, and packets sent to the host – installed on each host on network • Honeypot – decoy server – collects evidence and alerts admin
  • 19. Intrusion prevention • Patches and upgrades (hardening) • Disabling unnecessary software • Firewalls and Intrusion Detection Systems • ‘Honeypots’ • Recognizing and reacting to port scanning
  • 20. Risk management Probability Impact Ignore (e.g. delude yourself) Prevent (e.g. firewalls, IDS, patches) Backup Plan (e.g. redundancies) Contain & Control (e.g. port scan)
  • 21. Legal and ethical questions • ‘Ethical’ hacking? • How to react to mischief or nuisances? • Is scanning for vulnerabilities legal? – Some hackers are trying to use this as a business model • Here are your vulnerabilities, let us help you • Can private property laws be applied on the Internet?
  • 23. Computer Crimes • Financial Fraud • Credit Card Theft • Identity Theft • Computer specific crimes – Denial-of-service – Denial of access to information – Viruses Melissa virus cost New Jersey man 20 months in jail • Melissa caused in excess of $80 Million • Intellectual Property Offenses – Information theft – Trafficking in pirated information – Storing pirated information – Compromising information – Destroying information • Content related Offenses – Hate crimes – Harrassment – Cyber-stalking • Child privacy
  • 24. Federal Statutes • Computer Fraud and Abuse Act of 1984 – Makes it a crime to knowingly access a federal computer • Electronic Communications Privacy Act of 1986 – Updated the Federal Wiretap Act act to include electronically stored data • U.S. Communications Assistance for Law Enforcement Act of 1996 – Ammended the Electronic Communications Act to require all communications carriers to make wiretaps possible • Economic and Protection of Proprietary Information Act of 1996 – Extends definition of privacy to include proprietary economic information , theft would constitute corporate or industrial espionage • Health Insurance Portability and Accountability Act of 1996 – Standards for the electronic transmission of healthcare information • National Information Infrastructure Protection Act of 1996 – Amends Computer Fraud and Abuse Act to provide more protection to computerized information and systems used in foreign and interstate commerce or communications • The Graham-Lynch-Bliley Act of 1999 – Limits instances of when financial institution can disclose nonpublic information of a customer to a third party
  • 25. Legal Recourse • Average armed robber will get $2500-$7500 and risk being shot or killed; 50-60% will get caught , convicted and spent an average of 5 years of hard time • Average computer criminal will net $50K-$500K with a risk of being fired or going to jail; only 10% are caught, of those only 15% will be turned in to authorities; less than 50% of them will do jail time • Prosecution – Many institutions fail to prosecute for fear of advertising • Many banks absorb the losses fearing that they would lose more if their customers found out and took their business elsewhere – Fix the vulnerability and continue on with business as usual