SlideShare a Scribd company logo

Mis 510 cyber analytics project report

Aadil Hussaini
Aadil Hussaini
Education
1 of 12
Download to read offline
Team: Never Off Guard SUMEET BHATIA | AADIL HUSSAINI | SNEHAL NAVALAKHA | MO ZHOU MIS 510: Cyber Analytics Project
1 Table of Contents Introduction................................................................................................................................................ 2 Hacker Web ................................................................................................................................................ 3 Data Collection........................................................................................................................................ 3 Research Question 1 ............................................................................................................................... 3 Data Analysis....................................................................................................................................... 3 Findings/Discussion............................................................................................................................. 4 Research Question 2 ............................................................................................................................... 5 Data Analysis....................................................................................................................................... 5 Findings/Discussion............................................................................................................................. 5 Shodan........................................................................................................................................................ 7 Research Question 1 ............................................................................................................................... 7 Background Information ..................................................................................................................... 7 Data Collection/Analysis ..................................................................................................................... 7 Findings/Discussion............................................................................................................................. 8 Research Question 2 ............................................................................................................................... 9 Background Information ..................................................................................................................... 9 Data Collection/Analysis ..................................................................................................................... 9 Findings/Discussion........................................................................................................................... 10 References ................................................................................................................................................ 11
2 Introduction As computers become more ubiquitous throughout society, the security of networks and information systems is a growing concern. There is an increasing amount of critical infrastructure that relies on computers and information technologies, and advanced technologies have enabled hackers to commit cybercrime much more easily now than in the past. Thus, it has become important for researchers to look into cyber security issues, such as botnet activity, digital forensics and malware analysis. Our research seeks to contribute to the existing literature on cyber security by conducting analytics on data collected from two sources – Hacker Web and Shodan:  Hacker Web: A collection of 18 major online forums where a community of international hacking enthusiasts participate in various kinds of discussions regarding cyber security topics.  Shodan: A search engine for finding open and vulnerable ports and devices on the internet (“Internet of Things”) We have looked at two main research questions for each of the aforementioned data sources. We present our data collection and analysis methods, before discussing our results and findings.
3 Hacker Web Hacker Web is a collection of 18 major online forums where a community of international hacking enthusiasts participate in various kinds of discussions regarding cyber security topics. The individual posts on each of these forums, along with post date/time and authorship information, have been stored in a MySQL database. Hacker Web has been used in various research contexts and has proven to be a reliable source of cyber security-related data. For our research purposes, we have chosen the four English forums to extract data from: “Elitehack,” “Hackhound,” “iCode” and “VCTool.” Data Collection We followed the following steps to collect our data from the four English forums via the Hacker Web MySQL database: 1. Downloaded and configured HeidiSQL 2. Connected to Hacker Web database using provided credentials 3. Run SQL queries (i.e., SELECT * FROM [table] WHERE upper([column]) LIKE “%[KEYWORD]%”) 4. Converting the results of the queries into CSV files 5. Used MS Excel and IBM Many Eyes for various analytics For the scope of our research, we chose to only look at the forum posts (i.e., “elitehackposts,” “hackhoundposts,” “icodeposts” and “vctoolposts”), since they were more likely to contain the keywords that we were looking for. Research Question 1 Through browsing many cyber security-related literature, we found that there were two words that appeared very often: “victim(s)” and “target(s).” Thus, we wanted to analyze data collected from Hacker Web using these two keywords. So our first research question is the following: How frequent do posts with either of the two keywords (i.e., “victim(s)” and “target(s)”) appear on each of the four English forums? How does the frequency vary between the forums across time? Data Analysis We first queried the four English forums individually to find the total number of posts (without any keywords) for each forum. Then we used the keywords “victim(s)” (SQL: “%VICTIM%”) and “target(s)” (SQL: “%TARGET%”) and queried all four forums individually to find the total number of posts with either of the two keywords. Finally, we calculated the percentage of total posts that contained either of the keywords. Next, we wanted to look at how this percentage has changed over time, specifically over the most recent five-year period of 2009-2013. Because “Elitehack” and “Hackhound” are relatively new forums, there was
4 little to no data for years prior to 2012. Thus, we only compared the temporal trends for “iCode” and “VCTool.” Findings/Discussion The following chart depicts a comparison of this percentage for each of the four forums: As we can see, the percentage of posts with either the keyword “victim(s)” or “target(s)” is above 1% for every forum, with “iCode” having the highest at 2.05% and “Hackhound” at 1.02%. It is likely that the reason “iCode” and “VCTool” have higher percentages than “Elitehack” and “Hackhound” because the former two forums were started earlier, so our queries resulted in a larger amount of data for calculating these statistics. The following graph shows a comparison of these trends: 0.00% 0.50% 1.00% 1.50% 2.00% 2.50% elitehackposts hackhoundposts icodeposts vctoolposts # of Posts With Keywords (As a % of Total # of Posts) 0.00% 1.00% 2.00% 3.00% 4.00% 5.00% 6.00% 7.00% 8.00% 2009 2010 2011 2012 2013 # of Posts With Keywords (As a % of Total # of Posts) icodeposts vctoolposts
5 From the graph above, we see that there was an unusually high percentage with the two keywords in the “iCode” forum in 2009. Then, it dropped to a similar level as “VCTool.” In both forums, the percentage has generally grown over time, suggesting an increase in postings that mention “victim(s) and/or “target(s).” Research Question 2 What are the most frequently mentioned topics within each forum and across all four forums? Data Analysis Again, for this question, we used the same query in Question 1 to find the total number of posts in each English forum. What is different is that we then used IBM Many Eyes to conduct a Word Tag analysis to find the most frequently mentioned topics on each forum. Finally, we calculated the percentage of total posts that contained each of these topics. Findings/Discussion The chart below shows the most frequent topics that are mentioned on each of the four English forums: It is apparent from our analysis that each of these forums has its own “flavor.” Elitehack seems the most suitable for hackers who are more interested in social media hacking (e.g., Facebook), while iCode tends to serve the more traditional crowd who are more interested in malware and viruses. Those who enjoy talking about specific technologies and hacking techniques are most likely to visit Hackhound, but those who like to target the government or phish for personal information from individuals may like VCTools better. Then, we aggregated the data from all four forums and found the most popular topics: 0.00% 0.20% 0.40% 0.60% 0.80% 1.00% 1.20% 1.40% 1.60% 1.80% # of Occurences (As a % of # of Total Posts) Elitehack Hackhound d iCode VCTools
6 The results show that unsurprisingly, “Windows” is the most talked about, at 0.7%. The other hot topics are “government” (0.45%), “malware” (0.39%) and “botnet” (0.32%). 0.00% 0.10% 0.20% 0.30% 0.40% 0.50% 0.60% 0.70% 0.80% Windows Malware Government Botnet # of Occurences (As a % of # of Total Posts)
7 Shodan Shodan is a powerful source for finding open and vulnerable ports and devices on the internet (“Internet of Things”). It interrogates ports, grabs the resulting banners and indexes the banners for searching. The different filters available for searching include: IP address, hostname, port, latitude and longitude, operating system, city, country, and device data. When used maliciously, Shodan can be used to exploit unprotected servers or devices. For research purposes, however, it can be a very useful tool to find potentially vulnerabilities in certain systems that are connected to the internet. Research Question 1 Samsung has tried to go “SoLoMo” using its SmartTV. It has tried to integrate internet and Web 2.0 features with television sets. Our first research question on SmartTVs is divided into the following parts: 1. How many SmartTVs are publicly-facing and respond to Shodan’s search query? What is the geographical distribution of these SmartTVs and are all of them exploitable? 2. What percentage of SmartTVs is publicly visible where the Webkit vulnerability in the device could be exploited? Background Information Samsung SmartTV is essentially a Linux device configured with a Webkit-based browser used to load web pages and applications. Webkit is an open-source HTML rendering engine that has a significant presence in Google Chrome and Apple Safari browsers. We chose Samsung SmartTV as our research device because it is a relatively new device in the market and it is not a big enough platform for a lot of people to contribute to its development. However, it uses a browser based on the Webkit technology, which exposes the device to a range of security exploits such as cross-site scripting attacks, denial-of-service attacks and unexpected application termination or arbitrary code execution. Thus, we feel it is important to research SmartTV’s vulnerability on the web. Data Collection/Analysis To get the Samsung SmartTV results, we first researched on Shodan’s website (http://www.shodanhq.com/) regarding various types of banner information the Samsung SmartTV gives us. We found that the tag “Content- Length:345 Server:Swift1.0” was highly prevalent in the SmartTV banner. Then, we ran a query on Shodan using a Python
8 script (as seen in the figure), we retrieved 350,968 records. These were the number of SmartTV that responded to the Shodan query. For our research purpose, we limited our search to 3,000 devices. We assume that the 3,000 records is a random sample, giving us an approximate look and feel of the entire dataset. Finally, we used these records to analyze the geographical distribution of the devices and their exploitability (based on the operating port). Findings/Discussion Research Question 1 Part 1 Our analysis shows that not surprisngly, the Republic of Korea (where Samsung is based) dominates the list of countries. It is followed by United States and Chile is ranked #3 as seen in the figures below. Other countries where the number of devices exceeds 100 are Ukraine, Germany, Russia, Poland and Finland. Digging a level deeper, we found that although the majority of the SmartTVs work on Port 443, which greatly enhances security, a large number of them gave access on Port 80, which makes them quite vulnerable. The figure below shows the breakdown of the ports given access to out of the 3,000 search results.
9 Research Question 1 Part 2 We analyzed Samsung’s financial data for its SmartTV sales. Statistics show that Samsung has sold around 12 million SmartTVs as of Q1 2013. As mentioned earlier, we tracked down 350,968 devices from our Shodan query. This implies that there at least 2.92% of the devices are publicly visible. The Samsung SmartTV has features such as built-in webcams, web-based applications and browsers. The Webkit vulnerability exposes hundreds of thousands of SmartTVs, potentially giving hackers access to multiple ways to get sensitive information from the users with a single hack. Research Question 2 How vulnerable are the traffic signal systems in the United States? Which are the cities that are most vulnerable to getting their traffic signal systems hacked? Background Information While the internet has enabled many of the public communication systems to be accessed digitally, there are growing concerns about their lack of security. Engineers recently hacked into the Traffic Signal System in Los Angeles. The engineers programmed the signals so that red lights for several days would be extremely long on the most congested approaches to the intersections, causing heavy gridlock. Such incidents raise the following security concerns: 1. Traffic Signal Systems can be hacked, which will affect the normal flow of traffic 2. The traffic cameras used for monitoring traffic can be hacked, which is a privacy and security risk Our objective is to find out how vulnerable the Traffic Signal Systems are in the United States, specifically in which cities. Data Collection/Analysis We searched the Shodan database to find information about servers for Traffic Signal Systems. We used two tags that were most prevalent in the header information such servers. Below is our detailed process: 1. Searched for header keywords in the Shodan Database 2. Wrote a Java application to extract the data row by row return it to Python 3. Wrote a loop using Python to input and store the data row by row in MS Excel 4. Used the results in output for analysis 1470 1518 5 7 80 443 8080 8443 (BLANK) Count Port Number Total Number of Hosts Total
10 Findings/Discussion First, we used the tag “atz executive” to get information about all the systems on Port 23 (i.e., FTP). This gave us information of all “ATZ Traffic Signal Systems” using the Operating systems C Executive. We were able to get access into the system and see live images. We found 216 records and then we sorted them by city and state. The analysis showed that Louisiana had the most number of vulnerable systems, and the cities of Metairie and New Orleans in that state ranked in the top 2 across the country. Then, we used the tag “Content-Length: 2861 Cache-Control: max-age=86400” to get information on Port 8080. We found that “Content-Length: 2861” corresponds to PIPS technology, which provides automatic license plate recognition. These devices offer a telnet connection for management that does not require authentication. We were able to observe the number plate information and live images. We were also able to modify the configuration settings. Again, we found that the city of Metairie in Louisiana had the most vulnerable Traffic Signal Systems.
11 References (n.d.). Shodan Introduction [PowerPoint slides]. Retrieved from http://ai.arizona.edu/mis510/ Benjamin, V. (2014). Cybersecurity Research Overview [PowerPoint slides]. Retrieved from http://ai.arizona.edu/mis510/ Freamon, D. The Darius Freamon Blog. Retrieved from http://dariusfreamon.wordpress.com/tag/traffic- management/ Grad, S. (2009, December 1). Engineers who hacked into L.A. traffic signal computer, jamming streets, sentenced. Retrieved from http://latimesblogs.latimes.com/lanow/2009/12/engineers-who-hacked-in-la- traffic-signal-computers-jamming-traffic-sentenced.html Roberts, P. (2013, August 1). Samsung Smart TV: Like A Web App Riddled With Vulnerabilities. Retrieved from https://securityledger.com/2013/08/samsung-smart-tv-like-a-web-app-riddled-with-vulnerabilities/ Segall, L., Fink E., Samsung Smart TV security flaw let hackers turn on built-in cameras. (2013, August 1). Retrieved from http://www.wptv.com/news/science-tech/samsung-smart-tv-security-flaw-let-hackers- turn-on-built-in-cameras Strategy Analytics. (2013, July 24). Samsung Leads with 26 Percent of Global Smart TV Market Share in Q1 2013. Retrieved from http://www.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5400

Recommended

DIY basic Facebook data mining
DIY basic Facebook data miningDIY basic Facebook data mining
DIY basic Facebook data miningSTEM/MARK
 
Social Networks analysis to characterize HIV at-risk populations - Progress a...
Social Networks analysis to characterize HIV at-risk populations - Progress a...Social Networks analysis to characterize HIV at-risk populations - Progress a...
Social Networks analysis to characterize HIV at-risk populations - Progress a...UC San Diego
 
Mining Social Web Data Like a Pro: Four Steps to Success
Mining Social Web Data Like a Pro: Four Steps to SuccessMining Social Web Data Like a Pro: Four Steps to Success
Mining Social Web Data Like a Pro: Four Steps to SuccessMatthew Russell
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Working with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrWorking with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrAnshum Gupta
 
Working with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrWorking with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrAnshum Gupta
 
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...Lucidworks
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 

Recommended

DIY basic Facebook data mining
DIY basic Facebook data miningDIY basic Facebook data mining
DIY basic Facebook data miningSTEM/MARK
 
Social Networks analysis to characterize HIV at-risk populations - Progress a...
Social Networks analysis to characterize HIV at-risk populations - Progress a...Social Networks analysis to characterize HIV at-risk populations - Progress a...
Social Networks analysis to characterize HIV at-risk populations - Progress a...UC San Diego
 
Mining Social Web Data Like a Pro: Four Steps to Success
Mining Social Web Data Like a Pro: Four Steps to SuccessMining Social Web Data Like a Pro: Four Steps to Success
Mining Social Web Data Like a Pro: Four Steps to SuccessMatthew Russell
 
Information Gathering With Google
Information Gathering With GoogleInformation Gathering With Google
Information Gathering With GoogleZero Science Lab
 
Working with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrWorking with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrAnshum Gupta
 
Working with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrWorking with deeply nested documents in Apache Solr
Working with deeply nested documents in Apache SolrAnshum Gupta
 
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...
Working with Deeply Nested Documents in Apache Solr: Presented by Anshum Gupt...Lucidworks
 
Web application penetration testing lab setup guide
Web application penetration testing lab setup guideWeb application penetration testing lab setup guide
Web application penetration testing lab setup guideSudhanshu Chauhan
 
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Rahul Sasi
 
How to Search Twitter
How to Search TwitterHow to Search Twitter
How to Search TwitterVicky Ludas Orlofsky
 
APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.Rahul Sasi
 
Supraja_SMS_presentation
Supraja_SMS_presentationSupraja_SMS_presentation
Supraja_SMS_presentationJoshua S. White, PhD josh@securemind.org
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Anatomy of a semantic virus
Anatomy of a semantic virusAnatomy of a semantic virus
Anatomy of a semantic virusUltraUploader
 
Pietarsaaren seutu - tilastotietoa seutukunnasta
Pietarsaaren seutu - tilastotietoa seutukunnastaPietarsaaren seutu - tilastotietoa seutukunnasta
Pietarsaaren seutu - tilastotietoa seutukunnastaJakobstad Region Development Company Concordia
 
Aspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental WeaversAspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental WeaversThe Rug Shop UK
 
Prezentare
PrezentarePrezentare
PrezentareAGEPI
 
затраты в условиях кризиса
затраты в условиях кризисазатраты в условиях кризиса
затраты в условиях кризисаIgor Iakovliev
 
Elämänlaatu 2040 - Seuranta 2014
Elämänlaatu 2040 - Seuranta 2014Elämänlaatu 2040 - Seuranta 2014
Elämänlaatu 2040 - Seuranta 2014Jakobstad Region Development Company Concordia
 
4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation4play
 
Galleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraftGalleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraftThe Rug Shop UK
 
Team presentation veggie salad
Team presentation veggie saladTeam presentation veggie salad
Team presentation veggie saladheejaeya
 
CAMTASIA
CAMTASIACAMTASIA
CAMTASIAA Dài
 
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...Sagittarius
 
Prezentare
PrezentarePrezentare
PrezentareAGEPI
 
Latihan 2
Latihan 2Latihan 2
Latihan 2hjdian
 
Nusli kanaha063
Nusli kanaha063Nusli kanaha063
Nusli kanaha063nusli_kanaha
 
I spring suite 6.2.0
I spring suite 6.2.0I spring suite 6.2.0
I spring suite 6.2.0A Dài
 
Mid term presentation
Mid term presentationMid term presentation
Mid term presentationsweis267
 
Consumibles impresoras
Consumibles impresorasConsumibles impresoras
Consumibles impresorasLuciano_Cifone
 

More Related Content

What's hot

Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Rahul Sasi
 
APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.Rahul Sasi
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionChris Gates
 
Anatomy of a semantic virus
Anatomy of a semantic virusAnatomy of a semantic virus
Anatomy of a semantic virusUltraUploader
 

What's hot (6)

Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
Is NetTraveler APT managed by PLA Military Camp in Lanzhou [China] ???.
 
How to Search Twitter
How to Search TwitterHow to Search Twitter
How to Search Twitter
 
APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.APT Targeting Indian Police Agencies.
APT Targeting Indian Police Agencies.
 
Supraja_SMS_presentation
Supraja_SMS_presentationSupraja_SMS_presentation
Supraja_SMS_presentation
 
Open Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon EditionOpen Source Information Gathering Brucon Edition
Open Source Information Gathering Brucon Edition
 
Anatomy of a semantic virus
Anatomy of a semantic virusAnatomy of a semantic virus
Anatomy of a semantic virus
 

Viewers also liked

Aspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental WeaversAspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental WeaversThe Rug Shop UK
 
Prezentare
PrezentarePrezentare
PrezentareAGEPI
 
затраты в условиях кризиса
затраты в условиях кризисазатраты в условиях кризиса
затраты в условиях кризисаIgor Iakovliev
 
4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation4play
 
Galleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraftGalleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraftThe Rug Shop UK
 
Team presentation veggie salad
Team presentation veggie saladTeam presentation veggie salad
Team presentation veggie saladheejaeya
 
CAMTASIA
CAMTASIACAMTASIA
CAMTASIAA Dài
 
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...Sagittarius
 
Prezentare
PrezentarePrezentare
PrezentareAGEPI
 
Latihan 2
Latihan 2Latihan 2
Latihan 2hjdian
 
I spring suite 6.2.0
I spring suite 6.2.0I spring suite 6.2.0
I spring suite 6.2.0A Dài
 
Mid term presentation
Mid term presentationMid term presentation
Mid term presentationsweis267
 
Consumibles impresoras
Consumibles impresorasConsumibles impresoras
Consumibles impresorasLuciano_Cifone
 
Heatwaves, climate change and Melbourne
Heatwaves, climate change and MelbourneHeatwaves, climate change and Melbourne
Heatwaves, climate change and MelbourneJohn Englart
 
Vietnam Where to go
Vietnam Where to goVietnam Where to go
Vietnam Where to goLinh Le
 

Viewers also liked (18)

Pietarsaaren seutu - tilastotietoa seutukunnasta
Pietarsaaren seutu - tilastotietoa seutukunnastaPietarsaaren seutu - tilastotietoa seutukunnasta
Pietarsaaren seutu - tilastotietoa seutukunnasta
 
Aspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental WeaversAspire Rug Range By Oriental Weavers
Aspire Rug Range By Oriental Weavers
 
Prezentare
PrezentarePrezentare
Prezentare
 
затраты в условиях кризиса
затраты в условиях кризисазатраты в условиях кризиса
затраты в условиях кризиса
 
Elämänlaatu 2040 - Seuranta 2014
Elämänlaatu 2040 - Seuranta 2014Elämänlaatu 2040 - Seuranta 2014
Elämänlaatu 2040 - Seuranta 2014
 
4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation4 Play Mobile Solutions Corporate Presentation
4 Play Mobile Solutions Corporate Presentation
 
Galleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraftGalleria Rug Range By MasterCraft
Galleria Rug Range By MasterCraft
 
Team presentation veggie salad
Team presentation veggie saladTeam presentation veggie salad
Team presentation veggie salad
 
CAMTASIA
CAMTASIACAMTASIA
CAMTASIA
 
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
How to Increase Online Sales and Profits - Digital in Kent Workshop - 12th No...
 
Prezentare
PrezentarePrezentare
Prezentare
 
Latihan 2
Latihan 2Latihan 2
Latihan 2
 
Nusli kanaha063
Nusli kanaha063Nusli kanaha063
Nusli kanaha063
 
I spring suite 6.2.0
I spring suite 6.2.0I spring suite 6.2.0
I spring suite 6.2.0
 
Mid term presentation
Mid term presentationMid term presentation
Mid term presentation
 
Consumibles impresoras
Consumibles impresorasConsumibles impresoras
Consumibles impresoras
 
Heatwaves, climate change and Melbourne
Heatwaves, climate change and MelbourneHeatwaves, climate change and Melbourne
Heatwaves, climate change and Melbourne
 
Vietnam Where to go
Vietnam Where to goVietnam Where to go
Vietnam Where to go
 

Similar to Mis 510 cyber analytics project report

Text Analytics Online Knowledge Base / Database
Text Analytics Online Knowledge Base / DatabaseText Analytics Online Knowledge Base / Database
Text Analytics Online Knowledge Base / DatabaseNaveen Kumar
 
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...Sebastiano Panichella
 
HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10Scott Edmunds
 
Crowd Documentation - How Programmer Social Communities are Flipping Software...
Crowd Documentation - How Programmer Social Communities are Flipping Software...Crowd Documentation - How Programmer Social Communities are Flipping Software...
Crowd Documentation - How Programmer Social Communities are Flipping Software...Chris Parnin
 
The State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take OverThe State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take OverJAX Chamber IT Council
 
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer AppsSemantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer AppsJie Bao
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Shalin Hai-Jew
 
How to get genuine windows 7 with low cost
How to get genuine windows 7 with low cost How to get genuine windows 7 with low cost
How to get genuine windows 7 with low cost coldfire007
 
Search01 /certified fixed orthodontic courses by Indian dental academy
Search01 /certified fixed orthodontic courses by Indian dental academy Search01 /certified fixed orthodontic courses by Indian dental academy
Search01 /certified fixed orthodontic courses by Indian dental academy Indian dental academy
 
Web application security
Web application securityWeb application security
Web application securityrandhawa121985
 
Web Search And Mining (Ntuim)
Web Search And Mining (Ntuim)Web Search And Mining (Ntuim)
Web Search And Mining (Ntuim)Hector Lin
 
Semantic Search Summer School2009
Semantic Search Summer School2009Semantic Search Summer School2009
Semantic Search Summer School2009Peter Mika
 
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...Artificial Intelligence Institute at UofSC
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 
Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Julie Kwhl
 
Social Graphs and Semantic Analytics
Social Graphs and Semantic AnalyticsSocial Graphs and Semantic Analytics
Social Graphs and Semantic AnalyticsColin Bell
 
Using Chaos to Disentangle an ISIS-Related Twitter Network
Using Chaos to Disentangle an ISIS-Related Twitter NetworkUsing Chaos to Disentangle an ISIS-Related Twitter Network
Using Chaos to Disentangle an ISIS-Related Twitter NetworkSteve Kramer
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
 

Similar to Mis 510 cyber analytics project report (20)

Text Analytics Online Knowledge Base / Database
Text Analytics Online Knowledge Base / DatabaseText Analytics Online Knowledge Base / Database
Text Analytics Online Knowledge Base / Database
 
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...
Summarization Techniques for Code, Change, Testing and User Feedback - VSS ...
 
HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10HKU Data Curation MLIM7350 Class 10
HKU Data Curation MLIM7350 Class 10
 
Crowd Documentation - How Programmer Social Communities are Flipping Software...
Crowd Documentation - How Programmer Social Communities are Flipping Software...Crowd Documentation - How Programmer Social Communities are Flipping Software...
Crowd Documentation - How Programmer Social Communities are Flipping Software...
 
The State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take OverThe State of Internet Security: Web Attaks Take Over
The State of Internet Security: Web Attaks Take Over
 
Semantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer AppsSemantic Web: In Quest for the Next Generation Killer Apps
Semantic Web: In Quest for the Next Generation Killer Apps
 
The SIOC Project
The SIOC ProjectThe SIOC Project
The SIOC Project
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
 
Secureview 3
Secureview 3Secureview 3
Secureview 3
 
How to get genuine windows 7 with low cost
How to get genuine windows 7 with low cost How to get genuine windows 7 with low cost
How to get genuine windows 7 with low cost
 
Search01 /certified fixed orthodontic courses by Indian dental academy
Search01 /certified fixed orthodontic courses by Indian dental academy Search01 /certified fixed orthodontic courses by Indian dental academy
Search01 /certified fixed orthodontic courses by Indian dental academy
 
Web application security
Web application securityWeb application security
Web application security
 
Web Search And Mining (Ntuim)
Web Search And Mining (Ntuim)Web Search And Mining (Ntuim)
Web Search And Mining (Ntuim)
 
Semantic Search Summer School2009
Semantic Search Summer School2009Semantic Search Summer School2009
Semantic Search Summer School2009
 
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...
Citizen Sensing: Opportunities and Challenges in Mining Social Signals and Pe...
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007
 
Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...Operating System Upgrade Implementation Report And...
Operating System Upgrade Implementation Report And...
 
Social Graphs and Semantic Analytics
Social Graphs and Semantic AnalyticsSocial Graphs and Semantic Analytics
Social Graphs and Semantic Analytics
 
Using Chaos to Disentangle an ISIS-Related Twitter Network
Using Chaos to Disentangle an ISIS-Related Twitter NetworkUsing Chaos to Disentangle an ISIS-Related Twitter Network
Using Chaos to Disentangle an ISIS-Related Twitter Network
 
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...
 

Recently uploaded

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Recently uploaded (20)

Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Mis 510 cyber analytics project report

  • 1. Team: Never Off Guard SUMEET BHATIA | AADIL HUSSAINI | SNEHAL NAVALAKHA | MO ZHOU MIS 510: Cyber Analytics Project
  • 2. 1 Table of Contents Introduction................................................................................................................................................ 2 Hacker Web ................................................................................................................................................ 3 Data Collection........................................................................................................................................ 3 Research Question 1 ............................................................................................................................... 3 Data Analysis....................................................................................................................................... 3 Findings/Discussion............................................................................................................................. 4 Research Question 2 ............................................................................................................................... 5 Data Analysis....................................................................................................................................... 5 Findings/Discussion............................................................................................................................. 5 Shodan........................................................................................................................................................ 7 Research Question 1 ............................................................................................................................... 7 Background Information ..................................................................................................................... 7 Data Collection/Analysis ..................................................................................................................... 7 Findings/Discussion............................................................................................................................. 8 Research Question 2 ............................................................................................................................... 9 Background Information ..................................................................................................................... 9 Data Collection/Analysis ..................................................................................................................... 9 Findings/Discussion........................................................................................................................... 10 References ................................................................................................................................................ 11
  • 3. 2 Introduction As computers become more ubiquitous throughout society, the security of networks and information systems is a growing concern. There is an increasing amount of critical infrastructure that relies on computers and information technologies, and advanced technologies have enabled hackers to commit cybercrime much more easily now than in the past. Thus, it has become important for researchers to look into cyber security issues, such as botnet activity, digital forensics and malware analysis. Our research seeks to contribute to the existing literature on cyber security by conducting analytics on data collected from two sources – Hacker Web and Shodan:  Hacker Web: A collection of 18 major online forums where a community of international hacking enthusiasts participate in various kinds of discussions regarding cyber security topics.  Shodan: A search engine for finding open and vulnerable ports and devices on the internet (“Internet of Things”) We have looked at two main research questions for each of the aforementioned data sources. We present our data collection and analysis methods, before discussing our results and findings.
  • 4. 3 Hacker Web Hacker Web is a collection of 18 major online forums where a community of international hacking enthusiasts participate in various kinds of discussions regarding cyber security topics. The individual posts on each of these forums, along with post date/time and authorship information, have been stored in a MySQL database. Hacker Web has been used in various research contexts and has proven to be a reliable source of cyber security-related data. For our research purposes, we have chosen the four English forums to extract data from: “Elitehack,” “Hackhound,” “iCode” and “VCTool.” Data Collection We followed the following steps to collect our data from the four English forums via the Hacker Web MySQL database: 1. Downloaded and configured HeidiSQL 2. Connected to Hacker Web database using provided credentials 3. Run SQL queries (i.e., SELECT * FROM [table] WHERE upper([column]) LIKE “%[KEYWORD]%”) 4. Converting the results of the queries into CSV files 5. Used MS Excel and IBM Many Eyes for various analytics For the scope of our research, we chose to only look at the forum posts (i.e., “elitehackposts,” “hackhoundposts,” “icodeposts” and “vctoolposts”), since they were more likely to contain the keywords that we were looking for. Research Question 1 Through browsing many cyber security-related literature, we found that there were two words that appeared very often: “victim(s)” and “target(s).” Thus, we wanted to analyze data collected from Hacker Web using these two keywords. So our first research question is the following: How frequent do posts with either of the two keywords (i.e., “victim(s)” and “target(s)”) appear on each of the four English forums? How does the frequency vary between the forums across time? Data Analysis We first queried the four English forums individually to find the total number of posts (without any keywords) for each forum. Then we used the keywords “victim(s)” (SQL: “%VICTIM%”) and “target(s)” (SQL: “%TARGET%”) and queried all four forums individually to find the total number of posts with either of the two keywords. Finally, we calculated the percentage of total posts that contained either of the keywords. Next, we wanted to look at how this percentage has changed over time, specifically over the most recent five-year period of 2009-2013. Because “Elitehack” and “Hackhound” are relatively new forums, there was
  • 5. 4 little to no data for years prior to 2012. Thus, we only compared the temporal trends for “iCode” and “VCTool.” Findings/Discussion The following chart depicts a comparison of this percentage for each of the four forums: As we can see, the percentage of posts with either the keyword “victim(s)” or “target(s)” is above 1% for every forum, with “iCode” having the highest at 2.05% and “Hackhound” at 1.02%. It is likely that the reason “iCode” and “VCTool” have higher percentages than “Elitehack” and “Hackhound” because the former two forums were started earlier, so our queries resulted in a larger amount of data for calculating these statistics. The following graph shows a comparison of these trends: 0.00% 0.50% 1.00% 1.50% 2.00% 2.50% elitehackposts hackhoundposts icodeposts vctoolposts # of Posts With Keywords (As a % of Total # of Posts) 0.00% 1.00% 2.00% 3.00% 4.00% 5.00% 6.00% 7.00% 8.00% 2009 2010 2011 2012 2013 # of Posts With Keywords (As a % of Total # of Posts) icodeposts vctoolposts
  • 6. 5 From the graph above, we see that there was an unusually high percentage with the two keywords in the “iCode” forum in 2009. Then, it dropped to a similar level as “VCTool.” In both forums, the percentage has generally grown over time, suggesting an increase in postings that mention “victim(s) and/or “target(s).” Research Question 2 What are the most frequently mentioned topics within each forum and across all four forums? Data Analysis Again, for this question, we used the same query in Question 1 to find the total number of posts in each English forum. What is different is that we then used IBM Many Eyes to conduct a Word Tag analysis to find the most frequently mentioned topics on each forum. Finally, we calculated the percentage of total posts that contained each of these topics. Findings/Discussion The chart below shows the most frequent topics that are mentioned on each of the four English forums: It is apparent from our analysis that each of these forums has its own “flavor.” Elitehack seems the most suitable for hackers who are more interested in social media hacking (e.g., Facebook), while iCode tends to serve the more traditional crowd who are more interested in malware and viruses. Those who enjoy talking about specific technologies and hacking techniques are most likely to visit Hackhound, but those who like to target the government or phish for personal information from individuals may like VCTools better. Then, we aggregated the data from all four forums and found the most popular topics: 0.00% 0.20% 0.40% 0.60% 0.80% 1.00% 1.20% 1.40% 1.60% 1.80% # of Occurences (As a % of # of Total Posts) Elitehack Hackhound d iCode VCTools
  • 7. 6 The results show that unsurprisingly, “Windows” is the most talked about, at 0.7%. The other hot topics are “government” (0.45%), “malware” (0.39%) and “botnet” (0.32%). 0.00% 0.10% 0.20% 0.30% 0.40% 0.50% 0.60% 0.70% 0.80% Windows Malware Government Botnet # of Occurences (As a % of # of Total Posts)
  • 8. 7 Shodan Shodan is a powerful source for finding open and vulnerable ports and devices on the internet (“Internet of Things”). It interrogates ports, grabs the resulting banners and indexes the banners for searching. The different filters available for searching include: IP address, hostname, port, latitude and longitude, operating system, city, country, and device data. When used maliciously, Shodan can be used to exploit unprotected servers or devices. For research purposes, however, it can be a very useful tool to find potentially vulnerabilities in certain systems that are connected to the internet. Research Question 1 Samsung has tried to go “SoLoMo” using its SmartTV. It has tried to integrate internet and Web 2.0 features with television sets. Our first research question on SmartTVs is divided into the following parts: 1. How many SmartTVs are publicly-facing and respond to Shodan’s search query? What is the geographical distribution of these SmartTVs and are all of them exploitable? 2. What percentage of SmartTVs is publicly visible where the Webkit vulnerability in the device could be exploited? Background Information Samsung SmartTV is essentially a Linux device configured with a Webkit-based browser used to load web pages and applications. Webkit is an open-source HTML rendering engine that has a significant presence in Google Chrome and Apple Safari browsers. We chose Samsung SmartTV as our research device because it is a relatively new device in the market and it is not a big enough platform for a lot of people to contribute to its development. However, it uses a browser based on the Webkit technology, which exposes the device to a range of security exploits such as cross-site scripting attacks, denial-of-service attacks and unexpected application termination or arbitrary code execution. Thus, we feel it is important to research SmartTV’s vulnerability on the web. Data Collection/Analysis To get the Samsung SmartTV results, we first researched on Shodan’s website (http://www.shodanhq.com/) regarding various types of banner information the Samsung SmartTV gives us. We found that the tag “Content- Length:345 Server:Swift1.0” was highly prevalent in the SmartTV banner. Then, we ran a query on Shodan using a Python
  • 9. 8 script (as seen in the figure), we retrieved 350,968 records. These were the number of SmartTV that responded to the Shodan query. For our research purpose, we limited our search to 3,000 devices. We assume that the 3,000 records is a random sample, giving us an approximate look and feel of the entire dataset. Finally, we used these records to analyze the geographical distribution of the devices and their exploitability (based on the operating port). Findings/Discussion Research Question 1 Part 1 Our analysis shows that not surprisngly, the Republic of Korea (where Samsung is based) dominates the list of countries. It is followed by United States and Chile is ranked #3 as seen in the figures below. Other countries where the number of devices exceeds 100 are Ukraine, Germany, Russia, Poland and Finland. Digging a level deeper, we found that although the majority of the SmartTVs work on Port 443, which greatly enhances security, a large number of them gave access on Port 80, which makes them quite vulnerable. The figure below shows the breakdown of the ports given access to out of the 3,000 search results.
  • 10. 9 Research Question 1 Part 2 We analyzed Samsung’s financial data for its SmartTV sales. Statistics show that Samsung has sold around 12 million SmartTVs as of Q1 2013. As mentioned earlier, we tracked down 350,968 devices from our Shodan query. This implies that there at least 2.92% of the devices are publicly visible. The Samsung SmartTV has features such as built-in webcams, web-based applications and browsers. The Webkit vulnerability exposes hundreds of thousands of SmartTVs, potentially giving hackers access to multiple ways to get sensitive information from the users with a single hack. Research Question 2 How vulnerable are the traffic signal systems in the United States? Which are the cities that are most vulnerable to getting their traffic signal systems hacked? Background Information While the internet has enabled many of the public communication systems to be accessed digitally, there are growing concerns about their lack of security. Engineers recently hacked into the Traffic Signal System in Los Angeles. The engineers programmed the signals so that red lights for several days would be extremely long on the most congested approaches to the intersections, causing heavy gridlock. Such incidents raise the following security concerns: 1. Traffic Signal Systems can be hacked, which will affect the normal flow of traffic 2. The traffic cameras used for monitoring traffic can be hacked, which is a privacy and security risk Our objective is to find out how vulnerable the Traffic Signal Systems are in the United States, specifically in which cities. Data Collection/Analysis We searched the Shodan database to find information about servers for Traffic Signal Systems. We used two tags that were most prevalent in the header information such servers. Below is our detailed process: 1. Searched for header keywords in the Shodan Database 2. Wrote a Java application to extract the data row by row return it to Python 3. Wrote a loop using Python to input and store the data row by row in MS Excel 4. Used the results in output for analysis 1470 1518 5 7 80 443 8080 8443 (BLANK) Count Port Number Total Number of Hosts Total
  • 11. 10 Findings/Discussion First, we used the tag “atz executive” to get information about all the systems on Port 23 (i.e., FTP). This gave us information of all “ATZ Traffic Signal Systems” using the Operating systems C Executive. We were able to get access into the system and see live images. We found 216 records and then we sorted them by city and state. The analysis showed that Louisiana had the most number of vulnerable systems, and the cities of Metairie and New Orleans in that state ranked in the top 2 across the country. Then, we used the tag “Content-Length: 2861 Cache-Control: max-age=86400” to get information on Port 8080. We found that “Content-Length: 2861” corresponds to PIPS technology, which provides automatic license plate recognition. These devices offer a telnet connection for management that does not require authentication. We were able to observe the number plate information and live images. We were also able to modify the configuration settings. Again, we found that the city of Metairie in Louisiana had the most vulnerable Traffic Signal Systems.
  • 12. 11 References (n.d.). Shodan Introduction [PowerPoint slides]. Retrieved from http://ai.arizona.edu/mis510/ Benjamin, V. (2014). Cybersecurity Research Overview [PowerPoint slides]. Retrieved from http://ai.arizona.edu/mis510/ Freamon, D. The Darius Freamon Blog. Retrieved from http://dariusfreamon.wordpress.com/tag/traffic- management/ Grad, S. (2009, December 1). Engineers who hacked into L.A. traffic signal computer, jamming streets, sentenced. Retrieved from http://latimesblogs.latimes.com/lanow/2009/12/engineers-who-hacked-in-la- traffic-signal-computers-jamming-traffic-sentenced.html Roberts, P. (2013, August 1). Samsung Smart TV: Like A Web App Riddled With Vulnerabilities. Retrieved from https://securityledger.com/2013/08/samsung-smart-tv-like-a-web-app-riddled-with-vulnerabilities/ Segall, L., Fink E., Samsung Smart TV security flaw let hackers turn on built-in cameras. (2013, August 1). Retrieved from http://www.wptv.com/news/science-tech/samsung-smart-tv-security-flaw-let-hackers- turn-on-built-in-cameras Strategy Analytics. (2013, July 24). Samsung Leads with 26 Percent of Global Smart TV Market Share in Q1 2013. Retrieved from http://www.strategyanalytics.com/default.aspx?mod=pressreleaseviewer&a0=5400