The Seven Hackers v6
•Download as PPTX, PDF•
1 like•166 views
"Know Thy Enemy" - Module 1 of my Cybersecurity Primer Presentations. Who is Trying to Hack You? The Seven Types of Hackers on the Internet, their profiles and motivations.
Recommended
More Related Content
Viewers also liked
Viewers also liked (10)
Similar to The Seven Hackers v6
Similar to The Seven Hackers v6 (20)
Recently uploaded
Recently uploaded (20)
The Seven Hackers v6
- 1. Tom Gilheany, CISSP Twitter: @TomGilheany http://gilheany.net Loading… _
- 2. CYBER SECURITY INTRODUCTORY SEMINAR Defenders Tools Laws & Regs. 7 Hackers Target: YOU Attacks
- 3. The seven hackers you will encounter in the wilds of the internet… _
- 7. Attacks are EVERYWHERE YOU are the TARGET… Intended or Not!
- 8. ? ? ? ? ? ? ?YOU MAY BE ASKING: • Who would want to attack ME? • Who ARE these people? • What’s their MOTIVATION?_
- 9. ? ? ? ? ? ? ?
- 10. ? ? ? ? ? ? ?
- 11. WHO ARE THEY? • Limited Technical Knowledge • Use downloaded software kits. • Some kits = advanced damage! • Unaware or do not care about consequences. MOTIVATIONS: • Immaturity • Ego-Boosting • Thrill Seeking.
- 12. EXAMPLE: The Movie Wargames… ©1983, MGM Pictures
- 13. WHO ARE THEY? High-Tech, Low-Life • Disregard for Authority, Societal Norms – Cultural Rebels • Hard-Boiled Hacker with Anarchist Tendencies • More technically sophisticated than Script-Kiddies • Counts on “Slap on the Wrist” • Predominantly 12-18yo Males • Techno-Revolutionary, Manifestos, Rave/Techo MOTIVATIONS: • Recognition from Peers, “Respect” (or fear) from “the system” • “Cling to a cult of individualism, in a culture characterized by corporate control and mass conformity.”
- 14. EXAMPLE: High-Tech Low-Life The Matrix ©1999, Warner Bros.
- 15. WHO ARE THEY? • Defacing or DDoS’ing sites, claiming “civil disobedience”. • Individuals & loosely organized groups/mobs distributed across the internet. • May be from other categories, “Hacktivism” as justification. MOTIVATIONS: • Revenge, Power, Greed, Marketing, Media Attention • Vigilante Justice • Political Agenda
- 17. WHO ARE THEY? • Common Criminals (part-time) • Credit Cards, BitCoin, Wire Theft • Identity Theft • Intellectual Property Theft • Service Theft (AWS, VoIP, Storage) • Organized Crime • Large Scale • Sophisticated • Hired Teams: Specialists • Theft of ANYTHING of value… MOTIVATIONS: • Money • Greed
- 18. EXAMPLE: • Petty Organized Crime. © 2001, Warner Bros.
- 19. WHO ARE THEY? • Adolescent College Student Adult Ex-Writer • Skill varies. • Writer may not be one who releases it into the wild. MOTIVATIONS: • Mental Challenge Attention • Raw Thrill Bragging Rights
- 21. WHO ARE THEY? • VERY Sophisticated – Creators of Advanced Persistent Threats. • Custom, High-Threat Attacks. • Avail. for-hire – Org. Crime, foreign governments. • Advanced Training • Clandestine • (Ex?)Intelligence • Cyber Warfare Recon. & Intel. MOTIVATIONS: • Profession
- 22. PLA Unit #61398, and #61486
- 23. EXAMPLE:
- 24. WHO ARE THEY? • Extortionists. • Cyber-Warfare / Intelligence • Connection to Physical World MOTIVATIONS: • Power • Political • Extortion=Greed
- 25. EXAMPLE:
- 27. Growing Groups: • Political Activists • Insiders • Organized Crime • Cyber Warriors
- 28. Wide Range of Insiders: • Begrudged Employee • Developers/Engineers • Sales People • Unwittingly Co-Opted people. LESSON: Have clear well-known policies on Intellectual Property (IP) protection!
- 29. GENERAL MOTIVES: Understand yourself as a target • Revenge • Is there anyone with an axe to grind? • Would cost of a security breach be high? • Brand Damage • Political Damage • Costly Fines or Penalties • Loss of Information Assets/Control • Notoriety • Could somebody get famous or gain “street credibility” for hacking your company, product, or service? • Curiosity • Do you have interesting information, computing environments or assets? (NASA, Computer-Game Company…).
- 30. Financial Motives: Understand yourself as a target Black Market Price$:Adwords: $1000 (to drain competitors AdWords Budget) Botnets – USA: $180 / 1,000 Computers – Canada: $270 – UK: $240 – France: $200 – Russia: $200 – Worldwide: $35 Credit Cards – Premium Big Balance: $250 – Regular CC w/ SSN: $5 Doxing Someone: $25-$100 Health Insurance Info: $1200 - $1300 Twitter Followers: $15 / 10,000 Fake Follows Email Accounts – Gmail: $200 / 1,000 – Hotmail $12 / 1,000 – Yahoo: $10 / 1,000 Facebook – Likes: $15 / 1,000 – Spam: $13 page w/ 30k fans Hacked Webcams – Male: $0.01 Female: $1 Online Bank Account – USA: 2% Acct. Bal. – EU 4%-6% Acct. Bal. Online Funds to Cash: 9% - 40% Commission PayPal Account: 6%-20% of Balance Online Game Hackers: $16k/mo in China Remote Admin Tool: $40 for Blackshades Website Traffic: $1 for 1,000 Fake Visitors Thought: If a hacker is selling access to compromised computer for 18 cents, or gmail account for 20 cents, how much must it cost to break into that computer???
- 31. Skill Level Revenge Curiosity Financial Notoriety ++ + + NV: Novice OG: Old Guard Hackers CP: Cyber-Punks PA: Political Activists PT: Petty Thieves PC: Pro Criminals IW: Info Warriors IN: Internals MW: Malware Writers NV OG MW IN IW PT PC PACP
- 32. It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles… -Sun Tzu, The Art of War (6th Century
- 33. CyberSecurity Primer Defenders Tools Laws & Regs. 7 Hackers Target: YOU Attacks
- 34. Bibliography: The Psyche of Cybercriminals: A Psycho-Social Perspective Marcus K. Rogers http://202.154.59.182/mfile/files/Information%20System/Cybercrimes%20A%20Multidisciplinary%20Analysis/Chapter%201 4%20The%20Psyche%20of%20Cybercriminals%3B%20A%20Psycho-Social%20Perspective.pdf
- 36. Bibliography: Live CyberAttack Map, courtesy of Norse CyberSecurity: http://map.ipviking.com/ Data Breaches (Bubble Infographic) http://www.informationisbeautiful.net/visualizations/worlds- biggest-data-breaches-hacks/static/
Editor's Notes
- http://map.ipviking.com/ Norse tracks >50,000 attacks per second. 10,000 new species/variants of malware per day 1 Billion IP Addresses Operates in 47 countries 6,000 common types of devices attacked.
- http://map.ipviking.com/ Norse tracks >50,000 attacks per second. 10,000 new species/variants of malware per day 1 Billion IP Addresses Operates in 47 countries 6,000 common types of devices attacked.
- http://map.ipviking.com/ Norse tracks >50,000 attacks per second. 10,000 new species/variants of malware per day 1 Billion IP Addresses Operates in 47 countries 6,000 common types of devices attacked.
- http://map.ipviking.com/ Norse tracks >50,000 attacks per second. 10,000 new species/variants of malware per day 1 Billion IP Addresses Operates in 47 countries 6,000 common types of devices attacked.
- The Matrix, © 1999, Warner Brothers. Image 1 is from a fan site, identifying the various pieces of technology used as props. (Original screen does not have the number overlays). Image 2 & 3 are screen captures posted by fansites. All images © 1999, Warner Brothers Pictures.
- What’s in YOUR wallet???
- Motivations of Malware Creation Malware writers can have various reasons for creating and spreading malware. The following are common reasons: 1. Fun/Hobby/Spreading of ideological Some malware writers consider their creations to be works of art, and see malware writing as a creative hobby. 2. Jocks/Pranks Pranks are harmless that merely display an annoying message to programs that can destroy files or disable a computer altogether. 3. Showing computing knowledge/ Gaining respect A widely spread malware and is observed by mass media can show malware writers’ knowledge and gain great respect in a small group of like-minded people. 4. Industrial espionage Obtaining secret information about a company by using weaknesses and defects in the company's IT-system is something that is quite common today. 5. Experimental/ Research/Proof of Concepts Malware are written in laboratories and research facilities for experimental or research purpose. Most of these malware do not spread. Usually malware in labs and research facilities test systems is called in-the-field. Others malware that have been found infecting users’ computers worldwide in real world are called in-thewild. 6. Vandalism/Graffiti The intentional destruction of property is popularly referred to as vandalism. It includes behavior such as breaking windows, slashing tires, spray painting a wall with graffiti, and destroying a computer system through the use of a computer malware. Vandalism is a malicious act and may reflect personal ill will, although the perpetrators need not know their victim to commit vandalism. 7. Revenge There are always employees who are not particularly satisfied with their employer. When a programmer or system administrator about to be fired from a job may leave behind backdoors or software "time bombs" that will allow them to damage the former employer's systems or destroy their own earlier work. Malware are used to attack the products of specific companies or web sites. According to the FBI, revenge from employees is a very common reason for ITrelated crimes. 8. Political message Malware which infects executable files on compromised computers and displays a political message when launched. This type of malware usually targets particular government organizations. 9. Profit/Financial gain/Extortion Most malware writers motivated by profit/financial gain are more and more likely to be working with spammers and hackers. One of the most common methods is by stealing sensitive information which is then sold on the black market to criminal organizations to make a profit. Some Malware will encrypt some of your files on your computer then it leaves a message to contact a certain email address with a reference number so that you can buy back your own files.
- Joe McReynolds, a researcher of China's network warfare and capabilities for the US Center for Intelligence Research and Analysis Chinese Professional Hacking (3 groups): [1] Specialized military network warfare forces -- focus on carrying out network cyberattacks and defense. (PLA Unit#61398, 12-storey building). [2] Unit of civilian teams granted the go-ahead by the Chinese military to carry out "network warfare operations.” [3] Umbrella Unit for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments. Each unit targets US companies in order to steal valuable data related to business and trade. This, in turn, can give Chinese firms a boost in the global economy. _____________________________________________________ References: http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor http://www.zdnet.com/article/china-reveals-existence-of-cyber-warfare-hacking-teams/ Joe McReynolds, a researcher of China's network warfare and capabilities for the US Center for Intelligence Research and Analysis According to McReynolds, China's digital military strategy has been split up into three separate sections. One unit, called "specialized military network warfare forces," focus on carrying out network cyberattacks and defense. Secondly, another unit comprises of civilian teams which have been given the go-ahead by the Chinese military to carry out "network warfare operations." Finally, another unit acts as an umbrella for "external entities" which "can be organized and mobilized for network warfare operations," but act outside of government departments. The Chinese military expert says that each unit targets US companies in order to steal valuable data related to business and trade. This, in turn, can give Chinese firms a boost in the global economy. In May, the United States charged five Chinese nationals described as "military hackers" with breaking into US corporate networks to steal sensitive data. These men allegedly belonged to Unit 61398, the focus of a study conducted by FireEye's Mandiant cyberforensics team in 2013. The report claimed that a 12-story building associated with the PLA hosted this unit, which connects a number of sophisticated Chinese hacking groups including the "Comment Crew" and "Shanghai Group." Mandiant says that Unit 61398 was likely responsible for an "overwhelming" number of cyberattacks, whereas at the time Chinese officials dismissed the allegations as "groundless."
- Example: SONY
- CYBER WARRIORS / CYBER-WARFARE: Identify Point-of-Entry Gather Intelligence on Point-of-Entry Compromise Perimeter via Point-of-Entry - Execute Entry-plan: Targeted Spearphishing, Insiders, “weak underbelly”. ONCE INSIDE: Reconnoiter / Gather Intelligence Map Terrain / Connectivity Identify Primary, Secondary Targets Identify Vulnerabilitiies Identify Diversionary Targets Map Defenses Profile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems). Gain High Ground (acquire a position) Plan attack. Establish command-and-control Establish offsite place to exfiltrate information. Identify a buyer (or use-point for what is stolen – a ‘fence’). Execute the attack-plan while avoiding detection and prevention. CommunicationsDirector@issa-sv.org Add to social profiles & can re-tweet member’s news.
- CYBER WARRIORS / CYBER-WARFARE: Identify Point-of-Entry Gather Intelligence on Point-of-Entry Compromise Perimeter via Point-of-Entry - Execute Entry-plan: Targeted Spearphishing, Insiders, “weak underbelly”. ONCE INSIDE: Reconnoiter / Gather Intelligence Map Terrain / Connectivity Identify Primary, Secondary Targets Identify Vulnerabilitiies Identify Diversionary Targets Map Defenses Profile Individuals, Applications, Behaviors to leverage (avoid detection, compromise systems). Gain High Ground (acquire a position) Plan attack. Establish command-and-control Establish offsite place to exfiltrate information. Identify a buyer (or use-point for what is stolen – a ‘fence’). Execute the attack-plan while avoiding detection and prevention. CommunicationsDirector@issa-sv.org Add to social profiles & can re-tweet member’s news.
- Prices Updated August 2014. (What can be stolen / used for financial gain?) Information, Services Info: For own use, to sell, or hold hostage. Customer Information Software / Product and R&D Designs Financial Records Keys/Control Information to “Hard Assets” Personal/Private Information (photos, etc). Services Computing Power, Information Storage, Control Services (Phone Service, Cloud) If I am selling a compromised computer for 18 cents, or gmail account for 20 cents, how much must it cost to break into that computer?