Cybersecurity, Hacking, and Privacy


Published on

A presentation I am giving this evening, as a guest speaker, invited by the Wisconsin Union Directorate, on the topics of cybersecurity, hacking, and privacy. The presentation covers some timely topics, such as: Hacking, Botnets, Deep Web, Target Stores Data Breach, Bitcoin and Ransomware. The presentation is designed to educate, stimulate conversation and entertain and is open to all students, faculty and staff of UW-Madison, who are interested in learning more about computer security and IT threats.

Published in: Internet, Technology
1 Comment
1 Like
  • download here link 100% working:
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybersecurity, Hacking, and Privacy

  1. 1. Wisconsin Union Directorate Cybersecurity, Hacking, Privacy April 28, 2014 Nicholas Davis, CISSP, CISA
  2. 2. Agenda • Introduction • Hacking • Botnets • Deep Web • Target Breach • Ransomware • Q&A – Anything goes!
  3. 3. Nicholas Davis • Undergraduate degree, UW- Madison • Graduate degree UW-Madison • Been around a few places • Taught at UW-Madison, MATC, Cardinal Stritch • Work at DoIT • CISSP, CISA
  4. 4. Computer Hacking In the computer security context, a hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge
  5. 5. Types of Hackers • White hat • Black hat • Grey hat • Elite hacker • Script kiddie • Neophyte • Blue hat • Hacktivist • Nation state • Organized criminal gangs
  6. 6. Hacking Methods A typical approach in an attack on Internet-connected system is: Network enumeration: Discovering information about the intended target. Vulnerability analysis: Identifying potential ways of attack. Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
  7. 7. Security Exploits Used By Hackers A security exploit is a prepared application that takes advantage of a known weakness. Common examples of security exploits are SQL injection, Cross Site Scripting and Cross Site Request Forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through FTP, HTTP, PHP, SSH, Telnet and some web-pages. These are very common in website/domain hacking.
  8. 8. Techniques Vulnerability scanner A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer.
  9. 9. Techniques Password cracking Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
  10. 10. Brute Force vs Dictionary
  11. 11. Techniques Packet sniffer A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.
  12. 12. Packet Sniffer
  13. 13. Techniques Spoofing attack (Phishing) A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a user or another program—usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.
  14. 14. Phishing
  15. 15. Techniques Rootkit A rootkit is a program that uses low- level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure their installation and attempt to prevent their removal through a subversion of standard system security.
  16. 16. Rootkit – Sick Computer
  17. 17. Techniques – Social Engineering Intimidation As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them. At this point, many people accept that the hacker is a supervisor and give them the information they seek.
  18. 18. Techniques – Social Engineering Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.) it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
  19. 19. Social Engineering Example Technique
  20. 20. Techniques – Social Engineering Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate users him- or herself. Some of these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded documents
  21. 21. Techniques – Social Engineering Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information. The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record- keeping purposes.
  22. 22. Social Engineering Works!
  23. 23. Trojan Horse A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the intruder to gain access later.
  24. 24. Virus A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
  25. 25. Computer Worm Like a virus, a worm is also a self- replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any self- propagating program.
  26. 26. Keylogger A keylogger is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access to confidential information typed on the affected machine.
  27. 27. Can Be Bought at Amazon!
  28. 28. Botnets A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of- service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation.
  29. 29. Legal Botnets The term botnet is widely used when several IRC bots have been linked and may possibly set channel modes on other bots and users while keeping IRC channels free from unwanted users. A common bot used to set up botnets on IRC is eggdrop.
  30. 30. Illegal Botnets Botnets sometimes compromise computers whose security defenses have been breached and control conceded to a third party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards- based network protocols such as IRC and Hypertext Transfer Protocol
  31. 31. Annoying Botnets
  32. 32. Botnet Recruitment Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive- by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.
  33. 33. How A Botnet Works
  34. 34. The Deep Web The Deep Web (also called the Deepnet, Invisible Web, or Hidden Web is World Wide Web content that is not part of the Surface Web, which is indexed by standard search engines.. Some prosecutors and government agencies think that the Deep Web is a haven for serious criminality.
  35. 35. Deep Resources Dynamic content: dynamic pages which are returned in response to a submitted query or accessed only through a form, especially if open- domain input elements (such as text fields) are used; such fields are hard to navigate without domain knowledge.
  36. 36. Deep Resources Unlinked content: pages which are not linked to by other pages, which may prevent Web crawling programs from accessing the content. This content is referred to as pages without backlinks (or inlinks).
  37. 37. Deep Resources Private Web: sites that require registration and login (password- protected resources). Silk Road
  38. 38. Deep Resources Contextual Web: pages with content varying for different access contexts (e.g., ranges of client IP addresses or previous navigation sequence).
  39. 39. Deep Resources Limited access content: sites that limit access to their pages in a technical way (e.g., using the Robots Exclusion Standard, CAPTCHAs, or no-cache Pragma HTTP headers which prohibit search engines from browsing them and creating cached copies
  40. 40. Deep Resources Scripted content: pages that are only accessible through links produced by JavaScript as well as content dynamically downloaded from Web servers via Flash or Ajax solutions.
  41. 41. Deep Resources Non-HTML/text content: textual content encoded in multimedia (image or video) files or specific file formats not handled by search engines. Steganography
  42. 42. Steganography
  43. 43. Crawling the Deep Web • Selecting input values for text search inputs that accept keywords, • Identifying inputs which accept only values of a specific type (e.g., date), • Selecting a small number of input combinations that generate URLs suitable for inclusion into the Web search index.
  44. 44. TOR (The Onion Router) • Uses encryption • Uses randomness to select hosts • Tor (anonymity network)
  45. 45. Deep Web Search Engine for Tor Hidden Services
  46. 46. The Target Data Breach How Did it happen? Why didn’t Target detect it? What damage was caused? Could it happen again?
  47. 47. Cryptolocker A ransomware trojan which targets computers running Microsoft Windows and first surfaced in September 2013. A CryptoLocker attack may come from various sources; one such is disguised as a legitimate email attachment.
  48. 48. Cryptolocker When activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displays a message which offers to decrypt the data if a payment is made by a stated deadline.
  49. 49. Cryptolocker Threatens to delete the private key if the deadline passes. If the deadline is not met, the malware offers to decrypt data via an online service provided by the malware's operators, for a significantly higher price in Bitcoin.
  50. 50. Money Paid In December 2013 ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators' takings. The four addresses showed movement of 41,928 BTC between October 15 and December 18, about US$27 million at the time
  51. 51. Money Paid A survey by researchers at the University of Kent found that 41% of UK respondents who were Cryptolocker victims claimed to have agreed to pay the ransom, a figure much larger than expected; 3% had been conjectured by Symantec, and 0.4% by Dell SecureWorks. The average amount per infection in the U.S. is $300.
  52. 52. Bitcoin Payment Addresses https://
  53. 53. What is Bitcoin? Bitcoin is a peer-to-peer payment system introduced as open source software in 2009 by developer Satoshi Nakamoto.[4] The digital currency created and used in the system is also called bitcoin
  54. 54. How Are Bitcoins Created? Bitcoins are created as a reward for payment processing work in which users who offer their computing power verify and record payments into a public ledger. Called mining, individuals engage in this activity in exchange for transaction fees and newly minted bitcoins.
  55. 55. Bitcoin Mining Equipment
  56. 56. Bitcoin Anonymity? The public nature of bitcoin means that, while those who use it are not identified by name, linking transactions to individuals and companies can be done. Additionally, many jurisdictions require exchanges, where people can buy and sell bitcoins for cash, to collect personal information
  57. 57. Bitcoin Anonymity In order to obfuscate the link between individual and transaction, some use a different bitcoin address for each transaction and others rely on so- called mixing services that allow users to trade bitcoins whose transaction history implicates them for coins with different transaction histories
  58. 58. Bitcoin Proof of Ownership The ownership of bitcoins associated with a certain bitcoin address can be demonstrated with knowledge of the private key belonging to the address. For the owner, it is important to protect the private key from loss or theft. If a private key is lost, the user cannot prove ownership by other means. The coins are then lost and cannot be recovered.
  59. 59. Bitcoin Wallet
  60. 60. Buying and Selling Bitcoins Bitcoins can be bought and sold with many different currencies from individuals and companies. Perhaps the fastest way to purchase bitcoins is in person or at a bitcoin ATM for cash.
  61. 61. Status of Bitcoin (IRS) The US Government Accountability Office reviewed virtual currencies upon the request of the Senate Finance Committee and in May 2013 recommended[136] that the IRS formulate tax guidance for bitcoin businesses. On 25 March 2014, in time for 2013 tax filing, the IRS issued guidance that virtual currency is treated as property for US federal tax purposes and that "an individual who 'mines' virtual currency as a trade or business [is] subject to self-employment tax
  62. 62. Q&A Session Anything Goes! Nicholas Davis Email Thank you!