Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
ACN SS 07 - Hacker Perspectives
Hacker Perspectives
Advanced ComputerNetworksSS 2007Franz Sommerauer
ACN SS 07 - Hacker Perspectives
Overview
Definition of a Hacker History of Hacking How to get into Scene Information Gathering Ethical Hacking Most famous Hackers
ACN SS 07 - Hacker Perspectives
Definition (see Hacker Jargon file)
1. A person who enjoys learning the detailsof programming systems and how to stretchtheir capabilities, as opposed to most userswho prefer to learn only the minimumnecessary.
2. One who programs enthusiastically, orwho enjoys programming rather than justtheorizing about programming.
ACN SS 07 - Hacker Perspectives
Types of hackers
White hat– A person who is ethically opposed to the abuse of computer
systems (ethical hacker)– Generally focuses on securing IT systems
Grey hat– A skilled hacker who sometimes acts legally, sometimes in
good will, and sometimes not– Hybrid between white and black hat hackers
Black hat– Someone who compromises the security of a system
without permission from an authorized party– Cracker
ACN SS 07 - Hacker Perspectives
History of hacking
1972– John Draper discovers that a 2.6
kHz tone allows to access theinternal trunking mechanism of MaBell
2.6 kHz tone created by a whistle With a Blue box it was possible to
take internal control of Ma Bell'slong distance switching equipment
1973– College students Steve Wozniak
and Steve Jobs begin making andselling blue boxes
ACN SS 07 - Hacker Perspectives
History of hacking
1981– Chaos computer Club forms in Germany
1982– Hacker group of six teenage hackers (414’s)
broke into 60 computer systems and instiutitions(including Los Alamos Labs)
1988– Kevin Mitnick secretly monitors the e-Mail of
security officials (sentenced for one year to jail)
ACN SS 07 - Hacker Perspectives
History of hacking
1988– Robert T. Morris launches a worm on governments
ARPAnet (precursor of the Internet) The worm spreads to 6000 networked computers First person indicted under the Computer Fraud and Abuse Act
of 1986 3 years probation 400 hours community service Fine of $10,050 and cost of his supervision
– First National Bank of Chicago became victim of $70-millioncomputer theft
ACN SS 07 - Hacker Perspectives
History of hacking
1989– Hackers in West Germany were arrested
Broke into U.S. Government and corporate computers Sold OS-Sourcecode to Soviet KGB
– Fry Guy was arrested earned the name by hacking into a local McDonald's
computer and giving raises to his hamburger-flippingfriends
Got credit card numbers by social engeneering
ACN SS 07 - Hacker Perspectives
History of hacking
1993– During radio station call-in contests, Kevin
Poulsen and 2 friends rigged the stations phonesystm to let their calls through Won 2 Porsches, vacation trips and $20.000
– Texas A&M Univerity professor received deaththreats because a hacker used his email accountto sent 20.000 racist emails
ACN SS 07 - Hacker Perspectives
History of hacking
1994– Vladimir Levin and his group transferred $10
million from Citibank to bank accounts all over theworld Sentenced to three years in prison
1995– Kevin Mitnick arrested again
FBI accused him of stealing 20.000 credit card numbers stealing files from companies as Motorola and Sun
Microsystems
ACN SS 07 - Hacker Perspectives
History of hacking
1998– 2 hacker were sentenced to death in China for stealing 260.000 Yuan
($31.400) 1999
– Unidentified hacker seized control of British military communicationsatellite and demanded money in return for control of satellite
2000– Hackers broke into Microsoft‘s corporate network
accessed source code for latest versions of Mircrosoft Windows and Officesoftware
– Russian cracker attempts to extort $100.000 from online music retailerCD Universe
threatening to expose thousands of customers credit card numbers– I love you virus spread rapidly around the world
infected image and sound files
ACN SS 07 - Hacker Perspectives
History of hacking
2002– Mircrosoft sent more than 8.000 programmers to
security training 2004
– Myron Tereshchuk was arrested Attempting to extort $17 million from Micropatent
2006– Jeanson James Ancheta received a 57 month
prison sentence
ACN SS 07 - Hacker Perspectives
How to get into scene
How to become a hacker– Learn about the techniques behind (program, UNIX, WWW)– Contribute to a hacker culture
You aren't really a hacker until other hackers consistently call you one Hackers publish their work under real-names, Crackers use
pseudonyms– Experiment and try out things
How to become a cracker– Download a script and run it somewhere– Download a file called “40HEX”– Use your hacking skills for bad purpose– The final reason a cracker cracks is for money
ACN SS 07 - Hacker Perspectives
Information gathering
The more you know the easier you can attack. There are many ways to gather information
– Footprinting, Ping Sweep, Port Scan, OS Detection, Finger
Giving away knowledge is more dangerous thanrunning insecure software.
– Manuals must be secret!– Never give away secret information over telephone!– Try to conceal what software / hardware / versions you are
using
ACN SS 07 - Hacker Perspectives
Information gathering
Footprinting– Learn as much as you can about a system
Remote access possibilities, ports, services … How does the phone-system work? How does the back-bone work? How does the company deal with the system? Who is responsible, who knows the system?
Read papers, manuals and ask the ones who know
ACN SS 07 - Hacker Perspectives
Information gathering
Social Engineering– Attacker tries to convince someone to give out information,
passwords– Most innocent questions
What is the phone number/IP address for… Who is responsible for administrating the computer network
– Network structure
The technical know-how is less important thaninformation!
ACN SS 07 - Hacker Perspectives
Information gathering
Ping sweepPing a range of IP addresses to find out whichmachines are currently running
Port Scan– TCP Scan:
Scan ports to see which services are running
– UDP Scan:Send garbage packets to ports
ACN SS 07 - Hacker Perspectives
Information gathering
OS DetectionThis involves sending illegal ICMP or TCPpackets to a machine
Finger– Retrieving the User List to get all accounts.– Read Log-Files that show from where and when
users are logging in.
ACN SS 07 - Hacker Perspectives
Ethical Hacking
Best protect a system by probing it while causing nodamage and fixing vulnerabilities found
Simulate how an attacker with no inside knowledgeof a system might try to penetrate
Includes permission to intrude– Consulting services– Hacking contests– Beta testing
ACN SS 07 - Hacker Perspectives
Ethical Hacking
The Problem– Current software engineering practices do not produce
systems that are immune from attack– Current security tools only address parts of the problem and
not the system as a whole→ lack understanding leads to reliance upon partialsolutions
– Policy and law in cyberspace is immature and lags thestate-of-the-art in attacks
– System administration is difficult and becomingunmanageable due to patching against increasedvulnerabilities
ACN SS 07 - Hacker Perspectives
Ethical Hacking
The result– Average time for a PC to be broken into directly
out-of-box from the store and attached to theInternet is less than 24 hours.
– The worst case scenario is about 15 minutes
ACN SS 07 - Hacker Perspectives
Ethical Hacking
Scanning Tools– Typical information that can be learnd from a port
scan is: Existence of computer OS Version of OS Types of available services (smtp, httpd, ftp, telnet…) Type of computing platform
ACN SS 07 - Hacker Perspectives
Ethical Hacking
Dual nature of a port scanner– Most powerful tool an ethical hacker can use in
protecting a network of computers– Most powerful tool a cracker can use to generate
attacks
Historically most popular cracker attacks arethose that use scanning tools to target knownvulnerabilities
ACN SS 07 - Hacker Perspectives
Ethical Hacking
Conflicts of interest– Security firms hype and invent threats– Persons who work at security firms have been
known to spend their off-hours creating anddistributing the very attack tools their companysells to protect against
– Due to market pressure, businesses have usedethical hackers to: Beta test products Hacking contests
ACN SS 07 - Hacker Perspectives
Ethical Hacking
Conclusion– The present poor security on the Internet, ethical
hacking may be the most effective way toproactively plug security holes an preventintrusions.
– On the other hand, ethical hacking tools have alsobeen notorious tools for crackers.
ACN SS 07 - Hacker Perspectives
Most famous Hackers
Black hat hackers– Jonathan James
installed a backdoor into a Defense Threat Reduction Agencyserver
cracked into NASA computers stealing software worth approximately $1.7 million started a computer security company
– Adrian Lamo His hits include Yahoo!, Bank of America, Citigroup and
Cingular Now he is working as journalist and public speaker
ACN SS 07 - Hacker Perspectives
Most famous Hackers
– Kevin Mitnick He hacked into computers, stole corporate secrets, scrambled
phone networks and broke into the national defense warningsystem
is now a computer security consultant, author and speaker– Kevin Poulsen
His hacking specialty, however, revolved around telephones He is now a senior editor for Wired News
– Robert Tappan Morris is currently working as a tenured professor at the MIT
Computer Science and Artificial Intelligence Laboratory
ACN SS 07 - Hacker Perspectives
Most famous Hackers
White hat hackers– Stephan Wozniak
Co-founded Apple computers with Steve Jobs got his start in hacking making blue boxes Wozniak even used a blue box to call the Pope while
pretending to be Henry Kissinger– Tim Berners-Lee
famed as the inventor of the World Wide Web While working with CERN he created a hypertext prototype
system that helped researchers share and update informationeasily
founded the World Wide Web Consortium at MIT (W3C)
ACN SS 07 - Hacker Perspectives
Most famous Hackers
– Linus Torvalds Father of Linux He started with a task switcher in Intel 80386 assembly and a
terminal driver. Then he put out a call for others to contributecode, which they did. Only about 2% of the Linux kernel iswritten by Torvalds himself (most prominent examples offree/open source software)
– Richard Stallman Founded the GNU Project to develop a free OS
– Tsutomu Shimomura he was hacked by Kevin Mitnick. Following this personal
attack, he made it his cause to help the FBI capture him Using Mitnick's cell phone, they tracked him near Raleigh-
Durham International Airport
ACN SS 07 - Hacker Perspectives
Thank you for your attention!