Hacking and Scams

Richard Baskerville

Georgia State University

Agenda

• System Attacks

• Social Engineering

• Google Hacking

• Exploits

• Payloads

• WiFi Hacking

• Phone Hacking

System Attacks

• Remote or physical access

• Password guessing

• Password cracking

Social Engineering

Google HackingLong Established

Database of Exploit Queries

Aka “dorks”

GHDB Can Execute Queries on Google

Source: http://wand.5gbfree.com/passes.txt

Exploits and Malware

• Vehicles: Delivering Trojan payloads

• Viruses

• SQL Injection

• Suckers

– Phishing

– Web-page Trojans

– Malicious executables

– Image, music, video Trojans

• Buffer overflows and other exploits in image processing or playback programs

Payloads

• Spyware

• Rootkits

• Keyloggers

• Botnets

• Ransomware

Spyware

• Commonly Browser-Based Attack

• Sometimes semi-legit– Authorized in EULA

– Data for marketing / advertising

• Malicious add-in, helper code

• Collect browser data– Account information

– Passwords

– Browsing habits

• Modify browser or computer configuration

Rootkits

• Permits unauthorized full administrator-level access

• Hides itself

– The files, folders, registry edits, and other components it uses.

• May hide bundled malicious files

Keyloggers

• Ultimate spyware

• Record or transfer keystrokes and data streams

• Conceal their presence

• Compromise personal information like passwords, credit card numbers, bank numbers, etc.

Botnets

• Continuously awaits and processes commands received in a client/server mode.

• Frequently uses IRC chat channels

– Higher degree of anonymity

– High availability

• Purposes

– Distributing denial of service attacks (DDOS)

– Spamming

– Distributing illegal advertising software

– Abuse of ‘pay per click’ systems (Adware models)

– Spread on-demand

Ransomware

• A payload that encrypts files and/or disks on a

computer systems

• It displays a demand for a ransom to be paid

• It promises to deliver the decryption key upon

payment of the ransom

• The ransom is demanded in a

digitally untraceable form, such

as bitcoins

WiFi Hacking

• Wardriving – driving around looking for networks to hack

– Aided by GPS Mapping

• Exploit default configurations

• Weak Link - one mis-configured access point is enough

• Security weaknesses

– WEP

– WPA

– WPA-2

WEP

• 40-bit cipher key simple XOR encryption

• Embeds session key into the packet stream

• Attacks – Flipping bits in the cipher stream

and watching to see which bits are flipped in the resulting plaintext

– Decrypting ciphertexts encrypted with the same keystream

– Attacker can deduce the cipher key by repeating the above

WPA

• 128-bit key Temporal Key Integrity Protocol (TKIP)

• Key changed on a per-packet basis

• Crackable in 60 seconds

• Protocol weakness

– On logon, client obtains a session key by exchanging the hash of the access point's key

– Session key is rotated on a per-packet basis for the entire session

– Hash salted with the SSID (the name of the wireless network)

– Attackers can derive the key from that hash using tables of common SSID (“linksys” or “netgear”) and common passwords

WPA-2

• 128-bit AES encryption for keys

• Replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

• Attacks

– Man-in-the-middle

– Hole-196: Malicious client can spoofs packets from the access point (impersonates the access point)

– Sniff network traffic or disrupt service

Phone Hacking

• Default Pins

• Social Engineering

– “Borrow” device

– Reset to default pins

• Voice Phishing (vishing)

• SMS/MMS Phishing (smishing)

Smartphone Hacking

• Like PCs: Virus, Trojans, etc.

• Banking Trojans intercepting financial transactions

• Malware sending text messages to premium SMS services

• Spyware

– The places you go and when

– Record & forward phone conversations

• Malicious Quick Response codes

– Matrix bar codes

• Malicious web sites (normal browsing danger)

PoS Malware

• Functions not all present in all variants

• Scraping memory for track data– Searches running processes for track data

• Logging keystrokes– Command & control (C2) communication

– Uploading discovered data

– Updating the malware

– Downloading/executing further malware

– Uninstalling the malware

• Injecting malicious stub into explorer.exe– Responsible for persistence in the event the malicious

executable crashes or is forcefully stopped

Eg.: Backoff Family

US-CERT Alert TA14-212A (2014) https://www.us-cert.gov/ncas/alerts/TA14-212A

Hacking and Scams

Richard Baskerville

Georgia State University