Upload
vuduong
View
219
Download
4
Embed Size (px)
Citation preview
Hacking and Scams
Richard Baskerville
Georgia State University
Agenda
• System Attacks
• Social Engineering
• Google Hacking
• Exploits
• Payloads
• WiFi Hacking
• Phone Hacking
System Attacks
• Remote or physical access
• Password guessing
• Password cracking
Social Engineering
Google HackingLong Established
Database of Exploit Queries
Aka “dorks”
GHDB Can Execute Queries on Google
Source: http://wand.5gbfree.com/passes.txt
Exploits and Malware
• Vehicles: Delivering Trojan payloads
• Viruses
• SQL Injection
• Suckers
– Phishing
– Web-page Trojans
– Malicious executables
– Image, music, video Trojans
• Buffer overflows and other exploits in image processing or playback programs
Payloads
• Spyware
• Rootkits
• Keyloggers
• Botnets
• Ransomware
Spyware
• Commonly Browser-Based Attack
• Sometimes semi-legit– Authorized in EULA
– Data for marketing / advertising
• Malicious add-in, helper code
• Collect browser data– Account information
– Passwords
– Browsing habits
• Modify browser or computer configuration
Rootkits
• Permits unauthorized full administrator-level access
• Hides itself
– The files, folders, registry edits, and other components it uses.
• May hide bundled malicious files
Keyloggers
• Ultimate spyware
• Record or transfer keystrokes and data streams
• Conceal their presence
• Compromise personal information like passwords, credit card numbers, bank numbers, etc.
Botnets
• Continuously awaits and processes commands received in a client/server mode.
• Frequently uses IRC chat channels
– Higher degree of anonymity
– High availability
• Purposes
– Distributing denial of service attacks (DDOS)
– Spamming
– Distributing illegal advertising software
– Abuse of ‘pay per click’ systems (Adware models)
– Spread on-demand
Ransomware
• A payload that encrypts files and/or disks on a
computer systems
• It displays a demand for a ransom to be paid
• It promises to deliver the decryption key upon
payment of the ransom
• The ransom is demanded in a
digitally untraceable form, such
as bitcoins
WiFi Hacking
• Wardriving – driving around looking for networks to hack
– Aided by GPS Mapping
• Exploit default configurations
• Weak Link - one mis-configured access point is enough
• Security weaknesses
– WEP
– WPA
– WPA-2
WEP
• 40-bit cipher key simple XOR encryption
• Embeds session key into the packet stream
• Attacks – Flipping bits in the cipher stream
and watching to see which bits are flipped in the resulting plaintext
– Decrypting ciphertexts encrypted with the same keystream
– Attacker can deduce the cipher key by repeating the above
WPA
• 128-bit key Temporal Key Integrity Protocol (TKIP)
• Key changed on a per-packet basis
• Crackable in 60 seconds
• Protocol weakness
– On logon, client obtains a session key by exchanging the hash of the access point's key
– Session key is rotated on a per-packet basis for the entire session
– Hash salted with the SSID (the name of the wireless network)
– Attackers can derive the key from that hash using tables of common SSID (“linksys” or “netgear”) and common passwords
WPA-2
• 128-bit AES encryption for keys
• Replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
• Attacks
– Man-in-the-middle
– Hole-196: Malicious client can spoofs packets from the access point (impersonates the access point)
– Sniff network traffic or disrupt service
Phone Hacking
• Default Pins
• Social Engineering
– “Borrow” device
– Reset to default pins
• Voice Phishing (vishing)
• SMS/MMS Phishing (smishing)
Smartphone Hacking
• Like PCs: Virus, Trojans, etc.
• Banking Trojans intercepting financial transactions
• Malware sending text messages to premium SMS services
• Spyware
– The places you go and when
– Record & forward phone conversations
• Malicious Quick Response codes
– Matrix bar codes
• Malicious web sites (normal browsing danger)
PoS Malware
• Functions not all present in all variants
• Scraping memory for track data– Searches running processes for track data
• Logging keystrokes– Command & control (C2) communication
– Uploading discovered data
– Updating the malware
– Downloading/executing further malware
– Uninstalling the malware
• Injecting malicious stub into explorer.exe– Responsible for persistence in the event the malicious
executable crashes or is forcefully stopped
Eg.: Backoff Family
US-CERT Alert TA14-212A (2014) https://www.us-cert.gov/ncas/alerts/TA14-212A
Hacking and Scams
Richard Baskerville
Georgia State University