35
Introduction to Computer Security and Information Assurance Cyber Security Pilot Course Summer 2011 Draft 1 Lesson 3

hacker culture

Embed Size (px)

Citation preview

Page 1: hacker culture

Introduction to Computer Securityand Information Assurance

Cyber Security Pilot Course

Summer 2011

Draft 1Lesson 3

Page 2: hacker culture

Introduction to Computer Securityand Information Assurance

Lesson 3: Hacker Culture

Cyber Security 1 PilotSummer 2011

DRAFT - Lesson 3

Page 3: hacker culture

Draft Lesson 1 © 3

Copyright Notice

This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License.

Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, [email protected], or MITRE's Technology Transfer Office, 703-983-6043).

For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.

This work is copyright of the Career Technical Education Foundation, Inc.

Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. ([email protected], (407) 491-0903).

Page 4: hacker culture

Introduction to Computer Securityand Information AssuranceLesson Objectives

• Understand Hacking• Recognize the mentality of the Hacker• Recognize common hacker methodologies• Learn about some example cyber war stories

4DRAFT - Lesson 3

Page 5: hacker culture

Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”

-Sun Tzu “On the Art of War”

5DRAFT - Lesson 3

Page 6: hacker culture

Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?

2008 FBI/CSI Cyber Crime Survey

Companies Experiencing Computer Security Incidents

6DRAFT - Lesson 3

Page 7: hacker culture

Introduction to Computer Securityand Information Assurance20 Year Trend

passwordguessing

self-replicatingcode

passwordcracking

exploitingknown

vulnerabilities

disablingaudits

backdoors

hijackingsessions

sniffer /sweepers

stealthdiagnostics

packet forging /spoofing

GUI

Hacking Tools

AverageIntruder

1980 1985 1990 1995

Rel

ativ

e Te

chni

cal C

ompl

exity

Source: GAO Report to Congress, 1996 via Divinci Group

7DRAFT - Lesson 3

Page 8: hacker culture

Introduction to Computer Securityand Information AssuranceAnd a bit more recently

Windows RemoteControl

Stacheldraht

Trinoo

Melissa

PrettyPark?

DDoS Insertion

Tools

HackingTools

KiddieScripterR

elat

ive

Tech

nica

l Com

plex

ity

1998 1999 2000 2001

8DRAFT - Lesson 3

Page 9: hacker culture

Introduction to Computer Securityand Information AssuranceWho are they?

National National InterestInterest

PersonalPersonalGainGain

PersonalPersonalFameFame

CuriosityCuriosity

Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist

Vandal

Thief

Spy

Trespasser

SOURCE: SOURCE: Microsoft and Accenture Microsoft and Accenture via Divinci Groupvia Divinci Group

Author

Mot

ives

Knowledge Level9DRAFT - Lesson 3

Page 10: hacker culture

Introduction to Computer Securityand Information AssuranceTaxonomy of Hackers

• Novice – Least experienced, focused on mischief• Student – Bright, bored and looking for

something other than homework• Tourist – Hack out of sense of adventure, need to

test themselves• Crasher – Destructive who intentionally damaged

IS systems• Thief - Rarest of Hackers – profited from their

activities – and most professionalLandreth, 1985

10DRAFT - Lesson 3

Page 11: hacker culture

Introduction to Computer Securityand Information AssuranceType of Hackers

• White Hats– Good guys, ethical hackers

• Black Hats– Bad guys, malicious hackers

• Gray Hats– Good or bad hacker; depends on the situation

DRAFT - Lesson 1 11

Page 12: hacker culture

Introduction to Computer Securityand Information AssuranceHacker Tendencies

• Invests significant amounts of time on study of documentation, giving special attention to border cases of standards

• Insists on understanding and implementing the underlying API – often confirming documentation claims

• Second guesses implementer’s logic• Insists on tools for examining the full state of

system across interface layers and for modifying these states bypassing the standard development API.

12DRAFT - Lesson 3

Page 13: hacker culture

Introduction to Computer Securityand Information AssuranceWhy these tendencies?

Developers under pressure to

‘make it work’

Developers ‘trained’ away from exploring underlying API

Developers directed to ignore specific problems

as the responsibility of

others

Developers must comply with lack

of tools to explore outside their systems.

Force cutting of corners

Forces lack of understanding of their choices

Forces Developer’s lack of Concern for a valid solution

Prevents Developer from

expanding beyond his area of study

Bratus, 2008

Economics of Insecure Hardware/Software

13DRAFT - Lesson 3

Page 14: hacker culture

Introduction to Computer Securityand Information Assurance

Developers under

pressure to ‘make it work’

Developers ‘trained’ away from exploring

underlying APIs

Developers directed to

ignore specific problems as

the responsibility

of others

Developers must comply with lack of

tools to explore

outside their system

Forces cutting of corners

Forces lack of understanding of their

choices

Forces developer’s lack of concern for a valid solution

Why these tendencies?Economics of Insecure Hardware/Software

OPPORTUNITY!!!!

14DRAFT - Lesson 3

Page 15: hacker culture

Introduction to Computer Securityand Information AssurancePhases of Ethical Hacking

DRAFT - Lesson 3 15

Page 16: hacker culture

Introduction to Computer Securityand Information AssuranceBasic Hacker Methodology

16DRAFT - Lesson 3

Page 17: hacker culture

Introduction to Computer Securityand Information AssuranceInformation Gathering/ Fingerprinting

• Gathering information about targeted network addressing scheme prior to launch of attack– IP addressing– Domain Names– Network Protocols– Activated Services

17DRAFT - Lesson 3

Page 18: hacker culture

Introduction to Computer Securityand Information AssuranceScanning/Probing

• Using Automated tools to scan a system for computers advertising application services

• Look for potential targets with possible vulnerabilities

• Look for targets running specific operating systems.

18DRAFT - Lesson 3

Page 19: hacker culture

Introduction to Computer Securityand Information AssuranceGaining Access

• Target Specific Vulnerabilities:– Operating System– Network Devices– Software Applications

• Malicious Code– Delivered via E-mail

• Social Engineering

19DRAFT - Lesson 3

Page 20: hacker culture

Introduction to Computer Securityand Information AssuranceElevating Privilege

• Why Elevate privileges?– Access User Account– Access Super User– Install Backdoors

• Password Crackers!

20DRAFT - Lesson 3

Page 21: hacker culture

Introduction to Computer Securityand Information AssuranceExploiting

• Use victim to launch attacks against others• Stealing sensitive information• Crash systems• Web Server Defacements

21DRAFT - Lesson 3

Page 22: hacker culture

Introduction to Computer Securityand Information AssuranceInstalling Back Doors

• Add user accounts that look ‘normal’• Open ports

– Allow access to system services or provide command shell access

• Cover tracks to prevent detection• Move malicious code to program

– Trojan.exe -> notepad

22DRAFT - Lesson 3

Page 23: hacker culture

Introduction to Computer Securityand Information AssuranceChinese Hacker Methodology

23DRAFT - Lesson 3

Page 24: hacker culture

Introduction to Computer Securityand Information AssuranceAnd So…

• Need to know how different hackers operate and what their motives are

• Need to learn how to attack so can defend well• Need to mitigate vulnerabilities• Need to stay one step ahead of the attack to

reduce damages• Best case scenario:

– let people in who should be in– keep everyone else out!!

24DRAFT - Lesson 3

Page 25: hacker culture

Introduction to Computer Securityand Information Assurance

Cyberwar Stories

25DRAFT - Lesson 3

Page 26: hacker culture

Introduction to Computer Securityand Information AssuranceGhostNet

• 10-month cyber-espionage investigation– 1,295 computers in 103 countries belonging to

international institutions spied on– Sensitive documents stolen and ability to

completely controlled infected computers– Used root kits, keyloggers, backdoors and social

engineering– Operation began in 2004– Evidence that China behind it

26DRAFT - Lesson 3

Page 27: hacker culture

Introduction to Computer Securityand Information Assurance

DRAFT - Lesson 3 27

Page 28: hacker culture

Introduction to Computer Securityand Information AssuranceDalai Lama

• One target the Office of His Holiness the Dalai Lama (OHHDL)– Sensitive documents stolen– Malicious emails sent to Tibet-

affiliated organizations– Investigation into GhostNet

began when OHHDL suspected malware and contacted the Munk Center for International Studies

28DRAFT - Lesson 3

Page 29: hacker culture

Introduction to Computer Securityand Information AssuranceUnique Aspects

• In addition to stealing documents, GhostNet had other capabilities– Reportedly turn on webcams and audio recording

functions of an infected computer– Essentially, turn infected computer into a large

“bug” for spying on office• Used a “control panel” reachable by a

standard web browser to manipulate the computers it had infected

29DRAFT - Lesson 3

Page 30: hacker culture

Introduction to Computer Securityand Information AssuranceSo how did they detect it?

• Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software

• Googled it• Led him to web site in China• Commanded system to infect system in their

lab and watched commands

30DRAFT - Lesson 3

Page 31: hacker culture

Introduction to Computer Securityand Information AssuranceAnd, of course

China Denies Any Role in 'GhostNet' Computer Hacking Beijing31 March 2009

Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China.

Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so-called Chinese computer spies."

31DRAFT - Lesson 3

Page 32: hacker culture

More Cyber Stories:Understanding the Hacker

Page 33: hacker culture
Page 34: hacker culture

Introduction to Computer Securityand Information AssuranceLesson Summary Key Points

• Hacking is illegal (most of the time)– Understand the laws– Port Scanning can be considered illegal

• Post 9/11 can be act of terrorism

34DRAFT - Lesson 3

Page 35: hacker culture

Introduction to Computer Securityand Information Assurance

Questions?

Draft 35