Upload
ajmcmullin
View
219
Download
5
Embed Size (px)
Citation preview
Introduction to Computer Securityand Information Assurance
Cyber Security Pilot Course
Summer 2011
Draft 1Lesson 3
Introduction to Computer Securityand Information Assurance
Lesson 3: Hacker Culture
Cyber Security 1 PilotSummer 2011
DRAFT - Lesson 3
Draft Lesson 1 © 3
Copyright Notice
This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License.
Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, [email protected], or MITRE's Technology Transfer Office, 703-983-6043).
For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
This work is copyright of the Career Technical Education Foundation, Inc.
Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. ([email protected], (407) 491-0903).
Introduction to Computer Securityand Information AssuranceLesson Objectives
• Understand Hacking• Recognize the mentality of the Hacker• Recognize common hacker methodologies• Learn about some example cyber war stories
4DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
-Sun Tzu “On the Art of War”
5DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceWhy Study “The Hacker”?
2008 FBI/CSI Cyber Crime Survey
Companies Experiencing Computer Security Incidents
6DRAFT - Lesson 3
Introduction to Computer Securityand Information Assurance20 Year Trend
passwordguessing
self-replicatingcode
passwordcracking
exploitingknown
vulnerabilities
disablingaudits
backdoors
hijackingsessions
sniffer /sweepers
stealthdiagnostics
packet forging /spoofing
GUI
Hacking Tools
AverageIntruder
1980 1985 1990 1995
Rel
ativ
e Te
chni
cal C
ompl
exity
Source: GAO Report to Congress, 1996 via Divinci Group
7DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceAnd a bit more recently
Windows RemoteControl
Stacheldraht
Trinoo
Melissa
PrettyPark?
DDoS Insertion
Tools
HackingTools
KiddieScripterR
elat
ive
Tech
nica
l Com
plex
ity
1998 1999 2000 2001
8DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceWho are they?
National National InterestInterest
PersonalPersonalGainGain
PersonalPersonalFameFame
CuriosityCuriosity
Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist
Vandal
Thief
Spy
Trespasser
SOURCE: SOURCE: Microsoft and Accenture Microsoft and Accenture via Divinci Groupvia Divinci Group
Author
Mot
ives
Knowledge Level9DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceTaxonomy of Hackers
• Novice – Least experienced, focused on mischief• Student – Bright, bored and looking for
something other than homework• Tourist – Hack out of sense of adventure, need to
test themselves• Crasher – Destructive who intentionally damaged
IS systems• Thief - Rarest of Hackers – profited from their
activities – and most professionalLandreth, 1985
10DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceType of Hackers
• White Hats– Good guys, ethical hackers
• Black Hats– Bad guys, malicious hackers
• Gray Hats– Good or bad hacker; depends on the situation
DRAFT - Lesson 1 11
Introduction to Computer Securityand Information AssuranceHacker Tendencies
• Invests significant amounts of time on study of documentation, giving special attention to border cases of standards
• Insists on understanding and implementing the underlying API – often confirming documentation claims
• Second guesses implementer’s logic• Insists on tools for examining the full state of
system across interface layers and for modifying these states bypassing the standard development API.
12DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceWhy these tendencies?
Developers under pressure to
‘make it work’
Developers ‘trained’ away from exploring underlying API
Developers directed to ignore specific problems
as the responsibility of
others
Developers must comply with lack
of tools to explore outside their systems.
Force cutting of corners
Forces lack of understanding of their choices
Forces Developer’s lack of Concern for a valid solution
Prevents Developer from
expanding beyond his area of study
Bratus, 2008
Economics of Insecure Hardware/Software
13DRAFT - Lesson 3
Introduction to Computer Securityand Information Assurance
Developers under
pressure to ‘make it work’
Developers ‘trained’ away from exploring
underlying APIs
Developers directed to
ignore specific problems as
the responsibility
of others
Developers must comply with lack of
tools to explore
outside their system
Forces cutting of corners
Forces lack of understanding of their
choices
Forces developer’s lack of concern for a valid solution
Why these tendencies?Economics of Insecure Hardware/Software
OPPORTUNITY!!!!
14DRAFT - Lesson 3
Introduction to Computer Securityand Information AssurancePhases of Ethical Hacking
DRAFT - Lesson 3 15
Introduction to Computer Securityand Information AssuranceBasic Hacker Methodology
16DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceInformation Gathering/ Fingerprinting
• Gathering information about targeted network addressing scheme prior to launch of attack– IP addressing– Domain Names– Network Protocols– Activated Services
17DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceScanning/Probing
• Using Automated tools to scan a system for computers advertising application services
• Look for potential targets with possible vulnerabilities
• Look for targets running specific operating systems.
18DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceGaining Access
• Target Specific Vulnerabilities:– Operating System– Network Devices– Software Applications
• Malicious Code– Delivered via E-mail
• Social Engineering
19DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceElevating Privilege
• Why Elevate privileges?– Access User Account– Access Super User– Install Backdoors
• Password Crackers!
20DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceExploiting
• Use victim to launch attacks against others• Stealing sensitive information• Crash systems• Web Server Defacements
21DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceInstalling Back Doors
• Add user accounts that look ‘normal’• Open ports
– Allow access to system services or provide command shell access
• Cover tracks to prevent detection• Move malicious code to program
– Trojan.exe -> notepad
22DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceChinese Hacker Methodology
23DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceAnd So…
• Need to know how different hackers operate and what their motives are
• Need to learn how to attack so can defend well• Need to mitigate vulnerabilities• Need to stay one step ahead of the attack to
reduce damages• Best case scenario:
– let people in who should be in– keep everyone else out!!
24DRAFT - Lesson 3
Introduction to Computer Securityand Information Assurance
Cyberwar Stories
25DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceGhostNet
• 10-month cyber-espionage investigation– 1,295 computers in 103 countries belonging to
international institutions spied on– Sensitive documents stolen and ability to
completely controlled infected computers– Used root kits, keyloggers, backdoors and social
engineering– Operation began in 2004– Evidence that China behind it
26DRAFT - Lesson 3
Introduction to Computer Securityand Information Assurance
DRAFT - Lesson 3 27
Introduction to Computer Securityand Information AssuranceDalai Lama
• One target the Office of His Holiness the Dalai Lama (OHHDL)– Sensitive documents stolen– Malicious emails sent to Tibet-
affiliated organizations– Investigation into GhostNet
began when OHHDL suspected malware and contacted the Munk Center for International Studies
28DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceUnique Aspects
• In addition to stealing documents, GhostNet had other capabilities– Reportedly turn on webcams and audio recording
functions of an infected computer– Essentially, turn infected computer into a large
“bug” for spying on office• Used a “control panel” reachable by a
standard web browser to manipulate the computers it had infected
29DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceSo how did they detect it?
• Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software
• Googled it• Led him to web site in China• Commanded system to infect system in their
lab and watched commands
30DRAFT - Lesson 3
Introduction to Computer Securityand Information AssuranceAnd, of course
China Denies Any Role in 'GhostNet' Computer Hacking Beijing31 March 2009
Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China.
Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so-called Chinese computer spies."
31DRAFT - Lesson 3
More Cyber Stories:Understanding the Hacker
Introduction to Computer Securityand Information AssuranceLesson Summary Key Points
• Hacking is illegal (most of the time)– Understand the laws– Port Scanning can be considered illegal
• Post 9/11 can be act of terrorism
34DRAFT - Lesson 3
Introduction to Computer Securityand Information Assurance
Questions?
Draft 35