Transcript Slide 1
Hands On Hacking Professional Development for North Carolina Computer Instructors Outline Brief History of Hacking Recent Trends: DDoS, Spam, Viruses, Identity Theft What is a Hacker? What is Ethical Hacking? Anatomy of an Attack: Reconnaissance Scanning Gaining access Maintaining access Covering tracks Web Sites for Hacking Tools Brief History of Hacking PREHISTORY (before 1969) 1960s: The Dawn of Hacking Original meaning of the word "hack" started at MIT; meant elegant, witty or inspired way of doing almost anything; hacks were programming shortcuts ELDER DAYS (1970-1979) 1970s: Phone Phreaks and Cap'n Crunch: One phreak, John Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n Crunch cereal gives 2600hertz signal, and can access AT&T's long-distance switching system. Steve Wozniak and Steve Jobs, future founders of Apple Computer, make and sell blue boxes. THE GOLDEN AGE (19801991) 1983: Kids' Games Movie "War Games" introduces public to hacking. THE GREAT HACKER WAR Legion of Doom vs Masters of Deception; 1984: Hacker 'Zines CRACKDOWN (1986-1994) 1986: Computer Fraud and Abuse Act 1988: The Morris Worm 1989: THE GERMANS , THE KGB AND KEVIN MITNICK German Hackers breaking into U.S. computers; sold information to Soviet KGB. Hacker "The Mentor“publishes Hacker's Manifesto. Kevin Mitnick arrested. 1993: Why Buy a Car When You Can Hack One? Call-in contest; Kevin Poulsen crack phone; get two Porsches, $20,000 cash, vacation trips; Poulsen now covering computer crime. http://www.securityfocus.com ZERO TOLERANCE (1994-1998) 1995: The Mitnick Takedown: Arrested again. •1995: Russian Hackers Siphon $10 million from Citibank. •Oct 1998 teenager hacks into Bell Atlantic phone system; disabled communication at airport disables runway lights. •1999 hackers attack Pentagon, MIT, FBI web sites. •1999: E-commerce company attacked; blackmail threats followed by 8 million credit card numbers stolen. (www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; www.tlc.discovery.com) Recent Trends: DDoS, Spam, Viruses, Identity Theft, Phishing, Pharming Phishing: Attackers coined term “phishing” 1996 – swindling AOL customers into giving up their passwords. (www.zdnet.com) Email fraud epidemic; 1100 phishing campaigns in April; 178% increase from previous month; 4000% increase since November 2003. Gartner Group study: 40% of all online users received phishing email; legit looking email and asked for information; visit a site that installs spyware or Trojan program allowing backdoor. (www.technewsworld.com) “Warspammers” drive by spamming; compromises wireless LANs to send spam; estimated 60-80% corp. wireless networks unsecured; war driving and war chalking also on the rise. (www.zdnet.com) Advanced Fee Fraud: Speculated that terrorists and organized crime make money through use of advanced fee fraud (Nigerian-style) and pirated software. Victims “hired”; sent PC to ship to buyer; victim sent cashier's check; told to deduct salary and mail back remainder; checks are counterfeit; PCs purchased with stolen credit cards.(www.securityfocus.com) • Virus Gangs - trying to control their "turf“; gained access with Trojans; launch a DDoS; sell to spammers who use them anonymously to send spoofed spam; three gangs: three groups: MyDoomers, Bagles, Netskys. (www.zdnet.com) Recent arrest Netsky / Sasser author Sven, 18 yr old in Germany; responsible for 70% viruses in 2004; virus deletes “MyDoom” from PCs; after Microsoft offered ¼ million reward, his friend turned him in. (www.zdnet.com) Six men charged with DDoS attack against business rival; hired hackers; victims suffer $2 million loss. (www.zdnet.com) Gathering DDoS Storm: Estimated 90% of all home PCs infected by spyware and Trojans; suggests potential for largest DDoS attack "on a scale never before experienced;" attackers who own zombies sell them to spammers. (www.networkmagazine.com) Google being used by hackers to see what people photocopy; search engines cache or index everything on the Internet. (www.ZDNet.com) Pharmers “poison” DNS server redirecting Web requests somewhere else; browser appears to be connected to the right site and user is unaware. (www.ZDNet.com) Cell Phone Virus: codenamed "Cabir ," attacks Nokia phone enabled with Bluetooth technology. (www.eweek.com) 2005: Paris Hilton smartphone hacked; celebrity phone numbers listed on Internet. (www.cnet.com) What is a Hacker? Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system. Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems. Professional Criminals or Crackers: Make a living by breaking into systems and selling the information. Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com) Hacker classes Black hats – highly skilled, malicious, destructive “crackers” White hats – skills used for defensive security analysts Gray hats – offensively and defensively; will hack for different reasons, depends on situation. HaXor – want to be hackers for wrong reasons, and lack the skill (www.cnet.com) Hactivism – hacking for social and political cause. Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected. Any computer connected to Internet scanned several times a day as a general rule. What is Ethical Hacking? Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.” Anatomy of an attack: Reconnaissance – attacker gathers information; can include social engineering. Scanning – searches for open ports (port scan) probes target for vulnerabilities. Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. (www.eccouncil.org) Reconnaissance Reconnaissance: attacker seeks to gather information Footprinting: blueprinting of the security profile of organization or target system undertaken in a methodological manner. Locate network range, active machines, open ports/access points, determine operating systems Hacking Tool: NS Lookup - get host name, IP address (online www.zoneedit.com/lookup.html) Hacking Tool: Tracert (command prompt) Hacking Tool: Trout Hacking Tool: VisualWare Scanning Attacker builds attack plan; finds limits of network; assesses perimeter defenses; uses war dialers and ping. War dialers exploit unsecured modem to gain access; ping detects current state Hacking Tool: Ping (command prompt) Hacking Tool: Genius (www.indiesoft.com/genius322.exe) Hacking Tool: LanNetScan Hacking Tool: NMap Hacking Tool: THC-Scan, Hacking Tool: IPEye/IPSECSCAN Gaining Access Includes password guessing and cracking, password sniffing, vulnerability scanning, keystroke logging. Password attacks: dictionary attack – taking list of words; brute force attack – all possible passwords. Places backdoor with a Trojan; removes evidence from event system logs; disables antivirus. Hacking Tool: Legion Hacking Tool: Brutus Hacking Tool: Sam Spade Hacking Tool: Spector Pro Hacking Tool: eBlaster Hacking Tool: John the Ripper Hacking Tool: Attacker Hacking Tool: SuperScan Using Sniffers and Keyloggers Sniffer is software that captures network traffic; listens in; does not intercept or interfere; used for retrieving passwords and user names. Hacking Tool: Ethereal Hacking Tool: Snort Hacking Tool: Cain & Abel Hacking Tool: Iris Hacking Tool: HomeKeylogger Hacking Tool: PerfectKeylogger Crashing Servers Denial of Service (DoS): renders system unusable or significantly ties up resources and slows network. Distributed Denial of Service (DDoS) attack: breaking into many machines to launch coordinated DOS attack by installing DDoS software on them. Ping of death: DoS whereby attacker sends IP packet larger than 65,536 bytes normally allowed; causes buffer overflow, freezes, reboots. Hacking Tool: Ping of Death Hacking Tool: Trinoo Hacking Tool: Smurf Viruses Hacking Tool: Senna Spy Wireless Hacking Tool: AirSnort Maintaining Access Trojan typically unauthorized program within legitimate program; can be altered legitimate program; or any program that appears to perform desirable but also performs functions unknown to user. Different types of Trojans: remote access, password sending, keyloggers, destructive, denial of service, ftp, software detection killers. Trojans gain and retain access; can alter registry; allow administrator access. Hacking Tool: Tini Hacking Tool: SubSeven Hacking Tool: BackOrifice Hacking Tool: Loki Hacking Tool: Whack A Mole Covering Tracks Steganography: art and science of hiding information by embedding message within other objects; cannot be detected; objects include: audio or video files, graphics, “white spaces” within documents. Hacking Tool: Image Hide www.dancemammal.com Hacking Tool: Snow Hacking Tool: Camera/Shy Hacking Tool: StegDetect Web Sites for Hacking Tools http://www.foundstone.com http://www.thenetworkadministrator.com/top2004hackertools.htm http://www.hackingexposed.com/tools/tools.html http://www.insecure.org/tools.html