• Home

  • Documents

  • By Andrew Winokur. Myth: Hackers are evil people who want to do nothing more than destroy computers...
29
Hacking & Phreaking By Andrew Winokur

By Andrew Winokur. Myth: Hackers are evil people who want to do nothing more than destroy computers Fact: The term “hacker” is a vague term, that

Tags:

Embed Size (px)

Citation preview

  • Slide 1

By Andrew Winokur Slide 2 Myth: Hackers are evil people who want to do nothing more than destroy computers Fact: The term hacker is a vague term, that can represent many different ideas Slide 3 People used huge mainframe computers hosted by university facilities; originally used to push programs beyond their design (e.g. MIT hacking electrical trains to allow them to perform faster First Bulletin Board System (BBS) was created where large corporations, universities, and governments could connect to. Nicknamed MAC for Multiple- Access Computers John McCarthy hacked/crashed the MAC system, which created a following 1960s Slide 4 Even corporations would hack the Bulletin Board System, committing industrial espionage The administrators of the MAC would encourage this behavior This sense of freedom to do whatever one wanted augmented with the seemingly endless challenges of finding new ways to break something started the hacker culture Slide 5 Different type of hacker emerged called phone hackers or phreakers (combination of the words phone and hackers) Phreaking started by a blind child named Joe Engressia By whistling a certain pitch on a phone, he realized he could turn any recorded message off (due to telephonic systems back then using a multifrequency system which relied on certain pitches to function) By whistling the right tones at the right time, Joe Engressia could place free calls anywhere in the world 1970s Slide 6 Later on, a man named John Draper found a whistle in a Captain Crunch cereal box which could reproduce the exact pitch (2600 kHz) needed to place a free call John Draper appropriately nicknames himself Captain Crunch, and call other phreakers in the world about his discovery, inspired invention of phreaking boxes The Blue Box was made by phreakers to emulate any multifrequency pitch Joe Engressia and Draper were later arrested, but the publicity from this made phreaking even more popular 1970s Slide 7 Around this era, the amount of practicing hackers increased exponentially due to two reasons: Personal Computers finally being made available to the public at a reasonable price Movies such as Wargames both glorifying hacking and making it look easy Hacking groups began to form such as the 414s (accused of 60 computer break-ins), Legion of Doom, and Germanys Chaos Computer Club 2600: Hacker Quarterly is released 1980s Slide 8 Government begins taking precautions against cybercrime, formed Comprehensive Crime Control Act (gives Secret Service jurisdiction over credit card and computer fraud) Government also created the Computer Fraud & Abuse Act (declared it a crime to break into computer systems) Government formed the Computer Emergency Response Team (CERT) in 1987, which handles computer security incidents 1980s Slide 9 The 1990s and beyond have been full of both big an small hacker attacks. These attacks have ranged from breaking into and defacing Web sites to attacking the United States Department of Defenses computers 250,000 times Hacking was still being glorified in this period with the 1995 film Hackers, although many hackers did not seem to approve of this movie http://web.archive.org/web/20000818142725/www.mgm.com/hackers/ http://web.archive.org/web/20000818142725/www.mgm.com/hackers/ Script Kiddies become rampant on the Internet, giving hackers a bad reputation 1990s and beyond Slide 10 In the hacking hierarchy, a Script Kiddie is often seen as the lowest position in the totem pole as far as respect and skill is concerned A Script Kiddie is usually a juvenile who run scripts or programs developed by others to attack computer systems and networks A Script Kiddie is always considered malicious and often defaces or tags websites much like a graffiti artist tags a train or a wall. Script Kiddies are also known to use viruses, worms, backdoors, and trojan horses Slide 11 One of the most popular programs that Script Kiddies use is Sub7, a backdoor program A backdoor allows one to bypass normal authentication and allow access into the system from the outside Sub7 allows one to do things such as keylogging, changing system settings, loading obscene websites, webcam capturing, and many other things Due to Script Kiddies acts, much of the worlds population assimilates them into the category of a hacker. This has brought on an ill reputation towards hackers and has unfortunately become the stereotype of what a hacker is. Slide 12 Black Hat hackers became the most publicized kind of hacker Unlike a Script Kiddie, hackers are experts in breaking into computer systems and often create their own tools or scripts Along with website vandalism, Black Hat hackers also use technology for credit card fraud, identity theft, and intellectual property theft Slide 13 White Hat hackers, on the other hand, are the ethical hacker who focuses on securing and protecting IT systems Many White Hat hackers are often hired by companies to test the integrity of their systems Grey Hat hackers are those who follow an ambiguous guideline and fall between being destructive or not. Slide 14 Jonathan James, who became the first juvenile to be sent to prison for hacking James installed a backdoor into a Defense Threat Reduction Agency server, which allowed James to view confidential emails and capture employee usernames and passwords James also cracked into NASA computers, stealing software worth about $1.7 million. James was charged only with spending six months under house arrest with probation Kevin Mitnick is another famous hacker who was so famous that he had two movies made after him: Freedom Downtime and Takedown Mitnick was convicted for breaking into the Digital Equipment Corporations computer network and stealing software Slide 15 Tim Berners-Lee, created the World Web Consortium and senior consultant at MIT. Was caught for hacking mischief at Oxford University Richard Stallman is another White Hat hacker who eventually would go on to create The GNU Project, a free operating system Stallman worked at MITs Artificial Intelligence Labs and was notorious for removing computer access restrictions. Whenever a password system was installed, Stallman would hack it, remove the passwords, and send a message to everyone on the system saying that the system has been removed. Slide 16 A cryptographic attack is a way of getting around a system by trying to decrypt data without prior access to a key. Brute Force Attack Systematically attempt to crack a password using every possible key. Depending on the length of the password, this can take from as little as a few hours to year length spans Dictionary Attack Using a text file full of dictionary words being loaded into a cracking application such as L0phtCrack Slide 17 DoS attacks attempts to deny legitimate access to ones computer DoS attacks do not retrieve or alter data and are broken down into two types, but rather shut down company servers Denial of Service attacks can be broken down into one of two categories: Denial of Service by saturation consists of flooding or saturating a machine with requests so it can no longer respond to actual requests Denial of Service by vulnerability exploitation involves exploiting a flaw in the remote system, making it unusable Slide 18 Ping of death Fragment attacks LAND attacks SYN attacks Slide 19 Ping of Death is one of the oldest network attacks. So old that no recent systems are vulnerable to it anymore The Ping of Death involves creating a data packet whose total size exceeds the maximum authorized size (65,536 bytes) When the packet is sent to a system with a vulnerable TCP/IP stack, it will cause the system to trash Slide 20 The fragment attack exploits the fragmentation principle of the IP protocol The IP fragments large packets of data into several IP packets, each with their own identification number and sequence number The recipient reassembles the smaller data packets back into the large packet based on the offset values they contain Fragment attacks involve inserting false offset information into fragmented packets causes a system to crash due to empty or overlapping fragments Most recent systems arent vulnerable to this attack Slide 21 An old DoS attack dating back to 1997, which sends a packet with the same IP address and port number in both the source and destination fields of IP packets The name of this attack originates from the name given to the first distributed source code that made it possible to implement this attack, land.c Slide 22 A DoS attack which relies on network saturation A SYN flood involves sending multiple SYN requests by using a host with a nonexistent or falsified IP address to the victim, who tries to respond back to the IP address, waiting for confirmation that never arrives The victims connection table eventually fills up waiting for replies and any new connections are ignored Although newer Operating Systems manage resources better, they are still vulnerable to this type of DoS attack A SYN flood is unique from other DoS attacks in that it can be a gateway to other attacks such as disabling one side of a connection in TCP hijacking or by preventing authentication between servers Slide 23 Other Hacking Techniques Because many DoS attacks have been prevented through TCP/IP protocol fixes, hackers have turned to exploiting the application layer instead, specifically targeting web applications Some of these attacks consist of: URL manipulation Cross-site scripting SQL command injection Slide 24 URL Manipulation A URL can usually be split up into five distinct parts: protocol, password, server name, port, and path By changing any of these parts, it is possible to access data you normally wouldnt have known about http://www.wiu.edu/users/yk106/CS484.html http://www.wiu.edu/users/yk106/CS484.html It is often up to White Hat hackers to provide countermeasures against such vulnerabilities Slide 25 Cross-site Scripting Cross-site scripting target websites that dynamically display user content without checking and encoding the information entered by users XSS works by inserting malicious code into a website under the guise of a trustworthy source. When the user clicks on the link, it allows hackers to recover data exchanged between the user and the website the user is interacting with Example: Hackers coding a display form to fool a user and get him or her to enter authentication information It is usually up to the White Hat hacker or web page designer to make a website secure from XSS. This is done by verifying the format data entered by users and encoding displayed user data by replacing special characters with their HTML equivalents Slide 26 SQL Injections SQL Injections are attacks against websites that use relational databases such as MySQL, Oracle, DB2, etc If the web page designer does not verify parameters passed in an SQL query, a hacker could easily gain access to and modify anything he or she wants in the database By inserting certain characters in an SQL query, it is possible to either link together several SQL queries or simply ignore the rest of a query Again, it is up to the designer to provide countermeasures. Some things that they can do to prevent such attacks are to avoid accounts without passwords, keeping the privileges of used accounts to a minimum, and verify the format of input data and presence of special characters. Slide 27 SQL Injections Continued Example: ORIGINAL: INSERT INTO employee (fname) VALUES('Michael'); INJECTION: Michael');DROP TABLE employee; TURNS INTO: INSERT INTO employee (fname) VALUES('Michael');DROP TABLE employee;'); Slide 28 C ONCLUSION Throughout the history of computer development, hackers have always been at the forefront of what is possible and have always tried to push what is thought to be impossible With each new technological development comes a wave of hackers ready to push the envelope. The general opinion of hackers gets a bad rap in light of the media exposure to Black Hat hackers. As a result, the term hacker receives scorn from the general public and is often used in conjunction with other words like virus and malware. As a result, the term hacker becomes a general label for all the things bad that come from our computers. This must be corrected. If it were not for our real hackers, many of our current technological developments would have yet to be developed and those technologies that we take for granted would simply not exist. Slide 29 - THE END -


WINOKUR, JON. El Canto Del Zen. (Editado sin láminas)

WINOKUR, JON. El Canto Del Zen. (Editado sin láminas)

Documents
Measuring the Vague Meaning s o f Probabilit y Term s

Measuring the Vague Meaning s o f Probabilit y Term s

Documents
Vague Issue 2

Vague Issue 2

Documents
Peter S. Winokur, Chairman DEFENSE NUCLEAR FACILITIES … · 2017. 1. 9. · Peter S. Winokur, Chairman Jessie H. Roberson, Vice Chainnan Jolrn E. Mansfield Joseph F. Bader Sean Sullivan

Peter S. Winokur, Chairman DEFENSE NUCLEAR FACILITIES … · 2017. 1. 9. · Peter S. Winokur, Chairman Jessie H. Roberson, Vice Chainnan Jolrn E. Mansfield Joseph F. Bader Sean Sullivan

Documents
A Vague Sense Classifier for Detecting Vague Definitions in Ontologies

A Vague Sense Classifier for Detecting Vague Definitions in Ontologies

Technology
Martha Winokur Ideas

Martha Winokur Ideas

Documents
19 janvier 2022 LA VAGUE OMICRON : UNE VAGUE TRES

19 janvier 2022 LA VAGUE OMICRON : UNE VAGUE TRES

Documents
Vague language

Vague language

Documents
DYNAMIQUES POLITIQUES 2014-2017...La proximité partisane Vague 1 (juin 2014) Vague 2 (oct. 2014) Vague 3 (déc. 2014) Vague 4 (fév. 2015) Vague 5 (mai 2015) Vague 6 (oct. 2015) Post

DYNAMIQUES POLITIQUES 2014-2017...La proximité partisane Vague 1 (juin 2014) Vague 2 (oct. 2014) Vague 3 (déc. 2014) Vague 4 (fév. 2015) Vague 5 (mai 2015) Vague 6 (oct. 2015) Post

Documents
12-WTP-0161 APR 3 0 2012 The Honorable Peter S. Winokur

12-WTP-0161 APR 3 0 2012 The Honorable Peter S. Winokur

Documents
La Vague d’Hokusai Japon melimelune · La Vague d’Hokusai Japon1830. melimelune.com

La Vague d’Hokusai Japon melimelune · La Vague d’Hokusai Japon1830. melimelune.com

Documents
Vague Existence Implies Vague Identity David B. Hershenov

Vague Existence Implies Vague Identity David B. Hershenov

Documents
Nouvelle Vague Geral

Nouvelle Vague Geral

Documents
SOLA_MORALES_IGNASI_terrain vague

SOLA_MORALES_IGNASI_terrain vague

Documents
Présidoscopie - Vague 10

Présidoscopie - Vague 10

Documents
WINOKUR, Jon. El Canto Del Zen

WINOKUR, Jon. El Canto Del Zen

Documents
Nouvelle Vague française

Nouvelle Vague française

Art & Photos
Regular product vague graphs and product vague line graphs · Regular product vague graphs and product vague line graphs Ganesh Ghorai 1* and Madhumangal Pal Abstract: Vague graph

Regular product vague graphs and product vague line graphs · Regular product vague graphs and product vague line graphs Ganesh Ghorai 1* and Madhumangal Pal Abstract: Vague graph

Documents
TERRAIN VAGUE

TERRAIN VAGUE

Documents
Vague verbiage

Vague verbiage

Documents
Vague Gravitational Forces

Vague Gravitational Forces

Sports
Project vague

Project vague

Technology
La Vague Mystique

La Vague Mystique

Documents
Vague image analysis

Vague image analysis

Technology
Vague estivale

Vague estivale

Documents
#1 Vague Verte

#1 Vague Verte

Documents
Vague Reference

Vague Reference

Documents
Fotonouvelle Vague

Fotonouvelle Vague

Education
Winokur Kinship Care Review (1)

Winokur Kinship Care Review (1)

Documents
Vague Millimeter

Vague Millimeter

Documents