Upload
auryon
View
35
Download
0
Embed Size (px)
DESCRIPTION
e-SPIONAGE. Ankur Bansal CS-575 April 26 th ,2008. “ The U.S. military created the internet. Now the web may be turning against its maker.” Business Week, April 21 st 2008. Overview. What is Espionage Spy-wares Espionage as National Issue. Espionage. - PowerPoint PPT Presentation
Citation preview
e-SPIONAGEe-SPIONAGE
Ankur BansalAnkur Bansal
CS-575CS-575
April 26April 26thth,2008,2008
“ “ The U.S. military created the The U.S. military created the internet. Now the web may be internet. Now the web may be turning against its maker.”turning against its maker.”
Business Week, Business Week, April 21April 21stst 2008 2008
OverviewOverview
What is EspionageWhat is Espionage Spy-wares Spy-wares Espionage as National IssueEspionage as National Issue
EspionageEspionage
EspionageEspionage or or spyingspying involves a involves a human being obtaining information human being obtaining information that is considered secret without the that is considered secret without the permission of the its holder. permission of the its holder.
The ancient writings of Chinese and The ancient writings of Chinese and Indian military strategists such as Indian military strategists such as Sun-Tzu and Chanakya contain Sun-Tzu and Chanakya contain information on deception and spying. information on deception and spying.
Espionage (Contd..)Espionage (Contd..) Chanakya's student Chandragupta Maurya, Chanakya's student Chandragupta Maurya,
founder of the Maurya Empire, made use of founder of the Maurya Empire, made use of assassinations, spies and secret agents, which assassinations, spies and secret agents, which are described in Chanakya's are described in Chanakya's ArthasastraArthasastra..
The ancient Egyptians had a thoroughly The ancient Egyptians had a thoroughly developed system for the acquisition of developed system for the acquisition of intelligence intelligence
Japan often used ninja to gather intelligence. Japan often used ninja to gather intelligence. Spies played a significant part in Elizabethan Spies played a significant part in Elizabethan
England England USA and Russia used spies extensively during USA and Russia used spies extensively during
cold war periodcold war period
Spy-waresSpy-wares
SpywareSpyware is computer software that is computer software that is installed surreptitiously on a is installed surreptitiously on a personal computer to intercept or personal computer to intercept or take partial control over the user's take partial control over the user's interaction with the computer, interaction with the computer, without the user's informed consent. without the user's informed consent.
Spy-ware (Contd.)Spy-ware (Contd.) Functions of spyware extend well beyond simple Functions of spyware extend well beyond simple
monitoring monitoring Spyware can collect various types of personal Spyware can collect various types of personal
information, Internet surfing habit, sites visited information, Internet surfing habit, sites visited It Can interfere with user control of the computer It Can interfere with user control of the computer Can installing additional software.Can installing additional software. Can redirect Web browser activity.Can redirect Web browser activity. Access websites that can cause viruse infections.Access websites that can cause viruse infections. Can change computer settings, resulting in slow Can change computer settings, resulting in slow
connection speeds, loss of Internet or other connection speeds, loss of Internet or other programs programs
History of Spy-wares History of Spy-wares
The first recorded use of the term spyware The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft's business post that poked fun at Microsoft's business modelmodel
SpywareSpyware at first denoted at first denoted hardwarehardware meant meant for espionage purposes.for espionage purposes.
In 2000 the Zone Labs used the term in a In 2000 the Zone Labs used the term in a press release. Since then, "spyware" has press release. Since then, "spyware" has taken on its present sense. taken on its present sense.
Spyware/ Adware/ Virus Spyware/ Adware/ Virus
AdwareAdware refers to software which displays refers to software which displays advertisements, whether or not the user advertisements, whether or not the user has consented has consented
Example - Eudora mail client display Example - Eudora mail client display advertisements as an alternative to advertisements as an alternative to shareware registration fees shareware registration fees
Most adware is Most adware is spywarespyware as they displays as they displays advertisements related to what they find advertisements related to what they find from spying.from spying.
Unlike viruses and worms, spyware does Unlike viruses and worms, spyware does not usually self-replicate not usually self-replicate
kaZaa – an examplekaZaa – an example
kaZaa is one of the most popular kaZaa is one of the most popular softwares today.softwares today.• It’s free – downloadable in minutesIt’s free – downloadable in minutes• Allow people to share/ exchange filesAllow people to share/ exchange files• Millions of users Millions of users
247 Millions as of July,2003247 Millions as of July,2003
kaZaa (contd.)kaZaa (contd.)
But there is a catchBut there is a catch When installed you get more than just When installed you get more than just
kaZaa; you also get:kaZaa; you also get:• Cydoor – a tracking advertising softwareCydoor – a tracking advertising software
Displays pop-up adsDisplays pop-up ads Tracks web surfing habitsTracks web surfing habits
• Gator – ad-driven backdoor softwareGator – ad-driven backdoor software• Altnet – a hidden p2p softwareAltnet – a hidden p2p software• Many others that kaZaa wishes to includeMany others that kaZaa wishes to include
Routes of infectionRoutes of infection Spyware does not directly spread in the manner Spyware does not directly spread in the manner
of a computer virus or worm: generally, an of a computer virus or worm: generally, an infected system does not attempt to transmit the infected system does not attempt to transmit the infection to other computers. infection to other computers.
Spyware gets on a system through deception of Spyware gets on a system through deception of the user or through exploitation of software the user or through exploitation of software vulnerabilities.vulnerabilities.
3 common ways:3 common ways:• PiggybackingPiggybacking on a piece of desirable software on a piece of desirable software• Trojan horseTrojan horse method: Tricking user to installing it. method: Tricking user to installing it.• Posing as Posing as anti-spyware programsanti-spyware programs, while being spyware , while being spyware
themselves. themselves.
ExamplesExamples CoolWebSearchCoolWebSearch::
• Directs traffic to advertisements on Directs traffic to advertisements on coolwebsearch.comcoolwebsearch.com..• Rewrites search engine resultsRewrites search engine results• Alters the computer's hosts file to direct DNS lookups to ad pages.Alters the computer's hosts file to direct DNS lookups to ad pages.
Internet OptimizerInternet Optimizer, also known as , also known as DyFuCaDyFuCa• When users follow a broken link or enter an erroneous URL, they see a page of When users follow a broken link or enter an erroneous URL, they see a page of
advertisements. advertisements. • Since password-protected Web sites use the same mechanism as HTTP errors, Since password-protected Web sites use the same mechanism as HTTP errors,
Internet Optimizer makes it impossible for the user to access password-protected Internet Optimizer makes it impossible for the user to access password-protected sites.sites.
ZangoZango (formerly (formerly 180 Solutions180 Solutions) ) • Transmits detailed information to advertisers about the Web sites which users Transmits detailed information to advertisers about the Web sites which users
visit. visit. • Alters HTTP requests for affiliate advertisements linked from a Web site.Alters HTTP requests for affiliate advertisements linked from a Web site.
Zlob trojanZlob trojan, or just , or just ZlobZlob• Downloads itself to your computer via an ActiveX codecDownloads itself to your computer via an ActiveX codec• Reports information back to Reports information back to Control ServerControl Server. . • Some information can be as your search history, the Websites you visited, and Some information can be as your search history, the Websites you visited, and
even Key Strokes.even Key Strokes.
ProblemsProblems
These softwares often run silently in These softwares often run silently in background, without user’s background, without user’s knowledge!knowledge!
It is very hard to detect these non-It is very hard to detect these non-destructive but intrusive activitiesdestructive but intrusive activities
Undesirable features are closely Undesirable features are closely integrated with desirable featuresintegrated with desirable features
StatsStats
According to a 2005 study by AOL and the According to a 2005 study by AOL and the National Cyber-Security Alliance:National Cyber-Security Alliance:
61 % of surveyed users' computers had 61 % of surveyed users' computers had some form of spyware. some form of spyware.
92% of users with spyware reported that 92% of users with spyware reported that they did not know of its presence.they did not know of its presence.
91% percent had not given permission for 91% percent had not given permission for the installation of the spyware the installation of the spyware
Security practicesSecurity practices
Install anti-spyware programsInstall anti-spyware programs Use a web browser other than IE, Use a web browser other than IE,
such as Opera or Mozilla Firefox. such as Opera or Mozilla Firefox. Sharewares are a big source of spy Sharewares are a big source of spy
wareswares Download only from reliable source.Download only from reliable source.
Innocent e-mailInnocent e-mail
The e-mail message addressed to a Booz Allen The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India list sent over by the Pentagon of weaponry India
wanted to buywanted to buy Beneath the description of aircraft, engines, and Beneath the description of aircraft, engines, and
radar equipment was an insidious piece of radar equipment was an insidious piece of
computer code known as "Poison Ivy"computer code known as "Poison Ivy" designed to designed to suck sensitive data out of the $4 billion consulting suck sensitive data out of the $4 billion consulting
firm's computer network.firm's computer network. The Pentagon hadn't sent the e-mail at allThe Pentagon hadn't sent the e-mail at all
The innocent e-mailThe innocent e-mail Authors knew enough about the "sender" and "recipient" to Authors knew enough about the "sender" and "recipient" to
craft a message unlikely to arouse suspicioncraft a message unlikely to arouse suspicion
Had the Booz Allen executive clicked on the attachment, his Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a every keystroke would have been reported back to a mysterious master at the Internet address mysterious master at the Internet address
cybersyndrome.3322.orgcybersyndrome.3322.org
Innocent e-MailInnocent e-Mail The e-mail was more convincing because of its apparent The e-mail was more convincing because of its apparent
sender: Stephen J. Moree, who reports to the office of Air sender: Stephen J. Moree, who reports to the office of Air Force Secretary Michael W. WynneForce Secretary Michael W. Wynne
Moree's unit evaluates the security of selling U.S. military Moree's unit evaluates the security of selling U.S. military aircraft to other countries. aircraft to other countries.
There is little reason to suspect anything seriously in There is little reason to suspect anything seriously in Moree's passing along the highly technical document with Moree's passing along the highly technical document with "India MRCA Request for Proposal“ as title "India MRCA Request for Proposal“ as title
The Indian government had just released the request a The Indian government had just released the request a week earlier, on Aug. 28, and the language in the e-mail week earlier, on Aug. 28, and the language in the e-mail closely tracked the request. closely tracked the request.
It referred to upcoming Air Force communiqués and a It referred to upcoming Air Force communiqués and a "Teaming Meeting" , making the message appear more "Teaming Meeting" , making the message appear more crediblecredible
It was sent by an unknown attacker, bounced through an It was sent by an unknown attacker, bounced through an Internet address in South Korea, relayed through a Yahoo! Internet address in South Korea, relayed through a Yahoo! server in New York, and finally made its way toward server in New York, and finally made its way toward Mulhern's Booz Allen in-box.Mulhern's Booz Allen in-box.
The digital trail to The digital trail to cybersyndrome.3322.orgcybersyndrome.3322.org, leads to one of , leads to one of China's largest free domain-name-registration and e-mail China's largest free domain-name-registration and e-mail services called 3322.orgservices called 3322.org
Poison Ivy – can steal information in access.Poison Ivy – can steal information in access. RAT – remote administrative toolRAT – remote administrative tool
Government agencies reported Government agencies reported 12,986 cyber security incidents to 12,986 cyber security incidents to the U.S. Homeland Security Dept. the U.S. Homeland Security Dept. last fiscal year last fiscal year
Many of the new attackers are Many of the new attackers are trained professionals backed by trained professionals backed by foreign governments foreign governments
Major AttacksMajor Attacks
Solar Sunrise – Feb 1998Solar Sunrise – Feb 1998 Air force and Navy computers are hit by Air force and Navy computers are hit by
malicious code while U.S. was preparing malicious code while U.S. was preparing to attack Iraqto attack Iraq
Moonlight Maze – March 1998–1999Moonlight Maze – March 1998–1999Defence Dept., NASA, Energy Dept., Defence Dept., NASA, Energy Dept.,
Weapon’s LabWeapon’s Lab
Large packets of unclassified data was Large packets of unclassified data was stolenstolen
Titan Rain – 2004Titan Rain – 2004Classified data on computers of defence Classified data on computers of defence
cotractorscotractors
Lockheed Martin, Sandia National labs Lockheed Martin, Sandia National labs and NASAand NASA
Byzantine Foothold – 2007Byzantine Foothold – 2007Lot of corporations – state depts to boeingLot of corporations – state depts to boeing
Paul Kurtz, former national security Paul Kurtz, former national security officer, explains how the U.S. officer, explains how the U.S. government and its defense government and its defense contractors have been the victims of contractors have been the victims of an unprecedented rash of similar an unprecedented rash of similar cyber attacks over the last two yearcyber attacks over the last two year
VideoVideo
ReferancesReferances
http://www.cs.wisc.edu/wisa/http://www.cs.wisc.edu/wisa/presentations/2003/0722/spyware/presentations/2003/0722/spyware/spyware.03.0722.pdfspyware.03.0722.pdf
WikipediaWikipedia Business Weak – April 21Business Weak – April 21stst 2008 2008 http://www.businessweek.com/http://www.businessweek.com/
magazine/content/08_16/magazine/content/08_16/b4080032218430.htmb4080032218430.htm
DiscussionDiscussion
Has Internet become too unwieldy to Has Internet become too unwieldy to be tamed?be tamed?