Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg

Information Security © 2006 Eric Vanderburg

Information Security

Chapter 2

Attackers & Attacks


Hacker

• “Hacker” – Someone who likes to play with and learn new things about computers

• Hacker – someone who breaks into computer systems

• Ethical Hacker – Hacks systems to find and report vulnerabilities. Employed or freelance

• Hacker code of ethics – Break into systems but do not steal, vandalize, or release information from a target.


Cracker

• Violates system security maliciously

• Destroy data

• Make data or services unavailable

• Tamper with information

• Create and deploy viruses

• Coined in 1985 by ethical hackers


Script Kiddie

• Low skilled

• Use hacking tools

• Random targets

• Attack to build ego or gain credibility


Spy

• Hired to obtain information or sabotage operations

• Highly skilled

• Could be employed by a government or military organization

• Could be an organized attack


Employee

• Could be accidental

• Could be acting as a result of social engineering

• Could be malicious– Ego building– Revenge– Monetary gain

• Easier because they are a trusted individual


Hacktivist• Skill level varies• Tries to bring attention to a cause• Deface sites• Steal and release confidential information• Damage operations• Hacktivist Bronc Buster disabled firewalls to

allow Chinese Internet users uncensored Internet access.

• Hacktivists worked to slow, block, and reroute traffic for web servers associated with the World Trade Organization, the World Economic Forum, and the World Bank.


Cyberterrorist

• Spreads propaganda

• Damages operations

• Corrupts data

• Organized attack

• Could target the Internet itself


Types of Attackers

Attacker Skill Level Motivation

Hacker High Improve Security

Cracker High Harm Systems

Script Kiddie Low Gain Recognition

Spy High Earn Money

Employee Varies Varies

Hacktivist Varies Promote cause

Cyberterrorist High Support Ideology


Attacks

• Social Engineering• Dumpster Diving – going through trash to

find confidential information• Phishing – Spoofing a request for

information• Pharming – Redirect DNS queries to an

alternative site to gain information• Buffer Overflow• Mathematical attack – compare encrypted

data to find keys


Attacks

• Password guessing – automated / brute force / dictionary attack– Use strong passwords

• Alphanumeric• Special characters• Not words• No personal information• Different passwords for different accounts• Change regularly

• Finding weak keys to decrypt messages– Key – encryption seed for an algorithm– Algorithm – mathematical formula used for encryption


Attacks• Birthday attack – Randomly selected values result in

duplicate keys much sooner than if a pattern was used. Duplicate keys are useful in cracking the encryption so they should be avoided. – Birthday paradox – the probability of finding someone else with

the same birthday increases much faster as you meet more people. 23 people, 50% chance, 60 people, 99% chance.

• Man in the Middle• Replay attack• Hijacking / Spoofing

– IP Spoofing– ARP Spoofing – change ARP table– MAC Spoofing– SSID Spoofing


Attacks

• DoS (Denial of Service)

• DDoS (Distributed Denial of Service)– Handler – distributor of hijacking software– Zombie / Bot – hijacked computer that can be

used together with others to perform an attack

• Smurf attack – send a spoofed ping to all computers on a network and the responses overwhelm the spoofed server


Malware• Virus - self-replicating code segment which is be

attached to an executable. When the program is started, the virus code may also run. If possible, the virus will replicate by attaching a copy of itself to another file. – Logic Bomb - A virus with an additional payload that

runs when specific conditions are met.– Macro Virus – A virus written with preprogrammed

steps performed by a user. These steps are performed automatically to do some malicious act.

• Worm - self-replicating program, does not require a host program, creates a copy and causes it to execute; no user intervention is required. Worms commonly utilize network services to propagate to other computer systems


Malware• Trojan horse - malicious code pretending to be

a legitimate application. The user believes they are running an innocent application when the program is actually initiating its ulterior activities. Trojan horses do not replicate.

• Spyware - a program that secretly monitors your actions. Could be a remote control program used by a hacker, or it could be used to gather data about users for advertising, aggregation/research, or preliminary information for an attack. Some spyware is configured to download other programs on the computer.


Protection

• Hygiene – Antivirus– Antispyware– Software patches– Backup data regularly

• Techniques– Firewall


Other access methods

• Backdoors– Created by programmers– Added by hackers

• Rootkit - conceal running processes, files or system data. Helps an intruder maintain access to a system without the user's knowledge. – Rooted computer – A computer with a rootkit

installed– Many times used on a handler or illegal server


Acronyms

• ARP, Address Resolution Protocol

• DoS, Denial of Service

• DDoS, Distributed Denial of Service

• MAC, Media Access Control

Technology

Information Security Lesson 2 - Attackers and Attacks - Eric Vanderburg