hacker culture
Download as PPT, PDF0 likes616 views
This document provides an introduction to hacker culture and methodology. It discusses the different types of hackers, including their motives and levels of knowledge. It outlines the basic phases of a hacker's methodology, including information gathering, scanning, gaining access, privilege escalation, exploiting vulnerabilities, and installing backdoors. The document also summarizes two cyberwar stories, GhostNet and its targeting of computers in 103 countries, including the office of the Dalai Lama, and China's denial of involvement in the espionage ring. In conclusion, it stresses understanding hackers and their techniques in order to better defend against attacks.
hacker culture
- 1. Introduction to Computer Security and Information Assurance Cyber Security Pilot Course Summer 2011 Draft 1Lesson 3
- 2. Introduction to Computer Security and Information Assurance Lesson 3: Hacker Culture Cyber Security 1 Pilot Summer 2011 DRAFT - Lesson 3
- 3. Draft Lesson 1 © 3 Copyright Notice This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License. Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, rdc@mitre.org, or MITRE's Technology Transfer Office, 703-983-6043). For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. This work is copyright of the Career Technical Education Foundation, Inc. Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. (Paul.Wahnish@CareerTechEdFoundation.org, (407) 491-0903).
- 4. Introduction to Computer Security and Information Assurance Lesson Objectives • Understand Hacking • Recognize the mentality of the Hacker • Recognize common hacker methodologies • Learn about some example cyber war stories 4DRAFT - Lesson 3
- 5. Introduction to Computer Security and Information Assurance Why Study “The Hacker”? “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” -Sun Tzu “On the Art of War” 5 DRAFT - Lesson 3
- 6. Introduction to Computer Security and Information AssuranceWhy Study “The Hacker”? 2008 FBI/CSI Cyber Crime Survey Companies Experiencing Computer Security Incidents 6 DRAFT - Lesson 3
- 7. Introduction to Computer Security and Information Assurance 20 Year Trend password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffer / sweepers stealth diagnostics packet forging / spoofing GUI Hacking Tools Average Intruder 1980 1985 1990 1995 RelativeTechnicalComplexity Source: GAO Report to Congress, 1996 via Divinci Group 7 DRAFT - Lesson 3
- 8. Introduction to Computer Security and Information Assurance And a bit more recently Windows Remote Control Stacheldraht Trinoo Melissa PrettyPark ? DDoS Insertion Tools Hacking Tools Kiddie Scripter RelativeTechnicalComplexity 1998 1999 2000 2001 8 DRAFT - Lesson 3
- 9. Introduction to Computer Security and Information AssuranceWho are they? NationalNational InterestInterest PersonalPersonal GainGain PersonalPersonal FameFame CuriosityCuriosity Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist Vandal Thief Spy Trespasser SOURCE:SOURCE: Microsoft and AccentureMicrosoft and Accenture via Divinci Groupvia Divinci Group Author Motives Knowledge Level 9 DRAFT - Lesson 3
- 10. Introduction to Computer Security and Information Assurance Taxonomy of Hackers • Novice – Least experienced, focused on mischief • Student – Bright, bored and looking for something other than homework • Tourist – Hack out of sense of adventure, need to test themselves • Crasher – Destructive who intentionally damaged IS systems • Thief - Rarest of Hackers – profited from their activities – and most professional Landreth, 1985 10 DRAFT - Lesson 3
- 11. Introduction to Computer Security and Information Assurance Type of Hackers • White Hats – Good guys, ethical hackers • Black Hats – Bad guys, malicious hackers • Gray Hats – Good or bad hacker; depends on the situation DRAFT - Lesson 1 11
- 12. Introduction to Computer Security and Information Assurance Hacker Tendencies • Invests significant amounts of time on study of documentation, giving special attention to border cases of standards • Insists on understanding and implementing the underlying API – often confirming documentation claims • Second guesses implementer’s logic • Insists on tools for examining the full state of system across interface layers and for modifying these states bypassing the standard development API. 12 DRAFT - Lesson 3
- 13. Introduction to Computer Security and Information Assurance Why these tendencies? Bratus, 2008 Economics of Insecure Hardware/Software 13 DRAFT - Lesson 3
- 14. Introduction to Computer Security and Information Assurance Developers under pressure to ‘make it work’ Developers ‘trained’ away from exploring underlying APIs Developers directed to ignore specific problems as the responsibility of others Developers must comply with lack of tools to explore outside their system Forces cutting of corners Forces lack of understanding of their choices Forces developer’s lack of concern for a valid solution Why these tendencies? Economics of Insecure Hardware/Software OPPORTUNITY!!!! 14 DRAFT - Lesson 3
- 15. Introduction to Computer Security and Information Assurance Phases of Ethical Hacking DRAFT - Lesson 3 15
- 16. Introduction to Computer Security and Information Assurance Basic Hacker Methodology 16 DRAFT - Lesson 3
- 17. Introduction to Computer Security and Information Assurance Information Gathering/ Fingerprinting • Gathering information about targeted network addressing scheme prior to launch of attack – IP addressing – Domain Names – Network Protocols – Activated Services 17 DRAFT - Lesson 3
- 18. Introduction to Computer Security and Information Assurance Scanning/Probing • Using Automated tools to scan a system for computers advertising application services • Look for potential targets with possible vulnerabilities • Look for targets running specific operating systems. 18 DRAFT - Lesson 3
- 19. Introduction to Computer Security and Information Assurance Gaining Access • Target Specific Vulnerabilities: – Operating System – Network Devices – Software Applications • Malicious Code – Delivered via E-mail • Social Engineering 19 DRAFT - Lesson 3
- 20. Introduction to Computer Security and Information Assurance Elevating Privilege • Why Elevate privileges? – Access User Account – Access Super User – Install Backdoors • Password Crackers! 20 DRAFT - Lesson 3
- 21. Introduction to Computer Security and Information Assurance Exploiting • Use victim to launch attacks against others • Stealing sensitive information • Crash systems • Web Server Defacements 21 DRAFT - Lesson 3
- 22. Introduction to Computer Security and Information Assurance Installing Back Doors • Add user accounts that look ‘normal’ • Open ports – Allow access to system services or provide command shell access • Cover tracks to prevent detection • Move malicious code to program – Trojan.exe -> notepad 22 DRAFT - Lesson 3
- 23. Introduction to Computer Security and Information Assurance Chinese Hacker Methodology 23 DRAFT - Lesson 3
- 24. Introduction to Computer Security and Information Assurance And So… • Need to know how different hackers operate and what their motives are • Need to learn how to attack so can defend well • Need to mitigate vulnerabilities • Need to stay one step ahead of the attack to reduce damages • Best case scenario: – let people in who should be in – keep everyone else out!! 24 DRAFT - Lesson 3
- 25. Introduction to Computer Security and Information Assurance Cyberwar Stories 25 DRAFT - Lesson 3
- 26. Introduction to Computer Security and Information Assurance GhostNet • 10-month cyber-espionage investigation – 1,295 computers in 103 countries belonging to international institutions spied on – Sensitive documents stolen and ability to completely controlled infected computers – Used root kits, keyloggers, backdoors and social engineering – Operation began in 2004 – Evidence that China behind it 26DRAFT - Lesson 3
- 27. Introduction to Computer Security and Information Assurance DRAFT - Lesson 3 27
- 28. Introduction to Computer Security and Information Assurance Dalai Lama • One target the Office of His Holiness the Dalai Lama (OHHDL) – Sensitive documents stolen – Malicious emails sent to Tibet- affiliated organizations – Investigation into GhostNet began when OHHDL suspected malware and contacted the Munk Center for International Studies 28DRAFT - Lesson 3
- 29. Introduction to Computer Security and Information Assurance Unique Aspects • In addition to stealing documents, GhostNet had other capabilities – Reportedly turn on webcams and audio recording functions of an infected computer – Essentially, turn infected computer into a large “bug” for spying on office • Used a “control panel” reachable by a standard web browser to manipulate the computers it had infected 29DRAFT - Lesson 3
- 30. Introduction to Computer Security and Information Assurance So how did they detect it? • Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software • Googled it • Led him to web site in China • Commanded system to infect system in their lab and watched commands 30DRAFT - Lesson 3
- 31. Introduction to Computer Security and Information Assurance And, of course China Denies Any Role in 'GhostNet' Computer Hacking Beijing 31 March 2009 Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China. Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so- called Chinese computer spies." 31DRAFT - Lesson 3
- 32. More Cyber Stories: Understanding the Hacker
- 34. Introduction to Computer Security and Information Assurance Lesson Summary Key Points • Hacking is illegal (most of the time) – Understand the laws – Port Scanning can be considered illegal • Post 9/11 can be act of terrorism 34DRAFT - Lesson 3
- 35. Introduction to Computer Security and Information Assurance Questions? Draft 35
Editor's Notes
- #7: Remember that statistics can be affected by non-truthful answers. Companies lie cause no one wants to look like their vulnerable. May contribute to the :don’t know” increase.
- #10: Expert is only curious if a tool or exploit will work. Not interested in malicious activity.
- #13: Point one : border cases open to interpretation
- #15: Money drives the cycle. Want to spend the least money while getting the best profits. (Increase net).
- #27: GhostNet (simplified Chinese: 幽灵网; traditional Chinese: 幽靈網; pinyin: YōuLíngWǎng) is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying[1][2] operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat. Its command and control infrastructure is based mainly in the People's Republic of China and has infiltrated high-value political, economic and media locations[3] in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised. Although the activity is mostly based in China, there is no conclusive evidence that the Chinese government is involved in its operation.[4]
- #33: The Georgia–Russia crisis is a current and ongoing international crisis between Georgia and Russia that escalated in 2008, when both countries accused each other of military buildup near the separatist regions Abkhazia and South Ossetia. On March 6, 2008 Russia announced that it would no longer participate in the Commonwealth of Independent States economic sanctions imposed on Abkhazia in 1996. Increasing tensions led to the outbreak of the 2008 South Ossetia war. After the war, a number of incidents have occurred in both conflict zones, and tensions between the belligerents remain high. The crisis has been linked to the push for Georgia to receive a NATO Membership Action Plan and, indirectly, the unilateral declaration of independence by Kosovo.