Sit presentation - Hacking

19
HACKING Ryan Mauer, Monica Solis, Francis Tienzo, and Mike Wong

description

 

Transcript of Sit presentation - Hacking

Page 1: Sit presentation - Hacking

HACKING

Ryan Mauer, Monica Solis, Francis Tienzo, and Mike Wong

Page 2: Sit presentation - Hacking

Hacking: The Basics

The term hacking itself is broad in that it encompasses all forms (i.e. phones, computers, computer systems) of gathering information about another person, usually illegally and for profitable reasons.

http://www.youtube.com/watch?v=uV5u5Nl3bjM

Page 3: Sit presentation - Hacking

Classifications of Hacking

White Hat – an ethical hacker who helps test security systems.

Black Hat – a hacker who breaks into a computer security system for personal gain or malicious intent.

Grey Hat – a mix of the white and black hat, this hacker may break into a computer system, then offer to help the company protect against hackers for a fee.

Elite Hacker – extremely skilled hackers.

Script Kiddie – a non-expert who cracks into a computer system using pre-constructed tools (i.e. another hacker’s technique) to do so.

Neophyte – also known as a “n00b” or a “newbie” is someone who is new to hacking and knows very little about it.

Hacktivist – a hacker who breaks into websites and reorganizes them with a political, social, or otherwise ideological message.

Page 4: Sit presentation - Hacking

Techniques

Vulnerability Scanner – a tool that scans a computer to see which networks or files are ‘open’ to corrupt.

Password cracking – discovering a password by finding old data stored on a computer (can be as simple as guessing a password).

Spoofing attack (Phishing) – falsely advertising to be another website or program, and when downloaded can take personal info.

Social engineering – when a hacker tries to convince a system administrator that he is a user or supervisor who needs assistance gaining access

Page 5: Sit presentation - Hacking

Techniques continued…

Trojan Horses – a program that appears to be doing one thing while really serving another purpose.

Viruses – a self-replicating program that spreads by duplicating copies of itself.

Worms – similar to a virus in that it is a self-replicating program, but it does not have to be opened by the user in order to infect a computer.

Key Loggers – a tool that records each key stroke made so as to retrieve passwords or private data.

Page 6: Sit presentation - Hacking

The History of Hacking: A Timeline

First Instance of phone hacking exhibited by teenagers.

Positive term for hackers develops through MIT’s artificial intelligence lab.

John Draper, one of the most famous phone hackers, nicknamed “Captain Crunch”

One of the first arrests of the Milwaukee-based 414 hackers.

Creation of the National Infrastructure Protection Center.

Microsoft is a victim of a new type of hacking

Chinese hackers claim to gain access to sensitive sites.

YouTube Sesame Street hacking controversy.

Page 7: Sit presentation - Hacking

Notorious “Black Hat” Hackers

Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking at age 16. Created a backdoor to the department of defense which enabled him to view sensitive emails and capture employee usernames and passwords.

Adrian Lamo: Broke into major organizations like The New York Times and Microsoft. Dubbed the "homeless hacker," he used Internet connections at Kinko's, coffee shops and libraries to do his intrusions so as to remain ‘untraceable’.

Page 8: Sit presentation - Hacking

Famous “White Hat” Hackers

Stephen Wozniak: "Woz" is famous for being the "other Steve" of Apple.

Tim Berners-Lee: Berners-Lee is famed as the inventor of the World Wide Web

Page 9: Sit presentation - Hacking

Hacking Today: Stuxnet

A computer worm discovered in June of 2010. It is the first discovered malware what spies on

and subverts industrial systems. Specifically targeted an Iranian Nuclear Facility. Brings up the question as to whether the

framework will be used for future super viruses. Country Infected computers:

Iran 58.85% Indonesia 18.22% India 8.31%

Azerbaijan 2.57%United States 1.56% Pakistan 1.28% Others 9.2%

Page 10: Sit presentation - Hacking

Illegality of Hacking

Computer Fraud & Abuse Act – 1984 Put in place to reduce cracking of computer

systems (hacking) and to address federal computer-related offenses.

Initially governed only cases with a compelling federal interest

After amendments, many people feel that the law is too broad

Page 11: Sit presentation - Hacking

Illegal Actions under the Act

1. Knowingly accessing a computer without authorization for purposes of obtaining national security data

2. Knowingly and intentionally accessing a computer without authorization in order to gain information from a financial institution, any U.S. department or agency, or any protected computer.

3. Intentionally accessing without authorization a government computer to affect the government’s use of it.

4. Knowingly accessing a protected computer with the intent to defraud.

5. Knowingly causing the transmission of a program, information, code, or command which leads to damage or accessing a computer without authorization, which leads to significant damages.

6. Knowingly and with the intent to defraud, trafficking a password or similar information through which a computer may be accessed without authorization.

Page 12: Sit presentation - Hacking

CFAA in the News

Violating an internet service provider’s terms of service agreement is now subject to criminal prosecution.

Cyber bullying – 2008, woman from Missouri charged for leading a teenage girl to commit suicide via MySpace. Guilty verdict thrown out on vagueness of the CFAA

Amendment to pending bill approved by U.S. Senate: Would limit the interpretation of the CFAA. Would not

include violation of a contractual obligation or agreement.

This would protect people for merely violating a contractual agreement with a web site or their ISP from being subject to criminal charges (vs. civil charges)

Criminalized conduct also includes: using a fake name on Facebook, lying about your weight on an online dating profile, etc.

Page 13: Sit presentation - Hacking

Anonymous (Hacking Group)

“Hactivism” Target mainly institutions,

organizations, and government departments that the group protests against.

Aims to spread a message with each attack.

Examples: Department of Justice (after MegaUpload), Colombia’s Defense Ministry (arrests made by Interpol)

Page 14: Sit presentation - Hacking

Memorable events: US Government & Hacking

1999 – President Clinton passes government computer security initiative

2000 – “I Love You” virus hits the globe

2002 – President Bush creates the Department of Homeland Security.

2005 – NSA illegal wiretapping controversy

2010 – Obama administration ends wiretapping

2010 – Wikileaks controversy

2011- Cyber security legislation goes through Congress

2011 – Foreign hackers steal 24,000 Pentagon files.

Page 15: Sit presentation - Hacking

“I Love You” Virus – May 4, 2000 Email subject line: “I Love You” Attachment :“LOVE-LETTER-FOR-

YOU.TXT.vbs” Replaced multimedia files with itself Sent to everyone in Outlook address book Hit 45 million people in one day Onel De Guzman and Reomel Ramones

of the Philippines arrested, then released BEFORE: malware thought of as “urban

myth” AFTER: US signs Council of Europe

Cybercrime Treaty to harmonize laws against cybercrimes

Page 16: Sit presentation - Hacking

Wikileaks Controversy

Private Bradley Manning Gave stolen diplomatic memos to WikiLeaks

260,000 files, airstike videos from Iraq and Afghanistan

Replaced music on a Lady Gaga CD with secret files

Reported by hacker friend Adrian Lamo Charged in Military Court & staying in medium

security facility. Pentagon’s Response

Disable drives prom accessing data Restricted use of memory devices Defense Department installed fraud detection

systems

Page 17: Sit presentation - Hacking

Hackers steal Pentagon files – March 2011

Plans for missile tracking systems, satellite navigation systems, surveillance drones, and jet fighters were taken.

Didn’t say which data system was hacked and who they suspected.

Other breaches: Lockheed, Martin, RSA Security New cyber strategy

Tighter defense, collective effort, technological innovation

Military’s Cyber Command coordinates operations for computer networks.

Incentives Taken: National data breach reporting, increased penalties, possible

military action response, cybersecurity (DoD, DHS, and private sector)

Page 18: Sit presentation - Hacking

Questions:

Do you think that the US government should invest more into preventing hacking?

Do you think cyberspace is a new frontier for possible terrorist attacks? (i.e. Stuxnet)

Have any of you ever been a victim of hacking? Should the CFAA definition be narrowed to

better define what should be punished related to hacking?

What do you think about the concept of hactivism? Are there other channels for activists to get their message across or is hacking the best option?

Page 19: Sit presentation - Hacking

Bibliography: "Bush says he signed NSA wiretap order." CNN.com. CNN, 2005. Web. 21 Mar 2012.

http://articles.cnn.com/2005-12-17/politics/bush.nsa_1_wiretaps-constitutional-responsibilities-and-authorities-national-security-agency?_s=PM:POLITICS

Hamblen, Matt. "Clinton commits 1.46B to fight cyberterrorism." CNN.com. CNN, 1999. Web. 21 Mar 2012. http://articles.cnn.com/1999-01-26/tech/9901_26_clinton.idg_1_detection-security-cyberterrorists?_s=PM:TECH

"ILOVEYOU virus." TechTarget.com. TechTarget, 2012. Web. 21 Mar 2012. http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus

Kleinbard, David. "U.S. catches 'Love' virus." CNN.com. CNNMoney, 2000. Web. 21 Mar 2012. http://money.cnn.com/2000/05/05/technology/loveyou/

Reporter, Staff. "Pentagon Releases Cyberspace Strategy After Hackers Stole 24K Files." IBTimes.com. International Business Times, 2011. Web. 21 Mar 2012. http://www.ibtimes.com/articles/180746/20110715/united-states-secretary-of-defense-dod-william-lynn-department-of-defense-pentagon-online-security-d.htm

Shanker, Tom. "Hackers Gained Access to Sensitive Military Files." NYTimes.com. New York Times, 2011. Web. 21 Mar 2012. http://www.nytimes.com/2011/07/15/world/15cyber.html?_r=1&pagewanted=all

"Wikileaks suspect believed to have used CD, memory stick to get past Pentagon security."DallasNews.com. The Associated Press, 2010. Web. 21 Mar 2012. http://www.dallasnews.com/news/washington/20101130-wikileaks-suspect-believed-to-have-used-cd-memory-stick-to-get-past-pentagon-security.ece

http://www.wired.com/threatlevel/2011/11/anti-hacking-law-too-broad/ http://www.nytimes.com/2012/01/21/technology/megaupload-indictment-internet-piracy.html?_r=1 http://www.law.cornell.edu/uscode/text/18/1030 Trigaux, R.. "A history of hacking." http://www.sptimes.com/Hackers/history.hacking.html. N.p., 2000.

Web. 20 Mar 2012. http://www.sptimes.com/Hackers/history.hacking.html IT Security Editors, Top 10 most famous hackers of all time. N.p., 2011. Web. 20 Mar 2012.

http://www.focus.com/fyi/top-10-most-famous-hackers-all-time/ Broad, W. J., J. Markoff, and D. E. Sanger. "Israeli Test on Worm Called Crucial in Iran Nuclear Delay." New york times. New York Times, 2011. Web. 20 Mar 2012. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all