Information Security © 2006 Eric Vanderburg
Information Security
Chapter 2
Attackers & Attacks
Information Security © 2006 Eric Vanderburg
Hacker
• “Hacker” – Someone who likes to play with and learn new things about computers
• Hacker – someone who breaks into computer systems
• Ethical Hacker – Hacks systems to find and report vulnerabilities. Employed or freelance
• Hacker code of ethics – Break into systems but do not steal, vandalize, or release information from a target.
Information Security © 2006 Eric Vanderburg
Cracker
• Violates system security maliciously
• Destroy data
• Make data or services unavailable
• Tamper with information
• Create and deploy viruses
• Coined in 1985 by ethical hackers
Information Security © 2006 Eric Vanderburg
Script Kiddie
• Low skilled
• Use hacking tools
• Random targets
• Attack to build ego or gain credibility
Information Security © 2006 Eric Vanderburg
Spy
• Hired to obtain information or sabotage operations
• Highly skilled
• Could be employed by a government or military organization
• Could be an organized attack
Information Security © 2006 Eric Vanderburg
Employee
• Could be accidental
• Could be acting as a result of social engineering
• Could be malicious– Ego building– Revenge– Monetary gain
• Easier because they are a trusted individual
Information Security © 2006 Eric Vanderburg
Hacktivist• Skill level varies• Tries to bring attention to a cause• Deface sites• Steal and release confidential information• Damage operations• Hacktivist Bronc Buster disabled firewalls to
allow Chinese Internet users uncensored Internet access.
• Hacktivists worked to slow, block, and reroute traffic for web servers associated with the World Trade Organization, the World Economic Forum, and the World Bank.
Information Security © 2006 Eric Vanderburg
Cyberterrorist
• Spreads propaganda
• Damages operations
• Corrupts data
• Organized attack
• Could target the Internet itself
Information Security © 2006 Eric Vanderburg
Types of Attackers
Attacker Skill Level Motivation
Hacker High Improve Security
Cracker High Harm Systems
Script Kiddie Low Gain Recognition
Spy High Earn Money
Employee Varies Varies
Hacktivist Varies Promote cause
Cyberterrorist High Support Ideology
Information Security © 2006 Eric Vanderburg
Attacks
• Social Engineering• Dumpster Diving – going through trash to
find confidential information• Phishing – Spoofing a request for
information• Pharming – Redirect DNS queries to an
alternative site to gain information• Buffer Overflow• Mathematical attack – compare encrypted
data to find keys
Information Security © 2006 Eric Vanderburg
Attacks
• Password guessing – automated / brute force / dictionary attack– Use strong passwords
• Alphanumeric• Special characters• Not words• No personal information• Different passwords for different accounts• Change regularly
• Finding weak keys to decrypt messages– Key – encryption seed for an algorithm– Algorithm – mathematical formula used for encryption
Information Security © 2006 Eric Vanderburg
Attacks• Birthday attack – Randomly selected values result in
duplicate keys much sooner than if a pattern was used. Duplicate keys are useful in cracking the encryption so they should be avoided. – Birthday paradox – the probability of finding someone else with
the same birthday increases much faster as you meet more people. 23 people, 50% chance, 60 people, 99% chance.
• Man in the Middle• Replay attack• Hijacking / Spoofing
– IP Spoofing– ARP Spoofing – change ARP table– MAC Spoofing– SSID Spoofing
Information Security © 2006 Eric Vanderburg
Attacks
• DoS (Denial of Service)
• DDoS (Distributed Denial of Service)– Handler – distributor of hijacking software– Zombie / Bot – hijacked computer that can be
used together with others to perform an attack
• Smurf attack – send a spoofed ping to all computers on a network and the responses overwhelm the spoofed server
Information Security © 2006 Eric Vanderburg
Malware• Virus - self-replicating code segment which is be
attached to an executable. When the program is started, the virus code may also run. If possible, the virus will replicate by attaching a copy of itself to another file. – Logic Bomb - A virus with an additional payload that
runs when specific conditions are met.– Macro Virus – A virus written with preprogrammed
steps performed by a user. These steps are performed automatically to do some malicious act.
• Worm - self-replicating program, does not require a host program, creates a copy and causes it to execute; no user intervention is required. Worms commonly utilize network services to propagate to other computer systems
Information Security © 2006 Eric Vanderburg
Malware• Trojan horse - malicious code pretending to be
a legitimate application. The user believes they are running an innocent application when the program is actually initiating its ulterior activities. Trojan horses do not replicate.
• Spyware - a program that secretly monitors your actions. Could be a remote control program used by a hacker, or it could be used to gather data about users for advertising, aggregation/research, or preliminary information for an attack. Some spyware is configured to download other programs on the computer.
Information Security © 2006 Eric Vanderburg
Protection
• Hygiene – Antivirus– Antispyware– Software patches– Backup data regularly
• Techniques– Firewall
Information Security © 2006 Eric Vanderburg
Other access methods
• Backdoors– Created by programmers– Added by hackers
• Rootkit - conceal running processes, files or system data. Helps an intruder maintain access to a system without the user's knowledge. – Rooted computer – A computer with a rootkit
installed– Many times used on a handler or illegal server
Information Security © 2006 Eric Vanderburg
Acronyms
• ARP, Address Resolution Protocol
• DoS, Denial of Service
• DDoS, Distributed Denial of Service
• MAC, Media Access Control
Top Related