Scribd Logo
Hochladen

Willkommen bei Scribd!

  • CSE 300 Security Lit Review

    Hochgeladen von

    Joe
    18 Ansichten6 Seiten
    no

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    no

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    18 Ansichten6 Seiten

    CSE 300 Security Lit Review

    Hochgeladen von

    Joe
    no

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 6

    ModernComputerSecurityThreats:TheEvolutionofComputerHacking

    ColinMonteilAnatra
    CSE300
    November2nd,2015

    Theideaoffindingandexploitingvulnerabilitiesinacomputersystemisnotanewidea,
    butitfirstbecameamatterofnationalconcernintheearly1970swhentelephonecompanies
    realizedthatagrowingsubculturehadhackedtheirsystemsonamassivescale.Afterstudying
    documentationregardingthephonesystemsofthetime,anexploitwasuncoveredthatallowed
    phonephreakslikeSteveWozniakandSteveJobsofAppleComputertomakefreecalls,even
    internationally,withoutatrace.Inthelast40years,computershavebecomeexponentiallymore
    widespreadandadvanced,nowrepresentingtheheartofmanybanksandgovernmentagencies
    aroundtheworld.Wehavebecomemorecomfortablewithcomputersholdingoursensitive
    information,meaningthatsuccessfullyinfiltratingthemprovideshackerswithalotmorethan
    justafreephonecall.Inresponsetothisuniqueincentive,hackinghasbecomeunbelievably
    intricateandhasspawnedtheideaofcyberwarfare,hackingusedagainstothercountriesin
    ordertostealtheirsecretsordestroytheirinfrastructure.Inthispaperitwillbeshownthatthe
    mostadvancedmalwareoftodayandthefuturewillbefullyautonomous,requiringnosocial
    engineeringinordertosilentlycarryoutactsofcyberwarfarefortheirdevelopers.
    InJune2010,securityresearchersdiscoveredamaliciouspieceofsoftwarewhichhas
    sincebeendubbedtheStuxnetWorm.Whileitsinfectionofover60,000computersworldwideis
    nothingtoscoffat,themainreasonthatStuxnetshookthesecurityworldwasbecauseitwas
    carefullyengineeredtoinfectIraniannuclearfacilitiesanddidsowithsurgicalprecision.
    SecurityexpertsJamesP.FarwellandRafalRohozinskidescribeitsmissionasfollows:Stuxnet
    hunteddownfrequencyconverterdrives...each[ofwhich]respondtothePLCcomputer
    commandsthatcontrolthespeedofamotorbyregulatinghowmuchpowerisfedtoit.These
    drivesaresetattheveryhighspeedsrequiredbycentrifugestoseparateandconcentratethe

    uranium235isotopeStuxnetalternatedthefrequencyoftheelectricalcurrentthatpowersthe
    centrifuges,causingthemtoswitchbackandforthbetweenhighandlowspeedsatintervalsfor
    whichthemachineswerenotdesigned(FarwellandRohozinski2011,2).Perhapsthescariest
    partaboutStuxnetwasthatitwassuccessfulinslowingdowntheIraniannuclearprogram,the
    goalthatresearchersbelieveithadallalong.Iranianofficialsconcludethata23%declineinthe
    numberofoperatingcentrifugesfrommid2009tomid2010mayhavebeenduetotheStuxnet
    attack(MarkoffandSanger2010).
    Stuxnet,likealmostallmodernviruses,reliedontheexploitationof0day
    vulnerabilities,whicharesimplyholesincomputersystemsthathavegoneunnoticedby
    everyoneexceptthehackingcommunitiesthatfoundthem.VirusesasadvancedasStuxnetchain
    multiple0daystogetherinordertowormtheirwayintohighsecurity,airgappedfacilitiessuch
    asnuclearplantswhichusevulnerablesoftware.Eventually,most0daysgetfoundbyeithera
    softwarecompanyorasecurityexpertandgetpatchedquickly,butthequestionbecomeshow
    longcanamajorvulnerabilityinapopularprogramstayatahackersdisposal.AtaU.SOfficeof
    ScientificandTechnicalInformationconference,expertMayChaffinpresentedastudywhich
    followed0dayexploitsthroughtheirlifecycle,concludingthattheiraveragelifespanwas256
    daysandthat,inabadyearthereareabout45000Dayvulnerabilitiesinexistenceonanygiven
    day(Chaffin2009,10).Anadvancedvirusmayonlyuseahandfulof0daystodeliverits
    devastatingpayloadsothemetricsprovidedbythisstudyareparticularlyunnerving.Theyimply
    thathackersnotonlyhaveahugelibraryofvulnerabilitiestochoosefrom,butthattheyhave
    plentyoftimetochainthemtogetherandbreacheventhemostsecureofsystems.

    Althoughadvanced,Stuxnetandothermodernmalwarepalesincomparisontowhathas
    beenproducedbyanotoriousgroupdubbedTheEquationGroup.DiscoveredbyKaspersky
    earlierthisyear,TheEquationGrouphasbeenoperatingsinceatleast2001andisconsideredby
    itsdiscovererstobeoneofthemostsophisticatedcyberattackgroupsintheworldand[the]
    mostadvancedthreatactorwehaveseen(Kaspersky2015,3).TargetingmainlyIranandthe
    RussianFederation,malwareprogrammedbytheEquationGroupavoideddetectionforalmost
    15yearsbystoringitselfinsidethefirmwareofthevictimcomputersharddriveandbykeeping
    itselfanditsstolendataencrypted.Theirplatformincludedmultiplepiecesofsoftware,thefirst
    whichinfectedvictimsinmanyways,onerouteinvolvinginfectedCDsgiventoscientific
    researchersafteraconferenceinHouston,Texas.Thenext,titledDOUBLEFANTASY,
    identifiedinterestingtargetsamongthoseinfectedandkeptabackdooropenforGRAYFISH,
    themainplatformfortheattack.Thisplatformisincrediblycomplexandallowsitscreatorsto
    controlthelaunchingofWindowsateachstageandbypassmodernOSsecuritymechanisms
    thatblocktheexecutionofuntrustedcode(Kaspersky2015,1012).Installedinthisway,
    GRAYFISHleftnomaliciouspiecesofdataontheactualfilesystemofthecomputer,meaningit
    couldnotbedetectedthroughconventionalmeans.Onceinstalled,theEquationGroupwasable
    tostealdata,encryptit,andsendittooneoftheir100serverssetupallovertheglobe
    (Kaspersky2015,23).
    Itisclearthatcomputerhackinghascomealongwaysinceitsrelativelyinnocentstartin
    the1970s.Evenbytheearly2000s,malwarewasstillnotverymaliciousinnature,theMelissa
    VirusandtheILOVEYOUwormbothinfectingthousandsbutwithonlytheintentofemailing
    otherpeopletheinfection.RogerThompson,chiefresearchofficerfortheantivirusdeveloper

    AVGevendescribestheseearlyvirusesasgoodbecausetheytaughtalargenumberofcomputer
    usersthatthemosteffectivemeansforattackinganetworkisthroughsocialengineeringofits
    humanusers(Greene2010).Todaytheworldfacesamuchdarkerthreat.MalwarelikeStuxnet
    andGRAYFISHrequirenosocialengineeringandwerebothverymuchwritteninorderto
    disablegovernmentfacilitiesandstealinformation.Withanevergrowingnumberofpeople
    owningdigitaldevicesandthebarsetthishighforhackers,itisalmostaguaranteethatthe
    malwareofthenextfiveyearswillbeincrediblysophisticatedinwaysthatsecurityresearchers
    hadneverconsideredpossible.

    References

    Chaffin,May.2009."EmpiricalEstimatesandObservationsof0DayVulnerabilities."
    SciTech
    Connect
    ,EBSCO
    host
    Farwell,JamesP.,andRafalRohozinski.2011."StuxnetandtheFutureofCyberWar."
    Survival
    (00396338)
    53,no.1:2340.
    AcademicSearchComplete
    ,EBSCO
    host
    Greene,Tim.2010."LoveBugwormhit10yearsagoduringasimplertimeToday,the
    ILOVEYOUwormmightnotbesosuccessful."
    NetworkWorld
    ,2010.
    Academic
    OneFile
    ,EBSCO
    host
    JohnMarkoffandDavidE.Sanger.2010.InaComputerWorm,aPossibleBiblicalClue.
    NewYorkTimes
    KasperskyLabs.2015.EquationGroup:QuestionsandAnswers.KasperskyLabs.

    Das könnte Ihnen auch gefallen