Beruflich Dokumente
Kultur Dokumente
Tony Villasenor
Director of Technical Services
GeoTrust Inc.
Previous Posts: Director, NASA Science Internet Chair, Federal Network Council (CERT, etc.) Architect: Russian Science Internet Consultant: USAID, DOS, WHO
6/27/2013 Hacking as Warfare 1
Hacking as Warfare
TECHNOLOGY Network-based attack tools Network defense tools PSYCHOLOGY Why do it? CYBER TERRORISM Terrorist Terrorist sympathizers Targeted countries IMPACT ON CITIZENS
6/27/2013 Hacking as Warfare 2
6/27/2013
Hacking as Warfare
Network-Based Attacks
Better Accessibility because of the network
Web sites Email Servers File Servers DNS Servers Routers Etc.
6/27/2013
Hacking as Warfare
Web Attacks
Buffer Overflow:
- Occurs when a program does not check to make sure the data it is putting into a space will actually fit into that space - A vulnerability exists in Microsoft IIS 5.0 running on Windows 2000 that allows a remote intruder to run arbitrary code on the victim machine, allowing them to gain complete administrative control of the machine - IIS %c1%1c bug
(http://www.wiretrip.net/rfp/p/doc.asp?id=57)
6/27/2013
Hacking as Warfare
Web Attacks
Semantic attacks
changing the web content subtly, thus providing false information Active-X, Java cookies containing executable code (like BO2K)
6/27/2013
Hacking as Warfare
6/27/2013
Hacking as Warfare
6/27/2013
Hacking as Warfare
6/27/2013
Hacking as Warfare
11
E-Mail Attacks
Email bombing
repeatedly sending an identical email message to a particular address. http://www.cert.org/tech_tips/email_bombing _spamming.html
MALware Attachments:
worms, viruses, trojan horses, etc.
SPAM
Unsolicited junk mail At sites with mailers that permit relaying
6/27/2013 Hacking as Warfare 13
E-Mail Attacks
RTF files are ASCII text files and include embedded formatting commands. RTF files do not contain macros and cannot be infected with a macro virus.
SPAM Control
Scheck_rcpt # anything terminating locally is ok R< $+ @ $=w > $@ OK # anything originating locally is ok R$* $: $(dequote "" $&{client_name} $) R$=w $@ OK R$@ $@ OK # anything else is bogus R$* $#error $: "550 Relaying Denied"
Three rules for controlling SPAM; code is inserted in sendmail.cf file
6/27/2013
Hacking as Warfare
15
Network Attacks
DOS, DDoS: coordinated attack by one or multiple sources
SYN flooding: http://www.cert.org/advisories/CA-1996-21.html Aided by proliferation of DSL home users
DNS, BIND
Redirection :the site youre on, is not really the site you think youre on ! Vulnerability in BIND to allow remote user to gain privileged access
Routers
Change routing information to disable network Ciscos IOS proliferates the worldwide backbone of the Internet
Sniffers
examine network traffic going to and from other machines gather usernames and passwords capture electronic mail
6/27/2013
Hacking as Warfare
16
6/27/2013
Hacking as Warfare
17
Example: DOS
http://www.cert.org/tech_tips/denial_of_service.html
Denial-of-Service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating over the network. A description of how this can occur is at: http://www.cert.org/advisories/CA-199621.html In this case, the hacker begins the process of connecting to the victim machine, but in such a way as to PREVENT the completion of the connection. Since the victim machine has a limited number of data structures for connections, the result is that legitimate connections are denied while the victim machine is waiting to complete bogus half-open connections.
6/27/2013
Hacking as Warfare
18
Make networks or hosts unusable Disrupt services Difficult or Impossible to locate source Becoming very popular with attackers, especially
IRC sites Controversial sites or services
6/27/2013
Hacking as Warfare
20
List ports mapped by BackOrifice 2000 Send a file through another port Share a drive, unshare a drive, list shared drives, list shared devices on a LAN, mapped a shared device, unmap a shared device and list all connections
6/27/2013 Hacking as Warfare 21
Redirects
The action used by some viruses to point a command to a different location. Often this different location is the address of the virus and not the original file or application
6/27/2013
Hacking as Warfare
24
http://www.eeye.com/html/press/PR19990608.html
Network Defenses
Firewalls, DMZ, air gap VPN, SSL encryption Intrusion Detection Systems, honeypots and burglar alarms, vulnerability scanners e-mail filters, SMIME encryption
Bastion Host - A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall. Filtering routers in a firewall typically restrict traffic from the outside network to reaching just one host, the bastion host, which usually is part of the firewall. Since only this one host can be directly attacked, only this one host needs to be very strongly protected, so security can be maintained more easily and less expensively. However, to allow legitimate internal and external users to access application resources through the firewall, higher layer protocols and services need to be relayed and forwarded by the bastion host. Some services (e.g., DNS and SMTP) have forwarding built in; other services (e.g., TELNET and FTP) require a proxy server on the bastion host.
http://www.linuxsecurity.com/dictionary/dict-42.html
6/27/2013 Hacking as Warfare 27
Reports, Alarms
Event logs, various levels of detail Notify if certain events occur
6/27/2013
Hacking as Warfare
28
Counter-Issues
Access Controls (passwords, permissions, etc.) Security Management (policy, maintenance, updates) Security Overhead (bandwidth, cycles, manpower)
6/27/2013
Hacking as Warfare
29
Security Policy?
DTE
Management Support?
router
firewall
filters
www
dns
usage
Intranet 1
router firewall router
Intranet 2
6/27/2013
Hacking as Warfare
30
HACKER PSYCHOLOGY
Achievement
The Harder the Better The Bigger the Better How to be a Hacker
http://www.tuxedo.org/~esr/faqs/hacke r-howto.html
Fame
Recognition (Distrust) Respect (Fear)
Surprise
Creativity
Money*
Corporations Governments
cDc
http://www.cultdeadcow.com/
*Note: Hackers dont make the Money their Thrill is in the Game!
6/27/2013 Hacking as Warfare 31
6/27/2013
Hacking as Warfare
34