Professional Documents
Culture Documents
Cybercrime,
Cyberterrorism, and
Cyberwarfare
Cybercrime
Illegal or criminogenic
activities performed in
cyberspace
Common EC/EB crime
targets/victims
Identity theft – is your customer “real”?
Credit card number theft – is your
customer’s credit/debit account “real”?
Computational embezzlement –
fraudulent creation/manipulation of
financial info regarding EC/EB
transactions or accounts (biggest
corporate problem)
(Security) Vulnerability and exploit
attacks (most pervasive problem).
EC/EB system targeted attacks mostly
Copyright © 2003, Addison-Wesley
Hacker/Cracker
Originally, an expert programmer
Today, someone (Cracker) who breaks
into computers
Types of hackers
White-hat hackers
Black-hat hackers (crackers, dark side
hackers)
Elite hackers
Superior technical skills
Very persistent
Often publish their exploits
Samurai – a hacker for hire
Copyright © 2003, Addison-Wesley
Figure 8.1 A list of postings on a
hacker newsgroup.
Source: http://packetstormsecurity.org/
Copyright © 2003, Addison-Wesley
Script-kiddies and Phreakers
Script-kiddie (packet monkeys, lamerz)
Hacker in training
Disdained by the elite hackers
Phreaker
Person who cracks the telephone network
Insider/outsider using “social
engineering”
Trusted employee turned black-hat hacker
Dumpster divers; help desk impersonators,
etc.
Potentially most dangerous
Copyright © 2003, Addison-Wesley
Why Do Hackers Hack?
Government sponsored hacking
Cyberwarfare
Cyberterrorism
Espionage
Industrial espionage
White-hats
Publicize vulnerabilities
The challenge – hack mode
Black hats – misappropriate software and
personal information
Script kiddies – gain respect
Insiders – revenge
Copyright © 2003, Addison-Wesley
Password Theft
Easiest way to gain access/control
User carelessness
Poor passwords
Easily guessed
Dumpster diving
Observation, particularly for insiders
The sticky note on the monitor
Human engineering, or social engineering
Standard patterns (e.g., Miami University)
Guess the password from the pattern
Reproduction Concealment
Payload
logic logic
layers.
Router
Defend in depth
Firewall
What one layer
misses, the next Host server
Firewall
Firewalls (Chapter 9)
Anti-virus Workstation
software
Personal virus
protection
Firewall
Cyber
equivalent of
throwing
bricks
Overwhelm Target system
target
computer
Standard DoS
is a favorite of
script kiddies
DDoS more
Copyright © 2003, Addison-Wesley
Spoofing
Act of faking key system
parameters
DNS spoofing
Alter DNS entry on a server
Redirect packets
IP spoofing
Alter IP address
Smurf attack
Copyright © 2003, Addison-Wesley
Figure 8.10 IP spoofing.
1 False message claiming to come from Beta Preparation
Probe target (A)
Counterfeit
3
acknowledgement
Alpha server
(the target)
Hacker's
computer
Launch DoS attack on
trusted server (B)
4 One-way connection