Learning Center
Plans & pricing Sign in
Sign Out

Exploring the Internet (PowerPoint)

VIEWS: 143 PAGES: 285

									                                    Exploring the Internet
                                    The Dark Side of the
                                   Instructor: Michael Krolak
                                    Instructor: Patrick Krolak
                   See also

                    Authors: P. D. & M. S. Krolak Copyright 2005-2011
Edited by Richard Wright, National Expert Traffic & Information Management, Volpe Center US DOT
The Internet and Security
The Dark Side of the
The Dark Side of the
Internet is changing our
lives in small ways
The creation of an evolving rainbow of
wireless devices mean that we are always
on call, tracked with GPS, and constantly
interrupted with text messages, twits,
       Society and the multitasking lifestyle

• Frazzing: A new term for frantic multitasking,
  says ABC News, in a world where digital gadgets
  are all demanding our attention. By one estimate,
  the average office worker loses 2.1 hours a day to
        Teens and the Social Network

• Recent medical journal articles have begun documenting
  how mobile devices are interrupting time formerly
  reserved for family and friends, i.e. downtime,
• This downtime time is now spent texting, tweeting, and
  posting to Facebook.
• The teenager who can not stop responding to messages
  and tweets even during the night, will soon enter the job
  world to find the same devices interrupting their
  business, family, and rest.
• The mobile device replaces real world experience with a
  virtual one. This makes it harder to read the situation
  where micro expressions of the face and body clue us to
  feelings and intentions, gain a sense of personal space,
  and other social skills.
        Teens and the Social Network

• Confusion about the real world and the virtual world;
• Too much social collaboration among teens is leading to
  fatigue and guilt:
• Living in the cyber space, virtual world is not the same as
Hoaxes create anxiety,
worries, and in some
cases real problems
With the advent of the Internet social
networks, chat rooms, and blogs
rumors and hoaxes can travel
around the world and reach millions
in days if not minutes.
        Hoaxes – the chain email

• In the days of snail mail, the chain letter that offer some
  reward, prayer answer, good luck for the receiver of the
  letter if they then copied it and sent 10 copies to others.
  In some cases they asked that the person put their name
  and address on a list and send money to the person
  higher on the list.
• Today hoax emails ask that the user say a prayer, do a
  good deed, send money to a charity, etc. In addition the
  person is asked to forward it to at least 10 friends. At the
  very least this clogs the email system with junk. At worse
  it is a scam that may harm your computer or add your
  email to a spam or sucker list.
• Action – Delete the email immediately and/or notify your
  system administrator so it can be blocked. For more see
  the Pyramid Scheme Section.
                        Urban Legend also urban
                        myth or urban tale

                     An urban legend, urban myth, urban tale, or a
                     contemporary legend, is a form of modern folklore
                     consisting of apocryphal stories believed by their tellers to
                     be true. As with all folklore and mythology, the designation
                     suggests nothing about the story's factuality or falsehood,
                     but merely that it is in non-institutional circulation, exhibits
                     variation over time, and carries some significance that
                     motivates the community in preserving and propagating it.

        Urban legend

• Despite its name, a typical urban legend does not
  necessarily originate in an urban area. Rather, the term
  is used to differentiate modern legend from traditional
  folklore in preindustrial times. For this reason,
  sociologists and folklorists prefer the term contemporary
• Urban legends are sometimes repeated in news stories
  and, in recent years, distributed by e-mail. People
  frequently allege that such tales happened to a "friend of
  a friend" -- so often, in fact, that "friend of a friend,"
  ("FOAF") has become a commonly used term when
  recounting this type of story.
        Belief and relation to mythology

• The earliest term by which these narratives were known,
  “urban belief tales,” highlights what was then thought to
  be a key property: they were held, by their tellers, to be
  true accounts, and the device of the FOAF was a
  spurious but significant effort at authentication.[16] The
  coinage leads in turn to the terms "FOAFlore" and
• Recently social scientists have started to draw on urban
  legends in order to help explain complex socio-
  psychological beliefs, such as attitudes to crime,
  childcare, fast food, SUVs and other 'family' choices.[20]
       Debunking or Fact Checking

• Urban myths -
• - Annenberg Political Fact
• Urban Legends Reference Pages

• PolitiFact | Sorting out the truth in politics


•Spam is electronic junk mail that clogs our internet like the fatty canned
meat of the same name clogs our arteries.
    –Communication lines back up at an alarming rate,
    –Storage is gobbled up,
    –Servers and processors thrash, and
    –Users are irritated at best – incapacitated at worst.
•Spam costs the ISPs and others a fortune to prevent and/or to remove.
•At its worst spam is used by scammers, hackers, and others to market
and prey on literally millions of users at a very low cost.

• What is Spam?
   Junk email – unwanted, resource robbing, and often contains viruses, worms,
     and scams.
• Why is it an increasing problem?
   Spam is the fastest growing component of messages on the Internet that
     consumes bandwidth, storage, and angers the user. ISPs and some
     consumer groups are attempting to shut down the worst offenders.
   Spam as harassment.
   Spam as DoS (Denial of Service) attack.
   Spam as Phishing (attempt to obtain a person‟s ID, password, etc, by
     pretending to be a legitimate request.)
• What can be done about it? (Discussion questions)
   – Closing down ISPs that permit email relaying (Is this too draconian?).
   – Apply filters and tools to remove it (Can they be by-passed?).
   – Lobby for federal legislation to create civil and criminal penalties for those
     who send Spam. (Does this interfere with free speech?)
   – A recently passed law to prosecute commercial spammers. (When is
     Internet advertising legitimate and when is it Spam?)
             Why Estimate the Cost of Spam?

•   Important for policy reasons to know severity of problem –
     helps in assigning priority to issue;
•   To determine which economic actors have to bear costs – also
     important in focusing on solutions;
•   Spam imposes negative externality on society (similar to
     pollution in the manufacturing economy): economic damage
     and cost borne by third parties resulting in an overall loss of
     welfare for society;
•   If costs of spam are unacceptable then have to put in place
     mechanisms to change behavior of producers of spam;
•   Provides metric to “let the punishment fit the crime.”
•   Market itself does not provide mechanism to correct for costs
     inflicted by spam. If economic solutions are used to combat
     spam, cost data can help determine prices applied to reduce or
     eliminate spam;

        Spam Impact on Consumers

• E-mail has value to recipient which varies with the
  content and should at least equal processing cost;
• Each e-mail entails the same receiving/processing cost
  for consumer. For spam the value of the e-mail content is
  negative and to this must be added the processing cost;
• If the amount of spam received is extremely high it could
  conceivably outweigh the positive value of receiving e-
• Costs to consumers for processing mail are declining as
  consumers switch to broadband from dial-up (where time
  based Internet access charges exist) and because of
  quicker download times;
• But increase in volume of spam is likely to result in net
  increase in costs – if you can go fast but you produce
  crap, all you get is more crap;
              Overall Cost: Some Estimates

• Reduced use of an efficient and cheap means of
  communications among economic actors – slows down growth
  of e-commerce and development of digital economy.

Total economic impact of spam – estimates vary:
• Global cost “conservatively” estimated at estimated at €10
  Billion (European Commission Study 2001);
• Ferris Research (Jan. 2003) estimated that spam cost US
  companies $8.9 billion dollars in 2002. The same study
  estimated the cost of spam in Europe as US$2.5 billion.
• UNCTAD (2003): $20 billion;
• Cost to Hong Kong economy $1.3 billion (HKISPA 2004);
• $2 - $20 Billion per year and growing.

   Crimes of Persuasion
Crimes of persuasion are scams that appeal to
peoples‟ greed, goodwill, or other emotions to
use the victim to provide the access and
assistance to information, the money or other
resources, that are the target of the criminal.

In other words – A Con Game
Internet Scams
         Internet Scams

• Scams over the Internet unlike the fraud and similar crime can be
  difficult to detect, prosecute, and prevent – and easy to perpetrate.
• Email can be used to reach 250 million with a simple program and
  a CD-ROM with the email addresses.
• Example - The African businessman who offers to split a large
  sum of money (like, $20M) if he can only electronically wire it to
  your checking account. He also requires a (small) fee ($250.)
  wired to his account to bribe fellow country men. Your fee and your
  bank account are immediately seen to vanish.
• See:
           Internet Pyramid schemes
What is a Pyramid Scheme?
• Pyramid schemes, also referred to as "chain referral", "binary
  compensation" or "matrix marketing" schemes, are marketing
  and investment frauds which reward participants for inducing
  other people to join the program. Ponzi schemes, by contrast,
  operate strictly by paying earlier investors with money deposited
  by later investors without the emphasis on recruitment or
  awareness of participation structure.
• Pyramid schemes focus on the exchange of money and
  recruitment. At the heart of each pyramid scheme there is typically a
  representation that new participants can recoup their original
  investments by inducing two or more prospects to make the same
• For each person you bring in you are promised future monetary
  rewards or bonuses based on your advancement up the
  structure. Over time, the hierarchy of participants resembles a
  pyramid as newer, larger layers of participants join the established
  structure at the bottom.
         Internet Pyramid schemes (more)

• They say you will have to do "little or no work because the
  people below you will". You should be aware that the actual
  business of sales and supervision is hard work. So if everyone is
  doing little or no work, how successful can a venture be? Too
  good to be true!
• The marketing of a product or service, if done at all, is only of
  secondary importance in an attempt to evade prosecution or
  to provide a corporate substance. Often there is not even an
  established market for the products so the "sale" of such
  merchandise, newsletters or services is used as a front for
  transactions which occur only among and between the operation's
• Therefore, your earning potential depends primarily on how
  many people you sign up, not how much merchandise is sold.
• When the Pyramid gets too big, the whole scheme collapses and
  the people who lose are the people at the bottom.
       Internet Pyramid schemes (more)

• Pyramid schemes are not the same as Ponzi
  schemes which operate under false pretences
  about how your money is being invested and
  normally benefit only a central company or person
  along with possibly a few early participants who
  become unwitting shills.
• Pyramid schemes involve a hierarchy of investors
  who participate in the growth of the structure with
  profits distributed according to one's position
  within the promotional hierarchy based on active
  recruitment of additional participants.
• Both are fraudulent, because they induce an
  investment with no intention of using the funds as
  stated to the investor.
                  Email Fraud
                 Fraud has existed perhaps as long or longer
                 than money. Any new sociological change
                 can engender new forms of fraud, or other

       Email Fraud

• Almost as soon as e-mail became widely used, it
  began to be used to defraud people via E-mail fraud.
• E-mail fraud can take the form of a "con game" or
• Confidence tricks tend to exploit the inherent greed
  and dishonesty of their victims: the prospect of a
  'bargain' or 'something for nothing' can be very
• E-mail fraud, as with other 'bunco schemes' relies on
  naive individuals who put their confidence in get-
  rich-quick schemes such as 'too good to be true'
  investments or offers to sell popular items at
  'impossibly low' prices. Many people have lost their
  life savings due to fraud. (Including E-Mail fraud!)
         Avoiding e-mail fraud

E-mail fraud may be avoided by:
• Keeping one's e-mail address as secret as possible,
• Ignoring unsolicited e-mails of all types, simply deleting
• Not giving in to greed, since greed is the element that
  allows one to be 'hooked„, and
• If you have been defrauded, report it to law enforcement
  authorities -- many frauds go unreported, due to shame,
  guilty feelings or embarrassment.

Identity Theft on the
Identity theft involves finding out the
  user‟s personal information and
  then using it commit fraud and
  other crimes.
Identity Theft

                 “But he that filches from
                   me my good name
                 Robs me of that which not
                   enriches him
                 And makes me poor
                   indeed." -
                   Shakespeare, Othello,
                   Act III. Scene III.
      What is Identity Theft?

• A Federal crime where someone wrongfully
  obtains and uses another person's personal
  data in some way that involves fraud or
  deception, typically for economic gain.
• In 2004, almost 250,000 claims of Identity
  Theft within the US alone (1:1000)
• More than $500 million in reported losses

            Categories of Identity Theft

According to the non-profit Identity Theft Resource Center,
   identity theft is "sub-divided into four categories:
1. Financial Identity Theft (using another's name and SSN
   to obtain goods and services),
2. Criminal Identity Theft (posing as another when
   apprehended for a crime),
3. Identity Cloning (using another's information to assume
   his or her identity in daily life) and
4. Business/Commercial Identity Theft (using another's
   business name to obtain credit)."

Tiger Woods

              “A man who used Tiger Woods' identity to
              steal $17,000 worth of goods was
              sentenced to 200 years-to-life in prison.

              Anthony Lemar Taylor was convicted of
              falsely obtaining a driver's license using
              the name Eldrick T. Woods, Woods'
              Social Security number and his birth date.

              Though he looks nothing like golf's best
              player, the 30-year-old Taylor then used
              the false identification and credit cards to
              buy a 70-inch TV, stereos and a used
              luxury car between August 1998 and
              August 1999.

              Judge Michael Virga gave Taylor the
              maximum sentence under California's
              three-strikes law...”
    Identity Theft by Age

                     Claims by Age in 2004

        % of
                   Under 18-29 30-39 40-49 50-59    60+

             Identity Theft

• Identity Theft – the acquiring of personal and financial information
  about a person for criminal purposes.
• Your Social Security Number, credit card numbers, and passwords
  on your machine can be used to gain information about you from
  the web sources.
• Once the information is gained it is used to charge large amounts
  for plane tickets, etc.
• The criminal can also assume your identity for fraud and terrorism.
• Some rings communicate data gathered to accomplices in other
  countries where the fraudulent charges are actually made.
• It can take up to 18 months and thousands of dollars to restore
  your credit.

The role of private industry
and government in identity
           Techniques for obtaining
Low Tech – Social Engineering
• Stealing (snail) mail or rummaging through rubbish (dumpster diving)
• Eavesdropping on public transactions to obtain personal data
  (shoulder surfing)
• Obtaining castings of fingers for falsifying fingerprint identification
High Tech – Internet Approaches
• Stealing personal information in computer databases [Trojan horses,
  hacking] – Including theft of laptops with personal data loaded.
• The infiltration of organizations that store large amounts of personal
• Impersonating a trusted organization in an electronic communication
  (phishing) .
• Spam (electronic): Some, if not all spam entices you to respond to
  alleged contests, enter into "Good Deals", etc.
• Browsing social network (MySpace, Facebook, Bebo etc) sites,
  online for personal details that have been posted by users in public
        What is Pharming?

Pharming is the exploitation of a vulnerability in the DNS
  server software that allows a hacker to acquire the
  Domain Name for a site, and to redirect traffic from that
  website to another web site.

DNS servers are the machines responsible for resolving
 internet names into their real Internet Protocol (IP)
 addresses - the "signposts" of the internet. (e.g., will translate to an address like 152 145
 72 30 – i.e. four groups of base 8 (octal) numbers in IP
 version 4 (IPv4) or eight groups in base 16 (hex) in IP
 version 6 (IPv6). The Internet has thousands of DNS
 servers – each one a target for determined hackers.

What is Phishing?
    – Using email or web sites to look like authentic
      corporate communications and web sites to trick
      people into giving personal and financial information.
    – FBI sees this a fast growing form of fraud and can
      lead to theft of identity.

        What is Phishing?

phishing (also known as carding and spoofing)

1. The act of attempting to fraudulently acquire
sensitive information, such as passwords and
credit card details, by masquerading as a
trustworthy person or business with a real need
for such information in a seemingly official
electronic notification or message (most often an
email, or an instant message).

             Phishing Example
        From: eBay Billing Department <>
        Subject: Important Notification
                                           This link points to a bogus site
                                           that often will infect and attempt
                                           to corrupt or steal data from your
                                           computer or to coerce you into
                                           divulging private information when
Register for eBay                          You access it.
Dear valued customer
Need Help?

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this
problems please click here and re-enter your account information. If your problems could not be resolved your account will be
suspended for a period of 3-4 days, after this period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your
membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you,
our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering
of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe
to eBay.

Safeharbor Department
eBay, Inc
The eBay team.

This is an automatic message. Please do not reply.
          Spear Phishing

• Spear phishing is an e-mail spoofing fraud
  attempt that targets a specific organization,
  seeking unauthorized access to confidential data.
  Spear phishing attempts are not typically initiated
  by "random hackers" but are more likely to be
  conducted by perpetrators out for financial gain,
  trade secrets or military information.
• Spear phishing messages appear to come from a
  trusted source. Phishing messages usually
  appear to come from a large and well-known
  company or Web site
       Spear Phishing (more)

• Visiting West Point teacher and National Security
  Agency expert Aaron Ferguson calls it the
  "colonel effect." To illustrate his point, Ferguson
  sent out a message to 500 cadets asking them to
  click a link to verify grades. Ferguson's message
  appeared to come from a Colonel Robert Melville
  of West Point. Over 80% of recipients clicked the
  link in the message

• E-mail sent from someone pretending to be
  someone else is known as spoofing. Spoofing
  may take place in a number of ways. Common to
  all of them is that the actual sender's name and
  the origin of the message are concealed or
  masked from the recipient. Many, if not most,
  instances of e-mail fraud use at least minimal
  spoofing, as most frauds are clearly criminal acts.
  Criminals typically try to avoid easy traceability.
        Methods to Steal an Identity
• TCP Spoofing
  – Establish a fake session and act to the user like the real
    application the user thought was connected.
  – Can be done by substituting valid access software with
    “hacked” software after compromising a host or server machine
• DNS Spoofing
  – Mentioned previously
  – Substitutes a fake IP address for the real one in the DNS table
• Typo Squatting (e.g.
  – Set up a real web site with URL that represents common typo.
    Make site look enough like real one and try to get passwords,
    ID, etc.
  – Similar to phishing, but the “phish” catches himself!
       Internet and Identify Theft – Ref.

• Abagnale, Frank W, ”Stealing Your Life”,
  Broadway Books (2007). Author has written
  several books including; “Catch Me if You Can”
  and “The Art of the Steal”. While the book is not
  very technical it lays out the economics and
  approaches to preventing Identity Theft.
 Internet and Security
The Internet is a paradox like almost everything in modern
society. It offers many benefits yet it also opens us to a
variety of evils. It is a tool to leverage the power of
advanced computing – for good OR evil.
     What is computer security?

computer security
1. The systematic methods and procedures
employed to protect information assets on
computer systems to protect against intentional
and unintentional use, modification, deletion,
manipulation, access, or corruption.
       What is malware?

• malware (mal´wãr) (n.) Short for malicious
  software, software designed specifically to
  damage or disrupt a system, such as a virus or a
  Trojan horse.

          As we explore the Internet we must
          also protect ourselves from evil
• First we must make sure our
  computer is secure or at least
  that we make difficult for
  trespassers and other evil
  doers to enter it and attack it.
• Second we must secure our
  browsers and email system.
• Third we must protect our
  network portal and our
• Finally we must prepare to be
  attacked and have a plan for
  minimizing the damage.

   Cartoon Source:
         What is a virus?

                            1. A self-replicating
                               software program that
                               spreads by inserting
                               copies of itself into other
                               executable code or

          Annual Cost of Viruses to Businesses

                   Virus Cost to Businesses

$ in Billions 30

                   2001           2002        2003
            What is a Trojan Horse?
                                  Trojan horse
                                  1. A malicious program that is disguised as legitimate
                                  Trojan horses can
                                   –   Erase or overwrite data on a computer,
                                   –   Corrupt files in a subtle way,
                                   –   Spread other malware,
                                   –   Set up networks of zombie computers (subverted to execute
                                       commands of the hacker instead of your programs) in order to
                                       launch DDoS (Distributed Denial of Service) attacks or send
                                   –   Spy on the user of a computer and covertly report data like
                                       browsing habits to other people,
                                   –   Log keystrokes to steal information such as passwords and
                                       credit card numbers,
                                   –   Phish for bank or other account details, which can be used for
                                       criminal activities, or
                                   –   Install a backdoor on a computer system to facilitate future

• A “Trojan horse” program may force your computer to do any or all of these things without
your knowledge!
• Individuals have actually been prosecuted for actions committed by their computer while
under control of a Trojan horse.
        What are worms?

worm n.
1. A self-replicating piece of code that uses
security lapses to travel from machine to
machine, placing copies of itself everywhere and
then using those newly compromised machines
as bases to attack further systems.
 – The worm is the chunk of code that does the traveling
   and implanting. Hackers attach other malware to the
   worm which then carries it along.

           Famous Worms

Name/Date                   Comment                                 Est. Cost
Melissa 3/26/1999                                                   $1.1B

NIMDA 9/2001                                                        $645M

Sobig 1/2003                Variant Sobig.f used its own            $36.1B
                            SMTP (Simple Mail Transfer
                            Protocol) to email from user
                            address to others in user’s
                            addressbook. Largest vol. of
Source: Computer Worms: Past, Present, and Future, Craig Fosnock (CISSP, MCSE, CNE)
        Famous Worms (continued)
Name/Date     Comment                                      Est. Cost
              Appearing January 26, 2004
Mydoom                                                     $38.5 B
              and primarily transmitted via E-mail to
              appear as a transmission error.
              • Mydoom‟s becomes the fastest
              spreading email worm ever.
              •It slowed overall Internet performance by
              about 10%, and average web page load
              times by about 50%.
              Appearing March 19, 2004,
Witty                                                      $11 million
              •was the fastest developed worm to date
              as there was only 36 hours after the
              release of the advisory to the released
              • Witty infected the entire exposed
              population of twelve thousand machines
              in 45 minutes, and
              • it was the first worm that destroyed the
              hosts infected (by randomly erasing a
              section of the hard drive)
         Early Viruses

• Brain Virus from Pakistan (1986)
     – First PC virus
     – Affected only certain types of floppy drives
• Dark Avenger.1800 virus (1989)
     – Written in Sophia, Bulgaria.
     – Posed the first international virus threat.
     – Used anti-virus software to spread.
• Michelangelo (1992)
     – 5 million systems were predicted to be affected.
     – Only 10,000 systems were ever infected.
     – A boon for anti-virus software companies.

        Trojan Horses

• These actions range from harmless messages to
  destruction of user files, denial of service, or stealing
  personal data.
• Lately hackers have taken over thousands of computers
  to launch attacks on other sites (using Trojan horse
       What is a rootkit?

• A type of Trojan that keeps itself, other files,
  registry keys and network connections hidden
  from detection.
• It enables an attacker to have "root" access to the
  computer, which means it runs at the lowest level
  of the machine.
• A rootkit typically intercepts common API calls so
  antivirus scans never see the rootkit programs.
    What’s a Wabbit?

1. A program that replicates itself on a computer but does not
touch other documents or executables. It is not spread
through the Internet. It makes so many copies of a program
that the computer cannot even start the program that would
allow the user to terminate the wabbit program.
         What’s a backdoor?

• Code that allows access
  of the computer through
  O/S or application.
• In some cases this is
  intentional and in others
  it‟s a bug. In any case it is
  a dangerous problem and
  requires that the user get
  the latest patches to the
  O/S and applications.

      Malware Detection

• Norton Anti-Virus
• McAfee Anti-Virus
• Panda Software
Software designed to spy
on you
1. Adware
2. Spyware
         What is Adware?

• Adware or advertising-supported software is any software
  package which automatically plays, displays, or downloads
  advertising material to a computer after the software is installed on
  it or while the application is being used.
• Adware programs other than spyware do not invisibly collect and
  upload this activity record or personal information when the user of
  the computer has not expected or approved of the transfer, but
  some vendors of adware maintain that their application which
  does this is not also spyware, due to disclosure of program
  activities: for example, a product vendor may indicate that since
  somewhere in the product's Terms of Use, there is a clause that
  third-party software will be included that may collect and may
  report on computer use, that this Terms of Use disclosure means
  the product is just adware.

          What are Popup ads?

• A popup, is a new browser window, usually with ad content, that
  opens over your current one.
• A popunder, which is supposedly less annoying, is a new browser
  window that opens (duh) under the current one.
• A popover (also known as an overlay) is an animated graphic that
  doesn't have a window in the usual sense but rather materializes
  on top of the current window.
• Sometimes popovers have a click-the-X box that enables you to
  get rid of them; others don't (or carefully disguise it) and you have
  to wait till they go away on their own.
• Interstitial ads appear after you click on a hyperlink, but before
  you get to the page you actually want.
• Rich media refers to fancy, often interactive, animated graphics
  that move around the page, etc. Rich media is the hot trend in
  online advertising since it's difficult to ignore; it typically makes use
  of a technology aptly called Flash. Flash is often used for

• Spyware – software that gathers information
  about a person or computer without permission or
• Once loaded unto a computer sends data back to
  the site that launched them.
• Can be very dangerous and used in identity theft
  and other forms of fraud.
• Can make your computer appear to be slow and
         What is spyware?

 spyware n.
 1. a broad category of malicious software intended to intercept or
 take partial control of a computer's operation without the user's
 informed consent. Unlike viruses, it does not usually self-replicate.
 Spyware is designed to exploit infected computers for the
 commercial gain of third parties. Typical tactics furthering this goal
 include delivery of unsolicited pop-up advertisements; theft of
 personal information (including financial information such as credit
 card numbers); monitoring of web-browsing activity for marketing
 purposes; or routing of HTTP requests to advertising sites.

 As of 2005, spyware affects only computers running Microsoft
 Windows. There have been no reported observations of
 spyware for Mac OS X, Linux, or other platforms

     What does Spyware/Malware specifically do to my

Malware will perform a variety of nasty activities, ranging from
simple email advertising all the way to complex identity-theft and
password-stealing. New nasty functions are created every week
by malware programmers, but the most common malware
functions are:
–    Malware steals your personal information and address book (identity theft and

–    Malware floods your browser with pop-up advertising.

–    Malware spams your inbox with advertising email.

–    Malware slows down your connection.

–    Malware hijacks your browser and redirects you to an advertising or a phishing-con
     web page.

–    Malware uses your computer as a secret server to broadcast pornography files.

–    Malware slows down or crashes your computer.
         How to prevent / detect spyware

• Adaware
   – www.lavasoft
• WebRoot‟s SpySweeper
• Spy Bot
• Spyware Doctor
• HijackThis
• Microsoft Anti Spyware Beta
      What are cookies?

                                     1. Small data files written to your
                                     hard drive by some Web sites when
                                     you view them in your browser.
                                     These data files contain information
                                     the site can use to track such things
                                     as passwords, lists of pages you've
                                     visited, and the date when you last
                                     looked at a certain page.

       Cookies can serve a useful purpose

• Cookies can be useful. In general web pages are
  stateless, i.e. they do not remember material from
  one page in a site to another. For instance, a
  cookie allows e-commerce to create a market
  basket of items of things your are ordering while
  you are shopping through the site‟s online
• It also allows sites to remember you from after
  you log in to a site. Thus if you are a distance
  learning student it will remember the pages you
  visited and the answers you gave to questions.
       DoubleClick and other cookie

• DoubleClick is an aggressive tracking tool. In
  general a cookie can only be opened by the site
  that created it. DoubleClick sets its cookies
  through its ads on the downloaded page.
  Because its cookie contains the page which
  contained the ad the cookies will report the sites
  that you visit with DoubleClick ads. Thus it can
  track you from site to site.
                   What do companies know
                   about you?
                  Cookies, flash cookies and beacons --
                  all new tools to gather information
                  about you.
                  In the best case it invades your
                  In the worst case it attacks your
                  privacy and your identity.

Flash Cookies
Removing Flash Cookies
        Earthlink SpyAudit Report

•   4,610,738 computers scanned
•   769,330 Trojan Horses were detected
•   24,395,256 Spyware programs were detected
•   90,594,556 Sypware cookies were detected.
        Wireless Dangers

•   War Driving
•   Virtual Intrusion
•   Other means
•   Security Measures

• Wardriving is the act of searching for Wi-Fi
  wireless networks by a person in a moving vehicle
  using a Wi-Fi-equipped computer, such as a
  laptop or a PDA. It is similar to using a radio
  scanner, or to the ham radio practice of DXing.
• Connecting to the network and using its services
  without explicit authorization is referred to as

       Further References

• Beaver, K “Hacking Wireless Networks for
  Dummies”, (2005) Wiley
More Serious Internet Age
 Cyber Bullying

Cyber bullying is a controversial area
of Internet abuse.

• Cyberbullying is willful and involves recurring or
  repeated harm inflicted through the medium of
  electronic text, such as e-mail or instant
  messaging are just two ways but cyber bullying
  can occur in any way if it is on the internet.
• According to R.B. Standler[1]bullying intends to
  cause emotional distress and has no legitimate
  purpose to the choice of communications.

       Cyber-Bullying (More)

• Cyberbullying can be as simple as continuing to
  send e-mail to someone who has said they want
  no further contact with the sender.
• Cyberbullying may also include threats, sexual
  remarks, pejorative labels (i.e., hate speech).
• Cyber-bullies may publish personal contact
  information for their victims at websites. They may
  attempt to assume the identity of a victim for the
  purpose of publishing material in their name that
  defames or ridicules them.
        Cyber Bullying can be deadly

• The issue of cyber bullying is not a trivial right of
   passage in middle and high school
• In the last several years the news has reported 3-4 teens
   driven to suicide after cyber bullying often the victims are
   girls as are the bullies.
• In Jan, 2010 a young girl whose family moved from
   Ireland committed suicide in western Ma after she was
   bullied by group of high school girls.
• Advice for parents and teachers can be found in
         Suggestions for parents

If an adult suspects a child is having suicidal thoughts or behaviors
    as a way of escaping bullying and other problems, here are some
• Notify school personnel if bullying is identified.
• Seek an evaluation from a professional. Suicidal thoughts and
    behaviors are often linked to depression, which can be treated.
• Listen to the child.
• Help the child understand these feelings and thoughts are
    temporary and there are solutions.
• Brainstorm on how the child can react to bullying.
• If suicidal urges/behaviors are serious, take the child to the
    emergency room, don't leave him or her alone, and keep firearms,
    drugs and sharp objects away from the child.

A Few High Profile Cases

We examine cases that illustrate
particularly egregious examples of
cyber bullying.
        Megan Meier

• St. Louis, Missouri, teenager Megan Meier committed
  suicide after a girl down the street disguised herself
  as a teenage boy on MySpace and taunted the 13-
  year-old about her weight and sexuality. Megan was
  three days away from her 14th birthday in October of
• The Missouri officials and Federal officials could not
  find a crime Finally a charge of computer fraud was
  filed in California for misrepresentation of the child’s
  age to use Myspace against the mother.
• The following video discusses the legal issues. Note
  the jury found Laurie Drew not guilty on but one
  charge which was also dropped by the judge.
Megan Meier Case Legal Issues
        Phoebe Prince

 Phoebe Prince was an Irish immigrant to Massachusetts
  when she took her own life in January of 2010. Phoebe
  was a victim of cyberbullying at South Hadley High
  School in western Massachusetts.

  Her parents, who brought Phoebe to America from their
  small Irish village, said that she had trouble adjusting to
  life in America. Even though she had just accepted a
  date to the school dance, Phoebe committed suicide
  after receiving several taunting comments on her
  Facebook page.
 Charges were brought against the mean girls and the
  older boys who slept with her.
Phoebe Prince Case and Legal
       Rutgers Case

• The gay 18-year-old ended his life Sept. 22 by
  jumping off a bridge, after authorities said two
  other students streamed his private sexual
  encounter online.
• One of the students, the room mate, planted the
  web camera.
• One major issue is what the two students should
  be charged with.
• The invasion of privacy and the death shocked
  the campus.
Rutgers University
Legal & Ethical Issues
Sexting -- Teens text messages
including explicit pictures of
themselves is raising issues
•Is it pornography and if so what
should be the punishment for the
sender and the receiver.
•Is it a new form of Cyber Bullying
when the boy or girl friend sends posts
those private photos on the web.
One in Five Teens are involved

The dangers of Sexting lead to criminal
charges, registered as sex offenders, and
cyberbullying, and has lead to suicide
      Is Sexting Child Pornography?

Sexting not only a teenage
The Congressman Wiener Scandal
                 The Congressman Wiener Scandal

  •   While sex scandals in politics are
      common, Rep. Anthony Wiener is of
      note for using twitter and sexting
  •   On May 27, 2011, using his Twitter
      account, Weiner sent a link to a
      photograph on yfrog of his erect penis
      clad in gray boxer briefs[16][9] to a 21-
      year-old female college student in
      Bellingham, Washington, who was
      following him on the social media
      website.[17] Though the image was
      quickly removed from Weiner's Twitter
      account, it was leaked to conservative
      blogger Andrew Breitbart who had it
      published on the BigJournalism website
      the following day
  •   After first denying the posts and saying
      they were hacks, as more evidence of
      similar posts to other women started to
      appear, he announced he would resign
      on June 21,
  •   His name and actions were fodder for
      headlines and late night comedians.
                       “Trolling” means mean-spirited
                       searching of the internet for victims
                       to send harassing, often anonymous

        New variation of CyberBullying --
Post-Death Harassment after a suicide
• A new variation of trolling involves post-suicide
  harrassment of family and friends the victim: When
  families and friends set up memorial “sites” on Facebook
  and other sites, “trolls” from around the world send or
  post harassing, often anonymous messages regarding
  the victim. Depending on the site, the family may have
  no control over the postings that are added.
• At first glance, one might ask “is this really cyberbullying,
  because the victim is already dead?” However, when you
  realize that other youth, classmates, friends and family
  are reading the site, the message is “victim was a loser
  and deserved to die – if you are a loser like her, you
  deserve to die too.”
     Online Crimes against
     persons -- by rapists,
     pedophiles, etc.
Because of the nature of online cyber
relationships it is often the case that criminals
can gain the confidence of lonely vulnerable
people. Pedophiles in particular use it to
attract and lure children into meetings for sex,
pornography, and abduction.
               Youth Internet Safety Survey

   • National Center for Missing & Exploited Children
     (NCMEC) provided funding to Dr. David Finkelhor,
     Director of the Crimes Against Children Research Center
     at the University of New Hampshire, to conduct a
     research survey in 1999 on Internet victimization of
     youth. His research provides the best profile of this
     problem to date.
   • Crimes Against Children Research Center staff
     interviewed a nationally representative sample of 1,501
     youth, aged 10 to 17, who used the Internet regularly.
     “Regular use” was defined as using the Internet at least
     once a month for the past 6 months on a computer at
     home, at school, in a library, at someone else‟s home, or
     in some other place.

         The survey looked at four types of
         online victimization of youth
•   Sexual solicitation and approaches: Requests to engage in
    sexual activities or sexual talk or to give personal sexual
    information that were unwanted or, whether wanted or not, made
    by an adult.

•   Aggressive sexual solicitation: Sexual solicitations involving
    offline contact with the perpetrator through mail, by telephone, or
    in person, or attempts or requests for offline contact.

•   Unwanted exposure to sexual material: When online, opening e-
    mail, or opening e-mail links, and not seeking or expecting
    sexual material, being exposed to pictures of naked people or
    people having sex.

•   Harassment: Threats or other offensive content (not sexual
    solicitation) sent online to the youth or posted online for others to
         Survey Findings

• One in 5 youth received a sexual approach or solicitation over the
  Internet in the past year.

• One in 33 youth received an aggressive sexual solicitation in the
  past year. This means a predator asked a young person to meet
  somewhere, called a young person on the phone, and/or sent the
  young person correspondence, money, or gifts through the U.S.
  Postal Service.

• One in 4 youth had an unwanted exposure in the past year to
  pictures of naked people or people having sex.

• One in 17 youth was threatened or harassed in the past year.

• Most young people who reported these incidents were not very
  disturbed about them, but a few found them distressing.
           Finally -- Survey Shows a Disturbing
           Trend of Not Seeking Help
•   Only a fraction of all episodes was reported to authorities such as the
    police, an Internet service provider, or a hotline.

•   About 25 percent of the youth who encountered a sexual approach or
    solicitation told a parent. Almost 40 percent of those reporting an
    unwanted exposure to sexual material told a parent.

•   Only 17 percent of youth and 11 percent of parents could name a specific
    authority, such as the Federal Bureau of Investigation (FBI), CyberTipline,
    or an Internet service provider, to which they could report an Internet
    crime, although more indicated they were vaguely aware of such

•   In households with home Internet access, one-third of parents said they
    had filtering or blocking software on their computers.
The Dark Side of Craigslist
and Social Networks --
Cyber Crime

• Craigslist is a centralized network of online
  communities, featuring free online classified
  advertisements – with sections devoted to jobs,
  housing, personals, for sale, services, community,
  gigs, résumés, and discussion forums.
• Craig Newmark began the service in 1995 as an
  email distribution list of friends, featuring local
  events in the San Francisco Bay Area, before
  becoming a web-based service in 1996.
• Craigslist has a business model of free or low cost
  ads that attacks one major leg of the newspaper of
       Craigslist Crimes and Controversies

• The Erotic Section has been the source of
  controversy and crime, Prostitution, sex crimes,
  and even murder (Craigslist murderer in spring
• Major state and cities have begun criminal and
  civil legal proceedings to address the issue.
• Craigslist has in summer of 2010 removed the
Danger of children using Social
Taylor Behl

              • On August 17, 2005, Taylor Behl
                left home for college at Virginia
                Commonwealth University.
              • On September 5, 2005, a 38
                year-old amateur photographer,
                Benjamin Fawley, killed Taylor
                Behl and dumped her unburied
                body in a shallow ravine near his
                ex-girlfriend‟s farm.
              • Behl met Fawley as a
                prospective student. She kept in
                contact with him through
                LiveJournal and Myspace.
       Long Range dangers of Social

• Government agencies, private employers, college
  admissions all now routinely go to sites like
  myspace, facebook, etc. and make judgments
  about the individual based on writings that were
  never thought of as personal information for these
• Be careful what you post -- think what your
  parents and future employer may think about it at
  some time in the future. Remember, the net never
       Why you should avoid sharing
       certain things on the Internet

• Burglars Said to Have Picked Houses Based on
  Facebook Updates (Sept. 2010):

• Diamond Ring Ad on Craigslist Leads to Murder
  (happened Spring 2010):
        Twitter Got Me Fired!!!

Sometimes the voice of youth is compelling
caution to other youths.
    MA Teacher Fired for Facebook

      Oct 2010 New York City Schools

• After a number of incidents between both male
  and female teachers and students involving
  Facebook postings that were sexual, lead to
  teachers being fired and/or arrested.
• NYC found it needed to define appropriate
  Facebook behavior because it had no policy.
           7 Deadly Sins of Social Networks

Spammers attacks in Social Networks:
  1. Dating spam – a personal message, often from a woman, to
  a male social network user inviting them to start a romantic
  relationship. Once contact is secured, this attack proceeds in
  much the same way as bride email scams;

  2. Profile and IM lures – spammers act as legitimate friends or
  potential new friends interested in getting to know the user in
  order to lure them to a fake profile page or Instant Messenger

  3. Redirection to inappropriate or dangerous websites – a
  message is sent to a user, warning them that photographs or
  rumors about them have been posted on an external site and
  urging them to go to the site to view;
           7 Deadly Sins (More)

4. Nigerian attacks – similarly to Nigerian 419 spam traditionally seen over
   email, social networking users are targeted with messages alerting them
   to a fake inheritance or access to a rich stranger’s fortune;

5. Fake jobs – sending personal messages or wall posts, spammers, posing
    as an employer, offer social network users fantastic job opportunities in
    order to spark conversation that will allow an avenue for further spam,
    phishing, malware or scams;

6. Competitor social network lure – invitations that seem to be from legitimate
    friends are sent to users via wall posts or personal messages urging them
    to visit virtually unknown social networking sites;

7. Religious based spam – spammers use social networking sites to preach
    to, and attempt to proselytize, users for various religions.
            Social Networking Sites Help Combat

  • Police dept. are using social nets to solve crimes,
    i.e. pictures and videos of the crimes. Teen beat
    downs, riots and in some cases serious crimes
    and gang behavior.
  • In Baltimore, police charged a student after her
    attack on a teacher was placed on a personal
    MySpace page.
  • In St. Paul, Minn., a woman was charged with
    vandalism after she posted pictures of her ex-
    boyfriend's ransacked apartment.

        Social Networking Sites Help Combat
        Crime (more)

• Amateur cyber sleuths like Tracie Edwards. When her
  15-year-old son was attacked by a local gang, Edwards
  tapped into MySpace. Starting with just one name, she
  followed an interlinking trail from one suspect to another.
• "I started typing in these names and boom," Edwards
  said. "Got my son in front of the computer and I was like,
  'Do you know this little boy? Do you know this boy?' And
  he was like 'this is the boy who did it.'"

• Eventually, five people were charged.
      Social Network and Crime

• Russell, Mathew A. “Mining the Social Web”,
  O’Reilly (2011).
• Timm, Carl “Seven deadliest social network
  attacks”, Elsevier (2010).
• Verton, Dan “The Hacker Diaries: Confessions
  of Teenage hackers”, McGraw-Hill/Osborne
     Chat Roulette
1.   Random chat encounters requiring the users
     have a web cam
2.   Can involve teenagers and adults who
     maybe naked or other in appropriate
3.   Created by a 17 old Russian and it has
     rapidly grown to 34 Million daily users
Crimes against commercial
and government web sites
and servers

• Denial of service
• Stealing credit card and other data
• Industrial espionage
• Blackmail and protection
       What are Denial of Service (DOS)

DoS attack
Short for denial-of-service attack, a type of attack
 on a network that is designed to bring the network
 to its knees by flooding it with useless traffic.
 Many DoS attacks, such as the Ping of Death and
 Teardrop attacks, exploit limitations in the TCP/IP
 protocols. For all known DoS attacks, there are
 software fixes that system administrators can
 install to limit the damage caused by the attacks.
 But, like viruses, new DoS attacks are constantly
 being dreamed up by hackers.

         What are Denial of Service Attacks?

 denial of service
 1. An attack on a computer system or network that causes a loss
 of service to users, typically the loss of network connectivity and
 services by consuming the bandwidth of the victim network or
 overloading the computational resources of the victim system.

  – Teardrop attack
      • The attacker floods the victim with improperly formatted packets.
  – Synflood Attack
      • The attacker simulates many users starting requests for data but not completing
        the request. The victim is stuck waiting for the attacker to complete the

        Distributed Denial Of Service (DDOS)
DDOS – Short for Distributed Denial of Service, it is an
  attack where multiple compromised systems (which are
  usually infected with a Trojan Horse) are used to target a
  single system causing a Denial of Service (DoS) attack.
  Victims of a DDoS attack consist of both the end
  targeted system and all systems maliciously used and
  controlled by the hacker in the distributed attack.
The DDOS normally has a primary infected computer
  called a master that infects the other computers called
  „slaves‟ or „zombies‟. The attacker then commands the
  computers to start sending useless messages to the
  targeted web site.

Stealing Credit Card and
other data from
Corporations and

   Gaining access to information of a
   personal or sensitive nature from
   government, private industry,
   hospitals, etc. is almost too easy
       Loss of data through poor process

• Credit card and similar data has been
  compromised through human error and/or failure
  to create a secure process or method to store or
  transmit data, e.g. Dana Farber sends patient
  data to the wrong fax number.
• Failure to screen personnel for character or
  criminal background.
• Failure to train All the personnel in need for
  security and secure processes.
        Attacking the vast amount of
        information distributed thought out
        the organization
• The advent of laptops and multi-GB portable storage
  devices create an environment for disclosure of
  thousands if not millions of credit card and social security
  numbers and other person record files.
• Government and private industry laptops stolen or lost at
  airports, etc. that contain unsecured (unencrypted)
  personal records have resulted in massive identity thefts,
  and/or corporate sensitive or government classified
• Internet rings sell the data to credit card and document
  forgers who in turn sell them to the criminal who uses the
  credit card or ID.
• The crimes may involve fraud, illegal aliens, terrorists,
         Hacking the corporate databases

Over the last decade the corporation has begun acquiring
    millions of bytes on each and everyone of us – this is done
    in numerous ways:
   1. So called loyalty cards (those pieces of plastic that hang off
       your key chain).
   2. Credit card purchases and retail store charge cards which
       can be used to expose your SSN, driver‟s license, etc.
   3. Internet e-commerce application including tracking cookies,
•   This massive amount of personal data leads to data mining and
    other marketing techniques to target individual groups with
    specific ads and products.
•   Increasingly these massive data sources are tempting
    targets for sophisticated hacker gangs and making the
    acquiring and storage of this data a massive liability for the
•   These gangs use the Internet to carry out their attacks and
    often do it from sites that make prosecution difficult if not
              Hacking Corporate Data

Material Source:
           The TJX Corp. -- A cautionary tale

• TJX is a local firm that includes Marshalls, TJ Maxx, etc.
  announced in Jan, 2007 that its 45 Million customers
  credit cards and personal data (SNN, drivers lic., etc)
  had been compromised over a two year period.
• This theft of information has caused banks to issue new
  credit and debit cards to these customers and have
  resulted in lawsuits and goodwill losses to TJX that will
  cost $B.
• It is estimated that it cost the banks $300M to replace the
  cards and TJX estimates $20M in fraudulent charges.

Material Source:
      How did it happen?
• WSJ reports that the source of the theft was a
  wireless hack in Minn.
• Wireless networks entered retail store IT in 2000.
• Wireless Equivalent Privacy (WEP) security
  encryption was replaced when security experts
  breached several retail chains.
• WI-FI Protected Access (WAP) is a more complex
  encryption adopted by some retailers but only slowly
  by TJX
• Hand held devices used in pricing and inventory
  control that communicate to store computers were
• Once the codes were broken the hackers advanced
  to attacking the headquarters computer databases
  (Framingham MA) by capturing employee userids
  and passwords.
       The Hackers

• The so called, “Bonny and Clyde”, hackers break
  in with a quick attack and often leave clues and
  other artifacts behind that signal the their
• TJX was the hallmark of Russian and eastern
  European gangs that scout for the weakest link in
  the security and with careful planning attack it.
       How did work?

• Based on some recent arrests it appears that an eastern
  European gang penetrated TJX and then bundled the
  credit card data and personal data into 10,000 IDs and
  then sold them over the Internet.
• Gangs who purchased the data such as happened in
  Florida then created credit cards and IDs and used them
  to purchase gift cards and other expensive items.
• One woman found her Bank of Am card with $45,000 in
  fraudulent charges (repeated $450 gift card purchases).
The Second Act

It is said that in America there are no
second acts. But recently the gang
that brought you TJX is accused of a
new theft involving over 130 M credit
and debit cards.
        Albert Gonzales

• Albert Gonzalez, a Miami hacker who once
  worked as a government mole tracking down
  identity thieves, is accused of playing a critical
  role in all the largest credit-card heists on record.
• He was previously charged in other computer
  break-ins, most significantly at TJX Cos., the
  chain that owns discount retailers T.J. Maxx and
  Marshalls, in which as many as 100 million
  accounts were lifted.

       Summer 2009 -- The Second Act

Justice Department says he helped steal:
• 130 million card numbers from payment
  processor Heartland Payment Systems,
• 4.2 million card numbers from East Coast grocery
  chain Hannaford Bros. and
• An undetermined number of cards from 7-Eleven.
Gonzalez is in jail and awaiting trial in New York for
  allegedly helping to hack the computer network of
  the Dave and Buster's restaurant chain.
       The Awful Bad News

• The underlying security holes mined by the
  hackers still exist in many payment networks.
• The fact that hundreds of millions of card
  numbers could be stolen from retailers illustrates
  the flaws in a payment system that's built more for
  speed than security.
• Gonzalez and his associates exploited
  vulnerabilities that remain widespread.
      Prosecution of Hackers outside US is

• Ori Eisen, founder of Scottsdale, Ariz.-based
  security firm 41st Parameter and previously
  worldwide fraud director for American Express,
  noted that Gonzalez is "most likely not the
• The kingpin would not risk being in the United
  States. They operate out of the Ukraine or
  Russia, and they're former militants or ex-KGB
  who know their way around just enough not to get
      Privacy and Security References

• Holtzman, D,“Privacy lost : how technology is
  endangering your privacy”, Jossey-Bass,
The Internet and the law
Dark side of the Internet
and the law
        CAN SPAM Law of 2003

CAN-SPAM Act of 2003 (Pub. L. 108-187, S. 877)
• The Controlling the Assault of Non-Solicited
  Pornography and Marketing Act requires unsolicited
  commercial e-mail messages to be labeled (though not
  by a standard method) and to include opt-out instructions
  and the sender's physical address. It prohibits the use of
  deceptive subject lines and false headers in such
  messages. The FTC is authorized (but not required) to
  establish a "do-not-email" registry. State laws that
  require labels on unsolicited commercial e-mail or
  prohibit such messages entirely are pre-empted,
  although provisions merely addressing falsity and
  deception would remain in place. The CAN-SPAM Act
  took effect on January 1, 2004.
                    Cyber-Warfare uses computers and the
                    Internet to wage war. This mode of
                    warfare is being used in hot and cold wars
                    as well as by both sides of in the war on

Source for Cyber Warfare :
           An Electronic Pearl Harbor

   “It may even be unclear what constitutes an act of
   war. If U.S. satellites suddenly go blind and the
   telephone network on the eastern seaboard goes
   down, it is possible that the United States could
   not even identify the enemy. Its strategic stockpile
   of weapons would be of little use. There would be
   no big factory to bomb -- only a person
   somewhere writing software. The possibility of an
   electronic Pearl Harbor has sparked a debate on
   how to counter the threat.”
Source: “Bits, bytes, and diplomacy” Walter Wriston (Foreign Affairs, Sept-Oct 1997
v76 n5 p172(11)
         Types of attacks
There are several methods of attack in cyber-warfare, this list is
  ranked in order of mildest to most severe.
• Web vandalism: Attacks that deface webpages, or denial-of-
  service attacks. This is normally swiftly combated and of little
• Propaganda: Political messages can be spread through or to
  anyone with access to the internet.
• Gathering data. Classified information that is not handled
  securely can be intercepted and even modified, making espionage
  possible from the other side of the world.
• Denial-of-Service Attacks: Large numbers of computers in one
  country launch a DoS attack against systems in another country.
• Equipment disruption: Military activities that use computers and
  satellites for co-ordination are at risk from this type of attack.
  Orders and communications can be intercepted or replaced,
  putting soldiers at risk.
• Attacking critical infrastructure: Power, water, fuel,
  communications, commercial and transportation are all vulnerable
  to a cyber attack
        Cyber-Warfare -- Major Powers

• September, 2007 the Pentagon and several European
  organizations reported penetration by hackers from
  China reported to be Peoples Liberation Army (PLA).
  In diplomatic meetings with Germany, Great Britain,
  and the US, China claimed that it was not
  responsible for the attacks.
• The US has been under attack by Chinese and
  Russian hackers for the last several years for details
   – Titan Rain --, and
   – Moonlight Maze --
            Eligible Receiver

 • Eligible Receiver, code name of a 1997 internal exercise
   initiated by the Department of Defense.
 • A "red team" of hackers from the National Security
   Agency (NSA) was organized to infiltrate the Pentagon
 • The red team was only allowed to use publicly available
   computer equipment and hacking software.
 • Although many details about Eligible Receiver are still
   classified, it is known that the red team was able to
   infiltrate and take control of the Pacific command center
   computers, as well as power grids and 911 systems in
   nine major U.S. cities.

          Moonlight Maze

• Moonlight Maze refers to a highly classified incident in which U.S.
  officials accidentally discovered a pattern of probing of computer
  systems at the Pentagon, NASA, Energy Department, private
  universities, and research labs.
• It began in March 1998 and had been going on for nearly two
• The invaders were systematically marauding through tens of
  thousands of files -- including maps of military installations, troop
  configurations and military hardware designs.
• The Defense Department traced the trail back to a mainframe
  computer in the former Soviet Union but the sponsor of the attacks
  is unknown and Russia denies any involvement.

       Titan Rain

• In 2005 a cyber attack, code named, Titan Rain
  was exposed. It was targeted at military and
  secret government sites world wide.
• Using computer forensics techniques and hacking
  into the offending systems, Shawn Carpenter was
  able to use the compromised systems against
  themselves and find the actual origin of the
  attacks. Doing things that official government
  agents could not, he determined that the root of
  the attacks was inside China.

       Estonia -- Perhaps the First 21st
       Century Cyber-Warfare Attack

• May 17, 2007 saw a Distributed Denial of Service
  (DDOS) attack on Estonia.
• Prior to the attack the Estonian government
  removed the "Bronze Soldier", a Russian war
  monument from the center of Tallinn to a
• The DDOS attacks were aimed at the banking,
  government, and major economic uses of the
• The Estonian government blamed the Russian
  government for the attack
       The Estonia DDOS Attack

• The attacks whether organized by or sanctioned
  by the Russian government drew the attention
  and assistance of the US, NATO, and European
• The attack is thought to involve rented networks
  of zombie computers and millions of other
  computers infected with a bot program to attack
  fundamental institutions of the Estonian
  government and economy.
       China Presents Unique Resources

• High Tech and skilled programmers
• As the manufacturer of computer hardware,
  software, and other critical electronic components
  that could have Trojan horse and other programs
  that would be difficult to detect and remove.
• A Chinese general has stated that China would
  attack the US communication and electrical
  networks before starting an attack.
       United States Reorganizes the

• On Sept. 18, 2007 the United States Air Force
  announced the creation of a Cyber Command.
• One of the problems has been that military people
  did not perceive the threat in manner as real war,
  i.e. – “Software does not kill, bullets do”.
President Obama creates a cyber
security czar 5/29/2009
                       Attacking the Critical
                      The US has not been an agrarian society
                      for two centuries, and in the 21st century
                      we now are highly dependent on an inter-
                      connected system of networks for the
                      goods and services that sustain us.

Includes slides from:
The Nation’s Infrastructure is a
Complex “System of Systems”
          • Infrastructure
            The framework of interdependent
             networks and systems that
             provides a continual flow of goods
             and services essential to the
             defense and economic security of
             the United States

          • Critical National
            Infrastructures that are deemed to
              be so vital that their incapacity or
              destruction would have a
              debilitating regional or national
              impact or would severely disrupt
              the behavior and activities of large
              numbers of people who depend
              upon the infrastructure
    The National Infrastructure Protection Plan
    defines 17 Sectors and Key Resources

• Agriculture & Food        •   Postal & Shipping
• Banking and Finance       •   Public Health
• Chemical & Hazardous      •   Transportation
  Materials Industry        •   Water
• Defense Industrial        •   National Monuments
  Base                          and Icons
• Energy                    •   Commercial Assets
• Emergency Services        •   Government Facilities
• Information               •   Dams
  Technology                •   Nuclear Power Plants
• Telecommunications
         Most of the U.S. Infrastructure is privately owned
        U.S. Critical Infrastructure
        Protection Challenge
• 1,912,000 Farms               • 5,000 public airports
• 87,000 food-processing        • 120,000 miles of major
  plants                          railroads
• 5,800 registered hospitals    • 590,000 highway bridges
• 87,000 emergency services     • 2,000,000 miles of pipelines
  entities                      • 500 urban public transit
• 2 billion miles of telecomm     systems
  cable                         • 26,600 banks & financial
• 2,800 electric power plants     institutions
• 104 commercial nuclear        • 66,000 chemical plants
  power plants                  • 80,000 dams
• 300,000 oil and natural gas   • 3,000 federal government
  sites                           facilities
• 460 skyscrapers               • …
• …
         The threat is real!

• Unstructured adversaries
   – Cracker, hacker, script-kiddie
   – Competitors
   – Criminals
• Structured adversaries
   – Terrorists, hactivists (hacker-activist)
   – Organized crime                   Three levels of “Terrorist”
   – Foreign nations                   • Independent
• Insiders                             • Supported
   – Witting                           • Foreign agent
   – Unwitting
   – Half-witting (You can’t fix “stupid”)

A “System of Systems” Perspective Is Needed for
   Analyzing Infrastructure Interdependencies

     Oil                               tation

                Electric              Gas


                       Types of Threats / Means of Attack

  Nuclear Weapon/Explosive
Radiological Dispersal Device
  Biological Weapon/Material
  Chemical Weapon/Material              Complex Interdependencies
      Conventional Explosive
               Physical Force
                Cyber Means
           Emerging Threats
                            …                                   “Targets”
                            Prevent Attacks                 Vulnerabilities

                       Reduce Vulnerability

                  Minimize Damage & Recover
     Homeland Security
     Strategic Objectives
       Attacking the nation’s networks

• While DDoS can be used to attack government
  and economic sites it is not a long term crippling
• Attacking the communication, energy (pipelines),
  and transportation networks can provide
  devastating damage to the economy, crippling to
  the military, and demoralizing to the population.
• Supervisory Control and Data Acquisition
  (SCADA) system is the Achilles' heel of the above
           SCADA attacks

• SCADA was designed for automated plant
  process control. Its original design did not
  envision its use over the Internet and/or security.
• SCADA was adopted by electrical grids, pipelines,
  and transportation networks.

         Proof of SCADA attack concept

• The Idaho National
  Laboratory prepared the
  demonstration, in March
  2007,for the U.S.
  Department of Homeland
  Security (DHS).
• The simulated attack took
  advantage of a known
  SCADA software
  vulnerability and showed
  how a motor-generator
  could be driven into                   Photo is from a video of the SCADA
                                         attack. Video Is no longer on the web.
Stuxnet first SCADA

New computer worm, 2009-2010, has appeared
that attacks industrial networks and plants. The
worm is called Stuxnet
It attacks the Windows 7 operating system and
Siemens industrial control and SCADA software
such that the found in pipeline, power networks,
       Stuxnet is sophisticated and appears
       expensive to develop

• It is claimed that the level of effort and the
  sophistication of the worm indicate that only a well
  financed and motivated professional group could
  have created it. Siemens reports that at least 4
  industrial sites in Germany and many other places
  in the world have been attacked by the worm. The
  worm has been around for a year (2010) and both
  Microsoft and Siemens claim to have patches for
  the worm.
          How does Stuxnet work?

Langner, one of the first experts to report on Stuxnet states:
• "Langner's analysis also shows, step by step, what happens after
  Stuxnet finds its target. Once Stuxnet identifies the critical function
  running on a programmable logic controller, or PLC, made by
  Siemens, the giant industrial controls company, the malware takes
  control. One of the last codes Stuxnet sends is an enigmatic
  “DEADF007.” Then the fireworks begin, although the precise
  function being overridden is not known, Langner says. It may be
  that the maximum safety setting for RPMs on a turbine is
  overridden, or that lubrication is shut off, or some other vital
  function shut down. Whatever it is, Stuxnet overrides it, Langner’s
  analysis shows. "
       How does Stuxnet work? - a more
       detailed analysis

• This detailed analysis is included for purposes of
  pointing the technical programmer to a more
  through review of the code. See

Source: Provided by Prof J.Veranas.
What might have been the Stuxnet
      Stuxnet References

• NYT links Iran worm to bible
• Stuxnet 'cyber superweapon' moves to China
     More Technical Information

SCADA Security:
• SCADA Tutorial
• Hackers Target U.S. Power Grid
• Staged Attack Causes Generator to Self-Destruct
              The Boden Incident

•   Nov. 2001 – Sewage release into
    river, Queensland, Australia
     In November 2001, 49-year-old Vitek Boden
         was sentenced to two years in prison for
         using the Internet, a wireless radio and
         stolen control software to release up to 1
         million liters of sewage into the river and
         coastal waters of Maroochydore in
         Queensland, Australia.

     Boden, who had been a consultant on the
        water project, conducted the attack in
        March 2000 after he was refused a full-
        time job with the Maroochy Shire
        government. He had attempted to gain
        access to the system 45 times, and his
        last attempt proved successful, allowing
        allowed him to release raw sewage into
        the waterways.                                 Maroochy Shire
     Source: CNET – August 26, 2002               Australia
                SCADA attack using Google Search

•   "You can make it do anything you want it to
    do," Pollet, founder and principal consultant at
    Red Tiger Security said. "If that RTU or PLC
    has large motors connected to it, pumping out
    water or chemicals, the equipment could be
    turned off. If it was a substation and the
    power recloser switches were closed, we
    could break it open and create an (electricity)    Tom Parker, chief technology officer at
    outage for an entire area or city...The bottom
    line is you could cause physical damage to         FusionX, explaining in detail how
    whatever is connected to that PLC."                SCADA systems are controlled.
•   To know exactly what to search for on the
    Internet, the researchers bought a PLC with
    an embedded Web server that had an
                                                       (Credit: Seth Rosenblatt/CNET   )
    identifying string of characters associated
    with the hardware and then typed that
    information into Google, according to Pollet.
    Read more:
Some Infrastructure failure
examples (not due to
To show the extent of the danger in
Infrastructure Attacks we cite some
incidents thought to be due to equipment
or human failure or due to natural
The Bellingham WA June 10, 1999
Gasoline Pipeline Rupture and Fire…
El Paso Natural Gas 30” Pipeline Rupture and Fire Near Carlsbad
NM, August 19, 2000
          The Boden Incident Wasn’t Unusual…
          Wireless Network Porosity Is Common
• „Paul Blomgren […] measures control system vulnerabilities. Last
  year, his company assessed a large southwestern utility that
  serves about four million customers.“ Our people drove to a
  remote substation," he recalled. "Without leaving their vehicle,
  they noticed a wireless network antenna. They plugged in their
  wireless LAN cards, fired up their notebook computers, and
  connected to the system within five minutes because it wasn't
  using passwords. […] Within 15 minutes, they mapped every
  piece of equipment in the operational control network. Within 20
  minutes, they were talking to the business network and had
  pulled off several business reports.‟
Hacking and Political
 Hacking and Political
 Activism now called
Within the last ten years inspired by social
networks and mobile devices and their
successful use in political campaigns has
lead to what is called Hackivism.
Cyber Warriors
         Cyber Warrior – Richard A. Clarke

• Richard A. Clarke served 4
  presidents. A highly
  controversial figure with over
  30 years in anti- terrorism.
• He was the head of counter-
  terrorism under Clinton and
  was carried over to George W.
• He was outspoken on cyber-
  terrorism in the 90‟s.
• He left government after 9-11
  and has been highly critical of
  the Bush administration.
         Cyber Warrior -- Shawn Carpenter

• Shawn worked on tracking
  down the Chinese connection
  to the Titan Rain.
• He hunted them despite being
  pulled off the trail by his
  government lab employer and
  he eventually got fired. The
  FBI used him and encouraged
  him to track but later turned on
• The Chinese did not
  cooperate as is normal for
  private hackers.
• The red tape showed the
  difficulty of counter-

         Cyber Warfare/Terrorism References
• Alexander, Y and Swetnam, M, “Cyber Terrorism and
  Information Warfare: Threats and Responses” Transnational
  Pub, Inc. (2001)
• Branigan, S. , “High-Tech Crimes Revealed”, Addison Wesley,
• Chirillo, J., “Hack Attacks Encyclopedia”, John Wiley, (2001).
• Clarke, R. A., “Against All Enemies”, Thorndike Press, (2004).
• Clarke, R. A.& Knake,R.K., “Cyber War, The Next Threat to
  National Security and What to do about It”, Harper Collins,
• Morozov, E. “The Net Delusion, The Dark side of Internet
  Freedom”, Public Affairs Press (2011).
• Singer, P.W. “Wired for War, the Robotic Revolution and
  Conflict in the 21st Century” (2005), Penquin Press.
• Verton, D, “Black Ice The Invisible Threat of Cyber-terrorism”,
  McGraw Hill, (2003).
• Weimann, G, “Terror on the Internet”, United States Institute of
  Peace Press, (2006).
• Winkler, I., “Spies Among Us”, Wiley, (2005).

The term hacker goes back to early days
of computers and originated with a group
of computer students at MIT
    Who are hackers?

1. A computer expert
2. A person that intentionally circumvents
computer security systems (more often used by
the media)

• Hackers were originally those people with intense
  interest and computer skills.
• Hackers are now people who use their computer
  skills to break into secure computer sites, disrupt
  Internet communications, steal information, etc.
• In the early days of the transition hackers were
  sort of seen as teenage (mostly male) geeks who
  broke into sites and looked around.
• The world became less tolerant as the costs rose
  rapidly and the behavior is now seen as the work
  of terrorists and criminals.
        Cracker or Black Hat

• For other uses, see Black hat (disambiguation).
• A black hat is a person who compromises the security of
  a computer system without permission from an
  authorized party, typically with malicious intent. The term
  white hat is used for a person who is ethically opposed to
  the abuse of computer systems, but is frequently no less
• The term cracker was coined by Richard Stallman to
  provide an alternative to using the existing word hacker
  for this meaning.[1] The somewhat similar activity of
  defeating copy prevention devices in software which may
  or may not be legal in a country's laws is actually
  software cracking.

       Script Kiddie

• In hacker culture, a script kiddie (occasionally
  script bunny, skidie, script kitty, script-running
  juvenile (SRJ), or similar) is a derogatory term
  used for an inexperienced malicious cracker who
  uses programs developed by others to attack
  computer systems, and deface websites. It is
  generally assumed that script kiddies are kids
  who lack the ability to write sophisticated hacking
  programs on their own,[1] and that their objective
  is to try to impress their friends or gain credit in
  underground cracker communities.[1]
           What is phone phreaking?

Phone Phreaks
• The ``phone phreak'' (phreak for short) is a specific breed of hacker. A phreak is
  someone who displays most of the characteristics of a hacker, but also has a
  specific interest in the phone system and the systems that support its
  operations. Additionally, most of the machines on the Internet, itself a piece of
  the Public Switched Network, are linked together through dedicated, commercial
  phone lines. A talented phreak is a threat to not only the phone system, but to
  the computer networks it supports.
• There are two advantages of attacking systems through the phone system. The
  first advantage is that, phone system attack are hard to trace. It is possible to
  make connections through multiple switching units or to use unlisted or unused
  phone numbers to confound a tracing effort. Also by being in the phone system,
  it is sometimes possible to monitor the phone company to see if a trace is
• The second advantage to using the phone system is that a sophisticated host
  machine is not needed to originate an attack nor is direct access to the network
  to which the target system is attached. A simple dumb terminal connected to a
  modem can be used to initiate an attack. Often, an attack consists of several
  hops, a procedure whereby one system is broken into and from that system
  another system is broken into, etc. This again makes tracing more difficult.

 Infamous Hackers
A Rogues Gallery of Hackers along with the damage to
private industry, society, and government.
           Stanley Mark Rifkin (Social Engineer)

•   Rifkin in 1978 pulled off one of the   Footnote –
    largest bank thefts ever. Using        Rifkin returned to the US and
    social engineering to get bank         believing that the diamonds could
    information and codes he               be sold at a profit attempted to sell
    transferred $10.2 M from the           them to local jewelry outlets for
    Security Pacific Bank in LA to a       $13.2M. Working on a tip he was
    Swiss bank account and then            turned in.
    converted the funds to $8.2 M          The bank after the trial believed that
    worth of Russian commercial            it could now sell the diamonds at a
    diamonds.                              profit via auction. After a year of
                                           trying the bank sold them at greatly
                                           less than the original price.

                                           Lesson – DIAMONDS are greatly over
                                           inflated in value and are a classic
                                           example of social engineering. Their
                                           value as an investment is highly
John Draper (a.k.a Cap’n Crunch)

             • Used a Cap‟n Crunch toy
               whistle to make unlimited
               free payphone calls.
             • The whistle, unbeknownst
               to General Mills (the
               manufacturer of Cap‟n
               Crunch) created a 2600
               Hz tone.
             • This frequency was the
               same used by phone
               technicians to test
               payphones and make free
               phone calls.
Ian Murphy
             • Changed the internal
               clocks at AT&T.
             • Impact: Phone bills
               were universally
               incorrect. Late night
               discounts were given
               to daytime users and
               late night users were
               subject to high bills.
             • First hacker to go to
             • Inspired the movie,
        Robert Morris

                        • Son of chief scientist at the
                          National Security Agency
                        • In 1988, he wrote the first
                          worm that was released to
                          the public.
                        • He claimed he was trying
                          to determine the size of the
                        • Affected 6,000 systems
                        • 3 yrs probation
                        • 400 hours of community
                        • Fined $10,400.
Erik Bloodaxe (a.k.a. Chris Goggans)

               • Member of Legion of
               • Texas Hacker
               • Starts feud with
                 Masters of Deception.
               • Two year hacker war
               • Telephone systems
                 and credit cards are
                 the victims.
Vladimir Levin

                 • Hacked Citibank
                 • Stole $10 – 12 million
                 • Arrested in 1995.
                 • Fought extradition for
                   two years
                 • 3 yrs in prison
                 • Had to return $240,015
                   to Citibank
David L. Smith

             • Creator of “Melissa”
             • The Melissa virus was
               named after a stripper
               and was send as an
               email attachment.
             • Caught by hard work
               and luck
Ehud Tenebaum

           • 18-year-old Israeli who
             created "the most
             organized and
             systematic attack the
             Pentagon has seen to
Kevin Mitnick

                • Hacked
                   – PACBell
                   – The Pentagon
                   – North American Air Defense
                   – MCI
                   – Digital Equipment Co.
                   – Nokia
                   – Motorola
                   – Novell
                   – Fujitsu
                   – NEC
                   – Sun
                • Prison Term: 5 yrs.
                • Fines: $4,000
                • Not allowed to touch a
                  computer for three years
Kevin Mitnick
                                   • After being convicted and
                                     serving 4 yrs., he became a
                                     security professional.
                                   • While the media portrayed him
                                     as a computer genius, he
                                     exploited human weakness
                                     through social engineering for
                                     his exploits
                                   • See “Art of Deception” by K.D.
                                     Mitnick & Wm. L. Simon, Wily
                                     (2002). A compendium of
                                     cons for getting information
                                     including private,
                                     governmental, and corporate
                                     data and ways to prevent

Shown at Los Vegas Def Con selling his services as a security professional
          Hao Jinglong and Hao Jingwen

                                                • Hacked
                                                     – Commercial Bank
                                                       of China in 1999
                                                • Stole: $87,000
                                                • Hao Jinglong
                                                     – Prison Term: Life
                                                • Hao Jingwen
                                                     – Death Penalty

Reomel Lamores

           • Author of the Love Bug
           • Damage caused to
             businesses estimated
             at over $100 million
           • Prison term: None
           • Fine: $0
           • Hacking is not a crime
             in the Phillipines
Adrian Lamo

              • Homeless hacker who
                only performs intrusion
                analysis for free for large
              • Hacked into
                 –   MCI WorldCom
                 –   New York Times Co.
                 –   Microsoft
                 –   AOL Time Warner
                 –   CSC
                 –   NBC
              • NYT pressed charges
                against him.
              • 1 year home probation.
           The Worcester Phreaker

Caused computer crash that
disabled Massachusetts airport
March 18, 1998                           •   On March 10, 1997, the unidentified
Web posted at: 10:40 p.m. EST (0340          hacker broke into a Bell Atlantic
GMT) BOSTON (CNN) -- A                       computer system, causing a crash
Massachusetts teen hacker who                that disabled the phone system at
disabled communications to the air           the airport for six hours.
traffic control tower at the Worcester,  •   The crash of the switch knocked out
Massachusetts, airport in 1997 has           phone service at the control tower,
become the first juvenile charged in         airport security, the airport fire
federal court with computer hacking.         department, the weather service,
The boy, whose age, identity and             and carriers that use the airport.
hometown have not been disclosed,            Also, the tower's main radio
has agreed to plead guilty in return for     transmitter and another transmitter
two years probation, a fine and              that activates runway lights were
community service, according to              shut down, as well as a printer that
documents released Wednesday by the          controllers use to monitor flight
U.S. Department of Justice.                  progress.

            Super Hacker

•   Gary Mc Kinnon, is alleged to have
    hacked over 90 U.S. military
    computers and NASA before and
    after 9/11
•   Looking for existence of UFOs and
    to prove inadequacies in US
•   He supposedly stole 950 passwords
    from one military system and
    prevented naval email traffic being
    routed across the internet for a
•   The US investigation was carried out
    with the aid of the UK's national hi-
    tech crime unit.
•   He eventually could face a total of
    up to 70 years in a US jail.

          The criminal hacker as entrepreneur

• Jeanson James Ancheta, who prosecutors said was a well-known
  member of the "Botmaster Underground" -- a secret network of
  hackers skilled in "bot" attacks -- was arrested in November in
  what prosecutors said was the first such case of its kind.
• "He hijacked somewhere in the area of half a million computer
  systems. This not only affected computers like the one in your
  home, but it allowed him and others to orchestrate large scale
• Prosecutors say the case was unique because Ancheta was
  accused of profiting from his attacks by selling access to his "bot
  nets" to other hackers and planting adware, software that causes
  advertisements to pop up, into infected computers.
• He agreed to pay some $15,000 in restitution to the military
  facilities and forfeit the proceeds of his illicit activities, including
  more than $60,000 in cash, a BMW automobile and computer
Source: 'Botmaster' pleads guilty to computer crimes
Tue Jan 24, 2006 8:53 AM ET, Reuters
Emulex Corporation

            •   August 25, 2000 the media reported
                that Emulex was under investigation
                by the Securities and Exchange
                Commission for accounting fraud. In
                response to the investigation, the
                media further reported, the CEO
                would be stepping down.
            •   Within hours, Emulex had lost 62% of
                its value or $2.2 billion in market
            •   By the end of the day, it was
                discovered that it was a hoax.
            •   Within a week, it was tracked to a
                community college student name
                Mark Jacob.
            •   Jakob had made over $250,000 by
                shorting the stock.
            •   Prison term: 3 yrs. 8 mos.
            •   Fine: Forfeit all profits and $103,000
                in punitive fines.
The Good Guys who track
the hackers down
      Cyber Crime Reference

• While the current presentation is extensive the
  following is recommended for any one looking for
  a presentation that was designed for law school
  student, IT, or criminal justice and includes
  extensive and current cases.
         Clifford (Cliff) Stoll

• Astronomer and systems
• Tracked down, Markus Hess,
  a German hacker working for
  the KGB attacking and spying
  on government sites.
• Wrote a book about his
  exploits, The Cuckoo's Egg:
  Tracking a Spy Through the
  Maze of Computer Espionage
       Hacker Trackers

• Kevin Mitnick was tracked
  down in part by Tsutomu
• See “Take Down”, T.
  Shimomura & J. Markoff,
  Hyperion Press, (1996).

• Verton, D “The Hacker Diaries, Confessions of
  Teen Age Hackers”, (2002), McGraw Hill
    The Tools of Hackers
Soft tech tools -- social engineering uses
deception and hard work.

High tech tools are often developed by
systems administrators to test and explore
their networks and computer assets for holes
and exploits. These same tools are in turn
used by the hacker for break-ins and exploits.
          Techniques for obtaining
Low Tech – Social Engineering
• stealing mail or rummaging through rubbish
  (dumpster diving)
• eavesdropping on public transactions to
  obtain personal data (shoulder surfing)
• Obtaining castings of fingers for falsifying
  fingerprint identification

Social Engineering
While the media portrays the hacker as a
super smart geek, in fact many of the best
“hackers” use social engineering to
accomplish their criminal acts.
             Social Engineering
    In the field of computer security, social engineering is the
    practice of obtaining confidential information by
    manipulation of legitimate users.
    A social engineer will commonly use the telephone or
    Internet to trick people into revealing sensitive information
    or getting them to do something that is against typical

    By this method, social engineers exploit the natural
    tendency of a person to trust his or her word, rather than
    exploiting computer security holes.
    It is generally agreed upon that “users are the weak link” in
    security and this principle is what makes social engineering
        The High Tech Hacker

High Tech – Internet Approaches
• Stealing personal information in computer databases
  [Trojan horses, hacking]
• infiltration of organizations that store large amounts of
  personal information
• Impersonating a trusted organization in an electronic
  communication (phishing) .
• Spam (electronic): Some, if not all spam requires you to
  respond to alleged contests, enter into "Good Deals",
• Browsing social network (MySpace, Facebook, Bebo etc)
  sites, online for personal details that have been posted
  by users in public domains.
The Dark Side of Google

Using the advance search features
to find private individual‟s private and
other confidential information
         Intro to Google Hacking

 • "Google Hacking” is the use of Google‟s data stores for
   naughty things.
 • Makes extensive use of the advanced Google syntaxes.
 • Is trivially easy to do and is rather trendy.
 • An excellent guide to get up to speed on the techniques of
   "Google Hacking” is the O'reily book Google Hacks by Tara
   Calishain. Makes extensive use of the advanced Google
 • Is trivially easy to do and is rather trendy.
 • An excellent guide to get up to speed on the techniques of
   "Google Hacking” is the O'reily book Google Hacks by Tara

An Invitation to Data Mining
             Google Hacking

                  University of Sunderland
                    Harry R Erwin, PhD
                    Peter Dunne, PhD

Section taken from web posted by Erwin

•   Web Search
•   Newsgroups
•   Images
•   Preferences
•   Language Tools
       Google Queries

• Non-case sensitive
• * in a query stands for a word
• „.‟ in a query is a single character wildcard
• Automatic stemming
• Ten-word limit
• AND (+) is assumed, OR (|) and NOT (-) must be
• “” for a phrase
       More Queries

• You can control the language of the pages and
  the language of the reports
• You can restrict the search to specific countries
(google tricks) how to download files
from google!
             Controlling Searches

•   Intitle, allintitle    •   Related
•   Inurl, allinurl        •   Phonebook
•   Filetype               •   Rphonebook
•   Allintext              •   Bphonebook
•   Site                   •   Author
•   Link                   •   Group
•   Inanchor               •   Msgid
•   Daterange              •   Insubject
•   Cache                  •   Stocks
•   Info                   •   Define
       Controlling Searches (II)

• These operators can be used to restrict searches.
• To restrict the search to the university:
• Or to search for seventh moon merlot in the uk:
  “seventh moon” merlot site:uk
          Typical Filetypes

•   Pdf
•   Ps
•   Xls
•   Ppt
•   Doc
•   Rtf
•   Txt
       Why Google

• You access Google, not the original website.
• Most crackers access any site, even Google via a
  proxy server.
• Why? If you access the cached web page and it
  contains images, you will get the images from the
  original site.
          Directory Listings

•   Search for intitle:index.of
•   Or intitle:index.of “parent directory”
•   Or intitle:index.of name size
•   Or intitle:index.of inurl:admin
•   Or intitle:index.of filename
•   This can then lead to a directory traversal
•   Look for filetype:bak, too, particularly if you want to
    expose sql data generated on the fly
        Commonly Available Sensitive
•   HR files
•   Helpdesk files
•   Job listings
•   Company information
•   Employee names
•   Personal websites and blogs
•   E-mail and e-mail addresses
Google Hacking Examples

Examples showing how to use the
previous ideas
Download eBooks with Google
Basic Google Hacks
       Network Mapping

• Site:domain name
• Site crawling, particularly by indicating negative
  searches for known domains
• Lynx is convenient if you want lots of hits:
  – lynx -dump “\
  – q=site:name+-knownsite&num=100” >\
  – test.html
• Or use a Perl script with the Google API
       Link Mapping

• Explore the target site to see what it links to. The
  owners of the linked sites may be trusted and yet
  have weak security.
• The link operator supports this kind of search.
• Also check the newsgroups for questions from
  people at the organization.
       Web-Enabled Network Devices

• The Google webspider often encounters web-
  enabled devices. These allow an administrator to
  query their status or manage their configuration
  using a web browser.
• You may also be able to access network statistics
  this way.
       Searches to Worry About

• Site:                       • Admin|administrator
• Intitle:index.of            • -ext:html -ext:htm     -
• Error|warning                 ext:shtml -ext:asp     -
• Login|logon                   ext:php
• Username|userid|employ      • Inurl:temp|inurl:tmp|
  ee.ID| “your username is”     inurl:backup|inurl:bak
• Password|passcode|          • Intranet|help.desk
  “your password is”
       Protecting Yourselves

• Solid security policy
• Public web servers are Public!
• Disable directory listings
• Block crawlers with robots.txt
• NOSNIPPET is similar.
      More Protection

• Passwords
• Delete anything you don‟t need from the standard
  webserver configuration
• Keep your system patched.
• Hack yourself
• If sensitive data gets into Google, use the URL
  removal tools to delete it.
Youtube Google Hacks 2.0
       Google Hacks for Web cams

• One trick to find and search for open unprotected
  Internet webcams that broadcast to the web, is by
  using the following query:
• inurl:/view.shtml
• or
• intitle:”Live View / – AXIS” | inurl:view/view.shtml^

  Source: Unknown web page
       More patterns for finding web cams

• If you know the unique pattern of URL or link, or
  title pattern that other manufacturers‟ webcams‟
  or IP network cameras‟ software used, you can
  also easily locate and crack those unprotected
  that are released or leaked to the public Internet
  insecure cameras or webcams by using Google.
  inurl:axis-cgi/mjpg (motion-JPEG)
      More patterns for finding web cams

• inurl:view/indexFrame.shtml
  intitle:”live view” intitle:axis
  allintitle:”Network Camera NetworkCamera”
  intitle:axis intitle:”video server”
  intitle:liveapplet inurl:LvAppl
  intitle:”EvoCam” inurl:”webcam.html”
      More patterns for finding web cams

• intitle:”Live NetSnap Cam-Server feed”
  intitle:”Live View / – AXIS”
  intitle:”Live View / – AXIS 206M”
  intitle:”Live View / – AXIS 206W”
  intitle:”Live View / – AXIS 210″
  inurl:indexFrame.shtml Axis
  intitle:start inurl:cgistart
  intitle:”WJ-NT104 Main Page”
        More patterns for finding web cams

• intext:”MOBOTIX M1″           • intitle:”sony network
  intext:”Open Menu”              camera snc-p1″
  intext:”MOBOTIX M10″            intitle:”sony network
  intext:”Open Menu”              camera snc-m1″
  intext:”MOBOTIX D10″   -
  intext:”Open Menu”    
  intitle:snc-z20 inurl:home/     intitle:”Toshiba Network
  intitle:snc-cs3 inurl:home/     Camera” user login
  intitle:snc-rz30                intitle:”netcam live image”
  inurl:home/                     intitle:”i-Catcher Console
                                  – Web Monitor”
Youtube – Finding Webcams
        The Dark Side of Googling

•   Dornfest, Rael, Google Hacks 3rd ed, O’Rielly, (2006)
•   Ethical Hacking,
•   A great cheat sheet of Google search features:
•   A valuable Cheat Sheet for Google Search Hacks --
    how to find information fast and efficiently
        The Dark Side of Googling
        References (more)
•   Henk Van Ess, Hacking with Google, A
    tutorial for finding things like social security numbers,
    phone directories, and similar items that should not be
    left lying about on the Web. This is done to illustrate
    how to protect your web site and your personal data.
•   Google Hacking,
•   Google Hacks 101
      Google Hacks webcam reference

• How to Find and View Millions of Free Live Web
  Cams --
• How to Hack Security Cameras,
• How to Hack Security Cams all over the World
Tools for Hacking
         Password Cracking

• Password cracking is the process of recovering
  secret passwords from data that has been stored
  in or transmitted by a computer system. A
  common approach is to repeatedly try guesses for
  the password.
• Password cracking works in a number of ways:
  – Guessing common words, birth dates, etc.
  – Dictionary attacks- trying all the words in a dictionary
  – Brute force based on the hashing system used by the
    operating system

        Password cracking programs

•   Ophcrack - Open source
•   Crack
•   Cain
•   John the Ripper
•   LC5 (formerly L0phtCrack)
•   RainbowCrack
          Packet Sniffers

• A sniffer is a program that monitors and analyzes
  network traffic, detecting bottlenecks and problems.
• Ethernet protocol works by sending packet information to
  all the hosts on the same circuit. A machine that is
  accepting all packets, no matter what the packet header
  says, is said to be in promiscuous mode.
• Because, in a normal networking environment, account
  and password information is passed along Ethernet in
  clear-text, it is not hard for an intruder once they obtain
  root to put a machine into promiscuous mode and by
  sniffing, compromise all the machines on the net.

          Packet Sniffers

The popularity of packet sniffing stems from the fact that it
  sees everything. Typical items sniffed include:
• SMTP, POP, IMAP traffic
• Allows intruder to read the actual e-mail.
• POP, IMAP, HTTP Basic, Telnet authentication
• Reads passwords off the wire in clear-text.
• SMB, NFS, FTP traffic
• Reads files of the wire.
• SQL databse
• Reads financial transactions and credit card numbers.

     Packet Sniffers

Cain and Abel Network Sniffer Tutorial
Cryptography and encryption
        Network tools --

• Network tools provides an online set of useful
  network tools to determine the source of SPAM,
• The four tools provided
  –   Nslookup
  –   Whois
  –   Ping
  –   Traceroute

nslookup is a network administration command-line
  tool available for many computer operating
  systems for querying the Domain Name System
  (DNS) to obtain domain name or IP address
  mapping or for any other specific DNS record


WHOIS (pronounced as the phrase who is) is a
  query and response protocol that is widely used
  for querying databases that store the registered
  users or assignees of an Internet resource, such
  as a domain name, an IP address block, or an
  autonomous system, but is also used for a wider
  range of other information. The protocol stores
  and delivers database content in a human-
  readable format.[1] The Whois protocol is
  documented in RFC 3912.


 –   Ping is a computer network administration utility used to test the
     reachability of a host on an Internet Protocol (IP) network and to measure
     the round-trip time for messages sent from the originating host to a
     destination computer. The name comes from active sonar terminology.
 –   Ping operates by sending Internet Control Message Protocol (ICMP) echo
     request packets to the target host and waiting for an ICMP response. In
     the process it measures the time from transmission to reception (round-
     trip time)[1] and records any packet loss. The results of the test are printed
     in the form of a statistical summary of the response packets received,
     including the minimum, maximum, and the mean round-trip times, and
     sometimes the standard deviation of the mean.
 –   Ping may be run using various options (command line switches)
     depending on the implementation that enable special operational modes,
     such as to specify the packet size used as the probe, automatic repeated
     operation for sending a specified count of probes, time stamping options,
     or to perform a ping flood. Flood pinging may be abused as a simple form
     of denial-of-service attack, in which the attacker overwhelms the victim
     with ICMP echo request packets.


 •   traceroute is a computer network diagnostic tool for
     displaying the route (path) and measuring transit delays of
     packets across an Internet Protocol (IP) network.
 •   traceroute outputs the list of traversed routers in simple text
     format, together with timing information
 •   Traceroute is available on most operating systems.
 •   On Microsoft Windows operating systems it is named tracert.
     Windows NT-based operating systems also provide
     PathPing, with similar functionality. Variants with similar
     functionality are also available, such as tracepath on Linux
     installations. For Internet Protocol Version 6 (IPv6) the tool
     sometimes has the name traceroute

Hacking Wireless Networks Tools
      Reference: Hacking Wireless

• Beaver, Kevin & Davis, Peter “Hacking the
  Wireless Networks for Dummies” Wiley (2005).
       Keystroke Logging

• Keystroke logging is the program installed on a
  computer to record every keystroke that the user
  makes. Typically it is hidden in a Trojan horse.
• The keystroke logger can reveal user ids and
  passwords, scripts, etc.
• The data can be downloaded and also used to
  upload other damaging programs or to create a
  slave computer that obeys a master in DDOS
      Hacking Tool References

• Schwartau, W., ”CyberShock”, Thunder Mouth
  Press, (2000).
 Securing your computer
 and website
There is no foolproof mechanism for securing
your computer or your website from attach.
However, you can make it very difficult and time
consuming to attack with some simple and
inexpensive (relative to the cost of the attack)
      Simple Protection against Hackers

• Simplest security – Username and Password
  – Statistic about password frequency
  – Passwords should contain letters, numbers and other
    assorted symbols.
     • Use
        –   @ instead of a
        –   $ instead of s
        –   3 instead of E
        –   & instead of et
        –   1 or ! instead of i
        –   1 instead of l (depending on if you use ! instead of i)
        –   Ex. Instead of using the password “mainstreet” use “m@1n$tr3&”
       What is a firewall?

(fīr´wâl) (n.) A system designed to prevent
   unauthorized access to or from a private network.
   Firewalls can be implemented in both hardware
   and software, or a combination of both. Firewalls
   are frequently used to prevent unauthorized
   Internet users from accessing private networks
   connected to the Internet, especially intranets. All
   messages entering or leaving the intranet pass
   through the firewall, which examines each
   message and blocks those that do not meet the
   specified security criteria.
             How does a firewall work?

There are several types of firewall techniques:
•   Packet filter: Looks at each packet entering or leaving the network and accepts
    or rejects it based on user-defined rules. Packet filtering is fairly effective and
    transparent to users, but it is difficult to configure. In addition, it is susceptible to
    IP spoofing.
•   Application gateway: Applies security mechanisms to specific applications,
    such as FTP and Telnet servers. This is very effective, but can impose a
    performance degradation.
•   Circuit-level gateway: Applies security mechanisms when a TCP or UDP
    connection is established. Once the connection has been made, packets can
    flow between the hosts without further checking.
•   Proxy server: Intercepts all messages entering and leaving the network. The
    proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert.
A firewall is considered a first line of defense in protecting private information. For
    greater security, data can be encrypted

       Protecting Yourself on the Internet

• Firewalls (both HDW and SFW)
• Anti-Virus & Anti-Spyware
• Never open an attachment that you were not
  expecting. If in doubt call the person.
• Always backup the critical data
• Always use the current patches to your O/S and
• Always use the most current updates to your anti-
        A more complex strategy – Honeypot

• A server that is configured to detect an intruder by
  mirroring a real production system. It appears as an
  ordinary server doing work, but all the data and
  transactions are phony.
• Located either in or outside the firewall, the honeypot is
  used to learn about an intruder's techniques as well as
  determine vulnerabilities in the real system.
• Honeynets
• A "honeynet" is a network containing honeypots. A
  "virtual honeynet" is one that resides in a single server,
  but pretends to be a full network. See firewall, darknet,
  honeyproxy and honeymonkey.

          The DMZ (DeMilitarized Zone)

• A middle ground between an
  organization's trusted internal
  network and an untrusted,
  external network such as the
  Internet. The DMZ is a
  subnetwork (subnet) that may
  sit between firewalls or off one
  leg of a firewall. Organizations
  typically place their Web, mail
  and authentication servers in
  the DMZ. DMZ is a military
  term that refers to the area
  between two enemies.

                          DMZ with Honeypots

• Scrambrey,J et al “Hacking Exposed Web
  Applications”, 2nd edit,(2006) McGraw Hill.
• Dhanjani, N “Linux and Unix Security Portable
  Reference”, (2003) McGraw Hill
• Shema, M “Web Security Portable Reference”,
  (2003) McGraw Hill
         Protecting Your Identity

• Never enter personal information (Acquired Characteristics) into a
  web site that uses only http (as opposed to https)
• Never send acquired characteristics (except your name) through
  the email.
• Unless you encrypt your email, expect that anyone can read it.
• Always pay close attention to the spelling of the URL (web
  address) when paying for anything on line.
• Do not respond to unsolicited emails.
• Shred all snail mail that contains personal information (especially
  credit card offers!!)
• Expect that once you throw something away, you are legally giving
  it to the public.
• Use only one credit card for online purchases
• Keep your browsers up to date. Install security patches when they
  are released.
       Credit cards and the Internet

• Credit and debit cards are now used routinely to
  purchase airline tickets, gifts and flowers, and
  thousands of other items from e-tailers,, Ebay, etc. The internet is a rapidly
  growing source of e-commerce involving $Billions.
• The consumer is probably no more at risk than at
  any other type of credit card transaction.
  However, this is by no means a riskless
  environment and the user should take at least as
  much care as with any transaction.
            Common Sense Protection Advice

    Shopping on the Internet is no less safe than shopping in a store or by mail.
    Keep the following tips in mind to help ensure that your online shopping
    experience is a safe one.
•   Use a secure browser - software that encrypts or scrambles the purchase
    information you send over the Internet - to help guard the security of your
    information as it is transmitted to a website. When submitting your purchase
    information, look for the "lock" icon on the browser's status bar, and the phrase
    "https" in the URL address for a website, to be sure your information is secure
    during transmission.
•   Check the site's privacy policy, before you provide any personal financial
    information to a website. In particular, determine how the information will be
    used or shared with others. Also check the site's statements about the security
    provided for your information. Some websites' disclosures are easier to find than
    others - look at the bottom of the home page, on order forms or in the "About" or
    "FAQs" section of a site. If you're not comfortable with the policy, consider doing
    business elsewhere.

            Common Sense Protection Advice (more)

•   Read and understand the refund and shipping policies of a website you
    visit, before you make your purchase. Look closely at disclosures about the
    website's refund and shipping policies. Again, search through the website for
    these disclosures.
•   Keep your personal information private. Don't disclose your personal
    information - your address, telephone number, bank account number or e-mail
    address - unless you know who's collecting the information, why they're
    collecting it and how they'll use it.
•   Give payment information only to businesses you know and trust, and
    only when and where it is appropriate - like an order form. Never give your
    password to anyone online, even your Internet service provider.
•   Keep records of your online transactions and check your e-mail for
    contacts by merchants with whom you're doing business. Merchants may
    send you important information about your purchases.
•   Review your monthly credit card and bank statements for any errors or
    unauthorized purchases promptly and thoroughly. Notify your credit or debit
    card issuer immediately if your credit or debit card is lost or stolen, or if you
    suspect someone is using your accounts without your permission.
  What to do if your credit
  card is lost, stolen, or
Recently millions of credit card numbers and Social
Security Numbers were disclosed when hackers broke
in and stole them from TJX company, and Dana Farber
sent out patient information to a wrong fax number.
In other cases they were on laptops that were stolen or
lost at airports, in poorly secured databases, etc.
         Actions to take

• Call and report all lost or compromised credit and debit
  cards immediately. Your liability for loss is often
  dependent on quick reporting. Remember driver
  licenses, passports, and other id as well.
   – Carry a list of your credit/debit cards, their numbers, and phone
     numbers in a separate place than the cards.
• Call the hot line at the Credit reporting agencies.
   – Each of the big three has a single hot line to alert creditors to
     protect you from having some else issue new cards/or lines of
     credit in your name.
   – It will require you to go through extra steps to get new credit
     cards etc. but will save your thousands and grief.
        The 3 Credit Card Phone Numbers to
• Keep these phone              Experian   1 888-397-3742
  numbers handy if you                     1 800-583-4080
  suspect your credit or
  identity has been
                                EQUIFAX 1 800-685-1111
• It will cause your credit
  lines to be flagged and               1 800-349-9960
  may on occasion cause
  some transactions to be
  questioned but it will also   TRANS      1 800-916-8800
  keep your finances            UNION

• Standler, R.B., Computer Crime, (2002)
The Dark Side of the
Internet in the novel,
movies, television
In the age of international terrorism
and cyber crime is spawning a new
genre of crime and spy novels
featuring the white hat hacker and
the black hat hacker villains.

• Hackers (1995) starring a very young Angelina
• Takedown (2000) A cult classic about the phone
  phreaker, Kevin Mitchnik
• The Score (2001) Ed Norton and Robert De Niro
  in a crime set in Canada
• Live Free or Die Hard (2007) A Bruce Willis flix,
  The attacking the nation‟s infrastructure thru its
  interlocking grids.
      Dark Side of the Internet Fiction

Deaver, Jeffery. The blue nowhere New York :
 Simon & Schuster, c2001.

Deaver, Jeffery. The broken window [sound
 recording], Simon and Schuster Audio, p2008.

To top