1 / 19

ANALYTICS PROJECT

WEB MINING . ANALYTICS PROJECT. MEET THE TEAM. 3 Queries (Hacker Web) + 2 Queries (Shodan) 11 most discussed and the 10 most Interacted upon topics on Hacker Web Contribution of Evil.r0mina, hacker with highest number of codes shared related to hacking

von
Download Presentation

ANALYTICS PROJECT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEB MINING ANALYTICS PROJECT

  2. MEET THE TEAM

  3. 3 Queries (Hacker Web) + 2 Queries (Shodan) • 11 most discussed and the 10 most Interacted upon topics on Hacker Web • Contribution of Evil.r0mina, hacker with highest number of codes shared related to hacking • Negative feelings about the governments across the globe • Servers using anonymous login • Managing user accounts and passwords ABSTRACT

  4. Developed by the AI Lab, University of Arizona Discussion repository of topics, ideas, and concepts of cyber attacker social media communication contains multi-million records of great value to cybersecurity research What Is hacker Web OUR APPROACH • Searched Hacker Web database for topics of Interest • Followed data mining process to extract relevant information • Used visualization tools like Tableau and Rapid Miner

  5. 1. 11 Hot topics on hacker web Forums considered:Anon-hackers, Elite Hack, Hack hound, iCode, vc-tools Methodology Used: Topics rated based on their `Discussion Ratio` & `Interaction Ratio` Discussion Ratio = (Unique Posts) / (Unique Threads) Interaction Ratio = (Unique Contributors) / (Unique Threads) Extracting the Data: SELECT `subforum`, COUNT(DISTINCT `postID`), COUNT(DISTINCT `threadID`), COUNT(DISTINCT `authorID`) FROM vctoolposts GROUP BY `subforum` ORDER BY `subforum` ASC;

  6. FINDINGS

  7. 3rdmost reputed on Elite Hack Forums; reputation score -18; original identity hidden • 203 unique threads. Mostly shares codes of .bat files • Key Areas: SQL Injections & DDoS; Batch, Shell & Command Line Interpreters • Extracting the data: SELECT DISTINCT ep.threadID, `title`, `subforum` FROM elitehackpostsep, elitehackthreadet WHERE ep.threadID=et.threadIDAND `authorID` = 1467 AND `subforum` NOT IN ("Rules And Announcements", "Funny World", "Graphics", "Graphic Requests", "Graphic Services", "Graphic Tutorials") ORDER BY `subforum`, ep.threadID, `postRank` ASC; • Key Sub-forums involved in (Number of threads): Batch, Shell, Dos & Command Line Interpreters (22), Beginner Hacking (21), Hacking Tools and Programs (33), Hacking Tutorials (40), Miscellaneous Computer Talk (10), Website and Forum Hacking (11), Windows (29) 2. Contribution of Hacker Evil.r0mina

  8. Presence in 28/88 sub forums on EHF

  9. Government Websites Attacked sinceFeb 2013 HATRED DISCUSSIONS ON GOVERNMENT Different Discussion Topics on Government

  10. A search engine that lets you find specific types of computers in the internet using variety of filters Crawls the Internet for publicly accessible devices, concentrating on SCADA Primary users: Cybersecurity Professionals, researchers and law enforcement agencies WHAT IS SHODAN OUR APPROACH • Research topics related to Cyber Security using Shodan API • Use Top Down and Bottom Up approach simultaneously • We shortlisted 5-6 queries, pulled data for those using Python Code • Analyzed data to check for interesting patterns, shortlisted 3 queries • Used 2 queries to answer one of the research questions • Collect datasets worth 3000 data • Performed Data Visualizations to find patterns

  11. Python code for data collection • Used Shodan API Key and modified search query as per the data desired • Based on parameters that we decided to analyse • Pulled exactly those attributes seen in the code above • Selected relevant data, cleaned it and analysed it

  12. Question 1:What is the co-relation between Anonymous System Login/successful login and Operating System vulnerabilities? Step 1:Analyze successful anonymous login attempts to servers from around the world. View ports, event id’s and countries to get a sense of severity of unprotected systems Step 2:Analyze operating systems from around the world. Research vulnerabilities of specific operating systems with respect to anonymous logins and their prevalence in countries. Question 2:What is the prevalence of default user names and passwords on server banners? Steps:It included analyzing various default logins for (a) ALLOT which is a bandwidth management system, (b) Cisco routers and switches without passwords, (c) Huawei IP phones with NO authentication required). We then came up with an understanding of the level of such sites in different countries Research questions

  13. Data Visualization(RQ1- Step1): Country vs Count of IP Addr.

  14. Data Visualization(RQ1- Step2): Country vs Count of ISP

  15. Data Visualization(RQ1): Combining Steps 1 & 2

  16. We have found that many systems unknowingly display their default login and password on banner as follows: Here, the User could easily use this default UserId/password to login to system. After logging in above by using default username and password, we were allowed to login and directed to http://94.144.51.170:8080/index.asp page. Research question 2:

  17. DATA VISUALIZATION(RQ2): COUNTRY vs COUNT of isp

  18. ‘United Stated’ is more prone to default user name and password mentioned in the banner. We were also able to enter some of the IPs to view their content without authorization. ADDITIONALLY: We were able to login using default username and password, and were directed to http://94.144.51.170:8080/index.asp page which is an enormous breach of data security. Additional research question:We analyzed the printers connected to networks around the world and were able to retrieve a picture that was sent for processing. We were also able to find the status of these printers and found most vulnerabilities were at education universities. (RQ2): results

  19. https://developer.shodan.io/api/banner-specification http://www.behindthefirewalls.com/2013/04/hakcking-with-default-credentials-and.htmlhttp://www.techrepublic.com/article/tech-tip-protect-your-network-against-anonymous-user-logons/#. http://www.speedguide.net/ports_common.php https://gist.github.com/achillean/8367958 http://serverfault.com/questions/224765/anonymous-login-attemps-from-ips-all-over-asia-how-do-i-stop-them-from-being-ab http://xploiter.net/r00t/showthread.php?tid=1088 http://1337forums.com/member.php?action=profile&uid=30 references

More Related