1 / 9

Lesson 8 Case Study I: Cuckoo’s Egg Review

Lesson 8 Case Study I: Cuckoo’s Egg Review. Overview. What Happened What Techniques Worked What Techniques Didn’t Lesson to Teach. What Happened?. Unknown user exploited a computer at UC Berkeley Exploited a vulnerability in Email System Gained Super User Created Accounts

adamdaniel
Download Presentation

Lesson 8 Case Study I: Cuckoo’s Egg Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lesson 8Case Study I:Cuckoo’s EggReview

  2. Overview • What Happened • What Techniques Worked • What Techniques Didn’t • Lesson to Teach

  3. What Happened? • Unknown user exploited a computer at UC Berkeley • Exploited a vulnerability in Email System • Gained Super User • Created Accounts • Installed backdoors • Wiped Logs • Hacked other networks • Pilfered Systems

  4. Enter Cliff Stoll • Poor Astronomer who needed $$$$ • Worked in Computer Center • Noticed a 75 cents anomaly in accounting system • Found the “Hunter” account • Grabbed the tiger by the tail and didn’t let go • Persistence, persistence, persistence • 1+ year chase

  5. Innovative Techniques • First Intrusion Detection System • Key stroke logging • Internet traceback • Use of a “honey pot” • Electronic signals analysis on Kermit

  6. The Good • His persistence • His willingness to learn • Diligently researched unknowns • Obtained supervisor’s approval • Kept detailed notes in his log book • Time stamped everything • Cross-correlation of data • Maintained tight operational security • Communicated with everyone

  7. The Bad • No incident response plan • Initially removed “Hunter” account • Broke the chain of evidence by mis-handling the bulk of the printouts outside of a controlled environment • Conducted social engineering to get information • Sometimes failed to get permission • Failed to obtain funding (but he has a great book deal!) • Jumped to conclusions at times

  8. The Ugly • He social engineered others • He hacked in to some systems • Government investigators slow to respond

  9. Summary • Though provoking novel of intrigue • Many concepts still in use today • Common pitfalls: • Failed to discuss what didn’t work • Failed to reference properly • Lack of bibliography—minimum references

More Related