1 / 37

History of Attacks

History of Attacks. First There were the Phone Phreaks. Phone Phreaks or “Blue Boxers” were individuals that attacked the phone system in the late sixties and early seventies The exploited the migration from mechanical switches, (As in the film), to electronic switches that could be subverted.

djoel
Download Presentation

History of Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. History of Attacks

  2. First There were the Phone Phreaks • Phone Phreaks or “Blue Boxers” were individuals that attacked the phone system in the late sixties and early seventies • The exploited the migration from mechanical switches, (As in the film), to electronic switches that could be subverted

  3. Phone Phreak Attacks • Telephone switches in that period were controlled by acoustic signals, specific complex tones • Blue Boxers reverse engineered the system, discovering what tones were used to control the system. • They then built gear, “Blue Boxes”, that created the tones and permitted them to control the system

  4. Goals of Blue Boxers • Mostly they made free long distance phone calls for themselves and friends • Compromised PBX’s, (Private Branch Exchanges), to obtain access to long distance lines

  5. Motivations of Phone Phreaks • Curiosity • What can I do? • Social • I can do this, aren’t you impressed. • We can do this, we are a group • Political • ATT was not much loved back then

  6. Motivations of Phone Phreaks • Financial • Access to free telephone services • In this period, only offered to friends • Almost never sold

  7. Impact of Phone Phreaks • Little Financial Impact • Stolen phone time was actually minimal • Although Phreaks knew how to exploit damaged equipment, their tactics did no damage • They formed the core of the first generation of hackers

  8. Trivia • The tone used to detach ATT Billing equipment was 2600 hz • This is why many of the hacker related websites and newsgroups have the “alt.2600” prefix. • 2600 hz happened to be the frequency produced by a whistle give as a prize in boxes of Captain Crunch cereal.

  9. Early Intrusions • Phone Phreaks would often scan phone exchanges to find tie lines and PBX’s • They would use a brute force approach trying every possible phone number in an exchange • An exchange is determined by the first three digits of a phone number, for example, in the number 272-1234, the exchange is 272

  10. Early Intrusions • Often, while scanning, they would find “Carrier” • This is the tone a modem gives when it answers a phone • This indicated a line that was attached to a terminal • As phone phreaks were engineering students, this was very interesting to them

  11. Early Intrusions • Early Systems had no concept of user ids and there were no passwords • This means, if you could find the phone line, and you had a modem and terminal, you could gain access • A lot of this went on

  12. Early Intrusions • Eventually, user ids and passwords were implemented, mid seventies to late seventies • This lead to password guessing approaches as we have previously discussed • Since users were naïve, very simple password guessing tactics were very effective

  13. Early Intrusions -- Motivations • Curiosity • Powerful computers were rare • Access was limited and hard to obtain • Intrusion gave you the ability to see what all the fuss was about • Social • A newer better form of Phreaking • I break into computers, so my kung fu is better

  14. Early Intrusions -- Motivation • Social – cont. • “We break into computers”, again tribal • Political • Computers belong to the Man • Its ok to steal from thieves • Games • As long as there have been computers there have been games, and people stealing computer time to play them

  15. Early Intrusions -- Motivations • Financial • Looking for data with a market value • This was actually rare. The film we saw is one of the first confirmed cases of intrusion for profit

  16. Early Intrusion -- Impact • Impact was minor • Most intrusions were a goal in themselves • The hacker wanted to prove to himself and to members of the community that he could gain access to the system • Very little data stored on computers had a market value • Hackers in this period had very little taste for vandalism

  17. Worms

  18. What is a Worm • A worm is a stand alone program • It can reproduce itself by spreading from machine to machine across the network • It does not require user intervention to spread • Uses exploits • Uses password guessing

  19. What is a Worm • Often, the part of the worm that invades systems is separate from the part that does the damage. • We call the threat carried by the worm, the payload • A worm can, for example, carry a virus as a payload

  20. What is a worm? • Often the worm will invade a system, then, once in place reach back and bring across its payload. • This makes the initial worm, the invading part, smaller and easier to write • It also permits the same intrusion part to be used for many different payloads. • Sometimes, there are no payloads. The worm is just a “Proof of Concept”

  21. The Morris Worm Or The End of Innocence

  22. Early Worms • Worms arrived as networking became common • They have grown up with the Network • When only mainframes were networked they infected mainframes • As personal computers came on to the network, they became targets • As personal computers came to dominate the networks, they became primary targets

  23. The Morris Worm • The Morris Worm, also known as the Cornell Worm, or The Great Worm, is the first real worm that was released onto the network • The Internet at this time had less than 100,000 machines. These machines were primarily used by Universities, researchers ,and engineering firms.

  24. The Morris Worm • The Worm was written by Robert Morris a student at Cornell University • Mr. Morris’s father was a researcher for the Government • Its speculated, but not confirmed that Morris used information he obtained from his father in writing the worm

  25. The Morris Worm • The Worm was released into the wild on November 2, 1988 • Morris released it from MIT to disguise the fact he was a Cornell Student

  26. Morris Worm -- Intent • Mr. Morris’s intent was to create a self replicating program that could measure the size of the internet • The worm was designed to infect Vax and Sun machines running Unix • It exploited several holes in common Unix programs like, sendmail to travel

  27. The Morris Worm -- Intent • Once a system was infected, the worm would pull the main program over to the infected machine and it would begin looking for other machines to infect • Morris assumed that the worm would take weeks to infect the entire Internet. He was interested in measuring its progress across the net

  28. The Morris Worm – What Happened • Mr. Morris was not the programmer he thought he was • The program replicated hundreds of times faster than he expected • The mechanism he coded to hold down the number of copies on an individual machine was faulty, so a single machine could be infected dozens or hundreds of times

  29. The Morris Worm – What Happened • Within minutes • The attempts of the worm to replicate itself caused what amounted to a denial of service attack on the entire Internet • Individual machines on the net would end up running so many copies of the worm that nothing else could run, or the machine would crash

  30. The Morris Worm – What Happened • System Administrators tried to cure their machines by rebooting them, but they were immediately reinfected • Communication between System Administrators to solve the problem was impossible because email, which they had come to depend upon was unavailable. • No one had phone numbers, it turned out

  31. The Morris Worm – What Happened • In the end, the net was taken down for three days while administrators fixed vulnerabilities and installed patches

  32. The Morris Worm -- Impact • End of Innocence • System Administrators finally had to face up to how vulnerable their systems were • The also had to consider what might have happened if the attack had been malicious • Formed CERT • Computer Emergency Reaction Team • To deal with future problems • Still exists

  33. The Morris Worm -- Impact • It was estimated by the GAO that 10 to 100 million dollars of damage was done. Mostly the time require to repair problems and bring the net back up • Estimates of infected machines vary • Most experts feel 90% or more of vulnerable machines were infected • This is probably 6 to 8 thousand of the 60,000 machines on the Net at that time.

  34. The Morris Worm -- Impact • Mr. Morris • Was found guilty of violating the Computer Fraud and Abuse Act, passed two years previous • Was sentenced to 3 years probation, 400 hours of community service and 10,500 dollars in fines • Now is an associate professor at MIT

  35. The Morris Worm -- Impact • University at Albany • Was hit hard that day. • Why the agreement you sign to gain access to campus computers is so strict • Why there are so many restrictions on what you can do.

  36. Comparison to Modern Worms • Modern Worms are better written • Disruption caused by Morris worm is a dead giveaway that a worm exists • Modern worms often have a financial motive

More Related