330 likes | 347 Views
Explore the increasing threat of computers as targets for hacking, theft, and information security breaches. Learn about the black market for stolen components, counterfeit software, and hardware piracy. Discover the motivations and profiles of hackers, as well as strategies to combat piracy and protect against cyber threats.
E N D
Chapter Four Computers as Targets – Hacking and Beyond
Computer as Targets • Hardware • Software • Information
Hardware • Theft and sale of computer components • Black market sale of integrated circuits, processing chips, memory cards, etc. is increasing • CPUs, monitors, scanners, printers, etc. are not as easy to conceal, and thus, are decreasing. • Increasingly global • Hard to prevent and nearly impossible to trace
Markets for Stolen Components • Black Market Dealers - • Most organized • Like full service restaurants • Grey Market Dealers • Specialize in made-to-order computers • Claim innocence
Examples • Both are increasing in prevalence and both are now involved in counterfeit software and hardware. • SoftBank (www.cybercrime.gov/williams_wilson.htm) • IBM
Software Piracy - Warez • Warez - commercial programs that are made available to the public illegally • readily available on the Web – usually created and maintained by highly sophisticated, well educated administrators • David LaMacchia and Cynosure and Cynosure II
Software – Organized Efforts • Organized units • 2001 – FBI seize over $10 million worth of counterfeit software • extremely sophisticated – even included disks with replicas of Microsoft’s new hologram technology • increasingly common – due to the high costs associated with obtaining licensed copies (Office 2000 - $600)
Software – Individual Piracy • The unauthorized copying of software is much more costly and more pervasive • exponentially increased after the introduction of CD-RWs • Major problem – lack of knowledge regarding licensing requirements
Strategies to Combat Piracy • Newest strategy - Shareware – acknowledges the futility of trying to stop people from copying software and instead relies on people’s honesty • Publishers actually encourage users to give copies of programs to friends and colleagues but ask everyone who uses a program regularly to pay a registration fee to the program’s author directly.
Hacking and/or theft of information • Computer may be the intended target of a criminal or may actually represent the instrumentality of the crime. Hacking activities may fall into either category.
Traditional Hacking Profiles • Young, socially challenged males • Started with role playing games, like D&D • Originally started as phreakers • Anti-establishment ideology
Hacker Ethos • Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. (The Mentor, Phrack, v1 i7, phile 3, as quoted in Sterling, 1994)
Contemporary Hackers • Contemporary hackers – • have lost much of the ideological superstructure • many are now criminally motivated • more females have emerged • more unskilled hackers due to the proliferation of private hacking toolkits and software (NetBus, Back Orifice, Deep Throat)
Contemporary Definitions • While traditional definitions included assumptions of motivation and skill, contemporary definitions have been altered to include any individual who intentionally accesses a computer without or in excess of authorization irrespective of knowledge or stimulus.
Continuum of Motivation • Boredom • Intellectual Challenge • Economic • Insiders • Sexual gratification • Political
Economic and Political Motivations 1. not as prevalent 2. investigated at higher rate 3. personal or political gain
A Sampling of Hacker Sites • 06-11-91 Hacking Bank America BANKAMER.ZIP06-11-91 Hacking Citibank CITIBANK.ZIP06-11-91 How to Hack HACK.ZIP06-11-91 Basics of Hacking HACKBAS.ZIP06-11-91 Hackers Dictionary HACKDICT.ZIP06-11-91 Hackers Handbook HANDHAND.ZIP 06-11-91 Anarchy Files ANARCH.ZIP06-11-91 Anarchist Book ANARCHST.ZIP06-11-91 How To Make Bombs BOMB.ZIP06-11-91 Chlorine Bomb CHLORINE.ZIP06-11-91 Anarchy Cook Book COOKBOOK.ZIP06-11-91 Destroy Stuff DESTROY.ZIP06-11-91 How to Pick Locks LOCK.ZIP06-11-91 Pipe Bomb PIPEBOMB.ZIP06-11-91 Revenge Tactics REVENGE.ZIP
Extortion and Blackmail • Extortion and Blackmail - cash for action or inaction • “Maxus” • Western Union
Computer ContaminantsDestruction of Data • Motivations vary but techniques are the same: • Viruses and Worms • DOS attacks • Trojans
Eco-terrorism via computer • Corporate warefare – not unique or new • traditional methods employed included attacks on physical structures or tangible objects • Intangibility of cyberspace has exponentially increased the potential impact (mail bombs are limited, but e-mail bombs are not!) • DOS attacks – attempt to disable a large system without necessarily gaining access to it
DOS Attacks • mail bombing – jamming a system’s server with voluminous e-mail • other methods: manipulation of phone switches or the more sophisticated method of low level data transmission • attacks have included: www.amazon.com, www.ebay.com, www.yahoo.com • Fortunately, few have been political in nature – thus, national infrastructures have remained relatively unscathed • However, they do pose a threat to national security. Imagine the chaos that would result if all of the electric utilities up and down the Eastern seaboard were shut down as a result.
Viruses • Viruses range in destruction from mere inconvenience to mass destruction. • Anna Kournikova virus – simply scrambled text within MS Word Documents • Chernobyl virus – attacked the hard disk by erasing a portion of the hard disk that makes it impossible to access the disk, even if booting from a floppy • Others may attack the FAT of the first partition, making it impossible for the disk to assemble data logically.
Computer Giants Victimized • Both Apple and IBM have been victimized • IBM’s e-mail system was compromised on five continents • Apple Computer reported that intruders may have reverse engineered the secret code for its operating system, while a virus released in its electronic mail system caused organizational chaos by erasing all company voice-mail.
Contemporary Environment • May be unskilled and use canned virus software, like the VBS Worm Generator • Federal and state legislatures have developed a variety of laws to punish those responsible for computer contaminates. • Not the case in foreign countries
Data Piracy – Industrial Espionage and Terrorism • May be committed by insiders (e.g., Gillette example) or criminal outsiders, industry competitors, or government entities • Gillette • French Government
Theft of Information – Electronic Espionage • Cold War ended caution of U.S., but not others • Telrad and Nortel • 2000 – FBI estimate - 120 foreign governments were actively working intelligence operations currently targeting the U.S.
Theft of Information – Physical Means • Laptops have created significant problems, including a new black market. • London • U.S. • Others • Airport • Solutions – greater education and awareness for employees. All of these are attributed to carelessness!
Terrorism and Data Manipulation • Traditionally, terrorism was directed at physical or human targets. • Currently, changing their method of operation – using technology to enhance communication, elicit funding, spread propaganda, formulate strategies, and terrorize their intended target • Ramzi Yousef –stored detailed plans to destroy U.S. airliners on encrypted files on his laptop computer long before 9/11
Cyberterrorism • a deliberate, politically or religiously motivated attack against data compilations, computer programs, and/or information systems which is intended to disrupt and/or deny service or acquire information which disrupts the social, physical, or political infrastructure of a target. • May be employed to target a nation’s infrastructure or critical databanks. (i.e., ConnEdison or CDC) • Think of the blackout in the Northeast in the summer of 2003. • Think of the cases in Britain and Italy where viruses wiped out vital information from lengthy hematology studies and one year’s worth of AIDS research.
Cyberterrorism • Organized groups are starting to emerge. • “Internet Black Tigers” • Pose significant danger
Hacking 101 – How They Do It • Single greatest threat – careless or uninformed employees despite precautions taken by employers • Social engineering • Shouldering surfing • Role playing • Background inquiries • Dumpster diving • More sophisticated approaches
Conclusions • Five contributing facts to computer intrusions • Computers act as the technical equivalent of storage warehouses • Increasing connectivity and interdependence of government and poorly regulated public infrastructures • The decline of necessary technical expertise • Increasing number of threat groups with sophisticated methodologies and advanced technology • Government apathy and disregard for protecting digital systems