1 / 19

The Ethics of Hacking: The Worm of 1988

The Ethics of Hacking: The Worm of 1988. Thanks in advance to: thefuturesite.com time.com world.std.com/~franl www.eos.ncsu.edu/eos/info/computer_ethics. Takeshi Toyohara CS99 Presentation on March 7, 2000. Computing Ethics. The Worm?. Not talking about Dennis Rodman

ting
Download Presentation

The Ethics of Hacking: The Worm of 1988

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Ethics of Hacking:The Worm of 1988 • Thanks in advance to: • thefuturesite.com • time.com • world.std.com/~franl • www.eos.ncsu.edu/eos/info/computer_ethics Takeshi Toyohara CS99 Presentation on March 7, 2000.

  2. Computing Ethics

  3. The Worm? • Not talking about Dennis Rodman • Creation of Robert Morris • Son of the former Chief Scientist at NSA

  4. What’s A Worm • Characteristics • Propagates itself across a network using resources on one machine to attack other machines. • Not like a virus • Program fragment that inserts itself into other programs • Also unlike viruses, worms are not always malicious in purpose.

  5. Worm Stats • Released on November 2, 1988 • Ended up infecting over 6,000 network computers across the U.S. • Infects computers running 4.2 or 4.3 BSD UNIX and derivatives like SunOS

  6. How Does the Worm Work? • The worm program attempts to connect to other machines • Bypasses user authentication via • loopholes in the software • “favorite” password cracking • Creates copies of itself, which search out other computers and infect them.

  7. Security Loophole #1 • Rsh and rexec are network services which let you execute remote commands • Looks for a remote account with the same name

  8. Security Loophole #2 • If rsh and rexec fail, the worm attempts to use a bug in the finger program. • Bug in gets() • Worm sends extra 24 bytes that overflow the buffer and cause the process to run worm code.

  9. Security Loophole #3 • If those fail, the worm tries to exploit sendmail • Bug lets you specify a command line as the recipient of a message • Released version was compiled in DEBUG mode

  10. A Day in the Life NOVEMBER 2, 1988 • 6:00 PM At about this time the Worm is launched. • 8:49 PM The Worm infects a VAX 8600 at the University of Utah • 9:09 PM The Worm initiates the first of its attacks to infect other computers from the infected VAX • 9:21 PM The load average on the system reaches 5 - usually level is 1. • 9:41 PM The load average reaches 7

  11. A Day in the Life • 10:01 PM The load average reaches 16 • 10:06 PM At this point there are so many worms infecting the system that no new processes can be started. No users can use the system anymore. • 10:20 PM The system administrator kills off the worms • 10:41 PM The system is reinfected and the load average reaches 27 • 10:49 PM The system administrator shuts down the system. The system is subsequently restarted • 11:21 PM Reinfestation causes the load average to reach 37.

  12. Worm Effects • In under 90 minutes from the time of infection, the Worm had made the infected system unusable • Over 6,000 machines affected • No physical damage, but between $100,000 and $10,000,000 were lost due to lost access

  13. An Ethical Worm? • Look at what the worm did and did not do.

  14. The Worm is Good? • Did not delete a system's files • Did not modify existing files • Did not modify other programs to do its work for it • Did not install trojan horses • Did not record or transmit cracked passwords • Did not make use of any special privileges gained

  15. The Worm Did What? • Did show sysadmins numerous security holes • Did show that convenience is nothing without security • Did raise the world’s awareness to the vulnerability of the Internet • Did show other important lessons • Cooperation,diversity of networks, logging

  16. Real Hacking • Hacking  Cracking • “Hacking is generally accepted to be the arena of very smart people" • "Denial of service attacks, like what happened to Yahoo and eBay, are seen as bottom-of-the-barrel assaults; they don't require a lot of brains."

  17. The Hacker Ethic • Information-sharing is a powerful positive good • ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources wherever possible. • System-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.

  18. Hacking Ethically? • Highest forms of hacker courtesy • break into a system • explain to the sysadmin, how it was done and how the hole can be plugged • Hacker sense of community • actively willing to share technical tricks, software, and computing resources with others • Sysadmins just need to look for this info

  19. My Thoughts • We should take a Machiavellian attitude towards hacking. • Morris’s release of the Worm was unethical, but the idea behind it had much merit.

More Related