1 copyright © 2005 m. e. kabay. all rights reserved. 09:05-11:55 information warfare part 2: cases...
TRANSCRIPT
1 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
INFORMATION WARFARE
Part 2: CasesAdvanced Course in Engineering
2005 Cyber Security Boot CampAir Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSPAssoc. Prof. Information Assurance
Program Direction, MSIADivision of Business & Management, Norwich University
Northfield, Vermont mailto:[email protected] V: 802.479.7937
2 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Topics
08:00-08:15 Introductions & Overview08:30-09:00 Fundamental Concepts09:05-11:55 Case Histories13:15-15:15 INFOWAR Theory15:30-16:00 Project Assignments
3 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Examples of INFOSEC Breaches and Failures
Electronic infrastructure growing in importance
Must expand conception of warfare in the age of ubiquitous computing
Cases intended to stimulate your imaginationSpans last decade of developments to
provide wide range of examplesProvide ideas for your INFOWAR
attack/defense projects
4 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
5 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraudPsyops
Denial of Service (DoS)
6 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Breaches of Confidentiality: GAO vs IRSGAO blasts IRS (1997.04) IRS “misplaced” 6,400 computer records1,515 cases unauthorized browsing in 1994-5Only 23 employees fired for browsingSen. John Glenn introduced bill
establish criminal penalties against unauthorized access by employees
7 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: Gingrich
1997.01 -- Newt Gingrich cellular call monitoredFL couple using police scannersent tapes to Democrats
1997.04 -- Gingrich wiretappers chargedJohn & Alice Martinfederal chargesfines up to $10,000
MORALdon’t talk about sensitive stuff on cell
phones without activating encryption
8 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: Easy
1997.02 -- Billy Tauzin (R, LA) demonstrated scanner modifications to Subcommitteemodified off-the-shelf scanner in 2 minuteseavesdropped on cell-phone call
1997.02 -- French high court examined unauthorized wire-tapping by government anti-terrorism unit
9 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: AT&T Insider Job
AT&T WorldNet Sniffer Scandal (1997.05)Reports that WorldNet subject to packet
sniffing from external sitecaptured user IDs and passwordsmuch fuss and bother
Hoaxdiscovered misrepresentationpacket sniffer was on internal LANs, not on
TCP/IP circuits
10 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: NJ Pagers
Pager eavedropping in NJ (1997.08)Content sold to news organizationsSenior New York City officials
mayor's officetop police and fire department officers
Authorities used pagers believing them more secure than phones
Nov: Steven Gessman, Vinnie Martin and Robert Gessmanadmitted illegal eavesdroppingscheduled for sentencing on March 3, 1998
11 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: White House
White House pagers (1997.09)Hacker posted transcripts of WH pager
messages on Net Include sensitive information about First
Family movementsTraffic analysis dangerous
flurry of messages before President (etc.) move from one site to another
problem even if message encrypted
12 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Eavesdropping: Wireless Phone
Blabbermouth criminals arrested (1998.06)Saratoga County, NY woman
overhead crooks on wireless phoneplanned to beat and rob old womanreported to police
Police arrested three men and charged them with conspiracy
Woman refused to reveal her identityillegal to intercept wireless communicationsillegal to communicate content
13 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Man-in-the-Middle: Pager
Teenager intercepts doctor’s pages (2001.01) Inova Fairfax Hospital, VATeenager forwarded physician’s number to
his own pagerResponded to nurses’ requests with fake
medical instructionsBlood testsAdminister oxygenAbout a dozen orders in all
14 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Potential Connectivity: HealthSouth
Digital Hospital? (2001.03)HealthSouth hospitals to have Internet
connections at each bedDoctors and nurses can access and update
patient records
15 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Leakage: Spy Data on TV
Live broadcasts from spy satellites on TV (2002.06)
European satellite TV viewers can watch live broadcasts of peacekeeping and anti-terrorist operations US spyplanes over the Balkans
Broadcast through a Telstar 11 satellite over Brazil
US spyplane broadcasts not encryptedAnyone in Europe with satellite TV receiver
can watch surveillance operationsSatellite feeds connected to the Internet
16 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
17 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Davy Intl vs VA Technologie AG
Dow Jones News Service (1996.06)UK Davy Intl
Lost lucrative Saudi-Arabian contractalleged industrial espionage
Sued Voest-Alpine Industrial ServicesUK branch of Austrian firm VA Tecnologie AG
Obtained court order for seizure of evidenceReceived 2,000 pages & disks with info
belonging to Davy Intl from VA Technologie
18 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Boehringer Mannheim Corp vs Lifescan
1996.06US subsidiary of Boehringer Mannheim Corp
(pharmaceuticals) vs Johnson & Johnson unitAccused Lifescan Inc of encouraging industrial
espionage for 18 monthsSupposedly stole prototype blood sugar monitorAllegedly presented "Inspector Clouseau" and
"Columbo" awards to employees for stealing secret info from BMC
Lifescan countersued with equivalent accusationsBMC had Lifescan Competitive Kill TeamHired private detectives to spy on Lifescan
19 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Intel & AMD
1996.06 -- ReutersArgentinian national Guillermo GaedeAdmitted he sent videotapes about Intel chip-
manufacturing to AMDAMD immediately notified police Industrial spy sentenced to 33 months in
federal prison
20 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Espionage: CIA vs Europe
1996.08-- Sunday Times, RISKS 18.30US CIA allegedly hacking into European
Parliament & European Commission computers
Stealing economic and political secretsSupposedly used info in GATT
21 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Interactive Television Technologies
1996.08 -- PR Newswire4 yr R&D project for TV interface to NetTop secret -- moving to high-security facilityBefore move, thieves stole computers and
storage media Estimated $250M valueLooks like industrial espionageReconstructed data from backupsBut patenting prematurely to protect property
22 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Owens Corning & PPG
PPG & Owens Corning (1996.12)Major manufacturers & competitorsCleaning contractor stole operational
documents at night from PPGOffered to Owens Corning for $1,000Some years ago PPG had informed OC of
similar scam — also resulted in arrestsOwens Corning notified PPG Informed FBI, worked with LEOs to build casePerpetrator arrested by FBI
23 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: GM Opel vs VW1997.01 — news wiresGM alleged industrial espionage (Oct 96)
former purchasing chief, Jose Ignacio Lopez de Arriortua
left GM to join VW in 1993allegedly stole 3 crates confidential
documentsGM claimed stolen documents included highly
confidential infofuture product plans, parts prices &
manufacturing techniquesunfairly allowed VW to reduce costscaused unspecified financial damage
Settled out of court (1997.01)
25 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Bristol-Myers-Squibb
Taiwanese arrested for espionage (1997.06)Attempted to bribe Bristol-Myers Squibb
scientistWanted production details for Taxol
ovarian cancer drugworth $B
Employee reported to employer; then FBI arranged sting
Both agents arrestedFace 35 years and 10 years in jail,
respectively
26 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Battle of the Giants: DEC vs Intel1997.05 — DEC sues Intel, claiming theft of
chip designs1997.05 — Intel sues DEC, demanding return
of proprietary information1997.06 — DEC demands former employee
now at Intel remain silent about proprietary DEC information
1997.07 — DEC accuses Intel of anti-trust1997.10 — out of court settlement
Industrial Espionage: DEC/INTEL
28 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Law FirmLegal firm accused of espionage (1999.11)1st lawsuit involving industrial espionage by
lawyersMoore Publishing (Wilmington DE) sued Steptoe
& Johnson (Washington DC)allegedly breaking into computer systems
750Xstolen user-ID & password
Systematic cyberwarmisinformation posted on newsgroupsHotMail account traced to defendants
Damages at least $10M
29 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: France vs UK
French Intelligence Service Targets UK Businesses (2000.01)
James Clark writing in Sunday Times of LondonSpent $M on satellite technology for listening
stations & upgraded SIGINTAimed at British defense firms, petroleum
companies and other commercial targetsSurveillance includes GSM phonesUK officials warned not to discuss sensitive
issues on mobile phones
30 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Oracle vs Microsoft
Oracle Dumpster®-Dives vs MS (2000.06)Bill Gates complained about Dumpster® Diving
of trash of organizations supporting MS in antitrust case
CEO Larry Ellison of Oracle admitted using private detectives to go through trash ofAssociation for Competitive TechnologyIndependent InstituteCitizens for a Sound Economy
Suggested he would happily ship Oracle trash to MS in spirit of full disclosure.
31 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Echelon
EU Parliament attacks Echelon (2000.07)Formed temporary committee to investigate
spy networkSuspicions that Echelon used to intercept
conversations of European businesses Information might be given to competitors
from Echelon operatorsUS, Canada, Australia, New Zealand
In 2001.05, report recommend more use of encryption to defeat Echelon
32 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Datang vs Lucent et al.Chinese nationals arrested (2001.05)Two citizens of PRC worked at Lucent
Highly respected scientistsWorked with a Chinese business partner
Sent proprietary information to Beijing’s Datang Telecom Technology Co.Pathstar Access Server -- “Crown jewel”
Arrested by FBIConspiracy to commit wire fraudMax penalty 5 years in prison & $250K fine
In 2002.04, charged with additional espionageTheft from Telenetworks, NetPlane Systems,
Hughes Software Systems, and Ziatech
33 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Short Notes
2001.07: EMC sues former employees for data theft to help competitor Network Appliance
2002.09: 32-year old Chinese national working for (PRC) China National Petroleum Corp arrested for trying to steal seismic-imaging software from 3DGeo of Mountain View, CA
2003.05: 3 charged in Ericsson spy case in Sweden. Sold secrets to Russian intelligence agent.
2005.01: IBM selling PC business to PRC Lenovo Group for $1.75B – US Ctee on Foreign Investments investigating implications.
34 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Scandal in IsraelTrojan Horse scandal rocks Israel (2005.06)Author Amon Jackont target of attacks
Parts of current novel MS posted on WebAttempted theft from bank account
Police found keystroke logger on Jackont’s computerSuspicion fell on stepdaughter’s ex-husband,
Michael HaephratiDiscovered Haephrati apparently installed
Trojan programs on big industrial firms’ computers (HP, Ace Hardware…)Confidential info sent to server in LondonAllegedly selling secrets to other companiesDozens of arrests at highest levels (CEOs)
35 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Industrial Espionage: Interloc vs AmazonLawsuit over intercepted e-mail (1999.11) Interloc admitted intercepting & copying 4,000
e-mail messages sent to Amazon.comWent through own ISP Valinet To gain competitive advantage against
Amazon? Interloc's business managers denied any
wrongful intentionfailed to explain why they copied e-mail
Alibris company bought Interloc & paid $250K fine on behalf of their new acquisitionThis is called a failure of due diligence in
mergers and acquisitions practice
36 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
37 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Library Systems
June 96 — NCSA IS/ReconPublic and corporate library systems being
used to train apprentice criminal hackersMay also be used by more experienced
criminal hackers Isolate library network from rest of network
38 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: San Francisco High Schoolers vs PBX
July 96 — RISKS 18.26High-school students in the San Francisco
areaBroke into local manufacturing firm PBX
Attacked voice-mailerased informationchanged passwordscreated new accounts for own usecrashed system through overuse
Company spent $40,000 on tech support
39 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Scotland Yard PBX
Aug 96 — ReutersScotland Yard's PBX hacked by phone
phreaksU$1.5M of fraudulent callsUsed direct inward services access (DISA)Moral
disable DISAno limit on liability when using DISAuse phone service cards insteadlimit on liability if card stolen or account
abused
40 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: MitnickSept 96 — AP Kevin Mitnick indicted in Los Angeles 25 count indictment
stealing softwaredamaging computers at University of Southern
Californiausing passwords without authorizationusing stolen cellular phone codes
Readings about the Mitnick case Goodell, J. (1996). The Cyberthief and the Samurai: The True Story of Kevin Mitnick—and
the Man Who Hunted Him Down. Dell (New York). ISBN 0-440-22205-2. xix + 328. Hafner, K. & J. Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier.
Touchstone Books, Simon & Schuster (New York). ISBN 0-671-77879-X. 368. Index. Littman, J. (1996). The Fugitive Game: Online with Kevin Mitnick—The Inside Story of the
Great Cyberchase. Little, Brown and Company (Boston). ISBN 0-316-5258-7. x + 383. Shimomura, T. & J. Markoff (1996). Takedown: The Pursuit and Capture of Kevin Mitnick,
America's Most Wanted Computer Outlaw—by the Man Who Did It. Hyperion (New York). ISBN 0-7868-6210-6. xii + 324. Index.
41 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Danish Criminal Hackers
Dec 96 — AP6 criminal hackers from Denmark Attacked Pentagon & business computersSentenced to minor jail termsOrdered to pay fines, perform community
serviceOne sentenced to 90 days in jail, second to 40
daysDefense lawyers: criminals had “done the
hacking victims a favor by exposing the vulnerability of their computer systems.”
42 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Ex-Employees
1997.02 -- Computer Sciences CorporationWarn that many organizations attacked by ex-
employeesEx-employees of outsourcing firms a threatCited example of Big Six firm where ex-
employee used e-mail and voice-mail for one year after termination
Recommend use of single-logon systemToken-based authentication also useful in
centralizing control of I&A
43 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Croatian Hackers Attack Pentagon
1997.02 -- RISKS, ReutersTeenagers in Croatia broke into US military
systemsPentagon asked Croatian police for
cooperationArrested kids, searched homesConfiscated computer equipmentPreliminary estimates of losses running in
$500K range
44 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: DISA Report
1997.03 — EDUPAGE InfoWar Division of Defense Information
Systems Agency of USRetested 15,000 Pentagon computers
had warned system managers of vulnerabilities in previous audit
90% of systems were still vulnerableRecommended emphasizing response
(immediate shutdown) instead of focusing solely on preventing penetrations
45 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Cloverdale TwoMultiple assaults on military & research sites —
1998.01Attacks on 11 military computer systemsseveral universitiesfederal laboratories
“Most organized and systematic [attack] the Pentagon has seen to date. . . .” BUT . . .
. . . Actually teenaged criminal hackersSuburbs north of San FranciscoCaught with cooperation of ISP — 1998.02provided facilities for FBI monitoring
Punished by 3-year exclusion from computing by themselves
46 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Hungarian ISP
1997.03 -- RISKSHungary's main ISP, MATAVAssigned 1,200 IDs whose passwords were
the billing ID itselfPublished list of these IDs -- as a warning to
change the passwords USENET postings announced the breach of
security
47 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Netherlands Hackers vs Pentagon?
1997.03 -- EDUPAGECriminal hackers penetrated Pentagon
systems during Gulf WarClaimed that hackers approached Iraqi
intelligence with stolen information Iraqis said to have rejected info, fearing a
disinformation campaignRop Gongrijp of HacTic
extremely skeptical of whole storytraces what he thinks is an urban myth to
an article that never claimed anything about Iraqis at all
48 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Datastream Cowboy Fined
UK teenager cracked military computers (1994; trial 1997.03)
Richard Pryce attacked US Air Defense System in 1994 (was 16 years old)
Broke into Griffiss AFB, NYCracked Lockheed network in CAWas described as “#1 threat to US security”
in Senate Armed Forces Committee hearingsFined equivalent of $1,915Pryce now working hard on getting to play
bass fiddle in a London orchestra
49 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Swedish “Demon Freaker” Fined a Pittance
Phreak placed 60,000 calls at US telco expense (1996; trial 1997.05)
Racked up $250K of chargesRepeatedly linked US emergency lines to
each other, causing havocCaught by rapid trace while claiming his
penis was glued to a wallHistory of alcohol abuse and glue-sniffingFined equivalent of $350 Interned in psychiatric institution
50 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Private-School Naughty Boys
Brockville teens crack RipNet (1997.06)16-year-old A+ student + 4 accomplicesBroke into RipNet ISP in Brockville, ONStole 1300 user IDs + passwordsDistributed for free accessQuickly discoveredRipNet and police agreed to let posh school
handle punishmentringleader out of computer class for 1 yearall have to write essays on what bad boys
they were
51 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: “Mr Nobody” Cracks Netcom
15-year-old boasts of exploits to Interactive Week (1997.06)
Cracked PBX in 1995 (age 13)Listened to voice-mail messages
boxes had “Joe” passwords -- same as extension itself (stupid default)
Phreak and friends placed long-distance calls at Netcom expense
52 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: ON 14-year-old
1997.09 -- Burlington, ON>500 attempts to penetrate systems
all over North Americaevidence of malicious hacking
Attacked US military computerscaused downfallmilitary tracked him downcooperated with local police
53 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: NTT Hacked
Nippon Telephone & Telegraph -- 1997.10Stole proprietary programs for software
developmentUsed internal ID -- possibly social
engineeringHad or found number of modem
did it bypass the firewall?
54 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Pentration: Citibank Hack
1998.02 (events started 1994.07)Vladimir Levin of St Petersburg hacked
Citibank computersConspirator Alexei Lachmanov transferred
U$2.8M to five Tel Aviv banksAdmitted to attempting to withdraw
US$940,000 from those accountsThree other members of the gang pleaded
guiltyLevin extradited 1997.09
55 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Citibank -- Conclusion
1998.02 -- Levin sentenced to 3 years, finedVladimir Levin convicted by NYC courtTransferred $12M in assets from CitibankCrime spotted after first $400K theftCitibank cooperated with FBIMORAL: report computer crime & help
prosecute the criminals
56 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: Voice Mail
1998.05: Cincinnati Enquirer reporter breaks lawMichael Gallagher broke into voice mail of
Chiquita FruitsStories in paper accused Chiquita of illegal
activitiesReporter firedEnquirer paid
$10M to Chiquita in damagespublished front-page apologies 3 days in a
row
58 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: U Colorado
U. Colorado student arrested -- 1998.03Joshua Gregory Pearson, 18
computer science major Allegedly provided stolen passwords and
access codes to Israeli hacker “Heavy Metal”may have used packet snifferintercepted passwords and access codes
Israeli broke into U.CO computer systemalso denial of serviceunauthorized programs flooded U.CO e-
mail accounts with error messages
59 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: MOD redux
New MOD crows about exploits -- 1998.04Masters of Downloading instead of Masters of
DeceptionClaimed penetration of US military networks
DISN (Defense Information Systems Network)
DEM (DISN Equipment Manager)controls military Global Positioning
Satellites (GPS)
60 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: AOL Techs
ACLU site on AOL vandalized -- 1998.05 Intruder simply asked AOL help-desk staffers
for a “new” password for Web site controlSuccess may be function of size
1000s of staffersmany new and poorly trained
Birthday problem:
P{at least one failure} = 1 - (1-p)n
p=probability of one failure and
n=number of independent units
61 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: SLAC AttackedStanford Linear Accelerator Center -- 1998.06 Intruder logged in with a password
guessed? sniffed? borrowed?later posting indicated LAN sniffersimplies inside job
Evidencenew zero-length file50 files accessed
Results: SLAC off the Net entire week30 people worked overtimepossible interdiction of foreign logins
62 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: John the Ripper
Decryption of password files -- 1998.08UC Berkeley Sys Admin
discovered someone cracked his passwordrunning “John the Ripper” decryption progsuccessfully cracked about 48,000 pws from
a list of 186,126 encrypted passwordsCracker broke into systems at
noted Silicon Valley companyIndiana ISPother UC Berkeley systems, Caltech, MIT, and Harvard
Used Swedish ISP Telenordia then went through England, Denmark, South Korea
63 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Automated Shoulder-Surfing (1)
Newmarket, ON customers surfed -- 1998.04Thieves in cahoots with a gas-station
employee installed minicam for debit-card PIN pad
Make fake debit cards to pillage accountsused ATMs at midnight to steal 2 days’ max
Total thefts > $100KArrested just before a planned expansion to
five more gas stations
64 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Automated Shoulder-Surfing (2)
Finland: extra card-reader on ATM -- 1998.10Small black card reader glued onto regular
card slot Collected debit- and credit-card codes
Standard shoulder-surfing to garner PINsMade 60 counterfeit cardsStole 180 000 FIM (~U$36,600)
65 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2000
2000.01: Global Hell member, 16 yrs old, arrested in Eldorado, CA for stealing userIDs and passwords for 200,000 accounts on Pacific Bell ISP. Cracked 63,000 & boasted about it in chat room.
2000.03: Max Ray “Max Vision” Butler, 27, of Berkeley, CA indicted on charges of penetrating systems as NASA, Argonne Natl Labs, Brookhaven Natl Lab, Marshall Space Center, and DoD facilities.
2000.07: Raymond Torricelli, 20, of New Rochelle, NY arrested and charged with breaking into NASA, Georgia Southern U, San Jose State U computers & stealing credit card #s used for $10K of theft
66 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2000
2000.09: 16-yr-old Florida boy “cOmrade” sentenced to 6 mo detention in federal prison for penetrating NASA & Pentagon computers
2000.10: 21 cyberthieves arrested in Sicily in process of stealing $500M from Banco de Sicilia. Included members of the Mafia, computer specialists and bank employees.
2000.12: Netherlands hacker penetrated U Washington Medical Center in Seattle. Stole admissions records for 4,000 cardiac patients. No firewalls or encryption.
67 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2001
2001.01: Jerome Heckenkamp, 21, indicted for allegedly hacking computers at eBay, Exodus, Juniper, eTrade, Lycos, and Cygnus and causing a total of more than $900,000 in damage in 1999.
2001.05: Chinese hackers in Guandong penetrated California Independent System Operator’s flow-control computers during an electrical-power crisis.
2001.07: Lee Ashurst, 22, of Manchester, England, hacked into UAE only ISP and crashed entire country’s access to Internet. Fined £2000 and faced civil tort for £500K
68 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2002
2002.02: Adrian Lamo [sic] claimed he hacked NY Times computers and demonstrated how to alter news stories on Yahoo.
2002.05: Experian loses 13,000 credit reports to hackers.
2002.05: Criminal hackers steal financial information about 265,000 CA state personnel
2002.08: Princeton admissions personnel hack into Yale University admission records
2002.08: ForensicTec Solutions of San Diego brags about breaking into Army, Navy, NASA computers – gets raided by FBI
69 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2003
2002.02: Contractor for VISA and MASTERCARD penetrated by hackers
2003.03: Hackers gain full access to AOL customer database with 3.5 million users.Access requires a user ID, two passwords
and a SecurID code; Hackers obtained all of these by spamming
the AOL employee database with phony security updates, through online password trades, or by "social engineering" attacks over AOL's Instant Messenger (AIM) or the telephone.
70 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2003
2003.03: U Texas Austin loses control to hackers over 59,000 records about students, alumni, faculty, staff. Police charge 20-yr-old student Christopher Andrew Phillips.
2003.04: GA Tech computers 0wn3d by hackers from Feb 4 to Mar 14; 57,000 database records copied included credit-card data for about 40,000 people
2003.04: “Blaster Ball” Trojan allows hacker in former Soviet Union to penetrate William Bee Ririe Hospital in Ely, NV
2003.07: French hackers break into KY govt computers, gain root
71 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2003
2003.08: Diebold e-voting company’s Web servers cracked
2003.11: Hackers access top-secret files at Australian DoD.
2003.12: Hackers attack VoteHere systems
72 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2004
2004.03: Allegiance Telecom notifies 4,000 users of hack attack that released their userIDs and passwords [what? Not encrypted??]
2004.04: TeraGrid supercomputer network funded by NSF disrupted by hackers
2004.09: DoE auditors report 199 hacks penetrating 3,541 systems in 2003
2004.10: Purdue University systems hacked
73 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Penetration: 2005
2005.01: Nicolas Lee Jacobsen, 21, charged with breaking into T-Mobile computers for more than 1 yearAccess to 16.3M customer filesObtain voicemail PINs, passwords for Web
access to e-mailRead e-mail of FBI agent investigating his
own case!2005.01: Hackers break into George Mason
University computers2005.03: 150 applicants to business schools
break into their own records illegally on ApplyYourself Web site
74 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
BREAK5’12”
75 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: NYC Tax Fraud
Nov 96 -- AP3 NYC tax department employeesBribed by property owners from 1992 onwardRemoved records of taxes owingFraudulently entered legitimate payments
from innocent victims to wrong tax accountsUsed bugs in software to cover tracksStole $13M in taxes owing + $7M in interestOver 200 arrests expectedFace 10 years prison per count
76 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: Thick Salami at Taco Bell
1997.01 -- RISKSWillis Robinson (22 years old) reprogrammed
Taco Bell cash registerregistered each $2.99 item as costing $0.01pocketed $2.98 cash per transactionstole $3,600
Management assumed error was hardware or software
Idiot was caught because he bragged about his theft to co-workers
Sentenced to 10 years in prison
77 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: Embezzlement
London & Manchester Assurance (1997.01)Jamie Griffin
21 years oldclerkaltered records to steal £44,000gambled it all awayclaimed extortion by IRA
Sentenced to 7 months imprisonment
78 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling? or QA?
Brisbane, Australia (1997.09)Three men charged with hacking Transferred A$1.76M
from Commonwealth Bank to Metway Bank
Claimed they were victims of QA errorblame Commonwealth Bankallege CB placed A$50M into practice
accountfor learning how to use online system for
direct payments
79 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: SANS
SANS Security Digest hacked (1997.10)Satirical, misspelled, vulgar nonsenseAcutely embarrassing
80 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: Québec
Tax evasion by computer (1997.12)Québec, Canada restaurateursU.S.-made computer program ("zapper")Skimmed off up to 30% of the receiptsEvaded Revenue Canada and provincial tax$M/year
81 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: SSA
Social Security Administration -- 1998.10Employee become angry with woman
argued in an Internet chatroomUsed fellow-employee's terminalFilled in death date for woman in SSA recordsVictim applied for loan at bank
she was "cyberdead”Jorge Yong admitted culpability
resignedpaid $800 in fines and damages
82 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: LA Gas
Los Angeles gasoline-pump fraud -- 1998.10DA charged 4 men with fraudAllegedly installed new computer chips in
gasoline pumpscheated consumersoverstated amounts 7%-25%
Complaints about buying more gasoline than capacity of fuel tank
Difficult to prove initiallyprogrammed chips to spot 5 & 10 gallon
tests by inspectorsdelivered exactly right amount for them
83 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: X.COM
Free money (2000.01)X.COM online bankTransfer funds from the account of any
person at any U.S. bankNeeded only target’s account number and
bank routing information
84 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: BOOM!
New security measures at UK nuclear plants (2001.09)
Employee tried to sabotage nuclear plant (1999.06)
Security guard!Tried to alter sensitive informationNew measures put into place 18 months later
85 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: Cisco
Cisco accountants stole stock (2001.11)Oct 2000-Mar 2001: schemed to issue stock
Abused access to computer systemsCreated forged stock-disbursal recordsTotal theft: $7,868,637
Sentences34 months in federal prisonComplete restitution of theft3 years supervised release
86 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling? GOOGLE Bombs
GOOGLE used as political ploy (2004.01)Pranksters engineer Web sites to alter
GOOGLE links and statisticsLinked George W. Bush to bad words
“unelectable”“miserable failure”
Supporters retaliated with similar ploys against Kerry
87 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Data Diddling: Making the Grade
California high school student arrested (2004.05)
Corona del Mar High School, Newport-Mesa Unified School District
17 years oldAccused of felonyAllegedly hacked school system to change
gradesAltered grades of 6 juniors and 1 seniorFaces up to 3 years in prison
88 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
89 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage? IE vs Navigator
Internet Explorer 4.0 vs Netscape Navigator (1997.10)
IE 4.0 includes features from Plus! for Windows 95anti-aliasing functionsmoothes large fonts on screen
Reportedly does not smooth fonts in Netscape Navigator
Allegedly not found to fail in any other program tested -- but updated Occam’s Razor states:
Never attribute to malice
what stupidity can adequately explain.
90 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage? MS-MediaPlayer vs RealAudio
Several reports of software conflicts — 1998.10 Installation of MS-MediaPlayer causes
problems with other media playersMS product takes over file associationsPrevents usability of RealAudioDe-installation switches file associations to
other MS productsMS denied deliberate attack, accuses other
programs of quality problems
[Attila the Hun no doubt accused Europeans of quality problems, too.]
91 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Hactivists: Pentagon Meets Monty Python
“Electronic Disruption Theater” hacker group whine about unfair tactics — 1998.10
Criminal hackers attacke DoD DefenseLink 1998.09.09
DoD allegedly used offensive information warfare techniques allegedly posted hostile Java appletcriminals downloaded itsupposedly crashed their systems
Criminals complained about illegal responseSome legal minds agreed (!)
92 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
“Hactivism” on the Rise
Political action by criminal hackers — or criminal hacking by political activists?
“HACKING BHABA” article in FORBESattack on Bhaba nuclear research facility in
India (1998.05)interviews with teenaged perpetrators
Attacks on Chinese censorship (1998.11)WIREDgraduate student disabled Chinese content
filtersvandalized pro-censorship site in China
93 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage: Reuters Hong Kong
Nov 96 -- RISKS 18.65Reuters in Hong Kong
market information crucial for tradinglogic bombs at 5 investment-bank clients36 hours downtime in networksno significant effects on their workembarrassed by the incident
Caused by disgruntled computer technicianCosts
1,700 person-hours for recoveryHK$1.3M (~$168K)
94 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage: CA Dept Info Tech
1997.01 -- San Francisco Chronicle, RISKSFired subcontractor arrested
accused of trying to cause damage the California Department of Information Technology
Spent six hours online before being detected
Crashed systemData restored from backupsSystem management did not know the
accused had been firedDid not alter security after his dismissal
95 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage: Gateway2000
1997.01 -- EDUPAGE20,000 copies of promotional video30 seconds of pornography in mid-video Investigators thinking focusing on likelihood
of disgruntled employee of Gateway2000 or at video production company
96 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage: US Coast Guard
DP worker goes ballistic -- 1998.06Shakuntla Devi Singla
civilian data processing workerreported possible crime by contractor
Warnings disregardedWiped out personnel databaseCrashed system
Recovery (where were their backups?)115 Coast Guard employees1,800 hours to restore data
Sentenced to 5 months jail then 5 months home detention
Fined $35,000 restitution
97 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Sabotage: Telecast Fiber
Former Employee Destroys Files (2003.08)John Corrado broke into Telecast Fiber
Systems Inc, Worcester MA Used modemDestroyed R&D files and demos used by
sales repsPleaded guilty, agreed to pay $10,360
restitutionPossible penalties:
max 1 year prison$100K fine
98 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Web VandalismCIA (1996.09)USAF (1996.12)NASA (1997.03)AirTran (1997.09)UNICEF (1998.01)US Dept Commerce (1998.02)New York Times (1998.09)SETI site (1999)Fort Monmouth (1999)Senate of the USA (twice)(1999)
99 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
CIA (1996.09)
100 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
USAF (1996.12)
101 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
NASA (1997.03)
102 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
AirTran (1997.09)
103 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
UNICEF (1998.01)
104 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
US Dept Commerce (1998.02)
105 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
New York Times (1998.09)
106 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
SETI (1999)
107 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Fort Monmouth (1999)
108 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Senate of the USA (1) (1999)
109 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Senate of the USA (2) (1999.06)
110 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DEFCON (1999.07)
111 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Vandalism: 2000
2001.01: “Lamers Team” deface Library of Congress Web site
2000.03: Gallup site defaced with misleading pointers to AntiOnline
2000.04: 16-year-old in Sweden arrested for defacing Web side of Swedish National Board of Health and Welfare
2000.09: “fluxnyne” defaces OPEC Web site
112 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Vandalism: 2001 & 2003
2001.01: MS Web pages defaced by “Prime Suspectz” hacker group
2001.05: Chinese security experts report 14% of worldwide hacker attacks aimed at PRC Web sites
2003.05: Hackers attack Denver Internet radio station hosting security conference
2003.06: Hijacker switched registration of LA County Web site by calling ARIN and then stole 65,000 Web site addresses for use in sending pornographic spam
113 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Vandalism: 2003 & 2004
2003.07: Sudanese hacker destroys Websites of Sudan Airlines, Khartoum University, Aptec Computers, Sudanese Internet Company.
2003.12: 13 NASA Websites defaced by Brazilian hackers “drwxr” with antiwar sentiments
2004.06: Silicon Valley Land Survey Web site used to post videos of Paul Johnson (victim of Al Qaeda terrorists)
2004.06: Hackers infest 60 computers at South Korean research institutes and government agencies with Peep Trojan RAT
114 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
BREAK5’02”
115 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
116 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Moldovan Scam
1997.11 — news wires, EDUPAGE, RISKSPornography seekers logged into
http://www.sexygirls.com (Nov 96-1997.02)Special viewer program to decode picturesTrojan program
secretly disconnected modem connectionturned modem sound offdialed ISP in Moldavia — long distance
Long-distance charges in $K/victimCourt ordered refund of $M to consumers
118 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Back Orifice
cDc (Cult of the Dead Cow) — 1998.07Back Orifice for analyzing and compromising
MS-Windows securitySir Dystic — hacker with L0PHT“Main legitimate purposes for BO:”
remote tech support aidemployee monitoringremote administering [of a Windows
network]."Wink.”
119 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Back Orifice — cont’dFeatures
image and data capture from any Windows system on a compromised network
HTTP server allowing unrestricted I/O to and from workstation
packet snifferkeystroke monitorsoftware for easy manipulations of the
victims' Internet connectionsTrojan allows infection of other applicationsStealth techniques15,000 copies distributed to IRC users in
infected file “nfo.zip”
120 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Open Source Contaminated
TCP wrapper infected with Trojan (1999.01)Early on 21 Jan 1999 someone inserted
Trojan code into distribution siteTrapdoor access to contaminated systemsSent e-mail indicating which sites
contaminated
121 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Palm PDA
“Pirated” Gameboy software infects PDAs (2000.08)
Deletes applications on Palm PilotProof of concept?
122 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: MS a Victim
QAZ Trojan invaders Microsoft (2000.10)Company passwords sent to e-mail address
in St Petersburg, Russia“Deplorable act of industrial espionage” Investigation suggested little damageSource files very large – probably not
transferred
123 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: MS “Cumulative Patch”
MS Cumulative Patch a trick (2002.03)E-mail with 160 KB attachmentSubject: “Internet Security Update”“Eliminates MS Outlook/Express…
vulnerabilities”Vague link to MS security siteActually contained “Gibe” worm
124 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Reverse-Proxy Spam Trojan - Migmaf
Migmaf trojan commandeers PCs (2003.07)“Migrant mafia” takes over PCs by stealth
Not certain how it spreadsProgrammer may be changing code
constantly to elude anti-malware productsRelays requests for porn sites through infected
systemsWeb page passed through zombieImpossible to locate master serverPorn sites may be traps for credit-card data
Zombies also serve as spam relay sites
125 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Linux Backdoor
Linux kernel attacked (2003.11)Hacker tried to enter backdoor code into
sys_wait4() functionWould have granted rootNoticed by experienced Linux programmers
126 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Phatbot uses P2P
Phatbot attacks security (2004.03)Extensive feature set
Controlled through P2P networksProvides complete remote control over
system (open files, reboot, send files….)Snoops for passwords & tries to send
themTries to disable firewalls and AV products
Author arrested 2004-05Baden-Württemberg, Germany
127 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Mac Attack
MS-Office Installer icon is Trojan (2004.05)AS.MW2004.Trojan has icon like that of MS
Installaer for MS-Office for MacActually Trojan that deletes all files in user’s
home folder
128 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Cell Phones
“Skulls” targets Nokia 7610 (2004.11)Appears as a “theme manager” utilityExploits Symbian OSActually disables all programs on phone
Calendar, phonebook, camera, Web browser, SMS applications, etc.
Leaves only outbound and inbound phone calls functional
By 2005.04, researchers had found >100 Trojans affecting Symbian OS
129 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Cellery
Cellery Worm Clogs Networks (2005.01) Infected “Tetris” game contains wormReproduces throughout networkCan cause serious bandwidth saturationUsers who perceive playing games at work as
normal may not realize that the program is a threat
130 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Trojan: Bankash-A
Trojan attacks antispyware tool, logs keystrokes (2005.02)
Arrives in e-mail attachmentTries to disable MS antispyware and antivirus
softwareLogs user keystrokes, tries to send credit-
card & banking info to receiving siteMay delete filesAttempts to install yet more malwareDownloads additional code from the Internet
131 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinfoPsyops
Denial of Service (DoS)
132 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Deception: Holiday Inns vs Call Management
1997.01 -- APHoliday Inns uses 1-800-HOLIDAY for
reservations (note the O)Call Management uses 1-800-H0LIDAY (note the
ZEROHoliday Inns sued and lostOther firms have used phone numbers adjacent
to important commercial numbers in order to capture calls from misdealing customers
Old porn site whitehouse.com (now a respectable site) used confusion with whitehouse.gov to trick kids into visit
133 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Disinfo: Belgian ATC Fraud
1997.01 — ReutersBelgian lunatic broadcasting false
information to pilotsAir-Traffic Control have caught the false
information in time to prevent tragedySerious problem for air safetyPolice so far unable to locate pirate
transmitterLunatic thought to be former ATC employee
134 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Disinfo: Negotiations with Kidnappers Spoofed
1997.02 — RISKSColombian terrorists kidnapped soldiers
Government of Colombia decided to negotiate through e-mail
Right-wing terrorists sent fraudulent e-mail claiming to represent government position
135 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Disinfo: Cronkite Smeared
1997.01 — APTim Hughes created Web libeling Walter
Cronkite said WC had shrieked imprecations spat at Hughes and wife in FL restaurant
Included falsified digital images purporting to show Cronkite posing with KKK members
Cronkite threatened lawsuitHughes took down page, said it was a satire
136 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Psyops: Motley Fool
Mar 96 -- Wall Street Journal; EDUPAGE; RISKS Iomega high-capacity removable disk drivesAmerica Online's Motley Fool bulletin board
False informationFlaming and physical threats
Caused volatility of stock prices
137 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Psyops: Pairgain1999.04: Gary Dale Hoke arrested by FBI
Employee of PairgainCreated bogus Web page
Simulated Bloomberg information service Touted PairGain stock
undervalued – impending takeoverPointed to fake page using Yahoo message
boardsInvestors bid up price of Pairgain stock from
$8.50 to $11.12 (130%)13.7 M shares traded – 700% normal volume
138 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Pairgain – cont’d
Windfall gains & losses by investorsHoke did not in fact trade any of the stock
himselfPleaded guilty to charges of stock
manipulationSentenced to home detention, probation,
restitution
139 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Psyops: Emulex
2000.98: Emulex lost 60% of total share value Mark Jakob, 23 years oldFabricated news releaseSent from community college computerCirculated by Dow Jones, BloombergClaimed profit warning, SEC investigators,
loss of CEOJackob profited by $240,000 in minutes
140 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Psyops: Ponzi
EE-Biz Ventures steals $50M (2001.07)Donald A. English claimed huge profitsPaid early investors with money from later
onesClassic “Ponzi” schemeArrested by FBIMost victims were sick or elderly
141 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Psyops: 4-1-9 Brides
Prospective Brides Needed Money (2004.11)Russian Yury Lazarev hired women to write
flowery letters to possible partners Included sexy photographs3,000 men responded from around worldAttempts to meet met with requests for
moneyVisasAirline tickets
Net profits: $300,000One year suspended sentence in Moscow
142 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
BREAK4’56”
143 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
144 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
History of DoS
1987-12: Christmas-Tree WormIBM internal networksGrew explosivelySelf-mailing graphicEscaped into BITNET
1988-11: Morris WormProbably launched by mistakeDemonstration programReplicated through Internet~9,000 systems crashed or were
deliberately taken off-line
145 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Mail-Bombing Via Lists 1996.08/121996.08 — “Johnny [x]chaotic”
subscribed dozens of people to hundreds of listsvictims received up to 20,000 e-mail msg/daypublished rambling, incoherent manifestobecame known as “UNAMAILER”
1996.12 — UNAMAILER struck againRoot problem
some list managers automatically subscribe people should verifying authenticity of requestsend request for confirmation
146 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Spam / Junk E-mail 1996.09
AOL began blocking all inbound mail from junk e-mailers
Court challenges on both sidesOther ISPs beginning to revolt against
onslaught of automated spam generatorsCourts have ruled that junk e-mail does not
have to be transmitted by ISPs
147 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Spam / Junk E-mail 1996.09
Paul Engel, San Francisco stock brokerDisagreement with an employee of the SRIAllegedly resulted in mail-bombing run on 23
September25,000 messages consisting of the word
“Idiot”Originated from SRI accountPrevented him from using his computer1996.12: Sued SRI for $25,000 of damages
148 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: VineyardNET vs Spam 1997.01VineyardNET hijacked by CV CommunicationsConnected directly to the ISP's SMTP server Sent out 66,000 advertisements for spamming
servicesMost victims: CompuServe and AOLTuned firewall to reject further input from rogueAdjusted two-stage mail delivery software
scan and delete all junk e-mail
149 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Miscellany 1997.01/03 1997.01 — “Rev. White” spams IRC Undernet
racist, homophobic, misogynist threatening messages
1997.01 — Cleveland resident receives 100 calls/night because his phone # is 1-off AOL’s
1997.03 — InterNIC loses papers for unnamed companycut off its DNS entrydown for 20 hours
1997.03 — Sprynet suddenly terminates service to anyone not using <name>@sprynet.com — including legitimate customers with their own POP servers
150 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Wasting Time On-Line 1997.061997.06 — employee use of Web for fun during
working hours consumes average 2 hours of
productivity/weekother estimates range from 5% to 40% lostalso consume bandwidth
1997.06 — Pitney Bowes study from Gallup and San Jose State University972 top-level staff from Fortune 1000severe damage to productivity from
interrupts50% said interruptions every 10 minutesoverwhelmed by flood of messages
151 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Bluelister Attacks Antispammers 1997.06
1997.06: Forged headers from Antispam sites1 or more personsSend large amounts junk e-mail from
antispammers home sitesResulting floods of angry responses crashes
systemsNetHome Web-hosting service severely
compromised
152 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS News 1998
1998.01: Sanford “Spamford” Wallace found new spam-friendly ISPoffices swamped with phone calls, e-mails
and threats1998.03: Windows NT servers crash under
hack attacksCarnegie Mellon, MIT, NASA sites, man U.
Cal. Campuses, US Navy1998.03: Mailstorm by National Association
of Broadcastersinstructions on how to unsubscribe
actually sent messages to list itself
153 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS News 1998 (Cont’d)
1998.05: Panamsat Galaxy 4 satellite malfunctions10M pagers silencedalso some public radio networkstwo days of disruption
1998.09: Misappropriation of resourcesAaron Blosser accused of using 2585
computers at US Westlooking for prime numbersused 10 years of processing cyclessent response time from 3-5 seconds to 5
minutes
154 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Worcester Hacker Convicted Teenager punished for hack — 1998.03Kid broke into Bell Atlantic switch in suburb
of Boston, MA in 1997.03crashed switch6 hours down
Disrupted service for 600 customers & local airport control tower
Severely sentenced as example to others2 years probationloss of computer250 hours community service$5,000 restitution
155 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: MS & CERT-CC Down
Network vandal attacks MS (2001.01)Flooded MS sites w/ packetsDown for a dayDue to putting DNS servers in single network
CERT-CC down 30 hours (2001.05)DoS packet floodViewed as “just another attack” by staff
156 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Cloud Nine
Cloud Nine ISP out of business (2002.01)Massive DoS
E-mailDNS servers
Shut down operations Insurance insufficient to pay for rebuilding
systemsDecided to sell business to competitors
157 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: White House
White House site offline (2002.05)DoS 09:00-11:15 4 May 2002Suspect Chinese and pro-Chinese hackers
158 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Root Servers
DoS cripples 9 of 13 root servers (2002.10)Most sophisticated and large-scale assault on
root servers to dateStarted 16:45 EDT Monday 21 Oct 200230-40x normal traffic from South Korea and US
origins7 servers failed completely; 2 intermittentlyRemaining 4 servers continued to service ‘Net
requests – no significant degradation of service
Verisign upgraded protection on its servers as a result
159 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Al-Jazeera
Al-Jazeera swamped (2003.03)Arab satellite TV network Web site
unavailableSwamped by bogus traffic aimed at US
servers for its site
160 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Akamai (E-Commerce)
Akamai Technologies goes down (2004.06)Network vandals attacked Akamai serversManages 15% of total traffic on InternetDown for 45 minutesServe major players in e-commerce
MicrosoftYahooFedExXeroX, ... many othersAlso FBI
Care to estimate the costs of downtime??
161 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: GOOGLE & .com Disappear Briefly
GOOGLE disappears from Web (2005.05)Gone for 15 minutes 7 May 2005Glitch in DNSDrew attention to concerns over DNS stabilityNational Research Council issued report
criticizing state of DNS infrastructure
http://www7.nationalacademies.org/cstb/pub_dns.html
Historical note:
2000.08.23: 4 of 13 root DNS servers failedAll access (http, ftp, smtp) to entire .com
domain blocked for 1 hour worldwide
162 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Backhoe Attacks1997.06 -- Republic of Buryatiya
Thief removed 60m copper cableShut down all external communications 5
hoursEstimated cost ~$135,000
1997.06 -- Khazakhstan2 thieves began stealing copper from high-
voltage electrical power line -- while it was live
soon they weren’t1997.06 -- Florence, NJ
construction crew sliced through major UUNet backbone
163 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: More Backhoe Attacks
1997.10: Dump-truck driver leaves truck bed up, rips telephone cables – 119,000 Sprint users out of service for 4 hours
1998.02: Illuminet cables severed in Illinois – phone/ISP service out all over eastern seaboard for AT&T, Teleport, Bell Atlantic mobile
2001.03: Thieves attempted to steal copper cable in Ontario Canada. They actually cut a fiber-optic cable and wiped out Internet service for 300,000 users. Then while workers were repairing the damage, rodents attacked the exposed cable and eliminated service once more.
164 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: Tunnel Fire Derails Internet Service
Train derailed in Baltimore tunnel (2001.07)Damaged fiber-optic cablesAffected Internet service, telephony across
USAWorldCom, PSINet, AboveNetDelays on eastern seaboardProblems even in Seattle, Los Angeles
165 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DoS: What if GPS Fails?
As if 2003.04: 18 of 28 GPS satellites Operating beyond intended lifespan or Have equipment failure
GPS failure would affectCivil aviationTruckingShippingTelecommunications
Internet backbone operators use GPS time stamps
166 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
DISCUSSION
167 Copyright © 2005 M. E. Kabay. All rights reserved. 09:05-11:55
Resume at 13:14:54