1PRESENTATION by ~ PRESENTATION by ~ Gagan Deep SinghGagan Deep Singh

2

WHY IS IT SUCH A CRUCIAL TOPIC-The vast size of our systemsThe investments we make in our

systemsConfidential systems like militaryThe kind of losses we can incurMulti domains like banks, healthcare,

tourism Our ever increasing dependability on

our systems SOLUTION-The concept of thief and theft applies here. The best thing possibly is to hire them to fight against themselves.

3

How hackers evolved……

The best way to discuss this will be to check out their generations.

First generation- Talented students, programmers and scientists (mostly from MIT). Their main motive was to tweak the code to produce more efficient or elegant program.

Second generation- Theological radicals. They had this forward thinking from mainframe to personal systems.

Third generation- Young people who embraced personal computers. They basically started making illegal copies of games like software and developed the crack codes.

Fourth generation- This is the current generation, those embracing criminal activity as if it is some sort of game of sport. When the Mac was attacked by its first virus, the hacker claimed the Mac was wrong that it is completely attack proof. He also added that he did it as a challenge.

4

Success Rate……Reliability of our systems has been an issue forever but today it is a bigger and a more important than before because our dependencies on the computer systems is on an all time high compared to before. There is almost no task now that we don’t need computer systems in. The crashing of a system can cause a bigger damage than ever before.

0200400600800

100012001400160018002000

'Mar 2003 'Mar 2004 'Mar 2005 'Mar 2006 'Mar 2007

Att

acks Unix

Mac

PC

5

Success Rate factors……

The best way to discuss these factors will be to compare them versus the security professionals. Just like in a war, an enemy on top of the mountain has a definite advantage, hackers have an upper hand over security professionals.

Relative mobility- The hacker is often not fixed to a particular location in the cyberspace. It becomes very hard for the security professionals and the victims as well the law makers to get hold of them. Also they always have the power to surprise by doing something absolutely new.

Higher level of knowledge- They are very accomplished in sharing their knowledge and tools of trade. Their ethics are loosely defined and they always have an advantage of making the first move.

More hours Less money- Hackers usually are prepared to spend many more hours in conducting their attack then most security professionals are willing in securing their systems. Even though hackers are under funded, they have displayed a whole lot of passion to compensate it.

6

Technical side of Hacking……

0

200

400

600

800

1000

1200

1400

Last 5 years till 06

Intr

usio

ns Physical Int.

System Int

Remote Int

Hacking is usually a technical activity, although that does not necessarily mean that attackers are always technically capable. There are a few ways to get into a target system and to exploit this as a full scale hacking activity.

Remote access has been biggest thrust in the success of hacking and all the future programmers and developers should keep that in mind.

7

Technical side of Hacking……

There are three main ways to intrude into the system

Physical Intrusion- This kind of intrusion happens when the intruder has physical access to the target machine. For example- booting with a special floppy or taking the system apart physically( eg- removing the hard drive)

System Intrusion- The intruder already has low level privileges on the system. They then exploit un-patched security vulnerabilities in order to escalate their privileges to administrative level.

Remote Intrusion- The attacker gets into the system through the network. This is the hardest and yet the most common form of intrusion. IDS is installed to prevent such intrusions. Having the root access to the system, the intruder can manipulate it in whichever way he wants.

8

Unauthorized Access……

Before attackers can exploit a system they need to gain access to it. They following techniques are used for gaining access.

Acquiring password- One way to get into the system illegally is by figuring out the password of a valid account. After looking for account names attacker can try to crack their passwords which are often too weak or poorly protected.

Clear text sniffing- Several protocols such as telnet, FTP and HTTP basic do not encrypt the password all as it is passed from the client to the server.

Encryption sniffing- There are many tools available for this purpose, such as, L0phtcrack3 (LC3), which performs dictionary, brute force and hybrid cracks.

9

Unauthorized Access……

Replay Attack- Sometimes the attackers do not need to decrypt the password at all. By reprogramming the client software, they can use an encrypted password to log into the system.

Password File Stealing- In most databases, the entire user database (including the passwords) is stored in a single file, such as /etc/passwd (IN UNIX) or SAM- Security Accounts Manager (in WinNT).

Observation- You should never be hesitant telling a person not to if he is looking over your shoulder when typing the password .

Social Engineering- It is the term used to describe cracking techniques that rely on weakness of WetWare ( human users attached to the system). It is surprising how effective social engineering can be. There is a book called Mitnick’s book to illustrated that.

10

How do hackers work……

Socially- Socially speaking, the activity of spreading malicious code is highly worrying because the number of targets that can be easily harmed by email transmitted code which is absolutely huge.

Alteration experts- Once a virus has entered a public domain, it is a much simpler task to alter the existing virus rather than to invent a completely new one. Just like it is easier to rebuild and redesign an existing car model than researching and developing a whole new one.

Groups- The common misconception is that the hacker generally is one person only. This is not true. They do work in groups as well. They do research, learn about systems, write forums and teach each other. Infact, their working in groups and sharing information is a significant part of the problem.

11

0

10

20

30

40

50

60H

acki

ng p

erce

tn

Challenge

Friendship

Addiction

Motivations… ….

Whenever there is a robbery or a murder, there is a motive behind it or otherwise its just an accident (which is a rare case). In a similar manner hackers have motivations behind the work they do. There is a survey called Citing Chantler’s survey that demonstrates the top motives as follows-

12

Motivations……

Talking of percentage wise-

49% - were positive aspects beneficial to discovery learning, such as challenge, knowledge and pleasure

24% - were recognition, excitement (of doing something illegal), and friendship as their motives.

27% - were self gratification, addiction, espionage, theft, profit, vengeance, sabotage and freedom. (As not expected, profit is not the biggest factor)

13

HACKING CAN BE USED POSITIVELY- Hacking although has become an illegal activity punishable by law can be used in a positive direction as well. The above code does nothing but restricts google to perform only a certain number of searches that you can do per day.

Lately modifications have been done in which the page you require will open directly without giving a list of pages.

A simple GOOGLE hacking code-

public class GoogleBotMain { public static void main(Strings[] args) throws Exception { GoogleBot bot = new GoogleBot(“GoogleBot)”; bot.setVerbose(true); bot.connect(“irc.freenode.net”); bot.joinChannel(“#irchancks”); }}

14

basic measures……

Protection Caution Updation

Just like prevention is better than cure protection upfront is important and should be implemented on every system. Paid software’s generally better at this.

Always keep your systems up to date with the latest security measures like patches and virus definitions. There are a number of commercial software's available.

We should always implement caution in whatever we do. Always keep your eyes open and don’t exchange any information that you are not sure of.

Keep your eyes open and don’t let anybody take over your privacy.

15

how do we know……The following are the ways we can say the system might have been

hacked-

Hosts running unnecessary services- The number one way of telling is if there are unnecessary services running on your machine. Sometimes you even try to kill a process and you are unable to do it because the process is running in an infinite loop.

Too many resources being consumed- Sometimes the system becomes hindered percent occupied even though there are not too many programs running. Most of the time the root directory is effected in such a case.

System very sluggish- The execution speed of the system might become drastically slow despite its good configuration. In that case there might be malicious software in the system or it has been hacked.

16

execution speed……

It is no hidden fact that the same program may have different execution speeds when running in different environments. How does the execution speed change the performance of the machines? An affected system will always run like it has a load on its shoulders.

The above chart shows how the execution speed becomes highly sluggish when the system has been attacked.

17

Things to do…..Be very careful when you do anything online.

Once you google you can’t un-google. Realistically speaking its very hard to do it and your information might stay there for years and years. You may well be listed in any number of online directories, such as AnywhoWhitepages.comSwitchboard.com and so on.

Acxiom is a major US vendor. You can ask Acxiom to remove your data by sending email to optout@acxiom.com or calling 1-877-774-2094.

18

Questions?

19

THANKS

THANKS