DOCSLIB.ORG

You Better Know You Your Onions Or You Might Wannacry

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
You Better Know You Your Onions Or You Might Wannacry You Better know you your Onions or you might Wannacry Nicholas Lewis NWSSP IT Security and Development CISSP,CSSLP,MCSE,MCAD,CHECK QSTM Introduction • A Brief History Of Hacking • The Story Of Wannacry • Where do we go from here • Live hack demo at lunchtime ! A Brief History Of Hacking How It All Began 1903 Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration of Guglielmo Marconi's purportedly secure wireless telegraphy technology, sending insulting Morse code messages through the auditorium's projector 1932 Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki broke the Enigma machine code. 1939 Alan Turing, Gordon Welchman and Harold Keen worked together to develop the Bombe (on the basis of Rejewski's works on Bomba). The Enigma machine's use of a reliably small key space makes it vulnerable to brute force. A Brief History Of Hacking How It All Began 1971 John T. Draper (later nicknamed Captain Crunch), his friend Joe Engressia, and blue box phone phreaking hit the news with an Esquire Magazine feature story. 1972 Before starting Apple, Steve Jobs and Steve Wozniak built and sold digital blue boxes, for around $100. One of their first calls they made using the blue box was to the Vatican with Wozniak pretending to be Henry Kissinger, they asked to talk to the pope. Without success. 1979 Kevin Mitnick breaks into his first major computer system, the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. A Brief History Of Hacking How It All Began 1980 The FBI investigates a breach of security at National CSS. The New York Times, reporting on the incident in 1981, describes hackers as “Technical experts; skilled, often young, computer programmers, who almost whimsically probe the defences of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized” The newspaper describes white hat activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his password cracker, which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated that "The Company realizes the benefit to NCSS and in fact encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files" 1981 Ian Murphy aka Captain Zap, was the first cracker to be tried and convicted as a felon. Murphy broke into AT&T's computers in 1981 and changed the internal clocks that metered billing rates. People were getting late-night discount rates when they called at midday. Of course, the bargain-seekers who waited until midnight to call long distance were hit with high bills 1983 The movie WarGames introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia of hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear ICBMs A Brief History Of Hacking How It All Began 1986 After more and more break-ins to government and corporate computers, Congress passes the Computer Fraud and Abuse Act, which makes it a crime to break into computer systems. The law, however, does not cover juveniles 1986 Robert Schifreen and Stephen Gold are convicted of accessing the Telecom Gold account belonging to the Duke of Edinburgh under the Forgery and Counterfeiting Act 1981 in the United Kingdom, the first conviction for illegally accessing a computer system. On appeal, the conviction is overturned as hacking is not within the legal definition of forgery 1986 Arrest of a hacker who calls himself The Mentor. He published a now-famous treatise shortly after his arrest that came to be known as the Hacker's Manifesto in the e-zine Phrack. This still serves as the most famous piece of hacker literature and is frequently used to illustrate the mindset of hacker A Brief History Of Hacking The Hacker Manifesto This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin colour, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. A Brief History Of Hacking How It All Began 1990 The Computer Misuse Act 1990 is passed in the United Kingdom, criminalising any unauthorised access to computer system 1992 One of the first ISPs MindVox opens to the public 1993 The first DEF CON hacking conference takes place in Las Vegas. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event A Brief History Of Hacking The UK Computer Misuse Act 1990 The act created three categories of offence: Unauthorised access to computer material: There must be intent to access a program or data stored on a computer, and the person must know that this access is not authorised. This is why login screens often carry a message saying that access is limited to authorised persons: this may not prevent a determined and ingenious hacker getting access to the system, but they will not be able to claim ignorance of committing an offence. Unauthorised access with intent to commit a further offence: for instance accessing personal files or company records in order to commit fraud or blackmail. Unauthorised modification of programs or data on a computer. Modification of a computer's contents under section 3 may consist of: Altering data As in the case of a nurse who observed a doctor entering his password and used it to alter patients' drug dosages and treatment records Removing data For instance to cover up evidence of wrongdoing Adding to the contents of a computer For instance it has been held that sending an email under a false name results in unauthorised modifications to the content of the mail server The intent need not be directed at any particular computer, program or data, so this provision covers damage caused by computer viruses - even though the virus author need not have known or intended that any particular system would be affected A Brief History Of Hacking How It All Began 1994 Hacking Theft of $10 Million From Citibank Revealed 1996 Cryptovirology is born with the invention of the cryptoviral extortion protocol that would later form the basis of modern ransomware. 1999 Software security goes mainstream In the wake of Microsoft's Windows 98 release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) bugs in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers. A Brief History Of Hacking Citibank From a computer terminal in his apartment in St. Petersburg, Russia, a Russian software engineer broke into a Citibank computer system in New York and with several accomplices stole more than $10 million by wiring it to accounts around the world, according to court documents and the U.S. attorney's office. Citibank said all but $400,000 of the stolen funds have been recovered. Six hacking suspects have been arrested, including the engineer, Vladimir Levin, who is being held in Britain and is fighting extradition to the United States. The incident underscores the vulnerability of financial institutions as they come to increasingly rely on electronic transactions. But computer security experts say what is even more notable about the case is that it became public. "Can it happen? Yes. Does it happen? Yes," said Eugene Schultz, a computer security expert at SRI International. "But we don't hear about it because financial institutions are afraid of adverse publicity." The Citibank case became public as a result of the extradition effort. A Brief History Of Hacking How It All Began 2001 Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. In these denial-of-service attacks, the DNS paths that take users to Microsoft's websites are corrupted. A Dutch cracker releases the Anna Kournikova virus, initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian tennis star 2002 Bill Gates decrees that Microsoft will secure its products and services, and kicks off a massive internal training and quality control campaign. 2003 The hacktivist group Anonymous was formed. A Brief History Of Hacking How It All Began 2004 North Korea claims to have trained 500 hackers who successfully crack South Korean, Japanese, and their allies' computer systems 2006 The largest defacement in Web History as of that time is performed by the Turkish hacker iSKORPiTX who successfully hacked 21,549 websites in one shot.
Load more

Recommended publications
  • Architect's Guide for Securing Network Equipment
    JANUARY 2018 ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT Trusted Computing Group 3855 SW 153rd Drive Tel (503) 619-0562 Fax (503) 644-6708 [email protected] www.trustedcomputinggroup.org Architect’s Guide for Security Network Equipment Copyright© 2018 Trusted Computing Group | All Rights Reserved ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT As part of the critical infrastructure of an enterprise, network equipment (Side Bar 1) is subject to the same types of attacks and threats as PCs, servers and the network itself. THESE THREATS INCLUDE: UNAUTHORIZED DEVICES UNAUTHORIZED CODE FIRMWARE IMPLANTS THAT 1 THAT CAN GAIN ACCESS 2 THAT CAN INTERFERE 3 CAN RENDER ATTACKS TO NETWORKED DATA WITH SAFE OPERATION INVISIBLE AND UNREMOVABLE Preserving the integrity and security of network equipment is essential to maintaining customer privacy and network reliability. Trusted Computing solutions can be used to provide these requirements. This Architect’s Guide makes the case for addressing network security and provides some initial guidance from ongoing efforts in this area. AWARENESS PRIOR TO ACTION Experts in providing trust to all aspects of an It is important to distinguish network security enterprise have found that many designers are not provided by items such as firewalls, VPNs, MPLS concerned about protecting the low-level, embedded domains, access lists, intrusion detection, network portions of their infrastructure. For example, those access controls, Radius, DMZs and a host of other people who are interested specifically in network functions that prevent inappropriate access to security are extremely concerned about almost all networked resources, from Secure Network aspects that involve anti-viruses and software but Equipment.
    [Show full text]
  • 7/26/2018 1 Grand Prize Don't Forget to Fill out Your Card! Overview
    The information provided here is for informational and educational purposes and current as of the date of publication. The information is not a substitute for legal advice and does 7/26/2018 not necessarily reflect the opinion or policy position of the Municipal Association of South Carolina. Consult your attorney for advice concerning specific situations. Anatomy of a Ransomware Attack Presented by Matt Hooper Session #1 Grand Prize Don't forget to fill out your card! 2 Overview Ransomware attacks are unfortunately common. Learn what they are, how to avoid an attack and what to do if your city is targeted. 3 1 7/26/2018 Security Breach Statistics . The government vertical in the US has become the largest group to suffer loss due to data breaches . On average, 57 confidential records are lost every second ...that’s 4,924,800 records per day . Almost 1.5 billion were lost in the month of March 2018 . The average cost for organizations reporting data breaches was $3.62 million dollars per breach . Security experts believe the majority of data breaches are either undetected or unreported! 4 What is Ransomware? Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • Timeline of Computer History
    Timeline of Computer History By Year By Category Search AI & Robotics (55) Computers (145)(145) Graphics & Games (48) Memory & Storage (61) Networking & The Popular Culture (50) Software & Languages (60) Bell Laboratories scientist 1937 George Stibitz uses relays for a Hewlett-Packard is founded demonstration adder 1939 Hewlett and Packard in their garage workshop “Model K” Adder David Packard and Bill Hewlett found their company in a Alto, California garage. Their first product, the HP 200A A Called the “Model K” Adder because he built it on his Oscillator, rapidly became a popular piece of test equipm “Kitchen” table, this simple demonstration circuit provides for engineers. Walt Disney Pictures ordered eight of the 2 proof of concept for applying Boolean logic to the design of model to test recording equipment and speaker systems computers, resulting in construction of the relay-based Model the 12 specially equipped theatres that showed the movie I Complex Calculator in 1939. That same year in Germany, “Fantasia” in 1940. engineer Konrad Zuse built his Z2 computer, also using telephone company relays. The Complex Number Calculat 1940 Konrad Zuse finishes the Z3 (CNC) is completed Computer 1941 The Zuse Z3 Computer The Z3, an early computer built by German engineer Konrad Zuse working in complete isolation from developments elsewhere, uses 2,300 relays, performs floating point binary arithmetic, and has a 22-bit word length. The Z3 was used for aerodynamic calculations but was destroyed in a bombing raid on Berlin in late 1943. Zuse later supervised a reconstruction of the Z3 in the 1960s, which is currently on Operator at Complex Number Calculator (CNC) display at the Deutsches Museum in Munich.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Román Ceano © Román Ceano
    La máquina enigma Román Ceano © Román Ceano. Todos los derechos reservados. El libro fue compilado de http://www.kriptopolis.org/enigma La fotografía sacada de http://enigma.wikispaces.com/file/view/enigma.jpg/30598271 Preludio En el verano de 1938, una pequeña localidad del condado de Buckingham vio perturbada su tranquilidad por la llegada de unos estrafalarios visitantes. Se trataba de hombres de aspecto próspero pero descuidado, acompañados por chicas que los lugareños juzgaron sospechosamente guapas y alegres. Estaban dirigidos al parecer por un tal Capitán Ridley, y decían que el motivo de su presencia era la caza. Ninguna de las camareras que les servían la cena en los hotelitos de la zona les oyó comentar anécdota cinegética alguna, lo cual era congruente con el hecho de que faltaban meses para la temporada. Lo que sí les oyeron comentar eran los opíparos almuerzos con que se obsequiaban. Estos debían tener lugar en la propiedad llamada Bletchley Park, puesto que allí se dirigían todos en sus coches cada mañana y de allí volvían cada tarde. Todo el mundo en Bletchley conocía la finca, sin duda la mejor de la comarca. La había creado sesenta años antes un exitoso corredor de bolsa de Londres llamado Herbert Leon, deseoso de disfrutar de la vida rural de las clases altas victorianas. Presidía la finca una mansión cuya fachada lucía una grotesca mezcla de estilos, que imitaba los palacios de las grandes familias rurales que habían sido reformados varias veces durante centurias. En la parte trasera había un gran patio, separado del edificio principal, donde estaban las cuadras, una enorme despensa donde guardar fruta fresca para el invierno y varias edificaciones auxiliares que recreaban de manera muy fidedigna el centro de operaciones de una propiedad rural.
    [Show full text]
  • Phd Husam G201301950.Pdf
    ©Husam Suwad 2018 iii Dedication To my Father and my Mother To my Wife and my kids Sama, Laya and Issa To my Brother and my Sisters To my homeland Halhul For the spirit of Martyrs iv ACKNOWLEDGMENTS All praise is due to ALLAH, the lord and sustainer of the worlds, for his countless favour and seeing me this far in life. I appreciate the support and prayers of my parents all through my life and specially in this work. To my family and relatives, I say thank you all for being there for me. My profound gratitude goes to my academic father Dr. Farag Azzedin for his constructive criticism, guidance, and the assistance he offered me throughout my thesis journey. I thank all my committee members Prof. Shokri Z. Selim, Dr. Mohammad Alshayeb, Dr. Moataz Ahmed, and Dr. Marwan Abu- Amara for their comments and support. Finally, I appreciate the help and efforts of Mr. Turki Al-hazmi. My special thanks go to my dear wife, and our children Sama Suwad, Laya Suwad, and Issa Suwad, for their love, care, understating, patience, and thoughts throughout the entire Phd program. To my special friend Mr. Ahmad Azzedin, my friends, and all Shami Community in KFUPM, I wish you all the best. I would like to Acknowledge KFUPM for giving me this opportunity. v TABLE OF CONTENTS ACKNOWLEDGEMENT v LIST OF TABLES xi LIST OF FIGURES xiii ABSTRACT (ENGLISH) xv ABSTRACT (ARABIC) xvi CHAPTER 1 INTRODUCTION 1 1.1 Attacks Economy Impact . .2 1.2 Need for Security . .4 1.3 Adaptive Security Life Cycle .
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • Cryptovirology: Extortion-Based Security Threats and Countermeasures
    Crypt ovirology : Extortion-Based Security Threats and Countermeasures* Adam Young Moti Yung Dept. of Computer Science, IBM T.J. Wi3tson Research Center Columbia University. Yorktown Heights, NY 1.0598. Abstract atomic fission is to energy production), because it al- lows people to store information securely and to con- Traditionally, cryptography and its applications are duct private communications over large distances. It defensive in nature, and provide privacy, authen tica- is therefore natural to ask, “What are the potential tion, and security to users. In this paper we present the harmful uses of Cryptograplhy?” We believe that it is idea of Cryptovirology which employs a twist on cryp- better to investigate this aspect rather than to wait tography, showing that it can also be used offensively. for such att,acks to occur. In this paper we attempt By being offensive we mean that it can be used to a first step in this directioin by presenting a set of mount extortion based attacks that cause loss of access cryptographiy-exploiting computer security attacks and to information, loss of confidentiality, and inform,ation potential countermeasures. leakage, tasks which cryptography typically prevents. In this paper we analyze potential threats and attacks The set of attacks that we present involve the that rogue use of cryptography can cause when com- unique use of strong (public key and symmetric) cryp- tographic techniques in conjunction with computer bined with rogue software (viruses, Trojan horses), and virus and Trojan horse technology. They demon- demonstrate them experimentally by presenting an im- strate how cryptography (namely, difference in com- plementation of a cryptovirus that we have tested (we putational capability) can allow an adversarial virus took careful precautions in the process to insure that writer to gain explicit access control over the data the virus remained contained).
    [Show full text]
  • Introduction
    Introduction Toward a Radical Criminology of Hackers In the expansive Rio Hotel and Casino in Las Vegas, I stood in line for around an hour and a half to pay for my badge for admittance into DEF CON 21, one of the largest hacker conventions in the world. The wad of cash in my hand felt heavier than it should have as I approached the badge vendor. DEF CON is an extravagant affair and attendees pay for it (though, from my own readings, the conference administrators work to keep the costs reduced). The line slowly trickled down the ramp into the hotel con- vention area where the badge booths were arranged. As I laid eyes on the convention, my jaw dropped. It was packed. Attendees were already mov- ing hurriedly throughout the place, engaged in energetic conversations. Black t- shirts— a kind of hacker uniform— were everywhere. Las Vegas- and gambling- themed décor lined the walls and floors. Already, I could see a line forming at the DEF CON merchandise booth. Miles, a hacker I had gotten to know throughout my research, mentioned that if I wanted some of the “swag” or “loot” (the conference merchandise), I should go ahead and get in line, a potential three- to four-hour wait. Seemingly, everyone wanted to purchase merchandise to provide some evidence they were in attendance. Wait too long and the loot runs out. After winding through the serpentine line of conference attendees wait- ing for admittance, I approached the badge vendors and (dearly) departed with almost $200. Stepping into the convention area, I felt that loss in the pit of my stomach.
    [Show full text]
  • Malicious Cryptography Exposing Cryptovirology
    Malicious Cryptography Exposing Cryptovirology Adam Young Moti Yung Wiley Publishing, Inc. Malicious Cryptography Malicious Cryptography Exposing Cryptovirology Adam Young Moti Yung Wiley Publishing, Inc. Executive Publisher: Robert Ipsen Executive Editor: Carol A. Long Developmental Editor: Eileen Bien Calabro Editorial Manager: Kathryn A. Malm Production Manager: Fred Bernardi This book is printed on acid-free paper. Copyright c 2004 by Adam Young and Moti Yung. All rights reserved. Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or trans- mitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clear- ance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specif- ically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials.
    [Show full text]
  • Tech & Policy Initiative, Working Paper Series 2
    Tech & Policy Initiative, Working Paper Series 2 It is with great pleasure that I invite you to read this second volume of Columbia SIPA’s Tech & Policy Initiative’s Working Paper Series. Building on the insights of the first volume, the second volume features working papers produced by SIPA-supported expert and next generation scholars who are engaging critical areas related to the impact of digital technology on society and institutions. The papers are multi-disciplinary and forward-looking, engaging complex subjects including the critical areas of Internet and data governance, the dynamics of cyber conflict and cyber sovereignty, how digital technology has impacted traditional economic sectors and business models, or other areas. This academic work was undertaken with vital support of the Carnegie Corporation of New York as part of SIPA’s Tech & Policy Initiative, an ambitious effort to explore the digital world and SIPA’s core fields of study. Since its inception, the Tech and Policy Initiative has sought to bridge the gap between policymakers, academics and practitioners in cybersecurity, internet governance and the digital economy through convening, research, training and other activities. The Tech & Policy Initiative draws on many disciplines and talented researchers within SIPA, in other parts of Columbia University, and outside entities to develop insights that will translate into better and more effective policies, and to inform government policies and private sector actions. This volume also includes papers prepared for SIPA’s 2017 Global Digital Futures Policy Forum, an annual conference that brought together more than 100 scholars, private sector leaders, legal experts, entrepreneurs, technologists, and others to discuss the challenges of internet fragmentation.
    [Show full text]