Protecting Against Hacker Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Protecting Against Hacker Attacks 82-03-05 Protecting Against Hacker Attacks Previous screen Ed Norris Payoff In order to protect their computer and communications systems, information security practitioners need to understand the motives and modes of operation of external intruders. By learning how hackers gather and share information and how they break into systems, security practitioners can >>|||ensure t||hat |system \\safeguards remain able to detect and thwart attempts at unauthorized access. This article presents a profile of hackers and hacker clubs, their methods of communication (including magazines, bulletin boards, newsgroups, and conventions), and specific methods of information gathering and attack. Recommended procedures and controls for countering such hacker activities are provided. Problems Addressed The problem of people breaking into computer and telephone systems is not new. Such activities have occurred since the first introduction of these technologies. As new technologies become available, it can be expected that new methods of obtaining unauthorized access to these technologies will be developed. To protect their systems against unauthorized intrusion, security practitioners need to understand hackers: who they are, what motivates them to break into systems, and how they operate. This article examines these issues, describes specific hacking techniques, and recommends actions that should be taken to reduce exposure to hacker attacks. What is a Hacker? The term hacker means different things to different people. The author of the book Prevention and Prosecution of Computer and High Technology Crime defines hackers as computer criminals and trespassers who view illegal computer access as an intellectual challenge and a demonstration of technical prowess. The New Hacker's Dictionaryoffers a more benign definition: “A person who enjoys learning the details of computer systems and how to stretch their capabilities as opposed to most users of computers who prefer to learn only the minimum amount necessary.” Indeed, many people consider themselves hackers, yet would never attempt to gain unauthorized access to a computer or telephone system. Other terms are also used to refer to hackers. For example, phreaks are hackers that target telephone systems. The terms computer intruderand cracker are also commonly used for computer hackers. This article modifies the definition from The New Hacker s Dictionary, adding that some hackers may attempt to gain unauthorized access to computer and telephone systems to achieve their goals. A Hacker Profile In the early 1980s, the hacker profile was of a highly intelligent, introverted teenager or young adult male who viewed hacking as a game; most were thought to be from middle and upper class families. Like most stereotypes, this profile has proved to be wrong. In reality, hackers can be very smart or of average intelligence, male or female, young or old, and rich or poor. And recent hacker arrests and convictions have taught hackers that, whatever they may have thought in the past, hacking is not a game. To succeed, hackers need three things: motive, opportunity, and means. The motive may be increased knowledge, a joy ride, or profit. Many IS practitioners have the opportunity and means to hack systems but lack the motive. The opportunity to hack systems has increased greatly over the years. Today, computer Previous screen systems can be found everywhere. Hackers don't need state-of-the-art equipment to hack systems—used equipment is inexpensive and adequate to the task. Most companies allow some type of remote access by means of either dial-up lines or connections to external networks. For a relatively small monthly fee, anyone can have access to the Internet. Unfortunately many corporations provide opportunities to access their systems by failing to provide adequate security controls. And many hackers believe that the potential for success outweighs the possible penalties of being caught. The means of attack is limited only by the imagination and determination of the hacker. A basic law of hacking can be summarized as “delete nothing, move nothing, change nothing, learn everything.” Some hackers target such entities as corporations, security and law enforcement personnel, and other hackers. Kevin Mitnick allegedly electronically harassed a probation officer and FBI agents who got in his way. Some hackers target organizations for political reasons. For example, the Chaos Computer Club supports Germany's Green Party. And others target any machine that runs an operating system capable of executing a particular virus, worm, or Trojan horse. The estimates of the number of people involved in hacking vary greatly. Estimates range from about one hundred serious hackers to hundreds of thousands. No one really knows the number of people involved. Suffice it to say there are enough hackers to warrant taking precautions to prevent unauthorized access. Hackers often use aliases, such as Shadow Hawk 1, Phiber Optik, Knight Lightning, Silent Switchman, Dark Avenger, and Rock Steady. These aliases allow them to remain anonymous, while retaining a recognizable identity. And they can change that identity at any time simply by choosing another handle. For example, Shadow Hawk 1 is known to have also used the handles Feyd Rautha, Captain Beyond, and Mental Cancer. Changing handles is intended to confuse security personnel as to the identity of the hacker, which makes it more difficult to monitor hacker activity. A hacker may also want the targeted organization to think that several people are attacking the target. Security practitioners need to be aware of these methods of operation in order to understand the identity and the true number of hackers involved in an attack. Hacker Clubs Some hackers and phreaks belong to such hacker clubs as Legion of Doom, Chaos Computer Club, NuKE, The Posse, and Outlaw Telecommandos. These clubs give a sense of companionship, although most members never physically meet. More importantly, they help members work as a team toward common goals. By bringing together unique technical skills of individual hackers (e.g., specialties in UNIX or TCP/IP), these teams can achieve goals that might be out of reach for an individual hacker. Some hackers may also view membership in hacker clubs as demonstrating to the hacker and security communities that they are skilled members of an elite. Hacker clubs come and go. The more willing the members are to contribute to club activities, the longer such clubs remain active. Hack-Tic and the Chaos Computer Club have been in existence for a relatively long time, whereas such groups as MAGIK (Master Anarchists Giving Illicit Knowledge) and RRG (Rebels Riting Guild)lasted only a very short time. Hacker Publications Some hacker and phreak clubs produce publications. For example, the Legion of Doom produces Phrack, Phalcon/Skism produces 40Hex, and the Chaos Computer Club produces Chaos Digest. These publications provide hackers with technical information as well as providing a social function. Some hacker publications can be received by means of Previous screen electronic mail over the Internet; others are sent through the postal system. Some book stores and magazine stands sell 2600 The Hacker Quarterly, which has been published for ten years. This publication periodically publishes a list of addresses of other hacker publications. In order to keep informed of hacker interests and activities, security practitioners with access to the Internet should subscribe to the nonhacker publication Computer underground Digest.This electronic digest covers general issues related to information systems, and also covers hacker- and security-related topics. It often provides pointers to other sources of hacker information. Searching these sources can help the security administrator learn about the ways hackers obtain knowledge. Computer underground Digest can be subscribed to by sending an electronic mail message to [email protected]; the message should be sub cudigest your-name. Hacker Conventions Some hacker groups sponsor hacker conventions. For example, the Chaos Computer Club sponsors the Chaos Congress, Hack-Tic sponsors Hacking at the End of The Universe, and Phrack and the Cult of the Dead Cow sponsor HoHoCon. These conventions are held in the US and Europe. Hackers and phreaks, as well as security and law enforcement personnel, are featured speakers. The conventions are open to all interested parties. Most of these conventions serve primarily as venues for hackers to brag, swap stories, and exchange information. They tend not to be highly organized; most substantive information is exchanged in hotel rooms and lobbies. There have been a few raids and arrests at some conventions. Bulletin Boards and Newsgroups Hackers and hacker clubs primarily communicate by means of bulletin board systems. It is estimated that there are about 1,300 underground bulletin boards in the US. The information found on bulletin board systems is usually current and state-of-the-art. Timeliness of this information is important; hacker techniques described in print publications are usually already well know by the time they appear in print, and these published methods may no longer work. Even old information can be valuable, however. The LOD (Legion of Doom) Communications is selling old bulletin-board system archives. Even though these message bases are from the mid-1980s, many organizations are still being successfully attacked using methods described in those files. It can be difficult
Recommended publications
  • Lezione 2 Cenni Storici Sviluppo Di Software Sicuro (9 CFU), LM Informatica, A
    Lezione 2 Cenni storici Sviluppo di software sicuro (9 CFU), LM Informatica, ! ! 2"2"#2"2$ Dipartimento di Scienze Fisic&e, Informatiche e Matematiche Universit' di Modena e Re))io *milia http+##we,la,!ing!unimore!it/people#andreolini#didattica#sviluppo-software-sicuro 1 Quote of t&e da/ (Meditate, )ente, meditate!!!) “If history repeats itself, and the unexpected always happens, how incapable must Man be of learning from experience.” 0eor)e Bernard S&aw (1234 – 193") Scrittore, drammatur)o, lin)uista, critico musicale utore de “Il Pigmalione8 2 Sir John mbrose Fleming (12:9-$9:3) (;he electrical en)ineer and ph/sicist) Inventore, in)e)nere, radiotecnico, elettrotecnico! Inventore del diodo e della valvola termoionica! Consulente (fra le altre) della Marconi <ireless ;ele)rap& Compan/! 3 Jo&n Nevil Mas>el/ne ($2?9-$9$@) (;he ma)ician) Mago. Inventore del ,agno pu,,lico 6a )ettone8! Fondatore del 6Comitato Occulto8 (antesi)nano dellBodierno CIC 7)! 1903: Mas>elyne rovina una dimostrazione pu,,lica del tele)rafo 6sicuro8 senza Cli (svolta da Flemin))! (iesce ad inviare insulti in codice Morse!.. 4 Eni)ma (1924) (;&e encr/ption#decr/ption machine) Macc&ina elettro-meccanica usata per cifrare e decifrare messa))i! Usata dalla <e&rmac&t durante la Seconda Guerra Mondiale! Considerata indecifrabile per lun)o tempo! 5 rthur Scher,ius (12@2-$929) (LBinventore di *nigma) In)e)nere tedesco! 1918: ,revetta Eni)ma (macc&ina cifrante ,asata su rotori)! 1926: la Marina Militare tedesca adotta una variante di Eni)ma per le sue comunicazioni cifrate! 6 LBEnigma militare (LBinventore di *nigma) Uso di un pannello di controllo ag)iuntivo (detto 6plu),oard”) per offuscare ulteriormente il processo di cifratura.
    [Show full text]
  • PC Magazine Fighting Spyware Viruses And
    01_577697 ffirs.qxd 12/7/04 11:49 PM Page i PC Magazine® Fighting Spyware, Viruses, and Malware Ed Tittel TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_577697 ffirs.qxd 12/7/04 11:49 PM Page ii PC Magazine® Fighting Spyware, Viruses, and Malware Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256-5774 www.wiley.com Copyright © 2005 by Wiley Publishing Published simultaneously in Canada ISBN: 0-7645-7769-7 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RW/RS/QU/IN No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, e-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials.
    [Show full text]
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Introduction
    Introduction Toward a Radical Criminology of Hackers In the expansive Rio Hotel and Casino in Las Vegas, I stood in line for around an hour and a half to pay for my badge for admittance into DEF CON 21, one of the largest hacker conventions in the world. The wad of cash in my hand felt heavier than it should have as I approached the badge vendor. DEF CON is an extravagant affair and attendees pay for it (though, from my own readings, the conference administrators work to keep the costs reduced). The line slowly trickled down the ramp into the hotel con- vention area where the badge booths were arranged. As I laid eyes on the convention, my jaw dropped. It was packed. Attendees were already mov- ing hurriedly throughout the place, engaged in energetic conversations. Black t- shirts— a kind of hacker uniform— were everywhere. Las Vegas- and gambling- themed décor lined the walls and floors. Already, I could see a line forming at the DEF CON merchandise booth. Miles, a hacker I had gotten to know throughout my research, mentioned that if I wanted some of the “swag” or “loot” (the conference merchandise), I should go ahead and get in line, a potential three- to four-hour wait. Seemingly, everyone wanted to purchase merchandise to provide some evidence they were in attendance. Wait too long and the loot runs out. After winding through the serpentine line of conference attendees wait- ing for admittance, I approached the badge vendors and (dearly) departed with almost $200. Stepping into the convention area, I felt that loss in the pit of my stomach.
    [Show full text]
  • Infosec Year in Review -- 1999
    InfoSec Year In Review -- 1999 M. E. Kabay, PhD, CISSP. Security Leader, INFOSEC Group, AtomicTangerine Inc. Category 11 Breaches of confidentiality Date 1999-01-29 Keyword data leakage privacy confidentiality control Web Source, Vol, No. RISKS 20 18 The Canadian consumer-tracking service Air Miles inadvertently left 50,000 records of applicants for its loyalty program publicly accessible on their Web site for an undetermined length of time. The Web site was offline as of 21 January until the problem was fixed. Date 1999-02-03 Keyword data leakage Web script QA vulnerability confidentiality Source, Vol, No. WIRED via PointCast An error in the configuration or programming of the F. A. O. Schwarz Web site resulted paradoxically in weakening the security of transactions deliberately completed by FAX instead of through SSL. Customers who declined to send their credit-card numbers via SSL ended up having their personal details — address and so forth — stored in a Web page that could be accessed by anyone entering a URL with an appropriate (even if randomly chosen) numerical component. Date 1999-02-10 Keyword e-commerce credit card personal information password privacy Source, Vol, No. RISKS 20 20 Prof. Ross Anderson of Cambridge University analyzed requirements on the AMAZON.COM online bookstore for credit card number, password, and personal details such as phone number. He identified several risks: (1) merchant retention of credit card numbers poses a far higher risk of capture than of capture in transit; (2) adding a password increases the likelihood of compromise because so many naïve users choose bad passwords and then write them down; (3) even the British site for Amazon contravenes European rules on protecting consumer privacy; (3) such practices make it easier for banks to reject their clients' claims of fraudulent use of their credit-card numbers.
    [Show full text]
  • Honeypots: Tracking Hackers by Lance Spitzner Publisher: Addison Wesley Pub Date: September 13, 2002 ISBN: 0-321-10895-7 Pages: 480 • Examples
    Honeypots: Tracking Hackers By Lance Spitzner Publisher: Addison Wesley Pub Date: September 13, 2002 ISBN: 0-321-10895-7 Pages: 480 • Examples Copyright Foreword: Giving the Hackers a Kick Where It Hurts Preface Audience CD-ROM Web Site References Network Diagrams About the Author Acknowledgments Chapter 1. The Sting: My Fascination with Honeypots The Lure of Honeypots How I Got Started with Honeypots Perceptions and Misconceptions of Honeypots Summary References Chapter 2. The Threat: Tools, Tactics, and Motives of Attackers Script Kiddies and Advanced Blackhats Everyone Is a Target Methods of Attackers Motives of Attackers Adapting and Changing Threats Summary References Chapter 3. History and Definition of Honeypots The History of Honeypots Definitions of Honeypots Summary References Chapter 4. The Value of Honeypots Advantages of Honeypots Disadvantages of Honeypots The Role of Honeypots in Overall Security Honeypot Policies Summary References Chapter 5. Classifying Honeypots by Level of Interaction Tradeoffs Between Levels of Interaction Low-Interaction Honeypots Medium-Interaction Honeypots High-Interaction Honeypots An Overview of Six Honeypots Summary References Chapter 6. BackOfficer Friendly Overview of BOF The Value of BOF How BOF Works Installing, Configuring, and Deploying BOF Information Gathering and Alerting Capabilities Risk Associated with BOF Summary Tutorial References Chapter 7. Specter Overview of Specter The Value of Specter How Specter Works Installing and Configuring Specter Deploying and Maintaining Specter Information-Gathering and Alerting Capabilities Risk Associated with Specter Summary References Chapter 8. Honeyd Overview of Honeyd Value of Honeyd How Honeyd Works Installing and Configuring Honeyd Deploying and Maintaining Honeyd Information Gathering Risk Associated with Honeyd Summary References Chapter 9.
    [Show full text]
  • Cult of the Dead Cow by Menn, June 2019 : a Fundamental Misunderstanding
    Cult of the Dead Cow by Menn, June 2019 : a fundamental misunderstanding. Camille Akmut June 14, 2019 Abstract Beginning or end of a culture? The old model of the journalist-turned- historian by default. { a book review. 1 Introduction : isomorphic structures \I have not slept with any of my subjects." If such were a condition to be a journalist or documentary filmmaker of technology today, as it is commonly understood to be the rule amongst political reporters, for obvious reasons, their fates would be settled faster than they had settled Applebaum's own. |{ It is hard to observe the doings of this peculiar circle from afar without being reminded of their predecessors, who were the rock bands of the 1960s, 1970s, 1980s and 1990s, and their groupies (e.g. journalist Annik Honore and Ian Curtis). In the 2000s, they emerged, and replaced them; all of their habits and ways included, almost identical. We will forgo any longer discussions or descriptions of this incestu- ous crowd, of \crypto-anarchists" and \cyber-libertarians" with doubtful understanding of political theory, or history, \theoretical physicists" who conduct their own trials by fire, as churchmen had done in the Middle Ages of queers; and the rest of side characters, who too often land on their backs. The bottom is nearly bottomless with them, and they know their mu- tual orifices a little too well for their own good. Their courtship scenes are like those that could be observed, not with- out embarrassment by some, in the gymnasiums of ancient Athens in the middle of summer, June; the remains of which we find now in various comedy plays.
    [Show full text]
  • Cult of the Dead Cow
    This document is made available through the declassification efforts and research of John Greenewald, Jr., creator of: The Black Vault The Black Vault is the largest online Freedom of Information Act (FOIA) document clearinghouse in the world. The research efforts here are responsible for the declassification of hundreds of thousands of pages released by the U.S. Government & Military. Discover the Truth at: http://www.theblackvault.com U.S. Department of Justice Federal Bureau of Investigation Washington, D.C. 20535 April 19, 2019 MR. JOHN GREENEWALD JR. SUITE 1203 27305 WEST LIVE OAK ROAD CASTAIC, CA 91384 FOIPA Request No.: 1431530-000 Subject: Cult of the Dead Cow Dear Mr. Greenewald: The enclosed 67 pages of records were determined to be responsive to your subject and were previously processed and released pursuant to the Freedom of Information Act (FOIA). Please see the selected paragraphs below for relevant information specific to your request as well as the enclosed FBI FOIPA Addendum for standard responses applicable to all requests. In an effort to provide you with responsive records as expeditiously as possible, we are releasing documents from previous requests regarding your subject. We consider your request fulfilled. Since we relied on previous results, additional records potentially responsive to your subject may exist. If this release of previously processed material does not satisfy your request, you may request an additional search for records. Submit your request by mail or fax to – Work Process Unit, 170 Marcel Drive, Winchester, VA 22602, fax number (540) 868-4997. Please cite the FOIPA Request Number in your correspondence.
    [Show full text]
  • A Toolkit for Detecting and Analyzing Malicious Software
    A Toolkit for Detecting and Analyzing Malicious Software Michael Weber, Matthew Schmid & Michael Schatz David Geyer Cigital, Inc. [email protected] Dulles, VA 20166 g fmweber, mschmid, mschatz @cigital.com Abstract the virus or Trojan horse performs malicious actions unbe- knownst to the user. These programs often propagate while In this paper we present PEAT: The Portable Executable attached to games or other enticing executables. Analysis Toolkit. It is a software prototype designed to pro- Malicious programmers have demonstrated their cre- vide a selection of tools that an analyst may use in order ativity by developing a great number of techniques through to examine structural aspects of a Windows Portable Ex- which malware can be attached to a benign host. Several ecutable (PE) file, with the goal of determining whether insertion methods are common, including appending new malicious code has been inserted into an application af- sections to an executable, appending the malicious code ter compilation. These tools rely on structural features of to the last section of the host, or finding an unused region executables that are likely to indicate the presence of in- of bytes within the host and writing the malicious content serted malicious code. The underlying premise is that typi- there. A less elegant but effective insertion method is to cal application programs are compiled into one binary, ho- simply overwrite parts of the host application. mogeneous from beginning to end with respect to certain Given the myriad ways malicious software can attach to structural features; any disruption of this homogeneity is a benign host it is often a time-consuming process to even a strong indicator that the binary has been tampered with.
    [Show full text]
  • Computer and Network Security CS 215 © Denbigh Starkey
    Computer and Network Security CS 215 © Denbigh Starkey 1. Introduction 1 2. Hackers 1 3. Phreaks 4 4. Software Security 6 5. Network Security 8 1. Introduction I’ve already covered some of the topics that fall into this category in my notes on malicious acts. In particular I’ve discussed viruses and related issues. I’ll get into a bit more detail here on these topics, but will mainly concentrate on other issues like hackers and phreaks. 2. Hackers Hacking used to be considered an ethical profession, but then some hacking groups like the Legion of Doom, whose only goals were negative, changed the connotations of the name to where it is now almost universally thought of as a very negative term. Possibly, however, things might change back, since I have just got a new book called Hands-On Ethical Hacking and Network Defense. Ethical hacking describes is how we first thought of the hacking community before it got corrupted. Levy’s hacker ethic, which was the moral code for hackers, had six principles: 1. Access to computers – and anything which might teach you something about the way the world works – should be unlimited and total. Always yield to the Hands- On Imperative. 2. All information should be free. 3. Mistrust Authority – Promote Decentralization. 4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. 5. You can create art and beauty on a computer. 6. Computers can change your life for the better. So while the hacking code certainly implies lifestyle that is anarchistic in its underlying philosophy, it is not negative or destructive.
    [Show full text]