Hacking and Scams Social Engineering

Agenda

Hacking and Scams • System Attacks • Social Engineering Richard Baskerville • Google Hacking Georgia State University • Exploits • Payloads • WiFi Hacking • Phone Hacking

System Attacks Social Engineering

• Remote or physical access • Password guessing • Password cracking Long Established Google Hacking

Database of Exploit Queries GHDB Can Execute Queries on Google Aka “dorks”

Source: http://wand.5gbfree.com/passes.txt Exploits and Malware Payloads

• Vehicles: Delivering Trojan payloads • Viruses • Spyware • SQL Injection • Rootkits • Suckers • Keyloggers – Phishing • Botnets – Web-page Trojans • Ransomware – Malicious executables – Image, music, video Trojans • Buffer overflows and other exploits in image processing or playback programs

• Commonly Browser-Based Attack • Permits unauthorized full administrator-level • Sometimes semi-legit access – Authorized in EULA • Hides itself – Data for marketing / advertising • Malicious add-in, helper code – The files, folders, registry edits, and other • Collect browser data components it uses. – Account information • May hide bundled malicious files – Passwords – Browsing habits • Modify browser or computer configuration Botnets Keyloggers • Continuously awaits and processes commands received in a client/server mode. • Ultimate spyware • Frequently uses IRC chat channels • Record or transfer keystrokes and data – Higher degree of anonymity streams – High availability • Purposes • Conceal their presence – Distributing denial of service attacks (DDOS) • Compromise personal information like – Spamming passwords, credit card numbers, bank – Distributing illegal advertising software numbers, etc. – Abuse of ‘pay per click’ systems (Adware models) – Spread on-demand

WiFi Hacking Ransomware

• Wardriving – driving around looking for networks to hack • A payload that encrypts files and/or disks on a – Aided by GPS Mapping computer systems • Exploit default configurations • It displays a demand for a ransom to be paid • Weak Link - one mis-configured access point is enough Security weaknesses • It promises to deliver the decryption key upon • – WEP payment of the ransom – WPA • The ransom is demanded in a – WPA-2 digitally untraceable form, such as bitcoins WEP WPA

• 128-bit key Temporal Key Integrity Protocol (TKIP) • 40-bit cipher key simple XOR encryption • Key changed on a per-packet basis • Embeds session key into the • Crackable in 60 seconds packet stream • Protocol weakness • Attacks – On logon, client obtains a session key by exchanging – Flipping bits in the cipher stream the hash of the access point's key and watching to see which bits – Session key is rotated on a per-packet basis for the are flipped in the resulting entire session plaintext Hash salted with the SSID (the name of the wireless – Decrypting ciphertexts – encrypted with the same network) keystream – Attackers can derive the key from that hash using – Attacker can deduce the cipher tables of common SSID (“linksys” or “netgear”) and key by repeating the above common passwords

WPA-2 Phone Hacking • 128-bit AES encryption for keys • Replaced TKIP with Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) • Attacks • Default Pins – Man-in-the-middle – Hole-196: Malicious client can spoofs packets from the access • Social Engineering point (impersonates the access point) – “Borrow” device – Sniff network traffic or disrupt service – Reset to default pins • Voice Phishing (vishing) • SMS/MMS Phishing (smishing) Smartphone Hacking PoS Malware Eg.: Backoff Family • Like PCs: Virus, Trojans, etc. • Functions not all present in all variants • Banking Trojans intercepting financial transactions • Scraping memory for track data • Malware sending text messages to premium SMS services – Searches running processes for track data • Logging keystrokes • Spyware – Command & control (C2) communication – The places you go and when – Uploading discovered data – Record & forward phone conversations – Updating the malware • Malicious Quick Response codes – Downloading/executing further malware – Matrix bar codes – Uninstalling the malware • Malicious web sites (normal browsing danger) • Injecting malicious stub into explorer.exe – Responsible for persistence in the event the malicious executable crashes or is forcefully stopped

US-CERT Alert TA14-212A (2014) https://www.us- cert.gov/ncas/alerts/TA14-212A

Hacking and Scams

Richard Baskerville Georgia State University