CIS 381: Social & Ethical Issues of Computing

Security

Dr. David Koop

D. Koop, CIS 381, Spring 2019 , Past and Present • Original meaning of : explorer, risk taker, system innovator (e.g. MIT’s Tech Model Railroad Club in 1950s) • Change in meaning from electronics to computers and networks • WarGames (1983): Hacking military supercomputer • Modern meaning of hacker: someone who gains unauthorized access to computers and computer networks

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 2 Password Advice • Do not use short passwords • Do not rely solely on words from the dictionary • Do not rely on substituting numbers for letters • Do not reuse passwords • Give ridiculous answers to security questions • Enable two-factor authentication if available • Have password recoveries sent to a secure email address

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 3 Case Study: Firesheep • October 2010: Eric Butler released Firesheep extension to browser • Firesheep made it possible for ordinary computer users to easily sidejack Web sessions • More than 500,000 downloads in first week • Attracted great deal of media attention • Early 2011: Facebook and Twitter announced options to use their sites securely

• Evaluate: Was this a good action?

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 4 Viruses • Virus: Piece of self-replicating code embedded within another program (host) • Viruses associated with program files - Hard disks, floppy disks, CD- ROMS - Email attachments • How viruses spread - Diskettes or CDs - Email - Files downloaded from Internet

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 5 Worm • Worm: - Self-contained program 7.3 329 - Spreads via computer network - Exploits security holes W • Tappen's Internet Worm W W - Released worm onto Internet from W MIT computer - Spread to significant numbers of Unix computers W - Infected computers kept crashing or became unresponsive Figure 7.4 A worm spreads to other computers by exploiting security holes in computer networks.

punk: Outlaws and Hackers on the Computer Frontier, written by Katie Hafner and John Markoff [25]. [M. J. Quinn] BACKGROUND OF ROBERT TAPPAN MORRIS JR. D. Koop, CIS 381, Spring 2019 Robert Tappan Morris Jr. began learning about the Unix when he was6 still in junior high school. His father was a computer security researcher at Bell Labs, and young Morris was given an account on a Bell Labs computer that he could access from a teletype at home. It didn’t take him long to discover security holes in Unix. In a 1982 interview with Gina Kolata, a writer for Smithsonian magazine, Morris admitted he had broken into networked computers and read other people’s email. “I never told myself that there was nothing wrong with what I was doing,” he said, but he acknowledged that he found breaking into systems challenging and exciting, and he admitted that he continued to do it. As an undergraduate at Harvard, Morris majored in computer science. He quickly gained a reputation for being the computer lab’s Unix expert. After his freshman year, Morris worked at Bell Labs. The result of his work was a technical paper describing a security hole in Berkeley Unix. While at Harvard, Morris was responsible for several computer pranks. In one of them, he installed a program that required people logging in to answer a question posed by “the Oracle” and then to ask the Oracle another question. (The Oracle program worked by passing questions and answers among people trying to log in.) Conficker Worm • Conficker (a.k.a. Downadup) worm appeared 2008 on Windows computers • Particularly difficult to eradicate • Uses pseudorandom domains to download from • Different variants released (type E installs malware) • Millions of copies of worm are circulating • Purpose of worm still unknown

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 7 Trojan Horses + & : - Program with benign capability that masks a sinister purpose - Performs expected task but also unknown, sinister actions • Trojan: Trojan horse that gives attack access to victim’s computer • Spyware: Program that communicates over an Internet connection without user’s knowledge or consent - Log keystrokes or take snapshots of computer screen - Send reports back to host computer • Adware: Type of spyware that displays pop-up advertisements related to user’s activity

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 8 Term Paper • Topics have been assigned • 4-5 people per group • Term papers are individual • Topic presentations are done in groups, but each person should speak for 3-4 minutes • As a group, rank your preferred presentation days - April 17, April 19, April 22, April 24, April 29, May 1 • Individual term papers are due May 6 (assigned exam date) • Need to evaluate issues using ethical frameworks • Groups can choose to examine different issues related to a topic or examine a similar issue using different frameworks

D. Koop, CIS 381, Spring 2019 9 Assignment 5 • Computer Reliability • About radiation treatments and their reliance on increasingly complicated software • Due Monday

D. Koop, CIS 381, Spring 2019 10 Bots • Bot: A kind of backdoor Trojan that responds to commands sent by a command-and-control program on another computer • First bots supported legitimate activities - Internet Relay Chat - Multiplayer Internet games • Other bots support illegal activities - Distributing spam - Collecting person information for ID theft - Denial-of-service attacks

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 11 and Bot Herders • : Collection of bot-infected computers controlled by the same command-and-control program • Bot herder: Someone who controls a botnet • Some botnets have over a million computers in them

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 12 Defensive Measures • Security patches: Code updates to remove security vulnerabilities • Anti-malware tools: Software to scan hard drives, detect files that contain viruses or spyware, and delete these files • : A software application installed on a single computer that can selectively block network traffic to and from that computer

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 13 Cyber Crime and Cyber Attacks • Internet sales over $1 trillion annually • Organized crime and politically motivated attacks • Various types of attacks - - SQL Injection - Distributed Denial of Service (DDOS)

D. Koop, CIS 381, Spring 2019 14 Phishing and Spear-phishing • Phishing: Large-scale effort to gain sensitive information from gullible computer users - At least 67,000 phishing attacks globally in second half of 2010 - New development: phishing attacks on Chinese e-commerce sites • Spear-phishing: Variant of phishing in which email addresses chosen selectively to target particular group of recipients

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 15 Bobby Tables

[xkcd]

D. Koop, CIS 381, Spring 2019 16 SQL Injection • Method of attacking a database-driven Web application with improper security • Attack inserts (injects) SQL query into text string from to application • Application returns sensitive information

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 17 DoS and DDoS Attacks • Denial-of-service (DoS) attack: Intentional action designed to prevent legitimate users from making use of a computer service • Aim of a DoS attack is not to steal information but to disrupt a server’s ability to respond to its clients • Distributed denial-of-service attack (DDoS): DoS attack launched from many computers, such as a botnet

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 18 Cyber Crime • Criminal organizations making significant amounts of money from malware • Jeanson James Ancheta • Blue Security and Pharmamaster • Albert Gonzalez • Avalanche Gang

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 19 The Rise and Fall of Blue Security • Blue Security: An Israeli company selling a spam deterrence system • Blue Frog bot would automatically respond to each spam message with an opt-out message • Spammers started receiving hundreds of thousands of opt-out messages, disrupting their operations • 6 of 10 of world’s top spammers agreed to stop sending spam to users of Blue Frog

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 20 The Rise and Fall of Blue Security • One spammer (PharmaMaster) started sending Blue Frog users 10-20 times more spam • PharmaMaster then launched DDoS attacks on Blue Security and its business customers • Blue Security could not protect its customers from DDoS attacks and virus-laced emails • Blue Security reluctantly terminated its anti-spam activities

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 21 Politically Motivated Cyber Attacks • Estonia (2007) • Georgia (2008) • Georgia (2009) • Exiled Tibetan Government (2009) • and South Korea (2009) • Iran (2009) • Espionage attributed to People’s Liberation Army •

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 22 Attacks on Social Networking Sites • Massive DDoS attack made Twitter service unavailable for several hours on August 6, 2009 • Three other sites attacked at same time: Facebook, LiveJournal, and Google • All sites used by a political blogger from the Republic of Georgia • Attacks occurred on first anniversary of war between Georgia and over South Ossetia

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 23 Fourth of July Attacks • 4th of July weekend in 2009: DDoS attack on governmental agencies and commercial Web sites in United States and South Korea • Attack may have been launched by North Korea in retaliation for United Nations sanctions

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 24 SCADA Systems • Industrial processes require constant monitoring • Computers allow automation and centralization of monitoring via Supervisory Control and Data Acquisition (SCADA) systems • Today, SCADA systems are open systems based on Internet Protocol - Less expensive than proprietary systems - Easier to maintain than proprietary systems - Allow remote diagnostics • Allowing remote diagnostics creates security risk

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 25 Stuxnet • In January 2010, Iranians discovered Natanz Nuclear Facility had been targeted by worm for the past two years • Stuxnet targeted plant’s control systems of centrifuges, causing them to fail at an unusually high rate - Attacked SCADA systems running Siemens software - Uranium must be processed to increase concentration of active isotope, U-235, which in is only 0.7% of natural uranium - Small difference in weight allows the U-235 isotope to be separated from the predominant U-238 isotope - Centrifuges spin at over 60,000 RPM to separate isotopes and enrich the uranium

[S. Abraham]

D. Koop, CIS 381, Spring 2019 26 Stuxnet

[L-Dopa, IEEE Spectrum]

D. Koop, CIS 381, Spring 2019 27 Stuxnet Aftermath • First version of worm caused failures in centrifuges, second version caused OSes to repeatedly crash and reboot - Belarusian malware-detection firm called to investigate - Four zero-day (previously unknown) exploits used to break into Microsoft operating system • In 2012 Chevron first US corporation to publicly confirm that Stuxnet had spread across its machines - Siemens systems have no direct connection to Internet, so five outside companies believed to be connected with nuclear program were infected • Authors of Stuxnet never confirmed but leaks to press suggest from US and Israel worked in collaboration to create it [Sanger, NYTimes]

[S. Abraham]

D. Koop, CIS 381, Spring 2019 28 Stuxnet Differences • Worm caused physical damage rather than just stealing or modifying information • Sophistication and levels of attack suggest virus took around two to three years to author • Likely US operation targeted software created by US corporations • Connections discovered between Stuxnet and Flame discovered - Used for cyber espionage in the Middle East - Could exchange data with any Bluetooth-enabled device - Entered systems disguised as a legitimate Windows 7 update

[S. Abraham]

D. Koop, CIS 381, Spring 2019 29 Cyber Espionage • Hundreds of computer security breaches in more than a dozen countries investigated by Mandiant • Hundreds of terabytes of data stolen • Mandiant blamed Unit 61398 of the People’s Liberation Army • China’s foreign ministry stated that accusation was groundless and irresponsible

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 30 Anonymous • Anonymous: loosely organized international movement of hacktivists (hackers with a social or political cause) • Various DDoS attacks attributed to Anonymous members

Year Victim Reason 2008 Church of Scientology Attempted suppression of Tom Cruise interview 2009 RIAA, MPAA RIAA, MPAA’s attempt to take down the Pirate Bay 2009 PayPal, VISA, Financial organizations freezing funds flowing to MasterCard Julian Assange of WikiLeaks 2012 U.S. Dept. of Justice, U.S. Dept. of Justice action against Megaupload RIAA, MPAA 2013 Israel Protest Israeli treatment of Palestinians 2014 City of Cleveland Protest killing of 12-year-old Tamir Rice by a Cleveland police officer 2015 Jihadist groups Terrorist attack on Paris office of Charlie Hebdo magazine [M. J. Quinn]

D. Koop, CIS 381, Spring 2019 31 Convictions of Anonymous Members • Dozens of people around the world have been arrested for participation in Anonymous cyber attacks • Dmitriy Guzner (Church of Scientology attacks): 366 days in prison and $37,500 in restitution • Brian Mettenbrink (Church of Scientology attacks): 1 year in prison and $20,000 in restitution • Jake Davis (Sony Pictures attacks): 2 years in prison

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 32 Motivation for Online Voting • 2000 U.S. Presidential election closely contested • Florida pivotal state • Most Florida counties used keypunch voting machines • Two voting irregularities traced to these machines - Hanging chad - “Butterfly ballot” in Palm Beach County

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 33 The Infamous “Butterfly Ballot”

[AP Photo/Gary I. Rothstein]

D. Koop, CIS 381, Spring 2019 34 Benefits of Online Voting • More people would vote • Votes would be counted more quickly • No ambiguity with electronic votes • Cost less money • Eliminate ballot box tampering • Software can prevent accidental over-voting • Software can prevent under-voting

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 35 Risks of Online Voting • Gives unfair advantage to those with home computers • More difficult to preserve voter privacy • More opportunities for vote selling • Obvious target for a DDoS attack • Security of election depends on security of home computers • Susceptible to vote-changing virus or RAT • Susceptible to phony vote servers • No paper copies of ballots for auditing or recounts

[M. J. Quinn]

D. Koop, CIS 381, Spring 2019 36