sign in sign up
<<
Home , Keystroke logging, Pharming, Seculert, Spyware, Trojan horse (computing)

Outline : Definitions and Examples Cyber Warfare

L6. Hacking, Malware, and Cyber Warfare

Alice E. Fischer

September 18, 2018

L6. Hacking. . . 1/25 Outline Malware: Definitions and Examples Cyber Warfare

Malware: Definitions and Examples

Cyber Warfare

L6. Hacking. . . 2/25 Outline Malware: Definitions and Examples Cyber Warfare

Dishonesty on the

Malware comes in may forms I Root kits, Viruses, worms, and Trojan horses I and weapons. I Dishonest . I Fake people, fake news, and “trending”. Much of today’s information is adapted from Wikipedia.

L6. Hacking. . . 3/25 Outline Malware: Definitions and Examples Cyber Warfare

Viruses

Virus: a computer program that can replicate itself. I It must attach itself to another piece of , and runs when that other software is activated. I January 1986: the Brain boot sector virus became the first virus epidemic. It infected IBM-compatible hardware. it was created in Lahore, Pakistan by 19 year old Pakistani programmer and his brother. I August 2012: is designed to target computers running Windows in the energy sector. Symantec, and Seculert announced its discovery.

L6. Hacking. . . 4/25 Outline Malware: Definitions and Examples Cyber Warfare

Worms Worm: a standalone malware computer program that replicates itself in order to spread I November 2 1988: The Internet worm, created by Robert T. Morris, infected DEC VAX and Sun machines running BSD connected to the Internet. It became the first worm to spread extensively ”in the wild”, and one of the first well-known programs exploiting buffer overrun vulnerabilities. I November 21 2008: Conficker infects anywhere from 9 to 15 million Microsoft server systems running everything from Windows 2000 to the Windows 7 Beta. The French Navy, UK Ministry of Defense (including warships and submarines), Sheffield Hospital network, German Bundeswehr, and Norwegian Police were all affected.

L6. Hacking. . . 5/25 Outline Malware: Definitions and Examples Cyber Warfare

Trojan Horses : malware that masquerades as a legitimate file or a helpful program. When installed, it will give a remote access to a targeted computer. Typical purposes: I Enroll the machine as part in a I Data theft I Installation of third-party add-ons I Downloading, deletion of, or uploading files I I Watching the ’s screen I Crashing the computer I Anonymizing internet viewing

L6. Hacking. . . 6/25 Outline Malware: Definitions and Examples Cyber Warfare

Trojan Horses Trojans are currently becoming more prevalent. I 1974: ANIMAL, by John Walker for the UNIVAC 1108 became the first trojan to propagate itself “in the wild”. It played a harmless guessing game, but also made copies of itself in all directories to which the user had access. I Anti-Spyware 2011, a trojan which attacks Windows 9x, 2000, XP, Vista, and Windows 7, posing as an anti-spyware program. It actually disables the security-related processes of anti-virus programs, while also blocking access to the Internet to prevent updates. I Is Kaspersky’s antivirus a Trojan horse whose purpose is to gain access to U.S. defense systems?

L6. Hacking. . . 7/25 Outline Malware: Definitions and Examples Cyber Warfare

Spyware

Malware that collects information without the user’s knowledge. I In 2005, 61% of surveyed users’ computers were infected with spyware. I Microsoft used to claim the right to install or remove software on any machine that ran Windows. I Keyloggers. (Several years ago at UNH. . . ) I Installed by employers to monitor employee usage. I Installed by crooks to get .

L6. Hacking. . . 8/25 Outline Malware: Definitions and Examples Cyber Warfare

Spyware

Major companies install spyware to collect personal information. Some of the products are aimed at children. I 2000: The Mattel toy company sold “Reader Rabbit” educational software that sent usage data back to Mattel. I 2011: Android malware was found in Angry Birds add-on apps. I Alexa records conversations in your home and reports them to Google. It is often in the news because of newly discovered surveillance issues. I Barbie relays conversations with children back to the company’s processing center.

L6. Hacking. . . 9/25 Outline Malware: Definitions and Examples Cyber Warfare

Weapon-Malware

The use of malware as a weapon is relatively new. I can find no mention of this before Stuxnet, in June 2010. Sept. 2011: Gauss I Gauss appears to be a cyber- weapon designed by a country to target and track specific individuals. It’s not known yet who created it. I Of the 2,500 or so discovered instances of Gauss across the world, about 1,660 of them were found in Lebanon. I The virus is specifically designed to target customers of Lebanese banks, aCitibank, eBay, and PayPal.

L6. Hacking. . . 10/25 Outline Malware: Definitions and Examples Cyber Warfare

Weapon-Malware (September, 2012), a spy vs. spy weapon. I It attacks computers running the I It uses multiple techniques and spreads through four different transfer protocols. I It record local activity and network traffic and attempts to download information from nearby computers. This info, plus local documents, is sent to one of several command servers. I It can delete itself it it receives a “kill” command. I Victims include governmental organizations, educational institutions and private individuals. At that time 65% of the infections happened in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt,

L6. Hacking. . . 11/25 Outline Malware: Definitions and Examples Cyber Warfare

Root Kit: Sony 2003? – November 2005 A set of tools that disable the diagnostic tools that are designed to let you discover that your system has been compromised. This gives the attacker privileged access to a computer, any time. I August 2000: Designed to combat Napster in an effective way, the XCP software was installed on Sony BMG music CDs. A detailed description and technical analysis was published in Oct. 2005. I XCP was installed silently, the EULA does not mention it, there was no uninstaller, and it created security holes. All are illegal in various ways and places. I Inexpert attempts to uninstall the software could lead to Windows failing to recognize an existing drive. I It used unsafe procedures to start/stop the , which could lead to the Blue Screen of Death.

L6. Hacking. . . 12/25 Outline Malware: Definitions and Examples Cyber Warfare

Phishing and

I : Often delivered as spam, a phishing message tries to induce you to give up personal information that can be used to defraud you. I Pharming is a scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or . Pharming has been called “phishing without a lure.”

L6. Hacking. . . 13/25 Outline Malware: Definitions and Examples Cyber Warfare

How does it get in the door?

I It was put there when the equipment was manufactured or the system was installed. I System vulnerability + some level of access + known exploit I Plugging in an infected stick / disk. I Mis-designed features: autoexec.bat I cracking. I On-site collaborators: Firewalls are often configured to filter out tcp connection packets. But an insider can establish a connection to the outside, which then becomes a 2-way street.

L6. Hacking. . . 14/25 Outline Malware: Definitions and Examples Cyber Warfare

Fake people, Fake News, and “Trending” These are indirect cyber tools that foster “group-think” and can influence large numbers of people to believe things that are not true. I From Hitler, we learned that people will believe anything they hear over and over and over, from sources all around them. I Putin uses the same technique to control his own country. I During the 2016 presidential election, Russian created multitudes of fake people ( and Twitter accounts). They injected fake news into the network, and ensured that it was “liked” and “retweeted” again and again. The “trending” lies were picked up by thousands of unwary Americans and passed on to their friends. I By election day, hundreds of thousands of people did not know what was true. They had no idea that the news was planted.

L6. Hacking. . . 15/25 Outline Malware: Definitions and Examples Cyber Warfare

The Business of Hacking

I Social Engineering: DefCon.pdf, http://www.defcon.org/ I Zero-Day.pdf: A price list for secret exploits I Who are the Hackers? I Government agencies: powerGrid.pdf, GoogleHacked.pdf I Military organizations. I Bored kids: ClassExercise.eml I Bright, angry young adults: PayForPlay.pdf I Professional thieves: FreeApps.rtf

L6. Hacking. . . 16/25 Outline Malware: Definitions and Examples Cyber Warfare

Definition and Overview

An act is Cyber Warfare if it uses the internet and/or computer technology to attack another country’s economy, infrastructure, government, or people. Motivations might be: I To weaken or destabilize an economy. I To damage the military readiness of a country. I Stealing military or industrial secrets and/or plans I Identifying the people who are spying on your country.

L6. Hacking. . . 17/25 Outline Malware: Definitions and Examples Cyber Warfare

Weapon-Malware

The use of malware as a weapon is relatively new. I can find no mention of this before Stuxnet, in June 2010. Sept. 2011: Gauss I Gauss appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It’s not known yet who created it. I Of the 2,500 or so discovered instances of Gauss across the world, about 1,660 of them were found in Lebanon. I The virus is specifically designed to target customers of Lebanese banks, aCitibank, eBay, and PayPal.

L6. Hacking. . . 18/25 Outline Malware: Definitions and Examples Cyber Warfare

Weapon-Malware Flame (September, 2012), a spy vs. spy weapon. I It attacks computers running the Microsoft Windows I It uses multiple encryption techniques and spreads through four different transfer protocols. I It record local activity and network traffic and attempts to download information from nearby computers. This info, plus local documents, is sent to one of several command servers. I It can delete itself it it receives a “kill” command. I Victims include governmental organizations, educational institutions and private individuals. At that time 65% of the infections happened in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Egypt,

L6. Hacking. . . 19/25 Outline Malware: Definitions and Examples Cyber Warfare

The U.S. Electric Grid: 2015–2016

I The hacking below is espionage – with the potential, if needed, for sabotage. I Target sectors: energy, nuclear, water, aviation, commercial, and critical manufacturing. I The economic and defense disruptions from a blackout would be enormous.

I Late 2015: As the first stage of penetration, malicious was sent to Engineers and staff at critically important organizations with access to controls. I March 2016: Small commercial networks that were less secure were targeted with malware.

L6. Hacking. . . 20/25 Outline Malware: Definitions and Examples Cyber Warfare

The U.S. Electric Grid - March 2018

Homeland Security investigated and reported this multi-stage attack by . I The report did not say whether the campaign was still ongoing I It is not provide specifics on which targets were breached, or how close hackers may have gotten to operational control systems. I We learn only that “We did not see them cross into the control networks,” Note: Security agencies will never release many details about anything.

L6. Hacking. . . 21/25 Outline Malware: Definitions and Examples Cyber Warfare

Russian Attack on American Election: Fall 2016

I 2016: Homeland Security reported that voter registration rolls of 21 states were targeted. A small number of them were penetrated. Rumors say that was 7 states: Alaska, Arizona, California, Florida, Illinois, Texas, Wisconsin. I Penetrations varied, state by state: I Entry into state I Penetration of voter registration databases I Other subsystems were probed. I They say no votes were changed, and no voters removed from the rolls.

L6. Hacking. . . 22/25 Outline Malware: Definitions and Examples Cyber Warfare

Russian Attack on American Election: Fall 2016

I A number of the Russia-linked Facebook ads were geographically targeted to reach residents of Michigan and Wisconsin, both battleground states. Trump defeated Clinton by a narrow margin there. (October 2017, CNN) I Facebook estimates that the entire Russian effort was seen by 10 million people. I A group of Russian trolls posed as Black Lives Matter activists during the campaign, using a variety of platforms including Tumblr and Pokemon Go to reach voters. (October 2017, CNN) I Facebook announced that more than 3,000 Russian ads were posted on the site between June 2015 and May 2017.

L6. Hacking. . . 23/25 Outline Malware: Definitions and Examples Cyber Warfare

Russian Attack on American Election: Fall 2016

I The Justice Department announced indictments against 12 members of the Russian intelligence agency, GRU. (July 2018) I The indictment charges them with making a sustained effort to hack Democratic party and networks during the 2016 campaign. I These emails were released online by Wikileaks. I Identities or the hackers were traced through their Bitcoin transactions. (Who was paying them?)

L6. Hacking. . . 24/25 Outline Malware: Definitions and Examples Cyber Warfare

Short Essay 2: Internet Ugliness This lecture skims quickly over a very large number of problems and abuses that affect everyone. Choose a sub-topic from one of these areas: 1. Illegal use of technology: hacking into private systems. 2. 3. Sick uses of the internet 4. Internet abuses: drowning in spam, phishing, etc. Read the given case studies or references and find at least two more related references. Describe the problem, specific examples, and anything being done to address the problem. Include your own opinions and reactions. Provide an introduction, summary, and bibliography. Make it clear that you have spent time thinking.

L6. Hacking. . . 25/25