Topics Why study historical records? History of Trends 1960s / 70s – Sabotage Computer Crime Impersonation Phone Phreaking Data Diddling CSH6 CSH6 Chapter 2 Logic Bombs Chapter 2 Trojan Horses “History of Computer Crime” Notorious Worms and Viruses M. E. Kabay Spam Denial of Service With supplemental updates Hacker Underground Recent Developments
1 Copyright © 2014 M. E. Kabay. All rights reserved. 2 Copyright © 2014 M. E. Kabay. All rights reserved.
Why study historical Trends records? Early days: sabotage, disgruntled/dishonest Common body of knowledge employees Distinguish amateurs from professionals Physical damage prominent threat until 1980s Shared history of significant events Unauthorized access common What has shaped development of field Telecommunications subversion popular in 1960s/70s Understand references from senior people Malicious software developed in 1980s Put new events and patterns into perspective Fax-based fraud developed in 1980s (4-1-9) Growth of Internet multiplied threats Financial crime mediated by computers & networks grew in 1990s New malware types developed in 1990s Illegitimate uses of e-mail spawned spam, phishing, 4-1-9 e-mail fraud
3 Copyright © 2014 M. E. Kabay. All rights reserved. 4 Copyright © 2014 M. E. Kabay. All rights reserved.
Rough Guesses About 1960s / 70s – Sabotage Sources of Damage to IT Before 1993 Computers can be tools and targets of crime Also repositories of evidence 1969.02 – fire in computer center during student riot in Montréal, Québec, Canada Sir George Williams University (now Concordia) $2M damages & 97 people arrested
After 1993 In 2001, survey by Novatech showed ~¼ of all computers had been physically assaulted by owner (4,200 respondents) MORAL: remember this fuzzy graph and don’t trust precise statistics about computer crime!
5 Copyright © 2014 M. E. Kabay. All rights reserved. 6 Copyright © 2014 M. E. Kabay. All rights reserved. Albert the Saboteur (1970) Impersonation
National Farmers Union Service Corporation 1970-1972 1970: Jerry Neal Schneider Burroughs B3500 mainframe 1980-2003: Kevin Mitnick 56 hard disk head crashes in 2 years 8 hours average downtime 1970s-today: Credit Card Fraud $500,000 electrical system repairs Crashes continued 1990s-today: Identity Theft Rises Suspicion fell on Albert the Operator Loyal employee Night shift for many years without letup Secret video-tape revealed sabotage Liked the excitement of having all those people around
7 Copyright © 2014 M. E. Kabay. All rights reserved. 8 Copyright © 2014 M. E. Kabay. All rights reserved.
1970: Jerry Neal Schneider 1980-2003: Kevin Mitnick (1) Born 1963 Born c. 1951 As young teenager, stole bus rides by using special punch for bus transfers 1968: forms Creative Systems Enterprises Phone phreaking, pranks, breakins using Selling electronic communications equipment social engineering against DEC Dumpster® Diving for parts at PT&T 1981: social engineering to enter PacBell Found discarded (unshredded) procedures Juvenile court ordered psychological study manuals 1 year probation 1971: Ordered new equipment from PT&T by pretending to be employee involved in repairs 1987: arrested for penetrating USCA Then sold it -- ~$200K value Stored stolen VAX VMS code on disks 1972: Arrested and convicted of grand theft 1988: Arrested by FBI; sentenced 1989 to 1 year jail & 6 months rehabilitation 2 months + $500 fine!
9 Copyright © 2014 M. E. Kabay. All rights reserved. 10 Copyright © 2014 M. E. Kabay. All rights reserved.
Kevin Mitnick (2) Kevin Mitnick (3)
1992: FBI tried to arrest him for stealing services Became cause célèbre among criminal hackers from phone company computers FREE KEVIN defacements worldwide Went underground Funniest: FREE KEVIN on Mexican Web site 1994: Insults Tsutomu Shimomura after release of KM Physicist & Internet security expert 2000: released from prison Mitnick left rude messages on computer, voice- 3 years parole mail Restricted access to computers Shimomura helped FBI track Mitnick Profits from writing and speaking 1995: FBI arrests Mitnick about criminal career used to 1999: Convicted of wire fraud, computer fraud & reimburse victims illegal interception of wire communication Founded own computer-security firm Sentenced to 46 months federal prison Wrote books about defending against social engineering
11 Copyright © 2014 M. E. Kabay. All rights reserved. 12 Copyright © 2014 M. E. Kabay. All rights reserved. 1970s-Today: Kevin Mitnick (4) Credit Card Fraud (1) Readings about the Mitnick case Credit cards developed after WWII in USA Goodell, J. (1996). The Cyberthief and the Samurai: The True Story of Kevin Mitnick— 1950: Diners Club and the Man Who Hunted Him Down. Dell (New York). ISBN 0-440-22205-2. xix + 328. 1951: BankAmericard & MasterCard Hafner, K. & J. Markoff (1991). Cyberpunk: 1958: American Express Outlaws and Hackers on the Computer Frontier. Touchstone Books, Simon & 1960s: aggressive marketing of credit cards Schuster (New York). ISBN 0-671-77879-X. 368. Index. Sending cards to unsuspecting consumers Littman, J. (1996). The Fugitive Game: Online Mailbox theft → surprise bills on first invoice with Kevin Mitnick—The Inside Story of the Great Cyberchase. Little, Brown and 1974: Fair Credit Billing Act to reduce abuses Company (Boston). ISBN 0-316-5258-7. x + 383. 1970s-80s: expansion of electronic confirmation Shimomura, T. & J. Markoff (1996). Takedown: 1980s: Refusal to improve security (no pictures) The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw—by the Man Who Did It. Hyperion (New York). ISBN 0-7868-6210-6. xii + 324. Index.
13 Copyright © 2014 M. E. Kabay. All rights reserved. 14 Copyright © 2014 M. E. Kabay. All rights reserved.
1990s-now: Identity Credit Card Fraud (2) Theft Rises 1990s: massive increase in credit card & online fraud US Visa/MC: $110M in 1980 vs $1,630M in 1995 One of the fastest growing crimes in USA More recent data*: Identity Theft Resource Center Unauthorized general-purpose credit card http://www.idtheftcenter.org/ transactions = 0.037% all card-present credit card Wealth of resources transactions in 2012 Victim resources Fraud = 0.092% value of transactions) 0.118% all card-not-present transactions ID theft protection tips 0.114% value those transactions) Scams & alerts Global fraud rates across Visa < $0.06/$100 FBI ID Theft Resources http://www.fbi.gov/about- us/investigate/cyber/identity_theft Statistic Brain * < http://www.creditcards.com/credit-card-news/credit-card-industry-facts-personal-debt-statistics-1276.php > http://www.statisticbrain.com/identity-theft-fraud- or < http://tinyurl.com/6hdtv6 > statistics/
15 Copyright © 2014 M. E. Kabay. All rights reserved. 16 Copyright © 2014 M. E. Kabay. All rights reserved.
What ID Thieves Do Consequences for Victims
Credit-card expenses relatively easy to correct IFF Locate identifying data Victim checks statement immediately and Social Security Number Reports questionable transactions within time limit Driver's License Bank-account thefts much more difficult to correct Home address, telephone number Money stolen is client’s, not bank’s Mother's maiden name Client has great difficult recovering funds Or just misuse of handle (screen name) for Bill-collectors hound victims relentlessly forged messages Bad credit records difficult to correct, ruin plans, cause Create new credit cards, bank accounts loss of jobs or interfere with hiring Default on loans in victim's name Criminal accusations put victims at serious risk of erroneous arrest or deportation Ruin reputations, credit records Victims may be nailed for child support of total strangers
17 Copyright © 2014 M. E. Kabay. All rights reserved. 18 Copyright © 2014 M. E. Kabay. All rights reserved. Preventing ID Theft Phone Phreaking Phone + freak = phreak Prevent theft: restrict access to your SSN 1950s: Single-frequency signals and other personal data communicated control instructions to SSN may be required by SSA, IRS central switches (computers) employer, financial institution, lender Generating external tone could fool Corner store or video rental should NOT be switch given SSN 2600 Hz tone generated by whistling, NEVER give out credit-card or other personal flute or whistle in Captain Crunch cereal box data over the phone to someone who has called you. Ask for written documents. Hence John Draper phreak became known as Cap’n Crunch Shred papers that include confidential info before discarding. Able to initiate free long-distance Interviewed by Equire 1971 about Destroy computer media before discarding. phreaking – arrested & convicted Don’t use DEBIT cards to buy things Eventually jailed for wire fraud in John Draper 1977 then and now 19 Copyright © 2014 M. E. Kabay. All rights reserved. 20 Copyright © 2014 M. E. Kabay. All rights reserved.
Data Diddling: Data Diddling The Equity Funding Fraud Unauthorized modification of data Equity Funding Corporation of America Changes can occur From early 1960s to 1973, immensely successful Before data input firm During data input Buy insurance + invest in mutual funds Before output In 1964, computer problem prevented printing final figures Records affected have included President ordered head of DP to falsify report with Bank records expected profit Payrolls Profit failed to materialize Inventory data Invented false insurance policies to make up Credit records difference Eventually “killed” nonexistent policy holders to School transcripts collect payouts ($MILLIONS) Telephone switch configurations…. Discovered 1972 by SEC; officers went to jail
21 Copyright © 2014 M. E. Kabay. All rights reserved. 22 Copyright © 2014 M. E. Kabay. All rights reserved.
Data Diddling: Trojan Horses Vladimir Levin vs Citibank Program with apparently useful function In 1994, Russian programmer Vladimir Levin broke into But which has hidden harmful functions Citibank computers Can be triggered by either Transferred ~$12M to various Change of state (logic bombs) international bank accounts E.g., removal of employee status for Spotted after 1st $400,000 programmer transferred in July 1994 Date/Time (time bombs) Citibank cooperated with FBI & Interpol May provide for covert access Levin & gang eventually arrested and tried Back door Convicted 1998 to 3 years prison AKA trap door Citibank hired banking industry’s first CISO, E.g., BackOrifice & BO2K released by Dildog, Stephen R. Katz criminal hacker in cDC (Cult of the Dead Cow)
23 Copyright © 2014 M. E. Kabay. All rights reserved. 24 Copyright © 2014 M. E. Kabay. All rights reserved. Early Notorious Worms and Logic Bombs Viruses Jerusalem Virus of 1988 1987: Christmas Tree Worm Duplicated itself every Friday and on 13th December e-mail with EBCDIC version of tree flooded IBM networks of month Nov 2, 1988: The Morris Worm th On every Friday 13 after May 13, 1988, Robert T. Morris studying at Cornell corrupted all available disks on system Released self-replicating autonomous code PC Cyborg Spread through Internet AIDS information diskette Crashed systems all over USA (~6,000-9,000) Actually encrypted Led to formation of Computer Emergency directories, filled C: drive, Response Team Coordination Center, CERT-CC® intercepted commands Morris convicted Violated Computer Fraud & Abuse Act of 1986, 18 USC Linked to extortion demand §1030(a) for money 3 years probation, $10K fines, expelled from Cornell Now respected MIT professor
25 Copyright © 2014 M. E. Kabay. All rights reserved. 26 http://pdos.csail.mit.edu/~rtm/Copyright © 2014 M. E. Kabay. All rights reserved.
Stuxnet Worm Spam (not SPAM®)
July 2010 1994: Green Card Lottery spam Zero-day threat to SCADA Laurence A. Canter & Martha S. Siegel Attorneys Siemens Simatic WinCC & PCS7 Posted ad to 6,000 USENET groups Designed for industrial espionage But did not cross-post (1 copy/user) Also for sabotage Posted to EVERY GROUP (1 copy/group) Thought to have been developed by USA and Israel by 2007 Response massive Found in ~100,000 computers Complaints crashed their e-mail server ISP Iran, Indonesia, Inda Canter disbarred Iranian nuclear power program affected Never apologized – continue to spam Centrifuges ran too fast TODAY: estimates of 75-85% all email = spam
27 Copyright © 2014 M. E. Kabay. All rights reserved. 28 Copyright © 2014 M. E. Kabay. All rights reserved.
Denial of Service Hacker Underground
DoS = interference with availability of service Criminal-Hacker Subculture Resource exhaustion or Chaos Computer Club Destruction Cult of the Dead Cow Unamailer (1996) 2600 The Hacker Quarterly johnny [x] chaotic subscribed victims to 100s LOD of e-mail lists Phrack Led to practice of confirming subscriptions MOD MafiaBoy (2000) Gray-Hat Hackers Massive attacks on Yahoo.com, Amazon.com, eBay.com, Buy.com, CNN.com – flooded Anonymous Lulz 15-year-old boy using modem in west end of Montréal did $M of lost business & depressed Web Vandalism Classics stock prices
29 Copyright © 2014 M. E. Kabay. All rights reserved. 30 Copyright © 2014 M. E. Kabay. All rights reserved. Criminal-Hacker Criminal-Hacker Subculture Subculture (2) Who? Why? Children (sub-teens, teens) Defining peer-group,affiliation, status Adults (fewer after 18 years of age) Rebellion, power Amateurs Curiosity, learning “3133T” (elite) hackers Ideology, cant Professionals Avoid stereotypes Organized crime Not all creepy adolescent geeks What Varying levels of ethical reasoning, emotional development Publications, USENET groups, lists Local meetings, conventions Jargon (133T5p33k)
31 Copyright © 2014 M. E. Kabay. All rights reserved. 32 Copyright © 2014 M. E. Kabay. All rights reserved.
Classic Hacker Group: Chaos CDC – Cult of the Dead Cow Computer Club Founded 1984 in Texas 1981: German group of computer enthusiasts “Global Domination Through Radical politics Media Saturation” Demonstrated vulnerability in Bundespost Much satire – some very funny videotext service Member Drunkfux founded Generally viewed as gray-hat (non-criminal) HoHoCon hacker conference hackers Political action campaigns 1999: Opposed attempts by some computer hacker groups to disable Against censorship (Goolag computers in PRC Campaign against GOOGLE cooperation with PRC) Chaos Communications Conferences popular with Attacks on Church of some legitimate security Scientology experts Hacking tools BO & BO2K
33 Copyright © 2014 M. E. Kabay. All rights reserved. 34 Copyright © 2014 M. E. Kabay. All rights reserved.
2600 Legion of Doom (LOD) The Hacker Quarterly Editor Eric Corley aka 1984: Phone phreakers and criminal “Emmanuel Goldstein” hackers founded LOD http://www.2600.com/ Named after enemies of DC Comics superheroes Founded in 1984 Published findings in LOD Technical Longest running & most popular Journal hacking ‘zine Chris Goggans (Eric Bloodaxe) one of Detailed instructions on best known Stealing telephone services Editor of Phrack Lock-picking Became member of MOD Penetration techniques Mark Abene (Phiber Optik) also member Analysis of security issues who moved to MOD History of hacking Conflict with MOD = The Great Hacker Chris Goggans Political ideology War Then & Now
35 Copyright © 2014 M. E. Kabay. All rights reserved. 36 Copyright © 2014 M. E. Kabay. All rights reserved. Phrack Masters of Deception (MOD) http://www.phrack.com/ 1989-1992 New York criminal hacker group 1st edition Nov 1985 Phiber Optik (Mark Abene) Originally focused on phreaking Highly visible in media Entirely electronic on BBS Harper’s systems Esquire Eds: Knight Lightning New York Times (Craig Neidorf) & Taran TV (Geraldo) King (Randy Tischler) Eventually arrested, Phrack 24 involved in Operation Sundevil (1990) Tried for violation of CFA [18 USC §1030(a)] Published E911 docs Sentenced to 1 year in prison Actually public docs! Craig Neidorf
37 Copyright © 2014 M. E. Kabay. All rights reserved. 38 Copyright © 2014 M. E. Kabay. All rights reserved.
Gray-Hat Hackers (1) Gray-Hat Hackers (2) Gray-Hats: professionals with black-hat backgrounds and Black-Hats: criminal hackers attitudes May have been members of criminal-hacking organizations Ignore laws May continue to use hacker handles (pseudonyms) Test for and exploit vulnerabilities without 2000-01: L0pht members join @Stake authorization 8 members of L0pht Heavy Industries Publicize vulnerabilities without delay for Continued to use hacker handles (e.g., Mudge, Weld Pond, repair Brian Oblivion, Dildog…) Sometimes amateurish; may be experts Described in glowing terms by some reputable experts White-Hats: penetration testers NTBugtraq's Russ Cooper: "The eight brilliant geniuses down at the L0pht. . . .” Authorized to test by owners of systems Other commentators not impressed Maintain confidentiality and professionalism John Taschek of PC Week: “. . . L0pht's history shows that Sometimes hide-bound; may be imaginative the group is not ethical, maintained practices that bordered on being illegal and is simply downright scary. . . .”
39 Copyright © 2014 M. E. Kabay. All rights reserved. 40 Copyright © 2014 M. E. Kabay. All rights reserved.
Web Vandalism Classics CIA (1996.09)
CIA (1996.09) USAF (1996.12) NASA (1997.03) AirTran (1997.09) UNICEF (1998.01) US Dept Commerce (1998.02) New York Times (1998.09) SETI site (1999) Fort Monmouth (1999) Senate of the USA (twice)(1999) DEFCON 1999 (!)
41 Copyright © 2014 M. E. Kabay. All rights reserved. 42 Copyright © 2014 M. E. Kabay. All rights reserved. USAF (1996.12) NASA (1997.03)
43 Copyright © 2014 M. E. Kabay. All rights reserved. 44 Copyright © 2014 M. E. Kabay. All rights reserved.
AirTran (1997.09) UNICEF (1998.01)
45 Copyright © 2014 M. E. Kabay. All rights reserved. 46 Copyright © 2014 M. E. Kabay. All rights reserved.
US Dept Commerce New (1998.02) York Times (1998. 09)
47 Copyright © 2014 M. E. Kabay. All rights reserved. 48 Copyright © 2014 M. E. Kabay. All rights reserved. SETI (1999) Fort Monmouth (1999)
49 Copyright © 2014 M. E. Kabay. All rights reserved. 50 Copyright © 2014 M. E. Kabay. All rights reserved.
Senate of Senate of the USA the USA (1) (1999) (2) (1999.06)
51 Copyright © 2014 M. E. Kabay. All rights reserved. 52 Copyright © 2014 M. E. Kabay. All rights reserved.
DEFCON (1999.07) Hacker Conventions
Blackhat < http://www.blackhat.com/ > DefCon < http://www.defcon.org/ > HOPE (Hackers on Planet Earth) < http://www.hopenumbernine.net/ >
53 Copyright © 2014 M. E. Kabay. All rights reserved. 54 Copyright © 2014 M. E. Kabay. All rights reserved. Criminal Hacking Gets Chinese Cyberwar Organized Profitable, low risk Significant increase in industrial espionage International gangs successful by PRC Russian Business Network (RBN) Full-time hackers employed by state Bradley Guinen (NU BSCSIA 2013) Log off during weekend! CJ341 paper published in Network World Attacks, penetration, infiltration, IP theft Security Strategies with Kabay See Chapter 14 from CSH6.
http://www.mekabay.com/nwss/866_russian_cybercrime_(guinen)_part_1.pdf http://www.mekabay.com/nwss/867_russian_cybercrime_(guinen)_part_2.pdf http://www.mekabay.com/nwss/868_russian_cybercrime_(guinen)_part_3.pdf
55 Copyright © 2014 M. E. Kabay. All rights reserved. 56 Copyright © 2014 M. E. Kabay. All rights reserved.
DISCUSSION
57 Copyright © 2014 M. E. Kabay. All rights reserved.