Awareness & Prevention of Black Hat Hackers Mohamed Islam & Yves Francois IASP 470 History on Hacking • Was born in MIT’s Tech Model Railway Club in 1960 • Were considered computer wizards who had a passion for exploring electronic systems • Would examine electronic systems to familiarize themselves with the weaknesses of the system • Had strict ethical codes • As computers became more accessible hackers were replaced with more youthful that did not share the same ethical high ground. Types of Hackers • Script Kiddie: Uses existing computer scripts or code to hack into computers usually lacking the expertise to write their own. Common script kiddie attack is DoSing or DDoSing. • White Hat: person who hacks into a computer network to test or evaluate its security system. They are also known as ethical hackers usually with a college degree in IT security. • Black Hat: Person who hacks into a computer network with malicious or criminal intent. • Grey Hat: This person falls between white and black hat hackers. This is a security expert who may sometimes violate laws or typical ethical standards but does not have the malicious intent associated with a black hat hacker. • Green Hat: Person who is new to the hacking world but is passionate about the craft and works vigorously to excel at it to become a full-blown hacker • Red Hat: Security experts that have a similar agenda to white hat hackers which is stopping black hat hackers. Instead of reporting a malicious attack like a white hat hacker would do they would and believe that they can and will take down the perpretrator. • Blue Hat: Much like script Kiddies. They are novist hackers whose main agenda is to take revenge on anyone who may make them angry, with no desire to learn just to exact revenge on opposing parties. Famous Black Hat Hackers • John Draper AKA “Captain Crunch” • Exploited telephone systems that were managed by automated systems that used specific analogue frequencies back in the 70’s • Process of exploiting these frequencies is called “Phreaking”. • Equipment used to Phreak was a toy whistle that came from in a box of Cap’n Crunch cereal. • Created his own Phreaking tool whistle known as the blue box • Inspired the two Steve’s of Apple Famous Black Hat Hackers cont. • Created the Morris Worm November 2nd 1998 • Morris worm infected 6000 systems which was 10 percent of internet attached computers. • The Morris worm copied itself excessively which caused heavy system loads causing financial damage that lead back to him. • First person indicted and convicted under the Computer Fraud and Abuse Act of 1986. • Served 3 years of federal jail time for probation. • Currently works for MIT in the electrical engineering and computer science department and helped found Silicon Valley Tech Incubator Y Combinator which is a program that assist young startups to get businesses off the ground. Famous Black Hat Hackers cont. • Kevin Mitnick AKA “The Condor” AKA “The Darkside Hacker”. • Considered the most famous hacker in history first to make the FBI’s most wanted list. • Master in Social Engineering • Manipulating people into giving out passwords and other information that can unlock sensitive data on networks. • Broke into computer networks Pacific Bell, Nokia, IBM, and Motorola • Evaded FBI for 3 years using cloned cell phones that helped hide his location • In 1999 served 5 years and upon his release started his own computer security consultancy Mitnick Security Consulting LLC Famous Black Hat Hackers cont. • Jeff Moss AKA “The Dark Tangent” • Graduate of Gonzaga University with BA in Criminal Justice. • Professional career started at Ernst & Young LLP in their information system security division. • Director at Secure Computing Corporation assisted in establishing the Professional Services Department in the U.S., Asia, and Australia. • 1993 Created DEF CON hacker convention. • 1997 created Black Hat Briefings computer security conference. • Cyber security advisor for the U.S. • 2009 sworn into Homeland Security Advisory Council. • April 2011 was appointed Chief Security Officer of ICANN. • 2017 named the Commissioner at the Global Commission on the Stability of Cyberspace. DEF CON Hacker Conference • One of the worlds largest hacker conventions that is held annually in Las Vegas. • Started in June 1993 by Jeff Moss meant to be a party for member of Platinum Net a Fido based hacking network out of Canada. • Attendees include computer security professionals, lawyers, journalist, security researchers, students, federal government employees. • Topics covered phone phreaking, hardware modification, computer architecture anything that can be hacked. • Most popular game is Capture the Flag (CTF) this is a hacking competition where teams of hackers attempt to attack and defend computers and networks using certain software and network structures • Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service, DHS Black Hat Briefings • Computer security conference started in 1997 by Jeff Moss. • Takes place different parts of the world. Its been held in Las Vegas, Barcelona, Abu Dhabi, Tokyo, Washington DC, and London. • It is typically scheduled before DEF CON • Two major sections of the conference is the Black Hat Briefings and Black Hat Trainings • Has hosted the NSA’s information assurance manager course. • Has hosted Cisco Systems course as well as Offensive Security courses. • Topics range from reverse engineering, identity and privacy and hacking. Conclusion • With computers becoming more and more popular in civilian life, using them for everyday activities like keeping in contact with loved ones, schooling and banking. Our computers store our personal sensitive data on them, and keeping that information secure is becoming more difficult as technology evolves. As technology evolves so do the ones that look to exploit these systems. Government agencies recognize this problem as well as the skills that hackers have, to the point that they look to employ them to keep our systems safe. They attend these hacker inspired conferences in hopes to recruit hackers with as many as 25% of hackers working with government agencies at some capacity whether as security advisors or consultants. They may have the mind set if you can’t beat them or catch them have them work for you so they can catch others alike. Introduction In the present time we see a lot of companies getting hacked by black hat hackers. Within the past we see hackers stealing sensitive information through the network infrastructure. By the time company realizes they’ve been hacked the hacker already covered their tracks and made it look like a malfunction in the system. Black hat hackers are very malicious and aggressive. The education system should offer actual hands on training or courses for anyone in the technology field. This will help reduce the amount of malicious hackers, from gaining sensitive information about an individual or company secrets. Prevention Companies tools and protocols • network bound control • First line of defense • Attack will originate from outside the defended network. • defense-in-depth • Second line of defense • It was designed to overcome the single point of failure of the network boundary control model • continuous monitoring • Network will not remain in a healthy state and will find it necessary to continuously review for faults • Main drawback of continuous monitoring is managing the complexity of information collected. Prevention (Continuation) • content filters • filters they serve as gatekeepers for your internal employees. • Configure a content filter to disallow connection to certain websites or entire categories of websites. • This is important because many Black Hat hackers gain access to your network via your employees’ visits to their websites. Sometimes just visiting the site allows • security testing • Consider hiring a security company for a penetration test on your network to find what vulnerabilities exist. • With such a list in hand, you can begin to plug holes you did not know existed. Future The future of Black Hat hackers • Pwning Internet of Things (IoT) • segment your IoT network • update the firmware regularly. • machine learning going to the dark side • These technologies are used for everything from categorizing cat pictures on the Internet • Helping create self-driving cars. More recently security industry are adopting these technologies to improve malware and attack detection. • they introduced a tool called DeepHack, an open source AI that hacks web applications. Future (Continuation) • teaching how to hack at a college level • computer science, information technology, cyber-security majors how to hack in college. • Most colleges offer it as an elective credit but the class is called ethical hacking. • But they don’t teach you hands on they teach theories which is helpful but hands on would be better. • With such skills, a student will be able to test the systems of a future employer in order to pinpoint flaws in system designs as well as security issues. • By understanding how to hack, a student not only knows how a system might be breached but can identify the signs of a breach and can determine where in a system a hacker might attempt an attack. Conclusion In conclusion as the modern world advances, we also notice the use of technology is either being pwned or hacked by black hat hackers. We can assume that with the latest technological advances that black hat hacker can either take control or steal valuable information to exploit companies all over the world. The reason why we even have protocols and plans is to assume the company either as a mole or the infrastructure is compromised. With the companies and government agencies that they have top on the line tools, protocols and equipment to prevents cyber threats. In the future we can assume that black hat hackers are going to be more malicious then they are in the present. .
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages16 Page
-
File Size-