& IT

Professional
Practices
Computer and
Network Security

College of Information Technology, UNITEN

.getting more and more

important
Computers getting faster and less expensive
Utility of networked computers increasing

Shopping and banking

Social Media
Booking and reservations (flight, movies, )
Managing personal information
Controlling industrial processes

Increasing use of computers growing importance of

computer security
College of Information Technology, UNITEN

Specific threats
Hacking
Malware
Cyber crime and cyber attacks
Online voting

College of Information Technology, UNITEN

The original hackers (the good

MITs
Tech Model Railroad Club in
guys)
1950s

Original meaning of hacker: explorer, risk taker, system

innovator

The history of model railroading parallels that of MIT,

although the first student group, the Tech Model
Railroad Club (TMRC), was not established until 1946.
TMRC moved into the famous old Radiation Lab
structure, Building 20, a year later and began
constructing its first layout. Realism mattered and club
members became fanatical in the design, fabrication,
and operation of their quarter-scale world. Electrical
Engineering Professor Carlton Tucker was the faculty
advisor who helped supply the club with sophisticated
electronics. During peak membership years in the
1950s and 1960s, many TMRC members became
interested in computers. Thanks to Tucker and
Digital Equipment Corporation (DEC), club members
began experimenting with such pioneering computers
as the TX-0, PDP-1, and PDP-11. The group members
became legends and were featured in Steven Levys
Source:Revolution.
http://
paean, HackersHeroes of the Computer
museum.mit.edu/150/63
College
of Information Technology, UNITEN
Today, the TMRC is considered by some
to be
the
birthplace of hacker culture. The trains can still be

Evolution of the hackers (good turned

political)
Hacking has a long (starting with TRMC) and variably honored history
One of the key elements of these hackers' work, was that the computers
and software they hacked was open for modification, improvement and
extension.
When you bought your computer it came with the source code to any programs
bundled with it, in the full expectation that the owner would want to take it apart.

By 1980, the trend started to change.

and manufacturers began restricting copying, redistribution and modification of
the software they provided.

"hacking" developed its political edge.

The discovery in 1980 that the licensing restrictions attached to the latest version
of a printer at MIT's artificial intelligence lab launched Richard Stallman's lifetime
career of writing and campaigning for free as in free speech software

In 1981, the Hamburg chaos computer club was founded; it rapidly

became known for both exposing security flaws and for advocating
Wendy M. Grossman, Modern 'hackers' are not worthy of the name,
freedom of information.

http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking

College of Information Technology, UNITEN

The modern hackers (..and they

became evil)
By the early 1990s, "hacker" had come to mean what it
still means to many people: a very clever, computerobsessed, (usually) young, (usually) male with maybe a
shaky grasp on the ethics. The equivalent of
joyriders, because of their abilities to operate weird,
new technology and penetrate what should have been
locked rooms, but largely motivated by bragging rights
and the satisfaction of solving difficult puzzles.
the first version of the Computer Misuse Act was passed
Grossman, Modern 'hackers' are not worthy of the name,
in 1990 inWendy
theM.USA.

http://www.theguardian.com/commentisfree/2010/dec/10/modern-hackers-hacking

College of Information Technology, UNITEN

The hackers today

A hacker is someone who seeks and exploits
weaknesses in a computer system or computer
network.
Hackers may be motivated by a multitude of
reasons, such as profit, protest, challenge or
enjoyment.
There are hackers who are politically-edged:
Wikileakers (freedom-of-information activist. They like to
think of themselves as journalist)
Hacktivist (they claim that they are protesting actions
they believe to be unfair, even morally bankrupt in a way
that attracts public notice)
College of Information Technology, UNITEN

The hackings
Obtaining Login
Names and
Passwords:
Eavesdropping
Dumpster
diving
Social
engineering

Wide variety of
criminal
hacker-related
activities:
Transmitting code that
damages a computer
Accessing any Internetconnected computer
without authorization
Transmitting classified
government
information
Trafficking in computer
passwords
Computer fraud
Computer extortion

Sidejacking:
hijacking of an open
Web session by
capturing a users
cookie
Sidejacking possible
on unencrypted
wireless networks
because many sites
send cookies in
the clear
Internet security
community
complained about
sidejacking
vulnerability for
College of Information Technology,
years, butUNITEN
ecommerce sites

Malware

Worm:

Self-contained program
Spreads through a computer
network
Virus:
Exploits security holes in
Piece of self-replicating code
Morris worm (1988)
networked computers
embedded within another
Robert Tappan Morris, Jr.
program (host)
Graduate student at Cornell
Viruses associated with
Released worm onto Internet from MIT
program files
computer
Hard disks, floppy disks,
Effect of worm
CD-ROMS
Spread to significant numbers of Unix
Email attachments
computers
Infected computers kept crashing or
How viruses spread
became unresponsive
Diskettes or CDs
Took a day for fixes to be published
Email
Antivirus:
Impact on Morris
Files downloaded from
Suspended from Cornell
Allow computer
Internetusers to detect and destroy viruses
3 years probation + 400 hours
Must be kept up-to-date to be most effective
community service
Many people do not keep their antivirus software
$150,000 in legal fees and fines
packages up-to-date
Today, Robert Tappan Morris is an
American computer scientist and
Consumers need to beware of fake antivirus
entrepreneur!!!!
applications
College of Information Technology, UNITEN

Rootkit:
Trojan horse:
A set of programs that provides
Program with benign
privileged access to a computer
capability that masks
Activated every time computer is
a sinister purpose
booted
Backdoor Trojan:
Uses security privileges to mask
Trojan horse that
its presence Spyware:
gives attack access to
Program that communicates
Bot:
victims computer
over an Internet connection
A kind of backdoor Trojan that responds to
without users knowledge or
commands sent by a command-and-control
consent
program on another computer
Monitor Web surfing
First bots supported legitimate activities
Log keystrokes
Internet Relay Chat
Take snapshots of computer
Multiplayer Internet games
screen
Other bots support illegal activities
Send reports back to host
Distributing spam
computer
Collecting person information for ID
Adware:
theft
Type of spyware that displays
Denial-of-service attacks
pop-up advertisements related
Botnet: Collection of bot-infected
to users activity
computers controlled by the same
Backdoor
Trojans often
used to
College of Information
Technology,
UNITEN
command-and-control program
deliver spyware and adware
Bot herder: Someone who controls a botnet

Malware

Cyber Crime and Cyber Attacks

Phishing:
Large-scale effort to gain sensitive information from gullible computer users
At least 67,000 phishing attacks globally in second half of 2010
New development: phishing attacks on Chinese e-commerce sites
Spear-phishing:
Variant of phishing in which email addresses chosen selectively to target particular
group of recipients
SQL Injections:
Method of attacking a database-driven Web application with improper security
Attack inserts (injects) SQL query into text string from client to application
Application returns sensitive information
enial-of-service attack:
entional action designed to prevent legitimate users from making use of a computer service
m of a DoS attack is not to steal information but to disrupt a servers ability to respond to its clients
stributed denial-of-service attack:
oS attack launched from many computers, such as a botnet
College of Information Technology, UNITEN

Cyber Crime
Criminal organizations making significant amounts of
money form malware
Jeanson James Ancheta
Pharmamaster
Albert Gonzalez
Avalanche Gang

College of Information Technology, UNITEN

Jeanson James Ancheta

Ancheta was going to Downey High School in California until 2001 when he
dropped out of school. He later entered an alternative program for students
with academic or behavioral problems. He worked at an Internet cafe and
according to his family wanted to join the military reserves. Around June
2004 he started to work with botnets after discovering rxbot, a common
computer worm that could spread his net of infected computers.

Hackers have for some time utilized Botnets for various purposes, but Ancheta set himself above the crowd
by actively advertising his network of bots on Internet chat channels. A Web site Ancheta ran included a
ange of prices he charged people who wanted to rent out the machines, along with guidelines on how man
bots were required to bring down a particular type of Web site.

College of Information Technology, UNITEN

PharmaM
aster

Blue Security:
Part I
An Israeli company selling a spam
deterrence system
Blue Frog bot would automatically
Leonid Aleksandrovitch
respond to each spam message with an
Kuvayev aka Alex Rodrigez
Kuvayev is a Russian/American
opt-out message
(born
13the
May
1972) of
spammer[believed
to be
ringleader
Spammers started receiving hundreds
one of the world's biggest spam gangs.
of thousands of opt-out messages,
Anti-spam group Spamhaus.org currently
disrupting their operations
features Kuvayev as #2 on its Top 10
6 of 10 of worlds top spammers
worst spammers list. In 2005, the
agreed to stop sending spam to users
attorney general of Massachusetts
of Blue Frog
successfully sued Kuvayev for violations
of the CAN-SPAM Act - he and six
Part II
business partners were fined $37 million
PharmaMaster) started sending Blue
Frog users 10-20 times more spam
It was found that they were responsible
PharmaMaster then launched DDoS
for millions of unsolicited e-mails per day.
attacks on Blue Security and its
According to Spamhaus he could be the
business customers
"Pharmamaster" spammer who
Blue Security could not protect its
performed a denial-of-service attack
customers from DDoS attacks and
(DDoS) against the BlueSecurity
College
of Information
virus-laced
emails Technology, UNITEN
company. Kuvayev is also behind
Blue Security reluctantly terminated its

Ethical Evaluation
What do you say on the
morality of these
individuals actions?
Robert Tappan Morris, Jr.
Jeanson James Ancheta
Leonid Aleksandrovitch
Kuvayev

Kantian evaluation

Social contract theory evaluation

Utilitarian evaluation

Benefits: ?
Harms: ?
Conclusion: ?

College of Information Technology, UNITEN

Cyber attacks
Politically motivated

Estonia (2007)

Georgia (2008)

Georgia (2009)

Exiled Tibetan Government (2009)

United States and South Korea (2009)

Stuxnet Worm (2009)

Attacks on social networking

Massive DDoS attack made Twitter service unavailable for

several hours on August 6, 2009

Three other sites attacked at same time: Facebook,

LiveJournal, and Google

All sites used by a political blogger from the Republic of

Georgia

Attacks occurred on first anniversary of war between Georgia

and Russia over South Ossetia

College of Information Technology, UNITEN

Cyberattacks on Estonia
A series of cyber attacks began on 27 April 2007 and swamped websites of Estonian
organizations, including Estonian parliament, banks, ministries, newspapers and
broadcasters following the Estonias disagreement with Russia about the relocation of
the Bronze Soldier of Tallinn (The Bronze Soldier of Tallinn is an elaborate Soviet-era
grave marker, as well as war graves in Tallinn).
Most of the attacks that had any influence on the general public were DDoS type
attacks ranging from single individuals using various methods like ping floods to
expensive rentals of botnets usually used for spam distribution. Spamming of bigger
news portals commentaries and defacements including that of the Estonian Reform
Party website also occurred.
Some observers reckoned that the onslaught on Estonia was of a sophistication not
seen before. The case is studied intensively by many countries and military planners as,
at the time it occurred, it may have been the second-largest instance of state-sponsored
cyberwarfare.
Ian Traynor,The Guardian 17 May 2007: Russia accused of unleashing cyberwar to disable Estonia

College of Information Technology, UNITEN

United States and South Korea (2009)

4th of July attack

DDoS attack on governmental agencies and commercial Web sites in

United States and South Korea.
Attack may have been launched by North Korea in retaliation for United
Nations sanctions
While most Americans were watching fireworks on July 4, hackers launched
what would turn in to a multi-day denial-of-service attack against U.S.
websites. The Associated Press reported that the cyber attack knocked out the
websites of several government agencies including the U.S. Treasury, Secret
Service, Transportation Department and the Federal Trade Commission. In
addition, the attackers targeted the websites of the White House and the
Pentagon but neither was severely disrupted. The attack later expanded to a
number of other websites including the New York Stock Exchange, NASDAQ
and the Washington Post. South Korean websites were also added to the list
with many of the targets experiencing outages during the same time period.
South Korean intelligence officials believe that North Korea initiated the
http://www.innovationfiles.org/thoughts-on-4th-of-july-cyber-attacks/#sthash.2VauDgrL.dpuf
attacks and
today U.S. officials confirmed that the IP addresses of many of the
attacks originated from North Korea.College
Officials
cautioned,
however, UNITEN
that
ofhave
Information
Technology,
there is no evidence that the Pyongyang government was involved.

Supervisory Control and Data

Acquisition (SCADA) Systems
Industrial processes require constant monitoring
Computers allow automation and centralization of
monitoring
Today, SCADA systems are open systems based on Internet
Protocol
Less expensive than proprietary systems
Easier to maintain than proprietary systems
Allow remote diagnostics

Allowing remote diagnostics creates security risk

TNB has a large SCADA installation
College of Information Technology, UNITEN

SCADA Systems Carry Security

Risks

College of Information Technology, UNITEN

Lets ponder
Has the arrival of the internet done more harm
than good?

College of Information Technology, UNITEN

Would you mind if I hurt

you?
Understand that I need
to
Wish that I had other
choices
Than to harm the one I
love
What have you done
now?
I know I'd better stop
trying
You know that there's no
denying
I won't show mercy on

College of Information Technology, UNITEN