SlideShare una empresa de Scribd logo

hacker culture

Descargar como PPT, PDF
Amy McMullin
Amy McMullin

Introduction

Educación
1 de 35
Introduction to Computer Security and Information Assurance Cyber Security Pilot Course Summer 2011 Draft 1Lesson 3
Introduction to Computer Security and Information Assurance Lesson 3: Hacker Culture Cyber Security 1 Pilot Summer 2011 DRAFT - Lesson 3
Draft Lesson 1 © 3 Copyright Notice This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License. Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, rdc@mitre.org, or MITRE's Technology Transfer Office, 703-983-6043). For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. This work is copyright of the Career Technical Education Foundation, Inc. Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. (Paul.Wahnish@CareerTechEdFoundation.org, (407) 491-0903).
Introduction to Computer Security and Information Assurance Lesson Objectives • Understand Hacking • Recognize the mentality of the Hacker • Recognize common hacker methodologies • Learn about some example cyber war stories 4DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Why Study “The Hacker”? “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” -Sun Tzu “On the Art of War” 5 DRAFT - Lesson 3
Introduction to Computer Security and Information AssuranceWhy Study “The Hacker”? 2008 FBI/CSI Cyber Crime Survey Companies Experiencing Computer Security Incidents 6 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance 20 Year Trend password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffer / sweepers stealth diagnostics packet forging / spoofing GUI Hacking Tools Average Intruder 1980 1985 1990 1995 RelativeTechnicalComplexity Source: GAO Report to Congress, 1996 via Divinci Group 7 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance And a bit more recently Windows Remote Control Stacheldraht Trinoo Melissa PrettyPark ? DDoS Insertion Tools Hacking Tools Kiddie Scripter RelativeTechnicalComplexity 1998 1999 2000 2001 8 DRAFT - Lesson 3
Introduction to Computer Security and Information AssuranceWho are they? NationalNational InterestInterest PersonalPersonal GainGain PersonalPersonal FameFame CuriosityCuriosity Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist Vandal Thief Spy Trespasser SOURCE:SOURCE: Microsoft and AccentureMicrosoft and Accenture via Divinci Groupvia Divinci Group Author Motives Knowledge Level 9 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Taxonomy of Hackers • Novice – Least experienced, focused on mischief • Student – Bright, bored and looking for something other than homework • Tourist – Hack out of sense of adventure, need to test themselves • Crasher – Destructive who intentionally damaged IS systems • Thief - Rarest of Hackers – profited from their activities – and most professional Landreth, 1985 10 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Type of Hackers • White Hats – Good guys, ethical hackers • Black Hats – Bad guys, malicious hackers • Gray Hats – Good or bad hacker; depends on the situation DRAFT - Lesson 1 11
Introduction to Computer Security and Information Assurance Hacker Tendencies • Invests significant amounts of time on study of documentation, giving special attention to border cases of standards • Insists on understanding and implementing the underlying API – often confirming documentation claims • Second guesses implementer’s logic • Insists on tools for examining the full state of system across interface layers and for modifying these states bypassing the standard development API. 12 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Why these tendencies? Bratus, 2008 Economics of Insecure Hardware/Software 13 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Developers under pressure to ‘make it work’ Developers ‘trained’ away from exploring underlying APIs Developers directed to ignore specific problems as the responsibility of others Developers must comply with lack of tools to explore outside their system Forces cutting of corners Forces lack of understanding of their choices Forces developer’s lack of concern for a valid solution Why these tendencies? Economics of Insecure Hardware/Software OPPORTUNITY!!!! 14 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Phases of Ethical Hacking DRAFT - Lesson 3 15
Introduction to Computer Security and Information Assurance Basic Hacker Methodology 16 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Information Gathering/ Fingerprinting • Gathering information about targeted network addressing scheme prior to launch of attack – IP addressing – Domain Names – Network Protocols – Activated Services 17 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Scanning/Probing • Using Automated tools to scan a system for computers advertising application services • Look for potential targets with possible vulnerabilities • Look for targets running specific operating systems. 18 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Gaining Access • Target Specific Vulnerabilities: – Operating System – Network Devices – Software Applications • Malicious Code – Delivered via E-mail • Social Engineering 19 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Elevating Privilege • Why Elevate privileges? – Access User Account – Access Super User – Install Backdoors • Password Crackers! 20 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Exploiting • Use victim to launch attacks against others • Stealing sensitive information • Crash systems • Web Server Defacements 21 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Installing Back Doors • Add user accounts that look ‘normal’ • Open ports – Allow access to system services or provide command shell access • Cover tracks to prevent detection • Move malicious code to program – Trojan.exe -> notepad 22 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Chinese Hacker Methodology 23 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance And So… • Need to know how different hackers operate and what their motives are • Need to learn how to attack so can defend well • Need to mitigate vulnerabilities • Need to stay one step ahead of the attack to reduce damages • Best case scenario: – let people in who should be in – keep everyone else out!! 24 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Cyberwar Stories 25 DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance GhostNet • 10-month cyber-espionage investigation – 1,295 computers in 103 countries belonging to international institutions spied on – Sensitive documents stolen and ability to completely controlled infected computers – Used root kits, keyloggers, backdoors and social engineering – Operation began in 2004 – Evidence that China behind it 26DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance DRAFT - Lesson 3 27
Introduction to Computer Security and Information Assurance Dalai Lama • One target the Office of His Holiness the Dalai Lama (OHHDL) – Sensitive documents stolen – Malicious emails sent to Tibet- affiliated organizations – Investigation into GhostNet began when OHHDL suspected malware and contacted the Munk Center for International Studies 28DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Unique Aspects • In addition to stealing documents, GhostNet had other capabilities – Reportedly turn on webcams and audio recording functions of an infected computer – Essentially, turn infected computer into a large “bug” for spying on office • Used a “control panel” reachable by a standard web browser to manipulate the computers it had infected 29DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance So how did they detect it? • Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software • Googled it • Led him to web site in China • Commanded system to infect system in their lab and watched commands 30DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance And, of course China Denies Any Role in 'GhostNet' Computer Hacking Beijing 31 March 2009 Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China. Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so- called Chinese computer spies." 31DRAFT - Lesson 3
More Cyber Stories: Understanding the Hacker
Introduction to Computer Security and Information Assurance Lesson Summary Key Points • Hacking is illegal (most of the time) – Understand the laws – Port Scanning can be considered illegal • Post 9/11 can be act of terrorism 34DRAFT - Lesson 3
Introduction to Computer Security and Information Assurance Questions? Draft 35

Recomendados

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
cyber-security course outline
cyber-security course outlinecyber-security course outline
cyber-security course outline
ShoaibBhattiM
 

Recomendados

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Parrot Security OS | Introduction to Parrot Security OS | Cybersecurity Train...
Edureka!
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
cyber-security course outline
cyber-security course outlinecyber-security course outline
cyber-security course outline
ShoaibBhattiM
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Peligros del internet
Peligros del internetPeligros del internet
Peligros del internet
yulizzeth
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
AmineRached2
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
Quick Heal Technologies Ltd.
 
Cybersecurity and its oppoutinities
Cybersecurity and its oppoutinitiesCybersecurity and its oppoutinities
Cybersecurity and its oppoutinities
LAVANS2
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
neosphere
 
Netcat
NetcatNetcat
Netcat
yogendra singh chahar
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
sanjana mun
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
Lionel Faleiro
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
PRESENTATIONSFORESL
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Arshad Khan
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
Trend Micro
 
How to hack the web
How to hack the webHow to hack the web
How to hack the web
Amy McMullin
 
A+ Chapter 3 Review
A+ Chapter 3 ReviewA+ Chapter 3 Review
A+ Chapter 3 Review
Amy McMullin
 

Más contenido relacionado

La actualidad más candente

Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
Trend Micro
 

La actualidad más candente (20)

ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Peligros del internet
Peligros del internetPeligros del internet
Peligros del internet
 
Swift-cyber-attacks.pptx
Swift-cyber-attacks.pptxSwift-cyber-attacks.pptx
Swift-cyber-attacks.pptx
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Cybersecurity and its oppoutinities
Cybersecurity and its oppoutinitiesCybersecurity and its oppoutinities
Cybersecurity and its oppoutinities
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
 
Netcat
NetcatNetcat
Netcat
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
OSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligenceOSINT- Leveraging data into intelligence
OSINT- Leveraging data into intelligence
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
Cyber security
Cyber securityCyber security
Cyber security
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 

Destacado

The dream of a cyberpunk future seminar presentation
The dream of a cyberpunk future seminar presentationThe dream of a cyberpunk future seminar presentation
The dream of a cyberpunk future seminar presentation
tae-i
 

Destacado (20)

How to hack the web
How to hack the webHow to hack the web
How to hack the web
 
A+ Chapter 3 Review
A+ Chapter 3 ReviewA+ Chapter 3 Review
A+ Chapter 3 Review
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Chapter 5 Presentation
Chapter 5 PresentationChapter 5 Presentation
Chapter 5 Presentation
 
Chapter 15 Presentation
Chapter 15 PresentationChapter 15 Presentation
Chapter 15 Presentation
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
 
Chapter 7 Presentation
Chapter 7 PresentationChapter 7 Presentation
Chapter 7 Presentation
 
Chapter 12 Presentation
Chapter 12 PresentationChapter 12 Presentation
Chapter 12 Presentation
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
 
9781305094352 ppt ch08
9781305094352 ppt ch089781305094352 ppt ch08
9781305094352 ppt ch08
 
A+ Chapter 4 Review
A+ Chapter 4 ReviewA+ Chapter 4 Review
A+ Chapter 4 Review
 
Chapter 9 PowerPoint
Chapter 9 PowerPointChapter 9 PowerPoint
Chapter 9 PowerPoint
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
 
A+ Chapter 5 Review
A+ Chapter 5 ReviewA+ Chapter 5 Review
A+ Chapter 5 Review
 
Chapter 11 Presentation
Chapter 11 PresentationChapter 11 Presentation
Chapter 11 Presentation
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
The dream of a cyberpunk future seminar presentation
The dream of a cyberpunk future seminar presentationThe dream of a cyberpunk future seminar presentation
The dream of a cyberpunk future seminar presentation
 
The hacking mentality
The hacking mentalityThe hacking mentality
The hacking mentality
 

Similar a hacker culture

Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
samprada123
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
International Journal of Engineering Inventions www.ijeijournal.com
 

Similar a hacker culture (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network security
Network securityNetwork security
Network security
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdfUnit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking report
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Último (20)

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 

hacker culture

  • 1. Introduction to Computer Security and Information Assurance Cyber Security Pilot Course Summer 2011 Draft 1Lesson 3
  • 2. Introduction to Computer Security and Information Assurance Lesson 3: Hacker Culture Cyber Security 1 Pilot Summer 2011 DRAFT - Lesson 3
  • 3. Draft Lesson 1 © 3 Copyright Notice This work is a derivative of the original High School Cyber Curriculum by The MITRE Corporation (© 2011 The MITRE Corporation) used under a Creative Commons Attribution 3.0 Unported License. Information about the original work and its creative commons license may be available at The MITRE Corporation (POC: Dr. Robert Cherinka, rdc@mitre.org, or MITRE's Technology Transfer Office, 703-983-6043). For more information on creative commons licenses, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. This work is copyright of the Career Technical Education Foundation, Inc. Information and/or permissions regarding the use of this material may addressed to Mr. Paul Wahnish, President, Career Technical Education Foundation, Inc. (Paul.Wahnish@CareerTechEdFoundation.org, (407) 491-0903).
  • 4. Introduction to Computer Security and Information Assurance Lesson Objectives • Understand Hacking • Recognize the mentality of the Hacker • Recognize common hacker methodologies • Learn about some example cyber war stories 4DRAFT - Lesson 3
  • 5. Introduction to Computer Security and Information Assurance Why Study “The Hacker”? “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” -Sun Tzu “On the Art of War” 5 DRAFT - Lesson 3
  • 6. Introduction to Computer Security and Information AssuranceWhy Study “The Hacker”? 2008 FBI/CSI Cyber Crime Survey Companies Experiencing Computer Security Incidents 6 DRAFT - Lesson 3
  • 7. Introduction to Computer Security and Information Assurance 20 Year Trend password guessing self-replicating code password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffer / sweepers stealth diagnostics packet forging / spoofing GUI Hacking Tools Average Intruder 1980 1985 1990 1995 RelativeTechnicalComplexity Source: GAO Report to Congress, 1996 via Divinci Group 7 DRAFT - Lesson 3
  • 8. Introduction to Computer Security and Information Assurance And a bit more recently Windows Remote Control Stacheldraht Trinoo Melissa PrettyPark ? DDoS Insertion Tools Hacking Tools Kiddie Scripter RelativeTechnicalComplexity 1998 1999 2000 2001 8 DRAFT - Lesson 3
  • 9. Introduction to Computer Security and Information AssuranceWho are they? NationalNational InterestInterest PersonalPersonal GainGain PersonalPersonal FameFame CuriosityCuriosity Script-KiddyScript-Kiddy UndergraduateUndergraduate ExpertExpert SpecialistSpecialist Vandal Thief Spy Trespasser SOURCE:SOURCE: Microsoft and AccentureMicrosoft and Accenture via Divinci Groupvia Divinci Group Author Motives Knowledge Level 9 DRAFT - Lesson 3
  • 10. Introduction to Computer Security and Information Assurance Taxonomy of Hackers • Novice – Least experienced, focused on mischief • Student – Bright, bored and looking for something other than homework • Tourist – Hack out of sense of adventure, need to test themselves • Crasher – Destructive who intentionally damaged IS systems • Thief - Rarest of Hackers – profited from their activities – and most professional Landreth, 1985 10 DRAFT - Lesson 3
  • 11. Introduction to Computer Security and Information Assurance Type of Hackers • White Hats – Good guys, ethical hackers • Black Hats – Bad guys, malicious hackers • Gray Hats – Good or bad hacker; depends on the situation DRAFT - Lesson 1 11
  • 12. Introduction to Computer Security and Information Assurance Hacker Tendencies • Invests significant amounts of time on study of documentation, giving special attention to border cases of standards • Insists on understanding and implementing the underlying API – often confirming documentation claims • Second guesses implementer’s logic • Insists on tools for examining the full state of system across interface layers and for modifying these states bypassing the standard development API. 12 DRAFT - Lesson 3
  • 13. Introduction to Computer Security and Information Assurance Why these tendencies? Bratus, 2008 Economics of Insecure Hardware/Software 13 DRAFT - Lesson 3
  • 14. Introduction to Computer Security and Information Assurance Developers under pressure to ‘make it work’ Developers ‘trained’ away from exploring underlying APIs Developers directed to ignore specific problems as the responsibility of others Developers must comply with lack of tools to explore outside their system Forces cutting of corners Forces lack of understanding of their choices Forces developer’s lack of concern for a valid solution Why these tendencies? Economics of Insecure Hardware/Software OPPORTUNITY!!!! 14 DRAFT - Lesson 3
  • 15. Introduction to Computer Security and Information Assurance Phases of Ethical Hacking DRAFT - Lesson 3 15
  • 16. Introduction to Computer Security and Information Assurance Basic Hacker Methodology 16 DRAFT - Lesson 3
  • 17. Introduction to Computer Security and Information Assurance Information Gathering/ Fingerprinting • Gathering information about targeted network addressing scheme prior to launch of attack – IP addressing – Domain Names – Network Protocols – Activated Services 17 DRAFT - Lesson 3
  • 18. Introduction to Computer Security and Information Assurance Scanning/Probing • Using Automated tools to scan a system for computers advertising application services • Look for potential targets with possible vulnerabilities • Look for targets running specific operating systems. 18 DRAFT - Lesson 3
  • 19. Introduction to Computer Security and Information Assurance Gaining Access • Target Specific Vulnerabilities: – Operating System – Network Devices – Software Applications • Malicious Code – Delivered via E-mail • Social Engineering 19 DRAFT - Lesson 3
  • 20. Introduction to Computer Security and Information Assurance Elevating Privilege • Why Elevate privileges? – Access User Account – Access Super User – Install Backdoors • Password Crackers! 20 DRAFT - Lesson 3
  • 21. Introduction to Computer Security and Information Assurance Exploiting • Use victim to launch attacks against others • Stealing sensitive information • Crash systems • Web Server Defacements 21 DRAFT - Lesson 3
  • 22. Introduction to Computer Security and Information Assurance Installing Back Doors • Add user accounts that look ‘normal’ • Open ports – Allow access to system services or provide command shell access • Cover tracks to prevent detection • Move malicious code to program – Trojan.exe -> notepad 22 DRAFT - Lesson 3
  • 23. Introduction to Computer Security and Information Assurance Chinese Hacker Methodology 23 DRAFT - Lesson 3
  • 24. Introduction to Computer Security and Information Assurance And So… • Need to know how different hackers operate and what their motives are • Need to learn how to attack so can defend well • Need to mitigate vulnerabilities • Need to stay one step ahead of the attack to reduce damages • Best case scenario: – let people in who should be in – keep everyone else out!! 24 DRAFT - Lesson 3
  • 25. Introduction to Computer Security and Information Assurance Cyberwar Stories 25 DRAFT - Lesson 3
  • 26. Introduction to Computer Security and Information Assurance GhostNet • 10-month cyber-espionage investigation – 1,295 computers in 103 countries belonging to international institutions spied on – Sensitive documents stolen and ability to completely controlled infected computers – Used root kits, keyloggers, backdoors and social engineering – Operation began in 2004 – Evidence that China behind it 26DRAFT - Lesson 3
  • 27. Introduction to Computer Security and Information Assurance DRAFT - Lesson 3 27
  • 28. Introduction to Computer Security and Information Assurance Dalai Lama • One target the Office of His Holiness the Dalai Lama (OHHDL) – Sensitive documents stolen – Malicious emails sent to Tibet- affiliated organizations – Investigation into GhostNet began when OHHDL suspected malware and contacted the Munk Center for International Studies 28DRAFT - Lesson 3
  • 29. Introduction to Computer Security and Information Assurance Unique Aspects • In addition to stealing documents, GhostNet had other capabilities – Reportedly turn on webcams and audio recording functions of an infected computer – Essentially, turn infected computer into a large “bug” for spying on office • Used a “control panel” reachable by a standard web browser to manipulate the computers it had infected 29DRAFT - Lesson 3
  • 30. Introduction to Computer Security and Information Assurance So how did they detect it? • Researcher at Munk Center noticed odd string of 22 characters embedded in files created by malicious software • Googled it • Led him to web site in China • Commanded system to infect system in their lab and watched commands 30DRAFT - Lesson 3
  • 31. Introduction to Computer Security and Information Assurance And, of course China Denies Any Role in 'GhostNet' Computer Hacking Beijing 31 March 2009 Beijing officials deny any involvement in the electronic spy ring dubbed "GhostNet," which has infiltrated more than 1,000 computers around the world and has been linked to computers in China. Foreign Ministry spokesman Qin Gang rejected allegations of a link between the Chinese government and a vast computer spying network. He said in Beijing on Tuesday that the accusation comes from people outside China who, "are bent on fabricating lies of so- called Chinese computer spies." 31DRAFT - Lesson 3
  • 33.
  • 34. Introduction to Computer Security and Information Assurance Lesson Summary Key Points • Hacking is illegal (most of the time) – Understand the laws – Port Scanning can be considered illegal • Post 9/11 can be act of terrorism 34DRAFT - Lesson 3
  • 35. Introduction to Computer Security and Information Assurance Questions? Draft 35

Notas del editor

  1. Remember that statistics can be affected by non-truthful answers. Companies lie cause no one wants to look like their vulnerable. May contribute to the :don’t know” increase.
  2. Expert is only curious if a tool or exploit will work. Not interested in malicious activity.
  3. Point one : border cases open to interpretation
  4. Money drives the cycle. Want to spend the least money while getting the best profits. (Increase net).
  5. GhostNet (simplified Chinese: 幽灵网; traditional Chinese: 幽靈網; pinyin: YōuLíngWǎng) is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying[1][2] operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat. Its command and control infrastructure is based mainly in the People's Republic of China and has infiltrated high-value political, economic and media locations[3] in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised. Although the activity is mostly based in China, there is no conclusive evidence that the Chinese government is involved in its operation.[4]
  6. The Georgia–Russia crisis is a current and ongoing international crisis between Georgia and Russia that escalated in 2008, when both countries accused each other of military buildup near the separatist regions Abkhazia and South Ossetia. On March 6, 2008 Russia announced that it would no longer participate in the Commonwealth of Independent States economic sanctions imposed on Abkhazia in 1996. Increasing tensions led to the outbreak of the 2008 South Ossetia war. After the war, a number of incidents have occurred in both conflict zones, and tensions between the belligerents remain high. The crisis has been linked to the push for Georgia to receive a NATO Membership Action Plan and, indirectly, the unilateral declaration of independence by Kosovo.