 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves.”  Not Computer Network Exploitation  “…enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks.” Computer Network Attack2 Joint Publication 3-13

 Preventing access to information through denial, disruption, degradation, or destruction  Does not require exploitation of the target system  DDoS  Driving a truck into a transformer  Tripping over a wire in a datacenter Computer Network Attack3

4

5

 What most people consider “hacking”  Enables further access into a target computer system.  Gaining unauthorized privileges  Also enables further intelligence gathering  Provides access to user accounts  Databases  Password files Computer Network Attack6

 Intelligence collection  Further assess target for other vulnerabilities  Find information about target not otherwise available  Corporate Espionage  Gain access to trade secrets  Profit  Sell the information to the highest bidder  Extortion  Botnets  Hacktivism  Ideological view of something (Anonymous, LulzSec, etc)  Social Status  Be that “ l33t h4X0r” ( geek translation: elite hacker)  Other  Destruction of information systems Computer Network Attack7

8

9

10

Computer Network Attack11

Computer Network Attack12

 Simply gaining access to a host is not necessarily enough for an attacker to accomplish his goal - the attacker may have to escalate privileges to those of another user.  Attackers want to access a file that belongs to another user (timvic) and which has permissions set so that only that user is allowed to access it.  Other examples of access an attacker might want to take that require higher privileges are killing processes they don't own or opening network connections on "low-numbered" ports, like port 80, that have special meanings. Computer Network Attack13

 Password guessing works if users on the target system are allowed to use simple passwords  Remember, the longer and more complex the password, the more difficult it is to break.  4 characters (upper/lower case)  52 4 = ~ 7 million  7 characters (A-Z, a-z, 0-9)  62 7 = ~ 3.5 trillion  Brute forcing passwords takes a long time  Still works!  Users choose inherently bad passwords all the time passw0rd12345lovesecret password1passgod Computer Network Attack14

 Password guessing also works against predictable passwords  Pet’s name  Significant other  Phone number  Password reuse  Default passwords (as we saw in lab) can really cause problems if not changed.  Routers, smart devices, even the iPhone come with default passwords set  Early iPhones could be “rooted” because of a weak default password (alpine)  Voic systems Computer Network Attack15

 Code Injection is another means to exploit a target machine.  Can be local or remotely exploited  Involves sending specially crafted data to a computer system to cause it to misbehave.  Buffer Overflows  SQL Injections  Trojan Horses Computer Network Attack16

 Take advantage of vulnerabilities in code  Allow the intruder to send arbitrary code of his or her choosing to a machine for execution.  Used to gain access to a machine for DoS  Commonly used for privilege escalation as well Computer Network Attack17

 Take advantage of structured queries to a database  Data entered in a format that causes the application to perform some task it is not designed for  May give access to customer data, passwords, credit card numbers, etc  Can also be used to write files to the hard drive  Can I rewrite an ACL to allow access for unauthorized personnel?  Very common web application vulnerability Computer Network Attack18

 Malicious code included in an innocuous program.  Embedded either within the application directly, or by binding it to a pre-compiled executable.  Can be used to take control of hosts and allow the attacker to do anything a user sitting in front of the machine could do. Computer Network Attack19

 Once the intruder has a foothold in the system or has enough information about it, they can choose one of two options  Attack  Erasing the hard drive  Modifying the information contained on the drive.  DoS, DDoS  Further exploitation  Escalate privilege to gain better foothold  Steal passwords  Essentially, start from the beginning if necessary to gain more access. Computer Network Attack20

Computer Network Attack21