Cyber Espionage Chien-Chung Shen

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

MIRAGE MALWARE SIDDARTHA ELETI CLEMSON UNIVERSITY.

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

By Hiranmayi Pai Neeraj Jain

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

CHINESE HACKERS. Where do they come from? In 2007 private security firm Mandiant was hired by the New York Times to trace cyber-attacks on their network.

Computer Threats I can understand computer threats and how to protect myself from these threats.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Trojan Horse Program Presented by : Lori Agrawal.

Computer Viruses.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Unit 2 - Hardware Computer Security.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

Network problems Last week, we talked about 3 disadvantages of networks. What are they?

This Is A PowerPoint Presentation On Computer Viruses. This Presentation Will Show You What Can Be Done To Deal With The Viruses. Mr Owen 10C.

Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

ICT & Crime Viruses & malware. What is a virus? A computer virus is a piece of software that can 'infect' a computer (install itself) and copy itself.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Topic 5: Basic Security.

Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.

Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.

Malicious Software.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Computer Security By Duncan Hall.

Understand Malware LESSON Security Fundamentals.

Introduction to Network Security. Acknowledgements.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.

Computer Security Sample security policy Dr Alexei Vernitski.

1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.

Computer Security Keeping you and your computer safe in the digital world.

Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.

Chapter 40 Internet Security.

Seminar On Ethical Hacking Submitted To: Submitted By:

Network security threats

Cyber Security By: Pratik Gandhi.

Answer the questions to reveal the blocks and guess the picture.

Staying Austin College

Cybersecurity Awareness

Unit 1.6 Systems security Lesson 2

HOW DO I KEEP MY COMPUTER SAFE?

Presentation transcript:

Cyber Espionage Chien-Chung Shen

Can a well-engineered network be broken into? Consider an agent X who is determined to break into a network with the intention of stealing valuable documents belonging to an organization and for the purpose of conducting general espionage on the activities of the organization Assume that the targeted organization –is vigilant about keeping up to date with patches and anti-virus software updates –operates behind a well-designed firewall –hires a security company to periodically carry out vulnerability scans and for penetration testing of all its computers –has computers not vulnerable to dictionary attacks In addition, assume that X is physically based in a different country. Therefore, it is not possible for X to gain a physical entry into the organization’s premises and install a packet sniffer in its LAN

Can a well-engineered network be broken into? Given the assumptions listed above, it would seem that the organization’s network cannot be broken into But that turns out not to be the case. Any network, no matter how secure it is from a purely engineering perspective, can be compromised through what is now commonly referred to as “social engineering”

Episode (1) Assume that an individual named Bob Clueless is a high official in company A in the US and that this company manufactures night-vision goggles for the military. Pretend that there is a country T out there that is barred from importing military hardware, including night-vision goggles, from the US. So this country decides to steal the design documents stored in the computers of the organization A. Since this country does not want to become implicated in cross-border theft, it outsources the job to a local hacker named X. T supplies X with all kinds of information (generated by its embassy in the US) regarding A, its suppliers base, the cost structure of its products, and so on. On the basis of all this information, X sends the following to Bob Clueless:

Episode (2) To: Bob Clueless From: Joe Smoothseller Subject: Lower cost light amplifier units Dear Bob, We are a low-cost manufacturer of light-amplifier units. Our costs are low because we pay next to nothing to our workers. (Our workers do not seem to mind --- but that’s another story.) The reason for writing to you is to explore the possibility of us becoming your main supplier for the light amplification unit. The attached document shows the pricing for the different types of light-amplification units we make. Please let me know soon if you would be interested in our light amplifier units. Attachment: light-amplifiers.doc

Episode (3) When Bob Clueless received the above , he was already under a great deal of stress because his company had recently lost significant market share in night-vision goggles to a competing firm. Therefore, no sooner did Bob receive the above than he clicked on the attachment. What Bob did not realize was that his clicking on the attachment caused the execution of a small binary file that was embedded in the attachment. This resulted in Bob’s computer downloading the client gh0st that is a part of the gh0stRAT trojan Subsequently, X had full access to the computer owned by Bob Clueless –As is now told, X used Bob’s computer to infiltrate into the rest of the network belonging to company A — this was the easiest part of the exploit since the other computers trusted Bob’s computer. It is further told that, for cheap laughs, X would occasionally turn on the camera and the microphone in Bob’s laptop and catch Bob picking his nose and making other bodily sounds in the privacy of his office

Steps of Social Engineering Attack You receive a spoofed with an attachment The appears to come from someone you know The contents make sense and talk about real things (and in your language) The attachment is a PDF, DOC, PPT or XLS When you open up the attachment, you get a document on your screen that makes sense, but you also get exploited at the same time The exploit drops a hidden remote access trojan, typically a Poison Ivy or a Gh0st Rat (Remote Administration Tool) variant – – – You are the only one in your organization who receives such an

Trojan From the standpoint of programming involved, there is no significant difference between bot and trojan The main difference between a trojan and a bot relates to how they are packaged for delivery to an unsuspecting computer –bot: random hopping –trojan: more targeted Trojan may be embedded in a piece of code that actually does something useful, but that, at the same time, also does things that are malicious Sample CERT advisory on trojan –

Challenge in Social Engineering Nagaraja and Anderson (University of Cambridge) “This combination of well-written malware with well- designed lures, which we call social malware, is devastatingly effective..... The traditional defense against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tiresome operational security procedures. These will not be sustainable in the economy as a whole. Evolving practical low-cost defenses against social- malware attacks will be a real challenge.”

The gh0stRAT Trojan Probably the most potent trojan that is currently in the news. That is not surprising since when a machine is successfully compromised with this trojan, the attackers can gain total control of the machine, even turn on its camera and microphone remotely and capture all the keyboard and mouse events. In addition to being able to run any program on the infected machine, the attackers can thus listen in on the conversations taking place in the vicinity of the infected machine and watch what is going on in front of the computer The trojan, intended for Windows machines, appears to be the main such trojan that is employed today for cyber espionage The many faces of Gh0st Rat download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf Know Your Digital Enemy by McAfeeKnow Your Digital Enemy

Cyber Espionage Tracking GhostNet: Investigating a Cyber Espionage Network describes an espionage network that had infected at least 1295 computers in 103 countries, mostly for the purpose of spying on the various Tibetan organizations, especially the offices of the Dalai Lama in Dharamsala, India Shadows in the Cloud: Investigating Cyber Espionage documents an extensive espionage network that successfully stole from various high offices of the Government of In- dia, the Office of the Dalai Lama, the United Nations The Snooping Dragon: Social-Malware Surveillance of the Tibetan movement Cyberattack on Google Said to Hit Password System