Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Published bySharleen Bailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare."— Presentation transcript:

1 Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare

2 Cybercrime Illegal or unethical activities performed in cyberspace

3 Copyright © 2003, Addison-Wesley Hacker Originally, an expert programmer Today, someone who breaks into computers Types of hackers White-hat hackers (hack into systems to expose their vulnerabilities so they can be corrected) Black-hat hackers (crackers, dark side hackers) Elite hackers Superior technical skills Very persistent Often publish their exploits Samurai – a hacker for hire Script-kiddies – a hacker with little or no technical skills who downloads exploits discovered by others

4 Copyright © 2003, Addison-Wesley Figure 8.1 A list of postings on a hacker newsgroup. Source: alt.bio.hackers newsgroup

5 Copyright © 2003, Addison-Wesley Figure 8.2 A typical posting. Source: alt.bio.hackers newsgroup

6 Copyright © 2003, Addison-Wesley Figure 8.3 Hackers publish their exploits. Source: http://packetstormsecurity.org/http://packetstormsecurity.org/

7 Copyright © 2003, Addison-Wesley Script-kiddies and Phreakers Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers Phreaker Person who cracks the telephone network Insider Trusted employee turned black-hat hacker Very dangerous

8 Copyright © 2003, Addison-Wesley Why Do Hackers Hack? Government sponsored hacking Cyberwarfare Cyberterrorism Espionage Industrial espionage White-hats Publicize vulnerabilities The challenge – hack mode Black hats – software and personal information Script kiddies – gain respect Insiders – revenge

9 Copyright © 2003, Addison-Wesley Password Theft Easiest way to gain access User carelessness Poor passwords Easily guessed Dumpster diving Observation, particularly for insiders The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University) Guess the password from the pattern

10 Copyright © 2003, Addison-Wesley Password Cracker Software Available over the Internet Recover lost passwords Cracking techniques Word list or dictionary Brute force Hybrid – lOphtcrack Precaution – store encoded passwords

11 Copyright © 2003, Addison-Wesley Figure 8.4 Passwords are stored in encoded form. Minimize risk if hacker steals password file Un-encoded password needed Password cracking programs Dictionary based Avoid English words

12 Copyright © 2003, Addison-Wesley Rules for Choosing Good Passwords Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types Letters, digits, special characters Use an acronym Avoid dictionary words Different account  different password Change passwords regularly Don’t enforce a password strategy which forces users to create passwords that are difficult for them to remember

13 Copyright © 2003, Addison-Wesley Packet Sniffers Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk Ethernet and cable broadcast messages Can be partially eliminated by using a switch instead of a hub Set workstation to promiscuous mode Legitimate uses Detect intrusions Monitoring

14 Copyright © 2003, Addison-Wesley Figure 8.5 A packet sniffer. Ethernet is a broadcast technology

15 Copyright © 2003, Addison-Wesley Potentially Destructive Software Logic bomb Potentially very destructive Time bomb – a variation Rabbit (reproduces rapidly) Denial of service Trojan horse Common source of backdoors

16 Copyright © 2003, Addison-Wesley Backdoor Undocumented access point Testing and debugging tool Common in interactive computer games Cheats and Easter eggs Hackers use backdoors to gain access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access Back Orifice – the Cult of the Dead Cow

17 Copyright © 2003, Addison-Wesley Viruses and Worms Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Worm Virus-like Spreads without a host program Used to collect information Sysop – terminal status Hacker – user IDs and passwords

18 Copyright © 2003, Addison-Wesley Figure 8.6 Structure of a typical virus. Payload can be Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer Macro viruses Polymorphic viruses E-mail attachments Today, click attachment Tomorrow, ??? Most only affect MS clients Cluster viruses Spawn mini-viruses Cyberterrorism threat

19 Copyright © 2003, Addison-Wesley Anti-Virus Software Virus signature Uniquely identifies a specific virus Update virus signatures frequently Heuristics Monitor for virus-like activity Recovery support

20 Copyright © 2003, Addison-Wesley Figure 8.8 Security and virus protection in layers. Defend in depth What one layer misses, the next layer traps Firewalls (Chapter 9) Anti-virus software Internet

21 Copyright © 2003, Addison-Wesley System Vulnerabilities Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts Installing unnecessary applications & services War dialer to find vulnerable computer

22 Copyright © 2003, Addison-Wesley Denial of Service Attacks (DoS) An act of vandalism or terrorism A favorite of script kiddies Objective Send target multiple packets in brief time Overwhelm target The ping o’ death Distributed denial of service attack Multiple sources

23 Copyright © 2003, Addison-Wesley Figure 8.9 A distributed denial of service attack. Cyber equivalent of throwing bricks Overwhelm target computer Standard DoS is a favorite of script kiddies DDoS more sophisticated

24 Copyright © 2003, Addison-Wesley Spoofing Act of faking key system parameters DNS spoofing Alter DNS entry on a server Redirect packets IP spoofing Alter IP address Smurf attack

25 Copyright © 2003, Addison-Wesley Figure 8.10 IP spoofing. Preparation Probe target (A) Launch DoS attack on trusted server (B) Attack target (A) Fake message from B A acknowledges B B cannot respond DoS attack Fake acknowledgement from B Access A via 1-way communication path

26 Copyright © 2003, Addison-Wesley Selecting Targets Concentration of value Network access point (NAP) Cost to attackers Best target – most “bang for the buck”

27 Copyright © 2003, Addison-Wesley Cyberwarfare Information warfare in cyberspace Hacker tools as weapons Denial of service attacks Backdoors and cracking tools Malware – destructive software Chipping – modified chips Source of attack can be anywhere

28 Copyright © 2003, Addison-Wesley Cyberterrorism Terrorism in cyberspace Same tools as cyberwarfare Inexpensive and anonymous Cyberspace loaded with symbolic targets Public access complicates defense Lack of diversity increases vulnerability Windows Response – JWICS

Download ppt "Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare."

Similar presentations

BA 572 - J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.

BA J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.

OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law Centre [Online: Accessed 4th February 2004 URL:

MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law Centre [Online: Accessed 4th February 2004 URL:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Computer Security & Safety

Computer Security & Safety
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google