CHAPTER 6: COMPUTER AND NETWORK SECURITY

Chapter Overview
Introduction
Viruses, worms, and Trojan horses Phreaks and hackers Denial-of-service attacks Recent Incidents Online voting

Introduction
Computers getting faster and less expensive
Utility of computers increasing
Email
Web surfing Shopping

Managing personal information

Increasing use of computers growing

importance of computer security

3

Hackers people who use other computers without authorization Physical Hackers physical trespassing Electronic - uses sophisticated programs to gain an access
Hacker crackdown contributed by hackers and public distribution of programs to break in Buffer Overflow Attack is a common way to take control of a computer.

Viruses (1/2)
Virus: piece of self-replicating code
2

embedded within another program (host) Viruses associated with program files
Hard disks, floppy disks, CD-ROMS Email attachments -virus reads address books

How viruses spread

Diskettes, CDs, or USB devices Email Files downloaded from Internet

* 2003 study shows that 45% of files downloaded from Kazaa contains virus.

Viruses (2/2)
Well-known viruses

Brain (1986) not malicious and no significant harm Michelangelo (1991) March 6 birthday of Michaelangelo Melissa (1999) Email attachment create by David L. Smith Love Bug (2000) destroys media files (Onel De Guzman)

Popular Anti-Virus Software

AVG Bit Defender Norton McAfee

6

Worms
Worm
Self-contained program Spreads through a computer network Exploits security holes in networked computers

Famous worms
WANK product of cyberterrorism to stop NASA project Code Red (July 19 2001) DoS attack to

www.whitehouse.gov Sapphire (Slammer) Fastest moving worms in recent history Blaster (Aug 12, 2003) exploited a bug in Windows XP and Windows 2000 and provides DoS to windows.update.com Sasser - was launched in April 2004 to exploit security hole in Windows XP.
7

The Internet Worm

Robert Tappan Morris, Jr.
Graduate student at Cornell Released worm onto Internet from MIT computer

Effect of worm
Spread to 6,000 Unix computers Infected computers kept crashing or became

unresponsive Took a day for fixes to be published

Impact on Morris
Suspended from Cornell 3 years probation + 400 hours community service $150,000 in legal fees and fines
8

Ethical Evaluation
Kantian evaluation (Wrong)
Morris used others by gaining access to their computers

without permission . He use other people to gain an access.

Social contract theory evaluation (Wrong)

Morris violated property rights of organizations

Utilitarian evaluation (Wrong)

Benefits: Organizations learned of security flaws Harms: Time spent by those fighting worm, unavailable

computers, disrupted network traffic, Morriss punishments

Morris was wrong to have released the Internet worm

Trojan Horses
Trojan horse: program with benign capability that masks a sinister purpose
Remote access Trojan: Trojan horse that gives

attack access to victims computer

Back Orifice SubSeven

RAT servers often found within files downloaded from erotica/porn Usenet sites
10

HACKERS ORIGINAL DEFINITION

A hacker is

An explorer A risk-taker Someone who tries to make a system do new things

11

Defensive Measures
Authentication - The end user has the permission to gain an access. Authorization The person is he who claims to be (use of

passwords, smart cards and biometrics) Firewalls- computer that mediates between LAN and Internet. Monitors the packet IN and OUT

12

Hackers
Definition of a hacker

-> The terms hacker and hack are marked by contrasting positive and negative connotations. Computer programmers often use the words hacking and hacker to express admiration for the work of a skilled software developer, but may also use them in a negative sense to describe the production of kludges. In popular usage and in the media, it most often refers to computer intruders or criminals.
13

Hackers
Hack Case The photo of Health Secretary Francisco Duque III blowing

plastic trumpets in an effort to show that they're better than firecrackers was edited to make it look as if the health chief was blowing some penises. The text that accompanied it read: "Happy New Year! Don't use firecrackers! Use penis!" Underneath the image was this statement written in Filipino: "Malamang laking pasalamat ni Duque ng mauso ang H1N1, dengue, etc aba'y araw-araw lumalabas ang kanyang commercial!" [Most likely, Duque was thankful when there was an outbreak of H1N1, dengue, etc. His commercial was shown every day!]

14

15

Sample of a hacked webpage

Hackers
Ethical evaluation

->Kantianism evaluation - Hacker defaced the DOH website - In his desire to show off or exposed the poor security of the site, he hacked the site. They use other people to be thrilled. - Hacking is wrong. - People are offended by the action.
16

Hackers
Ethical evaluation

-> Act Utilitarianism - As the hacking news spreads, blogs and news articles are filled with sympathy and anger towards the hacker. Also affected was Mr. Duque, the one involved in the website defacing. Also web developers had headaches repairing the damages made by the hacker. Thus hacking in this sense is wrong.
17

Hackers
Ethical evaluation

-> Rule Utilitarianism - What if everyone made changes to the website? Perhaps many people would make good or bad changes to the website, thus making it unreliable to users. Thus, the hacker is wrong from this point.
18

Phone Phreaks
Definition

-> Phone phreaks is someone who manipulates a telephone system in order for him to use it without paying for the service.

19

Phone Phreaks
Methods
1. Stealing long distance telephone access

codes -> This is done by looking over other people dialing their access codes in public places such as train and bus stations, airports etc.

20

Phone Phreaks
Methods

2. Guessing long distance access codes -> Phone phreaks develop software to try different access codes. An overnight run produces about a dozen or more codes.

21

Phone Phreaks
Methods

3. Blue Boxes -> is an electronic device that simulates a telephone operator's dialing console. It functions by replicating the tones used to switch long-distance calls and using them to route the user's own call, bypassing the normal switching mechanism.
22

The Cuckoos Egg

- Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized user on his system. The hacker's code name was "Hunter" -- a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a oneman hunt of his own, spying on the spy -- and plunged into an incredible international probe that finally gained the attention of top U.S. counterintelligence agents. Later, it was discovered that these were German hackers
23

Legion of Doom
- This are groups of phreaks/hackers found by Lex Luthor. It became famous by publishing The Legion of Doom Technical Journal. This publication contained articles pertaining to bell labs works and of great use to phreaks and hackers.

24

Legion of Doom
- Legion of Doom member Robert Riggs (aka The Prophet) hacked a bellsouth computer. He got the E911 document (on how 911

emergency system works). He sent a copy to Craig Neidorf (aka Knight Lightning). Not wanted to be caught, they modified the E911 document and published it in Neidorfs emagazine, Phrack. This was all about bragging rights for Riggs.
25

Fry Guy
Callers on June 13, 1989, to the Palm Beach County Probation Department found themselves instead chatting with a phone-sex

worker named "Tina" in New York state. Calls had been rerouted, at no extra charge to the user, to a pornographic phone-sex hot line hundreds of miles away.

26

Fry Guy
For apparently the first time, someone had broken into the switching station of Southern Bell (now BellSouth) and reprogramed it. In July 1989, the hacker behind the "Tina" switch -- a 16-year-old in Elmwood, Ind. -was arrested by the Secret Service and the

Chicago Computer Fraud and Abuse Task Force.

27

Fry Guy
The teen's hacker handle was "Fry Guy." He earned the name by hacking into a local McDonald's computer and giving raises to his

hamburger-flipping friends. Among his other exploits: stealing credit card numbers and scamming Western Union to wire him cash.

28

U.S. vs Riggs
Craig Neidorf was contacted by the US Secret Service and was accused of causing AT&Ts long distance system. Neidorf then

cooperated with the US Service and admitted that the stolen E911 documents are from Robert Riggs. They were both charged with wire fraud, computer fraud and interstate transportation of stolen property.

29

Steve Jackson Games

Steve Jackson Games (SJG) published role-playing

games and operated BBS Loyd Blankenship

Key SJG employee LOD member Published E911 document on his own BBS

Secret Service raided SJG and seized computers, looking for copy of E911 Document Led to creation of Electronic Frontier Foundation EFF backed successful SJG lawsuit of Secret Service

6-30

Retrospective
Parallels between hackers and those who download MP3

files
Establishment overvalues intellectual property Use of technology as a joy ride

Breaking certain laws that not that big a deal

Parallels between response of Secret Service and

response of RIAA
Cyberspace is real Those who break the law can be identified Illegal actions can have severe consequences

6-31

Penalties for Hacking

Examples of illegal activities Accessing without authorization any Internet computer Transmitting a virus or worm Trafficking in computer passwords Intercepting a telephone conversation, email, or any other data transmission Accessing stored email messages without authorization Adopting another identity to carry out an illegal activity Maximum penalty: 20 years in prison + $250,000 fine

632

Recent Incidents
In 2003 a hacker broke into computers at the University of Kansas and copied the personal

files of 1,450 foreign students. The files contained names, and social Security numbers, passport numbers, countries of origin, and birthdates.

33

 In April 2004 several American super computer installations reported that hackers had broken into computers

connected to a high-speed network called TeraGrid.

34

 The Hackers also accessed computers at Cisco Systems and stole some of that companys

software. Security experts, FBI agents, and Swedish police worked for more than a year to identify the European culprits and bring the break-ins to an end.

35

Denial-of-Service Attacks
Denial- of-service (DoS) attack is an international action designed to prevent legitimate users from

making use of a computer service. A DoS attack is not to steal information.

36

 The aim of a DoS attack is to disrupt a computer servers ability to respond to its clients. A DoS attack is an example of an asymmetric attack, which a single person can harm a huge

organization.

37

Examples of Dos attacks

During the week of february 7-11, 2000, a 15-year-old initiated DoS attacks that disabled many Web

sites, including Amazon.com, eBay, Yahoo, CNN.com, and Dell. The teenager, who went by the nickname Mafiaboy, was sentenced to eight months in juvenile detention.

38

 In October 2002 a Dos attack was lunched against the Internets 13 root servers, which act as the

Internets ultimate authority with respect to matching domain names to IP addresses.

39

 The Cooperative Association for Internet Data Analysis at the University of California estimates

that 4,000 Web sites suffer DoS attacks each week.

40

Attacks that Consume Scarce Resources

The most common DoS attack is against a target systems network connection. A low tech but

effective way to do this is to cut the physical connection between the target computer and its network.

41

 Two Internet processes establish a TCP communication link by following a precise series of

steps called a Three-wayhandshake.

42

Three-way handshake
Assures each process that the other

process is ready to communicate. Suppose process X wishes to communicate with process Y. Process X initiates the handshake by sending Y a SYN message. if Y agrees to communicate with X, it replies with a SYN-ACK message, acknowledging receipt of Xs SY message.
43

SYN flood attack

The attackers computer uses IP spoofing to send the target computer a SYN message from a

phony client. This message travels to phony client, which cannot respond to the SYN-ACK message. While the target computer waits for the ACK message, the connection remains half-open.
44

Defensive Measures
- To reduce the threats of DoS attacks through internet - Ensuring the physical security of a server is important defensive measure. - SA should benchmark the performance of their computer system in order to establish baselines. - Disk quota system are another good security measure. - Disabling unused network service is another prudent policy.
45

 Another is turning of the amplifier network

capability routers, taking a weapon out if the hands of those who wish to launch a smurf attack.

46

Distributed Denial-of-Service Attacks (DDoS)

The attacker rents access to a bot network from a bot-header. At the selected time, the command-and-control computer send the

appropriate instructions to the bots, which launch their attack on the targeted system. DDoS is a smurf attack, except that now the initial ping are being sent from thousand of computers, so there are thousand of times more responses being echoed to the target system.
47

Defending DDoS Attack

SA must be able to secure their computers to keep them from being infected by bots.
Install filter that check outgoing messages for

forged IP addresses. An outgoing message packet should have a from address matching one of the local machines.

48

Blue Security
Israeli company Blue Security created a spamdeterrence system for people tired of receiving unwanted email. Sold the service to businesses, but individuals could protect their home computer for free. About half a million people signed up for his free service. Users loaded a bot called Blue Frog on their computers. The bot integrated with Yahoo! Mail, Gmail, and Hotmail, checking incoming messages for spam.
49

 When it discovered a spam message, the bot

would contact a Blue Security sever to determine the source of the email. Then the bot would send the spammer an opt-out [44]. Spammer who indiscriminately sent emails to millions of addresses started receiving hundreds of thousands of opt-out message, disrupting their operation

50

SATAN
In 1995 computer-security expert Dan Farmer released a program called Security Administrator Tool for Analyzing Networks

(SATAN) To probe their computers for security weaknesses. Farmer said, SATAN was written because we realize that computer systems are becoming more and more dependent on the network, and more vulnerable to attack
51

 Critics fretted that SATAN, with its easy-to-use

interface, would turn relatively unskilled teenagers into a computer hackers. a two-edge sword that can be used for good and evil Purpose: helping SA, particularly novices, identify and fix security problems with their network.

52

Motivation for Online Voting

The 2000 Presidential election was one of the closest contest in U.S history. Florida was the pivotal state; without Floridas electoral votes, neither Democrat Al Gore nor Republican George W Bush had a majority of votes in the Electoral College. After a manual recount of the votes in four heavily Democratic counties, the Florida Secretary Bushs margin of victory was incredibly small: less than 2 votes out of every 10,00 votes cast.
53

Proposals
Many people suggested voting via the internet be used, at least as a way of casting absentee ballots. In fact, online Voting is

already a reality.

54

Ethical Evaluation
Utilitarian Evaluation
Benefits of Online Voting
Would give people who ordinarily could not get to the polls the opportunity to cast a ballot from their homes. Could counted much more quickly. Will not have any of the ambiguity associated with physical votes, such as hanging chad, erasures, etc. Less money than traditional elections. Eliminate the risk of somebody tampering the ballot box.
55

 Risk of Online Voting

Unfair because it gives an unfair advantage to those who are financially better off. The same system that authenticates the voter also records the ballot. This makes it more difficult to preserve the privacy of the voter. Increase the opportunities for vote solicitation and vote selling. A web site hosting a election is an obvious target for a DDoS attack.
56