Cyber attack
Whose Side is Your Computer On?Jim Isaak – STEM4All
April 7, 2014
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattacks
Has Syllabus/Outline for classWith hot links to a number of resources
•Including videos (mostly “free”) and
•Pointers to authoritative sources and
•To tools that are useful
This presentation is available from the siteNote that <Local> links to video clips used in
classThe second link will be to online-versions
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Cybersecurity for The Common Man (or woman)
Bad actors are out thereThey want your computer
Why? How? Who?
We will look at the context of some of these questions-- Yes that fellow from “Nigeria” wants your money-- Yes those folks from <to be disclosed> want to use
your computer to attack:the United States, Iran, Amazon, Google, et al
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
An overviewOf the concepts of cybersecurity
is it a virus or a worm (and do you care?)Phishing for your identifySpoofing is not just a Halloween prank
And some examplesDid President Regan destroy the Soviet Pipeline?Who destroyed Iranian nuclear facilities and how?
And some suggestions on how to detect/avoid becoming a victim or a zombie!!
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
1: CONCEPTSWSJ Malware Glossary
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
What makes computers and networks vulnerable?Re-purposing – Programmable devices
Computers are defined as ‘programmable devices’
A set of instructions can make it do many different things The same memory is used for data and instructions And can be targeted for revision/rewrite
ComplexityComputer Programs contain millions of instructions
Often programmers do not handle exceptionsOr they don’t consider “abuse” opportunities
Clones Many systems are identical hardware & os
Networked --- can pass “infection” from one to another
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Who and why?“Kids” to show they can do it – “Script kiddies”
back in the 80’s this was “new”Criminals – blackmail (if you don’t … we will …)
Grand theft – from Banks, etc.Credit Card info (calling cards, etc.)Con artists (if you would be so kind as to give me your bank account number and …)
Nation States – We could use the plans for the F22Or all of the potential oil sites, or …
Why not terrorists? (No blood on the front page?)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
What do we call them?Hackers
In some circles this is an honorific, reflecting mastery of “making things work” from scratchUsed in computing, but also “maker” labs etc.
CrackersThe “hacker” term for folks who do bad things hacking
White-hat – Good GuysBlack-hat – Bad GuysDefCon – A conference of anonymous, pay in
cash at the door folks – hat colors vary
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Example of computer source code piece of “Basic” codePrivate Sub Start_Btn_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Start_Btn.Click
Dim target_Path As String Dim count As Integer = 0
target_Path = ""
FileNameLst.Items.Clear()
DateTargets.Items.Clear()
Try
Application.DoEvents()
target_Path = FolderBrowserDialog1.SelectedPath
If FolderBrowserDialog1.ShowDialog() Then If target_Path = FolderBrowserDialog1.SelectedPath Then Exit Try
target_Path = FolderBrowserDialog1.SelectedPath
FolderBrowserDialog1.Dispose()
Me.Text = target_Path 'get a list of all jpg file names
For Each foundImage As String In My.Computer.FileSystem.GetFiles(target_Path)
If foundImage.EndsWith(".JPG", StringComparison.CurrentCultureIgnoreCase) Then Me.FileNameLst.Items.Add(foundImage)
Next
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Example of Assembly codege Code
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Example of Machine LanguageLoad a value into register 8, taken from the memory
cell 68 cells after the location listed in register 3:[ op | rs | rt | address/immediate] 35 3 8 68 decimal 100011 00011 01000 00000 00001 000100 binary
The sophisticated “Cracker”/”Hacker” works at this level --- understanding what the code is doing, and modifying it to do something different
This stuff may be harder than Rocket Science
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
2012400+ million individuals in victims of cyber
crimes2/3 of US individuals in their lifetime
Threat to IP by nation statesspeed & volume of what can be taken to market$600 billion in losses; thousands of jobs (if…)
Threat to military targets/operationsDisruption of communications, “dumbing” bombs..
Threat to infrastructure – Cyber-physical
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Malware 1Virus – A bit of machine code that is designed to
insert it’s self into existing code on your computer (an “infected file”)
“signatures” are snippets of code that indicate a virus
Worm – a program that tries to infect other computers using your computer
Trojan horseA program that seems “OK” but carries malware
Scripts – higher level programming elements that are executed by your browser (or other tools)
Rootkit – a virus infecting the very basic level of your system so it is hard to detect and eliminate
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Malware 2
Adware – causes ads to appear typically unwelcome ones, but may also track your use of the system
pop-up (on top of your browser)pop-under (window hidden below your browser)
Bot, Botnet, Zombie
A computer (yours??) taken over with a virus (often a root kit) that is controlled from a remote siteYou can “rent” a million systems to do your bidding
spyware, keystroke logging
Malware on your system may watch what you dokeystroke logging allows capture of passwords
Identify Theft
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Malware 3Spoofing
Fake nameFake email addressFake IP AddressFake URL/Domain…
SPAM – is unsolicited email (ads..)But: Phishing – seeks to get you to disclose key information --- “Hi, I’m Jane from Credit Card …” Often appears to be from a bank, or major vendorDownloaders – web site that stuffs files onto your computer when you are not looking – may use scripting…
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
A Phishing Expedition?
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Email Attack
Email warning signsEmail warning signsNo SubjectNo SubjectJust has a URL, no explanationJust has a URL, no explanationOdd Domain targetsOdd Domain targetsKey Alert: “PHP” (executable file)Key Alert: “PHP” (executable file)
John indicates someone accessed his Yahoo acctJohn indicates someone accessed his Yahoo acctI got three copies, but sent to three different email I got three copies, but sent to three different email accounts of mineaccounts of mine
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
A Phishing we will go
Odd title: “WU”Odd title: “WU”Bad grammar : funds is availableBad grammar : funds is availableSent from unexpected country: “.uy”Sent from unexpected country: “.uy”Not a language I’d expect – Oddly URL is “accurate” Not a language I’d expect – Oddly URL is “accurate”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
MethodsSocial Engineering – via email
“hi I’m representing the estate of …”“Please reply to receive your free….”“I seem to have lost your … please get back to me”
But alsoLeave a USB “thumbdrive”, or SD card in a coffee shop
Call up and ask for GeorgeTail gate into a facilityDate someone “inside”
Hoaxes- Pretends to warn you of a virus, or infectionGets you to download Trojan horse “fix”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
The Good stuffFirewall – sits between your computer and the bad guys
Limits what can come inLimits what goes out
Patches, updates It is a pain when Microsoft/Apple triggers a downloadfollowed by an install sequence ….But, often this is to patch a security hole
Tools on your systemAnti virus scan; malware scan; adware scanreal time browser and email monitoring
Encryption - public/private keys – VPNSites with “HTTPS” are safer than sites with “HTTP”
Microsoft “defender” etc. is one tool from folks with a high incentive to cover their liabilities
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Day zero attacks approximately 12 of 12 million attacks are Day
Zeroeach year - valued at $50k-500k
This means that “out of date” software is a primary target (patches and updates!!)
There are folks all over the world watching for a really “new” attack … US Government, Security Vendors, white-hat hackers, major corporationsand of course bad guys
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
CYBERATTACK 2 THE HISTORY
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Phone PhreakingIn Band signaling – 2600 Hertz to get controlBlind youth with perfect pitch & controlCapt. Crunch whistleBlue Box technology – “The Woz”
“Hackers” – conventions with anonymous & MasksSocial engineering
Inspired Steve Wozniack – founder of Apple
Discovery Channel DocumentaryThe Secret History of Hacking (on YouTube)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
History – KGB & Star Wars<local 12min>
“The Cuckoos Egg" - Cliff Stoll and the KGB - 75 cent error – 1986- watched to observe “code insertion” and changing of the accounting log- Reported to “authorities”
Lawrence Livermore links to Starwars program- Traced back to MITRE corp in Virginia- Traced back to German University “Student”- Funded by KGB!
Cliff is an interesting character, see his video on Ted.com “18 minutes with an agile mind”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Robert Morris - 1988 Internet WormUsed known entry points:
“-Debug” in emailoverflow in “Finger” programon system dictionary to break passwordson system listing of neighboring ‘trusted’ systemsemail propagation though user lists
No actual “damage” – a “proof of concept”that got out of control
Irony: Robert Morris Sr. worked at NSA at the time
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Rand Reports Cyberwarfare scenario circa 1995
Sequence of eventsIncluding airliner attack (control system)Wall Street attack
WithNation States potentially involvedTerroristsUS Dissidentsand an outbreak of war in the middle east
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Love Bug -- 2000 LOVE-LETTER-FOR-YOU.txt.vbs
10’s of millions of infected computersBillions of dollars of damageNot illegal in Philippines where it was createdforwarded itself to first 50 folks on your Outlook email list
YOU.txt.vbs --- .txt is a harmless “text file” extension
YOU.txt.vbs --- VBS is a potentially harmful executable
Windows defaults to “not show” known extensions
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Kevin Milkinick“Notorious” for breaking into Digital & other
Computers
Often used default passwords (field service access)Or easily broken codes
Looking for money – banks, industrytransfer to other accounts
Served a number of years in jailWas not allowed access to computers
Fought restrictions after release
Now a computer security consultant
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Oil data 2007 to 2009 -- Chinese “University” sources broke into the
major US Oil FirmsDownloaded data about the potential value of
various oil fields explored but not acquired, and recommended acquisition bids
China subsequently bid to various countries for rights to high value oil fields
Projected loss: billions of dollars of value & access to key oil reserves
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Upping the anteAurora proof of concept – 2007
(4 Minutes, CNN video)“Standard” US (& other) Power stationModem link to backup generatorPower cycled unit on/off --- “out of spec”
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
War Stories2013 probe of 3.7 billion systems (MIT Tech
Review)surfaces 310 million vulnerable
Bot scan of "entire" net in 2012 http://en.wikipedia.org/wiki/Carna_Botnet
• 1.3 billion IP addresses identified
• Used 420,000 devices (perhaps even your computer)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
CYBERATTACK 3 WAR!
Nation States
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Cyber warfare (ouch)
A problem of definition … with possible major impact<local> (TED-ed video Defining Cyberwarfare - 3 min)
<local>“Cyberthreat”(French with subtitles from ParisTEDx – 9min- Guy…)Key points:
•Cyberwarfare has an imbalance –favoring attack
•“Reciprocal threats of surprise attack”
•NSA reported to be suggesting pre-emptive attacks (not just cyber) if anticipating a cyber attack
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Farewell Dosier - 1986 Pipeline destruction<DC Myth or real …(affirmed in TEDxParis talk>CIA found out Soviets were seeking sensor/control
units for a trans- Siberian pipelineThey provided units (indirectly) with a “timeout”A number of explosions destroyed the pipeline
(NORAD thought it was a missile launch)
Contributed to economic collapse of Soviet Union(along with Starwars Hoax, Solidarity and the Pope)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
PROMIS US DoD funded software to identify persons of
interest(oddly similar to FBI “Case File” fiasco in 2003)
Developed by exGovernment folks with a transition from a “public domain” program to “copyright” controlled program (leading to lawsuits)
Variants seemed to find their way to IsrealBut then perhaps, Trojan horse variants, to other
countries (Soviets, Iran, et al)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Desert Storm 1990-94Telephone repair team may have sabotaged
Iraqi communications systemsU.S. Special forces “upgraded” SAM anti-aircraft
batteries via stealth or social engineeringFiber optic link across desert was compromised
Side observation – tank commanders downloaded software updates for PC’s via cell phones in field
GPS accuracy was ‘shifted’ for non-military use
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Information in warfare5th domain (land, sea, air, space, cyber)Cyber is 3rd major transition of war
Industrialization, Nuclear power, Cyber
Terrorist organizations& Rogue StatesTo Rogue actors(Pubic health model
coordination)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Estonia April 27, 2007
Denial of service attacks on many areas of Estonian CommerceBanksTV stationsGovernment agencies
Apparently from sources in Russia in response to moving a memorial to Soviet troops
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Georgia 5 August 2008, three days before Georgia
launched its invasion of South Ossetia,
•the websites for OSInform News Agency and OSRadio were hacked--content was replaced by a feed to the Alania TV
•Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler
•Other attacks involved denials of service to numerous Georgian and Azerbaijani websites
(Wikipedia)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Shockwave - “We were warned” CNN/Bipartisan Institute Shockwave 2010
or Bipartisian Policy Institute Official Site “Simulation” (war game) with some fairly recent
“Relevant” participants over a 4 hour period on CNN
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Shockwave YouTube set•Intro part 1 -- “March madness bot attack”
•Part 2: -- quarantine cell phones,
•Part 3: -- impacting internet
•Part 4: -- Russian servers
•Part 5: -- persons of interest in Sudan
•Part 6: -- power out
•Part 7: -- Federal authorities (power priorities)
•Part 8: -- Legal/liabilities,
•Part 9: -- conclusions, summary
Only a subset of the entire program sequence
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet June 2009-July 2010 –Wikipedia, Wired detectives, 2013 update
“The Real Story of Stuxnet” (IEEE Spectrum)
<Local> Langer TED Talk (11 min)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet 1The Human Factor - "always a weak link" –
thumb drive (replication vector as well)valid signed certificate - public/private key
encryptionThis is non-trivial
appeared to involve industrial espionage - stealing info from Siemens PLC controllers
in-memory ghost DLL filereport to systems in Malaysia and Denmark, and
provided for "updates"(re-directed to "sinkhole" – identified 100,000+ systems in dozens of countries)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet 2four zero day exploits - deeply hidden
[Symantic doing deep analysis in a "3 level secure lab" similar to bio-hazard controls]("crackme" games - reverse engineering code -- what does this do?)
contains a "genealogical tree" of infections –led to 5 systems in Iran
table drive code -- how long it should spread, # of systems to infect, end-date: July 12, 2012
Intercepted and changed control commands, disabled exception detection & alarms
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet 3First occurrence of using a strictly digital attack
to destroy physical propertyTwo weeks after reporting
PLC sabotage objectives, the systems in Iran stopped reporting
Precision targeting for a specific facility/configuration
Patience -- then running a bit out of spec, and back to normal -- excessive wear, resulting in premature failure
Inoculation value - prevents infection of previously flagged (registry) systems
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet 4"In the end, Stuxnet’s creators invested years and perhaps
hundreds of thousands of dollars in an attack that was derailed by a single rebooting PC, a trio of naive researchers who knew nothing about centrifuges, and a brash-talking German who didn’t even have an internet connection at home." Wired
May have had 2005 and 2007 precursors
"Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by a group of independent legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia." Wired 2013
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Stuxnet – the gift that keeps on givingFlame – spy on activities (undetected precursor)
Bluetooth “rifle” connection from 2km awaySpoofed as a Windows 7 update(Certificate counterfeit)
Duqu – designed to steal information from industrial control systems
Gauss – steal files, credentials, targeting Lebanese bank credentials
All found by Kaspersky in follow-up on Stuxnet
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
CYBERATTACK 4 PROTECTION
You are here!
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
PasswordsPasswords – over-abused
“What is the value of this protection?”for you or is it their marketing?have a “don’t care” password (but use with care)
For serious stuff: 8+ characters, mix numbers and punctuation, etc.
(some sites encrypt user names as well)Don’t re-use your really important passwords!
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Passwords– the challengeWith modern Graphics Processors (3,000+ parallel
computers on a chip, $1000) it is possible to “break” dictionary word codes (100k words) in 1/10000th of a second. – 8 number/letter strings in 4 days
75 days for 8 characters with punctuation Hilarie Orman suggests
•pass phrases: “worldinhishands”
•Random words: “correct horse battery staple house”
•Mangled phrases: “scoRe4&7annos”She also discovered that her “basal ganglia” typos
yielded passwords she did not know but could reproduce – just typing fast.
Quantum Computing can void all betshttp://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Biometrics, et alBiometrics include:
• Fingerprint scanning
• Retinal scan
• Face recognition
• Voice recogntion
Tokens
• USB stick with critical key
• Secondary access key
• Shared secrets
•Mother’s maiden name, first pet, etc.
Double password – Fidelity's encrypted user name
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Tools you want to use:Firewall – watches & locks the doors in and out
16,000 doors in, 16,000 doors out (more on some)
Virus protection – scans and quarantines problem filesMicrosoft security essentials (Windows Defender)
Email/browser (Internet) scanningFor viruses in downloads, for abnormal site activities
Spyware/Malware/adware detection
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Who you goin’a trust?Walt Mossberg, prev. with WSJ.http://allthingsd.com/author/walt/
Consumer Reports periodic evaluation of toolsJune 2013 issue
PC Maghttp://www.pcmag.com/article2/0,2817,2372370,00.asp
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
AntivirusPC Mag preferences (2013)Free: AVG AntiVirus Free or Adaware AntiVirusPaid: Bitdefender, Webroot SecureAnywhere
Antivirusor Kaspersky Anti-Virus
Consumer reports (6/2013):Free: Avast and AviraPaid: Gdata, ESET, F-Secure, Kaspersky, Avira
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
April 2014 Antidote AnecdoteWife’s XP system got “The Memo” (XP support ends
April 9 – no updates, no virus updates, expect trouble)
So, I updated and ran Windows Security Essentials
•“no problems found” (most recent update)Installed AVAST “Free”
•Quick Run – one problem found
•Boot Run – 11 problems foundInstalled Malwarebytes
•Circa 50 or so files and registry entries found
•(mysearchdial, myspeeddial, installon, rightstuff)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
2013PCMageval
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
PC Mag anti Malwareevaluation
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Mobile
Lookout and Avast suggested by Mossberg
Keep your blue tooth off when not needed
http://allthingsd.com/20121220/beware-of-malware-mobile-security-apps-to-safeguard-your-phone/
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Turn off things you don’t need3rd party cookies (“mother may I”)Images in emailScripting
And Turn on things you may need to knowBeware of files with names like:
“Important.txt.exe”the dual extension is a form of spoofing
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
What does your browser know?IP addressWhat site you came fromOperating environment (OS, device, ..)Cookies
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
CookiesAn identifier stored though your browser to
maintain page to page continuityContains “URL”, “timeout”, “identifier”Any mult-page transaction requires oneSet (at least) when you log into a siteCan span logins (welcome back)
3rd party cookies (Doubleclick.com) etc“tracking pixel/images”
Moving to a permanent user ID in Windows 8, iPhone, etc. (may be able to turn it off)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://browserspy.dk/TestResultIP Address72.71.205.187Hostnamepool-72-71-205-187.cncdnh.fast01.
myfairpoint.netCountryUS - United StatesRegion
City: Bedford Postal Code: 03110 Latitude: 42.9396 Longitude: -71.5353 Long IP number1212665275
==================Windows Media Player unique ID
And more
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
And be careful of what you doSocial media is neat, but …
Facebook ID tied to “Like” bugs –Movement to share login ID’s (and data)Classic question: what ID should I use for ???
Assume your emails, postings, etc. are recorded
Assume your search paths, words, downloads etc. are monitored
Advertising, profiling (private or governmental)
Check Apps for privileges they request
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Is your camera taking pictures…Q:I was surprised to see updates for some of my favorite apps say they
can access my camera to take pictures or video at any time without my permission. Can they really take pictures or video from my camera?
A:I wouldn’t use any app that could trigger the camera without your
knowledge or at least implied consent each time. An app might legitimately be using the camera for tasks like scanning bar codes or business cards. But even so, it should be obvious and allow you to decide what to do. And if the app is one that should never need the camera, but says it wants to do so, don’t use it.
Apple says it flags and rejects apps that use the camera without stating that the camera is part of the app’s functionality. Google doesn’t curate apps in advance and apps’ disclosures are generally stated all at once in a dense page at download.
http://allthingsd.com/20131022/sneaky-apps-and-quiet-tv-watching/?refcat=reviews
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
If things don’t seem rightForce a security/malware scan
(more than one tool may be wise)Re-boot systemYou can re-boot in “Safe Mode”
Holding down F8 while system starts(Options: start with or without internet)
Folks like the GeekSquad have CDs they can use to boot your system from CD to purge rootkits, etc.
Avira has tools for recovering if PC is dead, there is also a thumbdrive tool that may help
Avast has “Boot version” you can run
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Concepts
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Encryption (encoding …)Substitution codes such as:
send money => tfme.npofz
Single pad encryption – convert using text from some arbitrary source, just once. If recipient has source, then decrypt is easy
Public/Private keykeys involve products of two large prime numbers
(factoring primes is a key to breaking encryption)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Public/Private key encryption Alice encrypts with her private key,
anyone can decrypt with her public key
John encrypts with Alice’s public key,Only Alice can decrypt
Alice encrypts with her private key, then John’s public key, only John can decrypt, and can use Alice’s public key to confirm it is from Alice
“Certificate revocation” needed to declare compromised private keys
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
SteganographyHiding messages by subtle manipulation of text,
images, video, music, etc.Example from Sam Houston Univ:"A study of religion must include the use of the shrines
important to the religious practice. One should also consider how money is collected to support the religion. Every drop of knowledge must be scrutinized.“
Extra spaces can be inserted to select words:"A study of religion must include the use of the
shrines important to the religious practice. One should also consider how money is collected to support the religion. Every drop of knowledge must be scrutinized.“
In a picture or video you can make subtle changes to an image where both parties hold the master for comparison …
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
CYBERATTACK 5 NEWS
Nation States
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
AnonymousOutgrowth of 4chan – “BBS” community
Internet freedom – no censorship<local> 2008 Scientology msg 3minPhysical Presence (world wide, hundreds)
Wikileaks – Mastercard/Amazon/PayPalArab Spring
Care packages (Ham radios, modems, …)Relaying tweets, Facebook updates, etc.
All Channels – in the streets, dial indenial of service, theft of data, …
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Whats New(s) … recent events
NSA Data Center meltdown – Oct. 8th WSJ report
10 failures in last 13 months“Chronic electronic surges”Destroying $100,000’s of machineryAnd delayed operations by 1+ years
New Buffdale Utah site
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Steganographic smuggling IEEE Spectrum Nov 2013- “4 New Ways to
Smuggle Messages Across the Internet”By: Wojciech Mazurczyk, Krzysztof Szczypiorski & Józef
Lubacz
BitTorrent – control sequence of servers used
Skype – “empty packets” (voice pauses)
Goggle suggest – “man in the middle” adding entries
WiFi packet padding – using pad bits
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Tor(previously TOR, an acronym for The Onion
Router) is free software for enabling online anonymity. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than four thousand relays[6] to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.
From wikipedia
Tor encryption devices/routers available for under $100 –plug in (and slow down) for increased privacy (but beware of cookies, etc. that can still track you)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
RFIDRadio Frequency Identifier Chip
“EZ Pass”Mobile card “on the fly” (other credit cards)US PassportsCar KeysHotel pass keys, Access/ID CardkeysEmbedded in Clothes/price tag/unpaid alertEmbedded in pets
Amal Graafstra’s hands
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Operation Shady RAT
“ networks were compromised by remote access tools — or RATs.These tools have legitimate uses for system administrators — give someone the ability to access a computer from across the country. In this case, however, they were secretly placed on the target systems, hidden from the eyes of users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.”
http://allthingsd.com/20110803/operation-shady-rat-the-biggest-hacking-attack-ever/
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Prevention and path forwardHow you get infected and what to do? <local>TED presentation (18 min) – James Lyne
Hire the hackers (TED 18min) <local>Profiles examples of hackers
Vaccination is a public health concern, not just a private issue --- that is, using a firewall and anti-virus protection are important for everyone, not just your own system.
If you are not part of the solution you are part of the problem
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Related considerationsCryptocurrencies [SSIT Google Hangout to
YouTube]Bitcoin –anonymity and the net
• “like cash” – not traceable
• Nice for privacy
• Real nice for criminal activities
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Bit Coin (thanks to IEEE Spectrum)
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks
Questions, answers, discussion, challenges
If you are not paranoid, you are not paying attention.
http://is.gd/Cyberattackshttp://is.gd/Cyberattacks