|
|
|
|
Today’s Lecture:
Cyber Crime
• To find out about several types
of crimes that occur over cyber space (i.e. the Internet)
• To familiarize ourselves with with several methods that can be used to
minimize the ill effects of
those crimes
39.1 07 February 2000
• Users trying to get on to the
Web sites of Yahoo, couldn’t!
• Reason: Their servers were extremely busy!
• They were experiencing a huge number of hits
• The hit-rate was superior to the case when a grave incident (e.g.
9/11) occurs, and people are trying
to get info about what has happened
• The only problem was that nothing of note had taken place!
What was going on?
• A coordinated, distributed DoS
(Denial of Service) attack was taking place
• Traffic reached 1 GB/s; many times of normal!
• In the weeks leading to the attack, there was a noticeable rise in the
number of scans that Internet
servers were receiving
• Many of these scans appeared to originate from IP addresses that
traced back to Korea, Indonesia,
Taiwan, Australia
Three Phases of the DoS
1.Search
2.Arm
3.Attack
1. Search for Drones
• The attackers set about
acquiring the control over the computers to be used in the attack …
• by scanning – using e.g. Sscan SW – a large numbers of computers
attached to the Internet
• Once a computer with a weak security scheme is identified, the
attackers try a break-in
• Once conquered, that computer – called a drone – will be used to scan
others
2. Arming the Drones
• After several drones have been
conquered, the DoS SW is loaded on to them
• Examples: Tribal Flood Network, Trinoo, TFN2K
• Like a time-bomb, that SW can be set to bring itself into action at a
specified time
• Alternatively, it can wait for a commencement command from the
attacker
3. The Actual Attack
• At the pre-specified time or on
command, the SW implanted on all of the drones wakes-up and
starts sending a huge number of messages to the targeted servers
• Responding to those messages overburdens the targeted servers and they
become unable to perform
their normal functions
Neutralizing the Attack
• The engineers responsible for
monitoring the traffic on the Yahoo Web sites quickly identified the
key characteristics of the packets originating from those drones
• Then they setup filters that blocked all those packets
• It took them around 3 hours to identify and block most of the hostile
packets
• BTW, the sender’s IP address can be spoofed, making it impossible to
block the attack just by
blocking the IP addresses
The Aftermath
• None of the Yahoo computers got
broken-into; The attackers never intended to do that
• None of the user data (eMail, credit card numbers, etc.) was
compromised
• Ill-effects:
– Yahoo lost a few million’s worth of business
– Millions of her customers got annoyed as they could not access their
eMail and other info from the
Yahoo Web sites
Who Done It?
• The DoS SW is not custom SW, and
can be downloaded from the Internet. Therefore, it is difficult
to track the person who launched the attack by analyzing that SW
• After installing the DoS SW on the drones, setting the target computer
and time, the attackers
carefully wipe away any info on the drone that can be used to track them
down
• End result: Almost impossible to track and punish clever attackers
How to stop DoS attacks from taking place?
• Design SW that monitors incoming
packets, and on noticing a sudden increase in the number of
similar packets, blocks them
• Convince system administrators all over the world to secure their
servers in such a way that they
cannot be used as drones
• BTW, the same type of attack brought down the CNN, Buy, eBay, Amazon
Web sites the very next
day of the Yahoo attack
39.2 DoS Attack: A Cyber Crime
• DoS is a crime, but of a new
type - made possible by the existence of the Internet
• A new type of policing and legal system is required to tackle such
crimes and their perpetrators
• Internet does not know any geographical boundaries, therefore
jurisdiction is a key issue when
prosecuting the cyber-criminal
Cyber crime can be used to …
• Damage a home computer
• Bring down a business
• Weaken the telecom, financial, or even defense-related systems of a
country
Cyberwar!
• In 1997, blackouts hit New York
City, Los Angeles
• The 911 (emergency help) service of Chicago was shut down
• A US Navy warship came under the control of a group of hackers
• What was happening? A cyber attack!
• All of the above did not happen in reality, but in a realistic
simulation
• The US National Security Agency hired 35 hackers to attack the DoD’s
40,000 computer networks
• By the end of the exercise, the hackers had gained root-level (the
highest-level!) access to at least 3
dozen among those networks
Cyberwarfare:
A clear and present threat as well
opportunity for all of the world’s armed force!
39.3 More cybercrimes …
Mail Bombing
• Similar in some ways to a DoS
attack
• A stream of large-sized eMails are sent to an address, overloading the
destination account
• This can potentially shut-down a poorly-designed eMail system or tie
up the telecom channel for
long periods
• Defense: eMail filtering
Break-Ins
• Hackers are always trying to
break-in into Internet-connected computers to steal info or plant
malicious programs
• Defense: Intrusion detectors
Credit Card Fraud
• A thief somehow breaks into an
eCommerce server and gets hold of credit numbers and related
info
• The thief then uses that info to order stuff on the Internet
• Alternatively, the thief may auction the credit card info on certain
Web sites setup just for that
purpose
• Defense: Use single-use credit card numbers for your Internet
transactions
Software Piracy
• Using a piece of SW without the
author’s permission or employing it for uses not allowed by the
author is SW piracy
• For whatever reason, many computer users do not consider it to be a
serious crime, but it is!
• Only the large rings of illegal SW distributors are ever caught and
brought to justice
• Defense: Various authentication schemes. They, however, are seldom
used as they generally
annoy the genuine users
Industrial Espionage
• Spies of one business monitoring
the network traffic of their competitors
• They are generally looking for info on future products, marketing
strategies, and even financial
info
• Defense: Private networks, encryption, network sniffers
Web Store Spoofing
• A fake Web store (e.g. an online
bookstore) is built
• Customers somehow find that Web site and place their orders, giving
away their credit card info in
the process
• The collected credit card info is either auctioned on the Web or used
to buy goods and services on
the Web
39.4 Viruses
• Self-replicating SW that eludes
detection and is designed to attach itself to other files
• Infects files on a computers through:
– Floppy disks, CD-ROMs, or other storage media
– The Internet or other networks
• Viruses cause tens of billions of dollars of damage each year
• One such incident in 2001 – the LoveBug virus – had an estimated
cleanup/lost productivity cost of
US$8.75 billion
• The first virus that spread world-wide was the
Brain
virus, and was allegedly designed by
someone
in Lahore
One Way of Classifying Viruses
• Malicious
– The type that grabs most headlines
– May destroy or broadcast private data
– May clog-up the communication channels
– May tie-up the uP to stop it from doing useful work
Neutral
– May display an annoying, but harmless message
Helpful
– May hop from one computer to another while searching for and
destroying malicious viruses
Anatomy of a Virus
• A virus consists of 2 parts:
• Transmission mechanism
• Payload
Transmission Mechanism
• Viruses attach themselves to
other computer programs or data files (termed as
hosts)
• They move from one computer to another with the
hosts
and spring into action when the
host
is
executed or opened
Payload
• The part of the virus that
generally consists of malicious computer instructions
• The part generally has two further components:
– Infection propagation component:
• This component transfers the virus to other files residing on the
computer
– Actual destructive component:
• This component destroys data or performs or other harmful operations
Commonsense Guidelines
• Download SW from trusted sites
only
• Do not open attachments of unsolicited eMails
• Use floppy disks and CDROMs that have been used in trusted computers
only
• When transferring files from your computer to another, use the
write-protection notches
• Stay away from pirated SW
• Regularly back your data up
• Install Antivirus SW; keep it and its virus definitions updated
Antivirus SW
• Designed for detecting viruses &
inoculating
• Continuously monitors a computer for known viruses and for other
tell-tale signs like:
– Most – but, unfortunately not all – viruses increase the size of the
file they infect
– Hard disk reformatting commands
– Rewriting of the boot sector of a hard disk
• The moment it detects an infected file, it can automatically inoculate
it, or failing that, erase it
39.5 Other Virus-Like Programs
• There are other computer
programs that are similar to viruses in some ways but different in some
others
• Three types:
– Trojan horses
– Logic- or time-bombs
– Worms
Trojan Horses
• Unlike viruses, they are
stand-alone programs
• The look like what they are not
• They appear to be something interesting and harmless (e.g. a game) but
when they are executed,
destruction results
Logic- or Time-Bombs
• It executes its payload when a
predetermined event occurs
• Example events:
• A particular word or phrase is typed
– A particular date or time is reached
Worms
• Harmless in the sense that they
only make copies of themselves on the infected computer
• Harmful in the sense that it can use up available computer resources
(i.e. memory, storage,
processing), making it slow or even completely useless
• Designing, writing, or propagating malicious code or participating in
any of the fore-mentioned
activities can result in criminal prosecution, which in turn, may lead
to jail terms and fines!
Today’s Lecture:
• We found out about several types
of computer crimes that occur over cyber space
• We familiarized ourselves with with several methods that can be used
to minimize the ill effects of
these crimes
Next Lecture’ Goals
(Social Implications of Computing)
We will explore the impact of
computing on:
Business
Work
Living
Health
Education |
|
|
|
|