1

Chapter Overview

 Introduction
 Viruses, worms, and Trojan horses
 Phreaks and hackers
 Denial-of-service attacks
 Recent Incidents
 Online voting

2
Introduction

 Computers getting faster and less

expensive
 Utility of computers increasing
 Email
 Web surfing
 Shopping
 Managing personal information
 Increasing use of computers  growing
importance of computer security
3
 Hackers – people who use other
computers without authorization
Physical Hackers – physical
trespassing
Electronic - uses sophisticated
programs to gain an access
Hacker crackdown – contributed by
hackers and public distribution of
programs to break in
Viruses (1/2)
2
 Virus: piece of self-replicating code
embedded within another program (host)
 Viruses associated with program files
 Hard disks, floppy disks, CD-ROMS
 Email attachments -virus reads address books
 How viruses spread
 Diskettes, CD’s, or USB devices
 Email
 Files downloaded from Internet

* 2003 study shows that 45% of files

downloaded from Kazaa contains virus.
 Viruses (2/2)
 Well-known viruses

 Brain (1986) – not malicious and no significant harm

 Michelangelo (1991) – March 6 – birthday of Michaelangelo
 Melissa (1999)– Email attachment create by David L. Smith
 Love Bug (2000) – destroys media files (Onel De Guzman)

 Popular Anti-Virus Software

 AVG
 Bit Defender
 Norton
 McAfee

6
Worms
 Worm
 Self-contained program
 Spreads through a computer network
 Exploits security holes in networked computers
 Famous worms
 WANK – product of cyberterrorism to stop NASA project
 Code Red (July 19 2001) – DoS attack to
www.whitehouse.gov
 Sapphire (Slammer) – Fastest moving worms in recent history
 Blaster (Aug 12, 2003) – exploited a bug in Windows XP and
Windows 2000 and provides DoS to windows.update.com
 Sasser - was launched in April 2004 to exploit security hole in
Windows XP.

7
The Internet Worm
 Robert Tappan Morris, Jr.
 Graduate student at Cornell
 Released worm onto Internet from MIT computer
 Effect of worm
 Spread to 6,000 Unix computers
 Infected computers kept crashing or became
unresponsive
 Took a day for fixes to be published
 Impact on Morris
 Suspended from Cornell
 3 years’ probation + 400 hours community service
 $150,000 in legal fees and fines
8
 Ethical Evaluation
 Kantian evaluation (Wrong)
 Morris used others by gaining access to their computers
without permission . He use other people to gain an access.
 Social contract theory evaluation (Wrong)
 Morris violated property rights of organizations
 Utilitarian evaluation (Wrong)
 Benefits: Organizations learned of security flaws
 Harms: Time spent by those fighting worm, unavailable
computers, disrupted network traffic, Morris’s punishments
 Morris was wrong to have released the Internet worm

9
Trojan Horses

 Trojan horse: program with benign capability

that masks a sinister purpose
 Remote access Trojan: Trojan horse that
gives attack access to victim’s computer
 Back Orifice
 SubSeven
 RAT servers often found within files
downloaded from erotica/porn Usenet sites

10
A hacker is…
An explorer
A risk-taker
Someone who tries to make a system do new things

*NOTE Being called a “hacker” was a sign of respect

11
Defensive Measures

 Authentication - The end user has the

permission to gain an access. Authorization -
The person is he who claims to be (use of
passwords, smart cards and biometrics)
 Firewalls- computer that mediates between
LAN and Internet. Monitors the packet IN and
OUT

12
Hackers

• Definition of a hacker
-> The terms hacker and hack are marked by
contrasting positive and negative connotations.
Computer programmers often use the
words hacking and hacker to express admiration
for the work of a skilled software developer, but
may also use them in a negative sense to
describe the production of kludges.  In popular
usage and in the media, it most often refers to
computer intruders or criminals.
13
Hackers
• Hack Case
• The photo of Health Secretary Francisco Duque III blowing
plastic trumpets in an effort to show that they're better
than firecrackers was edited to make it look as if the health
chief was blowing some penises. The text that
accompanied it read: "Happy New Year! Don't use
firecrackers! Use penis!"
• Underneath the image was this statement written in
Filipino: "Malamang laking pasalamat ni Duque ng mauso
ang H1N1, dengue, etc aba'y araw-araw lumalabas ang
kanyang commercial!" [Most likely, Duque was thankful
when there was an outbreak of H1N1, dengue, etc. His
commercial was shown every day!]
•

14
 15

Sample of a hacked webpage

Hackers

• Ethical evaluation

->Kantianism evaluation
- Hacker defaced the DOH website
- In his desire to show off or exposed the poor
security of the site, he hacked the site. They
use other people to be thrilled.
- Hacking is wrong.
- People are offended by the action.
16
Hackers

• Ethical evaluation

-> Act Utilitarianism

- As the hacking news spreads, blogs and news
articles are filled with sympathy and anger
towards the hacker. Also affected was Mr.
Duque, the one involved in the website defacing.
Also web developers had headaches repairing
the damages made by the hacker. Thus hacking
in this sense is wrong.

17
Hackers

 Ethical evaluation

-> Rule Utilitarianism

- What if everyone made changes to the
website? Perhaps many people would make
good or bad changes to the website, thus
making it unreliable to users. Thus, the
hacker is wrong from this point.

18
Phone Phreaks

 Definition
-> Phone phreaks is someone who manipulates
a telephone system in order for him to use it
without paying for the service.

19
Phone Phreaks

• Methods
1. Stealing long distance telephone access
codes
-> This is done by looking over other people
dialing their access codes in public places
such as train and bus stations, airports etc.

20
Phone Phreaks

 Methods
2. Guessing long distance access codes
-> Phone phreaks develop software to try
different access codes. An overnight run
produces about a dozen or more codes.

21
Phone Phreaks

 Methods
3. Blue Boxes
->  is an electronic device that simulates
a telephone operator's dialing console. It
functions by replicating the tones used to
switch long-distance calls and using them to
route the user's own call, bypassing the
normal switching mechanism.

22
The Cuckoo’s Egg

- Cliff Stoll was an astronomer turned systems manager

at Lawrence Berkeley Lab when a 75-cent
accounting error alerted him to the presence of an
unauthorized user on his system. The hacker's code
name was "Hunter" -- a mystery invader hiding
inside a twisting electronic labyrinth, breaking into
U.S. computer systems and stealing sensitive
military and security information. Stoll began a one-
man hunt of his own, spying on the spy -- and
plunged into an incredible international probe that
finally gained the attention of top U.S.
counterintelligence agents. Later, it was discovered
that these were German hackers

23
Legion of Doom

- This are groups of phreaks/hackers found by

“Lex Luthor”. It became famous by publishing
“The Legion of Doom Technical Journal”. This
publication contained articles pertaining to
bell labs works and of great use to phreaks
and hackers.

24
Legion of Doom

- Legion of Doom member Robert Riggs (aka

The Prophet) hacked a bellsouth computer.
He got the E911 document (on how 911
emergency system works). He sent a copy to
Craig Neidorf (aka Knight Lightning). Not
wanted to be caught, they modified the E911
document and published it in Neidorf’s e-
magazine, “Phrack”. This was all about
bragging rights for Riggs.

25
Fry Guy

 Callers on June 13, 1989, to the Palm Beach

County Probation Department found
themselves instead chatting with a phone-sex
worker named "Tina" in New York state. Calls
had been rerouted, at no extra charge to the
user, to a pornographic phone-sex hot line
hundreds of miles away.

26
Fry Guy

 For apparently the first time, someone had

broken into the switching station of Southern
Bell (now BellSouth) and reprogramed it.
 In July 1989, the hacker behind the "Tina"
switch -- a 16-year-old in Elmwood, Ind. --
was arrested by the Secret Service and the
Chicago Computer Fraud and Abuse Task
Force.

27
Fry Guy

 The teen's hacker handle was "Fry Guy." He

earned the name by hacking into a local
McDonald's computer and giving raises to his
hamburger-flipping friends. Among his other
exploits: stealing credit card numbers and
scamming Western Union to wire him cash.

28
U.S. vs Riggs

 Craig Neidorf was contacted by the US Secret

Service and was accused of causing AT&T’s
long distance system. Neidorf then
cooperated with the US Service and admitted
that the stolen E911 documents are from
Robert Riggs. They were both charged with
wire fraud, computer fraud and interstate
transportation of stolen property.

29
 Steve Jackson Games
 Steve Jackson Games (SJG) published role-playing
games and operated BBS
 Loyd Blankenship
 Key SJG employee
 LOD member
 Published E911 document on his own BBS
 Secret Service raided SJG and seized computers,
looking for copy of E911 Document
 Led to creation of Electronic Frontier Foundation
 EFF backed successful SJG lawsuit of Secret Service

6-30
Retrospective

 Parallels between hackers and those who download MP3

files
 Establishment overvalues intellectual property
 Use of technology as a “joy ride”
 Breaking certain laws that not that big a deal
 Parallels between response of Secret Service and
response of RIAA
 Cyberspace is real
 Those who break the law can be identified
 Illegal actions can have severe consequences

6-31
 Penalties for Hacking
 Examples of illegal activities
 Accessing without authorization any Internet computer
 Transmitting a virus or worm
 Trafficking in computer passwords
 Intercepting a telephone conversation, email, or any
other data transmission
 Accessing stored email messages without authorization
 Adopting another identity to carry out an illegal activity
 Maximum penalty: 20 years in prison + $250,000 fine

6-32
Recent Incidents

 In 2003 a hacker broke into

computers at the University of
Kansas and copied the personal
files of 1,450 foreign students.
The files contained names, and
social Security numbers, passport
numbers, countries of origin, and
birthdates.

33
 In April 2004 several American super
computer installations reported that
hackers had broken into computers
connected to a high-speed network
called TeraGrid.

34
 The Hackers also accessed
computers at Cisco Systems and
stole some of that company’s
software. Security experts, FBI
agents, and Swedish police worked
for more than a year to identify
the European culprits and bring
the break-ins to an end.

35
Denial-of-Service Attacks

 Denial- of-service (DoS) attack is

an international action designed
to prevent legitimate users from
making use of a computer service.
 A DoS attack is not to steal
information.

36
 The aim of a DoS attack is to
disrupt a computer server’s
ability to respond to its clients.
 A DoS attack is an example of an
“asymmetric” attack, which a
single person can harm a huge
organization.

37
Examples of Dos attacks

 During the week of february 7-11,

2000, a 15-year-old initiated DoS
attacks that disabled many Web
sites, including Amazon.com, eBay,
Yahoo, CNN.com, and Dell. The
teenager, who went by the nickname
“Mafiaboy”, was sentenced to eight
months in juvenile detention.

38
 In October 2002 a Dos attack was
lunched against the Internet’s 13
root servers, which act as the
Internet’s ultimate authority with
respect to matching domain names
to IP addresses.

39
 The Cooperative Association for
Internet Data Analysis at the
University of California estimates
that 4,000 Web sites suffer DoS
attacks each week.

40
Attacks that Consume Scarce Resources

 The most common DoS attack is

against a target systems network
connection. A low tech but
effective way to do this is to cut
the physical connection between
the target computer and its
network.

41
 Two Internet processes establish a
TCP communication link by
following a precise series of
steps called a “Three-way-
handshake”.

42
Three-way handshake

 Assures each process that the other

process is ready to communicate.
Suppose process X wishes to
communicate with process Y. Process X
initiates the handshake by sending Y a
SYN message.
if Y agrees to communicate with X,
it replies with a SYN-ACK message,
acknowledging receipt of X’s SY
message.

43
SYN flood attack

 The attacker’s computer uses IP

spoofing to send the target
computer a SYN message from a
phony client.
 This message travels to phony
client, which cannot respond to
the SYN-ACK message. While the
target computer waits for the ACK
message, the connection remains
half-open.
44
Defensive Measures

- To reduce the threats of DoS attacks through

internet
- Ensuring the physical security of a server is
important defensive measure.
- SA should benchmark the performance of their
computer system in order to establish baselines.
- Disk quota system are another good security
measure.
- Disabling unused network service is another
prudent policy.

45
 Another is turning of the amplifier network
capability routers, taking a weapon out if the
hands of those who wish to launch a smurf
attack.

46
Distributed Denial-of-Service
Attacks (DDoS)
 The attacker rents access to a bot network
from a bot-header. At the selected time, the
command-and-control computer send the
appropriate instructions to the bots, which
launch their attack on the targeted system.
 DDoS is a smurf attack, except that now the
initial “ping” are being sent from thousand of
computers, so there are thousand of times
more responses being echoed to the target
system.
47
Defending DDoS Attack

 SA must be able to secure their computers to

keep them from being infected by bots.
 Install filter that check outgoing messages for
forged IP addresses.
 An outgoing message packet should have a
“from” address matching one of the local
machines.

48
Blue Security
 Israeli company Blue Security created a spam-
deterrence system for people tired of receiving
unwanted email.
 Sold the service to businesses, but individuals
could protect their home computer for free.
 About half a million people signed up for his free
service.
 Users loaded a bot called Blue Frog on their
computers. The bot integrated with Yahoo! Mail,
Gmail, and Hotmail, checking incoming
messages for spam.

49
 When it discovered a spam message, the bot
would contact a Blue Security sever to
determine the source of the email. Then the bot
would send the spammer an opt-out [44].
 Spammer who indiscriminately sent emails to
millions of addresses started receiving hundreds
of thousands of opt-out message, disrupting
their operation

50
SATAN

 In 1995 computer-security expert Dan Farmer

released a program called Security
Administrator Tool for Analyzing Networks
(SATAN)
 To probe their computers for security
weaknesses.
 Farmer said, “SATAN was written because we
realize that computer systems are becoming
more and more dependent on the network,
and more vulnerable to attack”
51
 Critics fretted that SATAN, with its easy-to-use
interface, would turn relatively unskilled
teenagers into a computer hackers.
 “a two-edge sword that can be used for good
and evil”
 Purpose: helping SA, particularly novices,
identify and fix security problems with their
network.

52
Motivation for Online
Voting
 The 2000 Presidential election was one of the
closest contest in U.S history. Florida was the
pivotal state; without Florida’s electoral votes,
neither Democrat Al Gore nor Republican
George W Bush had a majority of votes in the
Electoral College. After a manual recount of the
votes in four heavily Democratic counties, the
Florida Secretary Bush’s margin of victory was
incredibly small: less than 2 votes out of every
10,00 votes cast.
53
Proposals

 Many people suggested voting via the

internet be used, at least as a way of casting
absentee ballots. In fact, online Voting is
already a reality.

54
Ethical Evaluation

 Utilitarian Evaluation
 Benefits of Online Voting
 Would give people who ordinarily could not get to
the polls the opportunity to cast a ballot from their
homes.
 Could counted much more quickly.
 Will not have any of the ambiguity associated with
physical votes, such as hanging chad, erasures, etc.
 Less money than traditional elections.
 Eliminate the risk of somebody tampering the ballot
box.

55
 Risk of Online Voting
 Unfair because it gives an unfair advantage
to those who are financially better off.
 The same system that authenticates the
voter also records the ballot. This makes it
more difficult to preserve the privacy of the
voter.
 Increase the opportunities for vote
solicitation and vote selling.
 A web site hosting a election is an obvious
target for a DDoS attack.

56