Professional Documents
Culture Documents
Chapter Overview
Introduction
Viruses, worms, and Trojan horses
Phreaks and hackers
Denial-of-service attacks
Recent Incidents
Online voting
2
Introduction
6
Worms
Worm
Self-contained program
Spreads through a computer network
Exploits security holes in networked computers
Famous worms
WANK – product of cyberterrorism to stop NASA project
Code Red (July 19 2001) – DoS attack to
www.whitehouse.gov
Sapphire (Slammer) – Fastest moving worms in recent history
Blaster (Aug 12, 2003) – exploited a bug in Windows XP and
Windows 2000 and provides DoS to windows.update.com
Sasser - was launched in April 2004 to exploit security hole in
Windows XP.
7
The Internet Worm
Robert Tappan Morris, Jr.
Graduate student at Cornell
Released worm onto Internet from MIT computer
Effect of worm
Spread to 6,000 Unix computers
Infected computers kept crashing or became
unresponsive
Took a day for fixes to be published
Impact on Morris
Suspended from Cornell
3 years’ probation + 400 hours community service
$150,000 in legal fees and fines
8
Ethical Evaluation
Kantian evaluation (Wrong)
Morris used others by gaining access to their computers
without permission . He use other people to gain an access.
Social contract theory evaluation (Wrong)
Morris violated property rights of organizations
Utilitarian evaluation (Wrong)
Benefits: Organizations learned of security flaws
Harms: Time spent by those fighting worm, unavailable
computers, disrupted network traffic, Morris’s punishments
Morris was wrong to have released the Internet worm
9
Trojan Horses
10
A hacker is…
An explorer
A risk-taker
Someone who tries to make a system do new things
11
Defensive Measures
12
Hackers
• Definition of a hacker
-> The terms hacker and hack are marked by
contrasting positive and negative connotations.
Computer programmers often use the
words hacking and hacker to express admiration
for the work of a skilled software developer, but
may also use them in a negative sense to
describe the production of kludges. In popular
usage and in the media, it most often refers to
computer intruders or criminals.
13
Hackers
• Hack Case
• The photo of Health Secretary Francisco Duque III blowing
plastic trumpets in an effort to show that they're better
than firecrackers was edited to make it look as if the health
chief was blowing some penises. The text that
accompanied it read: "Happy New Year! Don't use
firecrackers! Use penis!"
• Underneath the image was this statement written in
Filipino: "Malamang laking pasalamat ni Duque ng mauso
ang H1N1, dengue, etc aba'y araw-araw lumalabas ang
kanyang commercial!" [Most likely, Duque was thankful
when there was an outbreak of H1N1, dengue, etc. His
commercial was shown every day!]
•
14
15
• Ethical evaluation
->Kantianism evaluation
- Hacker defaced the DOH website
- In his desire to show off or exposed the poor
security of the site, he hacked the site. They
use other people to be thrilled.
- Hacking is wrong.
- People are offended by the action.
16
Hackers
• Ethical evaluation
17
Hackers
Ethical evaluation
18
Phone Phreaks
Definition
-> Phone phreaks is someone who manipulates
a telephone system in order for him to use it
without paying for the service.
19
Phone Phreaks
• Methods
1. Stealing long distance telephone access
codes
-> This is done by looking over other people
dialing their access codes in public places
such as train and bus stations, airports etc.
20
Phone Phreaks
Methods
2. Guessing long distance access codes
-> Phone phreaks develop software to try
different access codes. An overnight run
produces about a dozen or more codes.
21
Phone Phreaks
Methods
3. Blue Boxes
-> is an electronic device that simulates
a telephone operator's dialing console. It
functions by replicating the tones used to
switch long-distance calls and using them to
route the user's own call, bypassing the
normal switching mechanism.
22
The Cuckoo’s Egg
23
Legion of Doom
24
Legion of Doom
25
Fry Guy
26
Fry Guy
27
Fry Guy
28
U.S. vs Riggs
29
Steve Jackson Games
Steve Jackson Games (SJG) published role-playing
games and operated BBS
Loyd Blankenship
Key SJG employee
LOD member
Published E911 document on his own BBS
Secret Service raided SJG and seized computers,
looking for copy of E911 Document
Led to creation of Electronic Frontier Foundation
EFF backed successful SJG lawsuit of Secret Service
6-30
Retrospective
6-31
Penalties for Hacking
Examples of illegal activities
Accessing without authorization any Internet computer
Transmitting a virus or worm
Trafficking in computer passwords
Intercepting a telephone conversation, email, or any
other data transmission
Accessing stored email messages without authorization
Adopting another identity to carry out an illegal activity
Maximum penalty: 20 years in prison + $250,000 fine
6-32
Recent Incidents
33
In April 2004 several American super
computer installations reported that
hackers had broken into computers
connected to a high-speed network
called TeraGrid.
34
The Hackers also accessed
computers at Cisco Systems and
stole some of that company’s
software. Security experts, FBI
agents, and Swedish police worked
for more than a year to identify
the European culprits and bring
the break-ins to an end.
35
Denial-of-Service Attacks
36
The aim of a DoS attack is to
disrupt a computer server’s
ability to respond to its clients.
A DoS attack is an example of an
“asymmetric” attack, which a
single person can harm a huge
organization.
37
Examples of Dos attacks
38
In October 2002 a Dos attack was
lunched against the Internet’s 13
root servers, which act as the
Internet’s ultimate authority with
respect to matching domain names
to IP addresses.
39
The Cooperative Association for
Internet Data Analysis at the
University of California estimates
that 4,000 Web sites suffer DoS
attacks each week.
40
Attacks that Consume Scarce Resources
41
Two Internet processes establish a
TCP communication link by
following a precise series of
steps called a “Three-way-
handshake”.
42
Three-way handshake
43
SYN flood attack
45
Another is turning of the amplifier network
capability routers, taking a weapon out if the
hands of those who wish to launch a smurf
attack.
46
Distributed Denial-of-Service
Attacks (DDoS)
The attacker rents access to a bot network
from a bot-header. At the selected time, the
command-and-control computer send the
appropriate instructions to the bots, which
launch their attack on the targeted system.
DDoS is a smurf attack, except that now the
initial “ping” are being sent from thousand of
computers, so there are thousand of times
more responses being echoed to the target
system.
47
Defending DDoS Attack
48
Blue Security
Israeli company Blue Security created a spam-
deterrence system for people tired of receiving
unwanted email.
Sold the service to businesses, but individuals
could protect their home computer for free.
About half a million people signed up for his free
service.
Users loaded a bot called Blue Frog on their
computers. The bot integrated with Yahoo! Mail,
Gmail, and Hotmail, checking incoming
messages for spam.
49
When it discovered a spam message, the bot
would contact a Blue Security sever to
determine the source of the email. Then the bot
would send the spammer an opt-out [44].
Spammer who indiscriminately sent emails to
millions of addresses started receiving hundreds
of thousands of opt-out message, disrupting
their operation
50
SATAN
52
Motivation for Online
Voting
The 2000 Presidential election was one of the
closest contest in U.S history. Florida was the
pivotal state; without Florida’s electoral votes,
neither Democrat Al Gore nor Republican
George W Bush had a majority of votes in the
Electoral College. After a manual recount of the
votes in four heavily Democratic counties, the
Florida Secretary Bush’s margin of victory was
incredibly small: less than 2 votes out of every
10,00 votes cast.
53
Proposals
54
Ethical Evaluation
Utilitarian Evaluation
Benefits of Online Voting
Would give people who ordinarily could not get to
the polls the opportunity to cast a ballot from their
homes.
Could counted much more quickly.
Will not have any of the ambiguity associated with
physical votes, such as hanging chad, erasures, etc.
Less money than traditional elections.
Eliminate the risk of somebody tampering the ballot
box.
55
Risk of Online Voting
Unfair because it gives an unfair advantage
to those who are financially better off.
The same system that authenticates the
voter also records the ballot. This makes it
more difficult to preserve the privacy of the
voter.
Increase the opportunities for vote
solicitation and vote selling.
A web site hosting a election is an obvious
target for a DDoS attack.
56