e-SPIONAGE

1. e-SPIONAGE Ankur Bansal CS-575 April 26th,2008

2. “ The U.S. military created the internet. Now the web may be turning against its maker.” Business Week, April 21st 2008

3. Overview • What is Espionage • Spy-wares • Espionage as National Issue

4. Espionage • Espionage or spying involves a human being obtaining information that is considered secret without the permission of the its holder. • The ancient writings of Chinese and Indian military strategists such as Sun-Tzu and Chanakya contain information on deception and spying.

5. Espionage (Contd..) • Chanakya's student Chandragupta Maurya, founder of the Maurya Empire, made use of assassinations, spies and secret agents, which are described in Chanakya's Arthasastra. • The ancient Egyptians had a thoroughly developed system for the acquisition of intelligence • Japan often used ninja to gather intelligence. • Spies played a significant part in Elizabethan England • USA and Russia used spies extensively during cold war period

6. Spy-wares • Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

7. Spy-ware (Contd.) • Functions of spyware extend well beyond simple monitoring • Spyware can collect various types of personal information, Internet surfing habit, sites visited • It Can interfere with user control of the computer • Can installing additional software. • Can redirect Web browser activity. • Access websites that can cause viruse infections. • Can change computer settings, resulting in slow connection speeds, loss of Internet or other programs

8. History of Spy-wares • The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft's business model • Spyware at first denoted hardware meant for espionage purposes. • In 2000 the Zone Labs used the term in a press release. Since then, "spyware" has taken on its present sense.

9. Spyware/ Adware/ Virus • Adware refers to software which displays advertisements, whether or not the user has consented • Example - Eudora mail client display advertisements as an alternative to shareware registration fees • Most adware is spyware as they displays advertisements related to what they find from spying. • Unlike viruses and worms, spyware does not usually self-replicate

10. kaZaa – an example • kaZaa is one of the most popular softwares today. • It’s free – downloadable in minutes • Allow people to share/ exchange files • Millions of users • 247 Millions as of July,2003

11. kaZaa (contd.) • But there is a catch • When installed you get more than just kaZaa; you also get: • Cydoor – a tracking advertising software • Displays pop-up ads • Tracks web surfing habits • Gator – ad-driven backdoor software • Altnet – a hidden p2p software • Many others that kaZaa wishes to include

12. Routes of infection • Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. • Spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. • 3 common ways: • Piggybacking on a piece of desirable software • Trojan horse method: Tricking user to installing it. • Posing as anti-spyware programs, while being spyware themselves.

13. Examples • CoolWebSearch: • Directs traffic to advertisements on coolwebsearch.com. • Rewrites search engine results • Alters the computer's hosts file to direct DNS lookups to ad pages. • Internet Optimizer, also known as DyFuCa • When users follow a broken link or enter an erroneous URL, they see a page of advertisements. • Since password-protected Web sites use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. • Zango (formerly 180 Solutions) • Transmits detailed information to advertisers about the Web sites which users visit. • Alters HTTP requests for affiliate advertisements linked from a Web site. • Zlob trojan, or just Zlob • Downloads itself to your computer via an ActiveX codec • Reports information back to Control Server. • Some information can be as your search history, the Websites you visited, and even Key Strokes.

14. Problems • These softwares often run silently in background, without user’s knowledge! • It is very hard to detect these non-destructive but intrusive activities • Undesirable features are closely integrated with desirable features

15. Stats According to a 2005 study by AOL and the National Cyber-Security Alliance: • 61 % of surveyed users' computers had some form of spyware. • 92% of users with spyware reported that they did not know of its presence. • 91% percent had not given permission for the installation of the spyware

16. Security practices • Install anti-spyware programs • Use a web browser other than IE, such as Opera or Mozilla Firefox. • Sharewares are a big source of spy wares • Download only from reliable source.

17. Innocent e-mail • The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy • Beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy"designed to suck sensitive data out of the $4 billion consulting firm's computer network. • The Pentagon hadn't sent the e-mail at all

18. The innocent e-mail • Authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion • Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org

20. Innocent e-Mail • The e-mail was more convincing because of its apparent sender: Stephen J. Moree, who reports to the office of Air Force Secretary Michael W. Wynne • Moree's unit evaluates the security of selling U.S. military aircraft to other countries. • There is little reason to suspect anything seriously in Moree's passing along the highly technical document with "India MRCA Request for Proposal“ as title • The Indian government had just released the request a week earlier, on Aug. 28, and the language in the e-mail closely tracked the request. • It referred to upcoming Air Force communiqués and a "Teaming Meeting" , making the message appear more credible

21. It was sent by an unknown attacker, bounced through an Internet address in South Korea, relayed through a Yahoo! server in New York, and finally made its way toward Mulhern's Booz Allen in-box. • The digital trail to cybersyndrome.3322.org, leads to one of China's largest free domain-name-registration and e-mail services called 3322.org • Poison Ivy – can steal information in access. • RAT – remote administrative tool

22. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year • Many of the new attackers are trained professionals backed by foreign governments

23. Major Attacks • Solar Sunrise – Feb 1998 Air force and Navy computers are hit by malicious code while U.S. was preparing to attack Iraq • Moonlight Maze – March 1998–1999 Defence Dept., NASA, Energy Dept., Weapon’s Lab Large packets of unclassified data was stolen

24. Titan Rain – 2004 Classified data on computers of defence cotractors Lockheed Martin, Sandia National labs and NASA • Byzantine Foothold – 2007 Lot of corporations – state depts to boeing

25. Paul Kurtz, former national security officer, explains how the U.S. government and its defense contractors have been the victims of an unprecedented rash of similar cyber attacks over the last two year Video

26. Referances • http://www.cs.wisc.edu/wisa/presentations/2003/0722/spyware/spyware.03.0722.pdf • Wikipedia • Business Weak – April 21st 2008 • http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm

27. Discussion • Has Internet become too unwieldy to be tamed?