hacker motivation l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Hacker Motivation PowerPoint Presentation
Download Presentation
Hacker Motivation

Loading in 2 Seconds...

play fullscreen
1 / 44

Hacker Motivation - PowerPoint PPT Presentation


  • 493 Views
  • Uploaded on

Hacker Motivation Lesson 3 The Attacker’s Process Passive Reconnaissance Active Reconnaissance (scanning) Exploiting the system Gain access Elevation of privileges Denial of Service Uploading programs Downloading data Maintaining access (backdoors, trojans) Covering the tracks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Hacker Motivation' - liam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
the attacker s process
The Attacker’s Process
  • Passive Reconnaissance
  • Active Reconnaissance (scanning)
  • Exploiting the system
    • Gain access
    • Elevation of privileges
    • Denial of Service
  • Uploading programs
  • Downloading data
  • Maintaining access (backdoors, trojans)
  • Covering the tracks
some definitions
Some Definitions
  • Information Security
    • “the protection of information against unauthorized disclosure, transfer, modification or destruction whether accidental or intentional”
  • Information Assurance
    • “Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation.”
hacker definition
Hacker Definition

DEFINITION OF A HACKER

1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

3. A person capable of appreciating hack value.

4. A person who is good at programming quickly.

5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'.

(Definitions 1 through 5 are correlated, and people who fit them congregate.)

6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

From: http://members.tripod.com/cory_hack/definition.htm

hacker definition cont
Hacker Definition (cont)

8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around.

Hence `password hacker', `network hacker'. The correct term for this sense is cracker.

From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000

It is interesting to note that the previous slide’s first 7 definitions were taken from the Jargon File

but that the 8th, more “objectionable”, definition was omitted. This provides an insight in itself

as to how folks who “dabble” in this area like to see themselves.

cracker definition
Cracker Definition

cracker n.

One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish `worm' in this sense around 1981-82 on Usenet was largely a failure.

Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past larval stage is expected to have outgrown the desire to do so except for immediate, benign, practical reasons (for example, if it's necessary to get around some security in order to get some work done).

Thus, there is far less overlap between hackerdom and crackerdom than the mundane reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life.

Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty losing. Some other reasons crackers are looked down on are discussed in the entries on cracking and phreaking. See also samurai, dark-side hacker, and hacker ethic. For a portrait of the typical teenage cracker, see warez d00dz.

From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000

cracking definition
Cracking Definition

cracking n.

[very common] The act of breaking into a computer system; what a cracker does. Contrary to widespread myth, this does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers.

From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000

the difference between hackers and crackers
The Difference between Hackers and Crackers
  • A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Hackers are most often programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They might discover holes within systems and the reason for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data.
  • A cracker is one who breaks into or otherwise violates the system integrity of remote machines with malicious intent. Having gained unauthorized access, crackers destroy vital data, deny legitimate users service, or cause problems for their targets. Crackers can easily be identified because their actions are malicious.
          • From Maximum Security, 3rd ed.
phreaking definition
Phreaking Definition

phreaking /freek'ing/ n.

[from `phone phreak'] 1. The art and science of cracking the phone network (so as, for example, to

make free long-distance calls). 2. By extension, security-cracking in any other context (especially,

but not exclusively, on communications networks) (see cracking).

At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement

that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was

taboo. There was significant crossover between the hacker community and the hard-core phone phreaks

who ran semi-underground networks of their own through such media as the legendary "TAP Newsletter".

This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the

hands of less responsible phreaks. Around the same time, changes in the phone network made old-style

technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly

criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the

`414 group' turned that game very ugly. A few old-time hackers still phreak casually just to keep their

hand in, but most these days have hardly even heard of `blue boxes' or any of the other paraphernalia of

the great phreaks of yore.

From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000

samurai definition
Samurai Definition

samurai n.

A hacker who hires out for legal cracking jobs, snooping for factions in corporate political fights, lawyers

pursuing privacy-rights and First Amendment cases, and other parties with legitimate reasons to need an

electronic locksmith. In 1991, mainstream media reported the existence of a loose-knit culture of samurai

that meets electronically on BBS systems, mostly bright teenagers with personal micros; they have modeled

themselves explicitly on the historical samurai of Japan and on the "net cowboys" of William Gibson's

cyberpunk novels. Those interviewed claim to adhere to a rigid ethic of loyalty to their employers and to

disdain the vandalism and theft practiced by criminal crackers as beneath them and contrary to the hacker

ethic; some quote Miyamoto Musashi's "Book of Five Rings", a classic of historical samurai doctrine, in

support of these principles. See also sneaker, Stupids, social engineering, cracker, hacker ethic, and

dark-side hacker.

From:JARGON FILE, VERSION 4.2.3, 23 NOV 2000

sneaker n.

An individual hired to break into places in order to test their security; analogous to tiger team.

hacker ethics
Hacker Ethics

The Hacker's Code of Ethics

Unlike so many of the so called "hackers" today, the original hackers at places like MIT, Berkeley and

Stanford had a clear code of ethics. In 1984, Steven Levy published a book titled Hackers in which he

listed the ethical code of these first hackers. This is the Hacker's Ethic.

1.Access to computers-and anything which might teach one something about the way the world

works-should be unlimited and total.

2.All information should be free.

3.Mistrust authority-promote decentralization.

4.Hackers should be judged by their hacking, not by other criteria.

5.One can create art and beauty on a computer.

6.Computers can change one's life for the better.

From:http://www.midtown.net/~moo/ethic.html

hacker ethics cont
Hacker Ethics (cont)

hacker ethic n. (from: JARGON FILE, VERSION 4.2.3, 23 NOV 2000)

1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their

expertise by writing open-source and facilitating access to information and to computing resources wherever possible.

2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft,

vandalism, or breach of confidentiality.

Both of these normative ethical principles are widely, but by no means universally, accepted among hackers. Most

hackers subscribe to the hacker ethic in sense 1, and many act on it by writing and giving away open-source software. A

few go further and assert that all information should be free and any proprietary control of it is bad; this is the philosophy

behind the GNU project.

Sense 2 is more controversial: some people consider the act of cracking itself to be unethical, like breaking and entering.

But the belief that `ethical' cracking excludes destruction at least moderates the behavior of people who see themselves

as `benign' crackers (see also samurai). On this view, it may be one of the highest forms of hackerly courtesy to (a) break

into a system, and then (b) explain to the sysop, preferably by email from a superuser account, exactly how it was done

and how the hole can be plugged -- acting as an unpaid (and unsolicited) tiger team.

The most reliable manifestation of either version of the hacker ethic is that almost all hackers are actively willing to share

technical tricks, software, and (where possible) computing resources with other hackers. Huge cooperative networks such

as Usenet, FidoNet and Internet (see Internet address) can function without central control because of this trait; they both

rely on and reinforce a sense of community that may be hackerdom's most valuable intangible asset.

hacker manifesto full
Hacker Manifesto (full)

HACKER'S MANIFESTO

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after

Bank Tampering"... Damn kids. They're all alike. But did you, in your three- piece psychology and 1950's technobrain, ever take a look

behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a

hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us

bores me...Damn underachiever. They're all alike. I'm in high school. I've listened to teachers explain for the fifteenth time how to

reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're

all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's

because I screwed it up.Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like

teaching and think it shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to

a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the

day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've

never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again.

They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits

of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The

few that had something to teach found us willing pupils, but they are like drops of

water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing

without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you

call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious

bias... and you call us criminals. You build atomic bombs, you wage wars, you murder,

cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look

like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may

stop this individual, but you can't stop us all... after all, we're all alike. -- The Mentor

tools of the trade
Tools of the Trade
  • The means by which a cracker or hacker might be able to penetrate a computer or network.
  • A number of elements
    • Reconnaissance: information gathering using several methods.
      • Social Engineering
      • Port Scanning
      • Passive OS Identification (using default settings, banners …)
    • Exploits – based on data gathered, determine if a known exploit/vulnerability exists.
    • Tools – there may be something already created
who are your enemies from real world linux security
Who are your Enemies?From: Real World Linux Security
  • Crackers (see previous definition)
  • Disgruntled current employees
  • Disgruntled former employees
  • Competitors
  • Spies
  • Criminals
  • Extremists (also called “hacktivists”)
motivating factors 4 domains from information warfare and security
Motivating Factors - 4 DomainsFrom Information Warfare and Security
  • Play: hacking/cracking, phreaking
  • crime: illegal acts in including intellectual property crime and computer fraud and abuse
    • but isn’t cracking a crime?
  • individual rights: conflicts over free speech and privacy
  • national security: foreign intelligence operations, war and military conflicts, terrorism, and operations against a nation by nonstate players
is hacking always a crime
Is Hacking Always a Crime?
  • Recall discussion on hacking -vs- cracking
  • White Hat hackers
  • Black Hat hackers
motivation play22
Motivation -- Play
  • Recall the Hacker’s Manifesto
  • Information Warfare and Security, by Denning,Pg 45-46
    • Hacking was the ultimate cerebral buzz for me. I would come home from another dull day at school, turn my computer on, and become a member of the hacker elite. It was a whole different world where there were no condescending adults and you were judged by your talent. I would first check in to the private bulletin boards where other people who were like me would hang out, see what the new was in the community, and trade some info with people across the country. Then I would start actually hacking. My brain would be going a million miles an hour and I’d basically completely forget about my body as I would jump from one computer to another trying to find a path into my target. It was the rush of working on a puzzle coupled with the high discovery many magnitudes intensified. To go along with the adrenaline rush was the illicit thrill of doing something illegal. Every step I made could be the one that would bring the authorities crashing down on me. I was on the edge of technology and exploring past it, spelunking into electronic caves where I wasn’t supposed to be.
motivation play23
Motivation -- Play
  • Bored at school
  • member of an elite group
  • thrill (adrenaline rush)
  • curiosity
  • power + sense of control
motivation play24
Motivation -- Play
  • Kuji:
    • “It is all about control, really. I’m in my little room with my little computer breaking into the biggest computers in the world and suddenly I have more control over this machine than them. That is where the buzz comes from. Anyone who says they are a reformed hacker is talking rubbish. If you are a hacker, you are always a hacker. It’s a state of mind.”
  • Makaveli
    • “It’s power, dude. You know, power.”
motivation play25
Motivation -- Play
  • Prof Nicholas Chantler of Queensland Univ.
    • Survey of 164 hackers
      • ages ranged from 11-46
        • majority between 15 and 24
      • only 5% female
      • 3 main reasons for hacking were challenge, knowledge, pleasure (49%)
      • next were recognition, excitement, friendship (24%)
      • the rest said self-gratification, addiction, espionage, theft, profit, vengeance, sabotage, freedom (27%)
motivation play26
Motivation -- Play
  • Survey continued:
    • 52% said they work in teams
    • 39% said they belonged to hacking groups
      • e.g. LOD, MOD, 414club, CdC, L0pht
    • There are many BBoards, web sites, and hacker pubs
      • 1997 NY Times article reported 440, 1900, 30
    • Also several conferences
      • DEFCON
      • HOPE
motivation play27
Motivation -- Play
  • Hacking for a cause
  • StRyKe (25 yr old hacker from U.K)
    • “I do think of myself as ‘moral.’ The traditional image of a hacker is no longer a valid one. I don’t attack anyone who doesn’t deserve it. We are talking about people who deliberately harm minors.”
motivation play28
Motivation -- Play
  • Has the culture evolved/changed/degenerated?
    • Erik Bloodaxe (Chris Goggans)
      • “I don’t like most of you people. . . . People might argue that the community has “evolved” or “grown” somehow, but that is utter crap. The community has degenerated. . . The act of intellectual discovery that hacking once represented has now been replaced by one of greed, self-aggrandization and misplaced post-adolescent angst. . . . I’m not alone in my disgust. There are a bunch of us who have reached the conclusion that the “scene” is not worth supporting; that the cons are not worth attending; that the new influx of would-be hackers is not worth mentoring. Maybe a lot of us have just grown up.”
more than just child s play
More than just child’s play
  • Serious implications for
    • public safety & Health
      • Worcester Airport (jester)
    • National Security
      • Solar Sunrise
    • National Infrastructure
      • L0pht members testified in 1997 before Congress and stated they could take down the Internet in 30 minutes
motivation crime
Motivation -- Crime
  • Intellectual Property
    • Piracy (losses exceed $20B, mostly external to US)
    • Theft of trade secrets ($40-$250B)
    • Biggest risk is insider
  • Fraud
    • telemarketing scams ($40B)
    • identity theft and bank fraud (#’s fuzzy but includes credit card theft)
    • telecommunications ($5-$10B)
    • Computer Fraud & Abuse
  • Organized Crime
motivation crime31
Motivation -- Crime
  • What exactly is stolen?
    • Nothing “physical” but damage still caused
  • The argument, especially by phreakers, is that there really wasn’t anything stolen
  • How does computer Fraud and abuse manifest itself?
    • According to Denning, unauthorized access, but...
slide32

Motivation -- Individual Rights

  • Rights to Privacy & Free speech
  • Privacy, who “owns” the info about you?
  • Conflicts between free speech and harmful or disturbing speech
    • flaming -vs- defamation
  • Conflicts over censorship
    • some countries restrict satellite and Internet access for national interests or religious reasons
    • some restrict to protect groups such as children
  • Conflicts over government surveillance
motivation national security
Motivation -- National Security
  • Operations undertaken by states and by nonstate players against states
    • Foreign intelligence ops
intelligence priorities
Intelligence Priorities

U.S. 1995

1. The intel needs of the military during operations

2. Political, economic, and military intelligence about countries hostile to the US and all-source info on major political powers with weapons of mass destruction hostile to US

3. Intel about specific transnational threats, such as weapons proliferation, terrorism, drug trafficking, organized crime, illicit trade practices, and environmental issues of great gravity

Japan Late 80’s

1. Info pertaining to access to foreign sources of raw materials

2. Technological and scientific developments in the US and Europe

3. Political decision making in the US and Europe, particularly as it relates to trade, monetary, and military policy in Asia

4. Internal political and military developments in China, Korea, and Russia

motivation national security37
Motivation -- National Security
  • Operations undertaken by states and by nonstate players against states
    • Foreign intelligence ops
    • war and military ops
      • PSYOPS, perception Management
      • Can we have war without bombs (Cyberwar)?
      • Critical Infrastructure -- what’s a valid target?
slide38

Motivation -- National Security

  • Operations undertaken by states and by nonstate players against states
    • Foreign intelligence ops
    • war and military ops
    • Acts of terrorism
      • Perception Management,
      • Attack systems and web sites
      • Attack computers that control things
    • Netwars
  • Low intensity conflicts by nonstate actors: example Zapatistas
motivation national security39
Motivation -- National Security
  • Zapatistas
    • struggle against Mexican Government
      • used Internet to “spread their word”
      • One group of supporters in U.S. organized an attack against the Mexican President Zedillo’s Web site
common vulnerabilities and exposures cve
Common Vulnerabilities and Exposures (CVE)

Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides

common names for publicly known information security vulnerabilities and exposures.

Using a common name makes it easier to share data across separate databases and

tools that until now were not easily integrated. This makes CVE the key to information

sharing. If a report from one of your security tools incorporates CVE names, you may

then quickly and accurately access fix information in one or more separate CVE-

compatible databases to remediate the problem.

CVE is:

One name for one vulnerability or exposure

One standardized description for each vulnerability or exposure

A dictionary rather than a database

How disparate databases and tools can "speak"the same language

A basis for evaluation among tools and databases

Accessible for review or download from the Internet

Industry-endorsed via the CVE Editorial Board

slide41

CVE

The Vulnerability Life Cycle

  • Mailing lists, Newsgroups, Hacker sites

Start Here

Discovery

  • Incident Response Teams
  • Incident Reports
  • Academic Study
  • Advisories

Incident

Handling

Analysis

  • Intrusion Detection Systems
  • Databases
  • Newsletters

Detection

Collection

Protection

  • Vulnerability Assessment Tools
slide42

CVE-1999-0067

Description:

CGI phf program allows remote command execution through shell metacharacters.

References:

CERT:CA-96.06.cgi_example_code

XF:http-cgi-phf

BID:629

A Roadblock to Information Sharing:Same Problem, Different Names

slide43

Adding New Entries to CVE

  • Board member submits raw information to MITRE
  • Submissions are grouped, refined, and proposed back to the Board as candidates
    • Form: CAN-YYYY-NNNN
    • Strong likelihood of becoming CVE-YYYY-NNNN
      • Not a guarantee
    • Delicate balance between timeliness and accuracy
  • Board reviews and votes on candidates
    • Accept, modify, recast, reject, reviewing
  • If approved, the candidate becomes a CVE entry
  • Entry is included in a subsequent CVE version
    • Published on CVE web site
  • Entries may later be modified or removed
slide44

Stages of Security Information in CVE

Submissions

Candidates

Entries

  • Raw information
  • Obtained from MITRE, Board members, and other data feeds
  • Combined and refined
  • Placed in clusters
  • Proposed to Editorial Board
  • Accepted or rejected
  • Backmap tells submitters what candidates were assigned to their submissions
  • Added to CVE list
  • Submissions, candidates removed from the “pool”
  • Published in an official CVE version

…..

…..

CVE-2000-0001

CAN-2000-0001

…..

…..

<REJECTED>

CAN-2000-0002

…..

…..

CVE-2000-0003

CAN-2000-0003

…..

…..

Back-map