cyberattack -- whose side is your computer on?

Cyber attack

Whose Side is Your Computer On?Jim Isaak – STEM4All

April 7, 2014

http://is.gd/Cyberattackshttp://is.gd/Cyberattacks

http://is.gd/STEM4all

http://is.gd/Cyberattacks

Has Syllabus/Outline for classWith hot links to a number of resources

•Including videos (mostly “free”) and

•Pointers to authoritative sources and

•To tools that are useful

This presentation is available from the siteNote that <Local> links to video clips used in

classThe second link will be to online-versions


Cybersecurity for The Common Man (or woman)

Bad actors are out thereThey want your computer

Why? How? Who?

We will look at the context of some of these questions-- Yes that fellow from “Nigeria” wants your money-- Yes those folks from <to be disclosed> want to use

your computer to attack:the United States, Iran, Amazon, Google, et al


An overviewOf the concepts of cybersecurity

is it a virus or a worm (and do you care?)Phishing for your identifySpoofing is not just a Halloween prank

And some examplesDid President Regan destroy the Soviet Pipeline?Who destroyed Iranian nuclear facilities and how?

And some suggestions on how to detect/avoid becoming a victim or a zombie!!


1: CONCEPTSWSJ Malware Glossary


http://online.wsj.com/ad/article/protecting-malware

What makes computers and networks vulnerable?Re-purposing – Programmable devices

Computers are defined as ‘programmable devices’

A set of instructions can make it do many different things The same memory is used for data and instructions And can be targeted for revision/rewrite

ComplexityComputer Programs contain millions of instructions

Often programmers do not handle exceptionsOr they don’t consider “abuse” opportunities

Clones Many systems are identical hardware & os

Networked --- can pass “infection” from one to another


Who and why?“Kids” to show they can do it – “Script kiddies”

back in the 80’s this was “new”Criminals – blackmail (if you don’t … we will …)

Grand theft – from Banks, etc.Credit Card info (calling cards, etc.)Con artists (if you would be so kind as to give me your bank account number and …)

Nation States – We could use the plans for the F22Or all of the potential oil sites, or …

Why not terrorists? (No blood on the front page?)


What do we call them?Hackers

In some circles this is an honorific, reflecting mastery of “making things work” from scratchUsed in computing, but also “maker” labs etc.

CrackersThe “hacker” term for folks who do bad things hacking

White-hat – Good GuysBlack-hat – Bad GuysDefCon – A conference of anonymous, pay in

cash at the door folks – hat colors vary


Example of computer source code piece of “Basic” codePrivate Sub Start_Btn_Click(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles Start_Btn.Click

Dim target_Path As String Dim count As Integer = 0

target_Path = ""

FileNameLst.Items.Clear()

DateTargets.Items.Clear()

Try

Application.DoEvents()

target_Path = FolderBrowserDialog1.SelectedPath

If FolderBrowserDialog1.ShowDialog() Then If target_Path = FolderBrowserDialog1.SelectedPath Then Exit Try

target_Path = FolderBrowserDialog1.SelectedPath

FolderBrowserDialog1.Dispose()

Me.Text = target_Path 'get a list of all jpg file names

For Each foundImage As String In My.Computer.FileSystem.GetFiles(target_Path)

If foundImage.EndsWith(".JPG", StringComparison.CurrentCultureIgnoreCase) Then Me.FileNameLst.Items.Add(foundImage)

Next


Example of Assembly codege Code


Example of Machine LanguageLoad a value into register 8, taken from the memory

cell 68 cells after the location listed in register 3:[ op | rs | rt | address/immediate] 35 3 8 68 decimal 100011 00011 01000 00000 00001 000100 binary

The sophisticated “Cracker”/”Hacker” works at this level --- understanding what the code is doing, and modifying it to do something different

This stuff may be harder than Rocket Science


2012400+ million individuals in victims of cyber

crimes2/3 of US individuals in their lifetime

Threat to IP by nation statesspeed & volume of what can be taken to market$600 billion in losses; thousands of jobs (if…)

Threat to military targets/operationsDisruption of communications, “dumbing” bombs..

Threat to infrastructure – Cyber-physical


Malware 1Virus – A bit of machine code that is designed to

insert it’s self into existing code on your computer (an “infected file”)

“signatures” are snippets of code that indicate a virus

Worm – a program that tries to infect other computers using your computer

Trojan horseA program that seems “OK” but carries malware

Scripts – higher level programming elements that are executed by your browser (or other tools)

Rootkit – a virus infecting the very basic level of your system so it is hard to detect and eliminate


Malware 2

Adware – causes ads to appear typically unwelcome ones, but may also track your use of the system

pop-up (on top of your browser)pop-under (window hidden below your browser)

Bot, Botnet, Zombie

A computer (yours??) taken over with a virus (often a root kit) that is controlled from a remote siteYou can “rent” a million systems to do your bidding

spyware, keystroke logging

Malware on your system may watch what you dokeystroke logging allows capture of passwords

Identify Theft


Malware 3Spoofing

Fake nameFake email addressFake IP AddressFake URL/Domain…

SPAM – is unsolicited email (ads..)But: Phishing – seeks to get you to disclose key information --- “Hi, I’m Jane from Credit Card …” Often appears to be from a bank, or major vendorDownloaders – web site that stuffs files onto your computer when you are not looking – may use scripting…


A Phishing Expedition?


Email Attack

Email warning signsEmail warning signsNo SubjectNo SubjectJust has a URL, no explanationJust has a URL, no explanationOdd Domain targetsOdd Domain targetsKey Alert: “PHP” (executable file)Key Alert: “PHP” (executable file)

John indicates someone accessed his Yahoo acctJohn indicates someone accessed his Yahoo acctI got three copies, but sent to three different email I got three copies, but sent to three different email accounts of mineaccounts of mine


A Phishing we will go

Odd title: “WU”Odd title: “WU”Bad grammar : funds is availableBad grammar : funds is availableSent from unexpected country: “.uy”Sent from unexpected country: “.uy”Not a language I’d expect – Oddly URL is “accurate” Not a language I’d expect – Oddly URL is “accurate”


MethodsSocial Engineering – via email

“hi I’m representing the estate of …”“Please reply to receive your free….”“I seem to have lost your … please get back to me”

But alsoLeave a USB “thumbdrive”, or SD card in a coffee shop

Call up and ask for GeorgeTail gate into a facilityDate someone “inside”

Hoaxes- Pretends to warn you of a virus, or infectionGets you to download Trojan horse “fix”


The Good stuffFirewall – sits between your computer and the bad guys

Limits what can come inLimits what goes out

Patches, updates It is a pain when Microsoft/Apple triggers a downloadfollowed by an install sequence ….But, often this is to patch a security hole

Tools on your systemAnti virus scan; malware scan; adware scanreal time browser and email monitoring

Encryption - public/private keys – VPNSites with “HTTPS” are safer than sites with “HTTP”

Microsoft “defender” etc. is one tool from folks with a high incentive to cover their liabilities


Day zero attacks approximately 12 of 12 million attacks are Day

Zeroeach year - valued at $50k-500k

This means that “out of date” software is a primary target (patches and updates!!)

There are folks all over the world watching for a really “new” attack … US Government, Security Vendors, white-hat hackers, major corporationsand of course bad guys


CYBERATTACK 2 THE HISTORY


Phone PhreakingIn Band signaling – 2600 Hertz to get controlBlind youth with perfect pitch & controlCapt. Crunch whistleBlue Box technology – “The Woz”

“Hackers” – conventions with anonymous & MasksSocial engineering

Inspired Steve Wozniack – founder of Apple

Discovery Channel DocumentaryThe Secret History of Hacking (on YouTube)


https://www.youtube.com/watch?v=PUf1d-GuK0Q

History – KGB & Star Wars<local 12min>

“The Cuckoos Egg" - Cliff Stoll and the KGB - 75 cent error – 1986- watched to observe “code insertion” and changing of the accounting log- Reported to “authorities”

Lawrence Livermore links to Starwars program- Traced back to MITRE corp in Virginia- Traced back to German University “Student”- Funded by KGB!

Cliff is an interesting character, see his video on Ted.com “18 minutes with an agile mind”


http://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787

https://www.youtube.com/watch?v=Qt0844ViQDI

http://www.ted.com/talks/clifford_stoll_on_everything

Robert Morris - 1988 Internet WormUsed known entry points:

“-Debug” in emailoverflow in “Finger” programon system dictionary to break passwordson system listing of neighboring ‘trusted’ systemsemail propagation though user lists

No actual “damage” – a “proof of concept”that got out of control

Irony: Robert Morris Sr. worked at NSA at the time


Rand Reports Cyberwarfare scenario circa 1995

Sequence of eventsIncluding airliner attack (control system)Wall Street attack

WithNation States potentially involvedTerroristsUS Dissidentsand an outbreak of war in the middle east


Love Bug -- 2000 LOVE-LETTER-FOR-YOU.txt.vbs

10’s of millions of infected computersBillions of dollars of damageNot illegal in Philippines where it was createdforwarded itself to first 50 folks on your Outlook email list

YOU.txt.vbs --- .txt is a harmless “text file” extension

YOU.txt.vbs --- VBS is a potentially harmful executable

Windows defaults to “not show” known extensions


Kevin Milkinick“Notorious” for breaking into Digital & other

Computers

Often used default passwords (field service access)Or easily broken codes

Looking for money – banks, industrytransfer to other accounts

Served a number of years in jailWas not allowed access to computers

Fought restrictions after release

Now a computer security consultant


Oil data 2007 to 2009 -- Chinese “University” sources broke into the

major US Oil FirmsDownloaded data about the potential value of

various oil fields explored but not acquired, and recommended acquisition bids

China subsequently bid to various countries for rights to high value oil fields

Projected loss: billions of dollars of value & access to key oil reserves


http://online.wsj.com/article/SB10001424052748703716904576134661111518864.html

Upping the anteAurora proof of concept – 2007

(4 Minutes, CNN video)“Standard” US (& other) Power stationModem link to backup generatorPower cycled unit on/off --- “out of spec”


http://www.cnn.com/2007/US/09/26/power.at.risk/#cnnSTCVideo

War Stories2013 probe of 3.7 billion systems (MIT Tech

Review)surfaces 310 million vulnerable

Bot scan of "entire" net in 2012 http://en.wikipedia.org/wiki/Carna_Botnet

• 1.3 billion IP addresses identified

• Used 420,000 devices (perhaps even your computer)


http://www.technologyreview.com/news/514066/what-happened-when-one-man-pinged-the-whole-internet/?utm_campaign=newsletters&utm_source=newsletter-weekly-web&utm_medium=email&utm_content=20130501

http://internetcensus2012.bitbucket.org/paper.html

http://en.wikipedia.org/wiki/Carna_Botnet

CYBERATTACK 3 WAR!

Nation States


Cyber warfare (ouch)

A problem of definition … with possible major impact<local> (TED-ed video Defining Cyberwarfare - 3 min)

<local>“Cyberthreat”(French with subtitles from ParisTEDx – 9min- Guy…)Key points:

•Cyberwarfare has an imbalance –favoring attack

•“Reciprocal threats of surprise attack”

•NSA reported to be suggesting pre-emptive attacks (not just cyber) if anticipating a cyber attack


http://ed.ted.com/lessons/defining-cyberwarfare-in-hopes-of-preventing-it-daniel-garrie

http://www.ted.com/talks/guy_philippe_goldstein_how_cyberattacks_threaten_real_world_peace

Farewell Dosier - 1986 Pipeline destruction<DC Myth or real …(affirmed in TEDxParis talk>CIA found out Soviets were seeking sensor/control

units for a trans- Siberian pipelineThey provided units (indirectly) with a “timeout”A number of explosions destroyed the pipeline

(NORAD thought it was a missile launch)

Contributed to economic collapse of Soviet Union(along with Starwars Hoax, Solidarity and the Pope)


http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage

PROMIS US DoD funded software to identify persons of

interest(oddly similar to FBI “Case File” fiasco in 2003)

Developed by exGovernment folks with a transition from a “public domain” program to “copyright” controlled program (leading to lawsuits)

Variants seemed to find their way to IsrealBut then perhaps, Trojan horse variants, to other

countries (Soviets, Iran, et al)


Desert Storm 1990-94Telephone repair team may have sabotaged

Iraqi communications systemsU.S. Special forces “upgraded” SAM anti-aircraft

batteries via stealth or social engineeringFiber optic link across desert was compromised

Side observation – tank commanders downloaded software updates for PC’s via cell phones in field

GPS accuracy was ‘shifted’ for non-military use


Information in warfare5th domain (land, sea, air, space, cyber)Cyber is 3rd major transition of war

Industrialization, Nuclear power, Cyber

Terrorist organizations& Rogue StatesTo Rogue actors(Pubic health model

coordination)


Estonia April 27, 2007

Denial of service attacks on many areas of Estonian CommerceBanksTV stationsGovernment agencies

Apparently from sources in Russia in response to moving a memorial to Soviet troops


http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia

Georgia 5 August 2008, three days before Georgia

launched its invasion of South Ossetia,

•the websites for OSInform News Agency and OSRadio were hacked--content was replaced by a feed to the Alania TV

•Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler

•Other attacks involved denials of service to numerous Georgian and Azerbaijani websites

(Wikipedia)


http://en.wikipedia.org/wiki/Cyberattacks_during_the_Russia%E2%80%93Georgia_war

Shockwave - “We were warned” CNN/Bipartisan Institute Shockwave 2010

or Bipartisian Policy Institute Official Site “Simulation” (war game) with some fairly recent

“Relevant” participants over a 4 hour period on CNN


http://en.wikipedia.org/wiki/Cyber_ShockWave

http://bipartisanpolicy.org/events/2010/02/cyber-shockwave

Shockwave YouTube set•Intro part 1 -- “March madness bot attack”

•Part 2: -- quarantine cell phones,

•Part 3: -- impacting internet

•Part 4: -- Russian servers

•Part 5: -- persons of interest in Sudan

•Part 6: -- power out

•Part 7: -- Federal authorities (power priorities)

•Part 8: -- Legal/liabilities,

•Part 9: -- conclusions, summary

Only a subset of the entire program sequence


http://www.youtube.com/watch?v=tfv5JASJxbA

http://www.youtube.com/watch?v=r-y50ZY2Zkk

http://www.youtube.com/watch?v=u3I4dZEHo1U

http://www.youtube.com/watch?v=npU6yy0EP60

http://www.youtube.com/watch?v=WSLc1bN2cRw

http://www.youtube.com/watch?v=NVcL3eSfkk4

http://www.youtube.com/watch?v=QXGWKyckDKE

http://www.youtube.com/watch?v=oA81PRgg3QY

http://www.youtube.com/watch?v=Xw8FSq8O38M

Stuxnet June 2009-July 2010 –Wikipedia, Wired detectives, 2013 update

“The Real Story of Stuxnet” (IEEE Spectrum)

<Local> Langer TED Talk (11 min)


http://en.wikipedia.org/wiki/Stuxnet

http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/

http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/

http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet

http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon

Stuxnet 1The Human Factor - "always a weak link" –

thumb drive (replication vector as well)valid signed certificate - public/private key

encryptionThis is non-trivial

appeared to involve industrial espionage - stealing info from Siemens PLC controllers

in-memory ghost DLL filereport to systems in Malaysia and Denmark, and

provided for "updates"(re-directed to "sinkhole" – identified 100,000+ systems in dozens of countries)


Stuxnet 2four zero day exploits - deeply hidden

[Symantic doing deep analysis in a "3 level secure lab" similar to bio-hazard controls]("crackme" games - reverse engineering code -- what does this do?)

contains a "genealogical tree" of infections –led to 5 systems in Iran

table drive code -- how long it should spread, # of systems to infect, end-date: July 12, 2012

Intercepted and changed control commands, disabled exception detection & alarms


Stuxnet 3First occurrence of using a strictly digital attack

to destroy physical propertyTwo weeks after reporting

PLC sabotage objectives, the systems in Iran stopped reporting

Precision targeting for a specific facility/configuration

Patience -- then running a bit out of spec, and back to normal -- excessive wear, resulting in premature failure

Inoculation value - prevents infection of previously flagged (registry) systems


Stuxnet 4"In the end, Stuxnet’s creators invested years and perhaps

hundreds of thousands of dollars in an attack that was derailed by a single rebooting PC, a trio of naive researchers who knew nothing about centrifuges, and a brash-talking German who didn’t even have an internet connection at home." Wired

May have had 2005 and 2007 precursors

"Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by a group of independent legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia." Wired 2013


http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/

http://www.wired.com/threatlevel/2013/03/stuxnet-act-of-force/

Stuxnet – the gift that keeps on givingFlame – spy on activities (undetected precursor)

Bluetooth “rifle” connection from 2km awaySpoofed as a Windows 7 update(Certificate counterfeit)

Duqu – designed to steal information from industrial control systems

Gauss – steal files, credentials, targeting Lebanese bank credentials

All found by Kaspersky in follow-up on Stuxnet


CYBERATTACK 4 PROTECTION

You are here!


PasswordsPasswords – over-abused

“What is the value of this protection?”for you or is it their marketing?have a “don’t care” password (but use with care)

For serious stuff: 8+ characters, mix numbers and punctuation, etc.

(some sites encrypt user names as well)Don’t re-use your really important passwords!


Passwords– the challengeWith modern Graphics Processors (3,000+ parallel

computers on a chip, $1000) it is possible to “break” dictionary word codes (100k words) in 1/10000th of a second. – 8 number/letter strings in 4 days

75 days for 8 characters with punctuation Hilarie Orman suggests

•pass phrases: “worldinhishands”

•Random words: “correct horse battery staple house”

•Mangled phrases: “scoRe4&7annos”She also discovered that her “basal ganglia” typos

yielded passwords she did not know but could reproduce – just typing fast.

Quantum Computing can void all betshttp://is.gd/Cyberattackshttp://is.gd/Cyberattacks

Biometrics, et alBiometrics include:

• Fingerprint scanning

• Retinal scan

• Face recognition

• Voice recogntion

Tokens

• USB stick with critical key

• Secondary access key

• Shared secrets

•Mother’s maiden name, first pet, etc.

Double password – Fidelity's encrypted user name


Tools you want to use:Firewall – watches & locks the doors in and out

16,000 doors in, 16,000 doors out (more on some)

Virus protection – scans and quarantines problem filesMicrosoft security essentials (Windows Defender)

Email/browser (Internet) scanningFor viruses in downloads, for abnormal site activities

Spyware/Malware/adware detection


Who you goin’a trust?Walt Mossberg, prev. with WSJ.http://allthingsd.com/author/walt/

Consumer Reports periodic evaluation of toolsJune 2013 issue

PC Maghttp://www.pcmag.com/article2/0,2817,2372370,00.asp


http://allthingsd.com/author/walt/

http://www.pcmag.com/article2/0,2817,2372370,00.asp

AntivirusPC Mag preferences (2013)Free: AVG AntiVirus Free or Adaware AntiVirusPaid: Bitdefender, Webroot SecureAnywhere

Antivirusor Kaspersky Anti-Virus

Consumer reports (6/2013):Free: Avast and AviraPaid: Gdata, ESET, F-Secure, Kaspersky, Avira


April 2014 Antidote AnecdoteWife’s XP system got “The Memo” (XP support ends

April 9 – no updates, no virus updates, expect trouble)

So, I updated and ran Windows Security Essentials

•“no problems found” (most recent update)Installed AVAST “Free”

•Quick Run – one problem found

•Boot Run – 11 problems foundInstalled Malwarebytes

•Circa 50 or so files and registry entries found

•(mysearchdial, myspeeddial, installon, rightstuff)


2013PCMageval


PC Mag anti Malwareevaluation


Mobile

Lookout and Avast suggested by Mossberg

Keep your blue tooth off when not needed

http://allthingsd.com/20121220/beware-of-malware-mobile-security-apps-to-safeguard-your-phone/





Turn off things you don’t need3rd party cookies (“mother may I”)Images in emailScripting

And Turn on things you may need to knowBeware of files with names like:

“Important.txt.exe”the dual extension is a form of spoofing


What does your browser know?IP addressWhat site you came fromOperating environment (OS, device, ..)Cookies


CookiesAn identifier stored though your browser to

maintain page to page continuityContains “URL”, “timeout”, “identifier”Any mult-page transaction requires oneSet (at least) when you log into a siteCan span logins (welcome back)

3rd party cookies (Doubleclick.com) etc“tracking pixel/images”

Moving to a permanent user ID in Windows 8, iPhone, etc. (may be able to turn it off)


http://browserspy.dk/TestResultIP Address72.71.205.187Hostnamepool-72-71-205-187.cncdnh.fast01.

myfairpoint.netCountryUS - United StatesRegion

City: Bedford Postal Code: 03110 Latitude: 42.9396 Longitude: -71.5353 Long IP number1212665275

==================Windows Media Player unique ID

And more


And be careful of what you doSocial media is neat, but …

Facebook ID tied to “Like” bugs –Movement to share login ID’s (and data)Classic question: what ID should I use for ???

Assume your emails, postings, etc. are recorded

Assume your search paths, words, downloads etc. are monitored

Advertising, profiling (private or governmental)

Check Apps for privileges they request


Is your camera taking pictures…Q:I was surprised to see updates for some of my favorite apps say they

can access my camera to take pictures or video at any time without my permission. Can they really take pictures or video from my camera?

A:I wouldn’t use any app that could trigger the camera without your

knowledge or at least implied consent each time. An app might legitimately be using the camera for tasks like scanning bar codes or business cards. But even so, it should be obvious and allow you to decide what to do. And if the app is one that should never need the camera, but says it wants to do so, don’t use it.

Apple says it flags and rejects apps that use the camera without stating that the camera is part of the app’s functionality. Google doesn’t curate apps in advance and apps’ disclosures are generally stated all at once in a dense page at download.

http://allthingsd.com/20131022/sneaky-apps-and-quiet-tv-watching/?refcat=reviews


If things don’t seem rightForce a security/malware scan

(more than one tool may be wise)Re-boot systemYou can re-boot in “Safe Mode”

Holding down F8 while system starts(Options: start with or without internet)

Folks like the GeekSquad have CDs they can use to boot your system from CD to purge rootkits, etc.

Avira has tools for recovering if PC is dead, there is also a thumbdrive tool that may help

Avast has “Boot version” you can run


Concepts


Encryption (encoding …)Substitution codes such as:

send money => tfme.npofz

Single pad encryption – convert using text from some arbitrary source, just once. If recipient has source, then decrypt is easy

Public/Private keykeys involve products of two large prime numbers

(factoring primes is a key to breaking encryption)


Public/Private key encryption Alice encrypts with her private key,

anyone can decrypt with her public key

John encrypts with Alice’s public key,Only Alice can decrypt

Alice encrypts with her private key, then John’s public key, only John can decrypt, and can use Alice’s public key to confirm it is from Alice

“Certificate revocation” needed to declare compromised private keys


SteganographyHiding messages by subtle manipulation of text,

images, video, music, etc.Example from Sam Houston Univ:"A study of religion must include the use of the shrines

important to the religious practice. One should also consider how money is collected to support the religion. Every drop of knowledge must be scrutinized.“

Extra spaces can be inserted to select words:"A study of religion must include the use of the

shrines important to the religious practice. One should also consider how money is collected to support the religion. Every drop of knowledge must be scrutinized.“

In a picture or video you can make subtle changes to an image where both parties hold the master for comparison …


CYBERATTACK 5 NEWS

Nation States


AnonymousOutgrowth of 4chan – “BBS” community

Internet freedom – no censorship<local> 2008 Scientology msg 3minPhysical Presence (world wide, hundreds)

Wikileaks – Mastercard/Amazon/PayPalArab Spring

Care packages (Ham radios, modems, …)Relaying tweets, Facebook updates, etc.

All Channels – in the streets, dial indenial of service, theft of data, …


Whats New(s) … recent events

NSA Data Center meltdown – Oct. 8th WSJ report

10 failures in last 13 months“Chronic electronic surges”Destroying $100,000’s of machineryAnd delayed operations by 1+ years

New Buffdale Utah site


Steganographic smuggling IEEE Spectrum Nov 2013- “4 New Ways to

Smuggle Messages Across the Internet”By: Wojciech Mazurczyk, Krzysztof Szczypiorski & Józef

Lubacz

BitTorrent – control sequence of servers used

Skype – “empty packets” (voice pauses)

Goggle suggest – “man in the middle” adding entries

WiFi packet padding – using pad bits


Tor(previously TOR, an acronym for The Onion

Router) is free software for enabling online anonymity. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than four thousand relays[6] to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.

From wikipedia

Tor encryption devices/routers available for under $100 –plug in (and slow down) for increased privacy (but beware of cookies, etc. that can still track you)


RFIDRadio Frequency Identifier Chip

“EZ Pass”Mobile card “on the fly” (other credit cards)US PassportsCar KeysHotel pass keys, Access/ID CardkeysEmbedded in Clothes/price tag/unpaid alertEmbedded in pets

Amal Graafstra’s hands


Operation Shady RAT

“ networks were compromised by remote access tools — or RATs.These tools have legitimate uses for system administrators — give someone the ability to access a computer from across the country. In this case, however, they were secretly placed on the target systems, hidden from the eyes of users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.”

http://allthingsd.com/20110803/operation-shady-rat-the-biggest-hacking-attack-ever/


Prevention and path forwardHow you get infected and what to do? <local>TED presentation (18 min) – James Lyne

Hire the hackers (TED 18min) <local>Profiles examples of hackers

Vaccination is a public health concern, not just a private issue --- that is, using a firewall and anti-virus protection are important for everyone, not just your own system.

If you are not part of the solution you are part of the problem


Related considerationsCryptocurrencies [SSIT Google Hangout to

YouTube]Bitcoin –anonymity and the net

• “like cash” – not traceable

• Nice for privacy

• Real nice for criminal activities


Bit Coin (thanks to IEEE Spectrum)


Questions, answers, discussion, challenges

If you are not paranoid, you are not paying attention.


cyberattack -- whose side is your computer on?

Education