http:// hacked!!! securing your business ankit fadia ethical hacker [email protected] hacked!!!

http://www.hackingmobilephones.com

HACKED!!! Securing your Business

Ankit FadiaEthical [email protected]

Hacked!!!


How to become a Computer Security Expert?

Hacking AttitudeHacking Attitude

Basics of UnixBasics of UnixNetworking GuruNetworking Guru

Programming LanguageProgramming Language


Hacker VS Cracker

Hacker Cracker

Lots of Knowledge & Experience.

Lots of Knowledge & Experience.

Good Guy Bad Guy

Strong Ethics Poor Ethics

No Crime Commits crime

Fights Criminals. Is the criminal


Facts and Figures

FBI INTELLIGENCE REPORT

21,75652,658 64,981

87,770 101,311

250,675

050,000

100,000150,000200,000250,000300,000

2000 2001 2002 2003 2004 2005

Incidents Recorded Worldwide


TOP 6 CYBERSECURITY ATTACKS

• TOP 6 CyberSecurity Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

DOS Attacks

Password Attacks


Individual Internet User

Mumbai Lady Case

• A lady based in Mumbai, India lived in a 1 room apartment.

• Was a techno-freak and loved chatting on the Internet.

• Attacker broke into her computer & switched her web camera on!

• Biggest cyber crime involving privacy invasion in the world!


Government Sector

NASA

• The premier space research agency in the world.

• Had just finished a successful spaceship launch, when the unexpected happened.

• The path of the spaceship was changed remotely by a 11 year old Russian teenager.

• Loss of money. Unnecessary Worry.


PRIVACY ON THE INTERNET: IP Addresses

• Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.

• An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example, 203.94.35.12

• All data sent or received by a system will be addressed from or to the system.

• An IP Address it to your computer, what your telephone number is to you!

• An attacker’s first step is to find out the IP Address of the target system.


IP Addresses: Finding an IP Address

A remote IP Address can easily be found out by any of the following methods:

Through Instant Messaging Software or Internet Telephony (Skype)

Through Internet Relay Chat

Through Your website

Through Email Headers


Countermeasures

Countermeasures

Do not accept File transfers or calls from unknown people

Chat online ONLY after logging on through a Proxy Server.


IP Addresses: Dangers & Concerns

Dangers & Concerns

DOS Attacks Disconnect from the Internet Trojans Exploitation Geographical Information: Click Here File Sharing Exploits Invades your Privacy Spy on You Steal your Passwords Slow Your Internet Access Speed.

PRIVACY INVASION IS INDEED A REALITY!


TROJANS

TROJANS

Definition:

Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker.

Working: See Demo.

Threats:

Corporate Espionage, Password Stealing, IP Violation, Spying etc.

Tools:

Netbus, Girlfriend, Back Orrifice and many others.


TROJANS

COUNTERMEASURES

• Port Scan your own system regularly.

• If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.

• One can remove a Trojan using any normal Anti-Virus Software.

• A typical Trojan automatically loads itself into the memory, each time the computer boots.

• Hence, one should search all the start up files of the system and remove any references to suspicious programs.




Privacy Attacks


Sniffer Attacks

DOS Attacks

Password Attacks


Consumer Electronic Goods Sector

TV Group

• One of the largest manufacturers of televisions and other electronic goods in the world.

• Attacker sent an abusive forged email to all investors, employees and partners worldwide from the Chairman’s account.

• Tainted relations.


Email Forging

Email Forging

Definition:

Email Forging is the art of sending an email from the victim’s email account without knowing the password.

Working:

ATTACKER-----Sends Forged email----- FROM VICTIM

Tools:

None required! DEMO


Email Forging

COUNTERMEASURES

NOTHING can stop the attacker.

Use Secure email systems like PGP.

Digitally sign your emails.




Privacy Attacks


Sniffer Attacks

DOS Attacks

Password Attacks


Healthcare Sector

Healthcare Group

• One of the largest shaving solutions companies in the world.

• Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier.

• Loss of revenue. Delay in Product launch.


Fashion Entertainment Sector

Fashion House Group

• One of the most successful fashion designers in Europe.

• Stole all designs and marketing plans.

• Came out with the same range of clothes a week before.

• Loss of Revenue. R&D & Creative work down the drain.


SNIFFERS

SNIFFERS

Definition:

Sniffers are tools that can capture all data packets being sent across the entire network in the raw form.

Working: ATTACKER-----Uses sniffer for spying----- VICTIM

Threats:

Corporate Espionage, Password Stealing, IP Violation, Spying etc.

Tools:

Tcpdump, Ethereal, Dsniff and many more.


SNIFFERS

COUNTERMEASURES

Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)

Use Encryption Standards like SSL, SSH, IPSec.




Privacy Attacks


Sniffer Attacks

DOS Attacks

Password Attacks


Internet Services Sector

Internet Services

• Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours!

• All users across the globe remained disconnected.

• Attackers were never caught.

• Loss of Revenue. Share values down.


Denial of Services (DOS) Attacks

DOS ATTACKS

Definition:

Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.

Working:

ATTACKER-----Infinite/ Malicious Data----- VICTIM

Tools:

Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]Trin00, Tribal Flood Network etc [TOOLS]


Denial of Services (DOS) Attacks

BUSINESS THREATS

•All services unusable.

•All users Disconnected.

•Loss of revenue.

•Deadlines can be missed.

•Unnecessary Inefficiency and Downtime.

•Share Values go down. Customer Dissatisfaction.


DOS Attacks

COUNTERMEASURES

Separate or compartmentalize critical services. Buy more bandwidth than normally required to count for

sudden attacks. Filter out USELESS/MALICIOUS traffic as early as possible. Disable publicly accessible services. Balance traffic load on a set of servers. Regular monitoring and working closely with ISP will always

help! Patch systems regularly. IPSec provides proper verification and authentication in the IP

protocol. Use scanning tools to detect and remove DOS tools.




Privacy Attacks


Sniffer Attacks

DOS Attacks

Password Attacks


Recommendations and Countermeasures

• National CERTS and Cyber Cops.

• Security EDUCATION and TRAINING.

• Increase Security budgets.

• Invest on a dedicated security team.

• Security by obscurity?


THE FINAL WORD

THE FINAL WORD

•The biggest threat that an organization faces continues to be from….

THEIR OWN EMPLOYEES!


Is Internet Banking Safer than ATM Machines?

ATM MACHINES VS INTERNET BANKING

ATM Machines Internet Banking

Easier to crack. Difficult to crack, if latest SSL used.

Soft Powdery Substance. Earlier SSL standards quite weak.

Unencrypted PIN Number.

Software/ Hardware Sniffer.

Fake ATM Machine


ATM Hacking


Mobile Phone Hacking

Mobile Phone Attacks

Different Types:

BlueJacking BlueSnarfing BlueBug Attacks Failed Authentication Attacks Malformed OBEX Attack Malformed SMS Text Message Attack Malformed MIDI File DOS Attack Jamming Viruses and Worms Secret Codes: *#92702689# or

#3370*


AN ETHCAL GUIDE TO HACKING MOBILE PHONES

Ankit Fadia

Title: An Ethical Hacking Guide to Hacking Mobile Phones

Author: Ankit Fadia

Publisher: Thomson Learning


THE UNOFFICIAL GUIDE TO ETHICAL HACKING

Ankit Fadia

Title: The Unofficial Guide To Ethical Hacking

Author: Ankit Fadia



NETWORK SECURITY: A HACKER’S PERSPECTIVE

Ankit Fadia

Title: Network Security: A Hacker’s Perspective

Author: Ankit Fadia



THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY

Ankit Fadia

Title: The Ethical Hacking Guide to Corporate Security

Author: Ankit Fadia

Publisher: Macmillan India Ltd.


THE ETHICAL HACKING SERIES

Ankit Fadia

Title: Email Hacking

Author: Ankit Fadia

Publisher: Vikas Publications

Title: Windows Hacking

Author: Ankit Fadia

Publisher: Vikas Publications


HACKED!!! Securing your Business

Ankit FadiaEthical [email protected]

Questions?

http:// hacked!!! securing your business ankit fadia ethical hacker [email protected] hacked!!!

Documents