sit presentation

22
Hacking By: Chris Piccirilli, Carolyn Choi, John Malick, and Tom Croonquist

Upload: cchoi02

Post on 16-Jan-2015

455 views

Category:

Technology


3 download

DESCRIPTION

 

TRANSCRIPT

Page 1: Sit presentation

Hacking

By: Chris Piccirilli, Carolyn Choi, John Malick, and Tom Croonquist 

Page 2: Sit presentation

What comes to mind when you think of hacking?  

Page 3: Sit presentation

What is hacking?

-While there are many definitions of hacking, a general definition is to modify something to make it work for you. -For computers, hacking includes fixing programs until they work. Also, hacking includes modifying the computer hardware to make it work better or tuned to the person's wishes. -The type of hacking that the media discusses includes breaking into secure systems to determine their weaknesses and to explore them. However, the media only points out the malicious uses for breaking into systems. 

http://www.youtube.com/watch?v=hzC6BONJgsQ 

So as you can see, hacking is not always bad.....We can now get into the types of hacking.....

Page 4: Sit presentation

Types of Hacking

-"White hats"     -security experts who try to find the vulnerabilities in programs and systems, and report them to the

manufacturers    -"ethical hackers" because they either have authorization to break into the system or program, or they do so with the intent of assisting the manufacturer in securing them. 

-"Black Hats"     -ones who are trying to find those same vulnerabilities and exploit them.

- "Cracker"     -Black Hat hackers, usually referring to the creation of software cracks to bypass anti-piracy methods.

-"Phreaker" 

    -person who hacks into telecommunications services. 

Page 5: Sit presentation

A Common Misconception

-MOST hackers work for security professions or hack to improve their personal experience.

-Most white hats only hack their own systems in order to tweak them to the fullest extent that they can. Most of the "white hat" hackers are working behind the scenes or in the shadows. The media hardly, if ever, discusses them or their work. 

-Through movies, and sound-bites, the media has jumped on the "hackers are bad" bandwagon-- totally overlooking the people who are trying to make their (and our) lives better through their hacking. 

http://www.youtube.com/watch?v=vAf9mUnafcQ 

Page 6: Sit presentation

The First "Hacks"

1903 - Nevil Maskelyn    -The stage magician wrecked a public demo of Marconi's wireless telegraph in 1903 by sending insults in Morse code down the wire. 

1932 - Polish cryptologists Marian Rejewski, Henryk Zygalski and Jerzy Różycki

  -broke the Enigma machine code    -gave the Allies a competitive advantage in reading Morse code    -Eisenhower considered this hack to be a pivotal factor in their victory in World War II.

1965 - William Matthews from MIT 

    -found a vulnerability in a Multics CTSS running on a IBM7094 .     -This flaw discloses the contents of the password file.

 

Page 7: Sit presentation

The First "Hacks"

1971- John T. Draper (Captain Crunch)

    -Hacks long distance phone calling system        -Used the toy whistle found in a cereal box to generate a signal to         make free long distance calls

1983 - The Warelords forms in The United States    -founded by Black Bart (cracker of Dung Beetles in 1982) in St. Louis, Missouri.    -Composed of many teenage hackers, phreakers, coders, and largely black hat-style underground computer geeks.    -Triggered many more hacker groups to form later

Page 8: Sit presentation

Terminology

Open Source Software• Source codes are freely available for anyone to inspect and

studyo  No payment required/ No obstacles

• Several thousand languages usedo  C+, C++, Java

• Without the source code it is difficult to modify• Can't redistribute copies with your changes • Has licenses that protect the author's integrity of the code• Does not guarentee its users the additional freedoms that free

software guarantees 

Page 9: Sit presentation

Terminology

Free Software• everyone has the right to inspect and study the source

codeo also to use it for any desired purpose

making as many copies installing on as many computers modify and redistribute in its original or modified

form. o without monetary or other restrictions

• Free software is always also open source

Page 10: Sit presentation

Terminology

Back Door• a.k.a. "trap door"• a hole in the system that the

designers deliberately leave• hackers may create these in order

to to make sure they can return later on

Banner Grabbing• Obtaining logon banners from a

target systemBuffer Overflow• Occurs when you try to stuff more

data into a buffer than it can handle

Page 11: Sit presentation

Terminology

Chipping•  configuring processors

or other computer chips so that they contain some unexpected functions

DoS Attack• Denial of Service

o attempt to shut down access to a particular system or network

o targets high-profile web sites

Page 12: Sit presentation

Terminology

DDoS• Distributed Denial of

Serviceo DoS attack with a

number of hosts who direct their attacks to a single target at the same time

Trojan Horse• code fragment that hides

inside a program and performs a disguised function

Page 13: Sit presentation

Terminology

Virus• code fragment that copies itself into a

larger program, replicates, and infectsWorm• independent program that reproduces

by copying itself from one computer to another over a networko does not modify other programs

Logic Bomb• type of Trojan horse, used to release a

virus, worm, or other system attack

Page 14: Sit presentation

Terminology

Spoofing• impersonating another host on a

network by using the hosts IP or MAC addresso helps mask an attack

Session Hijacking• when an attacker takes over an existing

connection between client and serverPost Redirection• Redirecting network traffic from one IP

address/ports to another. o circumvent firewalls or secure ports

Page 15: Sit presentation

Terminology

Red Book• "Trusted Network Interpretation"• the security requirements and rating

structure of TNI are extended to networks of computers

• local area networks to wide area networksOrange Book• "Trusted Computer System Evaluation

Criteria"o presents security requirements that a

host must meet in order to be considered by the DoD a trusted system

Page 16: Sit presentation

Famous Individuals- BLACK HAT

Jonathan James- c0mrade-                        - First juvenile sent to prison for hacking at 16                       - Interested in challenges                       - Targeted high profile organizations such as DTRA                       -Defense Threat Reduction Agency                       - Sniffer, captures 3000 data streams to control NASA                       - suicideAdrian Lamo- Dubbed as "homeless hacker"                   -Used coffee shops, libraries, etc., to perform intrusions                   - NY Times                   - Penetration Testing    - A method of evaluating the security of a     computer system or network by simulating    an attack from malicious outsiders.                   - expert to view personal info and CC

Page 17: Sit presentation

Famous Individuals- WHITE HAT

Stephen Wozniak - The "other Steve"                           - National Medal of Technology                           - National Inventors Hall of Fame Tim Berners Lee- Who is he?  1989 22 Years Merge Personal/Global                         - Caught hacking at Oxford University                         -CERN: European nuclear research organization

Page 18: Sit presentation

Famous Hacking Groups

Masters of Deception: Mastered Credit Card hacking                                : Hacked phone companies in order to get CC#'s                                : Julia Roberts    Red Hacker Alliance: 80,000                           : Began with strong oppostion Indonesian riots                           : Mostly chinese against imperial US MilitarianismJapan                           : Honker Union

Page 19: Sit presentation

Recent Harmful Hacks

Zappos: January 16, 2012http://online.wsj.com/article/BT-CO-20120116-706917.html     - CEO Tony Hsieh    - 12 years of developing a strong reputation    - Credit Card and Payment Data fortunately unaffected  Insurgent Hacks: December 19, 2009http://online.wsj.com/article/SB126102247889095011.html    - $26 software purchased off the internet   - Provide info needed to help invade/monitor US Operations   - Allowed for possible strategic advantages

Page 20: Sit presentation

Modern Use

- Computer Security Purposes    - Discovering security faults, not doing any harm

- Programming    -  Designing software, and building programs

- Home Use    - Hobby

Page 21: Sit presentation

Top Motivations for Hacking

- Money    - Obtaining money, bank information, modifying data 

- Freedom    -  Belief of accessibility

- Love    -  Find cheaters

- Fun and Curiosity    -  Having fun, learning the basics, gain recognition

Page 22: Sit presentation

THE END