eSPIONAGE - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

eSPIONAGE

Description:

The ancient writings of Chinese and Indian military strategists such as Sun-Tzu ... was sent by an unknown attacker, bounced through an Internet address in South ... – PowerPoint PPT presentation

Number of Views:577
Avg rating:3.0/5.0
Slides: 28
Provided by: ank42
Category:

less

Transcript and Presenter's Notes

Title: eSPIONAGE


1
e-SPIONAGE
  • Ankur Bansal
  • CS-575
  • April 26th,2008

2
  • The U.S. military created the internet. Now the
    web may be turning against its maker.
  • Business Week,
  • April 21st 2008

3
Overview
  • What is Espionage
  • Spy-wares
  • Espionage as National Issue

4
Espionage
  • Espionage or spying involves a human being
    obtaining information that is considered secret
    without the permission of the its holder.
  • The ancient writings of Chinese and Indian
    military strategists such as Sun-Tzu and Chanakya
    contain information on deception and spying.

5
Espionage (Contd..)
  • Chanakya's student Chandragupta Maurya, founder
    of the Maurya Empire, made use of assassinations,
    spies and secret agents, which are described in
    Chanakya's Arthasastra.
  • The ancient Egyptians had a thoroughly developed
    system for the acquisition of intelligence
  • Japan often used ninja to gather intelligence.
  • Spies played a significant part in Elizabethan
    England
  • USA and Russia used spies extensively during cold
    war period

6
Spy-wares
  • Spyware is computer software that is installed
    surreptitiously on a personal computer to
    intercept or take partial control over the user's
    interaction with the computer, without the user's
    informed consent.

7
Spy-ware (Contd.)
  • Functions of spyware extend well beyond simple
    monitoring
  • Spyware can collect various types of personal
    information, Internet surfing habit, sites
    visited
  • It Can interfere with user control of the
    computer
  • Can installing additional software.
  • Can redirect Web browser activity.
  • Access websites that can cause viruse infections.
  • Can change computer settings, resulting in slow
    connection speeds, loss of Internet or other
    programs

8
History of Spy-wares
  • The first recorded use of the term spyware
    occurred on October 16, 1995 in a Usenet post
    that poked fun at Microsoft's business model
  • Spyware at first denoted hardware meant for
    espionage purposes.
  • In 2000 the Zone Labs used the term in a press
    release. Since then, "spyware" has taken on its
    present sense.

9
Spyware/ Adware/ Virus
  • Adware refers to software which displays
    advertisements, whether or not the user has
    consented
  • Example - Eudora mail client display
    advertisements as an alternative to shareware
    registration fees
  • Most adware is spyware as they displays
    advertisements related to what they find from
    spying.
  • Unlike viruses and worms, spyware does not
    usually self-replicate

10
kaZaa an example
  • kaZaa is one of the most popular softwares today.
  • Its free downloadable in minutes
  • Allow people to share/ exchange files
  • Millions of users
  • 247 Millions as of July,2003

11
kaZaa (contd.)
  • But there is a catch
  • When installed you get more than just kaZaa you
    also get
  • Cydoor a tracking advertising software
  • Displays pop-up ads
  • Tracks web surfing habits
  • Gator ad-driven backdoor software
  • Altnet a hidden p2p software
  • Many others that kaZaa wishes to include

12
Routes of infection
  • Spyware does not directly spread in the manner of
    a computer virus or worm generally, an infected
    system does not attempt to transmit the infection
    to other computers.
  • Spyware gets on a system through deception of the
    user or through exploitation of software
    vulnerabilities.
  • 3 common ways
  • Piggybacking on a piece of desirable software
  • Trojan horse method Tricking user to installing
    it.
  • Posing as anti-spyware programs, while being
    spyware themselves.

13
Examples
  • CoolWebSearch
  • Directs traffic to advertisements on
    coolwebsearch.com.
  • Rewrites search engine results
  • Alters the computer's hosts file to direct DNS
    lookups to ad pages.
  • Internet Optimizer, also known as DyFuCa
  • When users follow a broken link or enter an
    erroneous URL, they see a page of advertisements.
  • Since password-protected Web sites use the same
    mechanism as HTTP errors, Internet Optimizer
    makes it impossible for the user to access
    password-protected sites.
  • Zango (formerly 180 Solutions)
  • Transmits detailed information to advertisers
    about the Web sites which users visit.
  • Alters HTTP requests for affiliate advertisements
    linked from a Web site.
  • Zlob trojan, or just Zlob
  • Downloads itself to your computer via an ActiveX
    codec
  • Reports information back to Control Server.
  • Some information can be as your search history,
    the Websites you visited, and even Key Strokes.

14
Problems
  • These softwares often run silently in background,
    without users knowledge!
  • It is very hard to detect these non-destructive
    but intrusive activities
  • Undesirable features are closely integrated with
    desirable features

15
Stats
  • According to a 2005 study by AOL and the
    National Cyber-Security Alliance
  • 61 of surveyed users' computers had some form
    of spyware.
  • 92 of users with spyware reported that they did
    not know of its presence.
  • 91 percent had not given permission for the
    installation of the spyware

16
Security practices
  • Install anti-spyware programs
  • Use a web browser other than IE, such as Opera or
    Mozilla Firefox.
  • Sharewares are a big source of spy wares
  • Download only from reliable source.

17
Innocent e-mail
  • The e-mail message addressed to a Booz Allen
    Hamilton executive was mundanea shopping list
    sent over by the Pentagon of weaponry India
    wanted to buy
  • Beneath the description of aircraft, engines, and
    radar equipment was an insidious piece of
    computer code known as "Poison Ivy" designed to
    suck sensitive data out of the 4 billion
    consulting firm's computer network.
  • The Pentagon hadn't sent the e-mail at all

18
The innocent e-mail
  • Authors knew enough about the "sender" and
    "recipient" to craft a message unlikely to arouse
    suspicion
  • Had the Booz Allen executive clicked on the
    attachment, his every keystroke would have been
    reported back to a mysterious master at the
    Internet address cybersyndrome.3322.org

19
(No Transcript)
20
Innocent e-Mail
  • The e-mail was more convincing because of its
    apparent sender Stephen J. Moree, who reports to
    the office of Air Force Secretary Michael W.
    Wynne
  • Moree's unit evaluates the security of selling
    U.S. military aircraft to other countries.
  • There is little reason to suspect anything
    seriously in Moree's passing along the highly
    technical document with "India MRCA Request for
    Proposal as title
  • The Indian government had just released the
    request a week earlier, on Aug. 28, and the
    language in the e-mail closely tracked the
    request.
  • It referred to upcoming Air Force communiqués and
    a "Teaming Meeting" , making the message appear
    more credible

21
  • It was sent by an unknown attacker, bounced
    through an Internet address in South Korea,
    relayed through a Yahoo! server in New York, and
    finally made its way toward Mulhern's Booz Allen
    in-box.
  • The digital trail to cybersyndrome.3322.org,
    leads to one of China's largest free
    domain-name-registration and e-mail services
    called 3322.org
  • Poison Ivy can steal information in access.
  • RAT remote administrative tool

22
  • Government agencies reported 12,986 cyber
    security incidents to the U.S. Homeland Security
    Dept. last fiscal year
  • Many of the new attackers are trained
    professionals backed by foreign governments

23
Major Attacks
  • Solar Sunrise Feb 1998
  • Air force and Navy computers are hit by
    malicious code while U.S. was preparing to attack
    Iraq
  • Moonlight Maze March 19981999
  • Defence Dept., NASA, Energy Dept., Weapons Lab
  • Large packets of unclassified data was stolen

24
  • Titan Rain 2004
  • Classified data on computers of defence
    cotractors
  • Lockheed Martin, Sandia National labs and NASA
  • Byzantine Foothold 2007
  • Lot of corporations state depts to boeing

25
  • Paul Kurtz, former national security officer,
    explains how the U.S. government and its defense
    contractors have been the victims of an
    unprecedented rash of similar cyber attacks over
    the last two year
  • Video

26
Referances
  • http//www.cs.wisc.edu/wisa/presentations/2003/072
    2/spyware/spyware.03.0722.pdf
  • Wikipedia
  • Business Weak April 21st 2008
  • http//www.businessweek.com/magazine/content/08_16
    /b4080032218430.htm

27
Discussion
  • Has Internet become too unwieldy to be tamed?
Write a Comment
User Comments (0)
About PowerShow.com