HACKED Kuala Lumpur, Malaysia

1

HACKED!!! Kuala Lumpur, Malaysia Network
Security

Outsmarting Cyber Villains

Ankit Fadia Intelligence Consultant and
Author afadia_at_stanford.edu


2
How to become a Computer Security Expert?

• THINGS TO DO
• Learn at least one Programming Language.
• Become a Networking Guru.
• Learn to work in the UNIX Shell.
• Get the Hacking attitude.
• Read, Read and Read as much as you can!!!!

3
Hacker VS Cracker

• Qualities of a Hacker
• Lots of Knowledge Experience.
• Good Guy.
• Strong Ethics.
• Never Indulges in Crime.
• Catches Computer Criminals.
• Qualities of a Cracker
• Lots of Knowledge Experience.
• Bad Guy.
• Low Ethics.
• Mostly Indulges in Crime.
• Is a Computer Criminal himself.

4
Facts and Figures
FBI INTELLIGENCE REPORT
5
TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks
• Privacy Attacks
• Email Forging Attacks
• Sniffer Attacks
• Keylogger Attacks
• DOS Attacks

6
Individual Internet User

• Mumbai Lady Case
• A lady based in Mumbai, India lived in a one-room
  apartment.
• Was a techno-freak and loved chatting on the
  Internet.
• Attacker broke into her computer switched her
  web camera on!
• Biggest cyber crime involving privacy invasion in
  the world!

7
Government Sector

• NASA
• The premier space research agency in the world.
• Had just finished a successful spaceship launch,
  when the unexpected happened.
• The path of the spaceship was changed remotely by
  a 11 year old Russian teenager.
• Loss of money. Unnecessary worry.

8

TROJANS

• TROJANS
• Definition
• Trojans act as RATs or Remote Administration
  Tools that allow remote control and remote access
  to the attacker.
• Working See Demo.
• Threats
• Corporate Espionage, Password Stealing, IP
  Violation, Spying, etc.
• Tools
• Netbus, Girlfriend, Back Orrifice and many
  others.

9
TROJANS

• COUNTERMEASURES
• Port Scan your own system regularly.
• If you find a irregular port open, on which you
  usually do not have a service running, then your
  system might have a Trojan installed.
• One can remove a Trojan using any normal
  Anti-Virus Software.
• Monitor start up files and port activity.

10
TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks
• Privacy Attacks
• Email Forging Attacks
• Sniffer Attacks
• Keylogger Attacks
• DOS Attacks

11
Consumer Electronic Goods Sector

• TV Group
• One of the largest manufacturers of televisions
  and other electronic goods in the world.
• Attacker sent an abusive forged email to all
  investors, employees and partners worldwide from
  the Chairmans account.
• Tainted relations.

12
Email Forging

• Email Forging
• Definition
• Email Forging is the art of sending an email from
  the victims email account without knowing the
  password.
• Working
• ATTACKER-----Sends Forged email-----? FROM VICTIM
• Tools
• None required! DEMO

13
Email Forging

• COUNTERMEASURES
• NOTHING can stop the attacker.
• Use Secure email systems like PGP.
• Digitally sign your emails.

14
TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks
• Privacy Attacks
• Email Forging Attacks
• Sniffer Attacks
• Keylogger Attacks
• DOS Attacks

15
Healthcare Sector

• Healthcare Group
• One of the largest shaving solutions companies in
  the world.
• Attacker broke into network and cancelled
  approximately 35 different orders of raw
  materials from supplier.
• Loss of revenue. Delay in Product launch.

16
Government Sector

• BARC Group
• One of the most sensitive atomic and missile
  research facilities in India.
• Pakistani criminal organizations broke into
  network and stole sensitive missile info.
• Loss of sensitive data. Threat to national
  security.

17

SNIFFERS

• SNIFFERS
• Definition
• Sniffers are tools that can capture all data
  packets being sent across the entire network in
  the raw form.
• Working ATTACKER-----Uses sniffer for
  spying-----? VICTIM
• Threats
• Corporate Espionage, Password Stealing, IP
  Violation, Spying, etc.
• Tools
• Tcpdump, Ethereal, Dsniff and many more.

18
SNIFFERS

• COUNTERMEASURES
• Switch to Switching Networks. (Only the packets
  meant for that particular host reach the NIC)
• Use Encryption Standards like SSL, SSH, IPSec.

19
TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks
• Privacy Attacks
• Email Forging Attacks
• Sniffer Attacks
• Keylogger Attacks
• DOS Attacks

20
Fashion Entertainment Sector

• Fashion House Group
• One of the most successful fashion designers in
  Europe.
• Stole all designs and marketing plans.
• Came out with the same range of clothes a week
  before.
• Loss of Revenue. RD creative work down the
  drain.

21

KEYLOGGERS

• KEYLOGGERS
• Definition
• They are spying tools that record all keystrokes
  made on the victims computer.
• Working ATTACKER-----Uses keylogger for
  spying-----? VICTIM
• Threats
• Corporate Espionage, Password Stealing, IP
  Violation, Spying, etc.
• Tools
• Thousands of Keyloggers available on the
  Internet.

22
KEYLOGGERS

• COUNTERMEASURES
• Periodic Detection practices should be made
  mandatory.
• A typical Key Logger automatically loads itself
  into the memory, each time the computer boots.
• Hence, one should search all the start up files
  of the system and remove any references to
  suspicious programs.
• This should protect you to a great extent!

23
TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks
• Privacy Attacks
• Email Forging Attacks
• Sniffer Attacks
• Keylogger Attacks
• DOS Attacks

24
Internet Services Sector

• Internet Services
• Yahoo, Amazon, Ebay, BUY.com brought down for
  more than 48 hours!
• All users across the globe remained disconnected.
  
• Attackers were never caught.
• Loss of Revenue. Share values down.

25

Denial of Services (DOS) Attacks

• DOS ATTACKS
• Definition
• Such an attack clogs up so much bandwidth on the
  target system that it cannot serve even
  legitimate users.
• Working
• ATTACKER-----Infinite/ Malicious Data-----?
  VICTIM
• Tools
• Ping of Death, SYN Flooding, Teardrop, Smurf,
  Land TYPES
• Trin00, Tribal Flood Network, etc TOOLS

26
Denial of Services (DOS) Attacks

• BUSINESS THREATS
• All services unusable.
• All users Disconnected.
• Loss of revenue.
• Deadlines can be missed.
• Unnecessary Inefficiency and Downtime.
• Share Values go down. Customer Dissatisfaction.

27
DOS Attacks

• COUNTERMEASURES
• Separate or compartmentalize critical services.
• Buy more bandwidth than normally required to
  count for sudden attacks.
• Filter out USELESS/MALICIOUS traffic as early as
  possible.
• Disable publicly accessible services.
• Balance traffic load on a set of servers.
• Regular monitoring and working closely with ISP
  will always help!
• Patch systems regularly.
• IPSec provides proper verification and
  authentication in the IP protocol.
• Use scanning tools to detect and remove DOS
  tools.

28
Recommendations and Countermeasures

• National CERTS and Cyber Cops.
• Security EDUCATION and TRAINING.
• Increase Security budgets.
• Invest on a dedicated security team.
• Security by obscurity?

29
THE FINAL WORD

• THE FINAL WORD
• The biggest threat that an organization faces
  continues to be from.

THEIR OWN EMPLOYEES!
30

Is Internet Banking Safer than ATM Machines?

• ATM MACHINES VS INTERNET BANKING
• ATM Machines Internet Banking
• Easier to crack. Difficult to crack, if
  latest SSL used.
• Soft Powdery Substance. Earlier SSL
  standards quite weak.
• Unencrypted PIN Number.
• Software/ Hardware Sniffer.
• Fake ATM Machine

31

Mobile Phone Hacking

• Mobile Phone Attacks
• Different Types
• BlueJacking
• BlueSnarfing
• BlueBug Attacks
• Failed Authentication Attacks
• Malformed OBEX Attack
• Malformed SMS Text Message Attack
• Malformed MIDI File DOS Attack
• Jamming
• Viruses and Worms
• Secret Codes 92702689 or 3370

32
AN ETHCAL GUIDE TO HACKING MOBILE PHONES Hacking
Mobile Phones


Title An Ethical Hacking Guide to Hacking
Mobile Phones Author Ankit Fadia Publisher
Thomson Learning JUST RELEASED!


33
THE UNOFFICIAL GUIDE TO ETHICAL HACKING Ankit
Fadia


Title The Unofficial Guide To Ethical
Hacking Author Ankit Fadia Publisher Thomson
Learning


34
NETWORK SECURITY A HACKERS PERSPECTIVE Ankit
Fadia


Title Network Security A Hackers
Perspective Author Ankit Fadia Publisher
Thomson Learning


35
THE ETHICAL HACKING GUIDE TO CORPORATE
SECURITY Network Security


Title The Ethical Hacking Guide to Corporate
Security Author Ankit Fadia Publisher
Macmillan India Ltd.


36

HACKED!!! Kuala Lumpur, Malaysia Network
Security

Questions?


Ankit Fadia Intelligence Consultant cum
Author afadia_at_stanford.edu