HACKED!!! – Kuala Lumpur, Malaysia Network Security
description
Transcript of HACKED!!! – Kuala Lumpur, Malaysia Network Security
http://www.hackingmobilephones.com
HACKED!!! – Kuala Lumpur, MalaysiaNetwork Security
Ankit FadiaIntelligence Consultant and [email protected]
Outsmarting Cyber Villains
http://www.hackingmobilephones.com
How to become a Computer Security Expert?
THINGS TO DO:
Learn at least one Programming Language.
Become a Networking Guru.
Learn to work in the UNIX Shell.
Get the ‘Hacking’ attitude.
Read, Read and Read as much as you can!!!!
http://www.hackingmobilephones.com
Hacker VS Cracker
Qualities of a Hacker :
Lots of Knowledge & Experience.Good Guy.Strong Ethics.Never Indulges in Crime.Catches Computer Criminals.
Qualities of a Cracker :
Lots of Knowledge & Experience.Bad Guy.Low Ethics.Mostly Indulges in Crime.Is a Computer Criminal himself.
http://www.hackingmobilephones.com
Facts and Figures
FBI INTELLIGENCE REPORT
9,85921,756
52,65864,981
87,770101,311
0
20,000
40,000
60,000
80,000
100,000
120,000
1999 2000 2001 2002 2003 2004
IncidentsRecorded
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
Privacy Attacks
Email Forging Attacks
Sniffer Attacks
Keylogger Attacks
DOS Attacks
http://www.hackingmobilephones.com
Individual Internet User
Mumbai Lady Case
• A lady based in Mumbai, India lived in a one-room apartment.
• Was a techno-freak and loved chatting on the Internet.
• Attacker broke into her computer & switched her web camera on!
• Biggest cyber crime involving privacy invasion in the world!
http://www.hackingmobilephones.com
Government Sector
NASA
• The premier space research agency in the world.
• Had just finished a successful spaceship launch, when the unexpected happened.
• The path of the spaceship was changed remotely by a 11 year old Russian teenager.
• Loss of money. Unnecessary worry.
http://www.hackingmobilephones.com
TROJANS
TROJANS
Definition:
Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker.
Working: See Demo.
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying, etc.
Tools:
Netbus, Girlfriend, Back Orrifice and many others.
http://www.hackingmobilephones.com
TROJANS
COUNTERMEASURES
• Port Scan your own system regularly.
• If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.
• One can remove a Trojan using any normal Anti-Virus Software.
• Monitor start up files and port activity.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
Privacy Attacks
Email Forging Attacks
Sniffer Attacks
Keylogger Attacks
DOS Attacks
http://www.hackingmobilephones.com
Consumer Electronic Goods Sector
TV Group
• One of the largest manufacturers of televisions and other electronic goods in the world.
• Attacker sent an abusive forged email to all investors, employees and partners worldwide from the Chairman’s account.
• Tainted relations.
http://www.hackingmobilephones.com
Email Forging
Email Forging
Definition:
Email Forging is the art of sending an email from the victim’s email account without knowing the password.
Working:
ATTACKER-----Sends Forged email----- FROM VICTIM
Tools:
None required! DEMO
http://www.hackingmobilephones.com
Email Forging
COUNTERMEASURES
NOTHING can stop the attacker.
Use Secure email systems like PGP.
Digitally sign your emails.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
Privacy Attacks
Email Forging Attacks
Sniffer Attacks
Keylogger Attacks
DOS Attacks
http://www.hackingmobilephones.com
Healthcare Sector
Healthcare Group
• One of the largest shaving solutions companies in the world.
• Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier.
• Loss of revenue. Delay in Product launch.
http://www.hackingmobilephones.com
Government Sector
BARC Group
• One of the most sensitive atomic and missile research facilities in India.
• Pakistani criminal organizations broke into network and stole sensitive missile info.
• Loss of sensitive data. Threat to national security.
http://www.hackingmobilephones.com
SNIFFERS
SNIFFERS
Definition:
Sniffers are tools that can capture all data packets being sent across the entire network in the raw form.
Working: ATTACKER-----Uses sniffer for spying----- VICTIM
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying, etc.
Tools:
Tcpdump, Ethereal, Dsniff and many more.
http://www.hackingmobilephones.com
SNIFFERS
COUNTERMEASURES
Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)
Use Encryption Standards like SSL, SSH, IPSec.
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
Privacy Attacks
Email Forging Attacks
Sniffer Attacks
Keylogger Attacks
DOS Attacks
http://www.hackingmobilephones.com
Fashion Entertainment Sector
Fashion House Group
• One of the most successful fashion designers in Europe.
• Stole all designs and marketing plans.
• Came out with the same range of clothes a week before.
• Loss of Revenue. R&D & creative work down the drain.
http://www.hackingmobilephones.com
KEYLOGGERS
KEYLOGGERS
Definition:
They are spying tools that record all keystrokes made on the victim’s computer.
Working: ATTACKER-----Uses keylogger for spying----- VICTIM
Threats:
Corporate Espionage, Password Stealing, IP Violation, Spying, etc.
Tools:
Thousands of Keyloggers available on the Internet.
http://www.hackingmobilephones.com
KEYLOGGERS
COUNTERMEASURES
Periodic Detection practices should be made mandatory.
A typical Key Logger automatically loads itself into the memory, each time the computer boots.
Hence, one should search all the start up files of the system and remove any references to suspicious programs.
This should protect you to a great extent!
http://www.hackingmobilephones.com
TOP 5 CORPORATE ESPIONAGE ATTACKS
• TOP 5 Corporate Espionage Attacks:
Privacy Attacks
Email Forging Attacks
Sniffer Attacks
Keylogger Attacks
DOS Attacks
http://www.hackingmobilephones.com
Internet Services Sector
Internet Services
• Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours!
• All users across the globe remained disconnected.
• Attackers were never caught.
• Loss of Revenue. Share values down.
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
DOS ATTACKS
Definition:
Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.
Working:
ATTACKER-----Infinite/ Malicious Data----- VICTIM
Tools:
Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]Trin00, Tribal Flood Network, etc [TOOLS]
http://www.hackingmobilephones.com
Denial of Services (DOS) Attacks
BUSINESS THREATS
•All services unusable.
•All users Disconnected.
•Loss of revenue.
•Deadlines can be missed.
•Unnecessary Inefficiency and Downtime.
•Share Values go down. Customer Dissatisfaction.
http://www.hackingmobilephones.com
DOS Attacks
COUNTERMEASURES
Separate or compartmentalize critical services. Buy more bandwidth than normally required to
count for sudden attacks. Filter out USELESS/MALICIOUS traffic as early as
possible. Disable publicly accessible services. Balance traffic load on a set of servers. Regular monitoring and working closely with ISP
will always help! Patch systems regularly. IPSec provides proper verification and
authentication in the IP protocol. Use scanning tools to detect and remove DOS
tools.
http://www.hackingmobilephones.com
Recommendations and Countermeasures
• National CERTS and Cyber Cops.
• Security EDUCATION and TRAINING.
• Increase Security budgets.
• Invest on a dedicated security team.
• Security by obscurity?
http://www.hackingmobilephones.com
THE FINAL WORD
THE FINAL WORD
•The biggest threat that an organization faces continues to be from….
THEIR OWN EMPLOYEES!
http://www.hackingmobilephones.com
Is Internet Banking Safer than ATM Machines?
ATM MACHINES VS INTERNET BANKING
ATM Machines Internet Banking
Easier to crack. Difficult to crack, if latest SSL used.
Soft Powdery Substance. Earlier SSL standards quite weak.
Unencrypted PIN Number.
Software/ Hardware Sniffer.
Fake ATM Machine
http://www.hackingmobilephones.com
Mobile Phone Hacking
Mobile Phone Attacks
Different Types:
BlueJacking BlueSnarfing BlueBug Attacks Failed Authentication Attacks Malformed OBEX Attack Malformed SMS Text Message
Attack Malformed MIDI File DOS Attack Jamming Viruses and Worms Secret Codes: *#92702689# or #3370*
http://www.hackingmobilephones.com
AN ETHCAL GUIDE TO HACKING MOBILE PHONES
Hacking Mobile Phones
Title: An Ethical Hacking Guide to Hacking Mobile Phones
Author: Ankit Fadia
Publisher: Thomson Learning
JUST RELEASED!JUST RELEASED!
http://www.hackingmobilephones.com
THE UNOFFICIAL GUIDE TO ETHICAL HACKING
Ankit Fadia
Title: The Unofficial Guide To Ethical Hacking
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
NETWORK SECURITY: A HACKER’S PERSPECTIVE
Ankit Fadia
Title: Network Security: A Hacker’s Perspective
Author: Ankit Fadia
Publisher: Thomson Learning
http://www.hackingmobilephones.com
THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY
Network Security
Title: The Ethical Hacking Guide to Corporate Security
Author: Ankit Fadia
Publisher: Macmillan India Ltd.
http://www.hackingmobilephones.com
HACKED!!! – Kuala Lumpur, Malaysia
Network Security
Ankit FadiaIntelligence Consultant cum [email protected]
Questions?