exploring the internet the dark side of the internet 91.113-021 instructor: michael krolak...

Exploring the InternetThe Dark Side of the

Internet91.113-021

Instructor: Michael Krolak91.113-031

Instructor: Patrick KrolakSee also http://www.cs.uml.edu/~pkrolak/lab1/lab1.html

The Internet and Security

The Dark Side of the Internet

Hoaxes create anxiety, worries, and in some cases real problems

With the advent of the Internet social networks, chat rooms, and blogs rumors and hoaxes can travel around the world and reach millions in days if not minutes.

Hoaxes – the chain email

• In the days of snail mail, the chain letter that offer some reward, prayer answer, good luck for the receiver of the letter if they then copied it and sent 10 copies to others. In some cases they asked that the person put their name and address on a list and send money to the person higher on the list.

• Today hoax emails ask that the user say a prayer, do a good deed, send money to a charity, etc. In addition the person is asked to forward it to at least 10 friends. At the very least this clogs the email system with junk. At worse it is a scam that may harm your computer or add your email to a spam or sucker list.

• Action – Delete the email immediately and/or notify your system administrator so it can be blocked. For more see the Pyramid Scheme Section.

•Spam is electronic junk mail that clogs our internet like the fatty canned meat of the same name clogs our arteries.

–Communication lines back up at an alarming rate, –Storage is gobbled up, –Servers and processors thrash, and –Users are irritated at best – incapacitated at worst.

•Spam costs the ISPs and others a fortune to prevent and/or to remove. •At its worst spam is used by scammers, hackers, and others to market and prey on literally millions of users at a very low cost.

Source: http://www.unt.edu/benchmarks/archives/2005/february05/spamandcookiescolor.gif

• What is Spam?Junk email – unwanted, resource robbing, and often contains viruses, worms,

and scams.• Why is it an increasing problem?

Spam is the fastest growing component of messages on the Internet that consumes bandwidth, storage, and angers the user. ISPs and some consumer groups are attempting to shut down the worst offenders.

Spam as harassment.Spam as DoS (Denial of Service) attack.Spam as Phishing (attempt to obtain a person’s ID, password, etc, by

pretending to be a legitimate request.)• What can be done about it? (Discussion questions)

– Closing down ISPs that permit email relaying (Is this too draconian?).– Apply filters and tools to remove it (Can they be by-passed?). – Lobby for federal legislation to create civil and criminal penalties for those

who send Spam. (Does this interfere with free speech?)– A recently passed law to prosecute commercial spammers. (When is

Internet advertising legitimate and when is it Spam?)

Why Estimate the Cost of Spam?

• Important for policy reasons to know severity of problem –helps in assigning priority to issue;

• To determine which economic actors have to bear costs – alsoimportant in focusing on solutions;

• Spam imposes negative externality on society (similar topollution in the manufacturing economy): economic damageand cost borne by third parties resulting in an overall loss ofwelfare for society;

• If costs of spam are unacceptable then have to put in placemechanisms to change behavior of producers of spam;

• Provides metric to “let the punishment fit the crime.” • Market itself does not provide mechanism to correct for costs

inflicted by spam. If economic solutions are used to combatspam, cost data can help determine prices applied to reduce oreliminate spam;

http://www.oecd.org/dataoecd/47/5/26618988.pdf

Spam Impact on Consumers

• E-mail has value to recipient which varies with the content and should at least equal processing cost;

• Each e-mail entails the same receiving/processing cost for consumer. For spam the value of the e-mail content is negative and to this must be added the processing cost;

• If the amount of spam received is extremely high it could conceivably outweigh the positive value of receiving e-mail;

• Costs to consumers for processing mail are declining as consumers switch to broadband from dial-up (where time based Internet access charges exist) and because of quicker download times;

• But increase in volume of spam is likely to result in net increase in costs – if you can go fast but you produce crap, all you get is more crap;

Overall Cost: Some Estimates

• Reduced use of an efficient and cheap means of communications among economic actors – slows down growth of e-commerce and development of digital economy.

Total economic impact of spam – estimates vary:• Global cost “conservatively” estimated at estimated at €10

Billion (European Commission Study 2001);• Ferris Research (Jan. 2003) estimated that spam cost US

companies $8.9 billion dollars in 2002. The same study estimated the cost of spam in Europe as US$2.5 billion.

• UNCTAD (2003): $20 billion;• Cost to Hong Kong economy $1.3 billion (HKISPA 2004);• $2 - $20 Billion per year and growing.

Crimes of Persuasion

Crimes of persuasion are scams that appeal to peoples’ greed, goodwill, or other emotions to use the victim to provide the access and assistance to information, the money or other resources, that are the target of the criminal.

In other words – A Con Game

Internet Scams

• Scams over the Internet unlike the fraud and similar crime can be difficult to detect, prosecute, and prevent – and easy to perpetrate.

• Email can be used to reach 250 million with a simple program and a CD-ROM with the email addresses.

• Example - The African businessman who offers to split a large sum of money (like, $20M) if he can only electronically wire it to your checking account. He also requires a (small) fee ($250.) wired to his account to bribe fellow country men. Your fee and your bank account are immediately seen to vanish.

• See: http://www.cnn.com/2000/TECH/computing/10/31/ftc.web.scams/

Internet Pyramid schemes

What is a Pyramid Scheme?• Pyramid schemes, also referred to as "chain referral", "binary

compensation" or "matrix marketing" schemes, are marketing and investment frauds which reward participants for inducing other people to join the program. Ponzi schemes, by contrast, operate strictly by paying earlier investors with money deposited by later investors without the emphasis on recruitment or awareness of participation structure.

• Pyramid schemes focus on the exchange of money and recruitment. At the heart of each pyramid scheme there is typically a representation that new participants can recoup their original investments by inducing two or more prospects to make the same investment.

• For each person you bring in you are promised future monetary rewards or bonuses based on your advancement up the structure. Over time, the hierarchy of participants resembles a pyramid as newer, larger layers of participants join the established structure at the bottom.

Source: http://www.crimes-of-persuasion.com/Crimes/Delivered/pyramids.htm

Internet Pyramid schemes (more)

• They say you will have to do "little or no work because the people below you will". You should be aware that the actual business of sales and supervision is hard work. So if everyone is doing little or no work, how successful can a venture be? Too good to be true!

• The marketing of a product or service, if done at all, is only of secondary importance in an attempt to evade prosecution or to provide a corporate substance. Often there is not even an established market for the products so the "sale" of such merchandise, newsletters or services is used as a front for transactions which occur only among and between the operation's distributors.

• Therefore, your earning potential depends primarily on how many people you sign up, not how much merchandise is sold.

• When the Pyramid gets too big, the whole scheme collapses and the people who lose are the people at the bottom.

Internet Pyramid schemes (more)

• Pyramid schemes are not the same as Ponzi schemes which operate under false pretences about how your money is being invested and normally benefit only a central company or person along with possibly a few early participants who become unwitting shills.

• Pyramid schemes involve a hierarchy of investors who participate in the growth of the structure with profits distributed according to one's position within the promotional hierarchy based on active recruitment of additional participants.

• Both are fraudulent, because they induce an investment with no intention of using the funds as stated to the investor.

Email Fraud

Fraud has existed perhaps as long or longer than money. Any new sociological change can engender new forms of fraud, or other crime.

Source: http://en.wikipedia.org/wiki/Email_fraud

Email Fraud

• Almost as soon as e-mail became widely used, it began to be used to defraud people via E-mail fraud.

• E-mail fraud can take the form of a "con game" or scam.

• Confidence tricks tend to exploit the inherent greed and dishonesty of their victims: the prospect of a 'bargain' or 'something for nothing' can be very tempting.

• E-mail fraud, as with other 'bunco schemes' relies on naive individuals who put their confidence in get-rich-quick schemes such as 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud. (Including E-Mail fraud!)

Avoiding e-mail fraud

E-mail fraud may be avoided by:• Keeping one's e-mail address as secret as possible, • Ignoring unsolicited e-mails of all types, simply deleting

them, • Not giving in to greed, since greed is the element that

allows one to be 'hooked‘, and • If you have been defrauded, report it to law enforcement

authorities -- many frauds go unreported, due to shame, guilty feelings or embarrassment.

Identity Theft on the Internet

Identity theft involves finding out the user’s personal information and then using it commit fraud and other crimes.

Identity Theft

“But he that filches from me my good name

Robs me of that which not enriches him

And makes me poor indeed." - Shakespeare, Othello, Act III. Scene III.

What is Identity Theft?

• A Federal crime where someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.

• In 2004, almost 250,000 claims of Identity Theft within the US alone (1:1000)

• More than $500 million in reported losses

Source: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf

Categories of Identity Theft

According to the non-profit Identity Theft Resource Center, identity theft is "sub-divided into four categories:

1. Financial Identity Theft (using another's name and SSN to obtain goods and services),

2. Criminal Identity Theft (posing as another when apprehended for a crime),

3. Identity Cloning (using another's information to assume his or her identity in daily life) and

4. Business/Commercial Identity Theft (using another's business name to obtain credit)."

Source: http://en.wikipedia.org/wiki/Identity_theft

Tiger Woods

“A man who used Tiger Woods' identity to steal $17,000 worth of goods was sentenced to 200 years-to-life in prison.

Anthony Lemar Taylor was convicted of falsely obtaining a driver's license using the name Eldrick T. Woods, Woods' Social Security number and his birth date.

Though he looks nothing like golf's best player, the 30-year-old Taylor then used the false identification and credit cards to buy a 70-inch TV, stereos and a used luxury car between August 1998 and August 1999.

Judge Michael Virga gave Taylor the maximum sentence under California's three-strikes law...”

Identity Theft by Age

% of Claims

Under18

18-29 30-39 40-49 50-59 60+

Claims by Age in 2004

Souce: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf

Identity Theft

• Identity Theft – the acquiring of personal and financial information about a person for criminal purposes.

• Your Social Security Number, credit card numbers, and passwords on your machine can be used to gain information about you from the web sources.

• Once the information is gained it is used to charge large amounts for plane tickets, etc.

• The criminal can also assume your identity for fraud and terrorism.• Some rings communicate data gathered to accomplices in other

countries where the fraudulent charges are actually made.• It can take up to 18 months and thousands of dollars to restore

your credit.

See http://www.newsfactor.com/perl/story/15965.html

The role of private industry and government in identity theft

Techniques for obtaining information

Low Tech – Social Engineering• Stealing (snail) mail or rummaging through rubbish (dumpster diving) • Eavesdropping on public transactions to obtain personal data (

shoulder surfing) • Obtaining castings of fingers for falsifying fingerprint identificationHigh Tech – Internet Approaches• Stealing personal information in computer databases [Trojan horses,

hacking] – Including theft of laptops with personal data loaded.• The infiltration of organizations that store large amounts of personal

information • Impersonating a trusted organization in an electronic communication (

phishing) . • Spam (electronic): Some, if not all spam entices you to respond to

alleged contests, enter into "Good Deals", etc. • Browsing social network (MySpace, Facebook, Bebo etc) sites, online

for personal details that have been posted by users in public domains.

Soruce: http://en.wikipedia.org/wiki/Identity_theft

What is Pharming?

Pharming is the exploitation of a vulnerability in the DNS server software that allows a hacker to acquire the Domain Name for a site, and to redirect traffic from that website to another web site.

DNS servers are the machines responsible for resolving internet names into their real Internet Protocol (IP) addresses - the "signposts" of the internet. (e.g., Good_Stuff.com will translate to an address like 152 145 72 30 – i.e. four groups of base 8 (octal) numbers in IP version 4 (IPv4) or eight groups in base 16 (hex) in IP version 6 (IPv6). The Internet has thousands of DNS servers – each one a target for determined hackers.

Phishing

What is Phishing?– Using email or web sites to look like authentic

corporate communications and web sites to trick people into giving personal and financial information.

– FBI sees this a fast growing form of fraud and can lead to theft of identity.

See http://www.crimes-of-persuasion.com/Crimes/Delivered/internet.htm

What is Phishing?

phishing (also known as carding and spoofing)n.

1. The act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message).

Source: http://en.wikipedia.org/wiki/Phishing

Phishing Example

Register for eBay Dear valued customer Need Help?

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 3-4 days, after this period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.

Regards, Safeharbor Department eBay, Inc The eBay team.

This is an automatic message. Please do not reply.

From: eBay Billing Department <aw-confirm@ebay.com> To: you@uml.eduSubject: Important Notification

Source: http://en.wikipedia.org/wiki/Phishing

This link points to a bogus site that often will infect and attempt to corrupt or steal data from your computer or to coerce you into divulging private information whenYou access it.

Spoofing

• E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. Many, if not most, instances of e-mail fraud use at least minimal spoofing, as most frauds are clearly criminal acts. Criminals typically try to avoid easy traceability.

Methods to Steal an Identity

• TCP Spoofing– Establish a fake session and act to the user like the real

application the user thought was connected. – Can be done by substituting valid access software with

“hacked” software after compromising a host or server machine

• DNS Spoofing– Mentioned previously– Substitutes a fake IP address for the real one in the DNS table

• Typo Squatting (e.g. www.goolge.com)– Set up a real web site with URL that represents common typo.

Make site look enough like real one and try to get passwords, ID, etc.

– Similar to phishing, but the “phish” catches himself!

Internet and Security

The Internet is a paradox like almost everything in modern society. It offers many benefits yet it also opens us to a variety of evils. It is a tool to leverage the power of advanced computing – for good OR evil.

What is computer security?

computer security

1. The systematic methods and procedures employed to protect information assets on computer systems to protect against intentional and unintentional use, modification, deletion, manipulation, access, or corruption.

What is malware?

• malware (mal´wãr) (n.) Short for malicious software, software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.

Source:: http://www.webopedia.com/TERM/m/malware.html

As we explore the Internet we must also protect ourselves from evil

• First we must make sure our computer is secure or at least that we make difficult for trespassers and other evil doers to enter it and attack it.

• Second we must secure our browsers and email system.

• Third we must protect our network portal and our communications.

• Finally we must prepare to be attacked and have a plan for minimizing the damage.

Cartoon Source: http://www.offthemarkcartoons.com/cartoons/2002-12-21.gif

What is a virus?

1. A self-replicating software program that spreads by inserting copies of itself into other executable code or documents.

Source: www.wikipedia.org

Annual Cost of Viruses to Businesses

$ in Billions

2001 2002 2003

Virus Cost to Businesses

What is a Trojan Horse?Trojan horsen.1. A malicious program that is disguised as legitimate software.Trojan horses can

– Erase or overwrite data on a computer, – Corrupt files in a subtle way, – Spread other malware, – Set up networks of zombie computers (subverted to execute

commands of the hacker instead of your programs) in order to launch DDoS (Distributed Denial of Service) attacks or send spam,

– Spy on the user of a computer and covertly report data like browsing habits to other people,

– Log keystrokes to steal information such as passwords and credit card numbers,

– Phish for bank or other account details, which can be used for criminal activities, or

– Install a backdoor on a computer system to facilitate future hacking.

• A “Trojan horse” program may force your computer to do any or all of these things without your knowledge!• Individuals have actually been prosecuted for actions committed by their computer while under control of a Trojan horse.

What are worms?

worm n.

1. A self-replicating piece of code that uses security lapses to travel from machine to machine, placing copies of itself everywhere and then using those newly compromised machines as bases to attack further systems. – The worm is the chunk of code that does the traveling

and implanting. Hackers attach other malware to the worm which then carries it along.

Source: www.nndb.com

Famous Worms

Name/Date Comment Est. Cost

Melissa 3/26/1999 $1.1B

NIMDA 9/2001 $645M

Sobig 1/2003 Variant Sobig.f used its own SMTP (Simple Mail Transfer Protocol) to email from user address to others in user’s addressbook. Largest vol. of emails.

$36.1B

Source: Computer Worms: Past, Present, and Future, Craig Fosnock (CISSP, MCSE, CNE) East Carolina University

Famous Worms (continued)Name/Date Comment Est. Cost

Mydoom Appearing January 26, 2004

and primarily transmitted via E-mail to

appear as a transmission error.

• Mydoom’s becomes the fastest spreading email worm ever.

•It slowed overall Internet performance by about 10%, and average web page load times by about 50%.

$38.5 B

Witty Appearing March 19, 2004,

•was the fastest developed worm to date as there was only 36 hours after the release of the advisory to the released virus.

• Witty infected the entire exposed population of twelve thousand machines in 45 minutes, and

• it was the first worm that destroyed the hosts infected (by randomly erasing a section of the hard drive)

$11 million

Early Viruses

• Brain Virus from Pakistan (1986)– First PC virus– Affected only certain types of floppy drives

• Dark Avenger.1800 virus (1989)– Written in Sophia, Bulgaria.– Posed the first international virus threat.– Used anti-virus software to spread.

• Michelangelo (1992)– 5 million systems were predicted to be affected.– Only 10,000 systems were ever infected.– A boon for anti-virus software companies.

Source: http://www.research.ibm.com/antivirus/timeline.htm

Trojan Horses

• These actions range from harmless messages to destruction of user files, denial of service, or stealing personal data.

• Lately hackers have taken over thousands of computers to launch attacks on other sites (using Trojan horse techniques).

What is a rootkit?

• A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection.

• It enables an attacker to have "root" access to the computer, which means it runs at the lowest level of the machine.

• A rootkit typically intercepts common API calls so antivirus scans never see the rootkit programs.

What’s a Wabbit?

wabbitn.1. A program that replicates itself on a computer but does not touch other documents or executables. It is not spread through the Internet. It makes so many copies of a program that the computer cannot even start the program that would allow the user to terminate the wabbit program.

What’s a backdoor?

• Code that allows access of the computer through O/S or application.

• In some cases this is intentional and in others it’s a bug. In any case it is a dangerous problem and requires that the user get the latest patches to the O/S and applications.

Source: http://cluestick.me.uk/burrow/gallery/cartoons/

Malware Detection

• Norton Anti-Virus

• McAfee Anti-Virus

• Panda Software

Software designed to spy on you

1. Adware 2. Spyware

What is Adware?

• Adware or advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used.

• Adware programs other than spyware do not invisibly collect and upload this activity record or personal information when the user of the computer has not expected or approved of the transfer, but some vendors of adware maintain that their application which does this is not also spyware, due to disclosure of program activities: for example, a product vendor may indicate that since somewhere in the product's Terms of Use, there is a clause that third-party software will be included that may collect and may report on computer use, that this Terms of Use disclosure means the product is just adware.

http://en.wikipedia.org/wiki/Adware

What are Popup ads?

• A popup, is a new browser window, usually with ad content, that opens over your current one.

• A popunder, which is supposedly less annoying, is a new browser window that opens (duh) under the current one.

• A popover (also known as an overlay) is an animated graphic that doesn't have a window in the usual sense but rather materializes on top of the current window.

• Sometimes popovers have a click-the-X box that enables you to get rid of them; others don't (or carefully disguise it) and you have to wait till they go away on their own.

• Interstitial ads appear after you click on a hyperlink, but before you get to the page you actually want.

• Rich media refers to fancy, often interactive, animated graphics that move around the page, etc. Rich media is the hot trend in online advertising since it's difficult to ignore; it typically makes use of a technology aptly called Flash. Flash is often used for popovers.

http://www.straightdope.com/columns/041015.html

Spyware

• Spyware – software that gathers information about a person or computer without permission or knowledge.

• Once loaded unto a computer sends data back to the site that launched them.

• Can be very dangerous and used in identity theft and other forms of fraud.

• Can make your computer appear to be slow and unresponsive.

What is spyware?

spyware n.1. a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. Unlike viruses, it does not usually self-replicate. Spyware is designed to exploit infected computers for the commercial gain of third parties. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

As of 2005, spyware affects only computers running Microsoft Windows. There have been no reported observations of spyware for Mac OS X, Linux, or other platforms

What does Spyware/Malware specifically do to my computer?

Malware will perform a variety of nasty activities, ranging from simple email advertising all the way to complex identity-theft and password-stealing. New nasty functions are created every week by malware programmers, but the most common malware functions are:

– Malware steals your personal information and address book (identity theft and keystroke-logging).

– Malware floods your browser with pop-up advertising.

– Malware spams your inbox with advertising email.

– Malware slows down your connection.

– Malware hijacks your browser and redirects you to an advertising or a phishing-con web page.

– Malware uses your computer as a secret server to broadcast pornography files.

– Malware slows down or crashes your computer.

How to prevent / detect spyware

• Adaware– www.lavasoft

• WebRoot’s SpySweeper– www.WebRoot.com

• Spy Bot• Spyware Doctor• HijackThis• Microsoft Anti Spyware Beta

– http://www.microsoft.com/athome/security/spyware/software/default.mspx

What are cookies?

cookiesn.1. Small data files written to your hard drive by some Web sites when you view them in your browser. These data files contain information the site can use to track such things as passwords, lists of pages you've visited, and the date when you last looked at a certain page.

Source: http://www.cnet.com/Resources/Info/Glossary/Terms/cookie.htmlSource: http://sarahmorgan73.tripod.com/pers.html

Cookies can serve a useful purpose

• Cookies can be useful. In general web pages are stateless, i.e. they do not remember material from one page in a site to another. For instance, a cookie allows e-commerce to create a market basket of items of things your are ordering while you are shopping through the site’s online catalogue.

• It also allows sites to remember you from after you log in to a site. Thus if you are a distance learning student it will remember the pages you visited and the answers you gave to questions.

DoubleClick and other cookie exploiters

• DoubleClick is an aggressive tracking tool. In general a cookie can only be opened by the site that created it. DoubleClick sets its cookies through its ads on the downloaded page. Because its cookie contains the page which contained the ad the cookies will report the sites that you visit with DoubleClick ads. Thus it can track you from site to site.

Earthlink SpyAudit Report

• 4,610,738 computers scanned

• 769,330 Trojan Horses were detected

• 24,395,256 Spyware programs were detected

• 90,594,556 Sypware cookies were detected.

Wireless Dangers

• War Driving

• Virtual Intrusion

• Other means

• Security Measures

Wardriving

• Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA. It is similar to using a radio scanner, or to the ham radio practice of DXing.

• Connecting to the network and using its services without explicit authorization is referred to as piggybacking.

Source: http://en.wikipedia.org/wiki/War_driving

More Serious Internet Age Problems

Cyber Bullying

Cyber bullying is a controversial area of Internet abuse.

Cyber-Bullying

• Cyberbullying is willful and involves recurring or repeated harm inflicted through the medium of electronic text, such as e-mail or instant messaging are just two ways but cyber bullying can occur in any way if it is on the internet.

• According to R.B. Standler[1]bullying intends to cause emotional distress and has no legitimate purpose to the choice of communications.

Source: http://en.wikipedia.org/wiki/Cyber-bullying

Cyber-Bullying (More)

• Cyberbullying can be as simple as continuing to send e-mail to someone who has said they want no further contact with the sender.

• Cyberbullying may also include threats, sexual remarks, pejorative labels (i.e., hate speech).

• Cyber-bullies may publish personal contact information for their victims at websites. They may attempt to assume the identity of a victim for the purpose of publishing material in their name that defames or ridicules them.

Online Crimes against persons -- by rapists, pedophiles, etc.

Because of the nature of online cyber relationships it is often the case that criminals can gain the confidence of lonely vulnerable people. Pedophiles in particular use it to attract and lure children into meetings for sex, pornography, and abduction.

The Dark Side of Craigslist and Social Networks -- Cyber Crime

Craigslist

• Craigslist is a centralized network of online communities, featuring free online classified advertisements – with sections devoted to jobs, housing, personals, for sale, services, community, gigs, résumés, and discussion forums.

• Craig Newmark began the service in 1995 as an email distribution list of friends, featuring local events in the San Francisco Bay Area, before becoming a web-based service in 1996.

• Craigslist has a business model of free or low cost ads that attacks one major leg of the newspaper of revenue.

http://en.wikipedia.org/wiki/Craigs_list

Craigslist Crimes and Controversies

• The Erotic Section has been the source of controversy and crime, Prostitution, sex crimes, and even murder (Craigslist murderer in spring 2009)

• Major state and cities have begun criminal and civil legal proceedings to address the issue.

Danger of children using Social Networks

7 Deadly Sins of Social Networks

Spammers attacks in Social Networks:1. Dating spam – a personal message, often from a woman, to a male social network user inviting them to start a romantic relationship. Once contact is secured, this attack proceeds in much the same way as bride email scams;

2. Profile and IM lures – spammers act as legitimate friends or potential new friends interested in getting to know the user in order to lure them to a fake profile page or Instant Messenger conversation;

3. Redirection to inappropriate or dangerous websites – a message is sent to a user, warning them that photographs or rumors about them have been posted on an external site and urging them to go to the site to view;

http://www.crime-research.org/news/02.27.2009/3720/

7 Deadly Sins (More)

4. Nigerian attacks – similarly to Nigerian 419 spam traditionally seen over email, social networking users are targeted with messages alerting them to a fake inheritance or access to a rich stranger’s fortune;

5. Fake jobs – sending personal messages or wall posts, spammers, posing as an employer, offer social network users fantastic job opportunities in order to spark conversation that will allow an avenue for further spam, phishing, malware or scams;

6. Competitor social network lure – invitations that seem to be from legitimate friends are sent to users via wall posts or personal messages urging them to visit virtually unknown social networking sites;

7. Religious based spam – spammers use social networking sites to preach to, and attempt to proselytize, users for various religions.

Social Networking Sites Help Combat Crime

• http://cbs4denver.com/consumer/facebook.myspace.social.2.958939.html

Crimes against commercial and government web sites and servers

• Denial of service• Stealing credit card and other data• Industrial espionage• Blackmail and protection

What are Denial of Service (DOS) Attacks?

DoS attack Short for denial-of-service attack, a type of attack

on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers.

Source: http://www.webopedia.com/TERM/D/DoS_attack.html

What are Denial of Service Attacks?

denial of servicen.1. An attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.

Examples– Teardrop attack

• The attacker floods the victim with improperly formatted packets.

– Synflood Attack• The attacker simulates many users starting requests for data but not completing

the request. The victim is stuck waiting for the attacker to complete the requests.

Distributed Denial Of Service (DDOS) Attacks

DDOS – Short for Distributed Denial of Service, it is an attack where multiple compromised systems (which are usually infected with a Trojan Horse) are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

The DDOS normally has a primary infected computer called a master that infects the other computers called ‘slaves’ or ‘zombies’. The attacker then commands the computers to start sending useless messages to the targeted web site.

Source: http://sbc.webopedia.com/TERM/D/DDoS_attack.html

Stealing Credit Card and other data from Corporations and Government

Gaining access to information of a personal or sensitive nature from government, private industry, hospitals, etc. is almost too easy

Loss of data through poor process

• Credit card and similar data has been compromised through human error and/or failure to create a secure process or method to store or transmit data, e.g. Dana Farber sends patient data to the wrong fax number.

• Failure to screen personnel for character or criminal background.

• Failure to train All the personnel in need for security and secure processes.

Attacking the vast amount of information distributed thought out the organization

• The advent of laptops and multi-GB portable storage devices create an environment for disclosure of thousands if not millions of credit card and social security numbers and other person record files.

• Government and private industry laptops stolen or lost at airports, etc. that contain unsecured (unencrypted) personal records have resulted in massive identity thefts, and/or corporate sensitive or government classified breaches.

• Internet rings sell the data to credit card and document forgers who in turn sell them to the criminal who uses the credit card or ID.

• The crimes may involve fraud, illegal aliens, terrorists, etc.

Hacking the corporate databases

Over the last decade the corporation has begun acquiring millions of bytes on each and everyone of us – this is done in numerous ways:

1. So called loyalty cards (those pieces of plastic that hang off your key chain).

2. Credit card purchases and retail store charge cards which can be used to expose your SSN, driver’s license, etc.

3. Internet e-commerce application including tracking cookies,• This massive amount of personal data leads to data mining and

other marketing techniques to target individual groups with specific ads and products.

• Increasingly these massive data sources are tempting targets for sophisticated hacker gangs and making the acquiring and storage of this data a massive liability for the corporation.

• These gangs use the Internet to carry out their attacks and often do it from sites that make prosecution difficult if not impossible.

Hacking Corporate Data

Material Source: http://online.wsj.com/article_email/article_print/SB117824446226991797.html

The TJX Corp. -- A cautionary tale

• TJX is a local firm that includes Marshalls, TJ Maxx, etc. announced in Jan, 2007 that its 45 Million customers credit cards and personal data (SNN, drivers lic., etc) had been compromised over a two year period.

• This theft of information has caused banks to issue new credit and debit cards to these customers and have resulted in lawsuits and goodwill losses to TJX that will cost $B.

• It is estimated that it cost the banks $300M to replace the cards and TJX estimates $20M in fraudulent charges.

Material Source: http://online.wsj.com/article_email/article_print/SB117824446226991797.html

How did it happen?• WSJ reports that the source of the theft was a wireless hack

in Minn. • Wireless networks entered retail store IT in 2000.• Wireless Equivalent Privacy (WEP) security encryption was

replaced when security experts breached several retail chains.

• WI-FI Protected Access (WAP) is a more complex encryption adopted by some retailers but only slowly by TJX

• Hand held devices used in pricing and inventory control that communicate to store computers were hacked.

• Once the codes were broken the hackers advanced to attacking the headquarters computer databases (Framingham MA) by capturing employee userids and passwords.

The Hackers

• The so called, “Bonny and Clyde”, hackers break in with a quick attack and often leave clues and other artifacts behind that signal the their presence.

• TJX was the hallmark of Russian and eastern European gangs that scout for the weakest link in the security and with careful planning attack it.

How did work?

• Based on some recent arrests it appears that an eastern European gang penetrated TJX and then bundled the credit card data and personal data into 10,000 IDs and then sold them over the Internet.

• Gangs who purchased the data such as happened in Florida then created credit cards and IDs and used them to purchase gift cards and other expensive items.

• One woman found her Bank of Am card with $45,000 in fraudulent charges (repeated $450 gift card purchases).

The Second Act

It is said that in America there are no second acts. But recently the gang that brought you TJX is accused of a new theft involving over 130 M credit and debit cards.

Albert Gonzales

• Albert Gonzalez, a Miami hacker who once worked as a government mole tracking down identity thieves, is accused of playing a critical role in all the largest credit-card heists on record.

• He was previously charged in other computer break-ins, most significantly at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, in which as many as 100 million accounts were lifted.

Source: http://www.google.com/hostednews/ap/article/ALeqM5ij90CNbObER0IXLNLq8vHFEd9PJQD9A5HEK83

Summer 2009 -- The Second Act

Justice Department says he helped steal:

• 130 million card numbers from payment processor Heartland Payment Systems,

• 4.2 million card numbers from East Coast grocery chain Hannaford Bros. and

• An undetermined number of cards from 7-Eleven.

Gonzalez is in jail and awaiting trial in New York for allegedly helping to hack the computer network of the Dave and Buster's restaurant chain.

The Awful Bad News

• The underlying security holes mined by the hackers still exist in many payment networks.

• The fact that hundreds of millions of card numbers could be stolen from retailers illustrates the flaws in a payment system that's built more for speed than security.

• Gonzalez and his associates exploited vulnerabilities that remain widespread.

Prosecution of Hackers outside US is Difficult

• Ori Eisen, founder of Scottsdale, Ariz.-based security firm 41st Parameter and previously worldwide fraud director for American Express, noted that Gonzalez is "most likely not the kingpin.

• The kingpin would not risk being in the United States. They operate out of the Ukraine or Russia, and they're former militants or ex-KGB who know their way around just enough not to get caught."

Privacy and Security References

• Holtzman, D,“Privacy lost : how technology is endangering your privacy”, Jossey-Bass, (2006).

The Internet and the law

Dark side of the Internet and the law

CAN SPAM Law of 2003

CAN-SPAM Act of 2003 (Pub. L. 108-187, S. 877)• The Controlling the Assault of Non-Solicited

Pornography and Marketing Act requires unsolicited commercial e-mail messages to be labeled (though not by a standard method) and to include opt-out instructions and the sender's physical address. It prohibits the use of deceptive subject lines and false headers in such messages. The FTC is authorized (but not required) to establish a "do-not-email" registry. State laws that require labels on unsolicited commercial e-mail or prohibit such messages entirely are pre-empted, although provisions merely addressing falsity and deception would remain in place. The CAN-SPAM Act took effect on January 1, 2004.

Cyber-Warfare

Cyber-Warfare uses computers and the Internet to wage war. This mode of warfare is being used in hot and cold wars as well as by both sides of in the war on terrorism.

Source for Cyber Warfare : http://en.wikipedia.org/wiki/Cyber-warfare

An Electronic Pearl Harbor

“It may even be unclear what constitutes an act of war. If U.S. satellites suddenly go blind and the telephone network on the eastern seaboard goes down, it is possible that the United States could not even identify the enemy. Its strategic stockpile of weapons would be of little use. There would be no big factory to bomb -- only a person somewhere writing software. The possibility of an electronic Pearl Harbor has sparked a debate on how to counter the threat.”

Source: “Bits, bytes, and diplomacy” Walter Wriston (Foreign Affairs, Sept-Oct 1997 v76 n5 p172(11)

Types of attacks

There are several methods of attack in cyber-warfare, this list is ranked in order of mildest to most severe.

• Web vandalism: Attacks that deface webpages, or denial-of-service attacks. This is normally swiftly combated and of little harm.

• Propaganda: Political messages can be spread through or to anyone with access to the internet.

• Gathering data. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world.

• Denial-of-Service Attacks: Large numbers of computers in one country launch a DoS attack against systems in another country.

• Equipment disruption: Military activities that use computers and satellites for co-ordination are at risk from this type of attack. Orders and communications can be intercepted or replaced, putting soldiers at risk.

• Attacking critical infrastructure: Power, water, fuel, communications, commercial and transportation are all vulnerable to a cyber attack

Cyber-Warfare -- Major Powers

• September, 2007 the Pentagon and several European organizations reported penetration by hackers from China reported to be Peoples Liberation Army (PLA). In diplomatic meetings with Germany, Great Britain, and the US, China claimed that it was not responsible for the attacks.

• The US has been under attack by Chinese and Russian hackers for the last several years for details see: – Titan Rain -- http://en.wikipedia.org/wiki/Titan_Rain, and – Moonlight Maze -- http://en.wikipedia.org/wiki/Moonlight_Maze

Eligible Receiver

• Eligible Receiver, code name of a 1997 internal exercise initiated by the Department of Defense.

• A "red team" of hackers from the National Security Agency (NSA) was organized to infiltrate the Pentagon systems.

• The red team was only allowed to use publicly available computer equipment and hacking software.

• Although many details about Eligible Receiver are still classified, it is known that the red team was able to infiltrate and take control of the Pacific command center computers, as well as power grids and 911 systems in nine major U.S. cities.

Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/hamre.html

Moonlight Maze

• Moonlight Maze refers to a highly classified incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at the Pentagon, NASA, Energy Department, private universities, and research labs.

• It began in March 1998 and had been going on for nearly two years.

• The invaders were systematically marauding through tens of thousands of files -- including maps of military installations, troop configurations and military hardware designs.

• The Defense Department traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement.

Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings/#maze

Titan Rain

• In 2005 a cyber attack, code named, Titan Rain was exposed. It was targeted at military and secret government sites world wide.

• Using computer forensics techniques and hacking into the offending systems, Shawn Carpenter was able to use the compromised systems against themselves and find the actual origin of the attacks. Doing things that official government agents could not, he determined that the root of the attacks was inside China.

Source: http://www.time.com/time/printout/0,8816,1098961,00.html

Estonia -- Perhaps the First 21st Century Cyber-Warfare Attack

• May 17, 2007 saw a Distributed Denial of Service (DDOS) attack on Estonia.

• Prior to the attack the Estonian government removed the "Bronze Soldier", a Russian war monument from the center of Tallinn to a cemetery.

• The DDOS attacks were aimed at the banking, government, and major economic uses of the Internet.

• The Estonian government blamed the Russian government for the attack

The Estonia DDOS Attack

• The attacks whether organized by or sanctioned by the Russian government drew the attention and assistance of the US, NATO, and European nations.

• The attack is thought to involve rented networks of zombie computers and millions of other computers infected with a bot program to attack fundamental institutions of the Estonian government and economy.

China Presents Unique Resources

• High Tech and skilled programmers

• As the manufacturer of computer hardware, software, and other critical electronic components that could have Trojan horse and other programs that would be difficult to detect and remove.

• A Chinese general has stated that China would attack the US communication and electrical networks before starting an attack.

United States Reorganizes the Military

• On Sept. 18, 2007 the United States Air Force announced the creation of a Cyber Command.

• One of the problems has been that military people did not perceive the threat in manner as real war, i.e. – “Software does not kill, bullets do”.

President Obama creates a cyber security czar

Attacking the Critical Infrastructure

The US has not been an agrarian society for two centuries, and in the 21st century we now are highly dependent on an inter-connected system of networks for the goods and services that sustain us.

Includes slides from: http://www.infragard.net/library/congress_05/drinking_water/drinking_water_threats.ppt

• InfrastructureInfrastructureThe framework of interdependent The framework of interdependent

networks and systems that networks and systems that provides a continual flow of goods provides a continual flow of goods and services essential to the and services essential to the defense and economic security of defense and economic security of the United Statesthe United States

The Nation’s Infrastructure is a Complex “System of Systems”

• Critical National Critical National InfrastructuresInfrastructures

Infrastructures that are deemed to Infrastructures that are deemed to be so vital that their incapacity or be so vital that their incapacity or destruction would have a destruction would have a debilitating regional or national debilitating regional or national impact or would severely disrupt impact or would severely disrupt the behavior and activities of large the behavior and activities of large numbers of people who depend numbers of people who depend upon the infrastructureupon the infrastructure

The National Infrastructure Protection Plan defines 17 Sectors and Key Resources

Most of the U.S. Infrastructure is privately owned

• Agriculture & Food• Banking and Finance• Chemical & Hazardous Materials

Industry• Defense Industrial Base• Energy• Emergency Services• Information Technology• Telecommunications

• Postal & Shipping• Public Health• Transportation• Water• National Monuments and Icons• Commercial Assets• Government Facilities• Dams• Nuclear Power Plants

U.S. Critical Infrastructure Protection Challenge

• 1,912,000 Farms• 87,000 food-processing plants• 5,800 registered hospitals• 87,000 emergency services

entities• 2 billion miles of telecomm

cable• 2,800 electric power plants• 104 commercial nuclear

power plants• 300,000 oil and natural gas

sites• 460 skyscrapers

• …

• 5,000 public airports• 120,000 miles of major

railroads• 590,000 highway bridges• 2,000,000 miles of pipelines• 500 urban public transit

systems• 26,600 banks & financial

institutions• 66,000 chemical plants• 80,000 dams• 3,000 federal government

facilities• …

The threat is real!

• Unstructured adversaries– Cracker, hacker, script-kiddie– Competitors– Criminals

• Structured adversaries– Terrorists, hactivists (hacker-activist)– Organized crime– Foreign nations

• Insiders– Witting– Unwitting– Half-witting (You can’t fix “stupid”)

Source: http://www.iti.uiuc.edu/events/2005_09_15_Jeff_Dagle.pdf

Three levels of “Terrorist”• Independent• Supported• Foreign agent

A “System of Systems” Perspective Is Needed for Analyzing Infrastructure Interdependencies

Production, Cooling, Emissions Reduction

Water for

Power for

Switches

Power for Pumping Stations, Storage, Control Systems

SCADA, Communications

SCADA,

CommunicationsSC

sFuel for Generators,

Lubricants

Fuels, Lubricants

Water for Cooling

Fuel Transport,Shipping

FuelTransport, Shipping

Shipping

Power forSignaling,Switches

Fuel for Generators

Transpor-tationOil

Telecom

Power for Pump and Lift Stations,Control Systems

Water for

Cooling,

Emissions

Reduction

Power for Compressors,

Storage, Control

Systems

Fuel for

Generators

NaturalGasElectric

Types of Threats / Means of Attack

Homeland SecurityHomeland SecurityStrategic ObjectivesStrategic Objectives

“Targets”and

Vulnerabilities

Nuclear Weapon/ExplosiveRadiological Dispersal Device

Biological Weapon/MaterialChemical Weapon/Material

Conventional ExplosivePhysical Force

Cyber MeansInsider

Emerging Threats…

Prevent Attacks

Reduce Vulnerability

Minimize Damage & Recover

Energy

Info &

Telecomm

Public H

Transporta

FoodBanking &

Finance

Complex Interdependencies

Attacking the nation’s networks

• While DDoS can be used to attack government and economic sites it is not a long term crippling attack.

• Attacking the communication, energy (pipelines), and transportation networks can provide devastating damage to the economy, crippling to the military, and demoralizing to the population.

• Supervisory Control and Data Acquisition (SCADA) system is the Achilles' heel of the above networks.

SCADA attacks

• SCADA was designed for automated plant process control. Its original design did not envision its use over the Internet and/or security.

• SCADA was adopted by electrical grids, pipelines, and transportation networks.

• The Idaho National Laboratory prepared the demonstration, in March 2007,for the U.S. Department of Homeland Security (DHS). The simulated attack took advantage of a known SCADA software vulnerability and showed how a motor-generator could be driven into failure.

Source: http://www.pcworld.com/article/id,137845-c,networksecurity/article.html

More Technical Information

• SCADA Security:

• http://www.uoregon.edu/~joe/scada/SCADA-security.ppt

• http://www.esisac.com

The Bellingham WA June 10, 1999

Gasoline Pipeline Rupture and Fire…

El Paso Natural Gas 30” Pipeline Rupture and Fire Near Carlsbad NM, August 19, 2000

The Boden Incident Wasn’t Unusual… Wireless Network Porosity Is Common

• ‘Paul Blomgren […] measures control system vulnerabilities. Last year, his company assessed a large southwestern utility that serves about four million customers.“ Our people drove to a remote substation," he recalled. "Without leaving their vehicle, they noticed a wireless network antenna. They plugged in their wireless LAN cards, fired up their notebook computers, and connected to the system within five minutes because it wasn't using passwords. […] Within 15 minutes, they mapped every piece of equipment in the operational control network. Within 20 minutes, they were talking to the business network and had pulled off several business reports.’ http://www.memagazine.org/backissues/dec02/features/scadavs/scadavs.html

Cyber Warriors

Cyber Warrior – Richard A. Clarke

• Richard A. Clarke served 4 presidents. A highly controversial figure with over 30 years in anti- terrorism.

• He was the head of counter-terrorism under Clinton and was carried over to George W. Bush.

• He was outspoken on cyber-terrorism in the 90’s.

• He left government after 9-11 and has been highly critical of the Bush administration.

Cyber Warrior -- Shawn Carpenter

• Shawn worked on tracking down the Chinese connection to the Titan Rain.

• He hunted them despite being pulled off the trail by his government lab employer and he eventually got fired. The FBI used him and encouraged him to track but later turned on him.

• The Chinese did not cooperate as is normal for private hackers.

• The red tape showed the difficulty of counter-cyberwarfare.

Source: http://www.time.com/time/printout/0,8816,1098961,00.html

Cyber Warfare/Terrorism References

• Alexander, Y and Swetnam, M, “Cyber Terrorism and Information Warfare: Threats and Responses” Transnational Pub, Inc. (2001)

• Branigan, S. , “High-Tech Crimes Revealed”, Addison Wesley, (2005).

• Chirillo, J., “Hack Attacks Encyclopedia”, John Wiley, (2001).• Clarke, R. A., “Against All Enemies”, Thorndike Press, (2004).• Verton, D, “Black Ice The Invisible Threat of Cyber-terrorism”,

McGraw Hill, (2003).• Weimann, G, “Terror on the Internet”, United States Institute of

Peace Press, (2006).• Winkler, I., “Spies Among Us”, Wiley, (2005).

Hackers

The term hacker goes back to early days of computers and originated with a group of computer students at MIT

Who are hackers?

hacker

1. A computer expert

2. A person that intentionally circumvents computer security systems (more often used by the media)

Hackers

• Hackers were originally those people with intense interest and computer skills.

• Hackers are now people who use their computer skills to break into secure computer sites, disrupt Internet communications, steal information, etc.

• In the early days of the transition hackers were sort of seen as teenage (mostly male) geeks who broke into sites and looked around.

• The world became less tolerant as the costs rose rapidly and the behavior is now seen as the work of terrorists and criminals.

Cracker or Black Hat

• For other uses, see Black hat (disambiguation).• A black hat is a person who compromises the security of

a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled.

• The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking.

Source: http://en.wikipedia.org/wiki/Black_hat

Script Kiddie

• In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own,[1] and that their objective is to try to impress their friends or gain credit in underground cracker communities.[1]

What is phone phreaking?

Phone Phreaks• The ``phone phreak'' (phreak for short) is a specific breed of hacker. A phreak is

someone who displays most of the characteristics of a hacker, but also has a specific interest in the phone system and the systems that support its operations. Additionally, most of the machines on the Internet, itself a piece of the Public Switched Network, are linked together through dedicated, commercial phone lines. A talented phreak is a threat to not only the phone system, but to the computer networks it supports.

• There are two advantages of attacking systems through the phone system. The first advantage is that, phone system attack are hard to trace. It is possible to make connections through multiple switching units or to use unlisted or unused phone numbers to confound a tracing effort. Also by being in the phone system, it is sometimes possible to monitor the phone company to see if a trace is initiated.

• The second advantage to using the phone system is that a sophisticated host machine is not needed to originate an attack nor is direct access to the network to which the target system is attached. A simple dumb terminal connected to a modem can be used to initiate an attack. Often, an attack consists of several hops, a procedure whereby one system is broken into and from that system another system is broken into, etc. This again makes tracing more difficult.

http://csrc.nist.gov/publications/nistir/threats/subsection3_4_3.html

Infamous Hackers

A Rogues Gallery of Hackers along with the damage to private industry, society, and government.

Stanley Mark Rifkin (Social Engineer)

• Rifkin in 1978 pulled off one of the largest bank thefts ever. Using social engineering to get bank information and codes he transferred $10.2 M from the Security Pacific Bank in LA to a Swiss bank account and then converted the funds to $8.2 M worth of Russian commercial diamonds.

Footnote – Rifkin returned to the US and believing that the diamonds could be sold at a profit attempted to sell them to local jewelry outlets for $13.2M. Working on a tip he was turned in.The bank after the trial believed that it could now sell the diamonds at a profit via auction. After a year of trying the bank sold them at greatly less than the original price.

Lesson – DIAMONDS are greatly over inflated in value and are a classic example of social engineering. Their value as an investment is highly doubtful.See

John Draper (a.k.a Cap’n Crunch)

• Used a Cap’n Crunch toy whistle to make unlimited free payphone calls.

• The whistle, unbeknownst to General Mills (the manufacturer of Cap’n Crunch) created a 2600 Hz tone.

• This frequency was the same used by phone technicians to test payphones and make free phone calls.

Ian Murphy

• Changed the internal clocks at AT&T.

• Impact: Phone bills were universally incorrect. Late night discounts were given to daytime users and late night users were subject to high bills.

• First hacker to go to jail.• Inspired the movie,

Sneakers

Robert Morris

• Son of chief scientist at the National Security Agency (NSA)

• In 1988, he wrote the first worm that was released to the public.

• He claimed he was trying to determine the size of the Internet.

• Affected 6,000 systems• 3 yrs probation• 400 hours of community

service• Fined $10,400.

Source: www.nndb.com

Erik Bloodaxe (a.k.a. Chris Goggans)

• Member of Legion of Doom

• Texas Hacker• Starts feud with

Masters of Deception.• Two year hacker war

ensues.• Telephone systems

and credit cards are the victims.

Vladimir Levin

• Hacked Citibank

• Stole $10 – 12 million

• Arrested in 1995.

• Fought extradition for two years

• 3 yrs in prison

• Had to return $240,015 to Citibank

David L. Smith

• Creator of “Melissa” virus

• The Melissa virus was named after a stripper and was send as an email attachment.

• Caught by hard work and luck

Ehud Tenebaum

• 18-year-old Israeli who created "the most organized and systematic attack the Pentagon has seen to date."

Kevin Mitnick

• Hacked– PACBell– The Pentagon– North American Air Defense

Command – MCI– Digital Equipment Co.– Nokia– Motorola– Novell– Fujitsu – NEC– Sun

• Prison Term: 5 yrs.• Fines: $4,000• Not allowed to touch a

computer for three years

Kevin Mitnick

• After being convicted and serving 4 yrs., he became a security professional.

• While the media portrayed him as a computer genius, he exploited human weakness through social engineering for his exploits

• See “Art of Deception” by K.D. Mitnick & Wm. L. Simon, Wily (2002). A compendium of cons for getting information including private, governmental, and corporate data and ways to prevent them.

Source: http://www.mccullagh.org/image/10d-9/kevin-mitnick.htmlShown at Los Vegas Def Con selling his services as a security professional

Hao Jinglong and Hao Jingwen

• Hacked– Commercial Bank

of China in 1999

• Stole: $87,000

• Hao Jinglong– Prison Term: Life

• Hao Jingwen– Death Penalty

Source: http://www.computerworld.com.au/index.php/id;1224861705;relcomp;1

Reomel Lamores

• Author of the Love Bug

• Damage caused to international businesses estimated at over $100 million

• Prison term: None

• Fine: $0

• Hacking is not a crime in the Phillipines

Adrian Lamo

• Homeless hacker who only performs intrusion analysis for free for large companies.

• Hacked into – MCI WorldCom– New York Times Co.– Microsoft– AOL Time Warner– CSC– NBC

• NYT pressed charges against him.

• 1 year home probation.

The Worcester Phreaker

Caused computer crash that disabled Massachusetts airportMarch 18, 1998Web posted at: 10:40 p.m. EST (0340 GMT) BOSTON (CNN) -- A Massachusetts teen hacker who disabled communications to the air traffic control tower at the Worcester, Massachusetts, airport in 1997 has become the first juvenile charged in federal court with computer hacking. The boy, whose age, identity and hometown have not been disclosed, has agreed to plead guilty in return for two years probation, a fine and community service, according to documents released Wednesday by the U.S. Department of Justice.

• On March 10, 1997, the unidentified hacker broke into a Bell Atlantic computer system, causing a crash that disabled the phone system at the airport for six hours.

• The crash of the switch knocked out phone service at the control tower, airport security, the airport fire department, the weather service, and carriers that use the airport. Also, the tower's main radio transmitter and another transmitter that activates runway lights were shut down, as well as a printer that controllers use to monitor flight progress.

http://www.cnn.com/TECH/computing/9803/18/juvenile.hacker/

Super Hacker

• Gary Mc Kinnon, is alleged to have hacked over 90 U.S. military computers and NASA before and after 9/11

• Looking for existence of UFOs and to prove inadequacies in US Security

• He supposedly stole 950 passwords from one military system and prevented naval email traffic being routed across the internet for a month.

• The US investigation was carried out with the aid of the UK's national hi-tech crime unit.

• He eventually could face a total of up to 70 years in a US jail.

http://www.superhacker.com/hacker.html

The criminal hacker as entrepreneur

• Jeanson James Ancheta, who prosecutors said was a well-known member of the "Botmaster Underground" -- a secret network of hackers skilled in "bot" attacks -- was arrested in November in what prosecutors said was the first such case of its kind.

• "He hijacked somewhere in the area of half a million computer systems. This not only affected computers like the one in your home, but it allowed him and others to orchestrate large scale attacks."

• Prosecutors say the case was unique because Ancheta was accused of profiting from his attacks by selling access to his "bot nets" to other hackers and planting adware, software that causes advertisements to pop up, into infected computers.

• He agreed to pay some $15,000 in restitution to the military facilities and forfeit the proceeds of his illicit activities, including more than $60,000 in cash, a BMW automobile and computer equipment.

Source: 'Botmaster' pleads guilty to computer crimesTue Jan 24, 2006 8:53 AM ET, Reuters

Emulex Corporation

• August 25, 2000 the media reported that Emulex was under investigation by the Securities and Exchange Commission for accounting fraud. In response to the investigation, the media further reported, the CEO would be stepping down.

• Within hours, Emulex had lost 62% of its value or $2.2 billion in market capitalization.

• By the end of the day, it was discovered that it was a hoax.

• Within a week, it was tracked to a community college student name Mark Jacob.

• Jakob had made over $250,000 by shorting the stock.

• Prison term: 3 yrs. 8 mos.• Fine: Forfeit all profits and $103,000

in punitive fines.

The Good Guys who track the hackers down

Clifford (Cliff) Stoll

• Astronomer and systems analyst.

• Tracked down, Markus Hess, a German hacker working for the KGB attacking and spying on government sites.

• Wrote a book about his exploits, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage

http://www.pro-linux.de/berichte/jpgs/cliff_interview.jpg

Hacker Trackers

• Kevin Mitnick was tracked down in part by Tsutomu Shimomura.

• See “Take Down”, T. Shimomura & J. Markoff, Hyperion Press, (1996).

The Tools of Hackers

Soft tech tools -- social engineering uses deception and hard work.

High tech tools are often developed by systems administrators to test and explore their networks and computer assets for holes and exploits. These same tools are in turn used by the hacker for break-ins and exploits.

Techniques for obtaining information

Low Tech – Social Engineering• stealing mail or rummaging through rubbish

(dumpster diving) • eavesdropping on public transactions to

obtain personal data (shoulder surfing) • Obtaining castings of fingers for falsifying

fingerprint identification

Soruce: http://en.wikipedia.org/wiki/Identity_theft

Social Engineering

While the media portrays the hacker as a super smart geek, in fact many of the best “hackers” use social engineering to accomplish their criminal acts.

Social Engineering

In the field of computer security, social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies.

By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible.

Source: http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29

The High Tech Hacker

High Tech – Internet Approaches• Stealing personal information in computer databases

[Trojan horses, hacking] • infiltration of organizations that store large amounts of

personal information • Impersonating a trusted organization in an electronic

communication (phishing) . • Spam (electronic): Some, if not all spam requires you to

respond to alleged contests, enter into "Good Deals", etc.

• Browsing social network (MySpace, Facebook, Bebo etc) sites, online for personal details that have been posted by users in public domains.

The Dark Side of Google

Using the advance search features to find private individual’s private and other confidential information

Intro to Google Hacking

• "Google Hacking” is the use of Google’s data stores for naughty things.

• Makes extensive use of the advanced Google syntaxes.• Is trivially easy to do and is rather trendy.• An excellent guide to get up to speed on the techniques of

"Google Hacking” is the O'reily book Google Hacks by Tara Calishain. Makes extensive use of the advanced Google syntaxes.

• Is trivially easy to do and is rather trendy.• An excellent guide to get up to speed on the techniques of

"Google Hacking” is the O'reily book Google Hacks by Tara Calishain.

An Invitation to Data Mining http://www.romanpoet.org/1/iz4__Invitation_to_DataMining.ppt

Google Hacking

University of Sunderland

CSEM02

Harry R Erwin, PhD

Peter Dunne, PhD

Section taken from web posted by Erwin

Basics

• Web Search

• Newsgroups

• Images

• Preferences

• Language Tools

Google Queries

• Non-case sensitive• * in a query stands for a word• ‘.’ in a query is a single character wildcard• Automatic stemming• Ten-word limit• AND (+) is assumed, OR (|) and NOT (-) must be

entered• “” for a phrase

More Queries

• You can control the language of the pages and the language of the reports

• You can restrict the search to specific countries

Controlling Searches

• Intitle, allintitle• Inurl, allinurl• Filetype• Allintext• Site• Link• Inanchor• Daterange• Cache• Info

• Related• Phonebook• Rphonebook• Bphonebook• Author• Group• Msgid• Insubject• Stocks• Define

Controlling Searches (II)

• These operators can be used to restrict searches.

• To restrict the search to the university: site:sunderland.ac.uk

• Or to search for seventh moon merlot in the uk: “seventh moon” merlot site:uk

Typical Filetypes

• Pdf

• Ps

• Xls

• Ppt

• Doc

• Rtf

• Txt

Why Google

• You access Google, not the original website.

• Most crackers access any site, even Google via a proxy server.

• Why? If you access the cached web page and it contains images, you will get the images from the original site.

Directory Listings

• Search for intitle:index.of• Or intitle:index.of “parent directory”• Or intitle:index.of name size• Or intitle:index.of inurl:admin• Or intitle:index.of filename• This can then lead to a directory traversal• Look for filetype:bak, too, particularly if you want to

expose sql data generated on the fly

Commonly Available Sensitive Information

• HR files

• Helpdesk files

• Job listings

• Company information

• Employee names

• Personal websites and blogs

• E-mail and e-mail addresses

Network Mapping

• Site:domain name• Site crawling, particularly by indicating negative

searches for known domains• Lynx is convenient if you want lots of hits:

– lynx -dump “http://www.google.com/search?\– q=site:name+-knownsite&num=100” >\– test.html

• Or use a Perl script with the Google API

Link Mapping

• Explore the target site to see what it links to. The owners of the linked sites may be trusted and yet have weak security.

• The link operator supports this kind of search.

• Also check the newsgroups for questions from people at the organization.

Web-Enabled Network Devices

• The Google webspider often encounters web-enabled devices. These allow an administrator to query their status or manage their configuration using a web browser.

• You may also be able to access network statistics this way.

Searches to Worry About

• Site:• Intitle:index.of• Error|warning• Login|logon• Username|userid|

employee.ID| “your username is”

• Password|passcode| “your password is”

• Admin|administrator• -ext:html -ext:htm -

ext:shtml -ext:asp -ext:php

• Inurl:temp|inurl:tmp| inurl:backup|inurl:bak

• Intranet|help.desk

Protecting Yourselves

• Solid security policy

• Public web servers are Public!

• Disable directory listings

• Block crawlers with robots.txt

• <META NAME=“ROBOTS” CONTENT=“NOARCHIVE”>

• NOSNIPPET is similar.

More Protection

• Passwords

• Delete anything you don’t need from the standard webserver configuration

• Keep your system patched.

• Hack yourself

• If sensitive data gets into Google, use the URL removal tools to delete it.

Google Hacks for Web cams

• One trick to find and search for open unprotected Internet webcams that broadcast to the web, is by using the following query:

• inurl:/view.shtml

• or

• intitle:”Live View / – AXIS” | inurl:view/view.shtml^

Source: Unknown web page

More patterns for finding web cams

• If you know the unique pattern of URL or link, or title pattern that other manufacturers’ webcams’ or IP network cameras’ software used, you can also easily locate and crack those unprotected that are released or leaked to the public Internet insecure cameras or webcams by using Google.

inurl:ViewerFrame?Mode=inurl:ViewerFrame?Mode=Refreshinurl:axis-cgi/jpginurl:axis-cgi/mjpg (motion-JPEG)

• inurl:view/indexFrame.shtmlinurl:view/index.shtmlinurl:view/view.shtmlliveappletintitle:”live view” intitle:axisintitle:liveappletallintitle:”Network Camera NetworkCamera”intitle:axis intitle:”video server”intitle:liveapplet inurl:LvApplintitle:”EvoCam” inurl:”webcam.html”

• intitle:”Live NetSnap Cam-Server feed”intitle:”Live View / – AXIS”intitle:”Live View / – AXIS 206M”intitle:”Live View / – AXIS 206W”intitle:”Live View / – AXIS 210″inurl:indexFrame.shtml Axisinurl:”MultiCameraFrame?Mode=Motion”intitle:start inurl:cgistartintitle:”WJ-NT104 Main Page”

• intext:”MOBOTIX M1″ intext:”Open Menu”intext:”MOBOTIX M10″ intext:”Open Menu”intext:”MOBOTIX D10″ intext:”Open Menu”intitle:snc-z20 inurl:home/intitle:snc-cs3 inurl:home/intitle:snc-rz30 inurl:home/

• intitle:”sony network camera snc-p1″intitle:”sony network camera snc-m1″site:.viewnetcam.com -www.viewnetcam.comintitle:”Toshiba Network Camera” user loginintitle:”netcam live image”intitle:”i-Catcher Console – Web Monitor”

The Dark Side of Googling References

• Dornfest, Rael, Google Hacks 3rd ed, O’Rielly, (2006)• Ethical Hacking,

http://www.nc-net.info/2006conf/Ethical_Hacking_Presentation_October_2006.ppt

• A great cheat sheet of Google search features: http://www.google.com/intl/en/help/features.html

• A valuable Cheat Sheet for Google Search Hacks -- how to find information fast and efficiently http://www.expertsforge.com/Security/hacking-everything-using-google-3.asp

The Dark Side of Googling References (more)

• Henk Van Ess, Hacking with Google, http://www.zoekzone.com/gijc2005_vaness3.pdf A tutorial for finding things like social security numbers, phone directories, and similar items that should not be left lying about on the Web. This is done to illustrate how to protect your web site and your personal data.

• Google Hacking, http://osiris.sunderland.ac.uk/~cs0her/CSEM02%20Lectures/GoogleHacking.ppt

• Google Hacks 101 http://osiris.sunderland.ac.uk/~cs0her/CSEM02%20Lectures/GoogleHacking.ppt

Google Hacks webcam reference

• How to Find and View Millions of Free Live Web Cams -- http://www.traveltowork.net/2009/02/how-to-find-view-free-live-web-cams/

• How to Hack Security Cameras, http://www.truveo.com/How-To-Hack-Security-Cameras/id/180144027190129591

• How to Hack Security Cams all over the World http://www.youtube.com/watch?v=9VRN8BS02Rk&feature=related

Tools for Hacking

Password Cracking

• Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.

• Password cracking works in a number of ways:– Guessing common words, birth dates, etc.– Dictionary attacks- trying all the words in a dictionary– Brute force based on the hashing system used by the

operating system

Source:http://en.wikipedia.org/wiki/Password_cracking

Password cracking programs

• Ophcrack - Open source

• Crack

• Cain

• John the Ripper

• LC5 (formerly L0phtCrack)

• RainbowCrack

Packet Sniffers

• A sniffer is a program that monitors and analyzes network traffic, detecting bottlenecks and problems.

• Ethernet protocol works by sending packet information to all the hosts on the same circuit. A machine that is accepting all packets, no matter what the packet header says, is said to be in promiscuous mode.

• Because, in a normal networking environment, account and password information is passed along Ethernet in clear-text, it is not hard for an intruder once they obtain root to put a machine into promiscuous mode and by sniffing, compromise all the machines on the net.

Source:http://cs.baylor.edu/~donahoo/tools/sniffer/packetsniffers.htm

Packet Sniffers

The popularity of packet sniffing stems from the fact that it sees everything. Typical items sniffed include:

• SMTP, POP, IMAP traffic • Allows intruder to read the actual e-mail.• POP, IMAP, HTTP Basic, Telnet authentication • Reads passwords off the wire in clear-text. • SMB, NFS, FTP traffic • Reads files of the wire. • SQL databse • Reads financial transactions and credit card numbers.

Source:http://cs.baylor.edu/~donahoo/tools/sniffer/packetsniffers.htm

Packet Sniffers

Source: http://sectools.org/sniffers.html

Cryptography and encryption

Network tools

• Nslookup

Hacking Wireless Networks Tools

Keystroke Logging

• Keystroke logging is the program installed on a computer to record every keystroke that the user makes. Typically it is hidden in a Trojan horse.

• The keystroke logger can reveal user ids and passwords, scripts, etc.

• The data can be downloaded and also used to upload other damaging programs or to create a slave computer that obeys a master in DDOS attacks.

Hacking Tool References

• Schwartau, W., ”CyberShock”, Thunder Mouth Press, (2000).

Securing your computer and website

There is no foolproof mechanism for securing your computer or your website from attach. However, you can make it very difficult and time consuming to attack with some simple and inexpensive (relative to the cost of the attack) means.

Simple Protection against Hackers

• Simplest security – Username and Password– Statistic about password frequency– Passwords should contain letters, numbers and other

assorted symbols.• Use

– @ instead of a– $ instead of s– 3 instead of E– & instead of et– 1 or ! instead of i– 1 instead of l (depending on if you use ! instead of i)– Ex. Instead of using the password “mainstreet” use “m@1n$tr3&”

What is a firewall?

(fīr´wâl) (n.) A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Source: http://www.webopedia.com/TERM/f/firewall.html

How does a firewall work?

There are several types of firewall techniques: • Packet filter: Looks at each packet entering or leaving the network and accepts

or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

• Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

• Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

• Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For

greater security, data can be encrypted

Source: http://www.webopedia.com/TERM/f/firewall.html

Protecting Yourself on the Internet

• Firewalls (both HDW and SFW)

• Anti-Virus & Anti-Spyware

• Never open an attachment that you were not expecting. If in doubt call the person.

• Always backup the critical data

• Always use the current patches to your O/S and applications.

• Always use the most current updates to your anti-malware.

A more complex strategy – Honeypot

• A server that is configured to detect an intruder by mirroring a real production system. It appears as an ordinary server doing work, but all the data and transactions are phony.

• Located either in or outside the firewall, the honeypot is used to learn about an intruder's techniques as well as determine vulnerabilities in the real system.

• Honeynets• A "honeynet" is a network containing honeypots. A

"virtual honeynet" is one that resides in a single server, but pretends to be a full network. See firewall, darknet, honeyproxy and honeymonkey.

Source: http://www.answers.com/

The DMZ (DeMilitarized Zone)

• A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. The DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall. Organizations typically place their Web, mail and authentication servers in the DMZ. DMZ is a military term that refers to the area between two enemies.

Source:http://www.securitydocs.com/library/2692

http://www.answers.com/

DMZ with Honeypots

Protecting Your Identity

• Never enter personal information (Acquired Characteristics) into a web site that uses only http (as opposed to https)

• Never send acquired characteristics (except your name) through the email.

• Unless you encrypt your email, expect that anyone can read it.• Always pay close attention to the spelling of the URL (web

address) when paying for anything on line.• Do not respond to unsolicited emails.• Shred all snail mail that contains personal information (especially

credit card offers!!)• Expect that once you throw something away, you are legally giving

it to the public.• Use only one credit card for online purchases• Keep your browsers up to date. Install security patches when they

are released.

Credit cards and the Internet

• Credit and debit cards are now used routinely to purchase airline tickets, gifts and flowers, and thousands of other items from etailers, Amazon.com, Ebay, etc. The internet is a rapidly growing source of e-commerce involving $Billions.

• The consumer is probably no more at risk than at any other type of credit card transaction. However, this is by no means a riskless environment and the user should take at least as much care as with any transaction.

Common Sense Protection Advice

Precautions: Shopping on the Internet is no less safe than shopping in a store or by mail. Keep the following tips in mind to help ensure that your online shopping experience is a safe one.

• Use a secure browser - software that encrypts or scrambles the purchase information you send over the Internet - to help guard the security of your information as it is transmitted to a website. When submitting your purchase information, look for the "lock" icon on the browser's status bar, and the phrase "https" in the URL address for a website, to be sure your information is secure during transmission.

• Check the site's privacy policy, before you provide any personal financial information to a website. In particular, determine how the information will be used or shared with others. Also check the site's statements about the security provided for your information. Some websites' disclosures are easier to find than others - look at the bottom of the home page, on order forms or in the "About" or "FAQs" section of a site. If you're not comfortable with the policy, consider doing business elsewhere.

http://tutorials.freeskills.com/read/id/646

Common Sense Protection Advice (more)

• Read and understand the refund and shipping policies of a website you visit, before you make your purchase. Look closely at disclosures about the website's refund and shipping policies. Again, search through the website for these disclosures.

• Keep your personal information private. Don't disclose your personal information - your address, telephone number, bank account number or e-mail address - unless you know who's collecting the information, why they're collecting it and how they'll use it.

• Give payment information only to businesses you know and trust, and only when and where it is appropriate - like an order form. Never give your password to anyone online, even your Internet service provider.

• Keep records of your online transactions and check your e-mail for contacts by merchants with whom you're doing business. Merchants may send you important information about your purchases.

• Review your monthly credit card and bank statements for any errors or unauthorized purchases promptly and thoroughly. Notify your credit or debit card issuer immediately if your credit or debit card is lost or stolen, or if you suspect someone is using your accounts without your permission.

What to do if your credit card is lost, stolen, or disclosed?

Recently millions of credit card numbers and Social Security Numbers were disclosed when hackers broke in and stole them from TJX company, and Dana Farber sent out patient information to a wrong fax number.In other cases they were on laptops that were stolen or lost at airports, in poorly secured databases, etc.

Actions to take

• Call and report all lost or compromised credit and debit cards immediately. Your liability for loss is often dependent on quick reporting. Remember driver licenses, passports, and other id as well. – Carry a list of your credit/debit cards, their numbers, and phone

numbers in a separate place than the cards.

• Call the hot line at the Credit reporting agencies.– Each of the big three has a single hot line to alert creditors to

protect you from having some else issue new cards/or lines of credit in your name.

– It will require you to go through extra steps to get new credit cards etc. but will save your thousands and grief.

The 3 Credit Card Phone Numbers to call

• Keep these phone numbers handy if you suspect your credit or identity has been compromised.

• It will cause your credit lines to be flagged and may on occasion cause some transactions to be questioned but it will also keep your finances secure.

Experian 1 888-397-3742

1 800-583-4080

EQUIFAX 1 800-685-1111

1 800-349-9960

TRANS UNION

1 800-916-8800

References

• Standler, R.B., Computer Crime, http://www.rbs2.com/ccrime.htm (2002)

The Dark Side of the Internet in the novel, movies, television

In the age of international terrorism and cyber crime is spawning a new genre of crime and spy novels featuring the white hat hacker and the black hat hacker villains.

Dark Side of the Internet Fiction References:

Deaver, Jeffery. The blue nowhere New York : Simon & Schuster, c2001.

Deaver, Jeffery. The broken window [sound recording], Simon and Schuster Audio, p2008.

exploring the internet the dark side of the internet 91.113-021 instructor: michael krolak...

spam spam

worst spam

internet slide

cost of spam

spam costs

security slide

chain email

email system

Documents

lab1 diffusion

[asm] lab1

photoshop lab1

[jaranowski p., krolak a.] analysis of...

lab1 report

the surveillance society 91.113-021 instructor: michael...

exploring the internet 91.113-031 instructor: patrick krolak...

ece367 lab1

lab1 electronica

exploring the internet the future of the internet 91.113-021...

aggregation lab1

a google maps mashups tutorial 91.113-021 instructor:...

ceng3420...

exploring the internet e-government and private industry...

exploring the internet 91.113-031 instructor: patrick krolak...

exploring the internet creating web pages with nvu a wysiwyg...

javascript programming an introduction prepared by p .d....

lab1 suelosii

luxf3-krolak-2569 kettle

preinforme lab1