Cybercrime, Cyberterrorism, and Cyberwarfare

1
Chapter 8

• Cybercrime, Cyberterrorism, and Cyberwarfare

2
Potentially Destructive Software

• Logic bomb
• Potentially very destructive
• Time bomb a variation
• Rabbit
• Denial of service
• Trojan horse
• Common source of backdoors

3
Backdoor

• Undocumented access point
• Testing and debugging tool
• Common in interactive computer games
• Cheats and Easter eggs
• Hackers use backdoors to gain access
• Programmer fails to close a backdoor
• Trojan horse
• Inserted by hacker on initial access
• Back Orifice the Cult of the Dead Cow

4
Viruses and Worms

• Virus
• Parasite
• Requires host program to replicate
• Virus hoaxes can be disruptive
• Worm
• Virus-like
• Spreads without a host program
• Used to collect information
• Sysop terminal status
• Hacker user IDs and passwords

5
Structure of a typical virus

• Macro viruses
• Polymorphic viruses
• E-mail attachments
• Today, click attachment
• Tomorrow, ???
• Cluster viruses
• Spawn mini-viruses
• Cyberterrorism threat

• Payload can be
• Trivial
• Logic bomb
• Time bomb
• Trojan horse
• Backdoor
• Sniffer

6
Anti-Virus Software

• Virus signature
• Uniquely identifies a specific virus
• Update virus signatures frequently
• Heuristics
• Monitor for virus-like activity
• Recovery support

7
Security and virus protection in layers
Internet

• Defend in depth
• What one layer misses, the next layer traps
• Firewalls (Chapter 9)
• Anti-virus software

8
System Vulnerabilities

• Known security weak points
• Default passwords system initialization
• Port scanning
• Software bugs
• Logical inconsistencies between layers
• Published security alerts
• War dialer to find vulnerable computer

9
Denial of Service Attacks (DoS)

• An act of vandalism or terrorism
• A favorite of script kiddies
• Objective
• Send target multiple packets in brief time
• Overwhelm target
• The ping o death
• Distributed denial of service attack
• Multiple sources

10
A distributed denial of service attack

• Cyber equivalent of throwing bricks
• Overwhelm target computer
• Standard DoS is a favorite of script kiddies
• DDoS more sophisticated

11
Spoofing

• Act of faking key system parameters
• DNS spoofing
• Alter DNS entry on a server
• Redirect packets
• IP spoofing
• Alter IP address
• Smurf attack

12
IP spoofing

• Preparation
• Probe target (A)
• Launch DoS attack on trusted server (B)
• Attack target (A)
• Fake message from B
• A acknowledges B
• B cannot respond
• DoS attack
• Fake acknowledgement from B
• Access A via 1-way communication path

13
The Warden defense model

• Information warfare
• Bypass outer rings
• Attack inner rings
• Corrupt, deny, or destroy information
• IW tactics
• Propaganda
• Disinformation
• Disabling infrastructure
• Jamming communications
• Terrorism

14
Selecting Targets

• Concentration of value
• World Trade Center
• Network access point (NAP)
• Cost to attackers
• Best target most bang for the buck

15
Cyberwarfare

• Information warfare in cyberspace
• Hacker tools as weapons
• Denial of service attacks
• Backdoors and cracking tools
• Malware destructive software
• Chipping modified chips
• Source of attack can be anywhere

16
Cyberterrorism

• Terrorism in cyberspace
• Same tools as cyberwarfare
• Inexpensive and anonymous
• Cyberspace loaded with symbolic targets
• Public access complicates defense
• Lack of diversity increases vulnerability
• Windows
• Response JWICS