Cybercrime and cybersecurity: Types of offences
Often caused by the employees either intentionally or unintentionally e.g. making mistakes or committing theft or fraud At least 30% of threats are caused by employees
Internal threats
Reached through a vulnerability that is still unknown to the owners but known to the hacker so they don't know it's happening
Zero-day exploit
1. Attack in which a server or network is made unavailable by sending large amounts of network traffic or corrupt network traffic - overwhelming a web application with requests 2. Easy to set up difficult to mitigate 3. Other computers are compromised without knowing and the hacker will use the compromised computers all to generate network traffic to the target so it will not be able to handle this 4. A compromised computer is called a zombie because the owner of the device is not aware of it most of the time - can be a computer, laptop or smartphone 5. Happens a lot today
(Distributed) Denial of service attack (5)
More complicated but widely used 1. Used to translate an IP address to a hardware address - so if you connect your computer to a certain network then you are assigned an ip address that is temporary and not hardcoded into your system so if you connect the next day will be assigned another ip address. The hardware on the other hand is decoded into your computer. The IP address must be mapped to to your hardware address to hack. 2. So you can find that an IP address is somewhere within the network but the hardware address is unknown so will send a broadcast message asking who has this IP address and can they send the hardware address so you can communicate with the right computer - TLC/IP handshake 3. But this can be a spoof where a computer is programmed to respond to the ARP broadcast and request and they will pretend they are the owner of the MAC (hardware) address of the receiving computer and they will send a response instead of the legitimate user and obtain the information intended for them
ARP Spoofing (3) (IMPORTANT FOR EXAM)
Computer network in which the computer system preforms a specific function often a malicious activity such as a DDOS attack - bot agent software can be installed through a Trojan horse or other malicious software. Computer that participates in this is called a zombie
Botnet
1. Best to have a password which is not too short or simple as if you have a simple computer then the John the Ripper system will only take a few minutes to guess your password 2. If a password with 14 characters or more it will take time to hack this 3. This tries every combination of characters to crack your password 4. If the hacker doesn't have a supercomputer then it would not be worthwhile for the hacker to hack a password that is 14 characters long - will take a computer many thousands of years to hack this password 5. If the hacker has a Supercomputer it can combine their searches to reduce time but it will still take a long time 6. If password 20 characters long a lifetime will not be long enough to crack it
Brute force attack (6)
Attack by which information is sent without alerting security mechanisms Preferred method of cybercriminals One example is http tunneling - The malware (firewall) will recognise the HTTP address, the TCP and the IP so if the hacker is able to traffic firewalls by hiding malware into http data a firewall may be bypassed as http traffic is usually allowed by firewalls Hackers might first try to hack the webserver using this method and then try and find a way to the ERP system - will take time this is for a motivated hacker
Convert channel attacks
1. Curiosity or just trying to hack something - script kiddies, cyber vandals 2. Fraud - employees or criminals who may or may not be skilled in computer technology e.g. if you ordering something from ebay and it never comes 3. Politically or religiously motivated attacks - hactivists and terrorists - numerous hacker groups working for governments or supported by them or their organisation 4. Stealing information through sophisticated methods - criminals and criminal organizations skilled in computer technology or governmental or government supported hacker groups
Cybercrime categories (4)
As soon as the victim enters the URL then the request will be sent to the DNS server that translates so if poisoned the IP address will be a false website - they will go to the false website imitating the legitimate so any credentials they put on will be intercepted by the cybercriminal who will enter these details and use it to get into the legitimate website
DNS Poisoning
1. Encryption is done by a digital key consisting of bits and is comparable to passwords you can use brute force by trying every combination of the bits of the key 2. Dictionary attack - trying the keys or hashes in a database 3. Side channel attack - trying to crack the implementation of an algorithm by observing power or time consumption 4. Analytical attack - trying to find repetitive information e.g. e appears more than other characters in Dutch so some code that appears more often than other codes in the encrypted information may resemble the key 5. Cryptanalysis - trying to find flaws in the algorithm or implementation of the cryptosystem, predicting the behaviour of the cryptosystem or assigning possibilities to possible keys
Encryption breaking methods (5) (IMPORTANT FOR EXAM)
1. Making your laptop or tablet come up as a wireless network and give it the same name as the one you want to copy e.g. Starbucks free wifi and go to a starbucks location and a number of smartphones will connect to the access point you have made and from that point on you will be able to see all the network traffic of the users that pass your access point and can read this network traffic 2. Also called rouge access point 3. A way to protect yourself from this is to use a VPN - virtual private network and the software is an app you can install on your iPhone or a free which is very safe and all your network traffic will be encrypted as takes a lot of time to decrypt everything especially if a lot of network traffic e.g. watching a movie 4. But best way to protect is to not use public wireless networks
Evil twin (4)
1. Gaining access 2. escalating privileges - trying to gain access rights of the administrators so can do more with the computer system 3. maintain the access 4. hiding and activating malicious software 5. stealing information 6. covering tracks so it's a zero day exploit - a skilled hacker is able to do this so that you never know he is there. Those working for a governmental organisation are particularly skilled at this.
Final hacking phase after preperation done (6)
1. Footprinting and reconnaissance - gathering information about it's target - information about organisation and about network infrastructures 2. Scanning and enumeration - gathering and collecting detailed information about the computer system. Network infrastructure such as open ports - port addresses that all computers have. Also finding out routing tables and system names but not as important. Also need to find out account information e.g. usernames and default passwords which they may have forgot to change 3. Gaining access
Hacking phases (3)
1. The method used to hack a wireless network depends on the security mode in place - if no security applied e.g. a public WIFI hacking a wireless network is very easy 2. The SSID is nothing more than a label - the name of your wireless network and provides no security at all even if it is not broadcasted which it will be by default (e.g. comes up as an option to connect to) 3. WEP (Wired Equivalent Privacy) is easy to crack- keys are not changed periodically, initialization vector (IV) is too short (24 bit) and static 4. WPA2 is the only secure protocol 5. WPA (wifi protected access) has been compromised as well and so the hacker can see all your network traffic
Hacking wireless networks (5)
Cybercriminal intercepts communication between the individual and a website and they act to the victim as if they are the website and to the website as if they are the client
Main in the middle
Collective class of software that is designed to disturb computer systems, steal confidential information or carry malicious contents Fairly easy to construct since templates and tools are very available - three main types are virus, a worm or a Trojan horse - the differences between them have become blurred
Malicious software
1. Malicious code that is contained inside apparently harmless or useful software to the user 2. Often spread by means of social engineering - convincing the user to use this software 3. May be anti-virus software - a banner saying you should download this and then will infect you 4. Many different functions - stealing information such as credit card info or password, infecting your computer with software needed for denial of service attacks or installing spyware software such as key loggers to obtain your password 5. This is popular with the police as able to intercept the password of criminals for investigation purposes 6. Constructed with the help of a wrapper
Malicious software - Trojan horse (6)
1. Malicious code that is designed to attach to a file or another object 2. Often comes in an attachment in an email 3. requires action of a user - needs to click on something so if the user is aware of the risks a good protection 4. Ransomware/cryptoware - cryptoware will be activated and all the files on your system will be encrypted including your files which may have been stored in a dropbox or other storage - not a way to mitigate cryptoware if you use a dropbox to access your files on another computer then it will also pass to these files and will all be crypted
Malicious software - virus (4)
1. Does not require any user interaction - most important difference between a virus and a worm 2. More difficult to construct but if the attacker is able then it is dangerous because no user direction then can spread very fast in the network 3. It spreads through URL's, network shares, email messages - just by sending the email it can spread rather than you needing to click on a link
Malicious software - worm (3)
1. Very sophisticated - malicious software nested into the browser of the system 2. So long as the user goes onto banking website will intercept the credentials - will be sent to the system of the hacker during the same session and forms his own transaction this way as this is what is expected by the system 3. Zeus along with man in browser bbc documentary on this
Man-in-the-browser (3)
1. Can be stolen through malware - e.g. keylogger - stored on your computer system without you knowing and will track any key strokes you use and send them to the attacker so they can obtain your password 2. May also be written down on a note in a recycle bin on your computer or something and they can find it 3. Shoulder surf - looking over your shoulder 4. Brute force attack - trying every possible combination of password 5. Dictionary attack - databases online with tonnes of common passwords stolen from yahoo etc. - there are tools you can download for free to check your password against lots of passwords on the internet and if there is a match your password is easy to be hacked 6. Rainbow table attack - when you log into your windows system the system will then make a calculation of your password and the value of that calculation is called a hash - the value of the calculation of your password which will then be sent from your system to the central system of information of that website. If an attacker can hack into the central password database/server then he can compare the hashes in the database with the ones compared in the rainbow table (hashes are stored here and listed with their plain text password) and can see what hash responds to which password then your password will be known to them by being a match. If you use the same password for lots of servers then your hash will be the same for all of these. 7. Sniffing - capturing network traffic - if your password is sent over the internet that can be found by the hacker and they can obtain your password - The things hackers use for brute force attack, dictionary attack or rainbow attack are freely available on the internet such as John the Ripper or Abel
Password attacks (7)
Probability x impact = risk
Risk analysis
1. Idea that the attacker will be able to access a database that is used by a web application e.g. online shopping - you need credit card information and a password and names and address which will be stored in a database that is away from the web application and by SQL injection - by entering the SQL codes into the dialogue boxes of the web application if it's not secure enough so the flaw is in the web application - able to enter SQL commands by which you can access the database 2. Most common vulnerability in websites
SQL injection (IMPORTANT FOR THE EXAM)
- Sniffer reads and decodes information entering the computer - Network interface controller (NIC) needs to run in promiscuous mode - Sniffing wireless networks requires a special wireless NIC or USB dongle - Wireshark is the most widely used sniffing tool - freely available on the internet - This can help find debit card information or password - Less effective against encrypted network traffic
Sniffing network traffic
1. Most successful cybercrime method because people are often unaware of the risks, tend to be helpful and are inclined to conform to authority 2. Also called the hacking of people 3. Manipulating people to act in a way that is in the interest of the perpetrator 4. Purpose of obtaining confidential information, stealing goods and getting access to premises 5. E.g. students of a university or employees of organizations may not be aware of risks so cyber criminals will try to get them to hand over confidential information such as passwords by pretending to be someone else
Social engingeering (5)(IMPORTANT FOR EXAM)
