CIS 381: Social & Ethical Issues of Computingdkoop/cis381-2019sp/lectures/lecture...7.3 Malware 329 W W W W W Figure 7.4 A worm spreads to other computers by exploiting security holes

CIS 381: Social & Ethical Issues of Computing

Security Dr. David Koop

D. Koop, CIS 381, Spring 2019

Hackers, Past and Present• Original meaning of hacker:

explorer, risk taker, system innovator (e.g. MIT’s Tech Model Railroad Club in 1950s)

• Change in meaning from electronics to computers and networks

• WarGames (1983): Hacking military supercomputer

• Modern meaning of hacker: someone who gains unauthorized access to computers and computer networks

�2D. Koop, CIS 381, Spring 2019

[M. J. Quinn]

Password Advice• Do not use short passwords • Do not rely solely on words from the dictionary • Do not rely on substituting numbers for letters • Do not reuse passwords • Give ridiculous answers to security questions • Enable two-factor authentication if available • Have password recoveries sent to a secure email address

�3

[M. J. Quinn]D. Koop, CIS 381, Spring 2019

Case Study: Firesheep• October 2010: Eric Butler released Firesheep extension to Firefox

browser • Firesheep made it possible for ordinary computer users to easily

sidejack Web sessions • More than 500,000 downloads in first week • Attracted great deal of media attention • Early 2011: Facebook and Twitter announced options to use their

sites securely

• Evaluate: Was this a good action?

�4


Viruses• Virus: Piece of self-replicating code

embedded within another program (host)

• Viruses associated with program files - Hard disks, floppy disks, CD-

ROMS - Email attachments

• How viruses spread - Diskettes or CDs - Email - Files downloaded from Internet

�5


7.3 Malware 329

WW

W

W

W

Figure 7.4 A worm spreads to other computers by exploiting security holes in computernetworks.

punk: Outlaws and Hackers on the Computer Frontier, written by Katie Hafner and JohnMarkoff [25].

BACKGROUND OF ROBERT TAPPAN MORRIS JR.

Robert Tappan Morris Jr. began learning about the Unix operating system when he wasstill in junior high school. His father was a computer security researcher at Bell Labs, andyoung Morris was given an account on a Bell Labs computer that he could access froma teletype at home. It didn’t take him long to discover security holes in Unix. In a 1982interview with Gina Kolata, a writer for Smithsonian magazine, Morris admitted he hadbroken into networked computers and read other people’s email. “I never told myselfthat there was nothing wrong with what I was doing,” he said, but he acknowledgedthat he found breaking into systems challenging and exciting, and he admitted that hecontinued to do it.

As an undergraduate at Harvard, Morris majored in computer science. He quicklygained a reputation for being the computer lab’s Unix expert. After his freshman year,Morris worked at Bell Labs. The result of his work was a technical paper describing asecurity hole in Berkeley Unix.

While at Harvard, Morris was responsible for several computer pranks. In one ofthem, he installed a program that required people logging in to answer a question posedby “the Oracle” and then to ask the Oracle another question. (The Oracle programworked by passing questions and answers among people trying to log in.)

Worm• Worm:

- Self-contained program - Spreads via computer network - Exploits security holes

• Tappen's Internet Worm - Released worm onto Internet from

MIT computer - Spread to significant numbers of

Unix computers - Infected computers kept crashing

or became unresponsive

�6


Conficker Worm• Conficker (a.k.a. Downadup) worm appeared 2008 on Windows

computers • Particularly difficult to eradicate • Uses pseudorandom domains to download from • Different variants released (type E installs malware) • Millions of copies of worm are circulating • Purpose of worm still unknown

�7


Trojan Horses + Spyware & Adware• Trojan horse:

- Program with benign capability that masks a sinister purpose - Performs expected task but also unknown, sinister actions

• Backdoor Trojan: Trojan horse that gives attack access to victim’s computer

• Spyware: Program that communicates over an Internet connection without user’s knowledge or consent - Log keystrokes or take snapshots of computer screen - Send reports back to host computer

• Adware: Type of spyware that displays pop-up advertisements related to user’s activity

�8


Term Paper• Topics have been assigned • 4-5 people per group • Term papers are individual • Topic presentations are done in groups, but each person should

speak for 3-4 minutes • As a group, rank your preferred presentation days

- April 17, April 19, April 22, April 24, April 29, May 1 • Individual term papers are due May 6 (assigned exam date) • Need to evaluate issues using ethical frameworks • Groups can choose to examine different issues related to a topic or

examine a similar issue using different frameworks


Assignment 5• Computer Reliability • About radiation treatments and their reliance on increasingly

complicated software • Due Monday


Bots• Bot: A kind of backdoor Trojan that responds to commands sent by

a command-and-control program on another computer • First bots supported legitimate activities

- Internet Relay Chat - Multiplayer Internet games

• Other bots support illegal activities - Distributing spam - Collecting person information for ID theft - Denial-of-service attacks

�11


Botnets and Bot Herders• Botnet: Collection of bot-infected computers controlled by the

same command-and-control program • Bot herder: Someone who controls a botnet • Some botnets have over a million computers in them

�12


Defensive Measures• Security patches: Code updates to remove security vulnerabilities • Anti-malware tools: Software to scan hard drives, detect files that

contain viruses or spyware, and delete these files • Firewall: A software application installed on a single computer that

can selectively block network traffic to and from that computer

�13


Cyber Crime and Cyber Attacks• Internet sales over $1 trillion annually • Organized crime and politically motivated attacks • Various types of attacks

- Phishing - SQL Injection - Distributed Denial of Service (DDOS)


Phishing and Spear-phishing• Phishing: Large-scale effort to gain

sensitive information from gullible computer users - At least 67,000 phishing attacks

globally in second half of 2010 - New development: phishing

attacks on Chinese e-commerce sites

• Spear-phishing: Variant of phishing in which email addresses chosen selectively to target particular group of recipients

�15


Bobby Tables

�16

[xkcd]D. Koop, CIS 381, Spring 2019

https://xkcd.com/327/

SQL Injection• Method of attacking a database-driven Web application with

improper security • Attack inserts (injects) SQL query into text string from client to

application • Application returns sensitive information

�17


DoS and DDoS Attacks• Denial-of-service (DoS) attack: Intentional action designed to

prevent legitimate users from making use of a computer service • Aim of a DoS attack is not to steal information but to disrupt a

server’s ability to respond to its clients • Distributed denial-of-service attack (DDoS): DoS attack launched

from many computers, such as a botnet

�18


Cyber Crime• Criminal organizations making significant amounts of money from

malware • Jeanson James Ancheta • Blue Security and Pharmamaster • Albert Gonzalez • Avalanche Gang

�19


The Rise and Fall of Blue Security• Blue Security: An Israeli company selling a spam deterrence system • Blue Frog bot would automatically respond to each spam message

with an opt-out message • Spammers started receiving hundreds of thousands of opt-out

messages, disrupting their operations • 6 of 10 of world’s top spammers agreed to stop sending spam to

users of Blue Frog

�20


The Rise and Fall of Blue Security• One spammer (PharmaMaster) started sending Blue Frog users

10-20 times more spam • PharmaMaster then launched DDoS attacks on Blue Security and

its business customers • Blue Security could not protect its customers from DDoS attacks

and virus-laced emails • Blue Security reluctantly terminated its anti-spam activities

�21


Politically Motivated Cyber Attacks• Estonia (2007) • Georgia (2008) • Georgia (2009) • Exiled Tibetan Government (2009) • United States and South Korea (2009) • Iran (2009) • Espionage attributed to People’s Liberation Army • Anonymous

�22


Attacks on Social Networking Sites• Massive DDoS attack made Twitter service unavailable for several

hours on August 6, 2009 • Three other sites attacked at same time: Facebook, LiveJournal,

and Google • All sites used by a political blogger from the Republic of Georgia • Attacks occurred on first anniversary of war between Georgia and

Russia over South Ossetia

�23


Fourth of July Attacks• 4th of July weekend in 2009: DDoS attack on governmental

agencies and commercial Web sites in United States and South Korea

• Attack may have been launched by North Korea in retaliation for United Nations sanctions

�24


SCADA Systems• Industrial processes require constant monitoring • Computers allow automation and centralization of monitoring via

Supervisory Control and Data Acquisition (SCADA) systems • Today, SCADA systems are open systems based on Internet

Protocol - Less expensive than proprietary systems - Easier to maintain than proprietary systems - Allow remote diagnostics

• Allowing remote diagnostics creates security risk

�25


Stuxnet• In January 2010, Iranians discovered Natanz Nuclear Facility had

been targeted by worm for the past two years • Stuxnet targeted plant’s control systems of centrifuges, causing

them to fail at an unusually high rate - Attacked SCADA systems running Siemens software - Uranium must be processed to increase concentration of active

isotope, U-235, which in is only 0.7% of natural uranium - Small difference in weight allows the U-235 isotope to be

separated from the predominant U-238 isotope - Centrifuges spin at over 60,000 RPM to separate isotopes and

enrich the uranium

�26

[S. Abraham]D. Koop, CIS 381, Spring 2019

https://www.cs.utexas.edu/users/theshark/courses/cs349/lectures/cs349-15.pdf

Stuxnet

�27

[L-Dopa, IEEE Spectrum]D. Koop, CIS 381, Spring 2019

https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet

Stuxnet Aftermath• First version of worm caused failures in centrifuges, second version

caused OSes to repeatedly crash and reboot - Belarusian malware-detection firm called to investigate - Four zero-day (previously unknown) exploits used to break into

Microsoft operating system • In 2012 Chevron first US corporation to publicly confirm that

Stuxnet had spread across its machines - Siemens systems have no direct connection to Internet, so five

outside companies believed to be connected with nuclear program were infected

• Authors of Stuxnet never confirmed but leaks to press suggest from US and Israel worked in collaboration to create it [Sanger, NYTimes]

�28



Stuxnet Differences• Worm caused physical damage rather than just stealing or

modifying information • Sophistication and levels of attack suggest virus took around two to

three years to author • Likely US operation targeted software created by US corporations • Connections discovered between Stuxnet and Flame discovered

- Used for cyber espionage in the Middle East - Could exchange data with any Bluetooth-enabled device - Entered systems disguised as a legitimate Windows 7 update

�29



Cyber Espionage• Hundreds of computer security breaches in more than a dozen

countries investigated by Mandiant • Hundreds of terabytes of data stolen • Mandiant blamed Unit 61398 of the People’s Liberation Army • China’s foreign ministry stated that accusation was groundless and

irresponsible

�30


Anonymous• Anonymous: loosely organized international movement of

hacktivists (hackers with a social or political cause) • Various DDoS attacks attributed to Anonymous members

�31


Year Victim Reason2008 Church of Scientology Attempted suppression of Tom Cruise interview2009 RIAA, MPAA RIAA, MPAA’s attempt to take down the Pirate Bay2009 PayPal, VISA,

MasterCardFinancial organizations freezing funds flowing to Julian Assange of WikiLeaks

2012 U.S. Dept. of Justice, RIAA, MPAA

U.S. Dept. of Justice action against Megaupload

2013 Israel Protest Israeli treatment of Palestinians2014 City of Cleveland Protest killing of 12-year-old Tamir Rice by a

Cleveland police officer2015 Jihadist groups Terrorist attack on Paris office of Charlie Hebdo

magazine

Convictions of Anonymous Members• Dozens of people around the world have been arrested for

participation in Anonymous cyber attacks • Dmitriy Guzner (Church of Scientology attacks): 366 days in prison

and $37,500 in restitution • Brian Mettenbrink (Church of Scientology attacks): 1 year in prison

and $20,000 in restitution • Jake Davis (Sony Pictures attacks): 2 years in prison

�32


Motivation for Online Voting• 2000 U.S. Presidential election closely contested • Florida pivotal state • Most Florida counties used keypunch voting machines • Two voting irregularities traced to these machines

- Hanging chad - “Butterfly ballot” in Palm Beach County

�33


The Infamous “Butterfly Ballot”

�34

[AP Photo/Gary I. Rothstein]D. Koop, CIS 381, Spring 2019

Benefits of Online Voting• More people would vote • Votes would be counted more quickly • No ambiguity with electronic votes • Cost less money • Eliminate ballot box tampering • Software can prevent accidental over-voting • Software can prevent under-voting

�35


Risks of Online Voting• Gives unfair advantage to those with home computers • More difficult to preserve voter privacy • More opportunities for vote selling • Obvious target for a DDoS attack • Security of election depends on security of home computers • Susceptible to vote-changing virus or RAT • Susceptible to phony vote servers • No paper copies of ballots for auditing or recounts

�36


Documents

CIS 381: Social & Ethical Issues of Computingdkoop/cis381-2019sp/lectures/lecture...7.3 Malware 329 W W W W W Figure 7.4 A worm spreads to other computers by exploiting security holes