HACKER S DELIGHT DESTROYING THE SYSTEM ONLY MAKES IT STRONGER

Size: px

Start display at page:

Download "HACKER S DELIGHT DESTROYING THE SYSTEM ONLY MAKES IT STRONGER"

Georgina Merritt
5 years ago
Views:

1 HACKER S DELIGHT DESTROYING THE SYSTEM ONLY MAKES IT STRONGER

2 OVERVIEW The meaning of hacking Types of hacking Methods of hacking Implications of hacking

4 HACKING: AN INTRODUCTION

5 A DEFINITION To tinker with the components of a system to find constructive or destructive ways to alter the intent and purpose of a system Work-arounds

6 TRAGEDY OF THE COMMONS Any collectivelymanaged resource is vulnerable to exploitation Centralized security versus decentralized liberty

7 HACKING AS PHILOSOPHY California everywhere: end of an idea? (Hackers destroy) California everywhere: the sequel? (Hackers protect)

8 TYPES OF HACKING

9 RULE #1 IN HACKING Any system is only as strong as its weakest link

10 HAT TRICKS White hat hackers (ethical hackers) Black hat hackers (malicious hackers)

12 THE BIG THING FOR ME IS CASH ONLY. AND NO WIFI. - CONFERENCE ATTENDEE

13 HACKERS VERSUS USERS Hackers repurpose Hackers are external Malicious users are internal

14 DIFFERENT METHODS Technical Physical Emotional

15 WHITE HAT EFFORTS US requires only some strategic centers to have periodic security evaluations Most companies are left to their own devices and budgets Equifax

17 TYPES OF HACKERS

18 MOTIVES Money Anarchy Freedom Fame

19 SCRIPT KIDDIES Amateurs Use code written by others and found online SCRIPT KITTY

20 CRIMINAL HACKERS Theft Ransomware Data markets

21 SECURITY HACKERS Paid to hack to discover vulnerabilities Goal: to strengthen security

22 HACKTIVISTS Hack systems to punish or protect Goal: to send a message

23 CYBERTERRORISTS Hack systems as an act of terror Use system to spread a message Goal: to create fear or to assist in operations

24 HACKERS FOR HIRE Pre-packaged botnets Individuals using skills to make money Don t care about the cause or purpose

25 METHODS OF HACKING

26 SOCIAL ENGINEERING Short-term and longterm False employees, vendors, IT support Phishing attacks

29 PHYSICAL SECURITY Physical access Tailgating CCTV cameras Power outage

31 PASSWORD THEFT Shoulder surfing Brute force and dictionary attacks Password-cracking software (Cain & Abel, John the Ripper)

32 NETWORK HACKING Why P2P ended Firewalls Port scanners DDoS doesn t need to penetrate the network

33 REMEMBER Every Black Hat knows what a White Hat knows Not every White Hat knows what a Black Hat knows

34 WIRELESS NETWORKS

35 WLAN Wireless Local Area Network Your home system

36 FIRST LEVEL OF VULNERABILITY Network name Network password

37 SECOND LEVEL OF VULNERABILITY Network devices Routers Printers Cameras Scanners

38 THIRD LEVEL OF VULNERABILITY Bluetooth Limited range

40 A LESSON IN TECHNOLOGY WEP = Wired Equivalent Privacy WPA = WiFi Protected Access IV + KEY (INITIALIZATION VECTOR IS 24-BIT) RC4 ENCRYPTION WPA2 KEYSTREAM

41 SOFTWARE WEPcrack Aircrack WPAcrack

42 WPA STARTED & CLIENT FOUND HANDSHAKE CAPTURED AIRCRACK WIFI WPA/WPA2 CRACK COMMAND

43 A WALK-THROUGH

44 INTERNET OF EVERYTHING Convenience adds more vulnerabilities What password is your refrigerator? Light bulb? Car?

45 HelpNetSecurity: Sept. 25, 2018

46 GALLERY OF HORRORS

51 WIFI IMAGING Physical imaging Radio wave analysis 90% accuracy No need to hack

52 HACKING: THE BIGGER PICTURE

53 TROLL FARMS Russia China Eastern Europe Hack of communication

54 HACKTIVISM: IRAN Green Revolution (2009) Twitter used to spread info for DDoS attack against gov t surveillance Hackers provide alternative servers to activists

55 EDWARD SNOWDEN Not a hacker but a hack revealer Whistleblower (2013) on government surveillance via hacking Right to privacy

56 JULIAN ASSANGE AND CHELSEA MANNING Not hackers Not whistleblowers Lack of transparency is not a violation of privacy Diplomacy

57 US ELECTIONS Voting machines DefCon: Voting Village Vulnerabilities not fixed in over a decade ES&S: no need to update ballot scanners ExpressPoll-5000: Code written late 1990s Default password: password Admin password: pasta

58 FACEBOOK September 28, 2018 Vulnerability in View As feature Access tokens (digital keys) were vulnerable 90 million compromised

59 FANCY BEAR UEFI rootkit: LoJax LoJack anti-theft software repurposed Older, Windowsbased systems Unified Extensible Firmware Interface

60 ANONYMOUS Formed in early 2003 Came to prominence in 2008 Network of hackers

61 ANONYMOUS 2 Citizen/netizen empowerment Anti-surveillance Pro internet freedom

CYBER SECURITY AND MITIGATING RISKS

CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY