hacked!!! – kuala lumpur, malaysia network security

http://www.hackingmobilephones.com

HACKED!!! – Kuala Lumpur, MalaysiaNetwork Security

Ankit FadiaIntelligence Consultant and [email protected]

Outsmarting Cyber Villains


How to become a Computer Security Expert?

THINGS TO DO:

Learn at least one Programming Language.

Become a Networking Guru.

Learn to work in the UNIX Shell.

Get the ‘Hacking’ attitude.

Read, Read and Read as much as you can!!!!


Hacker VS Cracker

Qualities of a Hacker :

Lots of Knowledge & Experience.Good Guy.Strong Ethics.Never Indulges in Crime.Catches Computer Criminals.

Qualities of a Cracker :

Lots of Knowledge & Experience.Bad Guy.Low Ethics.Mostly Indulges in Crime.Is a Computer Criminal himself.


Facts and Figures

FBI INTELLIGENCE REPORT

9,85921,756

52,65864,981

87,770101,311

0

20,000

40,000

60,000

80,000

100,000

120,000

1999 2000 2001 2002 2003 2004

IncidentsRecorded


TOP 5 CORPORATE ESPIONAGE ATTACKS

• TOP 5 Corporate Espionage Attacks:

Privacy Attacks

Email Forging Attacks

Sniffer Attacks

Keylogger Attacks

DOS Attacks


Individual Internet User

Mumbai Lady Case

• A lady based in Mumbai, India lived in a one-room apartment.

• Was a techno-freak and loved chatting on the Internet.

• Attacker broke into her computer & switched her web camera on!

• Biggest cyber crime involving privacy invasion in the world!


Government Sector

NASA

• The premier space research agency in the world.

• Had just finished a successful spaceship launch, when the unexpected happened.

• The path of the spaceship was changed remotely by a 11 year old Russian teenager.

• Loss of money. Unnecessary worry.


TROJANS

TROJANS

Definition:

Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker.

Working: See Demo.

Threats:

Corporate Espionage, Password Stealing, IP Violation, Spying, etc.

Tools:

Netbus, Girlfriend, Back Orrifice and many others.


TROJANS

COUNTERMEASURES

• Port Scan your own system regularly.

• If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.

• One can remove a Trojan using any normal Anti-Virus Software.

• Monitor start up files and port activity.




Privacy Attacks


Sniffer Attacks

Keylogger Attacks

DOS Attacks


Consumer Electronic Goods Sector

TV Group

• One of the largest manufacturers of televisions and other electronic goods in the world.

• Attacker sent an abusive forged email to all investors, employees and partners worldwide from the Chairman’s account.

• Tainted relations.


Email Forging

Email Forging

Definition:

Email Forging is the art of sending an email from the victim’s email account without knowing the password.

Working:

ATTACKER-----Sends Forged email----- FROM VICTIM

Tools:

None required! DEMO


Email Forging

COUNTERMEASURES

NOTHING can stop the attacker.

Use Secure email systems like PGP.

Digitally sign your emails.




Privacy Attacks


Sniffer Attacks

Keylogger Attacks

DOS Attacks


Healthcare Sector

Healthcare Group

• One of the largest shaving solutions companies in the world.

• Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier.

• Loss of revenue. Delay in Product launch.


Government Sector

BARC Group

• One of the most sensitive atomic and missile research facilities in India.

• Pakistani criminal organizations broke into network and stole sensitive missile info.

• Loss of sensitive data. Threat to national security.


SNIFFERS

SNIFFERS

Definition:

Sniffers are tools that can capture all data packets being sent across the entire network in the raw form.

Working: ATTACKER-----Uses sniffer for spying----- VICTIM

Threats:


Tools:

Tcpdump, Ethereal, Dsniff and many more.


SNIFFERS

COUNTERMEASURES

Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)

Use Encryption Standards like SSL, SSH, IPSec.




Privacy Attacks


Sniffer Attacks

Keylogger Attacks

DOS Attacks


Fashion Entertainment Sector

Fashion House Group

• One of the most successful fashion designers in Europe.

• Stole all designs and marketing plans.

• Came out with the same range of clothes a week before.

• Loss of Revenue. R&D & creative work down the drain.


KEYLOGGERS

KEYLOGGERS

Definition:

They are spying tools that record all keystrokes made on the victim’s computer.

Working: ATTACKER-----Uses keylogger for spying----- VICTIM

Threats:


Tools:

Thousands of Keyloggers available on the Internet.


KEYLOGGERS

COUNTERMEASURES

Periodic Detection practices should be made mandatory.

A typical Key Logger automatically loads itself into the memory, each time the computer boots.

Hence, one should search all the start up files of the system and remove any references to suspicious programs.

This should protect you to a great extent!




Privacy Attacks


Sniffer Attacks

Keylogger Attacks

DOS Attacks


Internet Services Sector

Internet Services

• Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours!

• All users across the globe remained disconnected.

• Attackers were never caught.

• Loss of Revenue. Share values down.


Denial of Services (DOS) Attacks

DOS ATTACKS

Definition:

Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.

Working:

ATTACKER-----Infinite/ Malicious Data----- VICTIM

Tools:

Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]Trin00, Tribal Flood Network, etc [TOOLS]


Denial of Services (DOS) Attacks

BUSINESS THREATS

•All services unusable.

•All users Disconnected.

•Loss of revenue.

•Deadlines can be missed.

•Unnecessary Inefficiency and Downtime.

•Share Values go down. Customer Dissatisfaction.


DOS Attacks

COUNTERMEASURES

Separate or compartmentalize critical services. Buy more bandwidth than normally required to

count for sudden attacks. Filter out USELESS/MALICIOUS traffic as early as

possible. Disable publicly accessible services. Balance traffic load on a set of servers. Regular monitoring and working closely with ISP

will always help! Patch systems regularly. IPSec provides proper verification and

authentication in the IP protocol. Use scanning tools to detect and remove DOS

tools.


Recommendations and Countermeasures

• National CERTS and Cyber Cops.

• Security EDUCATION and TRAINING.

• Increase Security budgets.

• Invest on a dedicated security team.

• Security by obscurity?


THE FINAL WORD

THE FINAL WORD

•The biggest threat that an organization faces continues to be from….

THEIR OWN EMPLOYEES!


Is Internet Banking Safer than ATM Machines?

ATM MACHINES VS INTERNET BANKING

ATM Machines Internet Banking

Easier to crack. Difficult to crack, if latest SSL used.

Soft Powdery Substance. Earlier SSL standards quite weak.

Unencrypted PIN Number.

Software/ Hardware Sniffer.

Fake ATM Machine


Mobile Phone Hacking

Mobile Phone Attacks

Different Types:

BlueJacking BlueSnarfing BlueBug Attacks Failed Authentication Attacks Malformed OBEX Attack Malformed SMS Text Message

Attack Malformed MIDI File DOS Attack Jamming Viruses and Worms Secret Codes: *#92702689# or #3370*


AN ETHCAL GUIDE TO HACKING MOBILE PHONES

Hacking Mobile Phones

Title: An Ethical Hacking Guide to Hacking Mobile Phones

Author: Ankit Fadia

Publisher: Thomson Learning

JUST RELEASED!JUST RELEASED!


THE UNOFFICIAL GUIDE TO ETHICAL HACKING

Ankit Fadia

Title: The Unofficial Guide To Ethical Hacking

Author: Ankit Fadia



NETWORK SECURITY: A HACKER’S PERSPECTIVE

Ankit Fadia

Title: Network Security: A Hacker’s Perspective

Author: Ankit Fadia



THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY

Network Security

Title: The Ethical Hacking Guide to Corporate Security

Author: Ankit Fadia

Publisher: Macmillan India Ltd.


HACKED!!! – Kuala Lumpur, Malaysia

Network Security

Ankit FadiaIntelligence Consultant cum [email protected]

Questions?

hacked!!! – kuala lumpur, malaysia network security

Documents