Cyber Security and Cyber Warfare
This week we start a two-week discussion of cyber security.
1
Learning Objectives
A student who successfully completes this section will be able to:
Explain the different types of tools used by cyber criminals.
Understand how these tools are used in cyber warfare.
Examine some of the major cyber attacks that have occurred in the past two decades.
Above is the list of objectives for this topic. We want to try to understand the different types of tools that are used by cyber criminals and a little about how they are used in cyber warfare. This is a massively complex topic! But we will do the best we can to unravel it. Then next week we will talk about preventing cyber crime.
2
- Crime (as theft, fraud, intellectual property violations, or distribution of child pornography) committed electronically
Merriam-Webster Law Dictionary
- Crime committed by means of a computer network.
- An instance of such crime.
American Heritage® Dictionary of the English Language, Fifth Edition.
- (Law) the illegal use of computers and the internet
- (Computer Science) the illegal use of computers and the internet
- (Law) crime committed by means of computers or the internet
- (Computer Science) crime committed by means of computers or the internet
Week 6 – Cyber Security and Cyber Warfare
Cyber Crime Definitions
Cyber crime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes). Cybercriminals may use computer technology to access personal information or business trade secrets, or use the internet for exploitive or malicious purposes. Criminals can also use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers, although the term “hacking” actually describes one of a number of types of cyber crime.
3
Cyber Crime: Types of Activities
Week 6 – Cyber Security and Cyber Warfare
Cyber Security Terms-
Common types of cyber crime include online bank information theft, identity theft, online predatory crimes and unauthorized computer access. More serious crimes like cyber terrorism are also of significant concern.
Cyber crime encompasses a wide range of activities, but these can generally be broken into two categories:
Crimes that target computer networks or devices. These types of crimes include viruses and denial-of-service (DoS) attacks.
Crimes that use computer networks to advance other criminal activities. These types of crimes include cyberstalking, phishing and fraud or identity theft.
4
Phishing
Week 6 – Cyber Security and Cyber Warfare
Phishing is trying to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but that contains a link to a fake website which replicates the real one.
5
Phishing – Office 365 Example
Week 6 – Cyber Security and Cyber Warfare
Using social engineering to find victims, scammers send an email claiming to be from Microsoft and notifying the user that their account has been suspended. The message then states that in order to take action, you must click on a link in the email. Once the user has clicked on the link, they are asked to provide their login credentials. If the user follows through, their account is compromised. This will only allow the criminals to gain access to the user’s contacts, but also to confidential information about your company that could leave it susceptible to internal hacks.
Office 365 has been the target of a lot of Phishing. Here are a couple of examples
6
Phishing – Office 365 Example
Week 6 – Cyber Security and Cyber Warfare
Punycode is a method added to the domain name system in order to support non-ASCII characters within a web URL. The first Punycode phishing attacks used non-ASCII characters to fool end-users into clicking URLs that looked legitimate, but substituted similarly-shaped letters from different alphabets to spoof the site.
Here is an example: München (German name for the city of Munich) would be encoded as Mnchen-3ya.
In more current threats, the Punycode is used to fool the anti-phishing filters found in Office 365 and other email phishing protection systems. The user sees a fake Office 365 login page, which requests their credentials. Once the Office 365 usernames and passwords have been compromised, the hackers can:
Install malware.
Send emails to other users in the victim’s address book, asking them for anything, sending invoices, sending more phishing emails, etc.
Access the user’s OneDrive account, to download files, install more malware, infect files with malware, etc.
Steal company secrets or other customer information such as customer SSNs, credit card numbers, email addresses, etc.
Common wisdom seems to be that this kind of threat underscores the security risks associated with adoption of cloud end user computing applications used by organizations and businesses including credit unions and their members. Research shows that with the adoption of Microsoft Office 365 in business, a significant amount of sensitive information is now stored in the cloud.
7
Spamming
Week 6 – Cyber Security and Cyber Warfare
Spam is a word usage originated by Usenet users after March 31, 1993, when Usenet administrator Richard Depew inadvertently posted the same message 200 times to a discussion group. It refers to unsolicited electronic mail or text messages sent simultaneously to a number of e-mail addresses or mobile phones (British Dictionary). Spamming is the act of creating and arranging for these messages to be sent.
8
Spamming
Week 6 – Cyber Security and Cyber Warfare
A spambot is a program designed to collect, or harvest, e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail.
A new spambot called Onliner was discovered in August. Onliner was used to send the banking malware Ursnif to vulnerable Windows computers. The trojan then stole passwords, credit card details, and other personal information by tricking a user into opening an attachment in the email which causes the malware to download, infecting the computer. The emails have been seen disguised as invoices from government bodies, hotel reservations, and DHL notifications.
Due to an error by spammers in placing their database on an open and accessible server, it was discovered that Onliner had 711 million names in its database, along with a huge list of valid SMTP credentials. The exposed database was verified by Troy Hunt, an Australian web security expert who added the leaked email addresses to his breach notification site “Have I Been Pwned?” I read an article by this man, and in the article he related that he found himself twice in the Onliner database.
9
Spoofing
Week 6 – Cyber Security and Cyber Warfare
Spoofing attack: involves websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites by users or other programs
10
Spoofing – Some other Types
Week 6 – Cyber Security and Cyber Warfare
Email Spoofing (or phishing) occurs when email is sent with falsified “From:” entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a trick.
URL Spoofing is when scammers set up a fraudulent website to obtain information from victims or to install viruses on their computers. For instance, targets might be directed to a site that looks like it’s from their credit card company and be asked to log in. If one falls for it and actually logs in, the scammer could then log onto the real site and commit mishap by using the account information the victim used to log in.
DNS Spoofing is a type of computer attack wherein a user is forced to navigate to a fake website disguised to look like a real one. Corrupt DNS data is introduced into the DNS Resolver’s cache, causing the Domain Name Server to return an incorrect IP address.
Besides the ip Address spoofing example on the previous slide, here are some other types of spoofing.
11
Malware
Week 6 – Cyber Security and Cyber Warfare
Let’s move along from types of cyber crime activities and take a look at some of the tools used in these activities.
Dictionary.com defines Malware (short for Malicious ware) in the following way: software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation. On the slides that follow, we will examine some of the different forms that malware can take.
12
Keyloggers
Week 6 – Cyber Security and Cyber Warfare
Key loggers: tools designed to record every keystroke on the affected machine for later retrieval. There are legitimate and illegitimate reasons to do this – supervision of data input personnel and HCI research are examples of the former. There is a great deal of keylogger software in existence, presumably designed for legitimate reasons. Keylogger software that is downloaded with a Trojan can record passwords, bank account numbers and so on, and send the logs back to the hacker.
13
Ransomware
Week 6 – Cyber Security and Cyber Warfare
Malware planted illegally in a computer or mobile device that disables its operation or access to its data until the owner or operator pays to regain control or access.
In attacks in May and June of 2017, hospitals, companies, universities and governments across at least 150 countries were hounded by cyber attacks named WannaCry and Petya that locked computers and demanded ransom. Ransom is often demanded in the form of Bitcoin, since this makes it much harder to trace.
14
Rootkit
Week 6 – Cyber Security and Cyber Warfare
Root kit: represents a set of programs which work to subvert control of an operating system from legitimate operators . The rootkit tools enable administrator-level access to a computer or computer network. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.
15
Virus
Week 6 – Cyber Security and Cyber Warfare
Viruses are a type of malware that consists of self-replicating programs which spread by inserting copies of the same program into other executable code files or documents. The executables carry the malware into the computer, and the malware executes when the executable runs.
16
Boot Sector Virus
Week 6 – Cyber Security and Cyber Warfare
A boot sector virus is a type of virus that infects the boot sector. It used to be a very prevalent form of virus back when everybody used floppy disks to boot their computers. It can also affect the boot sector of the hard disk or the Master Boot Record. While the boot sector viruses infect at a BIOS level, they can use DOS commands to spread themselves. Today, there are programs known as ‘bootkits’ that write their code to the MBR as a means of loading early in the boot process and then concealing the actions of malware running under Windows. According to Kaspersky, boot sector viruses are not designed to infect removable media.
17
Polymorphic Virus
Week 6 – Cyber Security and Cyber Warfare
Polymorphism
(Overloading Variety)
displayContactData(coName,coAddress,
coPhone1,coPhone2,coURL)
displayContactData(coPhone1, coPhone2,coURL)
displayContactData(coURL)
A polymorphic virus is a complicated computer virus that affects data types and functions. It is a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virus duplicates itself by creating usable, slightly modified, copies of itself. This type of virus uses the polymorphic nature of modern code.
18
Macro Virus
Week 6 – Cyber Security and Cyber Warfare
A macro virus is a computer virus written in the same macro language used for software applications like word processors. Its effect is to release a chain of events in conjunction with the application. Did you know that many Microsoft Office applications contain a full-fledged object-oriented programming language embedded in them? The language is Visual Basic for Applications and it is extremely powerful. VBA applications can manipulate the data in the hosting application and also in other Microsoft Office applications as well. This makes it a powerful and easy method for cyber crime.
19
Worm
Week 6 – Cyber Security and Cyber Warfare
A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers.
Although our “Virus” slide showed worms as a virus, they are a little different. The difference lies in how they spread. Computer worms self-replicate and spread across networks, exploiting vulnerabilities, automatically, without further guidance from a cybercriminal.
20
Trojan Horse
Week 6 – Cyber Security and Cyber Warfare
Trojan horse: serves as a back door in a computer system to allow an intruder to gain access to the system later. Trojans can look harmless or even beneficial and trick you into installing them on your system. Once on your system, Trojans are typically used by cybercriminals for online fraud and theft.
21
Spyware
Week 6 – Cyber Security and Cyber Warfare
Spyware is software that covertly gathers user information through the user’s Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet which is why you want to be very careful about downloading such programs. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about email addresses and even passwords and credit card numbers. Rootkit software and Trojans can be considered spyware. Other vehicles for this activity are adware, cookie tracking software, DRM (digital rights management) programs that “phone home”, and web beacons.
22
Cyber Warfare
Week 6 – Cyber Security and Cyber Warfare
We have looked at some of the types of criminal activities that exist in the cyber world, and at the arsenal of tools that are used by cyber criminals. Now we need to talk about the two major types of attacks that can cause havoc with our systems and our lives. Hacking is the method by which cyber criminals gain unauthorized access to our computers and systems, and Denial-of-Service attacks are the method by which our computers and systems can be stopped not from within, but from without.
23
Botnet
Week 6 – Cyber Security and Cyber Warfare
A botnet is a collection of internet-connected devices, which may include PCs, servers, mobile devices and internet of things devices that are infected and controlled by a common type of malware. Users are often unaware of a botnet infecting their system.
Infected devices are controlled remotely by threat actors, often cybercriminals, and are used for specific functions, so the malicious operations stay hidden to the user. Botnets are commonly used to send email spam, engage in click fraud campaigns and generate malicious traffic for distributed denial-of-service attacks.
The term botnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group.
The botnet malware typically looks for vulnerable devices across the internet, rather than targeting specific individuals, companies or industries. The objective for creating a botnet is to infect as many connected devices as possible, and to use the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices.
To stay concealed, the botnet won’t take complete control of the web browsers, which would alert the user. Instead, the botnet may use a small portion of the browser’s processes, often running in the background, which makes their activity difficult to detect. However, millions of these bots working together can cause massive attacks.
24
Hacking/Hacker:
Week 6 – Cyber Security and Cyber Warfare
Here are some definitions I compiled from various dictionaries, of the terms hacking and hacker:
A hacker is a person who illegally gains access to and sometimes tampers with information in a computer system
Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker. This hacker may alter
system or security features to accomplish a goal that differs from the original purpose.
A hacker is one who is proficient at using or programming a computer; a computer buff.
A hacker is one who uses programming skills to gain illegal access to a computer network or file.
25
Hacking: Phone Phreaking
Week 6 – Cyber Security and Cyber Warfare
An early instance of hacking, almost before anyone had access to computers, was Phone Phreaking. Experimental students in the 60’s and 70’s learned to electronically recreate the system of tones used by telephone equipment of the day to route long-distance calls, enabling them to switch the calls from the phone and receive free long distance. To accomplish this, they created electronic tone generators known as blue boxes. Well-known practitioners of this form of hacking were Steve Jobs, Steve Wozniak, and John (Cap’n Crunch) Draper, who famously discovered that a toy whistle which came in boxes of Cap’n Crunch cereal would recreate an important tone for this purpose.
Although this seems like a college-type prank all in good fun, it is sobering to think that we were totally dependent on phone networks of the time in order to communicate, as other forms of fast communication had not yet been invented.
26
Hacking: Unix
Week 6 – Cyber Security and Cyber Warfare
The earliest programmers who called themselves “hackers” fit definition #3 on the last slide (“One who is proficient at using or programming a computer; a computer buff.”) They were bona fide talents who contributed to a DARPA project to create improvements to and applications for Unix. Through the Computer Science Research Group (CSRG) of the University of California at Berkeley, these efforts become ”BSD Unix‘’. (Berkeley Software Distribution.) Unix hackers around the world got involved. They worked under Unix licenses, first distributed only to AT&T, but in the late 1980s, also distributed under the ”BSD license”, one of the first Open Source licenses. These licenses were not totally Open Source, since every user of BSD Unix also needed an AT&T Unix license.
27
Hacking: Today
Week 6 – Cyber Security and Cyber Warfare
The most current use of the term “hacker” is in the news every day currently. It refers to “unauthorized intrusion into a computer or a network” and is increasingly becoming an extremely dangerous, uncontrolled weapon of criminals and unfriendly foreign governments. These hacking attacks access information illegally for distribution or other illegal use. It has been argued that such leaked hacked information may have actually affected the 2016 presidential election.
28
Ethical Hacking:
Week 6 – Cyber Security and Cyber Warfare
Certain corporations employ hackers as part of their support staff. These legitimate hackers use their skills to find flaws in the company security system, thus preventing identity theft and other computer-related crimes. This activity is known as penetration testing.
Both legitimate and illegitimate hackers employ a huge variety of techniques for hacking, including:
Vulnerability scanners: checks computers on networks for known weaknesses
Password cracking: the process of recovering passwords from data stored or transmitted by computer systems
Packet sniffers: applications that capture data packets in order to view data and passwords in transit over networks.
Ethical hackers are sometimes called “White Hat Hackers”, because they are the good guys, as opposed to “Black Hat Hackers” and “Grey Hat Hackers”
29
Denial of Service Attacks
Week 6 – Cyber Security and Cyber Warfare
The other major tool of cyber warfare, denial of service attacks, commonly abbreviated as DoS or sometimes simply “dos,” depend on an attacker’s ability to exhaust or monopolize computing resources of a server or network. These attacks use many of the techniques listed above. The essence of a denial of service attack is to flood the target of the attack with an abnormally large amount of traffic to the effect of rendering it inaccessible to legitimate users.
When numerous systems are involved in the DoS attack (hence amplifying its effects) it is often referred to as a “Distributed Denial of Service” or DDoS.
A packet flood denial of service attack entails one computer on the Internet sending another computer an unregulated and continuous stream of packets.
30
UDP Flood – With the UDP (User Datagram Protocol) attack, the server is constantly checking for the application to arrive and listening to the internet port, when in fact there is no application being sent to the host.
SYN Flood – (SYN for synchronize). Any service that binds to and listens on a TCP socket is potentially vulnerable to TCP SYN flooding attacks. This weakness is that the SYN is requesting to form a connection with TCP, and since a connection must be answered, the SYN continues to send multiple requests but does not respond. This causes a loop in TCP to constantly check for a response, thus flooding the network causing it to shut down due to overload.
ICMP Flood – ICMP (Internet Control Message Protocol) over loads the server it is targeting with ICMP Echo request packets through pinging the server multiple times while waiting for a response. This overloads the incoming bandwidth which causes the system to become extremely slow!
Week 6 – Cyber Security and Cyber Warfare
Denial of Service Attacks – Types of DDoS Attacks
Unlike TCP, UDP doesn’t check for the readiness of the receiver. When an app uses UDP, packets are just sent to the recipient. The sender doesn’t wait to make sure the recipient received the packet—it just continues sending the next packets. If the recipient misses a few UDP packets here and there, they are just lost—the sender won’t resend them. Losing all this overhead means the devices can communicate more quickly.
In a SYN flood attack, the attacker sends repeated SYN packets to every port on the targeted server, often using a fake IP address. The server, unaware of the attack, receives multiple, apparently legitimate requests to establish communication. It responds to each attempt with a SYN-ACK packet from each open port.
ICMP is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets. ICMP messages are transmitted as datagrams and consist of an IP header that encapsulates the ICMP data. ICMP packets are IP packets with ICMP in the IP data portion. ICMP messages also contain the entire IP header from the original message, so the end system knows which packet failed
31
Ping of Death – Pings the server to death using malformed ping requests that are larger than the number of bytes allowed by the ip protocol. If the server doesn’t know how to handle an oversized packet, it can freeze, crash, or reboot.
HTTP Flood –This type of DDoS attack exploits uses GET and POST requests to overload the resources of the server.
NTP Amplification – NTP (Network Time Protocol) uses UDP, spoofing and the MONLIST command to creates a high bandwidth, high volume attack. Ultimately it will overload the connection.
Zero Day– Zero Day is new and exploits any vulnerabilities which are not patched yet. If a vulnerability is discovered and must be made public, the Zero Day attackers immediately jump in to attempt to learn how to exploit the vulnerability before it can be patched.
Week 6 – Cyber Security and Cyber Warfare
Denial of Service Attacks – Types of DDoS Attacks
The Ping of Death is possible because of the feature of TCP that breaks messages down into multiple packets. When the server reassembles the packets, they can add up to more than the allowed size of the protocol.
If an NTP server has its list fully populated, the response to a MONLIST request will be 206-times larger than the request. In the attack, since the source IP address is spoofed and UDP does not require a handshake, the amplified response is sent to the intended target.
32
Week 6 – Cyber Security and Cyber Warfare
Denial of Service Attacks – Guide to Research
February 2000 – DDoS attack caused shutdown of Yahoo, eBay and Amazon for a few hours.
January 2001 – First major attack involving DNS servers as reflectors. The target was Register.com.
February 2001 – The Irish Government’s Department of Finance server was hit by a denial of service attack carried out as part of a student campaign from NUI Maynooth.
May 2001 – Worm Code Red was supposed to attack White House website.
October 2002 – Attackers performed DNS Backbone DDoS Attacks on the DNS root servers and disrupted service at 9 of the 13 root servers.
August 2003 – Worm Blaster attacks Microsoft web pages.
January 2004 – MyDoom attacked 1 million computers.
February 2007 – Attackers performed a second set of DNS Backbone DDoS Attacks on the DNS root servers and caused disruptions at two of the root servers.
February 2007 – More than 10,000 online game servers in games such as Return to Castle Wolfenstein, Halo, Counter-Strike and many others were attacked by “RUS” hacker group. The DDoS attack was made from more than a thousand computer units located in the republics of the former Soviet Union.
One thing I have come to understand a lot better through my research on this topic, is the massively complex nature of cyber security. It is practically impossible to create a timeline for hacking attacks, since they are an analog, rather than a digital event. Practically everyone is being hacked on one level or another, at all times.
DoS attacks are a little easier to at least timeline, since they tend to have a beginning and an end. In the slides that follow and in our reading assignment for Weeks 6 and 7, are the results of my attempt to list major discussions about Denial of Service and Hacking Attacks that have occurred inside and outside of the United States. I call this a “Guide to Research”, because it has to be clear by now, that any one of the items on these lists could probably be the subject of a book all by itself.
33
April-May 2007 – A spree of denial-of-service attacks against Estonia’s prime minister, banks, and less-trafficked sites run by small schools.
July 2008 – A DDoS attack directed at Georgian government sites containing the message: “win+love+in+Rusia” [sic] effectively overloaded and shut down multiple Georgian servers. Websites targeted included the Web site of the Georgian president, Mikhail Saakashvili, rendered inoperable for 24 hours, and the National Bank of Georgia.
March 30 – April 1, 2009 – Cloud computing provider GoGrid is hit by a “large, distributed DDoS attack,” which disrupts service to about half of its 1,000 customers.”
March 31, 2009 – A DDoS attack knocks UltraDNS offline for several hours.
April 2-5, 2009 – Domain registrar Register.com is hit with a DDoS that causes several days of disruptions for its customers.
Week 6 – Cyber Security and Cyber Warfare
Denial of Service Attacks – Guide to Research
34
April 6-7, 2009 – Customers of The Planet are hit by web site outages as a result of a DDoS aimed at the huge hosting company.
June 2009 – The famous P2P site known as The Pirate Bay was rendered inaccessible due to a DDoS attack.
June 2009 – Iranian election protests, foreign activists seeking to help the opposition engaged in DDoS attacks against Iran’s government. The official website of the Iranian government was rendered inaccessible on several occasions. Critics claimed that the DDoS attacks also cut off Internet access for protesters inside Iran; activists countered that, while this may have been true, the attacks still hindered President Mahmoud Ahmadinejad’s government enough to aid the opposition.
.
Week 6 – Cyber Security and Cyber Warfare
Denial of Service Attacks – Guide to Research
35
Denial of Service Attacks
Week 6 – Cyber Security and Cyber Warfare
July 2009 – Multiple waves of cyber attacks targeted a number of major websites in South Korea and the United States: the White House, Department of Transportation, Federal Trade Commission, and the Department of the Treasury. Hit at the same time were the Washington Post and the New York Stock Exchange. The attacker used botnet and file update through Internet is known to assist its spread. Investigation is still underway.
August 6, 2009 – Several social networking sites, including Twitter, Facebook, Livejournal, and Google blogging pages were hit by DDoS attacks, apparently aimed at Georgian blogger “Cyxymu”. Although Google came through with only minor set-backs, these attacks left Twitter crippled for hours and Facebook did eventually restore service although some users still experienced trouble
36
Denial of Service Attacks
Week 6 – Cyber Security and Cyber Warfare
Scientologist Church Gets Hit Hard By Anonymous
A well known and reputable hacktivist group that calls themselves Anonymous attacked the Church of Scientology in a major DDoS attack. This attack took place on January 8, 2008 and was called Project Chanology.
The denial of service attack that was deployed was well coordinated using a software program that was used to fight for Wikileaks. The program was able to shut down the Scientologist church website momentarily.
The DDoS attack was meant to be a protest against the Church of Scientology’s philosophies and practices. Anonymous felt that Scientologist were trying to cover up and remove a published interview with the famous actor Tom Cruise, who is a advocate and practitioner of the Scientology Church.
This internet censorship from the Church of Scientologist led to Anonymous ultimate decision to attack this organization with a highly organized DDoS attack.
37
Denial of Service Attacks
Week 6 – Cyber Security and Cyber Warfare
Hong Kong’s Democracy Movement Flustered
This attack does not deal with anything U.S. related. This story shows that DDoS attacks can occur world wide to foreign governments and corporations as alike.
A grassroots moment located in Hong Kong wanted to bring destruction to the Chinese government back in June 2014. This movement is called Occupy Central. They organized one of the biggest and most famous DDoS attacks in history.
Occupy Central used this DDoS attack against the Chinese government because they wanted a one man one vote system when electing officials to represent political office. At the time, the government didn’t allow for such a voting system. Only 1,200 members apart of an election committee were allowed to vote on who would be the next political leader.
This all led Occupy Central to push their DDoS attack forward and brought down a major political website.
38
Denial of Service Attacks
Week 6 – Cyber Security and Cyber Warfare
The Largest DDoS Attack In History
So far this next story is considered to be the largest DDoS attack in history yet.
Back on December 31st, 2015, on New Years Eve a hacker group calling themselves the New World Hacking took responsibility for this huge DDoS attack. They were capable of disrupting BBC’s global website, along with Donald Trump’s website as well.
BBC’s sites including the iPlayer, which is an on demand service, were taken down through the DDoS attack for at least three hours or more. BBC reported that the lack of response from their services was due to technical issues. However, these were not technical issues, but the well crafted and highly organized work coming from the hands of the New World Hacking group.
The tool that was used to deploy these attacks is called BangStresser. This was capable of launching an attack of up to 602 Gbps on BBC’s website. Again this is considered the biggest DDoS attack yet.
In the next lecture, we will take a look at ways we attempt to protect ourselves from this really scary collection of activities, tools and attacks. I would like to say that we will discuss the future of cyber security, but I really wonder if we have any way of knowing what that future will be. One thing I do know is that as IT professionals, you will be involved at every level and in every way. But try to have a great week anyway!
39
References
Shakarian, Paulo; Shakarian, Jana; Ruef, Andrew. Introduction to Cyber-Warfare: A Multidisciplinary Approach (Kindle Locations 650-652). Elsevier Science. Kindle Edition.
Dictionary.com
British at Dictionary.com
Merriam-Webster Law Dictionary
American Heritage® Dictionary of the English Language, Fifth Edition.
Collins English Dictionary – Complete and Unabridged, 12th Edition 2014
http://www.socialmediaexaminer.com/copyright-fair-use-and-how-it-works-for-online-images/
https://www.lib.umn.edu/copyright/using-images-teaching
https://www.stinkyinkshop.co.uk/articles/ultimate-guide-to-images
https://www.merriam-webster.com/legal/cybercrime
https://www.techopedia.com/definition/2387/cybercrime
https://www.techopedia.com/definition/26361/hacking
http://www.thefreedictionary.com/Computer+hacking
http://www.dictionary.com/browse/phishing
https://www.bing.com/images/search?view=detailV2&ccid=40vXqFcT&id=D865D623DAF50B1506A65E212ED8B6F116F13C75&thid=OIP.40vXqFcTXVwPAlapeMkEwAEsEH&q=phishing+images+irs&simid=608053970674386701&selectedIndex=6&ajaxhist=0
http://www.dictionary.com/browse/ransomware?s=ts
https://www.wordfence.com/wp-content/uploads/2017/05/WannaCrypt.jpg
http://www.wavefrontcg.com/A_Brief_History_of_Cybercrime.html
https://www.quora.com/What-do-you-like-about-your-career-in-cyber-security-and-why-should-I-pursue-this
http://searchsecurity.techtarget.com/definition/botnet
https://ritcyberselfdefense.files.wordpress.com/2011/09/botnet1.jpg
40
References
https://mybroadband.co.za/news/wp-content/uploads/2013/06/Botnet-diagram.jpg
http://www.cyberdefensehub.com/famous-ddos-attacks/
http://www.parabon.com/faqs/ddos-timeline.html
https://www.incapsula.com/ddos/attack-glossary/syn-flood.html
https://www.howtogeek.com/190014/htg-explains-what-is-the-difference-between-tcp-and-udp/
http://searchnetworking.techtarget.com/definition/ICMP
http://searchsecurity.techtarget.com/definition/ping-of-death
http://www.diffen.com/difference/TCP_vs_UDP
https://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack/
http://whnt.com/2017/10/28/microsoft-office-365-users-become-target-of-new-phishing-attack/
https://www.avanan.com/resources/new-phishing-scam-using-microsoft-office-365/
http://www.investopedia.com/terms/s/spoofing.asp
http://searchmidmarketsecurity.techtarget.com/definition/rootkit
http://i1-news.softpedia-static.com/images/news-700/Existence-of-Cyber-Warfare-Unit-Confirmed-by-German-Authorities.png
https://usa.kaspersky.com/resource-center/definitions/boot-sector-virus
https://www.techopedia.com/definition/4055/polymorphic-virus
https://www.webopedia.com/TERM/S/spyware.html
http://www.computerworld.com/s/article/9135274/Online_attack_hits_US_government_Web_sites
41
References
https://images.search.yahoo.com/search/images?p=denial+of+service+images&fr=mcafee&imgurl=http%3A%2F%2F1.bp.blogspot.com%2F-Gd6jmb-nTkQ%2FT5pTwI8F_NI%2FAAAAAAAAAKc%2FwcpAO-d8hFc%2Fs1600%2Fdos_figure_4-001.jpg#id=4&iurl=https%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fthumb%2F3%2F3f%2FStachledraht_DDos_Attack.svg%2F1200px-Stachledraht_DDos_Attack.svg.png&action=click
https://images.search.yahoo.com/search/images;_ylt=A0LEV02cQHxZBMoAipNXNyoA;_ylu=X3oDMTB0N2Noc21lBGNvbG8DYmYxBHBvcwMxBHZ0aWQDBHNlYwNwaXZz?p=blue+box+hack&fr2=piv-web&fr=mcafee#id=2&iurl=http%3A%2F%2Fduino4projects.com%2Fwp-content%2Fuploads%2F2014%2F10%2FArduino-Based-Blue-Box-Phone-Phreaking.jpg&action=click
https://images.search.yahoo.com/search/images;_ylt=A0LEVxrWRHxZNhgAOr5XNyoA;_ylu=X3oDMTB0N2Noc21lBGNvbG8DYmYxBHBvcwMxBHZ0aWQDBHNlYwNwaXZz?p=malware+images&fr2=piv-web&fr=mcafee#id=1&iurl=http%3A%2F%2Fwww.submitedge.com%2Fblog%2Fwp-content%2Fuploads%2F2013%2F01%2Fmalware.jpg&action=click
https://images.search.yahoo.com/search/images?p=rootkit+images&fr=mcafee&imgurl=http%3A%2F%2Fwww.welivesecurity.com%2Fwp-content%2Fuploads%2F2013%2F04%2Frootkit.png#id=27&iurl=http%3A%2F%2Fwww.qweas.com%2Fdownloads%2Fsecurity%2Fanti-spam-anti-spy-tools%2Fscr-rootkit-hook-analyzer.jpg&action=click
https://images.search.yahoo.com/search/images;_ylt=A0LEVwm1TnxZl7YA6bhXNyoA;_ylu=X3oDMTByMjB0aG5zBGNvbG8DYmYxBHBvcwMxBHZ0aWQDBHNlYwNzYw–?p=computer+spamming&fr=mcafee#id=13&iurl=http%3A%2F%2Fstatic.theglobeandmail.ca%2F72c%2Fincoming%2Farticle820711.ece%2FALTERNATES%2Fw620%2FiStock_000005126078Medium.JPG&action=click
42
References
https://images.search.yahoo.com/search/images?p=computer+spoofing+images&fr=mcafee&imgurl=http%3A%2F%2Fwww.termpedia.com%2Fimages%2Fterms%2FSpoofing.jpg#id=2&iurl=https%3A%2F%2F1.bp.blogspot.com%2F-Rcl_PkTyhjA%2FVt0QUnCi7kI%2FAAAAAAAAAX8%2FT3epEECRHA4%2Fs1600%2FHowToSpoofIPAddress.jpg&action=click
https://images.search.yahoo.com/search/images?p=computer+trojan+horse+images&fr=mcafee&imgurl=http%3A%2F%2Fwww.uninstalltips.net%2Fwp-content%2Fuploads%2F2014%2F03%2Ftrojan-horse1.jpg#id=1&iurl=http%3A%2F%2Fwww.uninstalltips.net%2Fwp-content%2Fuploads%2F2014%2F03%2Ftrojan-horse1.jpg&action=click
43
References – Instructor Reading
Cyber Warfare Involving Governments
Moonlight-Maze/ Turla/ Kaspersky Labs
http://www.knowstuff.org/2017/04/ancient-moonlight-maze-backdoor-remerges-as-modern-apt/
http://www.securityweek.com/russian-speaking-turla-attackers-hijacking-satellite-internet-links
http://www.businessinsider.com/russia-kaspersky-lab-nsa-spy-us-computer-2017-10
Stuxnet
http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-thought-2013-1 1
The Original Logic Bomb
https://rconnon12.wordpress.com/2014/10/26 /third/
Estonia
http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1105&context=jss
https://www.wired.com/2009/03/pro-kremlin-gro/
https://www.computerworld.com/article/2511704/vertical-it/estonia-blamed-russia-for-backing-2007-cyberattacks–says-leaked-cable.html
https://www.computerworld.com/article/2545237/security0/estonia-recovers-from-massive-ddos-attack.html
44
References – Instructor Reading
Cyber Warfare on Commerce
https://www.computerworld.com/article/2527185/security0/sql-injection-attacks-led-to-heartland–hannaford-breaches.html
https://www.computerworld.com/article/2544306/security0/tjx-data-breach–at-45-6m-card-numbers–it-s-the-biggest-ever.html
https://www.computerworld.com/article/2508060/lan-wan/sony-resuming-playstation-network–qriocity-services.html
https://www.computerworld.com/article/2471044/cloud-computing/epsilon-breach–hack-of-the-century-.html
https://www.computerworld.com/article/2522322/network-security/citigroup–law-enforcement-refute-cyber-heist-report.html
Biggest Hacks of 2017
https://www.wired.com/story/2017-biggest-hacks-so-far/
https://www.healthworkscollective.com/5-worst-cyber-attacks-2017/
45
