Вы находитесь на странице: 1из 285

Exploring the Internet

The Dark Side of the

Instructor: Michael Krolak
Instructor: Patrick Krolak
See also http://www.cs.uml.edu/~pkrolak/lab1/lab1.html

Authors: P. D. & M. S. Krolak Copyright 2005-2011

Edited by Richard Wright, National Expert Traffic & Information Management, Volpe Center US DOT

The Internet and Security

The Dark Side of the


The Dark Side of the

Internet is changing our
lives in small ways
The creation of an evolving rainbow of
wireless devices mean that we are always
on call, tracked with GPS, and constantly
interrupted with text messages, twits,

Society and the multitasking lifestyle

Frazzing: A new term for frantic multitasking,
says ABC News, in a world where digital gadgets
are all demanding our attention. By one estimate,
the average office worker loses 2.1 hours a day to

Teens and the Social Network

Recent medical journal articles have begun documenting
how mobile devices are interrupting time formerly
reserved for family and friends, i.e. downtime,
This downtime time is now spent texting, tweeting, and
posting to Facebook.
The teenager who can not stop responding to messages
and tweets even during the night, will soon enter the job
world to find the same devices interrupting their
business, family, and rest.
The mobile device replaces real world experience with a
virtual one. This makes it harder to read the situation
where micro expressions of the face and body clue us to
feelings and intentions, gain a sense of personal space,
and other social skills.

Teens and the Social Network

Confusion about the real world and the virtual world;
Too much social collaboration among teens is leading to
fatigue and guilt:
Living in the cyber space, virtual world is not the same as

Hoaxes create anxiety,

worries, and in some
cases real problems
With the advent of the Internet social
networks, chat rooms, and blogs
rumors and hoaxes can travel
around the world and reach millions
in days if not minutes.

Hoaxes the chain email

In the days of snail mail, the chain letter that offer some
reward, prayer answer, good luck for the receiver of the
letter if they then copied it and sent 10 copies to others.
In some cases they asked that the person put their name
and address on a list and send money to the person
higher on the list.
Today hoax emails ask that the user say a prayer, do a
good deed, send money to a charity, etc. In addition the
person is asked to forward it to at least 10 friends. At the
very least this clogs the email system with junk. At worse
it is a scam that may harm your computer or add your
email to a spam or sucker list.
Action Delete the email immediately and/or notify your
system administrator so it can be blocked. For more see
the Pyramid Scheme Section.

Urban Legend also urban

myth or urban tale
An urban legend, urban myth, urban tale, or a
contemporary legend, is a form of modern folklore
consisting of apocryphal stories believed by their tellers to
be true. As with all folklore and mythology, the designation
suggests nothing about the story's factuality or falsehood,
but merely that it is in non-institutional circulation, exhibits
variation over time, and carries some significance that
motivates the community in preserving and propagating it.

Source: http://en.wikipedia.org/wiki/Urban_legend

Urban legend
Despite its name, a typical urban legend does not
necessarily originate in an urban area. Rather, the term
is used to differentiate modern legend from traditional
folklore in preindustrial times. For this reason,
sociologists and folklorists prefer the term contemporary
Urban legends are sometimes repeated in news stories
and, in recent years, distributed by e-mail. People
frequently allege that such tales happened to a "
friend of a friend" -- so often, in fact, that "friend of a
friend," ("FOAF") has become a commonly used term
when recounting this type of story.

Belief and relation to mythology

The earliest term by which these narratives were known,
urban belief tales, highlights what was then thought to
be a key property: they were held, by their tellers, to be
true accounts, and the device of the FOAF was a
spurious but significant effort at authentication.[16] The
coinage leads in turn to the terms "FOAFlore" and
Recently social scientists have started to draw on urban
legends in order to help explain complex sociopsychological beliefs, such as attitudes to crime,
childcare, fast food, SUVs and other 'family' choices.[20]

Debunking or Fact Checking

Urban myths - http://www.urbanmyths.com/
FactCheck.org - Annenberg Political
Fact Check
snopes.com: Urban Legends Reference Pages
PolitiFact | Sorting out the truth in politics


Source: http://www.unt.edu/benchmarks/archives/2005/february05/spamandcookiescolor.gif

Spam is electronic junk mail that clogs our internet like the fatty canned
meat of the same name clogs our arteries.
Communication lines back up at an alarming rate,
Storage is gobbled up,
Servers and processors thrash, and
Users are irritated at best incapacitated at worst.

Spam costs the ISPs and others a fortune to prevent and/or to remove.
At its worst spam is used by scammers, hackers, and others to market
and prey on literally millions of users at a very low cost.

What is Spam?
Junk email unwanted, resource robbing, and often contains viruses, worms,
and scams.

Why is it an increasing problem?

Spam is the fastest growing component of messages on the Internet that
consumes bandwidth, storage, and angers the user. ISPs and some
consumer groups are attempting to shut down the worst offenders.
Spam as harassment.
Spam as DoS (Denial of Service) attack.
Spam as Phishing (attempt to obtain a persons ID, password, etc, by
pretending to be a legitimate request.)

What can be done about it? (Discussion questions)

Closing down ISPs that permit email relaying (Is this too draconian?).
Apply filters and tools to remove it (Can they be by-passed?).
Lobby for federal legislation to create civil and criminal penalties for those
who send Spam. (Does this interfere with free speech?)
A recently passed law to prosecute commercial spammers. (When is
Internet advertising legitimate and when is it Spam?)

Why Estimate the Cost of Spam?

Important for policy reasons to know severity of problem

helps in assigning priority to issue;

To determine which economic actors have to bear costs also

important in focusing on solutions;

Spam imposes negative externality on society (similar to

pollution in the manufacturing economy): economic damage
and cost borne by third parties resulting in an overall loss of
welfare for society;

If costs of spam are unacceptable then have to put in place

mechanisms to change behavior of producers of spam;

Provides metric to let the punishment fit the crime.

Market itself does not provide mechanism to correct for costs
inflicted by spam. If economic solutions are used to combat
spam, cost data can help determine prices applied to reduce or
eliminate spam;


Spam Impact on Consumers

E-mail has value to recipient which varies with the content
and should at least equal processing cost;
Each e-mail entails the same receiving/processing cost for
consumer. For spam the value of the e-mail content is
negative and to this must be added the processing cost;
If the amount of spam received is extremely high it could
conceivably outweigh the positive value of receiving e-mail;
Costs to consumers for processing mail are declining as
consumers switch to broadband from dial-up (where time
based Internet access charges exist) and because of quicker
download times;
But increase in volume of spam is likely to result in net
increase in costs if you can go fast but you produce crap, all
you get is more crap;

Overall Cost: Some Estimates

Reduced use of an efficient and cheap means of
communications among economic actors slows down growth
of e-commerce and development of digital economy.
Total economic impact of spam estimates vary:
Global cost conservatively estimated at estimated at 10
Billion (European Commission Study 2001);
Ferris Research (Jan. 2003) estimated that spam cost US
companies $8.9 billion dollars in 2002. The same study
estimated the cost of spam in Europe as US$2.5 billion.
UNCTAD (2003): $20 billion;
Cost to Hong Kong economy $1.3 billion (HKISPA 2004);
$2 - $20 Billion per year and growing.


Crimes of Persuasion
Crimes of persuasion are scams that appeal to
peoples greed, goodwill, or other emotions to
use the victim to provide the access and
assistance to information, the money or other
resources, that are the target of the criminal.
In other words A Con Game

Internet Scams

Internet Scams
Scams over the Internet unlike the fraud and similar crime can be
difficult to detect, prosecute, and prevent and easy to perpetrate.
Email can be used to reach 250 million with a simple program and
a CD-ROM with the email addresses.
Example - The African businessman who offers to split a large sum
of money (like, $20M) if he can only electronically wire it to your
checking account. He also requires a (small) fee ($250.) wired to
his account to bribe fellow country men. Your fee and your bank
account are immediately seen to vanish.

Internet Pyramid schemes

What is a Pyramid Scheme?
Pyramid schemes, also referred to as "chain referral", "binary
compensation" or "matrix marketing" schemes, are marketing
and investment frauds which reward participants for inducing
other people to join the program. Ponzi schemes, by contrast,
operate strictly by paying earlier investors with money deposited
by later investors without the emphasis on recruitment or
awareness of participation structure.
Pyramid schemes focus on the exchange of money and
recruitment. At the heart of each pyramid scheme there is typically a
representation that new participants can recoup their original
investments by inducing two or more prospects to make the same
For each person you bring in you are promised future monetary
rewards or bonuses based on your advancement up the structure.
Over time, the hierarchy of participants resembles a pyramid as newer,
larger layers of participants join the established structure at the bottom .
Source: http://www.crimes-of-persuasion.com/Crimes/Delivered/pyramids.htm

Internet Pyramid schemes (more)

They say you will have to do "little or no work because the
people below you will". You should be aware that the actual
business of sales and supervision is hard work. So if everyone is
doing little or no work, how successful can a venture be? Too good
to be true!
The marketing of a product or service, if done at all, is only of
secondary importance in an attempt to evade prosecution or
to provide a corporate substance. Often there is not even an
established market for the products so the "sale" of such
merchandise, newsletters or services is used as a front for
transactions which occur only among and between the operation's
Therefore, your earning potential depends primarily on how
many people you sign up, not how much merchandise is sold.
When the Pyramid gets too big, the whole scheme collapses and
the people who lose are the people at the bottom.

Internet Pyramid schemes (more)

Pyramid schemes are not the same as Ponzi schemes
which operate under false pretences about how your
money is being invested and normally benefit only a
central company or person along with possibly a few
early participants who become unwitting shills.
Pyramid schemes involve a hierarchy of investors who
participate in the growth of the structure with profits
distributed according to one's position within the
promotional hierarchy based on active recruitment of
additional participants.
Both are fraudulent, because they induce an
investment with no intention of using the funds as
stated to the investor.

Email Fraud
Fraud has existed perhaps as long or longer
than money. Any new sociological change
can engender new forms of fraud, or other

Source: http://en.wikipedia.org/wiki/Email_fraud

Email Fraud
Almost as soon as e-mail became widely used, it
began to be used to defraud people via E-mail fraud.
E-mail fraud can take the form of a "con game" or
Confidence tricks tend to exploit the inherent greed
and dishonesty of their victims: the prospect of a
'bargain' or 'something for nothing' can be very
E-mail fraud, as with other 'bunco schemes' relies on
naive individuals who put their confidence in getrich-quick schemes such as 'too good to be true'
investments or offers to sell popular items at
'impossibly low' prices. Many people have lost their
life savings due to fraud. (Including E-Mail fraud!)

Avoiding e-mail fraud

E-mail fraud may be avoided by:
Keeping one's e-mail address as secret as possible,
Ignoring unsolicited e-mails of all types, simply deleting
Not giving in to greed, since greed is the element that
allows one to be 'hooked, and
If you have been defrauded, report it to law enforcement
authorities -- many frauds go unreported, due to shame,
guilty feelings or embarrassment.

Source: http://en.wikipedia.org/wiki/Email_fraud

Identity Theft on the

Identity theft involves finding out the
users personal information and
then using it commit fraud and
other crimes.

Identity Theft
But he that filches from
me my good name
Robs me of that which not
enriches him
And makes me poor
indeed." Shakespeare, Othello,
Act III. Scene III.

What is Identity Theft?

A Federal crime where someone wrongfully
obtains and uses another person's personal
data in some way that involves fraud or
deception, typically for economic gain.
In 2004, almost 250,000 claims of Identity
Theft within the US alone (1:1000)
More than $500 million in reported losses

Source: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf

Categories of Identity Theft

According to the non-profit Identity Theft Resource Center,
identity theft is "sub-divided into four categories:
1. Financial Identity Theft (using another's name and SSN
to obtain goods and services),
2. Criminal Identity Theft (posing as another when
apprehended for a crime),
3. Identity Cloning (using another's information to assume
his or her identity in daily life) and
4. Business/Commercial Identity Theft (using another's
business name to obtain credit)."
Source: http://en.wikipedia.org/wiki/Identity_theft

Tiger Woods
A man who used Tiger Woods' identity to
steal $17,000 worth of goods was
sentenced to 200 years-to-life in prison.
Anthony Lemar Taylor was convicted of
falsely obtaining a driver's license using
the name Eldrick T. Woods, Woods'
Social Security number and his birth date.
Though he looks nothing like golf's best
player, the 30-year-old Taylor then used
the false identification and credit cards to
buy a 70-inch TV, stereos and a used
luxury car between August 1998 and
August 1999.
Judge Michael Virga gave Taylor the
maximum sentence under California's
three-strikes law...

Identity Theft by Age

Souce: http://www.consumer.gov/sentinel/pubs/Top10Fraud2004.pdf

Identity Theft
Identity Theft the acquiring of personal and financial information
about a person for criminal purposes.
Your Social Security Number, credit card numbers, and passwords
on your machine can be used to gain information about you from
the web sources.
Once the information is gained it is used to charge large amounts
for plane tickets, etc.
The criminal can also assume your identity for fraud and terrorism.
Some rings communicate data gathered to accomplices in other
countries where the fraudulent charges are actually made.
It can take up to 18 months and thousands of dollars to restore
your credit.

See http://www.newsfactor.com/perl/story/15965.html

The role of private industry

and government in identity

Techniques for obtaining information

Low Tech Social Engineering
Stealing (snail) mail or rummaging through rubbish (dumpster diving)
Eavesdropping on public transactions to obtain personal data (
shoulder surfing)
Obtaining castings of fingers for falsifying fingerprint identification
High Tech Internet Approaches
Stealing personal information in computer databases [Trojan horses,
hacking] Including theft of laptops with personal data loaded.
The infiltration of organizations that store large amounts of personal
Impersonating a trusted organization in an electronic communication (
phishing) .
Spam (electronic): Some, if not all spam entices you to respond to
alleged contests, enter into "Good Deals", etc.
Browsing social network (MySpace, Facebook, Bebo etc) sites, online for
personal details that have been posted by users in public domains.
Soruce: http://en.wikipedia.org/wiki/Identity_theft

What is Pharming?
Pharming is the exploitation of a vulnerability in the DNS
server software that allows a hacker to acquire the
Domain Name for a site, and to redirect traffic from that
website to another web site.
DNS servers are the machines responsible for resolving
internet names into their real Internet Protocol (IP)
addresses - the "signposts" of the internet. (e.g.,
Good_Stuff.com will translate to an address like 152 145
72 30 i.e. four groups of base 8 (octal) numbers in IP
version 4 (IPv4) or eight groups in base 16 (hex) in IP
version 6 (IPv6). The Internet has thousands of DNS
servers each one a target for determined hackers.

What is Phishing?
Using email or web sites to look like authentic
corporate communications and web sites to trick
people into giving personal and financial information.
FBI sees this a fast growing form of fraud and can
lead to theft of identity.

See http://www.crimes-of-persuasion.com/Crimes/Delivered/internet.htm

What is Phishing?
phishing (also known as carding and spoofing)
1. The act of attempting to fraudulently acquire
sensitive information, such as passwords and
credit card details, by masquerading as a
trustworthy person or business with a real need
for such information in a seemingly official
electronic notification or message (most often an
email, or an instant message).
Source: http://en.wikipedia.org/wiki/Phishing

Phishing Example
From: eBay Billing Department <aw-confirm@ebay.com>
To: you@uml.edu
Subject: Important Notification

Register for eBay

Dear valued customer
Need Help?

This link points to a bogus site

that often will infect and attempt
to corrupt or steal data from your
computer or to coerce you into
divulging private information when
You access it.

We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this
problems please click here and re-enter your account information. If your problems could not be resolved your account will be
suspended for a period of 3-4 days, after this period your account will be terminated.
For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your
membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you,
our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the
registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees
you may owe to eBay.
Safeharbor Department
eBay, Inc
The eBay team.
This is an automatic message. Please do not reply.

Source: http://en.wikipedia.org/wiki/Phishing

Spear Phishing
Spear phishing is an e-mail spoofing fraud
attempt that targets a specific organization,
seeking unauthorized access to confidential data.
Spear phishing attempts are not typically initiated
by "random hackers" but are more likely to be
conducted by perpetrators out for financial gain,
trade secrets or military information.
Spear phishing messages appear to come from a
trusted source. Phishing messages usually
appear to come from a large and well-known
company or Web site
Source: http://searchsecurity.techtarget.com/definition/spear-phishing

Spear Phishing (more)

Visiting West Point teacher and National Security
Agency expert Aaron Ferguson calls it the
"colonel effect." To illustrate his point, Ferguson
sent out a message to 500 cadets asking them to
click a link to verify grades. Ferguson's message
appeared to come from a Colonel Robert Melville
of West Point. Over 80% of recipients clicked the
link in the message

E-mail sent from someone pretending to be
someone else is known as spoofing. Spoofing
may take place in a number of ways. Common to
all of them is that the actual sender's name and
the origin of the message are concealed or
masked from the recipient. Many, if not most,
instances of e-mail fraud use at least minimal
spoofing, as most frauds are clearly criminal acts.
Criminals typically try to avoid easy traceability.
Source: http://en.wikipedia.org/wiki/Email_fraud

Methods to Steal an Identity

TCP Spoofing
Establish a fake session and act to the user like the real
application the user thought was connected.
Can be done by substituting valid access software with
hacked software after compromising a host or server machine

DNS Spoofing
Mentioned previously
Substitutes a fake IP address for the real one in the DNS table

Typo Squatting (e.g. www.goolge.com)

Set up a real web site with URL that represents common typo.
Make site look enough like real one and try to get passwords,
ID, etc.
Similar to phishing, but the phish catches himself!

Internet and Identify Theft Ref.

Abagnale, Frank W, Stealing Your Life,
Broadway Books (2007). Author has written
several books including; Catch Me if You Can
and The Art of the Steal. While the book is not
very technical it lays out the economics and
approaches to preventing Identity Theft.

Internet and Security

The Internet is a paradox like almost everything in modern
society. It offers many benefits yet it also opens us to a
variety of evils. It is a tool to leverage the power of
advanced computing for good OR evil.

What is computer security?

computer security
1. The systematic methods and procedures
employed to protect information assets on
computer systems to protect against intentional
and unintentional use, modification, deletion,
manipulation, access, or corruption.

What is malware?
malware (malwr) (n.) Short for malicious
software, software designed specifically to
damage or disrupt a system, such as a virus or a
Trojan horse.

Source:: http://www.webopedia.com/TERM/m/malware.html

As we explore the Internet we must

also protect ourselves from evil
First we must make sure our
computer is secure or at least
that we make difficult for
trespassers and other evil
doers to enter it and attack it.
Second we must secure our
browsers and email system.
Third we must protect our
network portal and our
Finally we must prepare to be
attacked and have a plan for
minimizing the damage.
Cartoon Source: http://www.offthemarkcartoons.com/cartoons/2002-12-21.gif

What is a virus?
1. A self-replicating
software program that
spreads by inserting
copies of itself into other
executable code or

Source: www.wikipedia.org

Annual Cost of Viruses to Businesses

What is a Trojan Horse?

Trojan horse
1. A malicious program that is disguised as legitimate
Trojan horses can

Erase or overwrite data on a computer,

Corrupt files in a subtle way,
Spread other malware,
Set up networks of zombie computers (subverted to execute
commands of the hacker instead of your programs) in order to
launch DDoS (Distributed Denial of Service) attacks or send
Spy on the user of a computer and covertly report data like
browsing habits to other people,
Log keystrokes to steal information such as passwords and
credit card numbers,
Phish for bank or other account details, which can be used for
criminal activities, or
Install a backdoor on a computer system to facilitate future

A Trojan horse program may force your computer to do any or all of these things without
your knowledge!
Individuals have actually been prosecuted for actions committed by their computer while
under control of a Trojan horse.
Source: www.wikipedia.org

What are worms?

worm n.
1. A self-replicating piece of code that uses
security lapses to travel from machine to
machine, placing copies of itself everywhere and
then using those newly compromised machines
as bases to attack further systems.
The worm is the chunk of code that does the traveling
and implanting. Hackers attach other malware to the
worm which then carries it along.

Source: www.nndb.com

Famous Worms


Est. Cost

Melissa 3/26/1999


NIMDA 9/2001


Sobig 1/2003

Variant Sobig.f used its own

SMTP (Simple Mail Transfer
Protocol) to email from user
address to others in users
addressbook. Largest vol. of


Source: Computer Worms: Past, Present, and Future, Craig Fosnock (CISSP, MCSE, CNE)

Famous Worms (continued)



Est. Cost


Appearing January 26, 2004

and primarily transmitted via E-mail to
appear as a transmission error.
Mydooms becomes the fastest
spreading email worm ever.
It slowed overall Internet performance by
about 10%, and average web page load
times by about 50%.

$38.5 B


Appearing March 19, 2004,

was the fastest developed worm to date
as there was only 36 hours after the
release of the advisory to the released
Witty infected the entire exposed
population of twelve thousand machines
in 45 minutes, and
it was the first worm that destroyed the
hosts infected (by randomly erasing a
section of the hard drive)

$11 million

Early Viruses
Brain Virus from Pakistan (1986)
First PC virus
Affected only certain types of floppy drives

Dark Avenger.1800 virus (1989)

Written in Sophia, Bulgaria.
Posed the first international virus threat.
Used anti-virus software to spread.

Michelangelo (1992)
5 million systems were predicted to be affected.
Only 10,000 systems were ever infected.
A boon for anti-virus software companies.
Source: http://www.research.ibm.com/antivirus/timeline.htm

Trojan Horses
These actions range from harmless messages to
destruction of user files, denial of service, or stealing
personal data.
Lately hackers have taken over thousands of computers
to launch attacks on other sites (using Trojan horse

What is a rootkit?
A type of Trojan that keeps itself, other files,
registry keys and network connections hidden
from detection.
It enables an attacker to have "root" access to the
computer, which means it runs at the lowest level
of the machine.
A rootkit typically intercepts common API calls so
antivirus scans never see the rootkit programs.

Whats a Wabbit?

1. A program that replicates itself on a computer but does not
touch other documents or executables. It is not spread
through the Internet. It makes so many copies of a program
that the computer cannot even start the program that would
allow the user to terminate the wabbit program.

Whats a backdoor?
Code that allows access
of the computer through
O/S or application.
In some cases this is
intentional and in others
its a bug. In any case it is
a dangerous problem and
requires that the user get
the latest patches to the
O/S and applications.

Source: http://cluestick.me.uk/burrow/gallery/cartoons/

Malware Detection
Norton Anti-Virus
McAfee Anti-Virus
Panda Software

Software designed to spy

on you
1. Adware
2. Spyware

What is Adware?
Adware or advertising-supported software is any software
package which automatically plays, displays, or downloads
advertising material to a computer after the software is installed on
it or while the application is being used.
Adware programs other than spyware do not invisibly collect and
upload this activity record or personal information when the user of
the computer has not expected or approved of the transfer, but
some vendors of adware maintain that their application which
does this is not also spyware, due to disclosure of program
activities: for example, a product vendor may indicate that since
somewhere in the product's Terms of Use, there is a clause that
third-party software will be included that may collect and may
report on computer use, that this Terms of Use disclosure means
the product is just adware.


What are Popup ads?

A popup, is a new browser window, usually with ad content, that
opens over your current one.
A popunder, which is supposedly less annoying, is a new browser
window that opens (duh) under the current one.
A popover (also known as an overlay) is an animated graphic that
doesn't have a window in the usual sense but rather materializes
on top of the current window.
Sometimes popovers have a click-the-X box that enables you to get
rid of them; others don't (or carefully disguise it) and you have to
wait till they go away on their own.
Interstitial ads appear after you click on a hyperlink, but before
you get to the page you actually want.
Rich media refers to fancy, often interactive, animated graphics
that move around the page, etc. Rich media is the hot trend in
online advertising since it's difficult to ignore; it typically makes use
of a technology aptly called Flash. Flash is often used for popovers.

Spyware software that gathers information
about a person or computer without permission or
Once loaded unto a computer sends data back to
the site that launched them.
Can be very dangerous and used in identity theft
and other forms of fraud.
Can make your computer appear to be slow and

What is spyware?
spyware n.
1. a broad category of malicious software intended to intercept or
take partial control of a computer's operation without the user's
informed consent. Unlike viruses, it does not usually self-replicate.
Spyware is designed to exploit infected computers for the
commercial gain of third parties. Typical tactics furthering this goal
include delivery of unsolicited pop-up advertisements; theft of
personal information (including financial information such as credit
card numbers); monitoring of web-browsing activity for marketing
purposes; or routing of HTTP requests to advertising sites.
As of 2005, spyware affects only computers running Microsoft
Windows. There have been no reported observations of
spyware for Mac OS X, Linux, or other platforms
Source: www.wikipedia.org

What does Spyware/Malware specifically do to my

Malware will perform a variety of nasty activities, ranging from
simple email advertising all the way to complex identity-theft and
password-stealing. New nasty functions are created every week
by malware programmers, but the most common malware
functions are:

Malware steals your personal information and address book (identity theft and

Malware floods your browser with pop-up advertising.

Malware spams your inbox with advertising email.

Malware slows down your connection.

Malware hijacks your browser and redirects you to an advertising or a phishing-con

web page.

Malware uses your computer as a secret server to broadcast pornography files.

Malware slows down or crashes your computer.

How to prevent / detect spyware

WebRoots SpySweeper
Spy Bot
Spyware Doctor
Microsoft Anti Spyware Beta

What are cookies?

1. Small data files written to your
hard drive by some Web sites when
you view them in your browser.
These data files contain information
the site can use to track such things
as passwords, lists of pages you've
visited, and the date when you last
looked at a certain page.

Source: http://www.cnet.com/Resources/Info/Glossary/Terms/cookie.html
Source: http://sarahmorgan73.tripod.com/pers.html

Cookies can serve a useful purpose

Cookies can be useful. In general web pages are
stateless, i.e. they do not remember material from
one page in a site to another. For instance, a
cookie allows e-commerce to create a market
basket of items of things your are ordering while
you are shopping through the sites online
It also allows sites to remember you from after
you log in to a site. Thus if you are a distance
learning student it will remember the pages you
visited and the answers you gave to questions.

DoubleClick and other cookie

DoubleClick is an aggressive tracking tool. In
general a cookie can only be opened by the site
that created it. DoubleClick sets its cookies
through its ads on the downloaded page.
Because its cookie contains the page which
contained the ad the cookies will report the sites
that you visit with DoubleClick ads. Thus it can
track you from site to site.

What do companies know

about you?
Cookies, flash cookies and beacons -all new tools to gather information
about you.
In the best case it invades your
In the worst case it attacks your
privacy and your identity.
Source: http://www.eff.org/deeplinks/2010/08/what-they-know

Flash Cookies

Removing Flash Cookies

Earthlink SpyAudit Report

4,610,738 computers scanned

769,330 Trojan Horses were detected
24,395,256 Spyware programs were detected
90,594,556 Sypware cookies were detected.

Wireless Dangers

War Driving
Virtual Intrusion
Other means
Security Measures

Wardriving is the act of searching for Wi-Fi
wireless networks by a person in a moving
vehicle using a Wi-Fi-equipped computer, such as
a laptop or a PDA. It is similar to using a radio
scanner, or to the ham radio practice of DXing.
Connecting to the network and using its services
without explicit authorization is referred to as

Source: http://en.wikipedia.org/wiki/War_driving

Further References
Beaver, K Hacking Wireless Networks for
Dummies, (2005) Wiley

More Serious Internet Age


Cyber Bullying
Cyber bullying is a controversial
area of Internet abuse.

Cyberbullying is willful and involves recurring or
repeated harm inflicted through the medium of
electronic text, such as e-mail or instant
messaging are just two ways but cyber bullying
can occur in any way if it is on the internet.
According to R.B. Standler[1]bullying intends to
cause emotional distress and has no legitimate
purpose to the choice of communications.

Source: http://en.wikipedia.org/wiki/Cyber-bullying

Cyber-Bullying (More)
Cyberbullying can be as simple as continuing to
send e-mail to someone who has said they want
no further contact with the sender.
Cyberbullying may also include threats, sexual
remarks, pejorative labels (i.e., hate speech).
Cyber-bullies may publish personal contact
information for their victims at websites. They
may attempt to assume the identity of a victim for
the purpose of publishing material in their name
that defames or ridicules them.

Cyber Bullying can be deadly

The issue of cyber bullying is not a trivial right of
passage in middle and high school
In the last several years the news has reported 3-4 teens
driven to suicide after cyber bullying often the victims are
girls as are the bullies.
In Jan, 2010 a young girl whose family moved from
Ireland committed suicide in western Ma after she was
bullied by group of high school girls.
Advice for parents and teachers can be found in

Suggestions for parents

If an adult suspects a child is having suicidal thoughts or behaviors as
a way of escaping bullying and other problems, here are some
Notify school personnel if bullying is identified.
Seek an evaluation from a professional. Suicidal thoughts and
behaviors are often linked to depression, which can be treated.
Listen to the child.
Help the child understand these feelings and thoughts are
temporary and there are solutions.
Brainstorm on how the child can react to bullying.
If suicidal urges/behaviors are serious, take the child to the
emergency room, don't leave him or her alone, and keep firearms,
drugs and sharp objects away from the child.

A Few High Profile Cases

We examine cases that illustrate
particularly egregious examples of
cyber bullying.

Megan Meier
St. Louis, Missouri, teenager Megan Meier committed
suicide after a girl down the street disguised herself
as a teenage boy on MySpace and taunted the 13year-old about her weight and sexuality. Megan was
three days away from her 14th birthday in October of
The Missouri officials and Federal officials could not
find a crime Finally a charge of computer fraud was
filed in California for misrepresentation of the childs
age to use Myspace against the mother.
The following video discusses the legal issues. Note
the jury found Laurie Drew not guilty on but one
charge which was also dropped by the judge.

Megan Meier Case Legal Issues

Phoebe Prince
Phoebe Prince was an Irish immigrant to Massachusetts
when she took her own life in January of 2010. Phoebe
was a victim of cyberbullying at South Hadley High
School in western Massachusetts.

Her parents, who brought Phoebe to America from their

small Irish village, said that she had trouble adjusting to
life in America. Even though she had just accepted a date
to the school dance, Phoebe committed suicide after
receiving several taunting comments on her Facebook
Charges were brought against the mean girls and the
older boys who slept with her.

Phoebe Prince Case and Legal


Rutgers Case
The gay 18-year-old ended his life Sept. 22 by
jumping off a bridge, after authorities said two
other students streamed his private sexual
encounter online.
One of the students, the room mate, planted the
web camera.
One major issue is what the two students should
be charged with.
The invasion of privacy and the death shocked
the campus.

Rutgers University
Legal & Ethical Issues

Sexting -- Teens text messages
including explicit pictures of
themselves is raising issues
Is it pornography and if so what
should be the punishment for the
sender and the receiver.
Is it a new form of Cyber Bullying
when the boy or girl friend sends posts
those private photos on the web.

One in Five Teens are involved

The dangers of Sexting lead to criminal

charges, registered as sex offenders, and
cyberbullying, and has lead to suicide

Is Sexting Child Pornography?

Source: http://www.youtube.com/watch?v

Sexting not only a teenage

The Congressman Wiener Scandal

The Congressman Wiener Scandal

While sex scandals in politics are

common, Rep. Anthony Wiener is of note
for using twitter and sexting
On May 27, 2011, using his Twitter
account, Weiner sent a link to a
photograph on yfrog of his erect penis
clad in gray boxer briefs[16][9] to a 21year-old female college student in
Bellingham, Washington, who was
following him on the social media website.
[17] Though the image was quickly
removed from Weiner's Twitter account, it
was leaked to conservative blogger
Andrew Breitbart who had it published on
the BigJournalism website the following
After first denying the posts and saying
they were hacks, as more evidence of
similar posts to other women started to
appear, he announced he would resign on
June 21,
His name and actions were fodder for http://0.tqn.com/d/politicalhumor/1/0/z/6/4/Following-Congressman-on-Tw.jpg
headlines and late night comedians.

Source; http://en.wikipedia.org/wiki/Anthony_Weiner_sexting_scandal

Trolling means mean-spirited
searching of the internet for victims
to send harassing, often anonymous


New variation of CyberBullying -Trolling

Post-Death Harassment after a suicide
A new variation of trolling involves post-suicide
harrassment of family and friends the victim: When
families and friends set up memorial sites on Facebook
and other sites, trolls from around the world send or
post harassing, often anonymous messages regarding
the victim. Depending on the site, the family may have
no control over the postings that are added.
At first glance, one might ask is this really cyberbullying,
because the victim is already dead? However, when you
realize that other youth, classmates, friends and family
are reading the site, the message is victim was a loser
and deserved to die if you are a loser like her, you
deserve to die too.

Online Crimes against

persons -- by rapists,
Because of the nature of online cyber
relationships it is often the case that criminals
can gain the confidence of lonely vulnerable
people. Pedophiles in particular use it to
attract and lure children into meetings for sex,
pornography, and abduction.

Youth Internet Safety Survey

National Center for Missing & Exploited Children
(NCMEC) provided funding to Dr. David Finkelhor,
Director of the Crimes Against Children Research Center
at the University of New Hampshire, to conduct a
research survey in 1999 on Internet victimization of
youth. His research provides the best profile of this
problem to date.
Crimes Against Children Research Center staff
interviewed a nationally representative sample of 1,501
youth, aged 10 to 17, who used the Internet regularly.
Regular use was defined as using the Internet at least
once a month for the past 6 months on a computer at
home, at school, in a library, at someone elses home, or
in some other place.
Source: http://www.ojp.usdoj.gov/ovc/publications/bulletins/internet_2_2001/internet_2_01_6.html

The survey looked at four types of

online victimization of youth

Sexual solicitation and approaches: Requests to engage in sexual

activities or sexual talk or to give personal sexual information that
were unwanted or, whether wanted or not, made by an adult.

Aggressive sexual solicitation: Sexual solicitations involving offline

contact with the perpetrator through mail, by telephone, or in
person, or attempts or requests for offline contact.

Unwanted exposure to sexual material: When online, opening email, or opening e-mail links, and not seeking or expecting sexual
material, being exposed to pictures of naked people or people
having sex.

Harassment: Threats or other offensive content (not sexual

solicitation) sent online to the youth or posted online for others to

Survey Findings
One in 5 youth received a sexual approach or solicitation over the
Internet in the past year.
One in 33 youth received an aggressive sexual solicitation in the past
year. This means a predator asked a young person to meet
somewhere, called a young person on the phone, and/or sent the
young person correspondence, money, or gifts through the U.S. Postal
One in 4 youth had an unwanted exposure in the past year to pictures
of naked people or people having sex.
One in 17 youth was threatened or harassed in the past year.
Most young people who reported these incidents were not very
disturbed about them, but a few found them distressing.

Finally -- Survey Shows a Disturbing

Trend of Not Seeking Help

Only a fraction of all episodes was reported to authorities such as the

police, an Internet service provider, or a hotline.

About 25 percent of the youth who encountered a sexual approach or

solicitation told a parent. Almost 40 percent of those reporting an
unwanted exposure to sexual material told a parent.

Only 17 percent of youth and 11 percent of parents could name a specific

authority, such as the Federal Bureau of Investigation (FBI), CyberTipline,
or an Internet service provider, to which they could report an Internet
crime, although more indicated they were vaguely aware of such

In households with home Internet access, one-third of parents said they

had filtering or blocking software on their computers .

The Dark Side of Craigslist

and Social Networks -Cyber Crime

Craigslist is a centralized network of online
communities, featuring free online classified
advertisements with sections devoted to jobs,
housing, personals, for sale, services, community,
gigs, rsums, and discussion forums.
Craig Newmark began the service in 1995 as an email
distribution list of friends, featuring local events in
the San Francisco Bay Area, before becoming a webbased service in 1996.
Craigslist has a business model of free or low cost
ads that attacks one major leg of the newspaper of


Craigslist Crimes and Controversies

The Erotic Section has been the source of
controversy and crime, Prostitution, sex crimes,
and even murder (Craigslist murderer in spring
Major state and cities have begun criminal and
civil legal proceedings to address the issue.
Craigslist has in summer of 2010 removed the

Danger of children using Social


Taylor Behl
On August 17, 2005, Taylor Behl
left home for college at Virginia
Commonwealth University.
On September 5, 2005, a 38
year-old amateur photographer,
Benjamin Fawley, killed Taylor
Behl and dumped her unburied
body in a shallow ravine near his
ex-girlfriends farm.
Behl met Fawley as a
prospective student. She kept in
contact with him through
LiveJournal and Myspace.

Long Range dangers of Social

Government agencies, private employers, college
admissions all now routinely go to sites like
myspace, facebook, etc. and make judgments
about the individual based on writings that were
never thought of as personal information for these
Be careful what you post -- think what your
parents and future employer may think about it at
some time in the future. Remember, the net never

Why you should avoid sharing

certain things on the Internet
Burglars Said to Have Picked Houses Based on
Facebook Updates (Sept. 2010):
Diamond Ring Ad on Craigslist Leads to Murder
(happened Spring 2010):

Twitter Got Me Fired!!!

Sometimes the voice of youth is compelling

caution to other youths.
Source: http://www.youtube.com/watch?v=_TJ-V8wI7Sk

MA Teacher Fired for Facebook


Source: http://www.youtube.com/watch?v=zU8m-4_CmtU

Oct 2010 New York City Schools

After a number of incidents between both male
and female teachers and students involving
Facebook postings that were sexual, lead to
teachers being fired and/or arrested.
NYC found it needed to define appropriate
Facebook behavior because it had no policy.

7 Deadly Sins of Social Networks

Spammers attacks in Social Networks:
1. Dating spam a personal message, often from a woman, to a
male social network user inviting them to start a romantic
relationship. Once contact is secured, this attack proceeds in
much the same way as bride email scams;
2. Profile and IM lures spammers act as legitimate friends or
potential new friends interested in getting to know the user in
order to lure them to a fake profile page or Instant Messenger
3. Redirection to inappropriate or dangerous websites a
message is sent to a user, warning them that photographs or
rumors about them have been posted on an external site and
urging them to go to the site to view;

7 Deadly Sins (More)

4. Nigerian attacks similarly to Nigerian 419 spam traditionally seen over

email, social networking users are targeted with messages alerting them
to a fake inheritance or access to a rich strangers fortune;

5. Fake jobs sending personal messages or wall posts, spammers, posing

as an employer, offer social network users fantastic job opportunities in
order to spark conversation that will allow an avenue for further spam,
phishing, malware or scams;
6. Competitor social network lure invitations that seem to be from
legitimate friends are sent to users via wall posts or personal messages
urging them to visit virtually unknown social networking sites;
7. Religious based spam spammers use social networking sites to preach
to, and attempt to proselytize, users for various religions.

Social Networking Sites Help Combat

Police dept. are using social nets to solve crimes,
i.e. pictures and videos of the crimes. Teen beat
downs, riots and in some cases serious crimes
and gang behavior.
In Baltimore, police charged a student after her
attack on a teacher was placed on a personal
MySpace page.
In St. Paul, Minn., a woman was charged with
vandalism after she posted pictures of her exboyfriend's ransacked apartment.

Social Networking Sites Help Combat

Crime (more)
Amateur cyber sleuths like Tracie Edwards. When her
15-year-old son was attacked by a local gang, Edwards
tapped into MySpace. Starting with just one name, she
followed an interlinking trail from one suspect to another.
"I started typing in these names and boom," Edwards
said. "Got my son in front of the computer and I was like,
'Do you know this little boy? Do you know this boy?' And
he was like 'this is the boy who did it.'"
Eventually, five people were charged.

Social Network and Crime

Russell, Mathew A. Mining the Social Web,
OReilly (2011).
Timm, Carl Seven deadliest social network
attacks, Elsevier (2010).
Verton, Dan The Hacker Diaries: Confessions
of Teenage hackers, McGraw-Hill/Osborne

Chat Roulette

Random chat encounters requiring the users

have a web cam
Can involve teenagers and adults who
maybe naked or other in appropriate
Created by a 17 old Russian and it has
rapidly grown to 34 Million daily users

Crimes against commercial

and government web sites
and servers
Denial of service
Stealing credit card and other data
Industrial espionage
Blackmail and protection

What are Denial of Service (DOS)

DoS attack
Short for denial-of-service attack, a type of attack
on a network that is designed to bring the network
to its knees by flooding it with useless traffic.
Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP
protocols. For all known DoS attacks, there are
software fixes that system administrators can
install to limit the damage caused by the attacks.
But, like viruses, new DoS attacks are constantly
being dreamed up by hackers.
Source: http://www.webopedia.com/TERM/D/DoS_attack.html

What are Denial of Service Attacks?

denial of service
1. An attack on a computer system or network that causes a loss
of service to users, typically the loss of network connectivity and
services by consuming the bandwidth of the victim network or
overloading the computational resources of the victim system.
Teardrop attack
The attacker floods the victim with improperly formatted packets.

Synflood Attack
The attacker simulates many users starting requests for data but not completing
the request. The victim is stuck waiting for the attacker to complete the
Source: www.wikipedia.org

Distributed Denial Of Service (DDOS)

DDOS Short for Distributed Denial of Service, it is an
attack where multiple compromised systems (which are
usually infected with a Trojan Horse) are used to target a
single system causing a Denial of Service (DoS) attack.
Victims of a DDoS attack consist of both the end
targeted system and all systems maliciously used and
controlled by the hacker in the distributed attack.
The DDOS normally has a primary infected computer
called a master that infects the other computers called
slaves or zombies. The attacker then commands the
computers to start sending useless messages to the
targeted web site.
Source: http://sbc.webopedia.com/TERM/D/DDoS_attack.html

Stealing Credit Card and

other data from
Corporations and
Gaining access to information of a
personal or sensitive nature from
government, private industry,
hospitals, etc. is almost too easy

Loss of data through poor process

Credit card and similar data has been
compromised through human error and/or failure
to create a secure process or method to store or
transmit data, e.g. Dana Farber sends patient
data to the wrong fax number.
Failure to screen personnel for character or
criminal background.
Failure to train All the personnel in need for
security and secure processes.

Attacking the vast amount of

information distributed thought out
the organization
The advent of laptops and multi-GB portable storage
devices create an environment for disclosure of
thousands if not millions of credit card and social security
numbers and other person record files.
Government and private industry laptops stolen or lost at
airports, etc. that contain unsecured (unencrypted)
personal records have resulted in massive identity thefts,
and/or corporate sensitive or government classified
Internet rings sell the data to credit card and document
forgers who in turn sell them to the criminal who uses the
credit card or ID.
The crimes may involve fraud, illegal aliens, terrorists,

Hacking the corporate databases

Over the last decade the corporation has begun acquiring millions of
bytes on each and everyone of us this is done in numerous
1. So called loyalty cards (those pieces of plastic that hang off your
key chain).
2. Credit card purchases and retail store charge cards which can be
used to expose your SSN, drivers license, etc.
3. Internet e-commerce application including tracking cookies,

This massive amount of personal data leads to data mining and other
marketing techniques to target individual groups with specific ads and

Increasingly these massive data sources are tempting targets for

sophisticated hacker gangs and making the acquiring and
storage of this data a massive liability for the corporation.

These gangs use the Internet to carry out their attacks and often
do it from sites that make prosecution difficult if not impossible.

Hacking Corporate Data

Material Source:

The TJX Corp. -- A cautionary tale

TJX is a local firm that includes Marshalls, TJ Maxx, etc.
announced in Jan, 2007 that its 45 Million customers
credit cards and personal data (SNN, drivers lic., etc)
had been compromised over a two year period.
This theft of information has caused banks to issue new
credit and debit cards to these customers and have
resulted in lawsuits and goodwill losses to TJX that will
cost $B.
It is estimated that it cost the banks $300M to replace the
cards and TJX estimates $20M in fraudulent charges.
Material Source:

How did it happen?

WSJ reports that the source of the theft was a wireless hack
in Minn.
Wireless networks entered retail store IT in 2000.
Wireless Equivalent Privacy (WEP) security encryption was
replaced when security experts breached several retail
WI-FI Protected Access (WAP) is a more complex encryption
adopted by some retailers but only slowly by TJX
Hand held devices used in pricing and inventory control that
communicate to store computers were hacked.
Once the codes were broken the hackers advanced to
attacking the headquarters computer databases
(Framingham MA) by capturing employee userids and

The Hackers
The so called, Bonny and Clyde, hackers break
in with a quick attack and often leave clues and
other artifacts behind that signal the their
TJX was the hallmark of Russian and eastern
European gangs that scout for the weakest link in
the security and with careful planning attack it.

How did work?

Based on some recent arrests it appears that an eastern
European gang penetrated TJX and then bundled the
credit card data and personal data into 10,000 IDs and
then sold them over the Internet.
Gangs who purchased the data such as happened in
Florida then created credit cards and IDs and used them
to purchase gift cards and other expensive items.
One woman found her Bank of Am card with $45,000 in
fraudulent charges (repeated $450 gift card purchases).

The Second Act

It is said that in America there are no
second acts. But recently the gang
that brought you TJX is accused of a
new theft involving over 130 M credit
and debit cards.

Albert Gonzales
Albert Gonzalez, a Miami hacker who once
worked as a government mole tracking down
identity thieves, is accused of playing a critical
role in all the largest credit-card heists on record.
He was previously charged in other computer
break-ins, most significantly at TJX Cos., the
chain that owns discount retailers T.J. Maxx and
Marshalls, in which as many as 100 million
accounts were lifted.

Source: http://www.google.com/hostednews/ap/article/ALeqM5ij90C

Summer 2009 -- The Second Act

Justice Department says he helped steal:
130 million card numbers from payment
processor Heartland Payment Systems,
4.2 million card numbers from East Coast grocery
chain Hannaford Bros. and
An undetermined number of cards from 7-Eleven.
Gonzalez is in jail and awaiting trial in New York for
allegedly helping to hack the computer network of
the Dave and Buster's restaurant chain.

The Awful Bad News

The underlying security holes mined by the
hackers still exist in many payment networks.
The fact that hundreds of millions of card
numbers could be stolen from retailers illustrates
the flaws in a payment system that's built more
for speed than security.
Gonzalez and his associates exploited
vulnerabilities that remain widespread.

Prosecution of Hackers outside US is

Ori Eisen, founder of Scottsdale, Ariz.-based
security firm 41st Parameter and previously
worldwide fraud director for American Express,
noted that Gonzalez is "most likely not the
The kingpin would not risk being in the United
States. They operate out of the Ukraine or
Russia, and they're former militants or ex-KGB
who know their way around just enough not to get

Privacy and Security References

Holtzman, D,Privacy lost : how technology is
endangering your privacy, Jossey-Bass,

The Internet and the law

Dark side of the Internet

and the law

CAN SPAM Law of 2003

CAN-SPAM Act of 2003 (Pub. L. 108-187, S. 877)

The Controlling the Assault of Non-Solicited Pornography

and Marketing Act requires unsolicited commercial e-mail
messages to be labeled (though not by a standard
method) and to include opt-out instructions and the
sender's physical address. It prohibits the use of
deceptive subject lines and false headers in such
messages. The FTC is authorized (but not required) to
establish a "do-not-email" registry. State laws that require
labels on unsolicited commercial e-mail or prohibit such
messages entirely are pre-empted, although provisions
merely addressing falsity and deception would remain in
place. The CAN-SPAM Act took effect on January 1,

Cyber-Warfare uses computers and the
Internet to wage war. This mode of
warfare is being used in hot and cold wars
as well as by both sides of in the war on

Source for Cyber Warfare : http://en.wikipedia.org/wiki/Cyber-warfare

An Electronic Pearl Harbor

It may even be unclear what constitutes an act of
war. If U.S. satellites suddenly go blind and the
telephone network on the eastern seaboard goes
down, it is possible that the United States could
not even identify the enemy. Its strategic stockpile
of weapons would be of little use. There would be
no big factory to bomb -- only a person
somewhere writing software. The possibility of an
electronic Pearl Harbor has sparked a debate on
how to counter the threat.
Source: Bits, bytes, and diplomacy Walter Wriston (Foreign Affairs, Sept-Oct 1997
v76 n5 p172(11)

Types of attacks
There are several methods of attack in cyber-warfare, this list is ranked in
order of mildest to most severe.
Web vandalism: Attacks that deface webpages, or
denial-of-service attacks. This is normally swiftly combated and of little
Propaganda: Political messages can be spread through or to anyone
with access to the internet.
Gathering data. Classified information that is not handled securely can
be intercepted and even modified, making espionage possible from the
other side of the world.
Denial-of-Service Attacks: Large numbers of computers in one country
launch a DoS attack against systems in another country.
Equipment disruption: Military activities that use computers and
satellites for co-ordination are at risk from this type of attack. Orders and
communications can be intercepted or replaced, putting soldiers at risk.
Attacking critical infrastructure: Power, water, fuel, communications,
commercial and transportation are all vulnerable to a cyber attack

Cyber-Warfare -- Major Powers

September, 2007 the Pentagon and several European
organizations reported penetration by hackers from
China reported to be Peoples Liberation Army (PLA).
In diplomatic meetings with Germany, Great Britain,
and the US, China claimed that it was not
responsible for the attacks.
The US has been under attack by Chinese and
Russian hackers for the last several years for details
Titan Rain -- http://en.wikipedia.org/wiki/Titan_Rain, and
Moonlight Maze -- http://

Eligible Receiver
Eligible Receiver, code name of a 1997 internal exercise
initiated by the Department of Defense.
A "red team" of hackers from the National Security
Agency (NSA) was organized to infiltrate the Pentagon
The red team was only allowed to use publicly available
computer equipment and hacking software.
Although many details about Eligible Receiver are still
classified, it is known that the red team was able to
infiltrate and take control of the Pacific command center
computers, as well as power grids and 911 systems in
nine major U.S. cities.
Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/hamre.html

Moonlight Maze
Moonlight Maze refers to a highly classified incident in which U.S.
officials accidentally discovered a pattern of probing of computer
systems at the Pentagon, NASA, Energy Department, private
universities, and research labs.
It began in March 1998 and had been going on for nearly two
The invaders were systematically marauding through tens of
thousands of files -- including maps of military installations, troop
configurations and military hardware designs.
The Defense Department traced the trail back to a mainframe
computer in the former Soviet Union but the sponsor of the attacks
is unknown and Russia denies any involvement.

Source: http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/warnings/#maze

Titan Rain
In 2005 a cyber attack, code named, Titan Rain
was exposed. It was targeted at military and
secret government sites world wide.
Using computer forensics techniques and hacking
into the offending systems, Shawn Carpenter was
able to use the compromised systems against
themselves and find the actual origin of the
attacks. Doing things that official government
agents could not, he determined that the root of
the attacks was inside China.
Source: http://www.time.com/time/printout/0,8816,1098961,00.html

Estonia -- Perhaps the First 21st

Century Cyber-Warfare Attack
May 17, 2007 saw a Distributed Denial of Service
(DDOS) attack on Estonia.
Prior to the attack the Estonian government
removed the "Bronze Soldier", a Russian war
monument from the center of Tallinn to a cemetery.
The DDOS attacks were aimed at the banking,
government, and major economic uses of the
The Estonian government blamed the Russian
government for the attack

The Estonia DDOS Attack

The attacks whether organized by or sanctioned
by the Russian government drew the attention
and assistance of the US, NATO, and European
The attack is thought to involve rented networks
of zombie computers and millions of other
computers infected with a bot program to attack
fundamental institutions of the Estonian
government and economy.

China Presents Unique Resources

High Tech and skilled programmers
As the manufacturer of computer hardware,
software, and other critical electronic components
that could have Trojan horse and other programs
that would be difficult to detect and remove.
A Chinese general has stated that China would
attack the US communication and electrical
networks before starting an attack.

United States Reorganizes the

On Sept. 18, 2007 the United States Air Force
announced the creation of a Cyber Command.
One of the problems has been that military
people did not perceive the threat in manner as
real war, i.e. Software does not kill, bullets do.

President Obama creates a cyber

security czar 5/29/2009

Attacking the Critical

The US has not been an agrarian society
for two centuries, and in the 21st century
we now are highly dependent on an interconnected system of networks for the
goods and services that sustain us.
Includes slides from:

The Nations Infrastructure is a

Complex System of Systems
The framework of interdependent
networks and systems that
provides a continual flow of goods
and services essential to the
defense and economic security of
the United States

Critical National
Infrastructures that are deemed to
be so vital that their incapacity or
destruction would have a
debilitating regional or national
impact or would severely disrupt
the behavior and activities of large
numbers of people who depend
upon the infrastructure

The National Infrastructure Protection Plan

defines 17 Sectors and Key Resources
Agriculture & Food
Banking and Finance
Chemical & Hazardous Materials
Defense Industrial Base
Emergency Services
Information Technology

Postal & Shipping

Public Health
National Monuments and Icons
Commercial Assets
Government Facilities
Nuclear Power Plants

Most of the U.S. Infrastructure is privately owned

U.S. Critical Infrastructure

Protection Challenge

1,912,000 Farms
87,000 food-processing plants
5,800 registered hospitals
87,000 emergency services
2 billion miles of telecomm
2,800 electric power plants
104 commercial nuclear power
300,000 oil and natural gas
460 skyscrapers

5,000 public airports

120,000 miles of major
590,000 highway bridges
2,000,000 miles of pipelines
500 urban public transit
26,600 banks & financial
66,000 chemical plants
80,000 dams
3,000 federal government

The threat is real!

Unstructured adversaries
Cracker, hacker, script-kiddie

Structured adversaries
Terrorists, hactivists (hacker-activist)
Organized crime
Three levels of Terrorist
Foreign nations
Foreign agent
Half-witting (You cant fix stupid)
Source: http://www.iti.uiuc.edu/events/2005_09_15_Jeff_Dagle.pdf

A System of Systems Perspective Is Needed for

Analyzing Infrastructure Interdependencies
Fuels, Lubricants

Fuel Transport,

Power for



Power for Pump

and Lift Stations,
Control Systems

Water f ,
Cooli g s
Emissio n

ip p

Power for
Electric Sys
Fuel ors

er fo Sw wer
itc for


in g


Power for Pumping

Stations, Storage,
Control Systems


Water for Production,

Cooling, Emissions

SCADA, Communications

Fuels, Lubricants


DA tions
S nica



Fuel for Generat



Fuel for Generators,



Water for Production,




Types of Threats / Means of Attack

Nuclear Weapon/Explosive
Radiological Dispersal Device
Biological Weapon/Material
Chemical Weapon/Material
Conventional Explosive
Physical Force
Cyber Means
Emerging Threats

Complex Interdependencies
o lth tion
le ea rta
gy &
ic sp ter
En Inf Pu Tra W
Fo Ba

Prevent Attacks
Reduce Vulnerability
Minimize Damage & Recover

Homeland Security
Strategic Objectives



Attacking the nations networks

While DDoS can be used to attack government
and economic sites it is not a long term crippling
Attacking the communication, energy (pipelines),
and transportation networks can provide
devastating damage to the economy, crippling to
the military, and demoralizing to the population.
Supervisory Control and Data Acquisition
(SCADA) system is the Achilles' heel of the above

SCADA attacks
SCADA was designed for automated plant
process control. Its original design did not
envision its use over the Internet and/or security.
SCADA was adopted by electrical grids, pipelines,
and transportation networks.

Source: http://www.pcworld.com/article/id,137845-c,networksecurity/article.html

Proof of SCADA attack concept

The Idaho National
Laboratory prepared the
demonstration, in March
2007,for the U.S.
Department of Homeland
Security (DHS).
The simulated attack took
advantage of a known
SCADA software
vulnerability and showed
how a motor-generator
could be driven into

Photo is from a video of the SCADA

attack. Video Is no longer on the web.

Source: http://www.zdnet.com/blog/btl/blowing-up-generators-remotely/6451

Stuxnet first SCADA

New computer worm, 2009-2010, has appeared
that attacks industrial networks and plants. The
worm is called Stuxnet
It attacks the Windows 7 operating system and
Siemens industrial control and SCADA software
such that the found in pipeline, power networks,

Stuxnet is sophisticated and appears

expensive to develop
It is claimed that the level of effort and the
sophistication of the worm indicate that only a
well financed and motivated professional group
could have created it. Siemens reports that at
least 4 industrial sites in Germany and many
other places in the world have been attacked by
the worm. The worm has been around for a year
(2010) and both Microsoft and Siemens claim to
have patches for the worm.

How does Stuxnet work?

Langner, one of the first experts to report on Stuxnet states:
"Langner's analysis also shows, step by step, what happens after
Stuxnet finds its target. Once Stuxnet identifies the critical function
running on a programmable logic controller, or PLC, made by
Siemens, the giant industrial controls company, the malware takes
control. One of the last codes Stuxnet sends is an enigmatic
DEADF007. Then the fireworks begin, although the precise
function being overridden is not known, Langner says. It may be
that the maximum safety setting for RPMs on a turbine is
overridden, or that lubrication is shut off, or some other vital
function shut down. Whatever it is, Stuxnet overrides it, Langners
analysis shows. " http://news.yahoo.com/s/csm/327178

How does Stuxnet work? - a more

detailed analysis
This detailed analysis is included for purposes of
pointing the technical programmer to a more
through review of the code. See

Source: Provided by Prof J.Veranas.

What might have been the Stuxnet


Stuxnet References
NYT links Iran worm to bible
Stuxnet 'cyber superweapon' moves to China

More Technical Information

SCADA Security:
SCADA Tutorial
Hackers Target U.S. Power Grid
Staged Attack Causes Generator to Self-Destruct

The Boden Incident

Nov. 2001 Sewage release into

river, Queensland, Australia
In November 2001, 49-year-old Vitek Boden
was sentenced to two years in prison for
using the Internet, a wireless radio and
stolen control software to release up to 1
million liters of sewage into the river and
coastal waters of Maroochydore in
Queensland, Australia.
Boden, who had been a consultant on the
water project, conducted the attack in
March 2000 after he was refused a fulltime job with the Maroochy Shire
government. He had attempted to gain
access to the system 45 times, and his
last attempt proved successful, allowing
allowed him to release raw sewage into
the waterways.
Source: CNET New.com August 26, 2002

Maroochy Shire

Source: http://images.businessweek.com/ss/10/10/1014_cyber_attacks/8.htm

SCADA attack using Google Search

"You can make it do anything you want it to

do," Pollet, founder and principal consultant at
Red Tiger Security said. "If that RTU or PLC
has large motors connected to it, pumping out
water or chemicals, the equipment could be
turned off. If it was a substation and the
power recloser switches were closed, we
could break it open and create an (electricity)
outage for an entire area or city...The bottom
line is you could cause physical damage to
whatever is connected to that PLC."
To know exactly what to search for on the
Internet, the researchers bought a PLC with
an embedded Web server that had an
identifying string of characters associated with
the hardware and then typed that information
into Google, according to Pollet.
Read more: http://news.cnet.com/830127080_3-20087201-245/researchers-warn-ofscada-equipment-discoverable-viagoogle/#ixzz1XZdsX21w

Tom Parker, chief technology officer at

FusionX, explaining in detail how
SCADA systems are controlled.
(Credit: Seth Rosenblatt/CNET

Some Infrastructure failure

examples (not due to
To show the extent of the danger in
Infrastructure Attacks we cite some
incidents thought to be due to equipment
or human failure or due to natural

The Bellingham WA June 10, 1999

Gasoline Pipeline Rupture and Fire

El Paso Natural Gas 30 Pipeline Rupture and Fire Near Carlsbad

NM, August 19, 2000

The Boden Incident Wasnt Unusual

Wireless Network Porosity Is Common
Paul Blomgren [] measures control system vulnerabilities. Last
year, his company assessed a large southwestern utility that
serves about four million customers. Our people drove to a
remote substation," he recalled. "Without leaving their vehicle,
they noticed a wireless network antenna. They plugged in their
wireless LAN cards, fired up their notebook computers, and
connected to the system within five minutes because it wasn't
using passwords. [] Within 15 minutes, they mapped every
piece of equipment in the operational control network. Within 20
minutes, they were talking to the business network and had
pulled off several business reports.

Hacking and Political


Hacking and Political

Activism now called
Within the last ten years inspired by social
networks and mobile devices and their
successful use in political campaigns has
lead to what is called Hackivism.

Cyber Warriors

Cyber Warrior Richard A. Clarke

Richard A. Clarke served 4
presidents. A highly
controversial figure with over
30 years in anti- terrorism.
He was the head of counterterrorism under Clinton and
was carried over to George W.
He was outspoken on cyberterrorism in the 90s.
He left government after 9-11
and has been highly critical of
the Bush administration.

Cyber Warrior -- Shawn Carpenter

Shawn worked on tracking
down the Chinese connection
to the Titan Rain.
He hunted them despite being
pulled off the trail by his
government lab employer and
he eventually got fired. The
FBI used him and encouraged
him to track but later turned on
The Chinese did not
cooperate as is normal for
private hackers.
The red tape showed the
difficulty of countercyberwarfare.
Source: http://www.time.com/time/printout/0,8816,1098961,00.html

Cyber Warfare/Terrorism References

Alexander, Y and Swetnam, M, Cyber Terrorism and Information
Warfare: Threats and Responses Transnational Pub, Inc. (2001)
Branigan, S. , High-Tech Crimes Revealed, Addison Wesley,
Chirillo, J., Hack Attacks Encyclopedia, John Wiley, (2001).
Clarke, R. A., Against All Enemies, Thorndike Press, (2004).
Clarke, R. A.& Knake,R.K., Cyber War, The Next Threat to
National Security and What to do about It, Harper Collins,
Morozov, E. The Net Delusion, The Dark side of Internet
Freedom, Public Affairs Press (2011).
Singer, P.W. Wired for War, the Robotic Revolution and Conflict
in the 21st Century (2005), Penquin Press.
Verton, D, Black Ice The Invisible Threat of Cyber-terrorism,
McGraw Hill, (2003).
Weimann, G, Terror on the Internet, United States Institute of
Peace Press, (2006).
Winkler, I., Spies Among Us, Wiley, (2005).

The term hacker goes back to early days
of computers and originated with a group
of computer students at MIT

Who are hackers?

1. A computer expert
2. A person that intentionally circumvents
computer security systems (more often used by
the media)

Hackers were originally those people with intense
interest and computer skills.
Hackers are now people who use their computer
skills to break into secure computer sites, disrupt
Internet communications, steal information, etc.
In the early days of the transition hackers were
sort of seen as teenage (mostly male) geeks who
broke into sites and looked around.
The world became less tolerant as the costs rose
rapidly and the behavior is now seen as the work
of terrorists and criminals.

Cracker or Black Hat

For other uses, see Black hat (disambiguation).
A black hat is a person who compromises the security of
a computer system without permission from an
authorized party, typically with malicious intent. The term
white hat is used for a person who is ethically opposed to
the abuse of computer systems, but is frequently no less
The term cracker was coined by Richard Stallman to
provide an alternative to using the existing word hacker
for this meaning.[1] The somewhat similar activity of
defeating copy prevention devices in software which may
or may not be legal in a country's laws is actually
software cracking.

Source: http://en.wikipedia.org/wiki/Black_hat

Script Kiddie
In hacker culture, a script kiddie (occasionally
script bunny, skidie, script kitty, script-running
juvenile (SRJ), or similar) is a derogatory term
used for an inexperienced malicious cracker who
uses programs developed by others to attack
computer systems, and deface websites. It is
generally assumed that script kiddies are kids
who lack the ability to write sophisticated hacking
programs on their own,[1] and that their objective
is to try to impress their friends or gain credit in
underground cracker communities.[1]

What is phone phreaking?

Phone Phreaks
The ``phone phreak'' (phreak for short) is a specific breed of hacker. A phreak is
someone who displays most of the characteristics of a hacker, but also has a
specific interest in the phone system and the systems that support its operations.
Additionally, most of the machines on the Internet, itself a piece of the Public
Switched Network, are linked together through dedicated, commercial phone
lines. A talented phreak is a threat to not only the phone system, but to the
computer networks it supports.
There are two advantages of attacking systems through the phone system. The
first advantage is that, phone system attack are hard to trace. It is possible to
make connections through multiple switching units or to use unlisted or unused
phone numbers to confound a tracing effort. Also by being in the phone system,
it is sometimes possible to monitor the phone company to see if a trace is
The second advantage to using the phone system is that a sophisticated host
machine is not needed to originate an attack nor is direct access to the network
to which the target system is attached. A simple dumb terminal connected to a
modem can be used to initiate an attack. Often, an attack consists of several
hops, a procedure whereby one system is broken into and from that system
another system is broken into, etc. This again makes tracing more difficult.

Infamous Hackers
A Rogues Gallery of Hackers along with the damage to
private industry, society, and government.

Stanley Mark Rifkin (Social Engineer)

Rifkin in 1978 pulled off one of the

largest bank thefts ever. Using
social engineering to get bank
information and codes he
transferred $10.2 M from the
Security Pacific Bank in LA to a
Swiss bank account and then
converted the funds to $8.2 M
worth of Russian commercial

Rifkin returned to the US and
believing that the diamonds could
be sold at a profit attempted to sell
them to local jewelry outlets for
$13.2M. Working on a tip he was
turned in.
The bank after the trial believed that
it could now sell the diamonds at a
profit via auction. After a year of
trying the bank sold them at greatly
less than the original price.
Lesson DIAMONDS are greatly over
inflated in value and are a classic
example of social engineering. Their
value as an investment is highly

John Draper (a.k.a Capn Crunch)

Used a Capn Crunch toy
whistle to make unlimited
free payphone calls.
The whistle, unbeknownst
to General Mills (the
manufacturer of Capn
Crunch) created a 2600
Hz tone.
This frequency was the
same used by phone
technicians to test
payphones and make free
phone calls.

Ian Murphy
Changed the internal
clocks at AT&T.
Impact: Phone bills were
universally incorrect.
Late night discounts were
given to daytime users
and late night users were
subject to high bills.
First hacker to go to jail.
Inspired the movie,

Robert Morris

Source: www.nndb.com

Son of chief scientist at the

National Security Agency
In 1988, he wrote the first
worm that was released to
the public.
He claimed he was trying
to determine the size of the
Affected 6,000 systems
3 yrs probation
400 hours of community
Fined $10,400.

Erik Bloodaxe (a.k.a. Chris Goggans)

Member of Legion of
Texas Hacker
Starts feud with
Masters of Deception.
Two year hacker war
Telephone systems
and credit cards are
the victims.

Vladimir Levin

Hacked Citibank
Stole $10 12 million
Arrested in 1995.
Fought extradition for
two years
3 yrs in prison
Had to return
$240,015 to Citibank

David L. Smith
Creator of Melissa
The Melissa virus was
named after a stripper
and was send as an
email attachment.
Caught by hard work
and luck

Ehud Tenebaum
18-year-old Israeli who
created "the most
organized and
systematic attack the
Pentagon has seen to

Kevin Mitnick
The Pentagon
North American Air Defense
Digital Equipment Co.

Prison Term: 5 yrs.

Fines: $4,000
Not allowed to touch a
computer for three years

Kevin Mitnick
After being convicted and
serving 4 yrs., he became a
security professional.
While the media portrayed him
as a computer genius, he
exploited human weakness
through social engineering for
his exploits
See Art of Deception by K.D.
Mitnick & Wm. L. Simon, Wily
(2002). A compendium of cons
for getting information
including private,
governmental, and corporate
data and ways to prevent
Source: http://www.mccullagh.org/image/10d-9/kevin-mitnick.html
Shown at Los Vegas Def Con selling his services as a security professional

Hao Jinglong and Hao Jingwen

Commercial Bank
of China in 1999

Stole: $87,000
Hao Jinglong
Prison Term: Life

Hao Jingwen
Death Penalty

Source: http://www.computerworld.com.au/index.php/id;1224861705;relcomp;1

Reomel Lamores
Author of the Love Bug
Damage caused to
businesses estimated
at over $100 million
Prison term: None
Fine: $0
Hacking is not a crime
in the Phillipines

Adrian Lamo
Homeless hacker who
only performs intrusion
analysis for free for large
Hacked into

MCI WorldCom
New York Times Co.
AOL Time Warner

NYT pressed charges

against him.
1 year home probation.

The Worcester Phreaker

Caused computer crash that disabled
Massachusetts airport
March 18, 1998

Web posted at: 10:40 p.m. EST (0340

Massachusetts teen hacker who
disabled communications to the air
traffic control tower at the Worcester,

Massachusetts, airport in 1997 has

become the first juvenile charged in
federal court with computer hacking.
The boy, whose age, identity and
hometown have not been disclosed, has
agreed to plead guilty in return for two
years probation, a fine and community
service, according to documents
released Wednesday by the U.S.
Department of Justice.

On March 10, 1997, the unidentified

hacker broke into a Bell Atlantic
computer system, causing a crash
that disabled the phone system at
the airport for six hours.
The crash of the switch knocked out
phone service at the control tower,
airport security, the airport fire
department, the weather service,
and carriers that use the airport.
Also, the tower's main radio
transmitter and another transmitter
that activates runway lights were
shut down, as well as a printer that
controllers use to monitor flight


Super Hacker

Gary Mc Kinnon, is alleged to have

hacked over 90 U.S. military
computers and NASA before and
after 9/11
Looking for existence of UFOs and
to prove inadequacies in US
He supposedly stole 950 passwords
from one military system and
prevented naval email traffic being
routed across the internet for a
The US investigation was carried
out with the aid of the UK's national
hi-tech crime unit.
He eventually could face a total of
up to 70 years in a US jail.

The criminal hacker as entrepreneur

Jeanson James Ancheta, who prosecutors said was a well-known
member of the "Botmaster Underground" -- a secret network of
hackers skilled in "bot" attacks -- was arrested in November in
what prosecutors said was the first such case of its kind.
"He hijacked somewhere in the area of half a million computer
systems. This not only affected computers like the one in your
home, but it allowed him and others to orchestrate large scale
Prosecutors say the case was unique because Ancheta was
accused of profiting from his attacks by selling access to his "bot
nets" to other hackers and planting adware, software that causes
advertisements to pop up, into infected computers.
He agreed to pay some $15,000 in restitution to the military
facilities and forfeit the proceeds of his illicit activities, including
more than $60,000 in cash, a BMW automobile and computer
Source: 'Botmaster' pleads guilty to computer crimes
Tue Jan 24, 2006 8:53 AM ET, Reuters

Emulex Corporation

August 25, 2000 the media reported

that Emulex was under investigation
by the Securities and Exchange
Commission for accounting fraud. In
response to the investigation, the
media further reported, the CEO
would be stepping down.
Within hours, Emulex had lost 62% of
its value or $2.2 billion in market
By the end of the day, it was
discovered that it was a hoax.
Within a week, it was tracked to a
community college student name
Mark Jacob.
Jakob had made over $250,000 by
shorting the stock.
Prison term: 3 yrs. 8 mos.
Fine: Forfeit all profits and $103,000
in punitive fines.

The Good Guys who track

the hackers down

Cyber Crime Reference

While the current presentation is extensive the
following is recommended for any one looking for
a presentation that was designed for law school
student, IT, or criminal justice and includes
extensive and current cases.

Clifford (Cliff) Stoll

Astronomer and systems
Tracked down, Markus Hess,
a German hacker working for
the KGB attacking and spying
on government sites.
Wrote a book about his
The Cuckoo's Egg: Tracking a
Spy Through the Maze of Com
puter Espionage


Hacker Trackers
Kevin Mitnick was tracked
down in part by Tsutomu
See Take Down, T.
Shimomura & J. Markoff,
Hyperion Press, (1996).

Verton, D The Hacker Diaries, Confessions of
Teen Age Hackers, (2002), McGraw Hill

The Tools of Hackers

Soft tech tools -- social engineering uses
deception and hard work.
High tech tools are often developed by
systems administrators to test and explore
their networks and computer assets for holes
and exploits. These same tools are in turn
used by the hacker for break-ins and exploits.

Techniques for obtaining information

Low Tech Social Engineering
stealing mail or rummaging through rubbish
(dumpster diving)
eavesdropping on public transactions to
obtain personal data (shoulder surfing)
Obtaining castings of fingers for falsifying
fingerprint identification

Soruce: http://en.wikipedia.org/wiki/Identity_theft

Social Engineering
While the media portrays the hacker as a
super smart geek, in fact many of the best
hackers use social engineering to
accomplish their criminal acts.

Social Engineering
In the field of computer security, social engineering is the
practice of obtaining confidential information by manipulation of
legitimate users.
A social engineer will commonly use the telephone or Internet to
trick people into revealing sensitive information or getting them
to do something that is against typical policies.
By this method, social engineers exploit the natural tendency of
a person to trust his or her word, rather than exploiting computer
security holes.
It is generally agreed upon that users are the weak link in
security and this principle is what makes social engineering
Source: http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29

The High Tech Hacker

High Tech Internet Approaches
Stealing personal information in computer databases
[Trojan horses, hacking]
infiltration of organizations that store large amounts of
personal information
Impersonating a trusted organization in an electronic
communication (phishing) .
Spam (electronic): Some, if not all spam requires you to
respond to alleged contests, enter into "Good Deals",
Browsing social network (MySpace, Facebook, Bebo etc)
sites, online for personal details that have been posted
by users in public domains.

The Dark Side of Google

Using the advance search features
to find private individuals private
and other confidential information

Intro to Google Hacking

"Google Hacking is the use of Googles data stores for
naughty things.
Makes extensive use of the advanced Google syntaxes.
Is trivially easy to do and is rather trendy.
An excellent guide to get up to speed on the techniques of
"Google Hacking is the O'reily book Google Hacks by Tara
Calishain. Makes extensive use of the advanced Google
Is trivially easy to do and is rather trendy.
An excellent guide to get up to speed on the techniques of
"Google Hacking is the O'reily book Google Hacks by Tara

An Invitation to Data Mining


Google Hacking
University of Sunderland
Harry R Erwin, PhD
Peter Dunne, PhD
Section taken from web posted by Erwin


Web Search
Language Tools

Google Queries

Non-case sensitive
* in a query stands for a word
. in a query is a single character wildcard
Automatic stemming
Ten-word limit
AND (+) is assumed, OR (|) and NOT (-) must be
for a phrase

More Queries
You can control the language of the pages and
the language of the reports
You can restrict the search to specific countries

(google tricks) how to download files

from google!

Controlling Searches

Intitle, allintitle
Inurl, allinurl


Controlling Searches (II)

These operators can be used to restrict searches.
To restrict the search to the university:
Or to search for seventh moon merlot in the uk:
seventh moon merlot site:uk

Typical Filetypes


Why Google
You access Google, not the original website.
Most crackers access any site, even Google via a
proxy server.
Why? If you access the cached web page and it
contains images, you will get the images from the
original site.

Directory Listings

Search for intitle:index.of

Or intitle:index.of parent directory
Or intitle:index.of name size
Or intitle:index.of inurl:admin
Or intitle:index.of filename
This can then lead to a directory traversal
Look for filetype:bak, too, particularly if you want to
expose sql data generated on the fly

Commonly Available Sensitive


HR files
Helpdesk files
Job listings
Company information
Employee names
Personal websites and blogs
E-mail and e-mail addresses

Google Hacking Examples

Examples showing how to use the
previous ideas

Download eBooks with Google

Basic Google Hacks

Network Mapping
Site:domain name
Site crawling, particularly by indicating negative
searches for known domains
Lynx is convenient if you want lots of hits:
lynx -dump http://www.google.com/search?\
q=site:name+-knownsite&num=100 >\

Or use a Perl script with the Google API

Link Mapping
Explore the target site to see what it links to. The
owners of the linked sites may be trusted and yet
have weak security.
The link operator supports this kind of search.
Also check the newsgroups for questions from
people at the organization.

Web-Enabled Network Devices

The Google webspider often encounters webenabled devices. These allow an administrator to
query their status or manage their configuration
using a web browser.
You may also be able to access network statistics
this way.

Searches to Worry About

employee.ID| your
username is
your password is

-ext:html -ext:htm
-ext:shtml -ext:asp

Protecting Yourselves

Solid security policy

Public web servers are Public!
Disable directory listings
Block crawlers with robots.txt
NOSNIPPET is similar.

More Protection
Delete anything you dont need from the standard
webserver configuration
Keep your system patched.
Hack yourself
If sensitive data gets into Google, use the URL
removal tools to delete it.

Youtube Google Hacks 2.0

Google Hacks for Web cams

One trick to find and search for open unprotected
Internet webcams that broadcast to the web, is by
using the following query:
intitle:Live View / AXIS | inurl:view/view.shtml^

Source: Unknown web page

More patterns for finding web cams

If you know the unique pattern of URL or link, or
title pattern that other manufacturers webcams
or IP network cameras software used, you can
also easily locate and crack those unprotected
that are released or leaked to the public Internet
insecure cameras or webcams by using Google.
inurl:axis-cgi/mjpg (motion-JPEG)

More patterns for finding web cams

intitle:live view intitle:axis
allintitle:Network Camera NetworkCamera
intitle:axis intitle:video server
intitle:liveapplet inurl:LvAppl
intitle:EvoCam inurl:webcam.html

More patterns for finding web cams

intitle:Live NetSnap Cam-Server feed
intitle:Live View / AXIS
intitle:Live View / AXIS 206M
intitle:Live View / AXIS 206W
intitle:Live View / AXIS 210
inurl:indexFrame.shtml Axis
intitle:start inurl:cgistart
intitle:WJ-NT104 Main Page

More patterns for finding web cams

intext:MOBOTIX M1
intext:Open Menu
intext:MOBOTIX M10
intext:Open Menu
intext:MOBOTIX D10
intext:Open Menu
intitle:snc-z20 inurl:home/
intitle:snc-cs3 inurl:home/
intitle:snc-rz30 inurl:home

network camera snc-p1
network camera snc-m1
site:.viewnetcam.com www.viewnetcam.com
Network Camera user lo
intitle:netcam live image
-Catcher Console Web M

Youtube Finding Webcams

The Dark Side of Googling


Dornfest, Rael, Google Hacks 3rd ed, ORielly, (2006)

Ethical Hacking,

A great cheat sheet of Google search features:

A valuable Cheat Sheet for Google Search Hacks -how to find information fast and efficiently

The Dark Side of Googling

References (more)

Henk Van Ess, Hacking with Google,

http://www.zoekzone.com/gijc2005_vaness3.pdf A
tutorial for finding things like social security numbers,
phone directories, and similar items that should not be
left lying about on the Web. This is done to illustrate
how to protect your web site and your personal data.
Google Hacking,
Google Hacks 101

Google Hacks webcam reference

How to Find and View Millions of Free Live Web
Cams -http://www.traveltowork.net/2009/02/how-to-find-v
How to Hack Security Cameras,
How to Hack Security Cams all over the World

Tools for Hacking

Password Cracking
Password cracking is the process of recovering
secret passwords from data that has been stored
in or transmitted by a computer system. A
common approach is to repeatedly try guesses
for the password.
Password cracking works in a number of ways:
Guessing common words, birth dates, etc.
Dictionary attacks- trying all the words in a dictionary
Brute force based on the hashing system used by the
operating system

Password cracking programs

Ophcrack - Open source

John the Ripper
LC5 (formerly L0phtCrack)

Packet Sniffers
A sniffer is a program that monitors and analyzes
network traffic, detecting bottlenecks and problems.
Ethernet protocol works by sending packet information to
all the hosts on the same circuit. A machine that is
accepting all packets, no matter what the packet header
says, is said to be in promiscuous mode.
Because, in a normal networking environment, account
and password information is passed along Ethernet in
clear-text, it is not hard for an intruder once they obtain
root to put a machine into promiscuous mode and by
sniffing, compromise all the machines on the net.

Packet Sniffers
The popularity of packet sniffing stems from the fact that it
sees everything. Typical items sniffed include:
SMTP, POP, IMAP traffic
Allows intruder to read the actual e-mail.
POP, IMAP, HTTP Basic, Telnet authentication
Reads passwords off the wire in clear-text.
SMB, NFS, FTP traffic
Reads files of the wire.
SQL databse
Reads financial transactions and credit card numbers.

Packet Sniffers

Source: http://sectools.org/sniffers.html

Cain and Abel Network Sniffer Tutorial

Cryptography and encryption

Network tools -- http://

Network tools provides an online set of useful
network tools to determine the source of SPAM,
The four tools provided


nslookup is a network administration commandline tool available for many computer operating
systems for querying the Domain Name System
(DNS) to obtain domain name or IP address
mapping or for any other specific DNS record

Source: http://en.wikipedia.org/wiki/Nslookup

WHOIS (pronounced as the phrase who is) is a
query and response protocol that is widely used
for querying databases that store the registered
users or assignees of an Internet resource, such
as a domain name, an IP address block, or an
autonomous system, but is also used for a wider
range of other information. The protocol stores
and delivers database content in a humanreadable format.[1] The Whois protocol is
documented in RFC 3912.
Source: http://en.wikipedia.org/wiki/Whois


Ping is a computer network administration utility used to test the

reachability of a host on an Internet Protocol (IP) network and to measure
the round-trip time for messages sent from the originating host to a
destination computer. The name comes from active sonar terminology.
Ping operates by sending Internet Control Message Protocol (ICMP) echo
request packets to the target host and waiting for an ICMP response. In
the process it measures the time from transmission to reception (round-trip
time)[1] and records any packet loss. The results of the test are printed in
the form of a statistical summary of the response packets received,
including the minimum, maximum, and the mean round-trip times, and
sometimes the standard deviation of the mean.
Ping may be run using various options (command line switches)
depending on the implementation that enable special operational modes,
such as to specify the packet size used as the probe, automatic repeated
operation for sending a specified count of probes, time stamping options,
or to perform a ping flood. Flood pinging may be abused as a simple form
of denial-of-service attack, in which the attacker overwhelms the victim
with ICMP echo request packets.

Source: http://en.wikipedia.org/wiki/Ping


traceroute is a computer network diagnostic tool for

displaying the route (path) and measuring transit delays of
packets across an Internet Protocol (IP) network.
traceroute outputs the list of traversed routers in simple text
format, together with timing information
Traceroute is available on most operating systems.
On Microsoft Windows operating systems it is named tracert.
Windows NT-based operating systems also provide PathPing,
with similar functionality. Variants with similar functionality are
also available, such as tracepath on Linux installations. For
Internet Protocol Version 6 (IPv6) the tool sometimes has the
name traceroute

Source: http://en.wikipedia.org/wiki/Traceroute

Hacking Wireless Networks Tools

Reference: Hacking Wireless

Beaver, Kevin & Davis, Peter Hacking the
Wireless Networks for Dummies Wiley (2005).

Keystroke Logging
Keystroke logging is the program installed on a
computer to record every keystroke that the user
makes. Typically it is hidden in a Trojan horse.
The keystroke logger can reveal user ids and
passwords, scripts, etc.
The data can be downloaded and also used to
upload other damaging programs or to create a
slave computer that obeys a master in DDOS

Hacking Tool References

Schwartau, W., CyberShock, Thunder Mouth
Press, (2000).

Securing your computer

and website
There is no foolproof mechanism for securing
your computer or your website from attach.
However, you can make it very difficult and time
consuming to attack with some simple and
inexpensive (relative to the cost of the attack)

Simple Protection against Hackers

Simplest security Username and Password
Statistic about password frequency
Passwords should contain letters, numbers and other
assorted symbols.

@ instead of a
$ instead of s
3 instead of E
& instead of et
1 or ! instead of i
1 instead of l (depending on if you use ! instead of i)
Ex. Instead of using the password mainstreet use m@1n$tr3&

What is a firewall?
(frwl) (n.) A system designed to prevent
unauthorized access to or from a private network.
Firewalls can be implemented in both hardware
and software, or a combination of both. Firewalls
are frequently used to prevent unauthorized
Internet users from accessing private networks
connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass
through the firewall, which examines each
message and blocks those that do not meet the
specified security criteria.
Source: http://www.webopedia.com/TERM/f/firewall.html

How does a firewall work?

There are several types of firewall techniques:

Packet filter: Looks at each packet entering or leaving the network and accepts
or rejects it based on user-defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible to
IP spoofing.
Application gateway: Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very effective, but can impose a
performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can
flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The
proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in protecting private information. For
greater security, data can be encrypted

Source: http://www.webopedia.com/TERM/f/firewall.html

Protecting Yourself on the Internet

Firewalls (both HDW and SFW)
Anti-Virus & Anti-Spyware
Never open an attachment that you were not
expecting. If in doubt call the person.
Always backup the critical data
Always use the current patches to your O/S and
Always use the most current updates to your antimalware.

A more complex strategy Honeypot

A server that is configured to detect an intruder by
mirroring a real production system. It appears as an
ordinary server doing work, but all the data and
transactions are phony.
Located either in or outside the firewall, the honeypot is
used to learn about an intruder's techniques as well as
determine vulnerabilities in the real system.
A "honeynet" is a network containing honeypots. A
"virtual honeynet" is one that resides in a single server,
but pretends to be a full network. See firewall, darknet,
honeyproxy and honeymonkey.

Source: http://www.answers.com/

The DMZ (DeMilitarized Zone)

A middle ground between an
organization's trusted internal
network and an untrusted,
external network such as the
Internet. The DMZ is a
subnetwork (subnet) that may
sit between firewalls or off one
leg of a firewall. Organizations
typically place their Web, mail
and authentication servers in
the DMZ. DMZ is a military
term that refers to the area
between two enemies.


DMZ with Honeypots


Scrambrey,J et al Hacking Exposed Web
Applications, 2nd edit,(2006) McGraw Hill.
Dhanjani, N Linux and Unix Security Portable
Reference, (2003) McGraw Hill
Shema, M Web Security Portable Reference,
(2003) McGraw Hill

Protecting Your Identity

Never enter personal information (Acquired Characteristics) into a
web site that uses only http (as opposed to https)
Never send acquired characteristics (except your name) through
the email.
Unless you encrypt your email, expect that anyone can read it.
Always pay close attention to the spelling of the URL (web
address) when paying for anything on line.
Do not respond to unsolicited emails.
Shred all snail mail that contains personal information (especially
credit card offers!!)
Expect that once you throw something away, you are legally giving
it to the public.
Use only one credit card for online purchases
Keep your browsers up to date. Install security patches when they
are released.

Credit cards and the Internet

Credit and debit cards are now used routinely to
purchase airline tickets, gifts and flowers, and
thousands of other items from e-tailers,
Amazon.com, Ebay, etc. The internet is a rapidly
growing source of e-commerce involving $Billions.
The consumer is probably no more at risk than at
any other type of credit card transaction. However,
this is by no means a riskless environment and
the user should take at least as much care as with
any transaction.

Common Sense Protection Advice


Shopping on the Internet is no less safe than shopping in a store or by mail.

Keep the following tips in mind to help ensure that your online shopping
experience is a safe one.
Use a secure browser - software that encrypts or scrambles the purchase
information you send over the Internet - to help guard the security of your
information as it is transmitted to a website. When submitting your purchase
information, look for the "lock" icon on the browser's status bar, and the phrase
"https" in the URL address for a website, to be sure your information is secure
during transmission.
Check the site's privacy policy, before you provide any personal financial
information to a website. In particular, determine how the information will be
used or shared with others. Also check the site's statements about the security
provided for your information. Some websites' disclosures are easier to find
than others - look at the bottom of the home page, on order forms or in the
"About" or "FAQs" section of a site. If you're not comfortable with the policy,
consider doing business elsewhere.


Common Sense Protection Advice (more)

Read and understand the refund and shipping policies of a website you
visit, before you make your purchase. Look closely at disclosures about the
website's refund and shipping policies. Again, search through the website for
these disclosures.
Keep your personal information private. Don't disclose your personal
information - your address, telephone number, bank account number or e-mail
address - unless you know who's collecting the information, why they're
collecting it and how they'll use it.
Give payment information only to businesses you know and trust, and
only when and where it is appropriate - like an order form. Never give your
password to anyone online, even your Internet service provider.
Keep records of your online transactions and check your e-mail for
contacts by merchants with whom you're doing business. Merchants may
send you important information about your purchases.
Review your monthly credit card and bank statements for any errors or
unauthorized purchases promptly and thoroughly. Notify your credit or debit
card issuer immediately if your credit or debit card is lost or stolen, or if you
suspect someone is using your accounts without your permission.

What to do if your credit

card is lost, stolen, or
Recently millions of credit card numbers and Social
Security Numbers were disclosed when hackers broke
in and stole them from TJX company, and Dana Farber
sent out patient information to a wrong fax number.
In other cases they were on laptops that were stolen or
lost at airports, in poorly secured databases, etc.

Actions to take
Call and report all lost or compromised credit and debit
cards immediately. Your liability for loss is often
dependent on quick reporting. Remember driver
licenses, passports, and other id as well.
Carry a list of your credit/debit cards, their numbers, and phone
numbers in a separate place than the cards.

Call the hot line at the Credit reporting agencies.

Each of the big three has a single hot line to alert creditors to
protect you from having some else issue new cards/or lines of
credit in your name.
It will require you to go through extra steps to get new credit
cards etc. but will save your thousands and grief.

The 3 Credit Card Phone Numbers to

Keep these phone
numbers handy if you
suspect your credit or
identity has been
It will cause your credit
lines to be flagged and
may on occasion cause
some transactions to be
questioned but it will also
keep your finances


1 888-397-3742
1 800-583-4080

EQUIFAX 1 800-685-1111
1 800-349-9960

1 800-916-8800

Standler, R.B., Computer Crime,
http://www.rbs2.com/ccrime.htm (2002)

The Dark Side of the

Internet in the novel,
movies, television

In the age of international terrorism

and cyber crime is spawning a new
genre of crime and spy novels
featuring the white hat hacker and
the black hat hacker villains.

Hackers (1995) starring a very young Angelina
Takedown (2000) A cult classic about the phone
phreaker, Kevin Mitchnik
The Score (2001) Ed Norton and Robert De Niro
in a crime set in Canada
Live Free or Die Hard (2007) A Bruce Willis flix,
The attacking the nations infrastructure thru its
interlocking grids.

Dark Side of the Internet Fiction

Deaver, Jeffery. The blue nowhere New York :
Simon & Schuster, c2001.
Deaver, Jeffery. The broken window [sound
recording], Simon and Schuster Audio, p2008.