1 / 18

The KGB the Computer and Me

The KGB the Computer and Me. The KGB the Computer and Me. Appeared on the program Nova in the early 90’s Describes an attack on Berkley computers taking place almost exactly 20 years ago and the response to it. Based on the Book, “The Cuckoos Egg”. Computing in the late 80’s.

brook
Télécharger la présentation

The KGB the Computer and Me

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The KGB the Computer and Me

  2. The KGB the Computer and Me • Appeared on the program Nova in the early 90’s • Describes an attack on Berkley computers taking place almost exactly 20 years ago and the response to it. • Based on the Book, “The Cuckoos Egg”

  3. Computing in the late 80’s • Most engineers and Scientists used mainframe computers. • Mainframes were accessed locally using terminals • Terminal is a keyboard, and screen with no computer. • Mainframes were accessed from remote locations using modems, and dial-up connections • Mainframes belonging to Universities, Defense Department researchers and some businesses were linked by an early version of the internet

  4. Home Computers • Home Computers were available • IBM PC • Apple Macintosh • They were expensive and limited by today’s standards

  5. Home Computers • Home computers could communicate to Mainframes using modems and dialup connections. • Terminal emulators allowed the home computer to simulate a terminal • File transfer software, like Kermit, allowed files to be uploaded and downloaded to the mainframe • No World Wide Web yet.

  6. Clifford Stoll • Astronomy Student turned Computer Security Expert • His book, “The Cuckoo’s Egg”, was the first real exploration of the computer security problem. • Currently sells Klein Bottles on the Internet

  7. Clifford Stoll • His later books are skeptical of the role of computers in Society • “High Tech Heretic: Why computers don’t belong in the classroom and other reflections by a computer contrarian” • “Silicon snake oil : second thoughts on the information highway”

  8. Markus Hess • Was tried and convicted, and sentenced to 2 to 3 years in prison • The sentence was suspended • He now works writing networking code for a computer firm in Germany

  9. Some Questions • What attack types did the Hacker Use? • What were the hacker’s motivations? • Do you think this could happen today? • How was the hacker detected?

  10. Attack Types • Hess originally gained access to systems by gaining access to an existing account (swentec) • Its not covered in the film, but he used several methods of password guessing • We call this approach Impersonation

  11. Attack Types • Once Hess gained access to a system, he became “superuser”, (Unix slang for the administrative user • He did this by exploiting a flaw in the email system • For the record, this was our old friend, the buffer overflow exploit • We call this, “Privilege Escalation”

  12. Attack Types • Once superuser, he hid all traces of his attack and created accounts he could use later. • He then typically left the system. • Later he would log on using one of the accounts he created. From this account, he could launch attacks on other systems without being traced back to his home • This is similar to the behavior of modern worms.

  13. What Were Hess’s Motivations? • Ideas? • Did the motivations of Hess and his companions change as time went on?

  14. How was the attack Detected • Ideas?

  15. How was the attack Detected • Initial detection was because of a minor accounting error • Tracing the activity once detected was extremely difficult • Hess passed through many systems • The systems were in many legal jurisdictions • Many technicians and law enforcement official were ultimately involved.

  16. How was the attack Detected • The final technique Stoll used is called today, a “honeypot” • Create something the hacker wants • Use it to draw him/her to the site, and keep him there while tracing and identifying the hacker • This technique is often used today in child pornagraphy investigations

  17. Can it Happen Today • Thoughts?

  18. Final Thought • This case is still important today because it is one of the few times a hacker has been caught, prosecuted and convicted. • It still remains extremely difficult to trace the source of attacks • We solve more cases, (%), involving serial killers than hackers. • Next case, Mr. McGinnis and the flying saucers

More Related