1 / 36

HACKED!!! – Kuala Lumpur, Malaysia Network Security

HACKED!!! – Kuala Lumpur, Malaysia Network Security. Outsmarting Cyber Villains. Ankit Fadia Intelligence Consultant and Author afadia@stanford.edu. How to become a Computer Security Expert?. THINGS TO DO : Learn at least one Programming Language. Become a Networking Guru.

brier
Télécharger la présentation

HACKED!!! – Kuala Lumpur, Malaysia Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HACKED!!! – Kuala Lumpur, Malaysia Network Security Outsmarting Cyber Villains Ankit Fadia Intelligence Consultant and Author afadia@stanford.edu http://www.hackingmobilephones.com

  2. How to become a Computer Security Expert? • THINGS TO DO: • Learn at least one Programming Language. • Become a Networking Guru. • Learn to work in the UNIX Shell. • Get the ‘Hacking’ attitude. • Read, Read and Read as much as you can!!!! http://www.hackingmobilephones.com

  3. Hacker VS Cracker • Qualities of a Hacker: • Lots of Knowledge & Experience. • Good Guy. • Strong Ethics. • Never Indulges in Crime. • Catches Computer Criminals. • Qualities of a Cracker: • Lots of Knowledge & Experience. • Bad Guy. • Low Ethics. • Mostly Indulges in Crime. • Is a Computer Criminal himself. http://www.hackingmobilephones.com

  4. Facts and Figures FBI INTELLIGENCE REPORT http://www.hackingmobilephones.com

  5. TOP 5 CORPORATE ESPIONAGE ATTACKS • TOP 5 Corporate Espionage Attacks: • Privacy Attacks • Email Forging Attacks • Sniffer Attacks • Keylogger Attacks • DOS Attacks http://www.hackingmobilephones.com

  6. Individual Internet User Mumbai Lady Case • A lady based in Mumbai, India lived in a one-room apartment. • Was a techno-freak and loved chatting on the Internet. • Attacker broke into her computer & switched her web camera on! • Biggest cyber crime involving privacy invasion in the world! http://www.hackingmobilephones.com

  7. Government Sector NASA • The premier space research agency in the world. • Had just finished a successful spaceship launch, when the unexpected happened. • The path of the spaceship was changed remotely by a 11 year old Russian teenager. • Loss of money. Unnecessary worry. http://www.hackingmobilephones.com

  8. TROJANS • TROJANS Definition: Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker. Working:See Demo. • Threats: • Corporate Espionage, Password Stealing, IP Violation, Spying, etc. Tools: • Netbus, Girlfriend, Back Orrifice and many others. http://www.hackingmobilephones.com

  9. TROJANS COUNTERMEASURES • Port Scan your own system regularly. • If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed. • One can remove a Trojan using any normal Anti-Virus Software. • Monitor start up files and port activity. http://www.hackingmobilephones.com

  10. TOP 5 CORPORATE ESPIONAGE ATTACKS • TOP 5 Corporate Espionage Attacks: • Privacy Attacks • Email Forging Attacks • Sniffer Attacks • Keylogger Attacks • DOS Attacks http://www.hackingmobilephones.com

  11. Consumer Electronic Goods Sector TV Group • One of the largest manufacturers of televisions and other electronic goods in the world. • Attacker sent an abusive forged email to all investors, employees and partners worldwide from the Chairman’s account. • Tainted relations. http://www.hackingmobilephones.com

  12. Email Forging • Email Forging Definition: Email Forging is the art of sending an email from the victim’s email account without knowing the password. Working: • ATTACKER-----Sends Forged email----- FROM VICTIM Tools: • None required! DEMO http://www.hackingmobilephones.com

  13. Email Forging COUNTERMEASURES • NOTHING can stop the attacker. • Use Secure email systems like PGP. • Digitally sign your emails. http://www.hackingmobilephones.com

  14. TOP 5 CORPORATE ESPIONAGE ATTACKS • TOP 5 Corporate Espionage Attacks: • Privacy Attacks • Email Forging Attacks • Sniffer Attacks • Keylogger Attacks • DOS Attacks http://www.hackingmobilephones.com

  15. Healthcare Sector Healthcare Group • One of the largest shaving solutions companies in the world. • Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier. • Loss of revenue. Delay in Product launch. http://www.hackingmobilephones.com

  16. Government Sector BARC Group • One of the most sensitive atomic and missile research facilities in India. • Pakistani criminal organizations broke into network and stole sensitive missile info. • Loss of sensitive data. Threat to national security. http://www.hackingmobilephones.com

  17. SNIFFERS • SNIFFERS Definition: Sniffers are tools that can capture all data packets being sent across the entire network in the raw form. Working:ATTACKER-----Uses sniffer for spying----- VICTIM • Threats: • Corporate Espionage, Password Stealing, IP Violation, Spying, etc. Tools: • Tcpdump, Ethereal, Dsniff and many more. http://www.hackingmobilephones.com

  18. SNIFFERS COUNTERMEASURES • Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC) • Use Encryption Standards like SSL, SSH, IPSec. http://www.hackingmobilephones.com

  19. TOP 5 CORPORATE ESPIONAGE ATTACKS • TOP 5 Corporate Espionage Attacks: • Privacy Attacks • Email Forging Attacks • Sniffer Attacks • Keylogger Attacks • DOS Attacks http://www.hackingmobilephones.com

  20. Fashion Entertainment Sector Fashion House Group • One of the most successful fashion designers in Europe. • Stole all designs and marketing plans. • Came out with the same range of clothes a week before. • Loss of Revenue. R&D & creative work down the drain. http://www.hackingmobilephones.com

  21. KEYLOGGERS • KEYLOGGERS Definition: They are spying tools that record all keystrokes made on the victim’s computer. Working:ATTACKER-----Uses keylogger for spying----- VICTIM • Threats: • Corporate Espionage, Password Stealing, IP Violation, Spying, etc. Tools: • Thousands of Keyloggers available on the Internet. http://www.hackingmobilephones.com

  22. KEYLOGGERS COUNTERMEASURES • Periodic Detection practices should be made mandatory. • A typical Key Logger automatically loads itself into the memory, each time the computer boots. • Hence, one should search all the start up files of the system and remove any references to suspicious programs. • This should protect you to a great extent! http://www.hackingmobilephones.com

  23. TOP 5 CORPORATE ESPIONAGE ATTACKS • TOP 5 Corporate Espionage Attacks: • Privacy Attacks • Email Forging Attacks • Sniffer Attacks • Keylogger Attacks • DOS Attacks http://www.hackingmobilephones.com

  24. Internet Services Sector Internet Services • Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours! • All users across the globe remained disconnected. • Attackers were never caught. • Loss of Revenue. Share values down. http://www.hackingmobilephones.com

  25. Denial of Services (DOS) Attacks • DOS ATTACKS Definition: Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users. Working: • ATTACKER-----Infinite/ Malicious Data----- VICTIM Tools: • Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES] • Trin00, Tribal Flood Network, etc [TOOLS] http://www.hackingmobilephones.com

  26. Denial of Services (DOS) Attacks • BUSINESS THREATS • All services unusable. • All users Disconnected. • Loss of revenue. • Deadlines can be missed. • Unnecessary Inefficiency and Downtime. • Share Values go down. Customer Dissatisfaction. http://www.hackingmobilephones.com

  27. DOS Attacks COUNTERMEASURES • Separate or compartmentalize critical services. • Buy more bandwidth than normally required to count for sudden attacks. • Filter out USELESS/MALICIOUS traffic as early as possible. • Disable publicly accessible services. • Balance traffic load on a set of servers. • Regular monitoring and working closely with ISP will always help! • Patch systems regularly. • IPSec provides proper verification and authentication in the IP protocol. • Use scanning tools to detect and remove DOS tools. http://www.hackingmobilephones.com

  28. Recommendations and Countermeasures • National CERTS and Cyber Cops. • Security EDUCATION and TRAINING. • Increase Security budgets. • Invest on a dedicated security team. • Security by obscurity? http://www.hackingmobilephones.com

  29. THE FINAL WORD • THE FINAL WORD • The biggest threat that an organization faces continues to be from…. THEIR OWN EMPLOYEES! http://www.hackingmobilephones.com

  30. Is Internet Banking Safer than ATM Machines? ATM MACHINES VS INTERNET BANKING ATM Machines Internet Banking Easier to crack. Difficult to crack, if latest SSL used. Soft Powdery Substance. Earlier SSL standards quite weak. Unencrypted PIN Number. Software/ Hardware Sniffer. Fake ATM Machine http://www.hackingmobilephones.com

  31. Mobile Phone Hacking Mobile Phone Attacks • Different Types: • BlueJacking • BlueSnarfing • BlueBug Attacks • Failed Authentication Attacks • Malformed OBEX Attack • Malformed SMS Text Message Attack • Malformed MIDI File DOS Attack • Jamming • Viruses and Worms • Secret Codes: *#92702689# or #3370* http://www.hackingmobilephones.com

  32. AN ETHCAL GUIDE TO HACKING MOBILE PHONES Hacking Mobile Phones Title: An Ethical Hacking Guide to Hacking Mobile Phones Author: Ankit Fadia Publisher: Thomson Learning JUST RELEASED! http://www.hackingmobilephones.com

  33. THE UNOFFICIAL GUIDE TO ETHICAL HACKING Ankit Fadia Title: The Unofficial Guide To Ethical Hacking Author: Ankit Fadia Publisher: Thomson Learning http://www.hackingmobilephones.com

  34. NETWORK SECURITY: A HACKER’S PERSPECTIVE Ankit Fadia Title: Network Security: A Hacker’s Perspective Author: Ankit Fadia Publisher: Thomson Learning http://www.hackingmobilephones.com

  35. THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY Network Security Title: The Ethical Hacking Guide to Corporate Security Author: Ankit Fadia Publisher: Macmillan India Ltd. http://www.hackingmobilephones.com

  36. HACKED!!! – Kuala Lumpur, Malaysia Network Security Questions? Ankit Fadia Intelligence Consultant cum Author afadia@stanford.edu http://www.hackingmobilephones.com

More Related