eSPIONAGE - PowerPoint PPT Presentation

1 / 27

About This Presentation

Title:

eSPIONAGE

Description:

The ancient writings of Chinese and Indian military strategists such as Sun-Tzu ... was sent by an unknown attacker, bounced through an Internet address in South ... – PowerPoint PPT presentation

Number of Views:576

Avg rating:3.0/5.0

Slides: 28

Provided by: ank42

Category:

more less

Transcript and Presenter's Notes

Title: eSPIONAGE

1
e-SPIONAGE

Ankur Bansal
CS-575
April 26th,2008

The U.S. military created the internet. Now the
web may be turning against its maker.
Business Week,
April 21st 2008

3
Overview

What is Espionage
Spy-wares
Espionage as National Issue

4
Espionage

Espionage or spying involves a human being
obtaining information that is considered secret
without the permission of the its holder.
The ancient writings of Chinese and Indian
military strategists such as Sun-Tzu and Chanakya
contain information on deception and spying.

5
Espionage (Contd..)

Chanakya's student Chandragupta Maurya, founder
of the Maurya Empire, made use of assassinations,
spies and secret agents, which are described in
Chanakya's Arthasastra.
The ancient Egyptians had a thoroughly developed
system for the acquisition of intelligence
Japan often used ninja to gather intelligence.
Spies played a significant part in Elizabethan
England
USA and Russia used spies extensively during cold
war period

6
Spy-wares

Spyware is computer software that is installed
surreptitiously on a personal computer to
intercept or take partial control over the user's
interaction with the computer, without the user's
informed consent.

7
Spy-ware (Contd.)

Functions of spyware extend well beyond simple
monitoring
Spyware can collect various types of personal
information, Internet surfing habit, sites
visited
It Can interfere with user control of the
computer
Can installing additional software.
Can redirect Web browser activity.
Access websites that can cause viruse infections.
Can change computer settings, resulting in slow
connection speeds, loss of Internet or other
programs

8
History of Spy-wares

The first recorded use of the term spyware
occurred on October 16, 1995 in a Usenet post
that poked fun at Microsoft's business model
Spyware at first denoted hardware meant for
espionage purposes.
In 2000 the Zone Labs used the term in a press
release. Since then, "spyware" has taken on its
present sense.

9
Spyware/ Adware/ Virus

Adware refers to software which displays
advertisements, whether or not the user has
consented
Example - Eudora mail client display
advertisements as an alternative to shareware
registration fees
Most adware is spyware as they displays
advertisements related to what they find from
spying.
Unlike viruses and worms, spyware does not
usually self-replicate

10
kaZaa an example

kaZaa is one of the most popular softwares today.
Its free downloadable in minutes
Allow people to share/ exchange files
Millions of users
247 Millions as of July,2003

11
kaZaa (contd.)

But there is a catch
When installed you get more than just kaZaa you
also get
Cydoor a tracking advertising software
Displays pop-up ads
Tracks web surfing habits
Gator ad-driven backdoor software
Altnet a hidden p2p software
Many others that kaZaa wishes to include

12
Routes of infection

Spyware does not directly spread in the manner of
a computer virus or worm generally, an infected
system does not attempt to transmit the infection
to other computers.
Spyware gets on a system through deception of the
user or through exploitation of software
vulnerabilities.
3 common ways
Piggybacking on a piece of desirable software
Trojan horse method Tricking user to installing
it.
Posing as anti-spyware programs, while being
spyware themselves.

13
Examples

CoolWebSearch
Directs traffic to advertisements on
coolwebsearch.com.
Rewrites search engine results
Alters the computer's hosts file to direct DNS
lookups to ad pages.
Internet Optimizer, also known as DyFuCa
When users follow a broken link or enter an
erroneous URL, they see a page of advertisements.
Since password-protected Web sites use the same
mechanism as HTTP errors, Internet Optimizer
makes it impossible for the user to access
password-protected sites.
Zango (formerly 180 Solutions)
Transmits detailed information to advertisers
about the Web sites which users visit.
Alters HTTP requests for affiliate advertisements
linked from a Web site.
Zlob trojan, or just Zlob
Downloads itself to your computer via an ActiveX
codec
Reports information back to Control Server.
Some information can be as your search history,
the Websites you visited, and even Key Strokes.

14
Problems

These softwares often run silently in background,
without users knowledge!
It is very hard to detect these non-destructive
but intrusive activities
Undesirable features are closely integrated with
desirable features

15
Stats

According to a 2005 study by AOL and the
National Cyber-Security Alliance
61 of surveyed users' computers had some form
of spyware.
92 of users with spyware reported that they did
not know of its presence.
91 percent had not given permission for the
installation of the spyware

16
Security practices

Install anti-spyware programs
Use a web browser other than IE, such as Opera or
Mozilla Firefox.
Sharewares are a big source of spy wares
Download only from reliable source.

17
Innocent e-mail

The e-mail message addressed to a Booz Allen
Hamilton executive was mundanea shopping list
sent over by the Pentagon of weaponry India
wanted to buy
Beneath the description of aircraft, engines, and
radar equipment was an insidious piece of
computer code known as "Poison Ivy" designed to
suck sensitive data out of the 4 billion
consulting firm's computer network.
The Pentagon hadn't sent the e-mail at all

18
The innocent e-mail

Authors knew enough about the "sender" and
"recipient" to craft a message unlikely to arouse
suspicion
Had the Booz Allen executive clicked on the
attachment, his every keystroke would have been
reported back to a mysterious master at the
Internet address cybersyndrome.3322.org

19
(No Transcript)
20
Innocent e-Mail

The e-mail was more convincing because of its
apparent sender Stephen J. Moree, who reports to
the office of Air Force Secretary Michael W.
Wynne
Moree's unit evaluates the security of selling
U.S. military aircraft to other countries.
There is little reason to suspect anything
seriously in Moree's passing along the highly
technical document with "India MRCA Request for
Proposal as title
The Indian government had just released the
request a week earlier, on Aug. 28, and the
language in the e-mail closely tracked the
request.
It referred to upcoming Air Force communiqués and
a "Teaming Meeting" , making the message appear
more credible

It was sent by an unknown attacker, bounced
through an Internet address in South Korea,
relayed through a Yahoo! server in New York, and
finally made its way toward Mulhern's Booz Allen
in-box.
The digital trail to cybersyndrome.3322.org,
leads to one of China's largest free
domain-name-registration and e-mail services
called 3322.org
Poison Ivy can steal information in access.
RAT remote administrative tool

Government agencies reported 12,986 cyber
security incidents to the U.S. Homeland Security
Dept. last fiscal year
Many of the new attackers are trained
professionals backed by foreign governments

23
Major Attacks

Solar Sunrise Feb 1998
Air force and Navy computers are hit by
malicious code while U.S. was preparing to attack
Iraq
Moonlight Maze March 19981999
Defence Dept., NASA, Energy Dept., Weapons Lab
Large packets of unclassified data was stolen

Titan Rain 2004
Classified data on computers of defence
cotractors
Lockheed Martin, Sandia National labs and NASA
Byzantine Foothold 2007
Lot of corporations state depts to boeing

Paul Kurtz, former national security officer,
explains how the U.S. government and its defense
contractors have been the victims of an
unprecedented rash of similar cyber attacks over
the last two year
Video

26
Referances