Hackers in the Library - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Hackers in the Library

Description:

A politically motivated defacement of PAC station desktop wallpaper. The regular wallpaper was used to provide instructions for use of the PAC and was 'locked down' ... – PowerPoint PPT presentation

Number of Views:319
Avg rating:3.0/5.0
Slides: 40
Provided by: winter5
Category:

less

Transcript and Presenter's Notes

Title: Hackers in the Library


1
Hackersin theLibrary
Creative Commons License You are free to share
and remix but you must provide attribution and
you must share alike.
2
Library Website Shutdown by Hacker
3
ILS Server Hacked
This isn't exactly true Unix isn't any more or
less hacker friendly than any other OS (not at
this level of discussion). Beware, this opinion
is expressed in the L.I.S. literature (but
contradicted in I.T. Literature). Don't play the
blame game... come up with a defense-in-depth
strategy instead.
4
Library Phonelines Hacked
5
Even Library of Congress was Hacked
6
And More...
7
Many Library Hacks Old New
8
This talk covers 3 Kinds of Library
Cybersecurity Case Study
1
  • Libraries as unique targets

2
Libraries as attractive targets
3
Trends in cybercrime
9
Libraries fit into the 2nd Most Hacked
Organization Type
Libraries
Shezaf (2008)
10
Libraries can be Unique Targets
  • Public Access Computers
  • Lots of Users
  • Private Records for Large Populations
  • Lots of Bandwidth
  • Access to Valuable Licensed Information

11
PAC Desktop Wallpaper Defacement
  • A politically motivated defacement of PAC station
    desktop wallpaper. The regular wallpaper was
    used to provide instructions for use of the PAC
    and was locked down.

12
Helpful HOWTO on Library Hacking
13
Ezproxy Password Fans
14
Academics and Doctors Dedicated to Hacking
Libray Proxy Servers
15
Forums show why libraries are being targeted
16
Typosquatting Virtual Reference
Typosquatters have websites with popular
mispellings for names In 2006 several
cybersquatters displayed content from and links
back to askaquestion.ab.ca Is that GOOD thing or
a BAD thing?
17
Student Sent a Prank Overdue Notice
  • First overdue notice
  • According to our records, the following library
    material is overdue. Please
  • renew or return as fines may be accruing.
    Currently you owe 542.53. If you
  • do not pay by 10/10/2008, your University degree
    will be immediately
  • revoked.
  • If you wish to renew, you may do so using this
    link to My Account at
  • http//catalogue.library.ca/myaccount/
  • Contact the circulation desk at the above library
    if you have any questions.
  • Thank you.
  • 1 call numberZ 699 A1 A61 v.39 2005
    ID0162022610438 30.00
  • Annual review of information science and
    technology.
  • Washington, etc. American Society for
    Information Science etc.
  • due8/31/2008,2359
  • 2 call numberZ 699 A1 A61 v.40 2006
    ID0162022610487 21.00
  • Annual review of information science and
    technology.

18
Library Patron Records Exposed
19
Libraries are Attractive Targets
  • Lots of Bandwidth
  • Lots of Users
  • Open Networks
  • Weak I.T. Practices

20
Turkish Defacers Attack Museum Greeting Cards
21
Wordpress Spam Link Injection
22
Library GIS Station Hacked
23
Hacked to Serve Illicit French Movies
?
An unpatched server was compromised and used to
distributed 20 GB of videos with French language
titles. The problem was discovered when the
server was blocked for excessive bandwidth usage.
24
French Puppet Videos!
The server was distributing 20 GB of French
Puppet Videos. The cleanup time was 7 hours. If
they had just asked we would have probably found
someone to host the videos for them!
25
Trends in CybercrimeWill Affect Libraries
  • Every factor already mentioned
  • Hacker's desire to make money

26
Hackers are motivated by Money
  • Defacement
  • Propaganda
  • Bragging Rights
  • Reputation Hijacking
  • Ad Revenue
  • Stealing Sensitive Info
  • Ransom
  • Direct Financial Gain
  • Information Leaks
  • Enable other Attacks

Types of Cyberattacks by Volume Shezaf (2008)
27
Library Phonelines Hacked
28
Phishing Spear-phishing
  • From anitajohnsonrosjn_at_gmail.com
  • To
  • Subject (TRANSFER CONTACT)
  • My Dear,
  • Its me Mrs. Anita Johnson Ross, please I have
    been waiting for you to
  • contact me regarding your willed fund of
    (3,500,000.00) (Three million five
  • hundred thousand dollars) but i did not hear from
    you since the last time.
  • Well I finally went and deposited the fund in a
    bank, as I will be going in
  • for an operation any moment from now. I hope you
    are aware that I have been
  • diagnosed for cancer about 2 years ago, that was
    immediately after the death
  • of my husband before I was touched by God to
    donate from what I have
  • inherited from my late husband to you for the
    good work of God than allow my
  • relatives to use my husband hard earned funds
    ungodly.
  • What you have to do now is to contact the Bank as
    soon as possible to know
  • when they will Transfer the money to you to start
    the good work of the lord
  • as initially arranged, and to help the motherless
    less privilege also for the
  • The only money you have to send to the Bank is
    the account opening fee due to
  • my method of deposit. Again, don't be deceived by
    anybody to pay any other
  • money except account opening charges.
  • Please kindly contact the bank on Tel
    13-162-651-1808 /Fax
  • 31-847-301-282. OR via E-MAIL
    snsregiobktransfers.unit1_at_hotmail.com with
  • your full names contact telephone/fax number and
    your full address and tell
  • them that I have deposited the sum of
    (3,500,000.00) in the Unit account of
  • the bank and you are the present beneficiary to
    the sum. I will inform the
  • bank immediately that I have WILL-IN that amount
    to you for a specific work.
  • Let me repeat again, try to contact the Bank as
    soon as you receive this mail
  • to avoid any further delay and remember to pay
    them their account set up fee
  • for their immediate action. I will also
    appreciate your utmost
  • confidentiality in this matter until the task is
    accomplished as I don't want
  • anything that will jeopardize my last wish. Also
    I will be contacting you by
  • email as I don't
  • want my relation or anybody to know because they
    are always around me.

29
DNS Poisoning
The cyberbrowse owner gets paid when people
view or click on ads. We found that Big Public
Library's DNS servers were being poisoned to
misdirect browsers to the cyberbrowse website
30
How DNS Works
Get the webpage from 64.4.33.7
6
Your PC
www.hotmail.com 64.4.33.7
What is the IP for www.hotmail.com?
1
The IP for hotmail.com is 64.4.33.7
5
DNS Cache
Remember hotmail.com Is 64.4.33.7
Your DNS Server
4
What is the IP for www.hotmail.com?
3
The IP is 64.4.33.7
2
Hotmail's DNS Server
31
How DNS Poisoning Works
Get the webpage from 69.93.150.59
5
www.hotmail.com 64.4.33.7
Your PC
What is the IP for www.hotmail.com?
3
cyberbrowse.com 69.93.150.59
The IP for hotmail.com is 69.93.150.59
4
Remember hotmail.com Is 69.93.150.59
DNS Cache
Your DNS Server
2
The IP for www.hotmail.com Is 69.93.150.59!!!
1
Hostile DNS Server
Hotmail's DNS Server
32
Cyberbrowse attack was widespread
In 2003, others suffered from the cyberbrowse DNS
Poisoning Many mistook the attack for a problem
with their own computers
I spoke with Shaw Bigpipe and confirmed that they
were under attack for months but didn't know it
was an attack.
33
The Crimeware Supply Chain
  • How SPAM Makes Money
  • Viruses create botnets (networks of thousands of
    slave computers)
  • Botnet owners pay to have viruses distributed
  • Spammers pay botnet owners to send spam
  • But spamming requires accounts, which are
    protected by CAPTCHAs
  • Botnet owners pay CAPTCH breakers
  • How Credit Card Theives Work
  • Viruses steal credit card and identity info
  • Card information is sold to others
  • Carders use stolen cards to purchase items
  • Remailers ensure shipped items can be obtain
  • Items may be soldStealing from your Bank
    Account
  • Banks accounts are broken into
  • Money Mules accept payments to their own
    accounts and then pay the theives

34
Breaking CAPTCHAs Pays
This pays about 2/1000 CAPTCHAs broken occording
to a presentation at OWASP 3.0
From Dancho Danchev's Blog http//ddanchev.blogsp
ot.com/2007/09/spammers-and-phishers-breaking-capt
chas.html
35
Affiliate Marketing Pays for Viruses
36
Cybercrime has grown to includecomplete supply
chain management
37
Questions?
  • email me
  • michael_at_winterstorm.ca
  • Slides
  • http//winterstorm.ca/download/

38
No virus news is NOT good news
  • Problems
  • Old anti-virus programs cannot detect the latest
    types of viruses
  • Viruses released today cannot be detected until
    tomorrow
  • Viruses come in clusters you might only detect
    on when you are infected with 5
  • No anti-virus program can detect all viruses
  • Solutions
  • Update your anti-virus software, not just the
    definitions
  • Peform a full-antivirus scan every few days
  • Completely reformat any computer on which a virus
    is detected
  • Scan with several different online scanners
    (f-secure, trend at home, stinger).

39
Questions Asked 2008-10-23
  • Questions
  • What are the top 3 things we can do today to
    secure our networks
  • Answers
  • 1) Keep your anti-virus up-to-date (both
    definitions software) and do nightly or weekly
    scans (see next slide)
  • Use separation of concerns in your network
    separate (physically or virtually) those things
    that do not need to access each other. Use
    different passwords for every web application
    instead of a shared one. Make sure that servers
    that don't need to connect cannot connect.
  • Automated Monitoring (I failed to give this as an
    example, but it my biggest ally). This means a
    lot of things from testing if servers and
    services are up to monitoring and charting
    bandwidth, CPU, and RAM usage. Anomolies are a
    very strong way to determine if you have a
    security issue
Write a Comment
User Comments (0)
About PowerShow.com