2. Hacking: The Basics
The term hacking itself is broad in that it
encompasses all forms (i.e. phones,
computers, computer systems) of gathering
information about another person, usually
illegally and for profitable reasons.
http://www.youtube.com/watch?v=uV5u5Nl3bjM
3. Classifications of Hacking
White Hat – an ethical hacker who helps test security systems.
Black Hat – a hacker who breaks into a computer security system for
personal gain or malicious intent.
Grey Hat – a mix of the white and black hat, this hacker may break into a
computer system, then offer to help the company protect against hackers for a
fee.
Elite Hacker – extremely skilled hackers.
Script Kiddie – a non-expert who cracks into a computer system using
pre-constructed tools (i.e. another hacker‟s technique) to do so.
Neophyte – also known as a “n00b” or a “newbie” is someone who is
new to hacking and knows very little about it.
Hacktivist – a hacker who breaks into websites and reorganizes them
with a political, social, or otherwise ideological message.
4. Techniques
Vulnerability Scanner – a tool that scans a computer to
see which networks or files are „open‟ to corrupt.
Password cracking – discovering a password by finding old
data stored on a computer (can be as simple as guessing a
password).
Spoofing attack (Phishing) – falsely advertising to be
another website or program, and when downloaded can take personal info.
Social engineering – when a hacker tries to convince a system
administrator that he is a user or supervisor who needs assistance gaining
access
5. Techniques continued…
Trojan Horses – a program that appears to be doing one thing
while really serving another purpose.
Viruses – a self-replicating program that spreads by duplicating
copies of itself.
Worms – similar to a virus in that it is a self-replicating program, but it
does not have to be opened by the user in order to infect a computer.
Key Loggers – a tool that records each key stroke made so as to
retrieve passwords or private data.
6. The History of Hacking: A
Timeline
1870s 1960s 1970s 1980s 1990s 2000
First Instance Positive term John Draper, One of the Creation of Microsoft is a
of phone for hackers one of the first arrests the National victim of a new
hacking develops most famous of the Infrastructur type of hacking
exhibited by through phone Milwaukee- e Protection
teenagers. MIT‟s hackers, based 414 Center. Chinese
artificial nicknamed hackers. hackers claim
intelligence “Captain to gain access
lab. Crunch” to sensitive
sites.
YouTube
Sesame Street
hacking
controversy.
7. Notorious “Black Hat” Hackers
Jonathan James: James gained
notoriety when he became the first
juvenile to be sent to prison for hacking
at age 16. Created a backdoor to the
department of defense which enabled
him to view sensitive emails and
capture employee usernames and
passwords.
Adrian Lamo: Broke into major
organizations like The New York Times
and Microsoft. Dubbed the "homeless
hacker," he used Internet connections
at Kinko's, coffee shops and libraries to
do his intrusions so as to remain
„untraceable‟.
8. Famous “White Hat” Hackers
Stephen Wozniak: "Woz" is
famous for being the "other
Steve" of Apple.
Tim Berners-Lee: Berners-
Lee is famed as the inventor
of the World Wide Web
9. Hacking Today: Stuxnet
A computer worm discovered in June of 2010.
It is the first discovered malware what spies on
and subverts industrial systems.
Specifically targeted an Iranian Nuclear
Facility.
Brings up the question as to whether the
framework will be used for future super
viruses. Azerbaijan 2.57%
United States
Country Infected computers:
1.56%
Iran 58.85% Pakistan 1.28%
Indonesia 18.22% Others 9.2%
10. Illegality of Hacking
Computer Fraud & Abuse Act – 1984
Put in place to reduce cracking of computer
systems (hacking) and to address federal
computer-related offenses.
Initially governed only cases with a compelling
federal interest
After amendments, many people feel that the law
is too broad
11. Illegal Actions under the Act
1. Knowingly accessing a computer without authorization for purposes of
obtaining national security data
2. Knowingly and intentionally accessing a computer without authorization in
order to gain information from a financial institution, any U.S. department
or agency, or any protected computer.
3. Intentionally accessing without authorization a government computer to
affect the government‟s use of it.
4. Knowingly accessing a protected computer with the intent to defraud.
5. Knowingly causing the transmission of a program, information, code, or
command which leads to damage or accessing a computer without
authorization, which leads to significant damages.
6. Knowingly and with the intent to defraud, trafficking a password or similar
information through which a computer may be accessed without
authorization.
12. CFAA in the News
Violating an internet service provider‟s terms of service
agreement is now subject to criminal prosecution.
Cyber bullying – 2008, woman from Missouri charged for
leading a teenage girl to commit suicide via MySpace. Guilty
verdict thrown out on vagueness of the CFAA
Amendment to pending bill approved by U.S. Senate:
Would limit the interpretation of the CFAA. Would not include
violation of a contractual obligation or agreement.
This would protect people for merely violating a contractual
agreement with a web site or their ISP from being subject to
criminal charges (vs. civil charges)
Criminalized conduct also includes: using a fake name on
Facebook, lying about your weight on an online dating profile,
etc.
13. Anonymous (Hacking Group)
“Hactivism”
Target mainly institutions,
organizations, and government
departments that the group protests
against.
Aims to spread a message with
each attack.
Examples: Department of Justice
(after MegaUpload), Colombia‟s Defense
Ministry (arrests made by Interpol)
14. Memorable events:
US Government & Hacking
1999 – President Clinton passes government computer security
initiative
2000 – “I Love You” virus hits the globe
2002 – President Bush creates the Department of Homeland Security.
2005 – NSA illegal wiretapping controversy
2010 – Obama administration ends wiretapping
2010 – Wikileaks controversy
2011- Cyber security legislation goes through Congress
2011 – Foreign hackers steal 24,000 Pentagon files.
15. “I Love You” Virus – May 4,
2000
Email subject line: “I Love You”
Attachment :“LOVE-LETTER-FOR-
YOU.TXT.vbs”
Replaced multimedia files with itself
Sent to everyone in Outlook address
book
Hit 45 million people in one day
OnelDe Guzman and Reomel
Ramones of the Philippines arrested,
then released
BEFORE: malware thought of as
“urban myth”
AFTER: US signs Council of Europe
Cybercrime Treaty to harmonize laws
16. Wikileaks Controversy
Private Bradley Manning
Gave stolen diplomatic memos to WikiLeaks
260,000 files, airstike videos from Iraq and Afghanistan
Replaced music on a Lady Gaga CD with secret
files
Reported by hacker friend Adrian Lamo
Charged in Military Court & staying in medium
security facility.
Pentagon‟s Response
Disable drives prom accessing data
Restricted use of memory devices
Defense Department installed fraud detection
17. Hackers steal Pentagon files –
March 2011
Plans for missile tracking systems, satellite
navigation systems, surveillance drones, and jet
fighters were taken.
Didn‟t say which data system was hacked and
who they suspected.
Other breaches: Lockheed, Martin, RSA Security
New cyber strategy
Tighter defense, collective effort, technological innovation
Military‟s Cyber Command coordinates operations
for computer networks.
Incentives Taken:
National data breach reporting, increased penalties, possible military
action response, cybersecurity (DoD, DHS, and private sector)
18. Questions:
Do you think that the US government should
invest more into preventing hacking?
Do you think cyberspace is a new frontier for
possible terrorist attacks? (i.e. Stuxnet)
Have any of you ever been a victim of
hacking?
Should the CFAA definition be narrowed to
better define what should be punished related
to hacking?
What do you think about the concept of
hactivism? Are there other channels for
19. Bibliography:
"Bush says he signed NSA wiretap order." CNN.com. CNN, 2005. Web. 21 Mar 2012.
http://articles.cnn.com/2005-12-17/politics/bush.nsa_1_wiretaps-constitutional-responsibilities-and-authorities-
national-security-agency?_s=PM:POLITICS
Hamblen, Matt. "Clinton commits 1.46B to fight cyberterrorism." CNN.com. CNN, 1999. Web. 21 Mar 2012.
http://articles.cnn.com/1999-01-26/tech/9901_26_clinton.idg_1_detection-security-cyberterrorists?_s=PM:TECH
"ILOVEYOU virus." TechTarget.com. TechTarget, 2012. Web. 21 Mar 2012.
http://searchsecurity.techtarget.com/definition/ILOVEYOU-virus
Kleinbard, David. "U.S. catches 'Love' virus." CNN.com. CNNMoney, 2000. Web. 21 Mar 2012.
http://money.cnn.com/2000/05/05/technology/loveyou/
Reporter, Staff. "Pentagon Releases Cyberspace Strategy After Hackers Stole 24K Files." IBTimes.com.
International Business Times, 2011. Web. 21 Mar 2012. http://www.ibtimes.com/articles/180746/20110715/united-
states-secretary-of-defense-dod-william-lynn-department-of-defense-pentagon-online-security-d.htm
Shanker, Tom. "Hackers Gained Access to Sensitive Military Files." NYTimes.com. New York Times, 2011. Web.
21 Mar 2012. http://www.nytimes.com/2011/07/15/world/15cyber.html?_r=1&pagewanted=all
"Wikileaks suspect believed to have used CD, memory stick to get past Pentagon security."DallasNews.com. The
Associated Press, 2010. Web. 21 Mar 2012. http://www.dallasnews.com/news/washington/20101130-wikileaks-
suspect-believed-to-have-used-cd-memory-stick-to-get-past-pentagon-security.ece
http://www.wired.com/threatlevel/2011/11/anti-hacking-law-too-broad/
http://www.nytimes.com/2012/01/21/technology/megaupload-indictment-internet-piracy.html?_r=1
http://www.law.cornell.edu/uscode/text/18/1030
Trigaux, R.. "A history of hacking." http://www.sptimes.com/Hackers/history.hacking.html. N.p., 2000. Web. 20
Mar 2012. http://www.sptimes.com/Hackers/history.hacking.html
IT Security Editors, Top 10 most famous hackers of all time. N.p., 2011. Web. 20 Mar 2012.
http://www.focus.com/fyi/top-10-most-famous-hackers-all-time/Broad, W. J., J. Markoff, and D. E. Sanger. "Israeli
Test on Worm Called Crucial in Iran Nuclear Delay." New york times. New York Times, 2011. Web. 20 Mar 2012.
http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html?pagewanted=all