How to Detect a Hacker AttackMost computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.Windows machines:Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.Unix machines:Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.An Analysis of Hacker MentalityWhy people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: 'because they [computers] are out there'. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.Whatever the reason, as long as computers exists there will be hackers - white hats, black hats and grey hats. And because there is no way of predicting which kind of attack ('curiosity' versus 'malicious') will hit your computer first, it is always best to be prepared for the worst.The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn't want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying 'Hi, I was here, your door was open, but don't mind me and BTW, fix your lock'. If you wouldn't want someone to do this to your house, you wouldn't want someone doing it to your computer. And there is no excuse for doing it to someone else's computer either.Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn't repay the effort or resources expended.Whatever the reasoning, be it 'to help others', 'security heads-up!', 'hooliganism' or 'criminal intent', hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed 'Robin Hoods' and criminals hiding in the dark alleys of cyberspace.History of Hacking-related EventsDecember 1947 - William Shockley invents the transistor and demonstrates its use for the first time. The first transistor consisted of a messy collection of wires, insulators and germanium. According to a recent poll on CNN's website, the transistor is believed to be the most important discovery in the past 100 years.1964 - Thomas Kurtz and John Kemeny create BASIC, one of the most popular programming languages even nowadays.1965 -it's estimated that approximately 20,000 computer systems are in use in the United States. Most of these are manufactured by International Business Machines (IBM).1968 - Intel is founded.1969 - AMD is founded.1969 - The Advanced Research Projects Agency (ARPA) create the ARPANET, the forerunner of the Internet. The first four nodes (networks) of ARPANET consisted of the University of California Los Angeles, University of California Santa Barbara, University of Utah and the Stanford Research Institute.1969 - Intel announces 1K (1024 bytes) RAM modules.1969 - Ken Thompson and Dennis Ritchies begin work on UNICS. Thompson writes the first version of UNICS in one month on a machine with 4KB of 18 bit words. UNICS is later renamed 'UNIX'.1969 - MIT becomes home to the first computer hackers, who begin altering software and hardware to make it work better and/or faster.1969 - Linus Torvalds born in Helsinki.1970 - DEC introduces the PDP-11, one of the most popular computer designs ever. Some are still in use as today.1971 - John Draper, aka as 'Cap'n Crunch' hacks phone systems using a toy whistle from a cereal box.1971 - The first email program is released for the Arpanet. The author is Ray Tomlinson, who decides to use the '@' character to separate the user name from the domain address.1972 - Ritchie and Kerningham rewrite UNIX in C, a programming language designed with portability in mind.1972 - NCSA develops the 'telnet' tool.1973 - Gordon Moore, Intel's chairman postulates the famous 'Moore Law', which states the number of transistors in CPUs will double every 18 months, a law which will stay true for more than 20 years.1973 - FTP is introduced.1974 - Stephen Bourne develops the first major UNIX shell, the 'bourne' shell.1975 - Bill Gates and Paul Allen found Microsoft.1976 - A 21-year old Bill Gates writes 'An Open Letter to Hobbyists', a document in which he condemns open source and software piracy.April 1st, 1976 - Apple Computers is founded.1977 - Billy Joy authors BSD, another UNIX-like operating system.1979 - Microsoft licenses the UNIX source code from AT&T and creates their own implementation, 'Xenix'.1981 - The Domain Name System (DNS) is created.1981 - Microsoft acquires the intellectual property rights for DOS and renames it MS-DOS.1982 - Sun Microsystems is founded. Sun will become famous for its SPARC microprocessors, Solaris, the Network File System (NFS) and Java.1982 - Richard Stallman begins to develop a free version of UNIX which he calls 'GNU', a recursive definition meaning 'GNU's Not UNIX'.1982 - William Gibson invents the term 'cyberspace'.1982 - SMTP, the 'simple mail transfer protocol' is published. SMTP is currently the most widespread method for exchanging messages on the Internet.1982 - Scott Fahlman invents the first emoticon, ''.1983 - The Internet is founded by splitting the Arpanet into separate military and civilian networks.1983 - FidoNet is developed by Tom Jennings. FidoNet will become the most widespread information exchange network in the world for the next 10 years, until the Internet takes over.1983 - Kevin Poulsen, aka 'Dark Dante' is arrested for breaking into the Arpanet.1984 - CISCO Systems is founded.1984 - Fred Cohen develops the first PC viruses and comes up with the now-standard term 'computer virus'.1984 - Andrew Tannenbaum creates Minix, a free UNIX clone based on a modular microkernel architecture.1984 - Bill Landreth, aka 'The Cracker', is convicted of hacking computer systems and accessing NASA and Department of Defense computer data.1984 - Apple introduces Macintosh System 1.0.1985 - Richard Stallman founds the Free Software Foundation.March 15, 1985 - 'Symbolics.com' is registered as the first Internet domain name.November 1985 - Microsoft releases 'Windows 1.0', which sells for $100.1986 - The Computer Fraud and Abuse Act in US adopted.1986 - 'Legion of Doom' member Loyd Blankenship, aka 'The Mentor', is arrested and publishes the now famous 'Hacker's Manifesto'.1988 - The CD-ROM is invented.1988 - IRC is established.November 1988 - Robert Morris launches an Internet worm which infects several thousand systems and clogs computers around the country due to a programming error. This worm is now knows as the Morris worm.1989 - the WWW is developed at CERN labs, in Switzerland.1990 - The Arpanet is dismantled.1990 - Kevin Poulsen hacks a phone system in LA making himself the winner of a Porsche 944 in a radio phone-in.1991 - PGP (Pretty Good Privacy), a powerful, free encryption tool is released by Philip Zimmerman. The software quickly becomes the most popular encryption package in the world.1991 - Rumours appear regarding the computer virus 'Michaelangelo', coded to launch its destructive payload on March 6th.September 17, 1991 - Linus Torvalds releases the first version of Linux.1992 - The 'Masters of Deception' phone phreaking group is arrested due to evidence obtained via wiretaps.1993 - The Mosaic web browser is released.1993 - Microsoft releases Windows NT.1993 - First version of FreeBSD is released.March 23, 1994 - 16-year-old Richard Pryce, aka 'Datastream Cowboy', is arrested and charged with unauthorized computer access.1994 - Vladimir Levin, a Russian mathematician, hacks into Citibank and steals $10 million.1995 - Dan Farmer and Wietse Venema release SATAN, an automated vulnerability scanner, which becomes a popular hacking tool.1995 - Chris Lamprecht, aka 'Minor Threat', is the first person to be ever banned from the Internet.1995 - Sun launches Java, a computer programming language designed to be portable across different platforms in compiled form.August 1995 - Microsoft Internet Explorer (IE) released. IE will become the most exploited web browser in history and a favourite target for virus writers and hackers.August 1995 - Windows 95 is launched.1996 - IBM releases OS/2 Warp version 4, a powerful multi-tasking operating system with a new user interface, as a counter to Microsoft's recently released Windows 95. Despite being more reliable and stable, OS/2 will slowly lose ground and be discontinued a few years later.1996 - ICQ, the first IM, is released.1996 - Tim Lloyd plants a software time bomb at Omega Engineering, a company in New Jersey. The results of the attack are devastating: losses of USD $12 million and more than 80 employees lose their jobs. Lloyd is sentenced to 41 months in jail.1997 - DVD format specifications published.1998 -Two Chinese hackers, Hao Jinglong and Hao Jingwen (twin brothers), are sentenced to death by a court in China for breaking into a bank's computer network and stealing 720'000 yuan ($87'000).March 18, 1998 - Ehud Tenebaum, a prolific hacker aka 'The Analyzer', is arrested in Israel for hacking into many high profile computer networks in US.1998 - CIH virus released. CIH was the first virus to include a payload which wipes the FLASH BIOS memory, rendering computer systems unbootable and invalidating the myth that 'viruses cannot damage hardware'.March 26, 1999 - Melissa virus released.2000 - A Canadian teenage hacker known as 'Mafiaboy' conducts a DoS attack and renders Yahoo, eBay, Amazon.com, CNN and a few other web sites inaccessible. He is later sentenced to eight months in a youth detention center.2000 - Microsoft Corporation admits its computer network was breached and the code for several upcoming versions of Windows were stolen.2000 - FBI arrests two Russian hackers, Alexei V. Ivanov and Vasiliy Gorshkov. The arrests took place after a long and complex operation which involved bringing the hackers to the US for a 'hacking skills demonstration'.July 2001 - CodeRed worm released. It spreads quickly around the world, infecting a hundred thousand computers in a matter of hours.2001 - Microsoft releases Windows XP.July 18th, 2002 - Bill Gates announces the 'Trustworthy Computing' initiative, a new direction in Microsoft's software development strategy aimed at increasing security.October 2002 - A massive attack against 13 root domain servers of the Internet is launched by unidentified hackers. The aim: to stop the domain name resolution service around the net.2003 - Microsoft releases Windows Server 2003.April 29th, 2003 - New Scotland Yard arrest Lynn Htun at a London's InfoSecurity Europe 2003 computer fair. Lynn Htun is believed to have gained unauthorized access to many major computer systems such as Symantec and SecurityFocus.November 6th, 2003 - Microsoft announces a USD 5 million reward fund. The money will be given to those who help track down hackers targeting the software giant's applications.May 7th, 2004 - Sven Jaschan, the author of the Netsky and Sasser Internet worms, is arrested in northern Germany.September 2004 - IBM presents a supercomputer which is the fastest machine in the world. Its sustained speed is 36 trillion operations per second.Major Hackers PersonalitiesThis section contains brief information on some of the most famous hackers, both black and white hats. The individuals below are well known for a variety of reasons: their actions, whether good or bad, their contributions to software and technology development, or their innovative approach, skills and ability to think out of the box.Richard Stallman is known as the father of free software. When Stallman started working at MIT's Artificial Intelligence Lab in 1971 he was confronted with 'non disclosure agreements' and closed program sources while he was hacking and improving system drivers the 'traditional way'. After an interesting battle to obtain the source code of a faulty printer utility, Stallman gave up his job and became the loudest advocate for free computer software, creating GNU and the Free Software Foundation in the process.Dennis Ritchie and Ken Thompson are famous for two major software developments of the 20th century: the UNIX operating system and the C programming language. These two began their carriers at Bell Labs in 1960's, revolutionising the computer world forever with their ideas. While Ken Thompson has retired from the computer world, Dennis Ritchie is still employed at Lucent Technology, working on a new operating system derived from Unix, called 'Plan9'.John Draper, aka 'Cap'n Crunch' is famous for his ability to hack phone systems using nothing but a whistle from the 'Cap'n Crunch' cereal boxes (hence the nickname). Besides being the father of 'phone phreaking', John Draper is also famous for writing what was perhaps the first IBM PC word processor. He now heads his own security venture, developing antispam solutions, thwarting hacker attacks and securing PCs.Robert Morris is famous for creating the first Internet worm in 1988. It infected thousand of systems, and practically brought the Internet to a halt for nearly a day. The 'Morris Worm' was perhaps the first fully automated hacking tool, exploiting a couple of unpatched vulnerabilities on Vax and Sun computers.Kevin Mitnick, possibly the best known case of a 'black hat', was caught by the computer expert Tsutomu Shimomura back in 1995.Kevin Poulsen remains famous for his 1990 hack of the phone system in Los Angeles. This enabled him to become the 102nd caller in a radio-phone and win a Porsche 944. Kevin Poulsen was eventually caught and imprisoned for three years. He now works as a columnist for the online security magazine 'SecurityFocus'.Vladimir Levin, a Russian computer expert, hacked into Citibank and extracted USD $10 million. He was arrested by Interpol in UK, back in 1995 and sentenced to three years in prison, as well as being required to pay USD $240,015 in restitution.Tsutomu Shimomura is a good example of a 'white hat'. He was working for the San Diego Supercomputing Center when Kevin Mitnick broke into his network and stole information on cellular technology and other classified data. Tsutomu started the pursuit for Mitnick which eventually led to his arrest.Linus Torvalds is known as the father of Linux, the most popular Unix-based operating system in use nowadays. Linus started his work on a new operating system in 1991, adopting several controversial technologies for his project, namely the concept of Free Software and GNU's Public License system. He is also known for his early disputes with Andrew Tannenbaum, the author of Minix, which was the inspirational source for Linus' OS project.Hackers and LawGiven that computer hacking is at least three decades old, there has been plenty of time for governments to develop and approve cybercrime laws. At the moment, almost all developed countries have some form of anti-hacking law or legislation on data theft or corruption which can be used to prosecute cyber criminals. There are efforts to make these laws even more stringent, which sometimes raise protests from groups which support the right to freedom of information.Over the past few years, there have been lots of convictions for hacking and unauthorized data access. Here are a few of them:Kevin Mitnick is probably the one of the most famous hacker takedown cases. Mitnick was arrested by the FBI in Raleigh, North Carolina, on February 15th, 1995, after the computer expert Tsutomu Shimomura managed to track him to his hideout. After pleading guilty to most of the charges brought against him, Mitnick was sentenced to 46 months in prison and three years probation. He was additionally sentenced to another twenty-two months for probation violation and additional charges. He was eventually released from prison on January 21, 2000.Pierre-Guy Lavoie, a 22-year-old Canadian hacker, was sentenced to 12 months of community service and placed on probation for 12 months for fraudulently using computer passwords to perpetrate computer crimes. He was sentenced under Canadian law.Thomas Michael Whitehead, 38, of Boca Raton, Florida, was the first person to be found guilty under the Digital Millennium Copyright Act (DMCA). He was prosecuted as part of the Attorney General's Computer Hacking and Intellectual Property program and charged with selling hardware which could be used to illegally receive DirecTV satellite broadcasts.Serge Humpich, a 36 year-old engineer, was sentenced to a suspended prison sentence of 10 months by a ruling issued by the 13th correctional chamber. He also had to pay 12,000 francs (approx. ?1,200) in fines, and symbolic damages of one franc to the 'Groupement des Cartes Bancaires'.On October 10, 2001, Vasiliy Gorshkov, age 26, of Chelyabinsk, Russia, was found guilty of 20 counts of conspiracy, computer crime, and fraud committed against the Speakeasy Network of Seattle, Washington, Nara Bank of Los Angeles, California, Central National Bank of Waco, Texas; and the online payment company PayPal of Palo Alto, California.On July 1, 2003, Oleg Zezev, aka "Alex," a Kazakhstan citizen, was sentenced in a Manhattan federal court to over four years (51 months) in prison following his conviction on extortion and computer hacking charges.Mateias Calin, a Romanian hacker, along with five American citizens, was indicted by a federal grand jury on charges that they conspired to steal more than $10 million in computer equipment from Ingram Micro in Santa Ana, California, the largest technology distributor in the world. Mateias and his network are yet to be convicted for these crimes and face up to 90 years in prison.The list above is simply a brief digest which illustrates how cybercrime legislation has been used across the world against hackers or to convict cybercriminals in general. There are also some cases where people have been wrongly convicted of cybercrime. There are also numerous cases where hackers are still at liberty despite their names and identities being known. However, the number of such cases is being reduced day by day.Cybercrime is here to stay. It is a reality of the 21st century, and the wide availability of the Internet and the insecure systems which come with it have increased the reach of cybercrime. With sufficiently sophisticated legislation, and more international cybercrime treaties such as being adopted, the world is hopefully heading in the right direction, with the long term aim being a safer, more law-abiding cyberspace.
Комментариев нет:
Отправить комментарий