An Introduction to Hacking and Crimeware

An Introduction to Hacking and Crimeware: A Pocket Guide

VICTORIA LOEWENGART
Copyright Date: 2012
Published by: IT Governance Publishing
Pages: 53
https://www.jstor.org/stable/j.ctt5hh6mx
  • Cite this Item
  • Book Info
    An Introduction to Hacking and Crimeware
    Book Description:

    An Introduction to Hacking Crimeware is a comprehensive guide to the more serious threats. Knowing about these threats will help you understand how to ensure that your computer systems are protected and that your business is safe, enabling you to focus on your core activities. In this pocket guide, the author: defines exactly what crimeware is – both intentional and unintentional – and gives specific, up-to-date examples to help you identify the risks and protect your business, explores the increasing use of COTS tools as hacking tools, exposing the enemy’s tactics gives practical suggestions as to how you can fight back, provides a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

    eISBN: 978-1-84928-329-8
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. PREFACE
    (pp. 5-5)
  3. ABOUT THE AUTHOR
    (pp. 6-6)
  4. ACKNOWLEDGEMENTS
    (pp. 7-7)
  5. Table of Contents
    (pp. 8-8)
  6. INTRODUCTION
    (pp. 9-11)

    “Cyberwarfare” … “Cyberattacks” … “Cyber espionage” – one cannot turn on a television set or open a newspaper without seeing these disturbing headlines. And indeed, the problem is serious. The news about “Stuxnet,”¹ “Night Dragon,”² and “Aurora”³ attacks got the world worried about the vulnerability of global defense and industrial and financial infrastructures. The disruption of these systems could halt not just these institutions, but ultimately impede our entire networked civilization.

    There is a perception that these attacks are carried out by sophisticated, often rogue, state-sponsored forces. While some of this perception is indeed based on reality, such as China’s...

  7. CHAPTER 1: BACKGROUND
    (pp. 12-16)

    The software that is used to disrupt, steal, or manipulate is often referred to as malware, crimeware, or hackware. In this pocket guide these terms will be used interchangeably.

    In recent years there has been an influx of commercially available “attack toolkits” to help wannabe hackers create and propagate their own malware without much technical knowledge of computer programming. The underground environment promotes entrepreneurship and allows buyers to subscribe to attack services or buy attack toolkits in bulk, using online shopping carts and paying via Western Union and PayPal.⁶

    Attack toolkits are usually bundles of software libraries that can be...

  8. CHAPTER 2: CRIMEWARE PRODUCTS
    (pp. 17-24)

    This chapter describes different varieties, and the evolution of, commercially available crimeware: from toolkits to exploit vulnerabilities of operating systems, to malware as a service, to crime accessories of cyber hooligans and thieves.

    In October of 2008, a commercial “Zero Day” attack pack was made available to the Chinese hacking community via a well-known public hacking repository website. The attack pack exploited a Microsoft®Windows®vulnerability, named MS08-067, which could allow remote code execution if an affected system received a specially crafted remote procedure call request.17As soon as this vulnerability became known, the MS08-067 port scanning toolkit with attack...

  9. CHAPTER 3: UNINTENTIONAL CRIMEWARE
    (pp. 25-28)

    This chapter describes the “gray area” software: legitimate commercial software that is made for legitimate, non-criminal purposes, but which can be used by a malicious user to steal, disrupt, and manipulate.

    The creators of SkyGrabber, a small Russian software company named SkySoftware, describe SkyGrabber as:

    offline satellite internet downloader. It accepts free to air (FTA) satellite data (movie, music, pictures) by digital satellite TV tuner card (DVB-S/DVB-S2) and saves information onto a hard disk. So, you’ll get new movie, best music and funny pictures for free.

    You don’t have to keep an online internet connection.41

    It sounds innocent enough, although...

  10. CHAPTER 4: THE PRESENT AND THE FUTURE
    (pp. 29-32)

    “Kill with a borrowed knife” is one of 36 Chinese Stratagems.50Is commercially available malware such a knife? Granted, governments cannot really control what hackers are doing and their entrepreneurial drivers, but can that be influenced?

    Governments, being aware of the strengths and weaknesses of their adversaries, are hurriedly forging cyberwarfare conventions and agreements.51Although everyone is aware of the threat, nobody wants to be engaged in full-blown cyberwarfare with a technically savvy adversary. Besides, engaging in cyberwarfare on a state level may constitute a declaration of war, and conventional warfare, especially among the superpowers, is highly undesirable to all.52...

  11. CHAPTER 5: FIGHTING BACK
    (pp. 33-36)

    Criminal use of malware is in the middle of an evolutionary curve. Their capabilities, target platforms and creative uses are about to enter a period of rapid change and deeper, enhanced infection vectors. Organizations without the capability to identify anomalies in their environment via monitoring tools and honeypot technologies will simply become the most compromised victims in the long term.

    L. Brent Huston, @lbhuston, CEO and Security Evangelist, MicroSolved, Inc.

    Secure software and smart security practices, such as the ones listed below, are the keys to protecting yourself and your system from cyber theft and from becoming a zombie computer...

  12. CONCLUSION
    (pp. 37-39)

    Commercialization of malware evolved into its own underground economy, complete with competing organizations, well-defined business models, and mergers and acquisitions. The phenomenon of having malware construction kits available to anyone creates a continuously morphing geographically and politically distributed attack vehicle that is difficult to detect and defend against.67More people with “criminal intent,” who previously did not have the tools and the know-how to steal and defraud online, now have this ability along with the tools. What is worse, since the ability of releasing malware into cyberspace is accessible to the masses, these masses can be manipulated or persuaded by...

  13. AUTHORITATIVE SOURCES OF INFORMATION
    (pp. 40-41)
  14. BIBLIOGRAPHY
    (pp. 42-50)
  15. ITG RESOURCES
    (pp. 51-53)