Mission critical tasks 13 2008csifbicomputercrime

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: those involving financial fraud (average cost of $500K per reporting institution) The second most expensive incidents was dealing with “bot” or “hacked in” computers in the organization’s network (average cost of $350K) Virus incidents occurred most frequently (at 49% of respondent institutions) Insider abuse was the second most frequent incident 10% of institutions reported DNS incidents 27% reported ‘targeted attacks’ Types of security incidents 2008 CSI Computer Crime and Security Survey 15 Types of security incidents 16 2008 CSI Computer Crime and Security Survey Security technologies used 2008 CSI Computer Crime and Security Survey 17 Security technologies used 18 2008 CSI Computer Crime and Security Survey Historical incidents – The German hacker incident Cliff Stoll was a sysadmin at LBL in August 1986 On his first day, he started investigating a 75 cents accounting discrepancy for CPU time He found out that an account had been created with no billing address More investigation identified the presence of an intruder Instead of cutting out the intruder, Cliff Stoll decided to monitor the intruder in order to find out who he/she was and how he/she was able to gain privileged access 19 The German hacker incident The intruder was using a misconfiguration problem in the Emacs editor Emacs can work as a mailer and it used the “movemail” program to move a user’s inbox from /var/spool/mail to the home directory using interlocking The LBL configuration of /var/spool/mail didn’t allow the program to work as an uprivileged process Therefore the “movemail” program was installed setuid root 20 The German hacker incident In this configuration, movemail allowed anybody to move files to any directory of the system The intruder used the bug to substitue his own copy of the “atrun” program that is executed every 5 minutes to perform scheduled jobs and housecleaning tasks The program ran with administrative privileges After the execution of the operation the legitimate copy would be copied back to hide tracks 21 The German hacker incident The intruder gained administrative privileged and started creating account and backdoor programs The intruder was using the LBL hosts to connect to military systems in the MILNET Military sites and databases were searched for keywords such as “SDI” (Strategic Defense Initiative), “stealth”, “SAC” (Strategic Air Command), “nuclear”, “NORAD” Cliff Stoll called the FBI 22 The German hacker incident With the help of the FBI and of the Bundeskriminalamt (BKA) he was able to trac...
View Full Document

This document was uploaded on 01/22/2014.

Ask a homework question - tutors are online