Hacking And Scams - J. Mack Robinson College Of Business
AgendaHacking and ScamsRichard BaskervilleGeorgia State UniversitySystem Attacks Remote or physical access Password guessing Password cracking System AttacksSocial EngineeringGoogle HackingExploitsPayloadsWiFi HackingPhone HackingSocial Engineering
Google HackingDatabase of Exploit QueriesLong EstablishedGHDB Can Execute Queries on GoogleAka “dorks”Source: http://wand.5gbfree.com/passes.txt
Exploits and Malware Vehicles: Delivering Trojan payloadsVirusesSQL InjectionSuckers––––PhishingWeb-page TrojansMalicious executablesImage, music, video TrojansPayloads SpywareRootkitsKeyloggersBotnetsRansomware Buffer overflows and other exploits in image processing orplayback programsSpyware Commonly Browser-Based Attack Sometimes semi-legit– Authorized in EULA– Data for marketing / advertising Malicious add-in, helper code Collect browser data– Account information– Passwords– Browsing habits Modify browser or computer configurationRootkits Permits unauthorized full administrator-levelaccess Hides itself– The files, folders, registry edits, and othercomponents it uses. May hide bundled malicious files
BotnetsKeyloggers Ultimate spyware Record or transfer keystrokes and datastreams Conceal their presence Compromise personal information likepasswords, credit card numbers, banknumbers, etc. Continuously awaits and processescommands received in a client/server mode. Frequently uses IRC chat channels– Higher degree of anonymity– High availability Purposes––––Distributing denial of service attacks (DDOS)SpammingDistributing illegal advertising softwareAbuse of ‘pay per click’ systems (Adwaremodels)– Spread on-demandWiFi HackingRansomware A payload that encrypts files and/or disks on acomputer systems It displays a demand for a ransom to be paid It promises to deliver the decryption key uponpayment of the ransom The ransom is demanded in adigitally untraceable form, suchas bitcoins Wardriving – driving around looking for networks to hack– Aided by GPS Mapping Exploit default configurations Weak Link - one mis-configured access point is enough Security weaknesses– WEP– WPA– WPA-2
WEP 40-bit cipher key simple XORencryption Embeds session key into thepacket stream Attacks– Flipping bits in the cipher streamand watching to see which bitsare flipped in the resultingplaintext– Decrypting ciphertextsencrypted with the samekeystream– Attacker can deduce the cipherkey by repeating the aboveWPA-2 128-bit AES encryption for keys Replaced TKIP with Counter Mode with Cipher BlockChaining Message Authentication Code Protocol (CCMP) Attacks– Man-in-the-middle– Hole-196: Malicious client can spoofs packets from the accesspoint (impersonates the access point)– Sniff network traffic or disrupt serviceWPA 128-bit key Temporal Key Integrity Protocol (TKIP)Key changed on a per-packet basisCrackable in 60 secondsProtocol weakness– On logon, client obtains a session key by exchangingthe hash of the access point's key– Session key is rotated on a per-packet basis for theentire session– Hash salted with the SSID (the name of the wirelessnetwork)– Attackers can derive the key from that hash usingtables of common SSID (“linksys” or “netgear”) andcommon passwordsPhone Hacking Default Pins Social Engineering– “Borrow” device– Reset to default pins Voice Phishing (vishing) SMS/MMS Phishing(smishing)
Smartphone HackingPoS MalwareEg.: Backoff Family Like PCs: Virus, Trojans, etc.Banking Trojans intercepting financial transactionsMalware sending text messages to premium SMS servicesSpyware– The places you go and when– Record & forward phone conversations Malicious Quick Response codes– Matrix bar codes Malicious web sites (normal browsing danger) Functions not all present in all variants Scraping memory for track data– Searches running processes for track data Logging keystrokes–––––Command & control (C2) communicationUploading discovered dataUpdating the malwareDownloading/executing further malwareUninstalling the malware Injecting malicious stub into explorer.exe– Responsible for persistence in the event the maliciousexecutable crashes or is forcefully stoppedUS-CERT Alert TA14-212A (2014) g and ScamsRichard BaskervilleGeorgia State University
WiFi Hacking Wardriving –driving around looking for networks to hack – Aided by GPS Mapping Exploit default configurations Weak Link -one mis-configured access point is enough Security weaknesses – WEP – W
Advance fee fraud 24 False billing 26 3. Door-to-door scams 29 4. Investment and financial scams 35 Financial scams over the phone 36 Misleading share promotions 40 Real estate scams 42 5. Medical scams 45 Miracle cures 46 Weight loss 50 6. Internet scams 53 Spam 54 Modem-jacking 56 Online auctions 58 7. Self-employment scams 61
1988-1998 Mack Series CH Truck Firewall Insultor Panel Exact Reproduction. Leather Grain ABS with Insulation. Part # Description MSRP MACK 8898CH-TAK 1988-1998 Mack CH Series Truck Complete Kit 650 MACK 8898CH-TFK 1988-1998 Mack CH Series Truck Floor Kit 225 MACK 8898CH-TRK 1988-1998 Mack CH Series Truck Roof Kit 171
6 Banking, credit card and online account scams 14 7 Small business scams 16 8 Job and employment scams 18 9 Golden opportunity and gambling scams 20 10 Charity and medical scams 22 Scam delivery methods 24 The scammers’ tool box 27 Beware the personal touch 28 The Golden Rules–top
Hacking Concepts 1.10 What is Hacking? 1.11Who is a Hacker? 1.12 Hacker Classes 1.13 Hacking Phases o Reconnaissance o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Ethical Hacking Concepts 1.14 What is Ethical Hacking? 1.15 Why Ethical Hacking is Necessary 1.16 Scope and Limitations of Ethical Hacking
The little black book of scams. We hope this book will increase your awareness of the vast array of scams that target Australians and teach you some easy steps you can take to protect yourself. Scams do not discriminate Scams target people of all backgrounds, ages
known scams using a text-to-speech synthesizer to generate a speech similar to the real-world scams. To mimic the hu-man voice version of the scams, we recorded human voices speaking the exact same announcement message. Gender: From listening to recordings of actual telephone scams, some used a male voice, and some used a female voice.
La paroi exerce alors une force ⃗ sur le fluide, telle que : ⃗ J⃗⃗ avec S la surface de la paroi et J⃗⃗ le vecteur unitaire orthogonal à la paroi et dirigé vers l’extérieur. Lorsque la
private sectors is ethical hacking. Hacking and Ethical Hacking Ethical hacking can be conceptualized through three disciplinary perspectives: ethical, technical, and management. First, from a broad sociocultural perspective, ethical hacking can be understood on ethical terms, by the intentions of hackers. In a broad brush, ethical
