Assignment description for grey hat hackers is “the people

Assignment 2

INFO-6072

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

By: James Rudell | Student Number: 0703914

Due: January 3rd

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

            There are three different types of
hackers; white hat, grey hat, and black hat. White hats are considered the
“good guys.” (White Hat Hacker) Grey hats are the guys who “may violate
ethical standards or principles, but they have no malicious intent.” (Gray Hat Hacker) Black hats are considered
the “bad guys.” (Black Hat Hacker) For a lot of
businesses “the security of their information, systems, and networks might not
be a high priority” (Kissel, 2009); this is at least not a high priority
until it’s too late.

            White hat hackers are the ones you
don’t need to be worried about since they give off no real warning flag to society.
“White hat hackers are usually seen as the hackers who use their skills to
benefit society and businesses.” (White Hat Hacker) White hat hackers have
a positive impact on businesses because they are “learning new things,
protecting the network they are in charge of from intrusion or damage,
maintaining status quo.” (Budden, Lesson 5 Ethics_ Legal
Info 6072, 2017)
White hat hackers are the hackers who also “work with official sanction from
official organizations.” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017) Though for some it
may have started off as a hobby, white hat hackers are the good guys.

            Grey hat hackers may do some
questionable things, but they have no real malicious intent. A great description
for grey hat hackers is “the people who exploit security
vulnerabilities in order to spread public awareness that the vulnerability
exists.” (Gray Hat Hacker) Some people may
think a great example of “a grey hat hacker group is Anonymous” (Knafo, 2011), but in my opinion,
that’s pretty debatable. Another example of grey hat cases is when “in April
2000, a group of hackers known as ‘{}’ and ‘Hardbeat’ gained unauthorized
access to Apache.org. They chose to inform the Apache crew of the problems
rather than try to damage the Apache.org servers” (Grey Hat – Examples) these groups could
have used malicious power on Apache but chose not to. Why hack if it’s not to
get paid for work or a bad reason? Grey hat hackers usually hack for “Fame,
credit for solving challenging network puzzles, more interested in damage than pillage,
hacktivists who deface websites and networks of ‘evil-doers’ (e.g., corporation
involved in fur trade, tobacco sales, abortion) are part of this group.” (Budden,
Lesson 5 Ethics_ Legal Info 6072, 2017) Grey hats may be
questionable but they aren’t really the big threat.

            Black hat
hackers are the hackers who only have malicious intent with no thought after
the fact; in fact, most keep hacking after their first attack. “A black hat
hacker is a person who attempts to find computer security vulnerabilities and
exploit them for personal financial gain or other malicious reasons.” (Black Hat
Hacker)
Black hats hack for “Cash payments, injury to others, may steal trade secrets, credit
card numbers, customer lists, employee lists. They want whatever information
they can find that will generate a profit. They work with unofficial sanction
from official and unofficial organizations.” (Budden, Lesson 5 Ethics_ Legal Info 6072, 2017) A group that stands
out here is “LulzSec.” (LulzSec) The LulzSec group is
a black hat hacker group that’s members were “once apart of Internet Feds, the
rivalry group of Anonymous.” (LulzSec) One of LulzSec’s
most notable attacks was the “Sony attack on the PlayStation Network, which
targeted credit card information on the network” (Hackers Attack Another Sony Network). But, LulzSec didn’t
just steal credit card information, as LulzSec explains it “every bit of data
we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers
in plaintext, which means it’s just a matter of taking it” (Hackers
Attack Another Sony Network). Though LulzSec may
not have stolen money directly from Sony to have financial gain; Sony lost a
lot of money with this network outage.

            All of these
types of hackers impact businesses, just not all in a good way. White hat
hackers have a positive impact on businesses because they protect the networks
of the business. Grey hats have both a positive and negative impact on a
business because yes they report the vulnerability, but they also know of its
existence and could abuse that. Black hats have a negative impact on a business
because they simply have malicious intent with their knowledge of the existing vulnerabilities.

            Why would an attacker want to attack
a social media site? Social media is one of the most used tool and platform out
there to date. The more data the attack has access to or can restrict being
accessed the more value it may have to the attacker. Most social media attacks
also may require the ability to be persuasive and use some form of social engineering.
Social engineering is “the practice of learning and obtaining valuable
information by exploiting human vulnerabilities. People are always the weakest
link.” (Budden, INFO-6072 – Lesson 6 – Reconnaissance and SE , 2017) One of the more
recent attacks was called “The Curious Case of Mia Ash” (Threat, 2017).

            The Mia Ash case happened in early 2017.
This attack was brought forward through an email phishing technique. “The emails used various themes,
but they all contained shortened URLs leading to a macro-enabled Word document.
The macro ran a PowerShell command that attempted to download additional
PowerShell loader scripts for PupyRAT, a research and penetration-testing tool
that has been used in attacks. If you installed PupyRAT, it gave the attacker
full access to the victim’s system.” (Threat, 2017) A PupyRAT is an “open-source
cross-platform remote access Trojan” (Threat, 2017) that’s what the
attack was, but how did it happen?

“On January 13, 2017, the purported
London-based photographer ‘Mia Ash’ used a LinkedIn profile to contact an
employee at one of the organizations that were targeted, stating that they were
inquiring as part of an exercise to reach out to people around the world. Over
the next several days, the individuals exchanged messages about their
professions, photography, and travels. Sometime before January 21, Mia
encouraged the employee to add her as a friend on Facebook and continue their
conversation there, noting that it was her preferred communication method. The
correspondence continued via email, WhatsApp, and likely Facebook until
February 12, when Mia sent a Microsoft Excel document, ‘Copy of Photography
Survey.xlsm,’ to the employee’s personal email account. Mia encouraged the
victim to open the email at work using their corporate email account so the
survey would function properly.” (Threat, 2017) This worked because most
employees didn’t notice until it was too late, that by opening the link “the
survey contained macros that, once enabled, downloaded PupyRAT.” (Threat, 2017) There are several
ways this could have been avoided but they apparently were not implemented at
the time.

This attack could have been prevented by
server-side filtering for the incoming emails. Email addresses and domains can
be restricted to only receive from specified domains. “Messages sent from unauthorized domains—or messages from
listed domains that can’t be verified using Domain Keys Identified Mail (DKIM)
or Sender Policy Framework (SPF) records—are returned to the sender with a
message about the restriction policy” (Restrict Messages to Authorized Addresses or Domains); the same goes for sending. You can force emails to show in
plain text thus removing clickable links; though you are still able to copy and
paste these. “Microsoft Office Outlook 2003 and later versions provide an
option named the Read all standard mail in plain text option. This option lets
you view all e-mail messages in plain text format” (How to View All E-mail Messages in Plain Text Format); though this is for
MS Outlook most mail services should have a method that’s similar. You can even
remove attachments from the emails. One of the ways to achieve this is to
“enable Exchange Server to remove Internet e-mail attachments that have the
following extensions (at which you would specify extensions)” (Remove E-mail
Attachments)
To achieve this “select this check box to remove specified e-mail attachments
from SMTP-based e-mail (e-mail that is received by Exchange server) from the
Internet. This includes POP3 e-mail delivered by the Microsoft Connector for
POP3 Mailboxes. It does not include e-mail attachments sent between two client
computers on the local network.” (Remove E-mail Attachments) This can once again
be achieved similarly with different services. If worst comes to worst a
business could implement something similar to Content Keeper to restrict site
and application access but this should be a last resort.

Since
social media is the most used platform on the internet in this day and age you
need to be extra secure in everything you do. If you receive an email at work
even if it’s by someone you know don’t click it unless you know for sure it is
real. A good technique I use to validate legitimacy is view source; sometimes
the link you see isn’t the link you are clicking on. The other, better
alternative though is to directly ask the sender. With today’s internet, no one
is truly safe.

“Network
scanning refers to the method of using a computer network to gather information
regarding computing systems.” (Network Scanning) Network scanners are
used by administrators, but if administrators or information security analysts
have access to these tools hackers do as well. One of these tools, which let
you scan for various things on the network, is called “SoftPerfect Network
Scanner” (Top 10 Network Scanning Tools)

SoftPerfect’s
tool lets you scan for listening TCP/UDP ports. “Port scanning is the process
in which you send client requests to a range of server port addresses on a
host, with the goal of finding an active port. The majority of people using a
port scanner are not attacking, but rather simply trying to determine service availability
on a remote machine.” (Port Scanning)Transmission Control Protocol or TCP “is
a connection-oriented protocol, which means the connection is established and
maintained until the applications at each end have finished exchanging
messages. It determines how to break application data into packets” (TCP). User Datagram
Protocol or UDP “is an alternative communications protocol to TCP used
primarily for establishing low-latency and loss tolerating connections between
applications on the Internet.” (UDP) TCP limits packet
sizes, and also needs to retransmit lost packets which could slow the speed of
the network down depending on the frequency. UDP, on the other hand, doesn’t
retransmit; you will likely see the dropped packed in the scanner and see why
it was dropped.  “Most networks that use
TCP packets don’t get lost” (UDP)

SoftPerfect
also will allow you to “retrieve information from WMI, SNMP, HTTP, NetBIOS,
etc.” (Top 10 Network Scanning Tools) Windows Management
Instrumentation or WMI “is a set of specifications from Microsoft for
consolidating the management of devices and applications in a network from
Windows computing systems, WMI has been initially installed on all computers
from Windows Millennium Edition (Me) and later.” (WMI) Being able to scan
this will allow you to collect the user’s names, as well as operating system
details, and “security setting details.” (WMI)
Simple Network Management Protocol or SNMP “is the protocol leading network
management and the monitoring of network devices and their functions. SNMP uses
UDP and is not necessarily limited to TCP/IP networks.” (SNMP)
Being able to scan this means you will be able to see the name of the devices
on your network as well as some other details such as IP and MAC. “Network
Basic Input/Output System or NetBIOS “is a program that allows applications on
different computers to communicate within a LAN. It was created by IBM for its
early PC Network but was then adopted by Microsoft, and has since been in
effect in industry standards.” (NetBIOS) Though scanning this
may not seem very useful, it may allow you to monitor something life if a device
is attached to something such as “printer sharing” (Do I Need NetBIOS). Hypertext Transfer Protocol or HTTP
“is the set of rules for transferring files (text, graphic images, sound,
video, and other multimedia files) on the World Wide Web.” (HTTP) If you are scanning
this it will be unencrypted because it is not secure whereas data is encrypted
when HTTPS is used.

            SoftPerfect’s even lets you “identify internal and external IP address ranges.” (Top 10
Network Scanning Tools) Detecting hidden folders may come in
handy as you may have unauthorized IP ranges using your network. Let’s say you
are running on a 172.x.x.x network, but an ex-admin or employee wants revenge
for losing a job. If they had the IP address saved somewhere (for whatever
reason) they could find a way to remote in from a different network and hide a
virus. If that computer was running on a 192.x.x.x network, that should stand
completely out as an unwanted device in the 172.x.x.x IP range.

            Network scanners can come in handy
but can also be malicious. Network scanners are used to look for issues in the
network whether it is connection related, or vulnerability related. If a
network administrator catches an issue or finds out what is causing a reported
issue they will fix it as quick as possible. The only problem is hackers can
use these tools too. For example, if they notice they can send huge packet
sizes they may attempt the ping of death; in which if they have enough people
helping they can crash the server. These tools are really handy when used
properly.

            Internet Control Message Protocol or
ICMP “is the most used protocol in networking technology. As a protocol that
requires no connection, ICMP does not use a port number and works in the
network layer. ICMP is commonly used for diagnosing problems or reporting
errors and right now attackers are abusing the power of ICMP.” (ICMP Attacks) The most common ICMP
attack is “attacking the systems with huge packet sizes, these attacks are ran
on ICMP type 8, required a high bandwidth, can consume enough of its CPU power
for a user to notice a significant slowdown, and these attacks started as a
problem in the 90s. Attacks such as ‘The ping of Death’ and ‘Ping Flooding’ but
firewalls helped prevent ICMP type 8 attacks” (It can Bring You Down) But there’s a new
type of attack out there now; it’s called the BlackNurse Attack. This attack
was different; this attack “didn’t require a high bandwidth, sent normal size
packets, ran on ICMP type 3, resulted in high CPU power, users from LAN-side
can’t surf the internet, and was discovered in 2016.” (It can Bring You Down).

            “Originally the attack was named ‘BlackNurse’
as a joke because two of its principal researchers were a former blacksmith and
a former nurse. The media picked up on this name before it could be changed.” (BlackNurse) The BlackNurse
attack didn’t have any requirements because it “did not rely on a software bug
but on the normal functioning of the ICMP stack. This means any networking
device is vulnerable to be impacted by a flood of BlackNurse packets.” (BlackNurse ICMP DoS Attack) The first thing you
should do is “test your firewall if you can, or check if is on the vulnerable
list” (ICMP Unreachable DoS Attacks aka
BlackNurse)
Next you should “monitor incoming ICMP packets using a tool like Netflow” (ICMP
Unreachable DoS Attacks aka BlackNurse) If need be “deny WAN
access to ICMP type 3; just be sure to allow ICMP type 3 Code 4 (fragmentation
needed) to be received by the firewall.” (BlackNurse Denial of Service Attack)

            Since ICMP will likely always be a
need in network for stuff such as “sending error messages and operational
information indicating, for example, that a requested service is not available
or that a host or router could not be reached” (Internet Control Message Protocol) it will likely be
completely unpreventable as people will always find new ways but it can be
reduced. The best upfront solution would be to disable its ICMP types and codes
that you as a person or business do not need or plan on using.

 

 

 

 

 

 

                    

Bibliography

Black Hat
Hacker. (n.d.). Retrieved December 27, 2017, from Techopedia:
https://www.techopedia.com/definition/26342/black-hat-hacker
BlackNurse. (n.d.).
Retrieved December 29, 2017, from Wikipedia:
https://en.wikipedia.org/wiki/BlackNurse#cite_note-netresec.com-2
BlackNurse
Denial of Service Attack. (n.d.). Retrieved December 29, 2017, from Netresec:
http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack
BlackNurse
ICMP DoS Attack. (n.d.). Retrieved December 29, 2017, from Fortiguard:
https://fortiguard.com/psirt/FG-IR-16-091
Budden, S.
(2017). INFO-6072 – Lesson 6 – Reconnaissance and SE .
Budden, S. (2017).
Lesson 5 Ethics_ Legal Info 6072.
Do I Need
NetBIOS. (n.d.). Retrieved December 29, 2017, from Mmsmvps:

Do I need NetBIOS?


Gray Hat
Hacker. (n.d.). Retrieved December 26, 2017, from Techopedia:
https://www.techopedia.com/definition/15450/gray-hat-hacker
Grey Hat –
Examples. (n.d.). Retrieved December 27, 2017, from Wikipedia:
https://en.wikipedia.org/wiki/Grey_hat#Examples
Hackers Attack
Another Sony Network. (n.d.). Retrieved December 27, 2017, from The Guardian:
https://www.theguardian.com/technology/2011/jun/03/sony-network-hackers-lulzec
How to View
All E-mail Messages in Plain Text Format. (n.d.). Retrieved December 28,
2017, from Microsoft:
https://support.microsoft.com/en-us/help/831607/how-to-view-all-e-mail-messages-in-plain-text-format
HTTP. (n.d.).
Retrieved December 29, 2017, from Techtarget:
http://searchwindevelopment.techtarget.com/definition/HTTP
ICMP Attacks. (n.d.).
Retrieved December 29, 2017, from Infosecinstitute: http://resources.infosecinstitute.com/icmp-attacks/
ICMP
Unreachable DoS Attacks aka BlackNurse. (n.d.). Retrieved December 29,
2017, from Sans:
https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
Internet
Control Message Protocol. (n.d.). Retrieved December 29, 2017, from Wikipedia:
https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
It can Bring
You Down. (n.d.). Retrieved December 29, 2017, from Blacknurse:
http://blacknurse.dk/
Kissel, R.
(2009, October). Small Business Information Security: the Fundamentals.
Retrieved December 26, 2017, from CSRC NIST:
https://csrc.nist.gov/publications/detail/nistir/7621/archive/2009-10-01
Knafo, S.
(2011, June 15). Giving A Face To ‘Anonymous’: A Meeting With A Member Of
The Secret Society Of Hackers. Retrieved December 27, 2017, from
Huffingtonpost:
http://www.huffingtonpost.ca/entry/anonymous-hackers-to-ben-_n_877337
LulzSec. (n.d.).
Retrieved December 27, 2017, from Wikipedia:
https://en.wikipedia.org/wiki/LulzSec
NetBIOS. (n.d.).
Retrieved from Techtarget:
http://searchnetworking.techtarget.com/definition/NetBIOS
Network
Scanning. (n.d.). Retrieved December 29, 2017, from Techopedia:
https://www.techopedia.com/definition/16124/network-scanning
Port Scanning. (n.d.). Retrieved
December 29, 2017, from Techopedia:
https://www.techopedia.com/definition/4059/port-scanning
Remove E-mail
Attachments. (n.d.). Retrieved December 28, 2017, from Microsoft:
https://technet.microsoft.com/en-us/library/cc707926(v=ws.10).aspx
Restrict Messages
to Authorized Addresses or Domains. (n.d.). Retrieved December 28, 2017, from Google:
https://support.google.com/a/answer/2640542?hl=en
SNMP. (n.d.).
Retrieved December 29, 2017, from Techtarget:
http://whatis.techtarget.com/definition/Simple-Network-Management-Protocol-SNMP
TCP. (n.d.).
Retrieved December 29, 2017, from Techtarget:
http://searchnetworking.techtarget.com/definition/TCP
Threat, U. R.
(2017, July 27). The Curious Case of Mia Ash. Retrieved December 28,
2017, from Secure Works: https://www.secureworks.com/research/the-curious-case-of-mia-ash
Top 10 Network
Scanning Tools. (n.d.). Retrieved December 29, 2017, from Intenseschool:

Top 10 Network Scanning Tools


UDP. (n.d.).
Retrieved December 29, 2017, from Techtarget:
http://searchnetworking.techtarget.com/definition/UDP-User-Datagram-Protocol
White Hat
Hacker. (n.d.). Retrieved December 26, 2017, from Techopedia:
https://www.techopedia.com/definition/10349/white-hat-hacker
WMI. (n.d.).
Retrieved December 29, 2017, from Techtarget:
http://searchwindowsserver.techtarget.com/definition/Windows-Management-Instrumentation