Hackers (MIT Assignment) August 21, 2009
Posted by caoile2000 in Assignments (MIT).3 comments
Hacking Issue:
Kevin Mitnick 37 – who pleaded guilty to a series of federal offenses related to a 2½-year computer hacking spree, was sentenced to 46 months in federal prison. He pleaded guilty in March to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. Mitnick’s prolific and damaging hacking career, which made him the most wanted computer criminal in United States history, was ended when he was arrested in North Carolina in February 1995. In a global plea agreement filed in United States District Court in Los Angeles, Mitnick admitted that he broke into a number of computer systems and stole proprietary software belonging to Motorola, Novell, Fujitsu, Sun Microsystems and other companies. Mitnick admitted using a number of tools to commit his crimes, including “social engineering,” cloned cellular telephones, “sniffer” programs placed on victims’ computer systems and hacker software programs. As part of his scheme, Mitnick acknowledged altering computer systems belonging to the University of Southern California and using these computers to store programs that he had misappropriated. He also admitted that he stole E-mails, monitored computer systems and impersonated employees of victim companies, including Nokia Mobile Phones, Ltd., in his attempt to secure software that was being developed by those companies.
Raphael Gray, 19 – He was able to break into the secure systems using just a £800 computer he bought in his home town Clynderwen, Pembrokeshire, Wales. After publishing the credit card info on his webpages Gray posted on the page that law enforcers would never find him “because they never catch anyone. The police can’t hack their way out of a paper bag.” He was dubbed the Bill Gates hacker when he sent Viagra tablets to Gates’ address and then published what he said was the billionaire’s own number. He was tracked down by ex-hacker Chris Davis who was insulted by Gray’s “arrogance”. It took Davis under a day to find Gray which he then forwarded to the FBI, “The FBI was actually quite easy to deal with, although technically, they didn’t really understand what it was I was explaining to them. The local police were also very polite, but they didn’t understand it,” said Davis. Gray was arrested when FBI agents and officers from the local Dyfed Powys Police turned up at the door of his home, which he shared with his mother and two sisters, in March 1999. The sentencing judge ruled that Gray serve 36 months of psychiatric treatment after hearing evidence that he was suffering from a mental condition which needed medical treatment rather than incarceration.
Master of Deception, MOD – was a New York-based hacker group. MOD reportedly controlled all the major telephone RBOC’s and X.25 networks as well as controlling large parts of the backbone of the rapidly emerging Internet. Masters of Deception operated differently in many respects to previous hacking groups. Although they openly shared information with each other, they took a controversial view on sharing information outside the group. It was believed that access to MOD’s knowledge should be earned via degrees of initiation and a proven respect for the craft, rather than releasing powerful information into the wild where it could be used for nefarious purposes. A demonstration of responsibility on the part of the initiate was required. This informal compartmentalized protection of more sensitive knowledge was a structure originally employed by LOD in the 1980s, rather successfully. According to Lex Luthor, “I realized early on that only certain people can be trusted with certain information, and certain types of information can be trusted to no one. Giving out useful things to irresponsible people would inevitably lead to whatever thing it was being abused and no longer useful. I was very possessive of my information and frequently withheld things from my articles.” –Phrack #40 interview, 1/8/1992.
Michael Calce aka MafiaBoy -a high school student from the middle-class suburban area of the West Island in Montreal, Canada who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. Canada’s Youth Criminal Justice Act forbids Canadian news outlets from publication of MafiaBoy’s real name in connection with this incident. Non-Canadian media outlets including USA Today and The Register identified the boy’s father as 45-year-old John Calce because he was arrested simultaneously on unrelated charges. American journalist James Meek and, later, American computer security critic Rob Rosenberger revealed the attacker to be Calce, who was only 15 years old at the time. The U.S. Federal Bureau of Investigation and the Royal Canadian Mounted Police first noticed Mr. Calce when he started claiming in IRC chatrooms that he was responsible for the attacks. He became the chief suspect when he claimed to have brought down Dell’s website, an attack that had not been publicized at that time. Mr. Calce initially denied responsibility but later pled guilty to most of the charges brought against him. His lawyer insisted the child had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy for its lax computer crime laws. The Montreal Youth Court sentenced him on September 12, 2001 to eight months of “open custody,” one year of probation, restricted use of the Internet, and a small fine.
Legion of Doom, LOD - was a very influential hacker group that was active from the 1980s to the late 1990s and early 2000. Their name appears to be a reference to the main antagonists of Challenge of the Superfriends. LOD was founded by the hacker Lex Luthor, after a rift with his previous group the Knights of Shadow (much as the Masters of Deception would later be founded after Phiber Optik had a rift with Chris Goggans and LOD, eventually leading to the Great Hacker War and disbanding of both groups). At different points in the group’s history, LOD was split into LOD and LOD/LOH (Legion of Doom/Legion of Hackers) for the members that were more skilled at hacking than pure phone phreaking. Unlike Masters of Deception there were different opinions regarding what the Legion of Doom was. LOD published the Legion of Doom Technical Journals and regularly contributed to the overall pool of hacking knowledge and information, while causing no direct harm to the phone systems and computer networks they took over. On the other hand, many LOD members were raided, charged and in some cases successfully prosecuted for causing damage to systems and reprogramming phone company computers (Grant, Darden and Riggs, etc). While the “Bellsouth” case could be construed as exploration of the phone system, with claims that no real damage was done, there are other former LOD members such as Corey A. Lindsly (a.k.a. Mark Tabas) who were clearly interested in for-profit computer crime, with no goal except personal gain.
Virus (MIT Assignment) August 21, 2009
Posted by caoile2000 in Assignments (MIT), Computer Virus.add a comment
Virus Issue:
MORRIS WORM 
The Morris worm or Internet worm was one of the first computer worms distributed via the Internet. It is considered the first worm and was certainly the first to gain significant mainstream media attention. It also resulted in the first conviction in the US under the 1986 Computer Fraud and Abuse Act.[1] It was written by a student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988 from MIT.
It is usually reported that around 6,000 major Unix machines were infected by the Morris worm. Paul Graham has claimed that
“I was there when this statistic was cooked up, and this was the recipe: someone guessed that there were about 60,000 computers attached to the Internet, and that the worm might have infected ten percent of them.”
The U.S. GAO put the cost of the damage at $10M–100M.
The Morris worm prompted DARPA to fund the establishment of the CERT/CC at Carnegie Mellon University to give experts a central point for coordinating responses to network emergencies.[5] Gene Spafford also created the Phage mailing list to coordinate a response to the emergency.
Robert Morris was tried and convicted of violating the 1986 Computer Fraud and Abuse Act. After appeals he was sentenced to three years probation, 400 hours of community service, and a fine of $10,000.
The Morris worm has sometimes been referred to as the “Great Worm”, because of the devastating effect it had upon the Internet at that time, both in overall system downtime and in psychological impact on the perception of security and reliability of the Internet. The name derives from the “Great Worms” of Tolkien: Scatha and Glaurung.
Robert Morris was tried and convicted of violating the 1986 Computer Fraud and Abuse Act. After appeals he was sentenced to three years probation, 400 hours of community service, and a fine of $10,000.
NIMDA
The Nimda is a computer worm, and is also a file infector. It quickly spread, eclipsing the economic damage caused by past outbreaks such as Code Red. Multiple propagation vectors allowed Nimda to become the Internet’s most widespread virus/worm within 22 minutes.
The worm was released on September 18, 2001. Due to the release date, some media quickly began speculating a link between the virus and Al Qaeda, though this theory ended up proving unfounded.
Nimda affected both user workstations (clients) running Windows 95, 98, Me, NT, 2000 or XP and servers running Windows NT and 2000.
The worm’s name spelled backwards is “admin“.
F-Secure found the text “Concept Virus(CV) V.5, Copyright(C)2001 R.P.China” in the Nimda code.
Nimda was so effective partially because it—unlike other infamous malware like the Morris worm or Code Red—uses five different infection vectors:
- via email
- via open network shares
- via browsing of compromised web sites
- exploitation of various Microsoft IIS 4.0 / 5.0 directory traversal vulnerabilities. (Both Code Red, and Nimda were hugely successful exploiting well known and long solved vulnerabilities in the Microsoft IIS server.)
- via back doors left behind by the “Code Red II” and “sadmind/IIS” worms.
I LOVE YOU VIRUS
The ILOVEYOU was a computer worm that hit numerous computers in 2000, when it was sent as an attachment to an email message with the text “ILOVEYOU” in the subject line. The worm arrived in e-mail boxes on May 4, 2000, with the simple subject of “ILOVEYOU” and an attachment “LOVE-LETTER-FOR-YOU.TXT.vbs”. Upon opening the attachment, the worm sent a copy of itself to everyone in the user’s address list, posing as the user. It also made a number of malicious changes to the user’s system.
Such propagation mechanism had been well known (though in IBM mainframe rather than in the MS Windows environment) and used already in the Christmas Tree EXEC of 1987, which brought down a large fraction of the world’s mainframes at the time.
Two aspects of the worm made it effective:
- It relied on social engineering to entice users to open the attachment and ensure its continued propagation.
- It exploited the weakness of the email system design that an attached program could be run easily by simply opening the attachment; the underlying mechanism – VBScript – had not been exploited to such a degree previously to direct attention to its potential, thus the necessary layers of protection were not yet in place.
Its massive spread moved westward as workers arrived at their offices and encountered messages generated in the Philippines. Because the worm used mailing lists as its source of targets, the messages often appeared to come from an acquaintance and might be considered “safe”, providing further incentive to open them. All it took was a few users at each site to access the VBS attachment to generate the thousands and thousands of e-mails that would cripple e-mail systems under their weight, not to mention overwrite thousands of files on workstations and accessible servers.
The worm began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), causing about $5.5 billion in damage. By 13 May 2000, 50 million infections had been reported. Most of the “damage” was the labor of getting rid of the worm. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the worm, as did most large corporations.
This particular malware caused widespread damage. The worm overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the worm to everyone on a user’s contact list. Because it was written in Visual Basic Script, this particular worm only affected computers running the Microsoft Windows operating system. While any other computer accessing e-mail could receive an “ILOVEYOU” e-mail, only Microsoft Windows systems would be infected.
The alleged authors of the worm were reported to be Filipinos. Siblings Irene and Onel de Guzman of Manila; Irene’s boyfriend, Reomel Lamores, who was briefly held in May 2000 in connection with the worm outbreak; and Michael Buenafe, a fellow student of de Guzman at AMA. Onel finally came forward but denied writing the worm, although he said he may have inadvertently been responsible for its release. As there were no laws in the Philippines against malware-writing at the time, he was released and in August the prosecutors dropped all charges against him. The original charges brought up against her dealt with the illegal use of passwords for credit card and bank transactions.
MELISSA WORM
The Melissa worm, also known as “Mailissa”, “Simpsons“, “Kwyjibo“, or “Kwejeebo”, is a mass-mailing macro virus. As it is not a standalone program, it is not in fact a worm.
First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the virus. Melissa was not originally designed for harm, but it overloaded servers and caused unplanned problems.
Melissa was first distributed in the Usenet discussion group alt.sex. The virus was inside a file called “List.DOC”, which contained passwords that allow access into 80 pornographic websites. The virus original form was sent via e-mail to many people.
Melissa was written by David L. Smith in Aberdeen Township, New Jersey, and named after a lap dancer he encountered in Florida. The creator of the virus called himself Kwyjibo, but was shown to be identical to macrovirus writers VicodinES and Alt-F11 who had several Word-files with the same characteristic Globally Unique Identifier (GUID), a serial number that was earlier generated with the network card MAC address as a component. Smith was sentenced to 20 months in a federal prison and fined $5,000 United States dollars.[1] This arrest was a result of collaboration between the FBI, New Jersey State Police and Monmouth Internet. Smith would later go on to help the FBI in tracking down Jan de Wit, the Dutch creator of the Anna Kournikova Computer virus.
CONFICKER VIRUS 
Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has more than five million computers now under its control — government, business and home computers in more than 200 countries, according to the New York Times. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.
The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting a vulnerability in a network service (MS08-067) on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 Beta. While Windows 7 may have been affected by this vulnerability, the Windows 7 Beta was not publicly available until January 2009. Although Microsoft released an emergency out-of-band patch on October 23, 2008 to close the vulnerability, a large number of Windows PCs (estimated at 30%) remained unpatched as late as January 2009. A second variant of the worm, discovered in December 2008, added the ability to propagate over LANs through removable media and network shares. Researchers believe that these were decisive factors in allowing the worm to propagate quickly: by January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Antivirus software vendor Panda Security reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with Conficker.
Recent estimates of the number of infected computers have been more notably difficult because of changes in the propagation and update strategy of recent variants of the worm.
