Tips on TippingHacking Lecture (Online) – 4.15.17Hacking Culture- Videoso Bones video Computer exploded – - What we think: someone hacking system- Reality: Bone had pattern engraved into it, messing up compo CSI: NY Corneal imaging- Get reflection from girl’s eye Stupidity of realityo NCIS ID’d a body, hacked computer – screens popping up everywhere 2 ppl typing on a keyboard doesn’t make it go faster To make it stop = unplugged it- Digital immigrant; doesn’t work that way- If in system, doesn’t stop themo Suzy digital camera Picture when crime scene happening Enhancing pic diff parts Rep of modern crime drama- Free & Open Source (FOSS)o This software gives users the right to use, copy, study, change, and improve its design through the availability of its source code Richard Stallman Linux Kernel- Linus Torvalds- Maximum tinkering & customization- Types of Hackerso Black Hat: breaks security simply to show off their skills or engage in criminal activityo Gray Hat: someone w/ hacking skills who is neither altruistic or completely a criminalo White Hat: breaks security for altruistic and/or non-malicious reasons- Can hackers be heroes? Videoo Hacking got a bad name in the 60s when this interacted w/ comps Unserious things on it – video games Software / hardware hackingo True diversity of hackers Have to get their hands on it, if they see something broken.. they want to get their hands on ito National extension of protestso For a better society To help those after a storm Show how govt works Trying to promote a positive social change- Hacking Techniques/ strategieso Hacking is about accomplishing taskso Targeting Hacker tries to determine what the target iso Research & info gathering Hacker will visit to get info that’ll help gain access Dumpster diving – goes thru user’s garbage (physical & digital) Often take pics of whole space o Finishing the attack Eliminate preliminary target Usually get caught here If someone thinks they’re getting hacked, let out fake info (honey pot)o Techniques; Password cracking – brute force / dictionary attack- “bit strength”- Try all letters in alphabet to figure it out - Best thing to hack into someone’s space Spam / fraud (Nigerian scam)- Spam – unsolicited sending of bulk email- Fraud – misrep a fact to generate losso Profitable by a push of the buttono Smart ppl usually don’t report it, just delete but want dumb people to think someone’s really in pain Spoofing (Phishing)- When a prog mascaraed as another oneo Looks legit and takes you to a site that looks exactly like it Didn’t pay attention to WHO sent it to you Denial-of-service Attack (DDoS)- Overloading a site so it won’t work anymoreo Bc ppl cant use a site, if it’s down Trojan- Named after myth Trojan horse- Inside a program, it could have a backdoor to something else - Must be manually executed by a user Virus/ Worm- Spreads throughout comps- Ppl will build in malicious code into Microsoft word / excel- Viruses can spread themselves- Worm – replicates itself, then shuts down your computer bc it cant handle the info trying to run through Scareware or ransomware- Gets into comp and immediately lockdown your comp; shows a msgs saying that it has been locked and only way to unlock is to pay a ransomo Some infiltrate hospitals, get into MRi or Catscans Cant throw away machine, so they just payo Vigilance Spyware (keyloggers)- They monitor you- Log all the diff strokes you use on comp or phone- Most common when you have physical access to device- Ex) Infrared thermal case o Leaves heat signature o Touch all keys when putting in code4.17.17Killswitch 2014 – video- Hacker manifestoo Called criminalso Real crime is not about smarting anotherHacking Hacktivist – a person who hacks in pursuit of political ends or as protest (white, black, gray)o Anonymous  DDoS attack *main one they use* Ex) script kitties (group)o Aaron Swartz Fm 12 yo he has been helping make the world a better place Guerrilla open access manifesto- Free access to information- Killed himself bc govto “too influential” Computer Abuse & Fraud Act- Since he has died people have been trying to pass the ”Aaron Law” Alexandra Elbakyan- She followed his foot steps- Believe all info should be free and accessible - Her site - Library Genesis: gen.lib.rus.eco Kim Dotcom All about moneyo Edward Snowden Wikileakso Created by Julian Assangeo Largely built on Tor network and Jacob Applebaumo Has taught us about Iraq/Afghan (Chelsea “Bradley” Manning) Guantanamo Bay Prison (Manning) Trans-Pacific Partnership Papers- Kept secret for 10 yrs- Got hands on paper and released them to the world DNC Hack of John Podesta4.19.17Why Social Engineering should be your Biggest Security Concern- Most recent security and privacy breaching had less to do with bad passwords and more to do with social engineering- Social engineering o Technique to get around security systems or any type of system, not by breaking throughit or exploiting vulnerabilities in the syst itself, but to exploit them in the humans around the system Convince a tech support agent to reset the password and give it to youo An essential form of hacking Works around/ outside existing systems to obtain a desired result Can be used for fun, steal identities, violate people’s privacy, and cause serious harm  Ex) Mat Honan – who had identity stolen bc of support reps @ Apple/ Amazon- Celeb photo leaks- Most interesting/scariest part – this kind is relatively easy given a little research into your targeto Most successful methods involve never letting your target know until it’s too late- Why you should pay attn. to SE attackso Passwords are passe Should be using a pw manager, know how to audit PW and that pw managers are still best option even if they appear to be a single pt / failure Most hackers aren’t interested in just pw anymoreo Most identities are being used for spam Bc identities are only as good as the info they store or have access to it Malicious hackers looking for targets w/ valuable info they can use, exploit or sell- How to protect yourself fm SE attackso Never give out confidential infoo Safeguard even inconsequential info about yourself Use the most obscure, nuanced questions availableo Lie to security questions, remember your lies Make