Electronic Sabotage

From Edupage 12/14/94
"An Ernst & Young/Information Week magazine survey found 54% of companies reported some form of financial loss over the past 24 months as a result of computer problems such as malicious acts or system crashes, including 17% reporting losses as high as $250,000. (Toronto Financial Post 12/15/94 p.6)"

Trojan Horse

Example: The Cookie Monster


Logic Bomb - (time bomb)


Virus


Virus - Brief History


How Does a Virus Work?


Virus Structure

A single program can have more than one virus attached.

Types of Viruses


Moving from Place to Place


Types of Virus Damage


Naming Viruses

Authors do not generally name or take credit for their work

Those who discover the virus name it based on:


How to Prevent Viral Infection

No way to prevent viruses that is both foolproof and practical - that is, is not counter productive in other ways.

The most effective strategy is to combine:

General guidelines regarding prevention of viral infection:


Anti-viral Programs - Three Basic Forms

1. Monitor the activities of executing programs

2. Monitors program files on disk

3. Identifies infection by specific viruses


Retroviruses - viruses that fight back

A Retrovirus is a computer virus that specifically tries to by-pass or hinder the operation of an anti-virus program or programs.

For more detailed information on viruses see Virus FAQ - Frequently Asked Questions


Worm

Many uses of the term

  1. optical media: Write Once Read Many times (WORM drive)

  2. software: a program that will erase files or memory under certain conditions

  3. networks: several segments - each running on a separate network workstation. When a segment is lost (machine rebooted) other worm segments replace it on another workstation. (distributed computing)


Worms as Software Protection

A program written by a software publisher that will invoke a penalty if unauthorized use of the program is detected


Worms on Networks

A worm is an autonomous agent capable of propagating itself without the use of another program or any overt action by a person

Worms are found primarily on networks of computers that are capable of multitasking (running more than one program concurrently)

The prevention, detection, and eradication of unauthorized worms is the responsibility of the system and network support staff, rather than of the typical system user


Authorized Worms


Unauthorized Worms

The Internet Worm of November 1988 - come and gone in about a week
Source [Denning, 1990, pp. 191-281].
What exactly did the worm do?

What was the impact of the Internet worm?

Who is Morris and what happened to him?

Intruders

An intruder is some entity accessing/using a system beyond their authority. It may be human, or it may not.


Crackers

A "cracker" is someone who persistently gets his/her kicks from breaking into other peoples computer systems, for a variety of reasons. S/He may pose some weak justification for doing this, usually along the lines of "because it's possible", but most probably does it for the "buzz" of doing something which is illicit/illegal, and to gain status amongst a peer group.

[Source: Alec Muffett, USENET Computer Security FAQ]


Example 1:

In 1986, an intruder broke into computers in the San Francisco area including:

The intruder left behind recompiled login programs to simplify his return

The goal was to achieve a high score on the number of systems cracked

Source: [Reid, 1987]

Example 2:

In 1987, tracing an apparently innocuous 75 cent accounting error revealed an intruder who had given himself an account on the Lawrence Berkeley Lab's computer system

The account was traced to a West German programmer who was copying documents from military computers attached to the MILNET

The documents were sold to the KGB

Source: [Stoll, 1989] The Cuckoo's Egg

Example 3

"CRACK JOB -The Gartner Group's William Malik says that one of his clients, a large manufacturing company lost a $900 million dollar to a competitor which had apparently cracked into the company's computers and learned about its bid. (Newsweek 2/6/95 p.36)"
Source: Edupage 1/31/95

For more information on Intruders see the Almost Everything you Wanted to Know about Security FAQ


Trap Door - (back door)

An entry point into a computer system that bypasses the normal security measures

A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (e.g., special "random" key sequence at a terminal) [Source: U.S. Department of Defense, "Trusted Computer System Evaluation Criteria", Glossary, CSC-STD-001-83]

Trap doors are frequently exploited by intruders


Firewalls

A firewall is any one of several ways of protecting one network from another untrusted network. The actual mechanism whereby this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.

Why would I want a firewall?

What can a firewall protect against?

What can't a firewall protect against?

[Source: Fwalls-FAQ@tis.com]

CERT - Computer Emergency Response Team

Source: [Fithen and Fraser, 1994]


Further Reading


This page is being written and maintained as part of an experiment into the use of World Wide Web as a source of educational material. We would be interestedto receive comments and suggestions for either changes or additional material. Please email us with your thoughts.


Prepared and maintained by:
Carol E. Brown (brownc@bus.orst.edu)
and
Alan Sangster (a.sangster@abdn.ac.uk)
Page last updated January 8th, 1995.
Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.


Prepared and maintained by:
Carol E. Brown (brownc@bus.orst.edu)
and
Alan Sangster (a.sangster@abdn.ac.uk)
Page last updated February 10th, 1995.