Chapter 7:

Computer and
Network Security

1-1
Chapter Overview
• Introduction
• Hacking
• Malware
• Cyber crime and cyber attacks
• Online voting
7.1 Introduction
• Computers getting faster and less expensive
• Utility of networked computers increasing
– Shopping and banking
– Managing personal information
– Controlling industrial processes
• Increasing use of computers  growing importance of computer
security
1-2

1-2
Hacking-Hackers, Past and Present
• Original meaning of hacker: explorer, risk taker, system innovator.
– MIT’s Tech Model Railroad Club in 1950s:
– A “hack” was a newly constructed piece of equipment that not only
served a useful purpose but also demonstrated its creator’s technical
virtuosity.
– In 1959 “hacker” came to mean a “person who delights in having an
intimate understanding of the internal workings of a system, computers
and networks in particular”.
• 1960s-1980s: Focus shifted from electronics to computers and networks:
– 1983 movie WarGames: a teenager breaks into a military computer and
nearly causes a nuclear Armageddon.
– Influnced teenagers to think about hacking.
• Modern meaning of hacker: someone who gains unauthorized access to
computers and computer networks.

1-3

1-3
Obtaining Login Names, Passwords
• Eavesdropping:
– Shoulder surfing
• Dumpster diving:
– Looking into garbage
• Social engineering:
– Manipulation of a person inside the organization to gain access to
confidential information.
– For example, a hacker may call a system administrator, pretending
to be the supervisor of his supervisor and demanding to know why
he can’t access a particular machine.
– Forces to reveal or reset a password.
• Password Guessing through statistical and mathematical
methods.
1-4

1-4
Password Dos and Don’ts
• Do not use short passwords.
• Do not use a word from the dictionary. A dictionary attack uses a
preselected library of words and phrases to guess possible passwords.
• Do not rely on substituting numbers for letters: (e.g., replacing “E”
with “3”). Password-cracking programs know these tricks.
• Do not reuse passwords.
• Give ridiculous answers to security questions: What is your pet’s
name? Ford Fiesta.
• Enable two-factor authentication if available: When you log in, the
system will send a text message with a confirmation code.
• Have password recoveries sent to a secure email address: Have these
messages sent to an account you never use to send email.

1-5

1-5
Computer Fraud and Abuse [CFA] Act
• Under US law, the penalties for hacking are severe. The CFA Act
criminalizes a wide variety of hacker-related activities, including:
– Transmitting code (such as a virus or worm) that damages a
computer.
– Accessing any Internet-connected computer without authorization
– Transmitting classified government information.
– Trafficking in computer passwords.
– Computer fraud: using a computer to take or alter electronic data,
or to gain unlawful use of a computer or system.
– Computer extortion: is the act of demanding payment through the
use of some malicious activity against a victim, such as data
compromise.
• Maximum penalty: 20 years in prison and $250,000 fine.
1-6

1-6
Some More Useful Acts
• Electronic Communications Privacy Act
• Internet fraud can be prosecuted under the Wire Fraud Act
and/or the National Stolen Property Act.
• Identity Theft & Assumption Deterrence Act

Sidejacking
• Sidejacking: hijacking of an open Web session by capturing a user’s
cookie.
• Sidejacking possible on unencrypted wireless networks because
many sites send cookies “in the clear”.
• Internet security community complained about sidejacking
vulnerability for years, but ecommerce sites did not change practices.

1-7

1-7
Some related Incidents
• 2003 University of Kansas incident: A haker broke into computers
and copied personal files of 1450 foreign students.
– The files contained names, Social Security numbers, passport numbers,
countries of origin, and birth dates.
• 2005 University of Nevada incident: Hacker copied personal
information of 5000 students.
• March 2005: Attack on online admission software Applyonline used
by 6 top business schools:
– Exposed the bug that could lead to show the application status.
– Published on Business Week online forum.
– However, it was fixed in 9 hours and CMU, Harvard and MIT did not
admit those who accessed the system.
• A hacker gained access to the Sesame Street channel on YouTube
in October 2011, changed the home page, and replaced the videos
with pornographic material.
– Shut Down by google in 22 mins.
1-8

1-8
Ukrain-Russia Cyber War
• On February 23, 2022, the websites of several Ukrainian
banks and government departments became inaccessible.
• At the same time wiper attack, which destroys data on
infected machines, was discovered being used against
Ukrainian public and private organisations.
• "Another mass DDoS attack on our state [has] begun,"
Ukraine's Digital Transformation Minister, Mykhailo
Fedorov, wrote on Telegram.

1-9

9
 Russia-Ukrain war is not NEW
• In 2015, Russian government hackers breached the Ukrainian
power grid, leading to widespread outages.

• In 2017, Russia deployed the notorious NotPetya malware via

Ukrainian accounting software.
– The virus quickly spread across the globe costing businesses billions
of dollars in damage and disruption.

• In the months that followed the NotPetya attacks, many

people speculated that Ukraine served as a sort of “testing
ground” for Russia’s cyberwar capabilities and that those
capabilities were only growing in their sophistication and reach.

• Russia has proven time and again that it has few compunctions
about targeting critical infrastructure and causing considerable
collateral damage through acts of cyber aggression.
1-10

10
Case Study: Firesheep
• October 2010: Eric Butler released Firesheep extension to Firefox
browser as free, open-source software for Mac OS X and Windows
– “Websites have a responsibility to protect the people who depend on
their services. They’ve been ignoring this responsibility for too long, and
it’s time for everyone to demand a more secure web. My hope is that
Firesheep will help the users win” said Butler.
• Firesheep made it possible for ordinary computer users to easily
sidejack Web sessions.
• More than 500,000 downloads in first week.
• Attracted great deal of media attention.
• Early 2011: Facebook and Twitter announced options to use their
sites securely

1-11

1-11
 Ethical Evaluation

Act Utilitarian Analysis

• Release of Firesheep led media to focus on security problem.
• Benefits were high: a few months later Facebook and Twitter made
their sites more secure.
• Harms were minimal: no evidence that release of Firesheep caused
big increase in identity theft or malicious pranks.
• Conclusion: Release of Firesheep was good.

1-12

1-12
Virtue Ethics Analysis
• By releasing Firesheep, Butler helped public understand lack of security on
unencrypted wireless networks.
• Butler’s statements characteristic of someone interested in protecting
privacy.
• Butler demonstrated courage by taking responsibility for the program.
• Butler demonstrated benevolence by making program freely available.
• His actions and statements were characteristic of someone interested in the
public good
Kantian Analysis
• Accessing someone else’s user account: an invasion of privacy and is
wrong.
• Butler provided a tool that made it much simpler for people to do something
that is wrong, so he has some moral accountability for their misdeeds.
• Butler was willing to tolerate short-term increase in privacy violations in
hope that media pressure would force Web retailers to add security.
• He treated victims of Firesheep as a means to his end.
• It was wrong for Butler to release Firesheep. 1-13

1-13
Malware
Any software intentionally designed to cause damage to a computer, server,
client, or computer network.
1. Viruses
• Virus: Piece of self-replicating code
embedded within another program (host)
• Viruses associated with program files
– Hard disks, floppy disks, CD-ROMS
– Email attachments
• How viruses spread
– Diskettes or CDs
– Email
– Files downloaded from Internet

One Way a Virus Can Replicate

1-14

1-14
Email Attachment with Possible Virus

There are "innocent" viruses and

Malicious viruses.

How an Email Virus Spreads 1-15

1-15
Antivirus Software Packages
• Allow computer users to detect and destroy viruses
• Must be kept up-to-date to be most effective
• Many people do not keep their antivirus software packages up-to-date
• Consumers need to beware of fake antivirus applications
VIRUS WORM TROJAN HORSE
Virus is a software or computer program Trojan Horse rather than replicate
that connect itself to another software or Worms replicate itself to cause slow capture some important information
computer program to harm computer down the computer system. about a computer system or a computer
system. network.
But Trojan horse does not replicate
Virus replicates itself. Worms are also replicates itself.
itself.
Like worms, Trojan horse can also be
Virus can’t be controlled by remote. Worms can be controlled by remote.
controlled by remote.
And spreading rate of Trojan horse is
While spreading rate of worms are
Spreading rate of viruses are moderate. slow in comparison of both virus and
faster than virus and Trojan horse.
worms.
The main objective of virus to modify The main objective of worms to eat The main objective of Trojan horse to
the information. the system resources. steal the information.
Trojan horse executes through a
Viruses are executed via executable Worms are executed via weaknesses in
program and interprets as utility
files. system.
software. 1-16

1-16
2. Worm
• Self-contained program
• Spreads through a computer network
• Exploits security holes in networked computers

How a Worm Spreads

1-17

1-17
The Internet Worm [Case Study]
• Robert Tappan Morris, Jr. a Graduate student at Cornell
o Explored bugs in 3 Unix applications: ftp, sendmail, and fingerd.
o On 2/11/1988, a fix for the ftp bug was posted on internet
o Released worm program onto Internet from MIT computer simply
to see if it could be done.
• Effect of worm
o Spread to significant numbers of Unix computers at military
installations, medical research facilities, and universities.
o His Friends emailed the Fixes but could not get attention as got
routed through Brown University computer & was having no
subject line.
o Infected computers kept crashing or became unresponsive
o Took a day or 2 for fixes to be published.
• Impact on Morris
o Suspended from Cornell, 3 years’ probation + 400 hours
community service and $150,000 in legal fees and fines. 1-18

1-18
Ethical Evaluation
• Kantian evaluation
– Morris used others by gaining access to their computers without
permission.
• Social contract theory evaluation
– Morris violated property rights of organizations.
• Utilitarian evaluation
– Benefits: Organizations learned of security flaws.
– Harms: Time spent by those fighting worm, unavailable
computers, disrupted network traffic, Morris’s punishments.
• Virtue ethics evaluation
– Morris selfishly used Internet as experimental lab.
– He deceitfully released worm from MIT instead of Cornell.
– He avoided taking responsibility for his actions.
• Morris was wrong to have released the Internet worm.

1-19

1-19
3. Sasser
• The Sasser worm, launched in April 2004, exploited a previously
identified security weakness with PCs running the Windows
operating system.
• Infected 18 million computers, unusable and disrupted operations at
Delta Airlines, the European Commission, Australian railroads, and
the British coast guard
• The effects of the worm were relatively benign; infected computers
simply shut themselves down shortly after booting.
Impact on the creator
• A student pointed finger on German teenager Sven Jaschan, after
Microsoft announced 250,000 euros reward.
• Sven confessed,
• Sven was tried in a juvenile court and sentenced to one and a half
years’ probation and 30 hours of community service
1-20

1-20
 4. Instant Messaging Worms
• Two early worms to strike instant messaging systems were Choke
and Hello, which appeared in 2001.
• Worms were less devastating back then, because only about 141
million people used instant messaging.
• Today more than 800 million people rely on instant messaging, so the
impact of worms can be much greater.

• In 2005 Kelvir worm forced the Reuters news agency to remove

60,000 subscribers from its Microsoft-based instant messaging
service for 20 hours.
• In 2010 a variant of the Palevo instant messaging worm rapidly
spread through Romania, Mongolia, and Indonesia.

1-21

1-21
5. Conficker Worm
• Conficker (a.k.a. Downadup) worm appeared 2008 on Windows
computers with not up-to-date security patches from Microsoft.
• Early in 2009, 8-15 million computers were infected with Conficker,
including portions of military networks in France, UK and Germany.
• Particularly difficult to eradicate, Millions of copies of worm were
circulating.
• Purpose of worm still unknown.
• Still spreading but no great harm.
6. Cross-site Scripting
• Another way malware may be downloaded without user’s knowledge.
• Problem appears on Web sites that allow people to read what others
have posted.
• Attacker injects client-side script into a Web site.
• Victim’s browser executes script, which may steal cookies, track
user’s activity, or perform another malicious action. 1-22

1-22
7. Drive-by Downloads
• Unintentional downloading of malware caused by visiting a
compromised Web site.
• Also happens when Web surfer sees pop-up window asking
permission to download software and clicks “Okay”.
• Google Anti-Malware Team says 1.3 percent of queries to Google’s
search engine return a malicious URL somewhere on results page.

8. Trojan Horses and Backdoor Trojans

• Trojan horse: Program with benign capability that masks a sinister
purpose. It also performs actions unknown to, and not in the best
interests of, the user such as stealing the password.
• Backdoor Trojan: Trojan horse that gives attack access to victim’s
computer
1-23

1-23
9. Rootkits
• Rootkit: A set of programs that provides privileged access to a
computer.
• Activated every time computer is booted.
• Uses security privileges to mask its presence and installed even
before Completion of booting.
10. Spyware and Adware
• Spyware: Program that communicates over an Internet connection
without user’s knowledge or consent.
– Monitor Web surfing
– Log keystrokes
– Take snapshots of computer screen
– Send reports back to host computer
• Adware: Type of spyware that displays pop-up advertisements
related to user’s activity.
• Backdoor Trojans often used to deliver spyware and adware.
1-24

1-24
11. Bots
• Bot: A kind of backdoor Trojan that responds to commands
sent by a command-and-control program on another computer.
• First bots supported legitimate activities:
– Internet Relay Chat
– Multiplayer Internet games
• Other bots support illegal activities:
– Distributing spam
– Collecting person information for ID theft
– Denial-of-service attacks
Botnets and Bot Herders
• Botnet: Collection of bot-infected computers controlled by the same
command-and-control program.
• Some botnets have over a million computers in them.
• Bot herder: Someone who controls a botnet.
1-25

1-25
12. Defensive Measures
Three defensive measures are important in protecting PCs from
malware: security patches, antimalware tools, and firewalls.
1.Security patches: Software that correct errors in computer software
code. They are issued to address vulnerabilities discovered in the
company's product.
2.Anti-malware tools: Software to scan hard drives, detect files that
contain viruses or spyware, and delete these files
3.Firewall: Is a security device — computer hardware or software.
It can help protect the network by filtering traffic and blocking
outsiders from gaining unauthorized access to the private data on
your computer.

1-26

1-26
Cyber Crime and Cyber Attacks
• The Internet plays a vital role in the economic life of all nations. Its
infrastructure is an attractive target for politically motivated attacks
• There are three common Internet-based attacks.

1-Phishing and Spear-phishing

• Phishing: Large-scale effort to gain sensitive information from naive
computer users. An attacker sends out millions of email messages
from a botnet. The messages inform the recipients that one of their
accounts has been compromised and directs them to connect to a Web
site to resolve the problem.
– At least 67,000 phishing attacks globally in second half of 2010.
– New development: phishing attacks on Chinese e-commerce sites.
• Spear-phishing: Variant of phishing in which email addresses chosen
selectively [e.g. Elderly People] to target particular group of
recipients.
1-27

1-27
 2-SQL Injection

• Method of attacking a database-driven Web application with improper

security.
• Attack inserts (injects) SQL query into text string from client to application.
• Application returns sensitive information.

3-Denial-of-service and Distributed Denial-of-

service Attacks
• Denial-of-service attack: Intentional action designed to prevent
legitimate users from making use of a computer service.
• Aim of a DoS attack is not to steal information but to disrupt a
server’s ability to respond to its clients
• Distributed denial-of-service attack: DoS attack launched from many
computers, such as a botnet from a bot herder.
1-28

1-28
Cyber Crime
• Criminal organizations making significant amounts of money
from malware.
• We discuss 4 incidents of cybercrime in this section.
• Jeanson James Ancheta: In 2004 and 2005, Internet cafe
employee Jeanson James Ancheta created a network of
about 400,000 bots, including computers operated by the US
Department of Defense(DoD).
• Adware companies, spammers, and others paid Ancheta
for the use of these computers.
• Ancheta was arrested by FBI and in May 2005 was
sentenced to 57 months prison and fine $15000 in leu of
DoD computer infecting.
• He was also forced to forfeit his 1993 BMW, $60000 and
his computer equipment.
1-29

1-29
The Rise and Fall of Blue Security Part I: The Rise

• Blue Security: An Isreali company selling a spam restriction system

• Blue Frog bot would automatically respond to each spam message
with an opt-out message. It means the recipient is opting (choosing)
to take themselves off your texting communications.
• Spammers started receiving hundreds of thousands of opt-out
messages, disrupting their operations.
• 6 of 10 of world’s top spammers agreed to stop sending spam to users
of Blue Frog.

1-30

1-30
The Rise and Fall of Blue Security Part II: The Fall
• One spammer (PharmaMaster) started sending Blue Frog users 10-
20 times more spam.
• PharmaMaster then launched DDoS attacks on Blue Security and its
business customers.
• Blue Security could not protect its customers from DDoS attacks
and virus-laced emails.
• Blue Security reluctantly terminated its anti-spam activities.

1-31

1-31
Albert Gonzalez
• In 2010 AG sentenced to 20 years of imprisonment on charges
of an SQL injection attack to steal more than 130 million credit
and debit card numbers.
– Some of the credit and debit card numbers were sold online, leading to
unauthorized purchases and bank withdrawals.
• The main targets were restaurant and supermarkets.
– Heartland Payment Systems estimated its losses at $130 million.
The Avalanche Gang
• A criminal enterprise responsible for massive phishing attacks.
– The Anti-Phishing Working Group (APWG) estimated the Gang was
2/3rd of all phishing attacks till the second half of 2009.
– APWG noticed in 2nd half of 2010, the Gang nearly ceased its phishing
attacks.
– APWG speculated that Gang is propagating spam that tricks people into
downloading the Zeus Trojan horse.
1-32

1-32
Politically Motivated Cyber Attacks [368]
• Estonia (2007) [368§4]
• Georgia (2008) [369]
• Georgia (2009)
• Exiled Tibetan Government (2009)
• United States and South Korea (2009)
• Iran (2009)
• Espionage attributed to People’s Liberation Army
• Anonymous

1-33

1-33
Attacks on Twitter and Other Social Networking Sites
• Massive DDoS attack made Twitter service unavailable for several
hours on August 6, 2009.
• Three other sites attacked at same time: Facebook, LiveJournal, and
Google.
• All sites used by a political blogger from the Republic of Georgia.
• Attacks occurred on first anniversary of war between Georgia and
Russia.
Fourth of July 2009 Attacks
• DDoS attack on governmental agencies and commercial Web sites in
United States and South Korea.
• Attack may have been launched by North Korea in retaliation for
United Nations sanctions.

WhatsApp, Facebook, Instagram are down Oct 5, 2021

1-34

1-34
Supervisory Control and Data Acquisition (SCADA) Systems
• Industrial processes require constant monitoring.
• Computers allow automation and centralization of monitoring.
• Today, SCADA systems are open systems based on Internet Protocol.
– Less expensive than proprietary systems.
– Easier to maintain than proprietary systems.
– Allow remote diagnostics.
• Allowing remote diagnostics creates security risk.

SCADA Systems Carry

Security Risks.

1-35

1-35
Stuxnet Worm (2009)
• Attacked SCADA systems running Siemens software.
• Targeted five industrial facilities in Iran that were using centrifuges
to enrich uranium.
• Caused temporary shutdown of Iran’s nuclear program.
• Worm may have been created by Israeli Defense Forces.
Cyber Espionage Attributed to People’s Liberation Army - The regular
armed forces of China
• Hundreds of computer security breaches in more than a dozen
countries investigated by Mandiant (US Computer Security Firm).
• Report released in 2013 after a decade of investigation.
• Hundreds of terabytes of data stolen.
• Mandiant blamed Unit 61398 of the People’s Liberation Army
• China’s foreign ministry stated that accusation was groundless and
irresponsible. 1-36

1-36
Anonymous Ano
• Anonymous: is a loosely organized international movement n
of hacktivists “hackers whose activity is aimed at promoting
a social or political cause.”
• Various DDoS attacks attributed to Anonymous members

Year Victim Reason

2008 Church of Attempted suppression of Tom Cruise interview
Scientology
2009 RIAA, MPAA Recording Industry Association of America, Motion
Picture Association of America’s attempt to take down
the Pirate Bay
2009 PayPal, VISA, Financial organizations freezing funds flowing to Julian
MasterCard Assange of WikiLeaks
2012 U.S. Dept. of U.S. Dept. of Justice action against Megaupload
Justice, RIAA,
MPAA
2013 Israeli Websites On Holocaust Memorial Day to protest the Israeli 1-37
treatment of the Palestinians
1-37
Online Voting
Motivation for Online Voting
• 2000 U.S. Presidential election closely contested.
• Florida pivotal state
• Most Florida counties used keypunch voting machines.
• Two voting irregularities traced to these machines
– Hanging chad.
– “Butterfly ballot” in Palm Beach County.

The Infamous
“Butterfly Ballot”.

1-38

1-38
Benefits of Online Voting
• More people would vote.
• Votes would be counted more quickly.
• No ambiguity with electronic votes.
• Cost less money.
• Eliminate ballot box tampering.
• Software can prevent accidental over-voting.
• Software can prevent under-voting.
Risks of Online Voting
• Gives unfair advantage to those with home computers.
• More difficult to preserve voter privacy.
• More opportunities for vote selling.
• Obvious target for a DDoS attack.
• Security of election depends on security of home computers.
• Susceptible to vote-changing virus or RAT.
• Susceptible to phony (Illegal) vote servers.
• No paper copies of ballots for auditing or recounts. 1-39

1-39
Utilitarian Analysis
• Suppose online voting replaced traditional voting
• Benefit: Time savings
– Assume 50% of adults actually vote.
– Suppose voter saves 1 hour by voting online.
– Average pay in U.S. is $21.00 / hour.
– Time savings worth $10.50 per adult American.
• Harm of DDoS attack difficult to determine
– What is probability of a DDoS attack?
– What is the probability an attack would succeed?
– What is the probability a successful attack would change the outcome of
the election?
Kantian Analysis
• The will of each voter should be reflected in that voter’s ballot.
• The integrity of each ballot is paramount.
• Ability to do a recount necessary to guarantee integrity of each ballot.
• There should be a paper record of every vote.
• Eliminating paper records to save time and/or money is wrong. 1-40
1-40
Conclusions
• Existing systems are highly localized.
• Widespread tainting more possible with online system.
• No paper records with online system.
• Evidence of tampering with online elections.
• Relying on security of home computers means system
vulnerable to fraud.
• Strong case for not allowing online voting.

1-41

1-41