CoSc 4171: Computer Security

Woldia University, Faculty of Technology

Chapter 2
Lecture Notes
Computer Security Threats and Attacks

Name of Instructor: Sebahadin Nasir

Prepared by: Dr. Mulugeta L. (Addis Ababa University, Department of Computer Science)
Customized By: Sebahadin Nasir (MSc) (Woldia University, Department of Computer Science)
Computer Security Threats and Attacks
2.1 Threats and Attacks
A computer security threat is a potential violation of security; it is any person, act,
or object that poses a danger to computer security/privacy
The violation need not actually occur for there to be a threat
ƒThe fact that the violation might occur means that those actions that could cause it
to occur must be guarded against (or prepared for)and those actions are called
attacks
ƒThose who execute such actions, or cause them to be executed, are called attackers
ƒThe computer world is full of threats; viruses, worms, crackers, etc.
ƒAnd so is the real world; thieves, pick-pockets, burglars, murderers, drunk drivers,
…

ƒ
Note: the terms threat and attack are commonly used to mean more or less
the same thing
2
Computer Security Threats and Attacks
Types of threats
 ƒDisclosure: unauthorized access to information (also called
snooping or Interception)
◦ ƒe.g., Snooping: unauthorized interception of information
 ƒDeception: acceptance of false data (modification, spoofing,
repudiation of origin, denial of receipt)
◦ ƒe.g., Modification: unauthorized change of information; Denial of receipt
 ƒDisruption: interruption or prevention of correct operation
◦ ƒe.g., Modification: unauthorized change of information
 ƒUsurpation: unauthorized control of some part of a system
◦ e.g., Identity theft; Denial of service

3
Computer Security Threats and Attacks
2.1 Threats and Attacks
 What do you do in real life?
◦ You learn about the threats
◦ What are the threats
◦ ƒHow can these threats affect you
◦ What is the risk for you to be attacked by these threats
◦ How you can protect yourself from these risks
◦ How much does the protection cost
◦ What can you do to limit the damage in case you are attacked
◦ ƒHow can you recover in case you are attacked
 Then, you protect yourself in order to limit the risk but to continue to live
your life
You need to do exactly the same thing with computers!ƒ

4
Computer Security Threats and Attacks
Types of attacks: 1st way of categorizing attacks is as passive and active
 Passive Attacks
◦ ƒA passive attack attempts to learn or make use of information from the
system but does not affect system resources
◦ There are two types of passive attacks: release of message contents (or
sniffing) and traffic analysis
◦ ƒRelease of message contents: A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential
information; we would like to prevent an opponent from learning the
contents of these transmissions
◦ ƒIt is also called interception: An attack on confidentiality

5
Computer Security Threats and Attacks
Passive Attacks

 Friends and Enemies: Alice, Bob, Trudy

6
Computer Security Threats and Attacks
Passive Attacks
Trafficanalysis: to determine the location and identity of
communicating hosts and to observe the frequency and length of
messages being exchanged (even if the message is encrypted). This
information might be useful in guessing the nature of the
communication that was taking place

7
Computer Security Threats and Attacks
Passive Attacks
Packet sniffer: a program that records a copy of every packet that flies by
including such sensitive information as passwords, trade secrets, private personal
messages, etc.
ƒSniffed packets can then be analyzed offline for sensitive information
ƒBroadcast media (Ethernet LANs and wireless LANs) are the most vulnerable
Sniffers can also be planted at an institution’s router and copy all packets going
to/from the organization
ƒPacket sniffer software are freely available and some are commercial; e.g.,
Wireshark software is a (free) packet sniffer; others include etherfind, tcpdump,
and network management utilities such as SnifferPro
ƒIt is usually difficult to detect passive attacks because they do not involve any
alteration of the data

8
Computer Security Threats and Attacks
Passive Attacks
 Snooping
◦ ƒSnooping is a passive attack; it is unauthorized interception of information,
e.g., passive wiretapping (not necessarily physical wiring)
◦ It is a form of disclosure
ƒActive Attacks
◦ ƒAn active attack attempts to alter system resources or affect their operation
 ƒThe transmitted data is fully controlled by the intruder
 ƒThe attacker can modify, extend, delete or play any data
◦ ƒThis is quite possible in TCP/IP since the frames and packets are not
protected in terms of authenticity and integrity (more later in Chapter 4 -
Network Security Concepts and Mechanisms)

9
Computer Security Threats and Attacks
Categories of Active Attacks
1. Spoofing or Masquerading: also called fabrication: An attack on
authenticity
2. Modification or Alteration: An attack on integrity
3. Delay: Could be classified as an attack on availability
4. Denial of Service (DOS) or degrading of service or Interruption:
An attack on availability

10
Computer Security Threats and Attacks
Categories of Active Attacks
1. Spoofing or Masquerading
 ƒA situation in which one person or program successfully imitates
another (impersonation) by falsifying data and thereby gaining an
illegitimate advantage
 ƒIt lures a victim into believing that the entity with which it is
communicating is a different entity. For example, if a user tries to log
into a computer across the Internet but instead reaches another computer
that claims to be the desired one

11
Computer Security Threats and Attacks
Categories of Active Attacks
Itis a form of both deception and usurpation
Note: Delegation is a form of Masquerading that occurs when one entity
authorizes a second entity to perform functions on its behalf and is not a
violation of security
Common examples of spoofing
◦ IP spoofing: the ability to inject packets to the Internet with a false source address; then the
receiver performs some commands embedded in the packet’s payload (say modifies its
forwarding table)
◦ DNS spoofing
 Changing the DNS information so that it directs to a wrong machine
◦ URL spoofing/Webpage phishing
 A legitimate web page such as a bank's site is reproduced in "look and feel" on another server under
control of the attacker (More later in Section 2.3)
◦ E-mail address spoofing
12
Computer Security Threats and Attacks
Categories of Active Attacks
2. Modification or Alteration
ƒAn unauthorized change of information
ƒCovers three classes of threats
◦ Deception: if some entity relies on the modified data to determine which action to take
◦ ƒDisruption and usurpation: if the modified data controls the operation of the system
◦ ƒActive wiretapping is a form of modification in which data moving across a network is
altered

13
Computer Security Threats and Attacks
Categories of Active Attacks
 An example is the man-in-the-middle attack, in which an intruder reads
messages from the sender and sends (possibly modified) versions to the
recipient

3. Delay
 ƒA temporary inhibition of a service
 ƒIs a form of usurpation
 ƒIf an attacker can force the delivery to take more time for a message through
manipulation of system control structures, such as network components or
server components
14
Computer Security Threats and Attacks
Categories of Active Attacks
4. Denial of Service (DOS) or degrading of service attack
 ƒAttackers make resources (server, bandwidth) unavailable to
legitimate traffic by overwhelming with bogus traffic
 It is blocking access (prevention) of legitimate users to a
service/system
 ƒIs a form of usurpation
 ƒThe denial may occur at the source (by preventing the server from
obtaining the resources needed to perform its function), at the
destination (by blocking the communications from the server), or
along the intermediate path (by discarding messages from either the
client or the server, or both)
15
Computer Security Threats and Attacks
Categories of Active Attacks
 Any device has operational limits (workload)
 ƒA workload for a computer system may be defined by the number of
simultaneous users, the size of files, the speed of data transmission, or the
amount of data stored
 If you exceed any of those limits, the excess load will stop the system from
responding. For example, if you can flood a web server with more requests
than it can process, it will be overloaded and will no longer be able to
respond to further requests
 Distributed DoS: attacking a target (victim) by many computers called
Zombies (or Slaves which are members of a botnet) simultaneously with
large number of packets since just one machine is not going to adversely
affect the target (or can be easily traced); how many machines to use to deny
service depends on the capacity of the target
16
Computer Security Threats and Attacks
Categories of Active Attacks
ƒ

 Examples
◦ ƒE-mail bombing: flooding someone's mail store
◦ ƒSmurf attack: sending a “ping” multicast or broadcast with a spoofed IP
of a victim. The recipient will respond with a “pong” to the victim
◦ ƒThere had been reports of incidences of distributed denial of service
attacks against major sites such as Amazon, Yahoo, CNN and eBay
17
Computer Security Threats and Attacks
Categories of Active Attacks
 ƒCommon DDOS tools used
◦ TFN (Tribal Flood Network) and Stacheldraht (means barbed wire in German)
• „-l 65000 buffer size
• -t continue until
=> Simple illustration of DoS attack (from Easttom) stopped (Ctrl-C)

18
Computer Security Threats and Attacks
Types of Threats/Attacks – 2nd way of categorizing attacks
ƒ Physical Attack(Covered in Chapter 1 )
◦ Stealing, breaking or damaging of computing devices
 ƒDenial of Service (DoS) Attack
◦ ƒAlready Covered
 ƒMalware Attack
◦ ƒA generic term for software that has malicious purpose
 ƒHacking (Intrusion) Attack
◦ ƒHacking: is any attempt to intrude or gain unauthorized access to your
system either via some operating system flaw or other means. The purpose
may or may not be malicious

19
Computer Security Threats and Attacks
Types of Threats/Attacks – 2nd way of categorizing attacks
There are three groups of hackers
ƒA white hat hacker, upon finding some flaw in a system, will report the flaw
to the vendor of that system (probably anonymously) and explain exactly
what the flaw is and how it was exploited. White hat hackers, also called
Sneakers, are often hired specifically by companies to do penetration tests.
The EC Council even has a certification test for white hat hackers, the
Certified Ethical Hacker test.
ƒA black hat hacker is the person normally depicted in the media. Once s/he
gains access to a system, her/his goal is to cause some type of harm. S/he
might steal data, erase files, etc. Black hat hackers are sometimes referred to
as crackers. Cracking is hacking conducted for malicious purposes
ƒA gray hat hacker is normally a law-abiding citizen, but in some cases will
venture into illegal activities
20
Computer Security Threats and Attacks
Types of Threats/Attacks – 2nd way of categorizing attacks
ƒScript Kiddies
ƒA hacker is an expert in a given system, as with any profession it includes
its share of frauds
So what is the term for someone who calls himself or herself a hacker but
lacks the expertise?
ƒThe most common term for this sort of person is script kiddy
ƒThe name comes from the fact that the Internet is full of utilities and scripts
that one can download to perform some hacking tasks
Phreaking
ƒOne specialty type of hacking involves breaking into telephone systems
ƒIt is “the action of using mischievous and mostly illegal ways in order to not
pay for some sort of telecommunications bill, order, transfer, or other
service” 21
Computer Security Threats and Attacks
2.2 Malware Attack
ƒExamples are
 ƒViruses

ƒWorms
ƒTrojan horses
ƒSpywares
ƒLogic bombs
ƒVirus
“A program fragment that replicates and hides itself inside other programs
usually without your knowledge.”
Similar to a biological virus: replicates and spreads by its own
Damage varies on what the writer thinks

22
Computer Security Threats and Attacks
2.2 Malware Attack
ƒWorm
ƒAn independent program that reproduces by copying itself from one
computer to another (usually through networks)
ƒIt can do as much harm as a virus
ƒIt often creates denial of service
ƒNote: the classification of a malware as a virus or a worm is not universally
agreed upon
Trojan Horse
ƒAncient Greek tale of the city of Troy and the wooden horse which was full
of soldiers
A Trojan horse, appearing to be benign software, may secretly download a
virus or some other type of malware on to your computers
23
Computer Security Threats and Attacks
2.2 Malware Attack
ƒSpyware
“A software that literally spies on what you do on your computer”
ƒExamples
Cookies: Any data that the cookie saves can be retrieved by any website, so your entire
Internet browsing history can be tracked
ƒKey Loggers: record all of your keystrokes; the most common use of a key logger is to
capture usernames and passwords
ƒLegal Uses of Spyware
ƒEmployers may use spyware as a means of monitoring employee use of company
technology
ƒParents may use this type of software on their home computer to monitor the activities of
their children on the
Internet to protect their children from online predators

24
Computer Security Threats and Attacks
2.2 Malware Attack
Adware: a piece of spyware that downloads to your PC when you
visit certain websites. It is benign in that it causes no direct harm to
a system or files, nor does it gather sensitive information from a PC.
However, it is incredibly annoying as it saturates a machine with
unwanted ads
For a list of known spyware products on the Internet and for
information about methods one can use to remove them, visit the
Counter exploitation website at www.cexx.org
The Spyware Guide website (www.spywareguide.com) also lists
spyware that you can get from the Internet

25
Computer Security Threats and Attacks
2.2 Malware Attack
Logic bomb
Software that lays dormant until some specific condition is met; that
condition is usually a date and time; when the condition is met, the software
does some malicious act such as deleting files, altering system configuration,
or perhaps releasing a virusƒ
Bacteria or Rabbit
A bacterium or a rabbit is a program that absorbs all of some class of
resource

26
Computer Security Threats and Attacks
2.2 Malware Attack
ƒA Nonvirus Virus or a hoax
ƒAnother new type of virus
ƒRather than actually writing a virus, a perpetrator sends an e-mail to every
address he has. The e-mail claims to be from some well-known antivirus
center and warns of a new virus that is circulating. The e-mail instructs
people to delete some file from their computer to get rid of the virus. The
file, however, is not really a virus but part of a computer’s system
Some people could even e-mail their friends and colleagues to warn them to
delete such a file from their machines

27
Computer Security Threats and Attacks
2.2 Malware Attack
ƒThe following piece of code could exhaust disk space
while true do
{
mkdir x
chdir x
}
ƒOther Forms of Malware
ƒMore on scam, identity theft, phishing in Section 2.3
Read about the following: Rootkit, Malicious Web-Based Code, e-payment
frauds, and Spam
28
Computer Security Threats and Attacks
2.2 Malware Attack
ƒ Most software based attacks are viruses/worms: How do they
work? Or what are the major steps?
1. Infection (Mechanisms)
◦ First, the virus should search for and detect objects to infect
◦ Installation into the infectable object
 ƒWriting on the boot sector (but becoming outdated)
 ƒScan the computer for connections to a network, then copy itself to other
machines on the network to which the infected computer has access

29
Computer Security Threats and Attacks
2.2 Malware Attack
 ƒRead your email address book and email itself to everyone in your address
book
 ƒAdd some code to executable programs
 Add some code to initialization/auto-executable programs
 Write a macro in a word file, etc.
ƒThe term virulent is a measure of how rapidly the infection
spreads and how easily it infects new targets
2. Trigger Mechanisms
◦ƒDate
◦Number of infections
◦First use
30
Computer Security Threats and Attacks
2.2 Malware Attack
3. Effects (or Payload): It can be anything
◦ ƒ In general, once a virus is on a system, it can do anything that any
legitimate program can do
◦ ƒ Displaying a message
◦ ƒ Deleting files
◦ ƒ Formatting the hard disk
◦ ƒ Overloading the processor/memory
◦ ƒ Changing system settings
◦ ƒ etc.

31
Computer Security Threats and Attacks
2.2 Malware Attack
Who Writes Viruses?
◦ Adolescents
 Ethically normal and of average/above average intelligence
 Tended to understand the difference between what is right and wrong
 Typically do not accept any responsibility for problems caused
◦ College Students
 ƒEthically normal
 Despite expressing that what is illegal is “wrong”
 Are not typically concerned about the results of their actions related to
their virus writing

32
Computer Security Threats and Attacks
2.2 Malware Attack
Who Writes Viruses? (… cont’d)
◦ ƒ Adults (smallest category)
 Ethically abnormal
◦ ƒUnfounded Rumors:
 Software companies to discourage copying,
 Anti-virus developers to sell their software, etc.

33
Computer Security Threats and Attacks
2.2 Malware Attack
ƒ Anti-Virus
◦ ƒThere are
 Generic solutions: e.g., Integrity checking
 ƒ Virus specific solutions: e.g., Looking for known viruses
ƒThree categories
◦ ƒ Scanners: to look for a signature (or pattern) that matches a
known virus
◦ ƒ Activity monitors: If the program behaves in a way consistent
with virus activity
◦ ƒ Change detection software
34
Computer Security Threats and Attacks
2.2 Malware Attack
Functions of anti-viruses
◦ ƒIdentification of known viruses
◦ Detection of suspected viruses
◦ Blocking of possible viruses
◦ Disinfection of infected objects
◦ Deletion and overwriting of infected objects

35
Computer Security Threats and Attacks
2.2 Malware Attack
ƒTips for Avoiding Viruses and Spyware
◦ Use a virus scanner such as McAfee, Norton, Kaspersky, AVG, etc.
◦ If you are not sure about an e-mail attachment, do not open it
◦ Do not believe “security alerts” that are sent to you. For instance,
Microsoft does not send out alerts in this manner
◦ Check antivirus websites regularly; You can read more about any
virus, past or current, at the following websites:
 ƒwww.f-secure.com/virus-info/virus-news/
 www.cert.org/nav/index_red.html
 http://securityresponse.symantec.com/
 http://vil.nai.com/vil/
36
Computer Security Threats and Attacks
2.3 Internet Fraud
ƒReasons for the popularity of Internet fraud
◦ ƒCommitting an Internet fraud does not require the technical
expertise that hacking and virus creation require
◦ There are a great number of people engaging in various forms of
online commerce, and this large amount of business creates a great
many opportunities for fraud
ƒScam
◦ Sending out an email that suggests that you can make an outrageous
sum of money with a very minimal investment
(e.g., the Nigerian fraud)
37
Computer Security Threats and Attacks
2.3 Internet Fraud
ƒIdentity theft
◦ For one person to take on the identity of another
◦ ƒUsually attempted to make purchases
◦ But identity theft can be done for other reasons, such as obtaining
credit cards in the victim’s name, or even driver’s licenses, e-
payment frauds, etc.

38
Computer Security Threats and Attacks
2.3 Internet Fraud
ƒPhishing
◦ ƒOne of the more common ways to accomplish identity theft
◦ ƒIt is the process of trying to induce the target to provide you with
personal information
◦ ƒe.g., the attacker sends out an email claiming to be from a bank,
and telling recipients that there is a problem with their bank
account. The email then directs them to click on a link to the bank
website where they can login and verify their account. However, the
link really goes to a fake website set up by the attacker. When the
target goes to that website and enters his information, he will have
just given his username and password to the attacker
39
Computer Security Threats and Attacks
2.3 Internet Fraud
Read about the following:
 Investment Advice,
 Auction Frauds(Shill Bidding, Bid Shielding, Bid Siphoning),
 Cyber Stalking

40
Computer Security Threats and Attacks
2.3 Internet Fraud
ƒ Reading Assignment before next class
ƒ Read about DES (Data Encryption Standard) and
understand the algorithm so that our next classes become
smooth
The best source of information is William Stallings,
Cryptography and Network Security Principles and Practice,
Prentice Hall, 5th edition, 2011. Pages 77-85

41
 CoSc 4171: Computer Security
Woldia University, Faculty of Technology, Department of Computer Science

Summary and revision session on :

Prepared by: Dr. Mulugeta L. (Addis Ababa University, Department of Computer Science)
Customized By: Sebahadin Nasir (MSc) (Woldia University, Department of Computer Science)