Axa Assurance Maroc - Insurer Innovation Award 2024
yoda at rotary_pune_club
1. How Hackers Get Into
Your System
By
Antriksh Shah
null The Open Security Community
2. Introduction to Hackers
Refers to a person who enjoys learning the details
of computer systems and to stretch his/her
capabilities
Refers to a person who uses his hacking skills for offensive purposes
Hacking
Describes the rapid development of new programs or the reverse
engineering of the already existing software to make the code better and
more efficient
4. Steganography
Greek Words:
STEGANOS – “Covered”
GRAPHIE – “Writing”
Steganography is the art and science of writing hidden
messages in such a way that no one apart from the
intended recipient knows of the existence of the message.
This can be achieve by concealing the existence of
information within seemingly harmless carriers or cover
Carrier: text, image, video, audio, etc
5. Ancient Steganography
Demeratus in 440 BC sent a warning about a
forthcoming attack to Greece by writing it on a wooden
panel and covering it in wax.
Histiaeus, who shaved the head of his most trusted
slave and tattooed a message on it. After his hair had
grown the message was hidden. The purpose was to
instigate a revolt against the Persians.
6. Use of Steganography
by Terrorist
Al Qaeda's use of steganography is somewhat simpler: In 2008 a British
man,Rangzieb Ahmed, was alleged to have a contact book with Al-
Qaeda telephone numbers, written in invisible ink. He was convicted of
terrorism.
In 2010, the Federal Bureau of Investigation revealed that the Russian
foreign intelligence service uses customized steganography software for
embedding encrypted text messages inside image files for certain
communications with "illegal agents" (agents under non-diplomatic
cover) stationed abroad.
Using steganography to embed a message in a pornographic image and
posting it to a Usenet newsgroup is the cyberspace equivalent of a dead
drop. To everyone else, it's just a picture. But to the receiver, there's a
message in there waiting to be extracted.
12. Malware
A malware is a small program that runs hidden on an infected computer
With the help of a malware, an attacker gets access to stored
passwords in the compromised computer and would be able to
read personal documents, delete files and display pictures, and/or
show messages on the screen
14. What Do Malware
Creators Look For
Credit card information
Account data (email addresses, passwords, user names, and so
on)
Confidential documents
Financial data (bank account numbers, social security numbers,
insurance information, and so on)
Calendar information concerning the victim’s whereabouts
Using the victim’s computer for illegal purposes, such as to hack,
scan, flood, or infiltrate other machines on the network or Internet
15. Different Ways a Malware
Can Get into a System
Internet
Pirated Software’s
Free ScreenSavers
E-Greeting Cards
Untrusted Web Site Links
USB Drive/ Images etc…
16. How does an attacker get a Trojan installed on the
victim's computer?
Using wrappers
A wrapper attaches a given EXE application (such as
games or office applications) to the Trojan executable
The two programs are wrapped together into a single
file. When the user runs the wrapped EXE, it first
installs the Trojan in the background and then runs the
wrapped application in the foreground
The user only sees the latter application
18. Zeus
Zeus is a malware that steals banking information by keystroke
logging and Form Grabbing
Zeus is spread mainly through drive-by downloads and phishing
schemes
In June 2009, security company Prevx discovered that Zeus had
compromised accounts of such companies as the Bank of America,
NASA, Monster, ABC, Oracle,Play.com Cisco, Amazon, and
BusinessWeek.
2009 over 1.5 million phishing messages were sent on Facebook with
the purpose of spreading the Zeus' trojan.
From November 14–15, 2009 Zeus spread via e-mails purporting to be
from Verizon Wireless. A total of nine million of these phishing e-mails
were sent.
The five countries with the most significant instances of infected
machines are Egypt, the United States, Mexico, Saudi Arabia, and
22. Key-logger's stealing away your
Private Passwords
A program or hardware device that captures every
key depression on the computer
Used to monitor employee performance
Used to seal private information
Besides being used for legitimate purposes,
keyloggers can be hardware installed to a computer or
software that is used to collect sensitive information.
23. Hackers Motive of Key-
Logger
The types of sensitive information include:
Usernames & Passwords
Credit Card Numbers
Person Information such as Name, Address, etc.
These small devices connect directly on the end of a keyboard to the port
on the computer and look rather unassuming.
24. Preventive Measure
Use Anti-Virus Programs
Keep your system patched
Read Email with Attachments Carefully
Use Firewall Programs
Backup Important Files/Folders on separate storage
media
25. Preventive Measure
Use strong Passwords
Download and Install Software with Care
Avoid Social Engineering Attacks
Avoid Public Computers
Learn & Arm your self against Cyber Attacks