Identify Theft
Identity theft criminals come in all shapes and sizes these days. If you're ever unlucky enough to be a
victim of identity theft, the culprit is far more likely to be a local meth user than a professional
hacker. That said, most organized crimes gangs around the world are becoming much more involved
in computer hacking. Computer identity theft can happen in a number of ways. Criminal organizations
can use their own hackers, hire college students, or simply buy large amounts of stolen information
from professional hackers. And the result is a spike in the number and size of reported data breachesby hackers.
Hacking attacks can be launched in a number of ways:
- Attacking computers that don't have firewalls installed.
- Installing keystroke loggers or other malicious code by hiding it in email attachments.
- Exploiting browser vulnerabilities that have not been properly patched.
- Exploiting weak or poorly protected passwords.
- Hiding malicious code in downloads or free software.
- Hiding malicious code in images on websites and waiting for unsuspecting users to click on them.
- Employees or other trusted users simply accessing an unprotected computer.
- Exploiting poorly installed networks, and especially wireless home networks.
How does identify theft work?
First things first, your social security number isn't necessarily a magic ticket to your identity—it's
really more like a cheat code. If you know where, when, and how to use someone else's number, you
can effectively steal their identity and cause them significant hardship. Former public and now private
investigator Randy Barnhart explains how easy it is to gain a line of credit in someone else's name if
you know what to do:
Many retailers offer credit cards, most offer Visa and Master Card accounts as well. If I
have someone's social security number, all I have to do is complete a one page credit
application using the stolen SSN and hand it to a cashier that is 18-20 years old. The
cashier enters the SSN into their system and a line of credit is issued. Depending on the
victim's credit rating, the line of credit can be $1000 to $100,000. Usually the cashier
hands me a temporary shopping pass with a limited balance that I can use immediately.
If they have multiple identities, the thief can open several accounts and max out the
credit line very quickly.
Barnhart suggests that this would be simple to stop, as additional security checks would be required,
but this would involve the sacrifice of convenience—something we're not always eager to abandon.
It's also not the sort of thing retailers want to give up because they make a lot of money off of
providing you with a credit line.Even still, that's just one example of the many problems that can arise from identity theft. We tend to
concentrate only on the monetary damage, but much more can occur. Matt Davis, a victim advisor for
the Identity Theft Resource Center, explains many of the other issues:
ID thieves can use an social security number to procure your medical benefits, social
security, unemployment, file false tax returns, and even pawn off their criminal charges
when they have run-ins with the law on you. The possibilities are limitless with the right
information and an informed thief. A credit report will not show you if anyone is running
up criminal charges as you, using your medical insurance to finance medical procedures,
or creating a fraudulent job history report by working under your information.
Basically, your identity is valuable to different kinds of people for different reasons. You might be
targeted for a line of credit or because an illegal immigrant needs "lawful" employment and health
care. Monitoring your credit report isn't enough. You need to pay attention to everything if you're
going to catch a thief.
How can one protect them from identity theft?
There's no way you can stop a young retail cashier from processing a credit application they don't
know is fraudulent, or much of anything that would stop the thief once they have your social security
number. Your goal is to make sure that number stays with you and doesn't get in the hands of anyone
you don't trust. The easiest way to procure a social security number from a victim is by going through
their trash, as your mail will sometimes have your number on it. There are also other ways your
number can leave your protection. As a result, you'll want to do the following:
- If your social security number does appear on any documents, destroy them before you throwthem out.
- Never give out your social security number to any third-party unless you know they need it(e.g. a credit application) and you trust the organization. Before handing it over, you maywant to ask what measures they take to ensure social security numbers are not recorded. Forexample, a friend of mine works in a sales job. They're not allowed to have cellphones orany devices connected to the internet. They can't use computers, either, aside from the oneprovided. This is to make it virtually impossible for them to record any credit card numbersthey receive from a customer. While a company is not going to outlaw pencil and paper,therefore not completely eliminating the possibility of your social security number leavingthe building, they likely take several countermeasures to help protect you. If you're worried,ask. Whoever is requesting the number likely knows about them since they live with themevery day.
- Before handing over your social security number to any company, ask if it will ever appearon a document they send you in the mail. Also find out how it is securely stored on theirservers so it will be protected in case of a hack.
- Avoid entering your social security number online unless you are absolutely sure you're on asecure connection and dealing with a company you can trust. If you're not, call them to verifyor don't do it.
Spoofing Attacks
A spoofing attack is when a malicious party impersonates another device or user on a network in
order to launch attacks against network hosts, steal data, spread malware or bypass access controls.
There are several different types of spoofing attacks that malicious parties can use to accomplish this.
Some of the most common methods include IP address spoofing attacks, ARP spoofing attacks and
DNS server spoofing attacks.
IP address spoofing attacks
IP address spoofing is one of the most frequently used spoofing attack methods. In an IP address
spoofing attack, an attacker sends IP packets from a false (or “spoofed”) source address in order to
disguise itself. Denial-of-service attacks often use IP spoofing to overload networks and devices with
packets that appear to be from legitimate source IP addresses.
What sorts of attacks are launched through IP spoofing? To name a few:
Blind spoofing: In this type of attack, a cracker outside the perimeter of the local network
transmits multiple packets to his intended target to receive a series of sequence numbers,
which are generally used to assemble packets in the order in which they were intended --
Packet 1 is to be read first, then Packet 2, 3 and so on. The cracker is blind to how
transmissions take place on this network, so he needs to coax the machine into responding to
his own requests so he can analyze the sequence numbers. By taking advantage of knowing
the sequence number, the cracker can falsify his identity by injecting data into the stream of
packets without having to have authenticated himself when the connection was first
established. (Generally, current operating systems employ random sequence number
generation, so it's more difficult for crackers to predict the correct sequence number.)
Nonblind spoofing: In this type of attack, the cracker resides on the same subnet as his
intended target, so by sniffing the wire for existing transmissions, he can understand an
entire sequence/acknowledge cycle between his target and other hosts (hence the cracker
isn't "blind" to the sequence numbers). Once the sequence is known, the attacker can hijack
sessions that have already been built by disguising himself as another machine, bypassing
any sort of authentication that was previously conducted on that connection.
Denial-of-service attack: To keep a large-scale attack on a machine or group of machines
from being detected, spoofing is often used by the malefactors responsible for the event to
disguise the source of the attacks and make it difficult to shut it off. Spoofing takes on a
whole new level of severity when multiple hosts are sending constant streams of packet tothe DoS target. In that case, all the transmissions are generally spoofed, making it very
difficult to track down the sources of the storm.
Man-in-the-middle attack: Imagine two hosts participating in normal transmissions
between each other. In a man-in-the-middle attack, a malicious machine intercepts the
packets sent between these machines, alters the packets and then sends them on to the
intended destination, with the originating and receiving machines unaware their
communications have been tampered with; this is where the spoofing element enters the
equation. Typically, this type of attack is used to get targets to reveal secure information and
continue such transmissions for a period of time, all the while unaware that the machine in
the middle of the transmission is eavesdropping the whole time.
ARP spoofing attacks
ARP is short for Address Resolution Protocol, a protocol that is used to resolve IP addresses to
MAC (Media Access Control) addresses for transmitting data. In an ARP spoofing attack, a malicious
party sends spoofed ARP messages across a local area network in order to link the attacker’s MAC
address with the IP address of a legitimate member of the network. This type of spoofing attack
results in data that is intended for the host’s IP address getting sent to the attacker instead. Malicious
parties commonly use ARP spoofing to steal information, modify data in-transit or stop traffic on a
LAN. ARP spoofing attacks can also be used to facilitate other types of attacks, including denial-of-
service, session hijacking and man-in-the-middle attacks. ARP spoofing only works on local area
networks that use the Address Resolution Protocol.
DNS server spoofing attacks
The Domain Name System (DNS) is a system that associates domain names with IP addresses.
Devices that connect to the internet or other private networks rely on the DNS for resolving URLs,
email addresses and other human-readable domain names into their corresponding IP addresses. In a
DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific
domain name to a different IP address. In many cases, the new IP address will be for a server that is
actually controlled by the attacker and contains files infected with malware. DNS server spoofing
attacks are often used to spread computer worms and viruses.
Spoofing attack prevention and mitigation
There are many tools and practices that organisations can employ to reduce the threat of spoofing
attacks. Common measures that organisations can take for spoofing attack prevention include:
Packet filtering: packet filters inspect packets as they are transmitted across a network.
Packet filters are useful in IP address spoofing attack prevention because they are capable of
filtering out and blocking packets with conflicting source address information (packets fromoutside the network that show source addresses from inside the network and vice versa).
Avoid trust relationships: organisations should develop protocols that rely on trust
relationships as little as possible. It is significantly easier for attackers to run spoofing
attacks when trust relationships are in place because trust relationships only use IP
addresses for authentication.
Use spoofing detection software: There are many programs available that help
organisations detect spoofing attacks, particularly ARP spoofing. These programs work by
inspecting and certifying data before it is transmitted and blocking data that appears to be
spoofed.
Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shell
(SSH), HTTP Secure (HTTPS) and other secure communications protocols bolster spoofing
attack prevention efforts by encrypting data before it is sent and authenticating data as it is
received.
No comments:
Post a Comment