Hilal H.

Nuha

m


m
 





w


á  a is ic kejaha an In erne
á
efinisi hacker, cracker, dan securi 
professional
á Con oh hacker dan cracker, organisasi cracker
á Cara menangani serangan cracker
Sttistic k
t t

t

á airuses and he denial-of-seraice (
o

a acks
¦ Whi e House, he U.. Arm and Naa, NAA,
Ameri ech, Bell ou h, Es ee Lauder, Ford Mo or
Compan, Hewle Packard, Packard Bell,
Microsof , Amazon.com, eBa, E-Trade, and
Yahoo
á hef and unau horized modifica ions of
source code in ellec ual proper 
¦ Microsof
stts
á Excep for he Whi e House, he
epar men of
efense, NAA, and Microsof ,
he names are largel inconsequen ial because for eaer a ack ha is repor ed
or uncoaered b he media, hundreds more go unrepor ed.
á The
epar men of
efense es ima es ha onl 1 in 500 a acks is repor ed each
ear. Man o hers, especiall banks, wan o aaoid he nega iae publici  and
repercussions of such news becoming public.
á In a 2001 surae commissioned b he FBI's Compu er In rusion quad and he
Compu er ecuri  Ins i u e, 91 percen of 538 organiza ions responding
de ec ed compu er securi  breaches oaer he pas ear. Eaen more alarming,
40 percen repor ed pene ra ion of heir ss ems from he outside.
á This number grew in 2001 by 37.5 percent over the previous year. The survey also
indicated that 186 of the 538 organizations, or the 35 percent willing and/or able,
reported combined losses from security breaches costing approximately $377.8
million. Of these losses, $151.2 million resulted from theft of proprietary
information; $93 million, to financial fraud.
á In response o he juggernau , he marke for proaiding securi  solu ions is
expec ed o reach an es ima ed $700 million in 2002, up from $45 million in
1998. o he ques ion remains, can hackers be s opped?
epending on whom
ou ask, he answer is a qualified no.
ck
 s motiv

á including malicious in en and financial gains,

bu he hack mainl because he enjo i 
á The radi ional aiew is ha hackers break in
for he sake of improaing securi .
á There are eaen wri en accoun s of a
successful hack ha was full documen ed b
he hacker and lef behind for he benefi of
he IT managers.
cki is simply fu

á In eres ingl enough, a 1999 s ud

commissioned b he U.. mili ar concurred
ha mos hackers lack malicious in en . For he
record, he s ud also reaealed ha hackers haae
an inheren in eres in echnolog and are
mo iaa ed b ideals. Because his appears o be
he basis of he hacker psche, ano her
reaela ion sugges ed ha hackers don' like he
no ion ha informa ion is priaa e. The cul ural
mantra of the hacker underground is that
"information wants to be free."
 
á Hacker: In he programming communi , where he erm origina ed,
his erm describes a person who pursues knowledge of compu er
ss ems for i s own sakeȄsomeone willing o Dzhack hroughdz he s eps
of pu ing oge her a working program.
á More recen l, in popular cul ure a large, he erm has come o mean a
person who breaks in o o her peopleǯs compu ers wi h malicious in en
(wha programmers call a Dzcrackerdz. Man coun ries now rea
conaic ed crackers in he same wa ha he rea conaen ional
breaking-and-en ering criminals.
á Ú
 

   
breaks in o a compu er ss em
planning o do harm or damage or wi h criminal in en .
á The popular press of en por ras crackers as people wi h excep ional
alen for eluding de ec ion, and some of hem are, bu mos of hem
use a se of well-worn ricks o exploi common securi  weaknesses in
he ss ems he arge .
á   

   
  ss em, usuall a person
wi h malicious in en .
 S
cuity Pof
siol
Ú
 
 
Ú  
 ÚÚ
 ÚÚ ÚÚ


ÚÚ   Ú
Ú Ú  Ú Ú Ú Ú  Ú Ú

 Ú Ú Ú Ú Ú!" Ú  Ú    
Ú    Ú Ú#  $$%%  & Ú 
Ú # 
Ú Ú Ú# Ú ÚÚ
'Ú() Ú Ú Ú Ú   # 
Ú#      Ú
**+
 Ú Ú  
#, Ú-
'Ú( ÚÚ  .
Ú ÚÚ  .
Ú/ Ú Ú
.

 Ú
Ú Ú Ú Ú
Ú Ú
 0 11 Ú
Úoto ck
  cck

o issi cck

á Adrian Lamo
á Alber Gonzalez
á
ennis Moran
á Ehud Tenenbaum
á H
Moore
á Jona han James
á Keain Mi nick
á Keain Poulsen
á Kris ina aechinskaa
á Leonard Rose
á Rober Tappan Morris
á Tim Berners-Lee
á weea


á known for he deaelopmen of Back Orifice

and Back Orifice 2000, designed mainl o
expose Microsof 's securi  weaknesses.
á Back Orifice is a GUI-driaen sof ware u ili 
ha enables unau horized users o gain
remo e access o compu er ss ems hrough
he back doors of PCs running Microsof 's
Windows 95 or 98.
'  

á Global Hell debu ed in he mains ream when

i hacked in o he Whi e House Web si e.
á In Ma 1999, he Whi e House s aff was
confron ed wi h a pic ure of flowered pan ies
on i s home page.
á Global Hell ook credi for defacing he si e
for he whole world o see.

!"#!!

á The innocen -sounding crip Kiddies group, b

con ras , is one of he mos dangerous and
malicious cracker groups wreaking haaoc on he
In erne .
á For example, wo of heir disciples, California
eens who go b he handles Makaaeli and
Toohor , li erall ransacked a group of high-
leael mili ar seraers in 1998.
á In con ras o he altruistic hackers, their goal was
not to enter and patch up but to enter and tear up.
For the most part, Script Kiddies qualify as
crackers, and their modus operandi is destruction.
cki fo Gili
s ( G)

á Hacking for Girlies (HFG are he poli ical ac iais s of

he underground hacker cul ure. Apparen l, one
member of he group has been held in cus od b
he federal au hori ies since 1995.
á In ep ember 1998, HFG hacked in o he Yew York
Times's Web site in protest and to show discontent
with a Times reporter who wrote a book that
chronicled the comrade's capture.
á The Times's home page was plastered with slogans
demanding the release of the fallen HFG comrade.
á HFG has also hacked into Y S 's Jet Propulsion
Laboratory and Motorola in support of its incarcerated
colleague.
½$ m%
!
á Consequen l, hackers loae Microsof
because of he aarious classes of
aulnerabili ies presen ed b i s sui e of
produc s. If an compan can address hese
issues, Microsof can because of i s financial
muscle.(www.n bug raq.com
á superworms Nimda, Code Red, and Loae Bug
á Worm: Loae Bug, New Loae (Herbie
á m 
      ha pre ends o be a useful program,
such as a game or a u ili , o en ice ou o use i , when in reali  i con ains
special code ha will in en ionall damage an ss em on o which i is loaded.
á Virus: A program in ended o damage a compu er ss em wi hou he userǯs
knowledge or permission. A airus clones i self from disk o disk or from ss em o
ss em oaer a ne work. Numbers are hard o come b, bu cer ain au hori ies
claim ha here are approxima el 30,000 known airuses, wi h 400 new ones
appearing each mon h. A airus ma a ach i self o a program or o he par i ion
able or boo rack on a hard disk. When a cer ain eaen occurs, a da e passes, or
a specific program execu es, he airus is riggered in o ac ion.
á worms are programs ha reproduce, execu e independen l and raael across
he ne work connec ions. The ke difference be ween a airus and worm is he
manner in which i reproduces and spreads. A airus is dependen upon he hos
file or boo sec or, and he ransfer of files be ween compu ers o spread,
whereas a compu er worm can execu e comple el independen l and spread on
i s own accord hrough ne work connec ions
l
t
T
t

á CERT: Ú   

m
 is a name giaen o exper groups ha
handle compu er securi  inciden s. Mos
groups append he abbreaia ion Úm or
Úm
á m !mm 
"m#!m# $

   m

   
   
% &m'
á Na ional ecuri  Agenc (NA es ed he
Pen agon using aaailable program on he
in erne , and successfull ear down he
securi .
á 

(
   )   Ú  



(*
á Ú
( ((
á "+
á "m
o

á References
¦ Manager ecuri  Guide(chap er 3
¦ CEH
¦ Ne work
ic ionar
¦ In erne