Black ICE

"Although computer protective tools are also evolving and improving, they tend to evolve in a reactive manner to each perceived threat as it appears"


- Eleonore
- Phoenix
- Zeus trojan

Internet
- approx. 170 million + web hosts
- 2 billion users
- The total indexed size of the world wide web by search engines is nearly 10-12 billion pages, but the deep web could be as much as 400-500 times larger than the information indexed by the major search engines

- Operation SunDevil

- Computer Fraud and Abuse Act (1984)
"A hacker is one who accesses a computer intentionally without authorization, or exceeds authorized access, and then uses the access provided for purposes to which authorization did not extend, such as altering, damaging, or destroying data or preventing normal access"

- Computer Misuse Act (1990)
"Hackers are guilty of a legal offense if they knowingly cause a computer to perform any function to secure unauthorized access or cause unauthorized modification of the contents of the computer with the intent of impairing the computer, a program on that computer, or access to that computer"

- Password crackers
"John the Ripper"
"Crack"

- Automated attack tools
"MetaSploit" - has advanced options to load Active-X controls, the possibility to upload tool-kits and rootkits to computers, DLL injection for Windows systems and evasion models to defeat intrusion detection systems such as "Snort" (www.snort.org)

- Other software tools which scan SQL systems for possible SQL-injection attacks (i.e. "WebScarab") tools for further exploitation of the SQL server (i.e. "SQLNinja"), and tools for probing for vulnerabilities in server side CGI scripts (i.e. "CGIScan")

" NIC" = Network Interface Card

- Packet Sniffers

- IRC discussion groups

- SANS institute

- IANA = Internet Assigned Numbers Authority - private LAN IP address allocation

- Virtualization Software -  "QEMU"

- TAP magazine evolved into 2600 (www.2600.com)

- The Chaos Computer Club (CCC)

- Phrack

- Hack-Tic (www.hacktic.nl)

- Legion of Doom (LoD)

- Cult of the Dead Cow (CdC)

- LOpht
desinged "LOphtCrack" - a password cracker designed to ferret out insecure passwords on NT systems

- SLINT - a source code security analyzer
- AntiSniff = A network security tool designed to detect attackers
- LOpht announced a multi-million-dollar merge with computer security company @stake

- Kevin Mitnick "Condor"

- "Gary McKinnon"

- remote access software "RemoteAnywhere"

- Julian Assange "mendax"
- Wikileaks = Now have many mirror sites. Specialize in leaking highly classifed, confidential documents; capable of uploading to their website

- Richard Stallman founded "Free Software Foundation" FSF

- Linus Torvalds

- open-source projects " apache, php"

- Tim Berners-Lee invented the world wide web and WC3; invented HTML (hyptertext markup language), wrote the first ever WWW server or "http" (hypertext transfer protocol)

OFFENSIVE COMPUTING
Not enough to identify an intrusion; must respond to the attack
either by assuming control of remote documents / drives, etc.
and/or taking an offensive stance and striking back.
1. identify attacking OS
2. Produce a retaliatory response which inflicts damage to the intruder's OS
- Identify all documents involved in intrusion (stacks, traces, lastonealive, etc.)



BLACK ICE
"Intrusion Countermeasures Electronics"

"By using an IDS such as SNORT a programmer can react to alerts in anyway imaginable, up to and including making counter-attacks on attacking computers. You can imagine a scenario where the IDS has identified an ongoing attack from a remote computer - and now the system wants to do something about it, but the severity of the response can be varied."

- The Black ICE could block all traffic from the IP address involved in the attack
- The Black ICE could start a Denial of Service attack on the attacker using ICMP NET_UNREACH, TCP SYN floods or TCP ACK attacks.
- The Black ICE could run a vulnerability scanner such as "NESSUS" against the attacking computer - this process would identify all open ports and possible vulnerabilities in services - and would also identify the OS and patch level of the attacking computer
- The results of the vulnerability scan could then be fed into an automated program designed to exploit those vulnerabilities - MetaSploit using Autopwn would be a good example - with the express goal of breaking into the attacking machine using those vulnerabilities.

- Once the defender has taken control of the attacking computer, anything is possible limited only by the imagination and evil intention of the Black ICE programmers.

- Installation of a Remote Access Trojan (RAT) allowing full hostile takeover of the attacking computer.
(Previous notice of RAT object; identified as internet rating object; could have been a remote access trojan)

- More aggressive countermeasures would be the deletion of the OS or dismantling of the BIOS of the attacker

- botnets

- DDoS - Denial of Service (downloadable)

- internet spiders and crawlers - programs designed to scour the web for specific information

- rootkits are desinged to hide/camouflage malware. (LimeWire on Vista, Kaspersky, etc.)

- Port Scanning
Some programs enable an OS to create logs of specific events relating to attempts at intrusion; must learn to interpret these logs.
Scanning for ports enable a hacker to identify access to a computer within a network; must learn ways to secure ports and log events relating to the scanning of ports.

- This may sound difficult right now but you are at a novice level with respect to intrusion identification and response measures.
- Highly probable you already have documents relating to this content which have been ignored because of ignorance.
- Information is power. How this started was by one person learning how to connect into someone elses computer; then more followed until a vast information system/network grew.

files that are "open":

as done before, must extract information and open with removal of original security properties.

- hypothesis: one of at least one more data documents relating to what I believe to be a rootkit program masquerading as kaspersky antivirus; at minimum a dual-use program but still masking sufficient malware programs; similiar to the limewire i had on vista. obviously encrypted for a reason. the size of the document leads me to believe that the several large-sized documents i have including system include very sensitive information; i believe the method used to convey these documents somehow broke encryption. furthermore the page-breaker used and overall size indicate that this is sensitive material.


DANIEL S. ABRAHAMIAN
BLACK ICE
FEELMYFLAME