tailieunhanh - Lecture notes on Computer and network security: Lecture 30 - Avinash Kak

Lecture 30, mounting targeted attacks with trojans and social engineering - Cyber espionage. The goals of this chapter are: Can a well-engineered network be broken into? Socially engineered email lures, trojans and the gh0stRAT trojan, cyber espionage, exploiting browser vulnerabilities. | Lecture 30: Mounting Targeted Attacks with Trojans and Social Engineering — Cyber Espionage Lecture Notes on “Computer and Network Security” by Avi Kak (kak@) April 20, 2016 12:23am c 2016 Avinash Kak, Purdue University Goals: • Can a well-engineered network be broken into? • Socially engineered email lures • Trojans and the gh0stRAT trojan • Cyber espionage • Exploiting browser vulnerabilities CONTENTS Section Title Page Is It Possible to Break into a Well-Engineered Network? 3 Trojans 8 The ghOstRAT Trojan 14 Cyber Espionage 22 Cyber Espionage Through Browser Vulnerabilities 28 2 Computer and Network Security by Avi Kak Lecture 30 : IS IT POSSIBLE TO BREAK INTO A WELL-ENGINEERED NETWORK? • Consider an agent X who is determined to break into a network with the intention of stealing valuable documents belonging to an organization and for the purpose of conducting general espionage on the activities of the organization. • Assume that the targeted organization is vigilant about keeping up to date with the patches and with anti-virus software updates (Lecture 22). We also assume that the organization’s network operates behind a well-designed firewall (Lectures 18 and 19). Additionally, we assume that the organization hires a security company to periodically carry out vulnerability scans and for penetration testing of all its computers (Lecture 23). • We further assume that the computers in the targeted organization’s network are not vulnerable to either the dictionary or the rainbow-table attacks (Lecture 24). • In addition, we assume that X is physically based in a different country, which is not the same country where the organization’s 3 Computer and Network Security by Avi Kak Lecture 30 network is. Therefore, it is not possible for X to gain a James Bond like physical entry into the organization’s premises and install a packet sniffer in its LAN. • Given the assumptions listed above, it would seem that