1
play

1 Early 1970s Phreaks Blue Boxes: Free Long Distance Calls Once - PDF document

Mar 15, 2023 •357 likes •456 views

Thanks To Anthony Joseph, Doug Tygar, Umesh Vazirani, and David Wagner for generously allowing me to use their slides (with some slight modifications of my own). Fall 2008 Fall 2008 CS 334: Computer Security 1 Fall 2008 CS 334:

  1. Thanks… • To Anthony Joseph, Doug Tygar, Umesh Vazirani, and David Wagner for generously allowing me to use their slides (with some slight modifications of my own). Fall 2008 Fall 2008 CS 334: Computer Security 1 Fall 2008 CS 334: Computer Security 2 Our Path Phone System Hackers: Phreaks • War stories from the Telecom industry • 1870s: first switch (before that, leased lines) • War stories from the Internet: Worms and Viruses • 1920s: first automated switchboards • Crackers: from prestige to profit • Mid-1950s: deployment of automated direct-dial long distance switches • Lessons to be learned Fall 2008 CS 334: Computer Security 3 Fall 2008 CS 334: Computer Security 4 US Telephone System (mid 1950s) Early 1970s Phreaks • In 1957, Joe Engressia (Joybubbles), blind 7 year old with perfect pitch, discovers that tone E above middle C (2600Hz) would stop dialed phone recording • John Draper (Cap’n Crunch) • A dials B’s number – Makes free long-distance calls by blowing 2600Hz • Exchange collects digits, assigns inter-office trunk, and tone into a telephone using a whistle from a cereal transfers digits using Single or Multi Frequency signaling box… • Inter-office switch routes call to local exchange – Tone indicates caller has hung up  stops billing! • Local exchange rings B’s phone – Then, whistle digits one-by-one Fall 2008 CS 334: Computer Security 5 Fall 2008 CS 334: Computer Security 6 1

  2. Early 1970s Phreaks Blue Boxes: Free Long Distance Calls • Once trunk thinks call is over, use a • “2600” magazine helps phreaks make free “blue box” to dial desired number long-distance calls – Emits MF signaling tones • Builders included members of • But, not all systems use SF for dialing… California’s Homebrew Computer Club: – Steve Jobs (AKA Berkeley Blue) • No Problem: Specifics of MF system published – Steve Wozniak (AKA Oak Toebark) (by Bell Tel) in Bell Systems Technical Journal • Red boxes, white boxes, pink boxes, … – For engineers, but finds way to campuses – Variants for pay phones, incoming calls, … Fall 2008 CS 334: Computer Security 7 Fall 2008 CS 334: Computer Security 8 Signaling System #7 The Game is On • “Ma Bell” deployed Signaling System #6 in late 1970’s and SS#7 in 1980’s • Cat and mouse game between telcos and phreaks – Uses Common Channel Signaling (CCS) to transmit – Telcos can’t add filters to every phone switch out-of-band signaling information – Telcos monitor maintenance logs for “idle” trunks – Completely separate packet data network used to – Phreaks switch to emulating coin drop in pay phones setup, route, and supervise calls – Telcos add auto-mute function – Not completely deployed until 1990’s for some rural – Phreaks place operator assisted calls (disables mute) areas – Telcos add tone filters to handset mics – … • The Phone System’s Fatal Flaw? • False sense of security… – In-band signaling! – Single company that owned entire network – Information channel used for both voice and signaling – SS7 has no internal authentication or security – Knowing “secret” protocol = you control the system Fall 2008 CS 334: Computer Security 9 Fall 2008 CS 334: Computer Security 10 Cellular Telephony Phreaks US Telephone System (1978-) • Analog cellular systems deployed in the 1970’s used in-band signaling • Suffered same fraud problems as with fixed phones – Very easy over-the-air collection of “secret” identifiers – “Cloned” phones could make unlimited calls • A dials B’s number • Not (mostly) solved until the deployment of • Exchange collects digits and uses SS7 to query digital 2nd generation systems in the 1990’s B’s exchange and assign all inter-office trunks • Enck, Traynor, et. al: “Exploiting Open • Local exchange rings B’s phone Functionality in SMS-Capable Cellular Networks” • SS7 monitors call and tears down trunks when either end hangs up Fall 2008 CS 334: Computer Security 11 Fall 2008 CS 334: Computer Security 12 2

  3. Today’s Phone System Threats Today’s Phone System Threats • Deregulation in 1980s – Anyone can become a Competitive Local ExChange (CLEC) • PBX (private branch exchange) hacking provider and get SS7 access for free long-distance – No authentication  can spoof any message (think CallerID)... – Default voicemail configurations often allow • PC modem redirections (1999-) outbound dialing for convenience – Surf “free” gaming/porn site and download “playing/ – 1-800-social engineering (“Please connect viewing” sw me to x9011…”) – Software mutes speaker, hangs up modem, dials Albania – Charged $7/min until you turn off PC (repeats when turned on) – Telcos “forced” to charge you because of international tariffs Fall 2008 CS 334: Computer Security 13 Fall 2008 CS 334: Computer Security 14 Our Path Phreaking Summary • War stories from the Telecom industry • In-band signaling enabled phreaks to compromise telephone system integrity • War stories from the Internet: Worms • Moving signaling out-of-band provides added and Viruses security • New economic models mean new threats – Not one big happy family, but bitter rivals • Crackers: from prestige to profit • End nodes are vulnerable – Beware of default configurations! • Lessons to be learned • Social engineering of network/end nodes Fall 2 CS 334: Computer Security 15 Fall 2008 CS 334: Computer Security 16 Internet Worms Morris Worm (briefly: more detail later) • Self-replicating, self-propagating code and data • Written by Robert Morris while a Cornell graduate student (Nov 2-4, 1988) • Use network to find potential victims – Exploited debug mode bug in sendmail • Typically exploit vulnerabilities in an – Exploited bugs in finger, rsh, and rexec application running on a machine or the – Exploited weak passwords machine’s operating system to gain a foothold • Infected DEC VAX (BSD) and Sun machines • Then search the network for new – 99 lines of C and ≈ 3200 lines of C library victims code Fall 2008 CS 334: Computer Security 17 Fall 2008 CS 334: Computer Security 18 3

  4. Morris Worm Behavior Morris Worm Behavior • Bug in finger server – Allows code download and execution in place of a finger request • Next steps: • sendmail server had debugging enabled by default – Copy over, compile and execute bootstrap – Allowed execution of a command interpreter and – Bootstrap connects to local worm and copies downloading of code over other files • Password guessing (dictionary attack) – Creates new remote worm and tries to – Used rexec and rsh remote command interpreter propagate again services to attack hosts that share that account • rexec, rsh – execute command on remote machine (difference is that rexec requires a password) Fall 2008 CS 334: Computer Security 19 Fall 2008 CS 334: Computer Security 20 Morris Worm Internet Worms: Zero-Day Exploits • Network operators and FBI tracked • Morris worm infected a small number of hosts down author in a few days (several thousand?) • First felony conviction under 1986 – But, Internet only had ~60,000 computers! Computer Fraud and Abuse Act • What about today? ~600M computers • After appeals, was sentenced to: • Theoretical “zero-day” exploit worm – Rapidly propagating worm that exploits a common – 3 years probation Windows vulnerability on the day it is exposed – 400 hours of community service – Propagates faster than human intervention, infecting – Fine of more than $10,000 all vulnerable machines in minutes • Now a professor at MIT… Fall 2008 CS 334: Computer Security 21 Fall 2008 CS 334: Computer Security 22 Saphire (AKA Slammer) Worm Saphire 5:33 UTC • January 25, 2003 (5:30 UTC) • Fastest computer worm in history (at the time) – Used MS SQL Server buffer overflow vulnerability – Doubled in size every 8.5 seconds, 55M scans/sec – Infected >90% of vulnerable hosts within 10 mins – Infected at least 75,000 hosts – Caused network outages, canceled airline flights, elections problems, interrupted E911 service, and caused ATM failures Fall 2008 CS 334: Computer Security 23 Fall 2008 CS 334: Computer Security 24 4

  5. Saphire 5:36 UTC Saphire 5:43 UTC Fall 2008 CS 334: Computer Security 25 Fall 2008 CS 334: Computer Security 26 Worm Propagation Behavior Saphire 6:00 UTC • More efficient scanning finds victims faster (< 1hr) • Even faster propagation is possible if you cheat – Wasted effort scanning non-existent or non- vulnerable hosts – Warhol: seed worm with a “hit list” of vulnerable hosts (15 mins) Fall 2008 CS 334: Computer Security 27 Fall 2008 CS 334: Computer Security 28 Since Original Slides Created… Since Original Slides Created… Fall 2008 CS 334: Computer Security 29 Fall 2008 CS 334: Computer Security 30 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida

Multiparty Session Types and their Applications to Large Distributed Systems Nobuko Yoshida Imperial College London 1 In collaboration with: Matthew Arrott (OOI) Gary Brown (Red Hat) Stephen Henrie (OOI) Bippin Makoond (Cognizant) Michael

799 views • 41 slides
Inspiring Great Downtowns RECOVERY &amp; RESILIENCY ON MAIN STREET Educational Series Main

Inspiring Great Downtowns RECOVERY &amp; RESILIENCY ON MAIN STREET Educational Series Main

Inspiring Great Downtowns RECOVERY &amp; RESILIENCY ON MAIN STREET Educational Series Main Street Forums for the 21 st Century Session Sponsors: Corporate Investors: Founding Sponsors: Growth Partners: State Histor oric Preservation Office

543 views • 42 slides
Lecture 6: Music Mark Hasegawa-Johnson ECE 401: Signal and Image Analysis, Fall 2020 Review

Lecture 6: Music Mark Hasegawa-Johnson ECE 401: Signal and Image Analysis, Fall 2020 Review

Review Pitch Pitch Tracking Phase Vocoder Summary Lecture 6: Music Mark Hasegawa-Johnson ECE 401: Signal and Image Analysis, Fall 2020 Review Pitch Pitch Tracking Phase Vocoder Summary Review: Spectrum, Fourier Series, and DFT 1

885 views • 31 slides
Early Seed Funding: The Art and Not-So-Science of Raising Money Jason St. Peter, Founder Palomar

Early Seed Funding: The Art and Not-So-Science of Raising Money Jason St. Peter, Founder Palomar

Early Seed Funding: The Art and Not-So-Science of Raising Money Jason St. Peter, Founder Palomar Consulting Jason@palomar.io Tomato Tomatoe Investment vs Funding Types of f Funding Bootstrap Credit Loans Grants Crowd

316 views • 14 slides
SHPE Sacramento State SHPE California State University, Sacramento AGENDA Announcements

SHPE Sacramento State SHPE California State University, Sacramento AGENDA Announcements

General Meeting SHPE Sacramento State SHPE California State University, Sacramento AGENDA Announcements POTLUCK &amp; Activity Changing Lives; Empowering Communities; Impacting the World 3 3 Changing Lives; Empowering Communities;

483 views • 7 slides
Design: Prototype Co-design program session 7 Check-in Take 2 minutes to consider: What did

Design: Prototype Co-design program session 7 Check-in Take 2 minutes to consider: What did

Design: Prototype Co-design program session 7 Check-in Take 2 minutes to consider: What did you notice during your ideation work over the last week Why is this a challenge or an opportunity for you right now? What is the intention

370 views • 26 slides
Wire Crossing Patterns Maxim Potekhin (BNL) Wirecell Summit@LBNL 12/09/2015 Nominal pattern

Wire Crossing Patterns Maxim Potekhin (BNL) Wirecell Summit@LBNL 12/09/2015 Nominal pattern

Wire Crossing Patterns Maxim Potekhin (BNL) Wirecell Summit@LBNL 12/09/2015 Nominal pattern according to the CDR Parameters from the CDR: The scale of the pitch seems about right based on diffusion etc but the exact choice of numbers is

123 views • 11 slides
Nanowire- -Based Based Nanowire Programmable Programmable Architectures Architectures

Nanowire- -Based Based Nanowire Programmable Programmable Architectures Architectures

Nanowire- -Based Based Nanowire Programmable Programmable Architectures Architectures ANDR E DEHON E DEHON ANDR ACM Journal on Emerging Technologies in ACM Journal on Emerging Technologies in Computing Systems, Vol. 1, No. 2, July

886 views • 57 slides
Predicting and suggesting in the job market EIT Summer School 2016, Bosn, June 27, 2016

Predicting and suggesting in the job market EIT Summer School 2016, Bosn, June 27, 2016

Predicting and suggesting in the job market EIT Summer School 2016, Bosn, June 27, 2016 GreatPeople Applications 20160627 - proprietary and confidential - not to be shared or distributed without the prior written consent from Great

567 views • 33 slides
Stanford Rebuild: An Entrepreneurial Path Forward Stefanos Zenios Entrepreneurs adapt Sams

Stanford Rebuild: An Entrepreneurial Path Forward Stefanos Zenios Entrepreneurs adapt Sams

Stanford Rebuild: An Entrepreneurial Path Forward Stefanos Zenios Entrepreneurs adapt Sams famous Lobster Rolls were selected by the Food Editor of the Today Show as one of the five Best Sandwiches in America Entrepreneurs Facing a

850 views • 21 slides
Don't Know P ROJECT P ITCH CS294S/W F ALL 2020 Semantic Parsing Is the task of converting

Don't Know P ROJECT P ITCH CS294S/W F ALL 2020 Semantic Parsing Is the task of converting

Error Detection: Know What you Don't Know P ROJECT P ITCH CS294S/W F ALL 2020 Semantic Parsing Is the task of converting what the user says to executable code. Natural language ThingTalk What is a Chinese restaurant in Restaurant,

606 views • 14 slides
fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng

fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng

Fi Firefl fly : Untethered Multi-user VR for Commodity Mobile Devices Xing Liu, Christina Vlachou, Feng Qian, Chendong Wang, Kyu-Han Kim Motivation Performance User User scalability mobility Deployment Cost State-of-the-art

384 views • 27 slides
Project Overview, and Working with Clients UNC COMP 523 Wed Aug 12, 2020 Prof. Jeff Terrell 1

Project Overview, and Working with Clients UNC COMP 523 Wed Aug 12, 2020 Prof. Jeff Terrell 1

Project Overview, and Working with Clients UNC COMP 523 Wed Aug 12, 2020 Prof. Jeff Terrell 1 / 40 First, a word from Peter Liao Commercialization Manager UNC Office of Technology Commercialization Email: liaopb@unc.edu 2 / 40

1.27k views • 40 slides
Writing Research Grant Applications Andrew Derrington Parker Derrington Ltd Programme Things

Writing Research Grant Applications Andrew Derrington Parker Derrington Ltd Programme Things

Writing Research Grant Applications Andrew Derrington Parker Derrington Ltd Programme Things you Need to Know Where to get a handout Funding Strategy Are you ready to start? Why You Need a Magic Formula The Magic Formula

2.07k views • 137 slides
DP ProtoDUNE Technical Design Review 24 th April 17 C.Cantini on behalf of ETHZ Group 24/04/2017

DP ProtoDUNE Technical Design Review 24 th April 17 C.Cantini on behalf of ETHZ Group 24/04/2017

DP ProtoDUNE Technical Design Review 24 th April 17 C.Cantini on behalf of ETHZ Group 24/04/2017 C.Cantini, ETHZ 1 Design of instrumentation for the 6x6x6 m3 Detector DP ProtoDune List of sensors, items, instrumentation Distribution of

639 views • 38 slides
Music Informatics Alan Smaill Feb 4th 2014 Alan Smaill Music Informatics Feb 4th 2014 1/29

Music Informatics Alan Smaill Feb 4th 2014 Alan Smaill Music Informatics Feb 4th 2014 1/29

N I V E U R S E I H T T Y O H F G R E U D I B N Music Informatics Alan Smaill Feb 4th 2014 Alan Smaill Music Informatics Feb 4th 2014 1/29 Today N I V E U R S E I H T T Y O H F G R E U D I B N

704 views • 29 slides
Performance in heavy -ion beam tests of a high time resolution and two-dimensional position

Performance in heavy -ion beam tests of a high time resolution and two-dimensional position

Performance in heavy -ion beam tests of a high time resolution and two-dimensional position sensitive MRPC with transmission line impedance matched to the FEE M. Petris, D. Bartos, M. Petrovici, L. Radulescu, V. Simion IFIN-HH Bucharest J.

519 views • 15 slides
Applications of optimal transport to machine learning and signal processing Prsentation par

Applications of optimal transport to machine learning and signal processing Prsentation par

Applications of optimal transport to machine learning and signal processing Prsentation par Nicolas Courty Matre de confrences HDR / Universit de Bretagne Sud Laboratoire IRISA http://people.irisa.fr/Nicolas.Courty/ Motivations Optimal

825 views • 80 slides
From P an . inian Sandhi to Finite State Calculus Malcolm D. Hyman Max Planck Institute for

From P an . inian Sandhi to Finite State Calculus Malcolm D. Hyman Max Planck Institute for

From P an . inian Sandhi to Finite State Calculus Malcolm D. Hyman Max Planck Institute for the History of Science, Berlin First International Sanskrit Computational Linguistics Symposium, Paris, 2007 p.1 Overview 1. Research context

315 views • 28 slides
Physical Design of a 3D-Stacked Heterogeneous Multi-core Processor W. Rhett Davis , Randy

Physical Design of a 3D-Stacked Heterogeneous Multi-core Processor W. Rhett Davis , Randy

Physical Design of a 3D-Stacked Heterogeneous Multi-core Processor W. Rhett Davis , Randy Widialaksono, Rangeen Basu Roy Chowdhury, Zhenqian Zhang, Joshua Schabel, Steve Lipa, Eric Rotenberg, Paul Franzon Overview Motivation for 3D-IC HMP

824 views • 31 slides
Pitch Detection: Music, Physics, and the Brain Tom Goodman University of Birmingham Wednesday 30

Pitch Detection: Music, Physics, and the Brain Tom Goodman University of Birmingham Wednesday 30

Pitch Detection: Music, Physics, and the Brain Tom Goodman University of Birmingham Wednesday 30 th January 2018 Wednesday 30 th January 2018 Tom Goodman (University of Birmingham) Research Skills 1 / 37 Contents Aim of Pitch Detection

1.72k views • 37 slides
A Talk about How to Give a Talk Part II Bertram Fronhfer International Center for

A Talk about How to Give a Talk Part II Bertram Fronhfer International Center for

A Talk about How to Give a Talk Part II Bertram Fronhfer International Center for Computational Logic Technische Universitt Dresden Germany Bertram Fronhfer A Talk about How to Give a Talk Part II 1 Overview Part I How to

549 views • 21 slides
Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 8: The Business of the Business 2

Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 8: The Business of the Business 2

11/9/15 Progressive Education for Event Professionals Wedding &amp; Event Design ! with Lindsay Landman ! 1 1 Week 8: The Business of the Business 2 Week 8: The Business of the Business Client Connection 3 1 11/9/15 Identifying Your Client

478 views • 10 slides
SLS Operation Statistics I Excellent Year 2016 (so far): Beam availability 99.2% Mean

SLS Operation Statistics I Excellent Year 2016 (so far): Beam availability 99.2% Mean

SLS Operation Statistics I Excellent Year 2016 (so far): Beam availability 99.2% Mean tjme between failures of 11 days (wait for next slide) ! Mean tjme between distortjons with 66 hours twice as long as last year Excellent

367 views • 9 slides

More recommend