Cyber Crime and Cyber Terrorism



Download 5,67 Mb.
Pdf ko'rish
bet257/283
Sana19.05.2022
Hajmi5,67 Mb.
#604880
1   ...   253   254   255   256   257   258   259   260   ...   283
Bog'liq
Cyber crime and cyber terrorism investigators handbook by Babak

FIGURE 17.12
DNS features.


254
CHAPTER 17
Responding to cyber crime and cyber terrorism
In addition to the widespread use of encryption of communication channels, 
recently we have seen the spread of using social networks as part of a botnet. One 
of the primary intents of botmasters is to reach a wide audience of users, so it is 
natural that they are exploring the possibility to exploit social media platforms, 
for recruiting new zombies and controlling infected machines (typically creating 
fake accounts that send encrypted messages to malware on victims), since social 
networks have monopolized the majority of user’s internet experience. Botmasters 
have begun to exploit social network websites (e.g., 
Twitter.com
) as C&C head-
quarters, which turns out to be quite stealthy because it is hard to distinguish 
the C&C activities from the normal social networking traffic (
Kartaltepe et al., 
2010
). “UPD4T3” is an example of a fake Twitter account owned, of course, by a 
botmaster.
Moreover, we know that TOR is an anonymity network operated by volunteers 
which provides encryption and identity protection capabilities. Tor is a great tool that 
helps people all over the world to protect themselves from Internet censorship. It is 
widely used by anyone concerned about the privacy and safety of their communica-
tions. At the same time though, it does get abused a lot, as in the case we are going 
to describe.
The potential use of TOR in botnet infrastructure has been discussed several 
times in the past (e.g., at “Defcon 18 Conference” by Dennis Brown). In September 
2012 the German Antivirus vendor G-Data briefly described a similar case.
As we already know, hosting C&C infrastructure on “Internet servers” could ex-
pose the botnet. A much stronger infrastructure can be built just by utilizing Tor as the 
internal communication protocol and by using the Tor Hidden Services functionality.
Hidden services, introduced in 2004, permit the creation of completely anony-
mous and concealed services accessible through Tor only. An “onion” pseudo- domain 
is generated, which will then be used to resolve and contact the hidden server. It is 
very difficult to identify the origin of the hidden service and to revoke or take over 
the associated onion domain (
Figure 17.14
).

Download 5,67 Mb.

Do'stlaringiz bilan baham:
1   ...   253   254   255   256   257   258   259   260   ...   283




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish