Cyber WarfareThe Amplified Great Hacker War

Unclassified

October 2011

The views expressed in this presentation are those of the authors (CSFI managers and Paul de Souza, CSFI founder) and do not reflect the official policy or position of any US government agency, department, or service, or any other entity operating under the authorities or statutes of the U.S. government or any other government the U.S. does or does not recognize.

This presentation's facts, information, and data contained herein are sourced from the public domain.

Logos, slogans, trademarks, service marks, pictures, images, or any other form of intellectual property contained herein is protected from duplication without [proper and legal] consent from the data owner(s) for permission of use.

Carl Philipp Gottlieb von Clausewitz, Military Historian

Melissa Hathaway, Former Senior Advisor to the Director of National Intelligence (DNI)

“Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law.”

“Every age has its own kind of war.”

AgendaIntroduction to Cyber Security Forum InitiativeWhat is Cyber Warfare? What is the Cyber Battlefield?What are types of Cyber Warfare attacks?Cyber Warfare Organizations Conclusion

What is The Cyber Security Forum Initiative (CSFI) and CSFI-CWD (Cyber Warfare Division)?

Government

Military

Private Sector

Who We Are

Our mission is to extend all over the world with the intent of guarding our cyber freedoms and protecting our way of life.

Our Mission

To provide guidance and solutions to the private sector in the protection of critical civilian networks against cyber warfare related activities, through collaboration with universities, and the information security industry.

What is Cyber Warfare?Simply put, it is warfare waged in cyberspace.

FACT: Number of cyber attacks on US government agencies rose to 1.6

billion per month. The Times.

What is Cyberspace?

Any electronic signal or anything that sends, receives or reflects those signals. (U.S. Air Force definition of cyberspace: Deciphering Cyberspace—A

New Battlefield)

The Holy Grail of the 21st Century

Growing Dependence on Electromagnetic Spectrum

1975 Frequency Allocation Chart 2007 Frequency Allocation Chart

Why is Cyber Warfare happening? “Warfare is the greatest affair of state, the basis of life and death, the Way to survival or extinction. It must be thoroughly pondered and analyzed.”

Sun Tzu, Military Strategist

Why is Cyber Warfare happening?

Information is a key resource (state and non-state actors seek to destroy, corrupt, deny, access, and hide information and information systems)

Control of cyberspace (military, economic and political advantage)

Severe destructive/disruptive consequences by the use of cheaper non-kinetic cyber weapons

Lack of international Cyber ROE (Rules of Engagement) Very little accountability

Cyberspace as a Fighting Domain Complex, vulnerable and unpredictableAnyone can wage war in cyberspaceNo geographic boundaries Decentralized and anonymous Immature and rapidly changing Physical impact is hard to be perceived

Air Force Lt. Gen. Kenneth Minihan,

Director, NSAJune 4, 1998

“Peace really does not exist in the Information Age.”

International Policy on Cyber Attack

Undeveloped Highly uncertain Ill-formed Lack of oversight

Source: NIST 800-82, "Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security.

Cyber Threats National Governments / Foreign intelligence services Terrorists Criminal groups Industrial spies and

organized crime Hacktivists Hackers Denial of Service Attacks Bot-network operators

or herders Insiders Phishers Spammers Spyware/malware authors

Cyberspace is a Natural Conduit for War

Decentralized Privately owned

(85% of the internet) No boundaries Globally operated Deregulated Friend and foe traversing

the same virtual space Many points of entry Lacks attribution Interdependent Not resilient or

secure enough

What is the Cyber Battlefield?

Mapping the Terrain

World Connection Density

World City-to-City Connections

TeleGeography's New Global Internet Map

Fiber-optic SubmarineCable Systems

Satellite Connections

Backbone connectivity lies in the hands of a few major companies.

Internet Users Worldwide June 2008

21.1% of the world population with access to the Internet: 1,407,720,000 individuals online

What are the types of Cyber Warfare attacks?

Cyber attacks on fundamental Internet protocols Kinetic (“physical”) attacks on high value Internet “choke points”SCADA attacksStrikes through electromagnetic pulse (EMP) effects

Examples of Cyber Warfare Attacks“The electron is the ultimate guided weapons system.”

DrJohn Deutch, Director, CIA

June 1996

SPAM, asymmetriceconomic cyberAttacks

continued…

Examples of Cyber Warfare Attacks

11.4% LegitimateEmail

200 BILLIONSpam/day

Botnets are used to attack the U.S. in

2008 and 2009 via Botnet Attacks

(DDOS Attacks).

Worm viruses created in 2003 -2006 compromise computers which become members of the Botnet farms.

History of Cyber Attacks |

Cyber Attack Evolution

2009

2008

2007

2006

2005

Worm attacks go back to the 1970s’ “ancestor worms” which are highly evolved and sophisticated today.

Internet Mafias like the Russian Business Network (RBN) proliferate their reign on the web.

August 13, 2006: Botnet Herders attack Microsoft wormhole.

2005: Titan Rain – Hackers in

China attack computers in the U.S. Attacks of this nature are still continuing even today.

History of Cyber Attacks |

Early Attacks 2005-2006

2009

2008

2007

2006

2005

April – May 2007: Estonia came

under cyber attack in the

wake of relocation

of the Bronze Soldier of

Tallinn.

January 2007: Storm Botnet— 1 million computers remotely controlled network of “zombie” computers (or "Botnet") that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam.

September 7, 2007:

Multi stage Botnet

attack on E-bay.

History of Cyber Attacks |

2007

2009

2008

2007

2006

2005

November 12, 2007: RBN disappears from the Internet.

However, their comeback is reported as 3 times as large and is

a viable Internet Mafia today.

June 13, 2007: FBI operation called “Bot Roast.” The FBI goes

after Botnet farms.

November 7, 2007: FBI has a second operation called “Bot Roast II Crackdown.”

History of Cyber Attacks |

FBI Goes After Botnets 2007

2009

2008

2007

2006

2005

August 27: NASA confirmed that a worm was discovered

on laptops on the International Space Station.

November 30: Pentagon computers were hacked by

computer hackers suspected of working from Russia.

History of Cyber Attacks |

2008 —U.S.

2009

2008

2007

2006

2005

August: Georgian and Azerbaijani sites were attacked

by hackers during the 2008 South Ossetia War.

November 27, 2008: Mumbai Terror Attack, Mumbai, India—

Several government-run websites in India and Pakistan

have been defaced.

December 24, 2008: Pakistan group defaced

the Indian Eastern Railway Website.

December 25, 2008: India’s largest bank, the State Bank of India was

hacked by hacker group from Pakistan.

December 27, 2008: Arabic hackers attack Israeli government and

civilian websites as a result of Israel launching military strikes on the

Hamas Infrastructure.

History of Cyber Attacks |

2008 —International Attacks

2009

2008

2007

2006

2005

July 14, 2009: An attacker has defaced the website of Turkey's embassy in

China and left behind a pro-China note as the two countries worked through a

diplomatic spat.

July 4, 2009: Attacks were against U.S. and South Korea governments, news media, and financial websites—series of coordinated cyber attacks

supposedly launched by North Korea; however, evidence has revealed that that attacks were

launched out of Miami via computers from the UK with attribution being unknown.

June 15, 2009: During the 2009 Iranian election protests, foreign

activists seeking to help the opposition engaged in DDoS attacks

against Iran's government.

May 4, 2009: Researchers hijack Botnet, score 56,000 passwords in an hour. The Torpig Botnet was hijacked by the good

guys for ten days earlier this year before its controllers issued an update and took

the Botnet back.

April, 2009: Reports surfaced that China and Russia had infiltrated the U.S.

electrical grid and left behind software programs that could be used to disrupt

the system, according to current and former national security officials.

January 8, 2009: Israeli students developed a program that allows Israeli citizens’ computers to be controlled by

an Israeli Hacker group that targets Pro-Hamas Websites.

March 28, 2009: Ghostnet—a cyber spy network using servers mainly based in China has tapped into classified

documents from government and private organizations in 103 countries, including the computers of Tibetan

exiles,but China denies the claim.

History of Cyber Attacks |

Cyber Attacks 2009

2009

2008

2007

2006

2005

History of Cyber Attacks |

July 4, 2009 DDOS Attack

2009

2008

2007

2006

2005

July 14, 2009: DDOS ATTACK – Botnet Code had the following characteristics:

This attack used a version of My Doom which first surfaced January 26, 2004.

Contained backdoor functionality on the zombified computer. Contained logic bombs. Deleted network analysis tools on the zombified system. It is reported that the code was complied on July 3 and then

released. Since there were many sites being attacked, the motive could

have been to make a statement rather than for extortion.

History of Cyber Attacks |

Hack Highlight 2009

2009

2008

2007

2006

2005

April 23, 2009: DOD reports the theft of F-35 Data —reportedly terabytes of data stolen over the Web.

$26 off-the-Helf software was used by the insurgents to intercept live video feeds

Russian software – SkyGrabber and others

Insurgents Compromise U.S Drones

China Attacks on Google

34 American companies were compromised including Google

Intellectual property was stolen

China denies being involved in the attacks

Zero Day attack on IE 6

Who Defends What?

0.15

0.850000000000001

U.S. Cyber Defense Responsibilities

85% of Internet is privately owned.

What is the Impact of Cyber Warfare?

The financial and economic impact could be as high as $30 billion a day!

Cyber Weapons Low cost to develop Raw materials are not restricted and commonly available Launched from anywhere in the worldIt can strike at the speed of light

$1.5 to $2 billion

$80 to $120 million

What does a stealth bomber cost?

What does a stealth fighter cost?

$1 to $2 millionWhat does a cruise missile cost?

$300 to $50,000What does a cyber weapon cost?

Source http://www.technolytics.com/

Modern Weapons Economics

Nuclear Weapons Facility Cyber Weapons Facility

Where’s the Cyber Weapons Facility?

Source http://www.technolytics.com/

Find the Weapons Facility

Cyber Weapons Capabilities Growth

Who Runs the Show?

Lieutenant General Keith B. Alexander,

USA, Director, National

Security Agency/Chief,

Central Security Service (NSA/CSS)

.MIL .GOV

Greg Shaffer, USA, DHS Assistant Secretary for

Cybersecurity

.COM

Howard Schmidt, USA,

Cyber CzarCyber Security

Coordinator

?

What can I do to help?Stay informed. Join CSFI on LinkedIn.Great resources to stay updated on the latest threats and tendencies in cyberspace, without being overwhelmed: F-Secure: http://www.f-secure.com/en_EMEA/security/security-lab/latest-threats/security-threat-summaries/2009-2.html

US-CERT: http://www.us-cert.gov/cas/tips/

CSFI-CWD Recommends

Questions?