Upload
heller
View
85
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Keren Elazari, TAU, 17 May 2012. Cyber Terrorism & Hacktivism. Agenda. Introduction Cyber Threat Landscape Basic Terminology, Why distinguish threats Cyber Terrorism & Hacktvism Comparative Analysis Framework Norms & Thresholds - The future?. About Keren. - PowerPoint PPT Presentation
Citation preview
Cyber Terrorism & Hacktivism
Keren Elazari,TAU, 17 May 2012
Agenda
IntroductionCyber Threat LandscapeBasic Terminology, Why distinguish
threatsCyber Terrorism & HacktvismComparative Analysis FrameworkNorms & Thresholds - The future?
About Keren10+ years in cyber security, CISSP June 2012 : Teaching Fellow – Security
at Singularity UniversitySpeaker at security conferences,
including: Y2Hack, Y2Hack04 & ILHack09 in Tel Aviv Keynote - ITBN 2007 Security Day, Budapest Co-Chair IDC Herzelya Cyber Terrorism
Workshop Keynote NATO International Conference on
Cyber Conflict, June 2011 Technical workshop at NATO CyCon , June 2012
Cyber “Personae Dramatis”
Cyber Crime Cyber Terrorism Cyber Warfare
Cyber Espionage ?
Cyber Conflict ? Cyber Terrorism Cyber Warfare
1998, Center for Strategic and International Studies (Washington, D.C.)
Common view of cyber threats
DDoS, Website Defacement
Phishing, Keylogger,Malware, Trojans
APT/ attack on Critical Systems
Cyber Terrorism
Cyber Warfare
Cyber Crime
Hacktivism
Criminal activity in cyber space
State Sponsored
Cyber Terrorism
using Cyber
crime tools
Espionage
Web War one? Estonia in 2007
April 27th, 2007 - preparations to remove Bronze Soldier in Talinn, World War 2 monument to Russian soldiers.
Russian forums publishing tools to carry out DDoS and defacement attacks on gov sites : Estonian President, Prime Minister, Parliament
April 30th, coordinated attack including DDoS - attacks used Botnets from all around the world, and shifted on random intervals to make it difficult to defend against.
May 3rd, the botnets began attacking private sites and servers. Banks in Estonia were shut down, as well as major news sites .
May 9th - Climax of the attacks happens on, Russian anniversary of the end of World War 2
Too Much Confusion
1998, Center for Strategic and International Studies (Washington, D.C.)
Basic Terminology What is Cyber ?
General electronic or computer-related prefix
What is Terror? “violence deliberately used against
civilians in order to achieve political goals”.
What is Cyber Terrorism? “government agencies responsible
for responding to cyber attacks have each created their own definitions.”
Contended definitions & critics
" One man's terrorist in another's freedom fighter“
▪ D.Denning's "Activism, Hacktivism, and Cyberterrorism"▪ International treaties and conventions▪ "cyber terrorism“ = blowing things up
remotely? ??▪ “Hacktivsm”= virtual graffiti/
vandalism? ???
Denning’s Defintion“cyberterrorism,
refers to the convergence of cyberspace and terrorism. It covers politically motivated hacking operations intended to cause grave harm such as
loss of life or severe economic damage.
An example would be penetrating an air traffic control system and causing two planes to collide.
Denning’s Defintion“Cyber terrorism is
the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored
therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
Denning – Cont.
Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear.”
Wikipedia to the Rescue ?
Cyber terrorism : the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.
Cyber Terrorism Vs Hacktivsm
Cyber Terrorism HacktivismThe use of information technology by terrorist groups and individuals to further their agenda. This can include attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic threats made via electronic communication.
Hacktivism is the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development.” promoting expressive politics, free speech, human rights, or information ethics.
Little, or no expenseLittle, or no risk to perpetratorFew participants = big media
impactPotential for damage to a
nation’s resilience, stability and safety
Non lethal attacks = less back lash
Common Asymmetric Advantages
Network connected critical infrastructures (Brazil?)
Disruption of ISP/CSP operational networks
Civilian/commercial information systems – ELAL, Tel Aviv Stock Exchance
Defacement of government/national web sites
Publishing data from sensitive databases to cause embarrassment, confusion and panic “Saudi hacker 0xOmar”
Common Targets
Cyber Terrorism & Global Hacktivism - examples
Website Defacements
517,459.000544,409.000
Amounts of Website Defacements in 2008-2009
Year 2008Year 2009
Website Defacements Motivation
Amounts of Website Defacements in 2008-2009
I just
want to
be th
e best
defac
er
Heh ju
st for
fun!
As a c
hallen
ge
Not av
ailable
Politic
al rea
sons
Patrio
tism
Reven
ge ag
ainst
that w
ebsite
0
50,000
100,000
150,000
200,000
250,000
Year2008Year2009
Cyber Jihad In Numbers
Cyber Jihad – Examples
Turkish-Greek Hacktivsm
Turkish-Greek Hacktivsm
The Hacker Manifesto (1986) “I am a hacker, enter my world...” “rushing through the phone line like heroin
through an addict's veins, an electronic pulse is sent out….”
“This is our world now... the world of the electron and the switch, the beauty of the baud”
Information wants to be free! Hack the planet! My crime is that of curiosity…
Hackers - Defined?
Infamous Hackers of the world
Most-wanted computer criminal in the United States.Kevin Mitnik, arrested 1995
Solar Sunrise 1998 - the Analyzer hacks US DOD Y2Hack : Captain Crunch & Phreaks ( John Draper)
Hacktivism - Anonymous! International groups of Hacktivists Started on 4chan & evolved to global
scaleRepresents a new & chaotic internet
forceTargets: Epileptics, Scientologists,
Pedophiles, PayPal, US GOV, IL GOV, HBGary, the Pope?
Hacktivism - Anonymous! International groups of Hacktivists Started on 4chan & evolved to global
scaleRepresents a new & chaotic internet
forceTargets: Epileptics, Scientologists,
Pedophiles, PayPal, US GOV, IL GOV, HBGary, the Pope?
WikiLeaksWikiLeaks founded 2006 by Julian
Assangepublished secret and classified media
from anonymous sources, leaks, whistleblowers
2010 : “Cable Gate”, Anonymous – “Operation PayBack”
Anonymous
#OpAntiSec
Recent Anonymous operation …
Anonymous Austria@MariaHilfer
Anonymous Austria@MariaHilfer
Anonymous in Museums & Bars?
Tools of the Trade - DDoSPing Flood, Ping of Death, EvilPingWinsmurf, QuickFire, DefendHTTP bomber 1.001bMail BomberAnonymous favorite –
Low Orbit Ion Canon(LOIC) is an open source network stress testing and denial-of-service attack application, written in C#See Also : JS LOIC, Low Orbit Web Cannon
Cyber Threat Analysis Framework
So what do we do?
Know your Enemy - not just
technically
Attribution of Attack remains a
key problem
Intelligence , Investigation tools
and models
Why Distinguish Cyber ThreatsMitigation – just block the IP range? InvestigationProsecution – Estonia & NATO for
exmapleAttribution & Retribution - who do
we targetDeterrence?
Attack Attribution - Who is behind the attacks?
STUXNETDDoS via Botnet
Parameters for Analysis
1. Impact2. Ideology 3. Technical threshold4. Participation threshold5. Operational threshold6. Visibility
Parameters for Analysis
1. Impact on civilians & collateral damage
2. Ideological / Political motivation e.g.:Jihad, Green Hacktivism, White Supremacist , “LolzSec” etc
3. Technical threshold : R&D, Complexity
4. Participation threshold : entry price
5. Operational threshold: Recon, Persistency, Evasion
6. Public Aspect : Is Responsibility claimed?
Parameters for Analysis
Impact on civilians & collateral damage
Terror according to ICT = ?
Almost all Cyber Attacks harm “innocents”
Unnecessary attack on civilian targets could be considered as war crime, when done by state
Parameters - Continued
Ideological / Political motivation: Jihad Green Hacktivism Neo Nazi/White Supremacist Hactivism Anonymous
Parameters - ContinuedParticipation threshold : entry
price Easy as ping 1.2.3.4 –t –w = DDoS
participation Can be done from anywhere in the
world, anytime
Compare with launching an APT or attack of CI:
Hard : infiltrate & exploit ISP, Military or Civilian Critical Infrastructure
may need inside access, Use unique targeting tools (e.g. for
SCADA)
Parameters - Continued
Technical threshold : R&D, Complexity Use of Zero Day Exploits requires strong
R&D base, funding For complex attacks (APT) in depth
technical knowledge of the target is required
Parameters - Continued
Operational threshold: Reconnaissance phases Persistency Evasion techniques Post mortem and lesson learning
Parameters - Continued
Public Aspect : Is Responsibility claimed?
More Comparison Parameters Perpetrated by Intended Target /
Victim Goal of attack Consequence scope “Visibility” R&D Threshold :
Required budget, tools and know how
Goal of attack Participation in the
attack
Non Trivial Problems
National security & Cyber Jihad
Cyber Terrorism - Strategic or Tactical?
Cyber crime and cyber terrorism together
State sponsored cyber terrorism
Future - Norms and thresholdsRetribution threshold – what makes
an attack revenge worthy? Who decides?
Is Deterrence in cyberspace even possible?
Cyber threats from Non-state actors – rules of engagement?
Is a global Treaty, or Norm even possible?
On the national scale: Criminal prosecution of attackers - according
to various Computer Fraud and Abuse Act LEA need authority, know how , and tools to
collect digital evidence and conduct investigation across country border
Nation-wide regulation to protect Cis and CSPs Attacked organizations : sector specific
regulation, e.g. Energy Sector, Finanical sector , mandated reporting to CERT/ISAC
End users / Victims : increase “Cyber Hygene”
Legal/ Regulatory remedies ?
International Treaties & Norms European Convention on Cyber Crime▪ Legal framework for criminal law standards▪ Cooperation framework for computer crime
investigation▪ Procedural framework for cross-country cease
& investigate digital evidence (The future) conventions on cyber
warfare?
Legal/ Regulatory remedies ?
Cyber Terrorism – Bombs are next?
“At least for now, hijacked vehicles, truck bombs, and biological weapons seem to pose a greater threat than cyber terrorism. However, just as the events of September 11 caught us by surprise, so could a major cyber assault. We cannot afford to shrug off the threat.” Prof. Dorothy Denning, November 1, 2001
Summary and conclusions
The definition of Terror itself is contended
The line between Cyber Terrorism and Hacktivism is blurry, grey and crossed often
Analysis of each attack and incident ?
A new breed of “Cyber analysts” is born
Questions?
Bibliography & Key sources
Proceedings of the IDC Herzelya Cyber Terrorism Workshop , November 2010
Dorothy E. Denning,"Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, Georgetown University June 8, 2001
Trachtman, Joel P., 2004. ‘Global Cyberterrorism, Jurisdiction, and International Organization’, http://ssrn.com/abstract=566361.