A

Seminar Report

for

Cyber Warfare & Terrorism

in partial fulfillment

for the award of the Degree of

Bachelors of Technology

in Department of

Computer Science & Engineering

Submitted To: Submitted By:

Ms. Sapna Kumari Charchit Taneja

Lecturer 11EIACS026

CS Department CSE A Batch

IET Alwar

Department of Computer Science & Engineering

Institute of Engineering and Technology

Alwar

February, 2014

i

Candidates Declaration

I hereby declare that the work, which is being presented in this report, entitled Cyber

Warfare & Terrorism in partial fulfillment for the award of Degree of Bachelor of

Technology in department of Computer Science & Engineering, Institute of Engineering

and Technology, Alwar affiliated to, Rajasthan Technical University is a record of my

own investigations carried under the Guidance of Ms. Sapna Kumari, Department of

Computer Science & Engineering, IET Alwar.

I have not submitted the matter presented in this report anywhere for the award of any other

Degree.

Charchit Taneja

11EIACS026

Computer Science

Counter Signed by

Ms. Sapna Kumari

Lecturer

Computer Science Dept. IET

ii

Abstract

As long as nations rely on computer networks as a foundation for military and economic power

and as long as such computer networks are accessible to the outside, they are at risk. Hackers can

steal information, issue phony commands to information systems to cause them to malfunction,

and inject phony information to lead men and machines to reach false conclusions and make bad

(or no) decisions.

Yet system vulnerabilities do not result from immutable physical laws. They occur because of a

gap between theory and practice. In theory, a system should do only what its designers and

operators want it to. In practice, it does exactly what its code (and settings) tells it to. The difference

exists because systems are complex and growing more so.

In all this lies a saving grace. Errors can be corrected, especially if cyber-attacks expose

vulnerabilities that need attention. The degree to which and the terms by which computer networks

can be accessed from the outside (where almost all adversaries are) can also be specified.

There is, in the end, no forced entry in cyberspace. Whoever gets in enters through pathways

produced by the system itself. It is only a modest exaggeration to say that organizations are

vulnerable to cyber-attack only to the extent they want to be. In no other domain of warfare can

such a statement be made.

iii

Acknowledgement

It is a matter of great pleasure and privilege for us to present this seminar report on our project,

Cyber Warfare & Terrorism that we had developed for fulfillment of our Bachelor of

Technology in Computer Science and Engineering.

I have received enormous help, guidance and advice from many people and we feel that it will be

not be right to mention a line about at least some of them. The author would like to express their

utmost gratitude to the Institute of Engineering and Technology, Alwar for providing

opportunity to author to pursue for the degree of Bachelor of Technology.

I am grateful to our chairman Dr. V.K. Agarwal for providing me the opportunity to study in this

institution as well as providing us with all the necessary facilities.

Our principal Dr. Anil Kumar Sharma has been source of inspiration to us in our work sincerely.

I am also thankful to Dr. S. K. Singh (H.O.D., CSE) for their encouragement and guidance. Their

words of encouragement led us to finish our work successfully.

I am also thankful to my project guide Ms. Sapna Kumari and also to all faculty members of

Computer Science & Engineering and Information Technology Department and all other for help

given to us directly or indirectly for the success of this project.

Charchit Taneja Roll No. 11EIACS026

iv

Table of Contents

Candidates Declaration ................................................................................................................... i

Abstract ........................................................................................................................................... ii

Chapter 1 ......................................................................................................................................... 1

1. Introduction ............................................................................................................................. 1

Chapter 2 ......................................................................................................................................... 4

2.1 Types of Cyber Warfare........................................................................................................ 4

2.1.1 Vandalism ...................................................................................................................... 4

2.1.2 Propaganda ......................................................................................................................... 5

2.1.3 Denial Of Services ......................................................................................................... 6

2.1.4 Network Based Attacks against Infrastructure .............................................................. 8

2.1.5 Non-Network Based Attacks against Infrastructure .................................................... 10

2.2 Phishing Techniques ........................................................................................................... 11

2.2.1 Link Manipulation ....................................................................................................... 11

2.2.2 Filter Evasion ............................................................................................................... 12

2.2.3 Website Forgery ........................................................................................................... 13

2.2.4 Phone Phishing............................................................................................................. 13

2.2.5 Covert Redirect ............................................................................................................ 14

v

2.2.6 Other Techniques ......................................................................................................... 14

Chapter 3 ....................................................................................................................................... 16

Conclusion ................................................................................................................................ 16

Chapter 4 ....................................................................................................................................... 17

References ................................................................................................................................. 17

1

Chapter 1

1. Introduction

Cyber war is a form of war which takes places on computers and the Internet, through electronic

means rather than physical ones. Cyber-warfare, as it is also known, is a growing force in the

international community, and many nations regularly run cyber war drills and games so that they

are prepared for genuine attacks from their enemies. With an increasing global reliance on

technology for everything from managing national electrical grids to ordering supplies for troops,

cyber war is a method of attack which many nations are vulnerable to.

In cyber war, people use technological means to launch a variety of attacks. Some of these attacks

take a very conventional form. Computers can be used, for example, for propaganda, espionage,

and vandalism. Denial of service attacks can be used to shut down websites, silencing the enemy

and potentially disrupting their government and industry by creating a distraction. Cyber war can

also be utilized to attack equipment and infrastructure, which is a major concern for heavily

industrialized nations which rely on electronic systems for many tasks.

Using advanced skills, people can potentially get backdoor access to computer systems which hold

sensitive data or are used for very sensitive tasks. A skilled cyber warrior could, for example,

interrupt a nation's electrical grid, scramble data about military movements, or attack government

computer systems. Stealthier tactics might involve creating systems which can be used to

continually gather and transmit classified information directly into the hands of the enemy or using

viruses to interrupt government computer systems.

As with other forms of warfare, each development in cyber war leads nations to develop numerous

counterattacks and defenses to protect themselves, and these developments spur enemies on to

create more sophisticated attack options. The arms race of the computer world makes it impossible

for nations to stop investing in cyber war research. Civilian computing actually benefits from some

research, as governments may release safety patches and other techniques to civilians to keep them

safe from attacks over the Internet and through computer systems.

2

For warriors, cyber warfare is significantly less deadly than conventional war, because people can

be located far from the front lines in heavily secured facilities. Cyber warriors are active in many

regions of the world, continuously scanning computer systems for signs of infiltrations and

problems, and proactively addressing issues like propaganda. Students in military colleges can

choose cyber war as a focus and area of specialty, and rival colleges often hold competitive games

and challenges with each other to test their cyber warriors. The emergence of cyberspace adds an

additional dimension to warfare: with and without clashes of traditional troops and machines of

war. Cyber warfare is often defined as major disruptions to critical infrastructure. However, this is

the least likely outcome. Attacking a nation via the Internet will have extreme consequences to the

attacker as well as collateral global damage. No nation-including both public and private

infrastructure-is immune from attack.

Cyber warfare occurs continuously across cyberspace connections, resulting in minor disruptions,

website defacement, theft of national defense information, and intellectual property theft. As

Michael Riley and Ben Elgen write in China's Cyberspies Outwit Model for Bond's Q, China is

one country that is actively invading U.S. infrastructure, stealing defense secrets, and walking

away with industrial technology useful in narrowing industrial and military gaps. According to

The Economist, "Some experts believe that such thefts have cost hundreds of billions of dollars in

stolen R&D" (para. 2). While some of this is simply related to criminal activity, much of it is

attributable to nation-sponsored espionage.

A country or group does not need a strong military or economy to wage warfare against industrial

powers. Sreeram Chaulia writes in Cyber warfare is the new threat to the global order,

"Cyber war capacities are not the domain of only big guns like China and the U.S. They are

spreading horizontally to middle and even minor powers" (para. 5).

Anyone with the right tools and legal/political environment can launch attacks against large or

small targets, regardless of how may guns and tanks the objective has. Table B lists several

characteristics of current cyber threats.

3

Table A

4

Chapter 2

2.1 Types of Cyber Warfare

There are many different kinds of cyber-warfare attacks. Check out the pages below to read more

information about each type of cyber-warfare attack.

Vandalism

Propaganda

Denial of Service

Network Attacks Against Infrastructure

Non-Network Attacks Against Infrastructure

2.1.1 Vandalism

Definition

Web vandalism is characterized by website defacement and/or denial-of-service attacks.

Details

Website defacement is the most common form of web vandalism, so both terms are used

interchangeably throughout this wiki. Denial-of-Service (DoS) attacks are further examined in its

own page on this wiki.

Website defacement is a major threat to many internet-enabled businesses. It negatively affects the

public image of the company. Companies may suffer from loss of customers.

How does website defacement work?

1. Find a username (e.g., by posing as administrator and calling an employee; administrator

information can be retrieved from a whois database)

2. Retrieve the password for that username (e.g., brute-force)

3. Obtain administrative privileges

5

4. Begin defacing the website (and install a backdoor)

How to defend against website defacement?

Avoid using the server as a client (e.g., web browser)

Remove buffer overflow vulnerabilities in your programs

Use a different user(s) other than root for managing the website contents

Enable access logs

Update

2.1.2 Propaganda

Definition

Propaganda is deliberate collection of messages intended to influence the opinions and actions of

large numbers of people. The information provided in these messages is not done so impartially

or necessarily truthfully, as the basic purpose of propaganda is to influence the audience towards

the side of the propagandist.

Propaganda is the deliberate, systematic attempt to shape perceptions, manipulate cognitions, and

direct behavior to achieve a response that furthers the desired intent of the propagandist. Garth

S. Jowett and Victoria O'Donnell, Propaganda And Persuasion

Importance

Propaganda is a powerful recruiting tool. The web provides a way in which propaganda can be

quickly and cheaply disseminated. The cost of publishing propaganda may simply be a web-

hosting fee. Through the use of the web's video and file-sharing sites along with social networking

sites, propaganda can reach large audiences in a very short manner of time.

6

Terrorism

Terrorist group Al-Qaeda uses their media arm, As-Sahab, to spread the groups propaganda. As-

Sahab releases audio and video messages through the web, and is doing so at a growing rate (one

video every six days in 2006, one video every three days in 2007). The production quality of the

videos have also increased, with current videos having sets that would not appear out of place on

American news shows like 60 Minutes.

Terrorist groups are also recruiting computer-savvy jihadists to produce sophisticated web videos

and other multimedia products. In one case, a militant group in Iraq advertised a website design

competition where the prize was the chance to fire three remote-controlled missiles at an American

army base in Iraq. Similarly, the Global Islamic Media Front has posted on radical Islamic websites

advertisements asking for job applications for a variety of posts for a jihadist-perspective weekly

video bulletin.

2.1.3 Denial Of Services

Definition

A denial of service attack is an attempt to consume all of an available resource in order to keep

that resource from its intended users.

More Information

The denial of service attack is one of the most common attacks on the Internet. Its use is so

widespread because it is relatively easy to implement and it is very difficult to defend against.

Generally, an attacker creates a flood of bogus requests to a service, ignoring the results. The server

is bogged down by the large number of incoming requests, taking a long time to handle both the

fraudulent requests and any legitimate requests that come in during the attack. In extreme cases,

the server will not be able to handle the strain of the incoming connections and will crash,

permanently breaking the server until it is manually restarted. A denial of service attack may also

consist of a request which is crafted to exploit a specific vulnerability in the server, causing it to

crash without requiring a large number of requests.

7

There are many kinds of denial of service attacks. We will go over some of them below.

A smurf attack is a denial of service attack based on creating a large flow of traffic to the targeted

machine. The attacker sends a "ping" packet to a broadcast address on the network; this broadcast

address is a special IP address which specifies all of the computers in a given network.

Additionally, the ping packet is forged to have its source IP address set to be the source IP of the

targeted computer. Each of the computers which receives the ping packet sends a "pong" packet

to the targeted computer; thus an attacker is able to multiply the amount of network traffic he can

create to a target by the number of machines on a network vulnerable to this technique.

Ping flooding is sending a large number of ping packets to a target computer. Other than

consuming the victim's bandwidth, unless the target computer is configured properly it will also

respond to each ping packet with a pong packet, wasting CPU time as well as network bandwidth.

A SYN flood is an attack based on sending forged TCP/IP connection requests to the target

computer. The target computer opens a connection and responds with a handshake SYN/ACK

packet, awaiting an ACK packet from the remote attacker. Because the original request was forged,

however, the SYN/ACK is received by no one in particular and thus the request will remain open

on the victim's computer until it times out. This used to be a very useful attack: in 1996, for

example, the most common TCP implementation had an "awaiting response" queue only eight

entries long, and a timeout of three minutes. An attacker could completely remove a server's ability

to respond to legitimate clients by sending eight packets every three minutes!

A distributed denial of service attack is a denial of service attack which uses many computers

in order to consume the target computer's bandwidth. This is a class of attacks rather than a single

attack technique; smurf attacks, above, are an example of a distributed denial of service attacks.

Ping flooding and SYN flooding can also be implemented as distributed denial of service attacks.

Most denial of service attacks today are distributed, for the simple reason that modern defenses

make it easy to block all traffic coming from a single source. Distributed attacks are also

advantageous for resource-consumption attacks; the more computers you have consuming

resources, the easier it is to consume all of the resource.

8

Defenses

Defending against denial of service attacks is notoriously difficult. While a single-source attack

can be blocked simply by ignoring the attacking computer, a distributed attack cannot be blocked

so easily: with many computer requesting resources, it is difficult to detect (and ignore) each

attacking computer. In pathological cases, the number of attacking computers may be increasing

faster than these computer can be blocked, even with an automated detection solution!

Defending against distributed denial of service attacks is largely a matter of proper router

configuration on a level beyond that of the victim's control; even if you can ignore every fraudulent

request, it still takes some computing power to determine the validity of each request, and many

distributed attacks are on such a scale that even that little loss of computing power is enough to

completely shut down the target's computer. However, higher-level routing solutions are possible.

Smurf attacks, for example, can be defended against if computers configure themselves not to

respond to ping packets sent to broadcast addresses; alternatively, the routers can be configured to

not pass along ping packets which are sent to broadcast addresses. SYN flooding has become much

less useful in recent years as more and more modern implementations remove arbitrary limits on

the number of open connections.

Solving a denial of service attack often requires the cooperation of the administrators of individual

systems and administrators of ISPs or internet backbones. The defenders must react to each new

attack, determining the proper way to configure their routers so that valid packets are allowed

through while fraudulent requests are automatically blocked.

2.1.4 Network Based Attacks against Infrastructure

Definition

As in conventional warfare, critical infrastructure serves as a target to cyber attacks. Although

often regarded as the most severe type of cyber attack that includes power, water, fuel,

communications, and transportation, few critical infrastructure attacks have been perpetrated to

9

this day. Previously, it was thought that the worst a network based attack could do was denial of

service. As recently as this year however, hackers were able to inflict physical damage on

machinery.

1) Power, Water, Fuel

Electrical power, water, and fuel supplies are at the core of a country's infrastructure. The

disruption of any of these services would have a chain reaction effect and cause severe

repercussions. Many of these critical infrastructure pieces are owned and operated by private

companies in the United States. For efficiency and cost saving purposes, the control systems of

power plants, water pump stations, and fuel lines have been networked and can be controlled

remotely. This opens the possibility of an attacker gaining access and taking control.

Economist Scott Borg, who produces security-related data for the federal government, projects

that if a third of the country lost power for three months, the economic price tag would be $700

billion.

"its equivalent to 40 to 50 large hurricanes striking all at once," Borg said. Its greater economic

damage than any modern economy ever suffered. It's greater than the Great Depression. It's

greater than the damage we did with strategic bombing on Germany in World War II."

2) Communications

Nearly all telephone calls are routed at some point through an IP network. This fact, along with

the increasing use of pure VOIP calling subjects telephone communications to the same attacks

that have plagued data networks since their inception.

3) Transportation

Traffic Control

In major metropolitan areas such as Los Angeles, traffic lights are monitored and controlled from

a central location.

10

"ATSAC is a computer-based traffic signal control system that monitors traffic conditions and

system performance, selects appropriate signal timing (control) strategies, and performs equipment

diagnostics and alert functions. Sensors in the street detect the passage of vehicles, vehicle speed,

and the level of congestion. This information is received on a second-by-second (real-time) basis

and is analyzed on a minute-by-minute basis at the ATSAC Operations Center"

With central control and networking comes the chance that an outsider will gain access. Two

engineers were recently arrested for tampering with the traffic system in Los Angeles during a

union protest. Four days were needed to restore the signals.

Air Traffic Control

Another transportation system connected via a network is the air traffic control system employed

at hundreds of airports nationwide. As far back as 1997, the first case of an attack on air traffic

control systems was reported

"As a result of a series of commands sent from the hacker's personal computer, vital services to

the FAA control tower were disabled for six hours in March of 1997."

2.1.5 Non-Network Based Attacks against Infrastructure

Electromagnetic Pulse

Equipment disruption can also occur from non-computerized attacks. An Electromagnetic Pulse

(EMP) occurs after a nuclear device is detonated, and disables all electronic devices within range.

However EMPs can also be generated without a nuclear explosion. Non-nuclear EMPs can be

loaded in cruise missiles or as the payload of bombs and cause widespread equipment failure

Submarine Cable Disruption

The majority of inter-continental telecommunications traffic is carried by undersea cable

connecting all the continents except Antarctica. In early 2008 there was a series of submarine cable

11

disruptions that affected much of the Middle East and India. Egypt suffered a disruption of 70%

of their internet traffic and India suffered up to 60% disruption. Other countries such as Bahrain,

Bangladesh, Kuwait, Pakistan, Saudi Arabia, and United Arab Emirates were also affected to

varying degrees. In total over 80 million Internet users were affected.

Although none of these disruptions appear to be intentional or malicious in nature, the disruptions

do suggest that a physical attack against undersea cables could be used to disrupt an enemys

communications.

Anti-Satellite Weapon

Satellites represent an important part of modern warfare, whether they are spy or

telecommunications satellites. Disrupting or destroying an enemys satellite has the potential to

hinder intelligence and communication which are two important aspects of waging war.

Three countries, the United States, China, and the former U.S.S.R. are known to have developed

anti-satellite missiles. In 1985 the Unites States successfully shot down a failing scientific satellite,

which was the only satellite to have been shot down until 2007. Then in January 2007 China

successfully shot down a defunct weather satellite. The United States then shot down a satellite

that was decaying from orbit in February 2008.

Although no country has shot down an enemys satellite, these events demonstrate the ability of

China and the United States (and possibly Russia) to shoot down a satellite, which could be quite

a blow when waging cyber-warfare in the context of a war.

Cyber war can also be termed in Phishing and many malware practices over the internet.

2.2 Phishing Techniques

2.2.1 Link Manipulation

Most methods of phishing use some form of technical deception designed to make a link in an

email (and the spoofed website it leads to) appear to belong to the spoofed organization.

12

Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following

example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to

the example section of the yourbank website; actually this URL points to the "yourbank" (i.e.

phishing) section of the example website. Another common trick is to make the displayed text for

a link (the text between the tags) suggest a reliable destination, when the link actually goes

to the phishers' site. The following example link, http://en.wikipedia.org/wiki/Genuine, appears to

direct the user to an article entitled "Genuine"; clicking on it will in fact take the user to the article

entitled "Deception". Many email clients or web browsers will show previews of where a link will

take the user in the bottom left of the screen, while hovering the mouse cursor over a link. This

behaviour, however, may in some circumstances be overridden by the phisher.

A further problem with URLs has been found in the handling of Internationalized domain

names (IDN) in web browsers, that might allow visually identical web addresses to lead to

different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN

spoofing or homograph attack, phishers have taken advantage of a similar risk, using open URL

redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted

domain. Even digital certificates do not solve this problem because it is quite possible for a phisher

to purchase a valid certificate and subsequently change content to spoof a genuine website, or, to

host the phish site without SSL at all.

2.2.2 Filter Evasion

Phishers have even started using images instead of text to make it harder for anti-phishing filters

to detect text commonly used in phishing emails. However, this has led to the evolution of more

sophisticated anti-phishing filters that are able to recover hidden text in images. These filters use

OCR (optical character recognition) to optically scan the image and filter it.

13

Some anti-phishing filters have even used IWR (intelligent word recognition), which is not meant

to completely replace OCR, but these filters can even detect cursive, hand-written, rotated

(including upside-down text), or distorted (such as made wavy, stretched vertically or laterally, or

in different directions) text, as well as text on colored backgrounds (such as in this case, where

you can see the otherwise unfilterable text, if it weren't for IWR.)

2.2.3 Website Forgery

Once a victim visits the phishing website, the deception is not over. Some phishing scams

use JavaScript commands in order to alter the address bar. This is done either by placing a picture

of a legitimate URL over the address bar, or by closing the original bar and opening up a new one

with the legitimate URL.

An attacker can even use flaws in a trusted website's own scripts against the victim. These types

of attacks (known as cross-site scripting) are particularly problematic, because they direct the user

to sign in at their bank or service's own web page, where everything from the web address to

the security certificates appears correct. In reality, the link to the website is crafted to carry out the

attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in

2006 against PayPal.

A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-

use interface that allows a phisher to convincingly reproduce websites and capture log-in details

entered at the fake site.

To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun

to use Flash-based websites (a technique known as phlashing). These look much like the real

website, but hide the text in a multimedia object.

2.2.4 Phone Phishing

Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users

to dial a phone number regarding problems with their bank accounts. Once the phone number

(owned by the phisher, and provided by a Voice over IP service) was dialled, prompts told users

14

to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID

data to give the appearance that calls come from a trusted organization.

2.2.5 Covert Redirect

"Wang Jing, a School of Physical and Mathematical Sciences Ph.D. student at the Nanyang

Technological University in Singapore, discovered that the serious vulnerability "Covert Redirect"

flaw can masquerade as a log-in popup based on an affected site's domain. Covert Redirect is based

on a well-known exploit parameter."

"Normal phishing attempts can be easy to spot, because the malicious page's URL will usually be

off by a couple of letters from that of the real site. The difference with Covert Redirect is that an

attacker could use the real website instead by corrupting the site with a malicious login popup

dialogue box." So, Covert Redirect is a perfect phishing method.

Once the user login, the attacker could get the personal data, which in the case of Facebook, could

include the email address, birth date, contacts, work history, etc.

But, if in case the token has greater privilege, the attacker could obtain more sensitive

information including the mailbox, friends list, online presence and most possibly even operate

and control the users account.

"The general consensus, so far, is that Covert Redirect is not as bad, but still a threat.

Understanding what makes it dangerous requires a basic understanding of Open Redirect, and how

it can be exploited."

2.2.6 Other Techniques

Another attack used successfully is to forward the client to a bank's legitimate website,

then to place a popup window requesting credentials on top of the page in a way that makes

many users think the bank is requesting this sensitive information.

One of the latest phishing techniques is tabnabbing. It takes advantage of tabbed browsing,

which uses multiple open tabs, that users use and silently redirects a user to the affected

15

site. This technique operates in reverse to most phishing techniques that it doesn't directly

take you to the fraudulent site, but instead phishers load their fake page in one of your open

tabs.

Evil twins is a phishing technique that is hard to detect. A phisher creates a fake wireless

network that looks similar to a legitimate public network that may be found in public places

such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network,

fraudsters try to capture their passwords and/or credit card information.

16

Chapter 3

Conclusion

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit

card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an

electronic communication.

Phishing is a very big problem now a days and it has to be stopped. To stop phishing and beware

from the effects of phishing government is working and making such laws and rules which will

help in fighting with this phishing.

17

Chapter 4

References

1. http://en.wikipedia.org/wiki/Phishing

2. http://www.webopedia.com/TERM/P/phishing.html

3. http://searchsecurity.techtarget.com/definition/phishing

4. http://computer.howstuffworks.com/phishing.htm