Upload
ricardo
View
216
Download
0
Embed Size (px)
Citation preview
8/17/2019 Cyber Weapon Knowledge on Line
1/32
Preparingfor aCyberAttack
By Kevin G.Coleman
Countdown to eDay!
8/17/2019 Cyber Weapon Knowledge on Line
2/32
Introduction
The world has awakened to a new threat.
China, Russia and North Korea's test of a
cyber weapon, Iran's cyber weapon
ambitions, the renewed defense industry’s
emphasis on the use of computers as aweapon hae all combined to accelerate the
rate of deelopment of what I’e called !the
most destructie weapon on the planet."
The proliferation of cyber weapons hase#ploded and estimates su$$est that oer
%& of countries will hae at least a basic
leel cyber weapon by the end of (&&).
http://images.google.com/imgres?imgurl=http://www.chinese-flag.org/chinese-flag-640.jpg&imgrefurl=http://www.chinese-flag.org/&h=511&w=640&sz=43&hl=en&start=9&sig2=EWFNvH2LCxIcyNbWm_Rhsw&um=1&tbnid=lKPD5rJv4TsFEM:&tbnh=109&tbnw=137&ei=TU6mSNn_BoyWebW68H8&prev=/images?q=China+flag&um=1&hl=en&rlz=1G1GGLQ_ENUS243
8/17/2019 Cyber Weapon Knowledge on Line
3/32
The China *yndrome
8/17/2019 Cyber Weapon Knowledge on Line
4/32
+ it of -istory
Back in 1998 when I was Chief Strategist of
Netscape, I became aware of an international
movement that was designed to create software
that could be used for criminal activit as well as
disrupt Internet activit! "hat was when I began toresearch what we are now calling cber warfare!
I testified on cber crime, espionage and securit
before a #oint Congressional Caucus! $t one pointin m live demo, Chris %odd asked me, &%oes our
%efense %epartment know about ou'(
8/17/2019 Cyber Weapon Knowledge on Line
5/32
Cyber arfare / Cyber Terrorism
Cyber arfare and Terrorism is one of the0fteen modalities of 1nRestricted arfare21R3 also called asymmetric warfare.
– Cyber arfare / Terrorism
• !The premeditated use of disruptie
actiities, or the threat thereof, a$ainst
computers and4or networks, with the
intention to cause harm or further
social, ideolo$ical, reli$ious, political or
similar ob5ecties. 6r to intimidate any
person in furtherance of such
ob5ecties."Source: U.S. Army Cyber Operations and Cyber Terrorism
8/17/2019 Cyber Weapon Knowledge on Line
6/32
Counterfeit-ardware
• 7ebruary (&&) 8 1.*. Customs and order9rotection +ssistant Commissioner for the6:ce of International Trade ;an aldwinand ;irector8uropean Commission Ta# and Customs;irectorate, today announced the resultsof 6peration Infrastructure, which tookplace last Noember and ;ecember.
• The 6peration resulted in the sei?ure ofmore than @A&,&&& counterfeit inte$ratedcircuits and computer networkcomponents bearin$ more than B&dierent trademarks.
6
8/17/2019 Cyber Weapon Knowledge on Line
7/32
Counterfeit-ardware
7ebruary (&&)
The 7eds hae con0scated more than D%E
million of counterfeit Cisco networkin$
$ear. The announcement is in a pro$ress
report on a two8year8old inesti$ation,
code named 6peration Cisco Raider. In
most cases the fake $ear was made in
China and imported into the 1nited *tates
where unethical resellers passed it o as
le$it.
8/17/2019 Cyber Weapon Knowledge on Line
8/32
Impact of a Cyberar
• 6f those who do perform what we consider !daily"actiities online, more than half say they $o onlineeery day or seeral times a week to perform thoseactiities.
• There are about F@ billion emails are sent per day thatwill not $o throu$h.
• Gillions of =oI9 calls per day will not $o throu$h.
• 6er (&& million
8/17/2019 Cyber Weapon Knowledge on Line
9/32
Impact of a Cyberar
• *ome )) of online user say the Internet plays a rolein their daily routines.
• *ome B& of Internet users who $et the news online
say they lo$ on daily.
• *ome (E of the online weather bu$s will checkweather daily.
• *ome (& of online sports fans check sports scoresdaily.
8/17/2019 Cyber Weapon Knowledge on Line
10/32
+ Recent 9oll
Source: A collaborative efort between DeenseTech.Org and theTechnolytics Institte with nearly !"### res$ondents to the $oll.
How prepared is the U.S. for acyber attack?
8/17/2019 Cyber Weapon Knowledge on Line
11/32
Impact of a Cyberar
8/17/2019 Cyber Weapon Knowledge on Line
12/32
Impact of a Cyberar
illion 1.*. Retail eCommerce *ales
That’sDB(Emillion a
day.
8/17/2019 Cyber Weapon Knowledge on Line
13/32
Cyber Gedia arfare
6ne can only ima$ine the psycholo$ical impact on the iewers that witnessedthis prank. The T= channel CT( said that they receied frantic phone calls
from iewers who thou$ht a nuclear war had started. httpH44www.youtube.com4watchJG?aN(#)LcG
8/17/2019 Cyber Weapon Knowledge on Line
14/32
Think +bout This
• hat if the Internet went awayH – 7or a day
– + week
– + month
• No eGails
• No lackerrys
• No eCommerce
Virtual business services of all sortsaccounting payroll and even sales
would co!e to a halt as would !anyco! anies.
8/17/2019 Cyber Weapon Knowledge on Line
15/32
The worst thin$ to do8
There is no doubt today that =oI9 istakin$ oer the telecom market, andeery month increases penetration intobusiness, $oernment and theconsumer sectors.
– +lmost two8thirds of lar$e or$ani?ations in
North +merica will be usin$ =oI9 productsand serices by year end.
–
*mall usiness =oI9 adoption will $row to @million by (&M&. Reenues are pro5ected to
reach D( billion.
– Consumer =oI9 adoption will drie wholesale=oI9 reenues to D@.) billion by (&M&. ou are puttin$ all
your e$$s in one
basket.
8/17/2019 Cyber Weapon Knowledge on Line
16/32
Cyber eapons9roliferation
The cost to deelop this new class of weapon
is within reach of any country, any e#tremist
$roup, any criminal or$ani?ation and tens8of8
millions of indiiduals The raw materials
needed to construct cyber weapons are notrestricted and are widely aailable. e now
hae a weapon that can strike at the speed of
li$ht, it can be launched from anywhere in the
world, and it can tar$et anywhere in the world.
This brie0n$ will proide an understandin$ of
the current state of cyber weapons, current
defenses and a uniue look at what the future
cyber warfare scenario mi$ht encompass.
8/17/2019 Cyber Weapon Knowledge on Line
17/32
our Cyber +ttack IO Test
If I can $ie you three pieces of intelli$ence you didnot hae before, would you a$ree this brie0n$
proided alue
M. hat does >97C and T>;s stand for
(. -ow many of you address CRN> in you contin$ency
plans
@. hy should your or$ani?ations hae supply8chain
inte$rated into the security pro$ram
8/17/2019 Cyber Weapon Knowledge on Line
18/32
Godern eapons>conomics
"#.$ to "% billi
"&' to "#%' !i
hat does a stealth bomber cost
hat does a stealth 0$hter cost
"# to "% !illiohat does an cruise missile cost
"('' to "$'''hat does a cyber weapon cost
8/17/2019 Cyber Weapon Knowledge on Line
19/32
MF
7ind the eapons7acility
)uclear *eapons +acility Cyber *eapons +acility
here’s the Cyber eapons 7acility
8/17/2019 Cyber Weapon Knowledge on Line
20/32
Cyber eapons9roliferation
8/17/2019 Cyber Weapon Knowledge on Line
21/32
Cyber +rms ;ealers
RN and their support units proide scripts and
e#ecutables to make cyber weapons
undetectable by antiirus software. >ery time
a copy of the cyber weapon is $enerated, it
looks dierent to the anti8irus en$ines and itoften $oes undetected. The modulari?ation of
deliery platform and malicious instructions is a
$rowin$ desi$n in cyber weapons. RN’s cyber
weapons are ery popular and powerful. In Pune
(&&%, one was used by a sin$le person to
attack and compromise oer M&,&&& websites in
a sin$le assault.
,id you know -) leases use/capacity on their #$' !illion n
8/17/2019 Cyber Weapon Knowledge on Line
22/32
((
Cyber eapons>olution
L o w
H i g h
Basic
Research
Applied
Research
Early
Adopters
Rapid
Advancement
Significant Threat
199) 1998 *++* *++) *++8 *+1* *+1
asic *eapons
Advanced *eapons
8/17/2019 Cyber Weapon Knowledge on Line
23/32
Interestin$ Ouote
N+T6's cyber defense chief has warned that
computer8based terrorism poses the same
threat to national security as a missile attack.
-e went on to say that !Cyber war can become
a ery eectie $lobal problem because it islow8risk, low8cost, hi$hly eectie and easily
$lobally deployable. It is almost an ideal
weapon that nobody can i$nore.!
1sin$ this as a framework, we can put into
conte#t the eolin$ architecture for cyber
weapons.
8/17/2019 Cyber Weapon Knowledge on Line
24/32
Cyber eapons ;esi$n
Cyber *eapon Architecture
+ missile is comprised of three basic
elements. The 0rst is a deliery ehicle
2rocket en$ine3, followed by a nai$ationssystem 2tells it how to $et to the tar$et3
and 0nally the payload 2the component that
causes harm3. +s it turns out, the same
three elements now appear in the desi$n ofcyber weapons.
8/17/2019 Cyber Weapon Knowledge on Line
25/32
Cyber eapons ;esi$n
Cyber *eapon 0 ,elivery Vehicle
There are numerous methods of delierin$ cyber
weapons to their tar$ets. >mails with malicious
code embedded or attached is one mechanism
of deliery. +nother deliery ehicle is web sites
that can hae malicious links and downloads.
-ackin$ is a manually deliery ehicle that
allows a cyber soldier to place the malicious
payload on a tar$et computer, system ornetwork. Counterfeit hardware, software and
electronic components can also be used as
deliery ehicles for cyber weapons.
8/17/2019 Cyber Weapon Knowledge on Line
26/32
Cyber eapons ;esi$n
Cyber *eapon 0 ,elivery Vehicle
Pust as a nai$ation system $uides a missile, it
allows the malicious payload to reach a speci0c
point inside a computer, system or network.
*ystem ulnerabilities are the primary nai$ationsystems used in cyber weapons. =ulnerabilities
in software and computer system con0$urations
proide entry points for the payload of a cyber
weapon. These security e#posures in operatin$
systems or other software or applications allow
for e#ploitation and compromise. >#ploitation of
these ulnerabilities may allow unauthori?ed
remote access and control oer the system.
8/17/2019 Cyber Weapon Knowledge on Line
27/32
Cyber eapons ;esi$n
Cyber *eapon 0 ,elivery Vehicle
The payload of a missile is sometimes called a
warhead and is packed with some type of
e#plosie. In a cyber weapon the payload could
be a pro$ram that copies information o of thecomputer and sends it to an e#ternal source. It
can also be a pro$ram that be$ins to ease or alter
information stored on the system. 7inally, it can
allow remote access so that the computer can be
controlled or directed oer the internet. + !bot"
2a component of a botnet3 is a $reat e#ample of a
payload that allows remote use of the computer
by an unauthori?ed indiidual or or$ani?ation.
8/17/2019 Cyber Weapon Knowledge on Line
28/32
Cyber eapons ;esi$n
Cyber *eapon 0 Architecture
This three element architecture demonstrates
how adanced and sophisticated cyber
weapons are becomin$. The architecture
creates reusability and recon0$uration of allthree components. +s one software or system
ulnerability is discoered, reported and
patched, that component can be remoed and
replaced while the other two components arestill iable. This not only creates Qe#ibility but
also si$ni0cantly increase the productiity of
the cyber weapons deelopers.
8/17/2019 Cyber Weapon Knowledge on Line
29/32
Conclusion
6ur nation is increasin$ly ulnerable tocyber attacks that could hae catastrophic
eects on critical infrastructure as well as
seerely dama$e the country’s economy.
hether the attack is focused on stealin$our business and technolo$y secrets,
disruptin$ our 0nancial systems or worse,
the threat is real. Countries, terrorists and
e#tremists around the world aredeelopin$ and implementin$ cyber
warfare doctrine, strate$ies and weapons.
8/17/2019 Cyber Weapon Knowledge on Line
30/32
Conclusion
The Cold ar may be oer, but the cyber
arms race has 5ust be$un. The threat is
eminent. e must rapidly deelop
oensie and defensie cyber weapons
capabilities as well as the military doctrineand re$eulations necessary to $oern their
use. In the cyber arms race we cannot
0nish anyplace but 0rst.
8/17/2019 Cyber Weapon Knowledge on Line
31/32
@M
O1>*TI6N*
?
?
??
??
?
??
?
??
?
??
?
? ?
?
?
?
?
?
??
?
?
?
?
?
?
?
? ?
?
?
?
?
?
?
8/17/2019 Cyber Weapon Knowledge on Line
32/32
io$raphy
Kein ye *py Ga$a?ine and
authors the Cyber arfare lo$ for
;efenTech or$
The Technolytics InstituteB&M% ashin$ton Road
Gail *top S@B)
GcGurray, 9+ ME@M%
9 BM(8)M)8%AEA
7 BM(8(FM8MMF@
I www.technolytics.com
>k$colmantechnolytics.com