10+ years in cyber security, CISSP June 2012 : Teaching Fellow
Security at Singularity University Speaker at security conferences,
including: Y2Hack, Y2Hack04 & ILHack09 in Tel Aviv Keynote -
ITBN 2007 Security Day, Budapest Co-Chair IDC Herzelya Cyber
Terrorism Workshop Keynote NATO International Conference on Cyber
Conflict, June 2011 Technical workshop at NATO CyCon, June
2012
Slide 4
Cyber Crime Cyber Terrorism Cyber Warfare Cyber Espionage ?
Cyber Conflict ? Cyber Terrorism Cyber Warfare 1998, Center for
Strategic and International Studies (Washington, D.C.)
Slide 5
DDoS, Website Defacement Phishing, Keylogger, Malware, Trojans
APT/ attack on Critical Systems Cyber Terrorism Cyber Warfare Cyber
Crime
Slide 6
Cyber Warfare Cyber Terrorism Hacktivism Criminal activity in
cyber space State Sponsored Cyber Terrorism using Cyber crime tools
Espionage
Slide 7
April 27th, 2007 - preparations to remove Bronze Soldier in
Talinn, World War 2 monument to Russian soldiers. Russian forums
publishing tools to carry out DDoS and defacement attacks on gov
sites : Estonian President, Prime Minister, Parliament April 30th,
coordinated attack including DDoS - attacks used Botnets from all
around the world, and shifted on random intervals to make it
difficult to defend against. May 3rd, the botnets began attacking
private sites and servers. Banks in Estonia were shut down, as well
as major news sites. May 9th - Climax of the attacks happens on,
Russian anniversary of the end of World War 2
Slide 8
1998, Center for Strategic and International Studies
(Washington, D.C.)
Slide 9
What is Cyber ? General electronic or computer-related prefix
What is Terror? violence deliberately used against civilians in
order to achieve political goals. What is Cyber Terrorism?
government agencies responsible for responding to cyber attacks
have each created their own definitions.
Slide 10
" One man's terrorist in another's freedom fighter D.Denning's
"Activism, Hacktivism, and Cyberterrorism" International treaties
and conventions "cyber terrorism = blowing things up remotely? ??
Hacktivsm= virtual graffiti/ vandalism? ???
Slide 11
cyberterrorism, refers to the convergence of cyberspace and
terrorism. It covers politically motivated hacking operations
intended to cause grave harm such as loss of life or severe
economic damage. An example would be penetrating an air traffic
control system and causing two planes to collide.
Slide 12
Cyber terrorism is the convergence of cyberspace and terrorism.
It refers to unlawful attacks and threats of attacks against
computers, networks and the information stored therein when done to
intimidate or coerce a government or its people in furtherance of
political or social objectives.
Slide 13
Further, to qualify as cyber terrorism, an attack should result
in violence against persons or property, or at least cause enough
harm to generate fear.
Slide 14
Cyber terrorism : the use of Internet based attacks in
terrorist activities, including acts of deliberate, large-scale
disruption of computer networks, especially of personal computers
attached to the Internet, by the means of tools such as computer
viruses.
Slide 15
Cyber TerrorismHacktivism The use of information technology by
terrorist groups and individuals to further their agenda. This can
include attacks against networks, computer systems and
telecommunications infrastructures, or for exchanging information
or making threats electronically. Examples are hacking into
computer systems, introducing viruses to vulnerable networks, web
site defacing, Denial-of-service attacks, or terroristic threats
made via electronic communication. Hacktivism is the nonviolent use
of illegal or legally ambiguous digital tools in pursuit of
political ends. These tools include web site defacements,
redirects, denial-of-service attacks, information theft, web site
parodies, virtual sit-ins, virtual sabotage, and software
development. promoting expressive politics, free speech, human
rights, or information ethics.
Slide 16
Little, or no expense Little, or no risk to perpetrator Few
participants = big media impact Potential for damage to a nations
resilience, stability and safety Non lethal attacks = less back
lash Common Asymmetric Advantages
Slide 17
Network connected critical infrastructures (Brazil?) Disruption
of ISP/CSP operational networks Civilian/commercial information
systems ELAL, Tel Aviv Stock Exchance Defacement of
government/national web sites Publishing data from sensitive
databases to cause embarrassment, confusion and panic Saudi hacker
0xOmar
Slide 18
Cyber Terrorism & Global Hacktivism - examples
Slide 19
Slide 20
Slide 21
Slide 22
Cyber Jihad Examples
Slide 23
Slide 24
Slide 25
Slide 26
Slide 27
I am a hacker, enter my world...hacker rushing through the
phone line like heroin through an addict's veins, an electronic
pulse is sent out. This is our world now... the world of the
electron and the switch, the beauty of the baud Information wants
to be free! Hack the planet! My crime is that of curiosity
Slide 28
Slide 29
Most-wanted computer criminal in the United States. Kevin
Mitnik, arrested 1995 Solar Sunrise 1998 - the Analyzer hacks US
DOD Solar Sunrise 1998 - the Analyzer hacks US DOD Y2Hack : Captain
Crunch & Phreaks ( John Draper)
Slide 30
International groups of Hacktivists International groups of
Hacktivists Started on 4chan & evolved to global scale
Represents a new & chaotic internet force Targets: Epileptics,
Scientologists, Pedophiles, PayPal, US GOV, IL GOV, HBGary, the
Pope?
Slide 31
International groups of Hacktivists International groups of
Hacktivists Started on 4chan & evolved to global scale
Represents a new & chaotic internet force Targets: Epileptics,
Scientologists, Pedophiles, PayPal, US GOV, IL GOV, HBGary, the
Pope?
Slide 32
WikiLeaks founded 2006 by Julian Assange published secret and
classified media from anonymous sources, leaks, whistleblowers 2010
: Cable Gate, Anonymous Operation PayBack 2010 : Cable Gate,
Anonymous Operation PayBack
Slide 33
Slide 34
Slide 35
Slide 36
Slide 37
Slide 38
Slide 39
Slide 40
Ping Flood, Ping of Death, EvilPing Winsmurf, QuickFire, Defend
HTTP bomber 1.001b Mail Bomber Anonymous favorite Low Orbit Ion
Canon (LOIC) is an open source network stress testing and
denial-of-service attack application, written in C# See Also : JS
LOIC, Low Orbit Web CannonLow Orbit Ion Canon
Slide 41
Cyber Threat Analysis Framework
Slide 42
Know your Enemy - not just technically Attribution of Attack
remains a key problem Intelligence, Investigation tools and
models
Slide 43
Mitigation just block the IP range? Investigation Prosecution
Estonia & NATO for exmaple Attribution & Retribution - who
do we target Deterrence?
1. Impact on civilians & collateral damage 2. Ideological /
Political motivation e.g.: Jihad, Green Hacktivism, White
Supremacist, LolzSec etc 3. Technical threshold : R&D,
Complexity 4. Participation threshold : entry price 5. Operational
threshold: Recon, Persistency, Evasion 6. Public Aspect : Is
Responsibility claimed?
Slide 47
Parameters for Analysis Impact on civilians & collateral
damage Terror according to ICT = ? Almost all Cyber Attacks harm
innocents Unnecessary attack on civilian targets could be
considered as war crime, when done by state
Slide 48
Parameters - Continued Ideological / Political motivation:
Jihad Green Hacktivism Neo Nazi/White Supremacist Hactivism
Anonymous
Slide 49
Parameters - Continued Participation threshold : entry price
Easy as ping 1.2.3.4 t w = DDoS participation Can be done from
anywhere in the world, anytime Compare with launching an APT or
attack of CI: Hard : infiltrate & exploit ISP, Military or
Civilian Critical Infrastructure may need inside access, Use unique
targeting tools (e.g. for SCADA)
Slide 50
Parameters - Continued Technical threshold : R&D,
Complexity Use of Zero Day Exploits requires strong R&D base,
funding For complex attacks (APT) in depth technical knowledge of
the target is required
Slide 51
Parameters - Continued Operational threshold: Reconnaissance
phases Persistency Evasion techniques Post mortem and lesson
learning
Slide 52
Parameters - Continued Public Aspect : Is Responsibility
claimed?
Slide 53
Perpetrated by Intended Target / Victim Goal of attack
Consequence scope Visibility R&D Threshold : Required budget,
tools and know how Goal of attack Participation in the attack
Slide 54
National security & Cyber Jihad Cyber Terrorism - Strategic
or Tactical? Cyber crime and cyber terrorism together State
sponsored cyber terrorism
Slide 55
Retribution threshold what makes an attack revenge worthy? Who
decides? Is Deterrence in cyberspace even possible? Cyber threats
from Non-state actors rules of engagement? Is a global Treaty, or
Norm even possible?
Slide 56
On the national scale: Criminal prosecution of attackers -
according to various Computer Fraud and Abuse Act LEA need
authority, know how, and tools to collect digital evidence and
conduct investigation across country border Nation-wide regulation
to protect Cis and CSPs Attacked organizations : sector specific
regulation, e.g. Energy Sector, Finanical sector, mandated
reporting to CERT/ISAC End users / Victims : increase Cyber
Hygene
Slide 57
International Treaties & Norms European Convention on Cyber
Crime Legal framework for criminal law standards Cooperation
framework for computer crime investigation Procedural framework for
cross-country cease & investigate digital evidence (The future)
conventions on cyber warfare?
Slide 58
At least for now, hijacked vehicles, truck bombs, and
biological weapons seem to pose a greater threat than cyber
terrorism. However, just as the events of September 11 caught us by
surprise, so could a major cyber assault. We cannot afford to shrug
off the threat. Prof. Dorothy Denning, November 1, 2001
Slide 59
The definition of Terror itself is contended The line between
Cyber Terrorism and Hacktivism is blurry, grey and crossed often
Analysis of each attack and incident ? A new breed of Cyber
analysts is born
Slide 60
Slide 61
Proceedings of the IDC Herzelya Cyber Terrorism Workshop,
November 2010 Dorothy E. Denning,"Activism, Hacktivism, and
Cyberterrorism: The Internet as a Tool for Influencing Foreign
Policy, Georgetown University June 8, 2001 Trachtman, Joel P.,
2004. Global Cyberterrorism, Jurisdiction, and International
Organization, http://ssrn.com/abstract=566361.
http://ssrn.com/abstract=566361