• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Chiesa_ Isecom
 

Chiesa_ Isecom

on

  • 1,366 views

ET01 – Emerging Technologies

ET01 – Emerging Technologies
h: 9.30 am – 1.30 pm
Conference Room: Sala 1

CRITICAL INFRASTRUCTURES
Homeland Security - Emergency and Safety

Statistics

Views

Total Views
1,366
Views on SlideShare
1,366
Embed Views
0

Actions

Likes
0
Downloads
25
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Chiesa_ Isecom Chiesa_ Isecom Presentation Transcript

    • ITN 2009 – Torino, 15 Ottobre 2009 Attacchi ad infrastrutture critiche: storie di vita vissuta Raoul Chiesa Founder, Honorary President, @ Mediaservice.net Director of Communication, Board of Directors Member, ISECOM Senior Advisor, Strategic Alliances & Cybercrime Issues at the United Nations chiesa@UNICRI.it Document Keywords Infrastrutture Critiche Nazionali; SCADA; Automazione Industriale; Incidenti di Sicurezza; Attacchi Informatici; Hacking; Sicurezza Nazionale; Penetration Test. 1
    • ITN 2009 – Torino, 15 Ottobre 2009 Agenda Who is who - Il relatore - ISECOM - UNICRI I crimini Hi-Tech nel XXI secolo & l’hacking Le Infrastrutture Critiche Nazionali - Attacchi - Problematiche riscontrate - Incidenti - TETRA - Soluzioni Contatti, Q&A 2
    • ITN 2009 – Torino, 15 Ottobre 2009 Il relatore Raoul Chiesa – Director of Communications at ISECOM – Institute for Security and Open Methodologies – Originally called the Ideahamster Organization (Est. 2000) – Open Source Community Registered OSI – Project Manager for H.P.P., OSSTMM Key Contributor • OPST, OPSA, ISECOM Authorized International Trainer – Professor of IT Security at various Universities & Masters (Italy) – Advisor on Cybercrime for the United Nations at UNICRI – Board of Directors Member at ISECOM, CLUSIT, Telecom Security Task Force, and ISO ISMS IUG & OWASP Italian Chapters 3
    • ITN 2009 – Torino, 15 Ottobre 2009 ISECOM: who is who • Institute for Security and Open Methodologies (Est. 2002) • Una Non-Profit Organization (registrata) • Sedi a Barcelona (Spagna) e New York (U.S.A.) • Open Source Community Registered OSI: utilizza un processo di Open and Peer Review assicurando Qualità e sviluppando una Chain of Trust, diventando così una community internazionalmente riconosciuta. • Una Certification Authority “grown in the trust” e supportata da istituzioni accademiche (La Salle University network). 4
    • ITN 2009 – Torino, 15 Ottobre 2009 UNICRI: who is who • United Nations Interregional Crime & Justice Research Institute • Fondato nel 1968 per assistere le organizzazioni governative, intergovernative e non-governative nella creazione e miglioramento di policy nel campo della crime prevention e criminal justice. • WHQ a Torino (UN Staff College, ITC/ILO); uffici a Roma, Ginevra, New York, Luanda (Angola), Maputo (Mozambico). 5
    • ITN 2009 – Torino, 15 Ottobre 2009 Information Security • L’evoluzione dei crimini dovrebbe essere analizzata da punti di vista innovativi • Diversamente, non saremmo in grado di comprendere i nuovi nemici e, soprattutto, le loro motivazioni • Informazione è la keyword per le minacce di oggi • You got the information, you got the power… 6
    • ITN 2009 – Torino, 15 Ottobre 2009 21st Century Le minacce odierne si stanno trasformando, ed evolvendo: • Hacking “for fun” • (Low-level) Hacking for money/phishing • (High-level) Hacking/Industrial espionage • On-line Child pornography (business) • Botnets • Critical Information Infrastructures, CNI & SCADA • Cyberterrorism • Copyright & Intellectual property violations • E-Commerce frauds, scams • On line gambling • Privacy issues (social networks) 7
    • ITN 2009 – Torino, 15 Ottobre 2009 Hacking: macro tipologie di attackers Low-level hackers: “script-kiddies” hunting for known security flaws (kind of “NEW”) Phishing, Remote low-level Social Engineering Attacks Insiders (user/supervisor/admin) Disgruntled Employees High-level, sophisticated hackers, Organized Crime: middle and high level attacks Hobbiest hackers Unethical “security guys” Unstructured attackers (SCAMs, medium & high-level hi-tech frauds,VISHING …) Structured attackers (“the italian job”, targeted attacks, industrial espionage) Espionage, Terrorism Foreign Espionage Hacktivist (unfunded groups) Terrorist groups (funded) State sponsored attacks 8
    • ITN 2009 – Torino, 15 Ottobre 2009 Critical National Infrastructures: high-level view Le (principali) Infrastrutture Critiche Nazionali odierne possono essere riassunte in: Telecommunications Electrical power systems Gas and oil storage and transportation Banking and finance Transportation Water supply systems Emergency services (medical, police, fire and rescue) Continuity of government 9
    • ITN 2009 – Torino, 15 Ottobre 2009 Critical National Infrastructures: zooming/1 Sector Sample Target Sub-sectors 1.Energy and Utilities Electrical power (generation, transmission, nuclear) Natural gas Oil production and transmission systems 2.Communications and Information Technology Telecommunications (phone, fax, cable, satellites) Broadcasting systems Software Hardware Networks (Internet) 3. Finance Banking Securities Investment 4.Health Care Hospitals Health-care facilities Blood-supply facilities Laboratories Pharmaceuticals 5. Food Food safety Agriculture and food industry Food distribution 10
    • ITN 2009 – Torino, 15 Ottobre 2009 Critical National Infrastructures: zooming/2 Sector Sample Target Sub-sectors 6. Water Drinking water Wastewater management 7. Transportation Air Rail Marine Surface 8. Safety Chemical, biological, radiological, and nuclear safety Hazardous materials Search and rescue Emergency services (police, fire, ambulance and others) Dams 9. Government Government facilities Government services (for example meteorological services) Government information networks Government assets Key national symbols (cultural institutions and national sites and monuments) 10. Manufacturing Chemical industry Defence industrial base 11
    • ITN 2009 – Torino, 15 Ottobre 2009 China is attacking: UK 12
    • ITN 2009 – Torino, 15 Ottobre 2009 China is attacking: USA 13
    • ITN 2009 – Torino, 15 Ottobre 2009 China is attacking: Germany The comments follow charges made by a top German intelligence official that computer hacking by China was occurring on an almost daily basis. 14
    • ITN 2009 – Torino, 15 Ottobre 2009 China is attacking: France France has become the fourth country to speak out against hackers in China following an attack on French government systems. Francis Delon, France's secretary general for national defence, claimed that the country's systems had been compromised and that the evidence pointed to China. 15
    • ITN 2009 – Torino, 15 Ottobre 2009 I problemi riscontrati Key issues Conseguenza Reti piatte (no segmentazione) Vita facile ai worm No FW ..arriva di tutto No AV vulns note, bloccano la rete! No xIDS Incident handling ?!? Anomalie ? Attacchi ? Trojan “ad-hoc” ? No Integrity Checker Modifiche ai file eseguibili Sicurezza fisica Accesso fisico non autorizzato Security Through Obscurity Non funziona più (GSM Association docet) Differenze culturali Paradigma C-I-A VS A-I-C 16
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 17
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 18
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 19
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA: going commercial… Videoclip time ! 20
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: sabotage 21
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 22
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA: incidents 23
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 24
    • ITN 2009 – Torino, 15 Ottobre 2009 SCADA&NCIs: incidents 25
    • ITN 2009 – Torino, 15 Ottobre 2009 TETRA & 911 • Nel 2007 siamo stati chiamati per effettuare verifiche di sicurezza presso un Paese dell’area GCC (Middle- East) • Oltre ad un assessment di sicurezza “standard”, ci è stato chiesto di “spegnere il 911” • Dopo aver richiesto autorizzazioni estese, e dopo aver toccato con mano lo scetticismo (vendor, e Cliente), ci siamo messi all’opera • Dopo 14 minuti il 911 era down: no police, no ambulance, no fire department. 26
    • ITN 2009 – Torino, 15 Ottobre 2009 Altri case-studies (sotto NDA) • Negli ultimi 3 anni ci siamo anche occupati di verificare l’effettivo livello di sicurezza esistente presso: – Energy Plants (Test Plant) – Pharmaceutical (live) – Finance – Telco – Air transport – Highways – Chemical – Industry • ..In tutti questi casi, siamo riusciti a violare con successo l’infrastruttura e/o il target individuato. 27
    • ITN 2009 – Torino, 15 Ottobre 2009 Possibili soluzioni ? Cultura! • Cybercrime Trainings on SCADA & NCIs @ the United Nations (Torino, Italy) – http://www.unicri.it/wwd/cybertraining/index.php – http://www.unicri.it/wwd/cybertraining/info_security.php – http://www.unicri.it/wwd/cybertraining/hacker_profiling.php – http://www.unicri.it/wwd/cybertraining/SCADA.php – http://www.unicri.it/wwd/cybertraining/digital_forensics.php – http://www.unicri.it/wwd/cybertraining/ap-form_info.php 28
    • ITN 2009 – Torino, 15 Ottobre 2009 Contacts, Q&A Contacts: • If you are interested in ISECOM projects: Raoul Chiesa, Director of Communications at ISECOM raoul@ISECOM.org • If you are interested in professional penetration testing for governments and LEAs: Raoul Chiesa, Chief Technical Officer & Tiger Team manager raoul@mediaservice.net • If you are interested in UNICRI’s Cybercrime Trainings: Raoul Chiesa, Senior Advisor & Strategic Alliances chiesa@UNICRI.it GRAZIE DELL’ATTENZIONE! DOMANDE ? 29