Information Warfare

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Hello- My name is Mikhael Felker. Thank you for attending my talk…I appreciate your patronage. Before we dive in, I’d like to tell you a little about myself. I’m currently work for The Aerospace Corporation, a non-profit Federally Funded Research and Development Center, in the Information Assurance Department—part of the technical staff. Aerospace does not “sell” anything to consumers or businesses, we provide engineering services to the US Air Force, NRO, NASA/NOAA. I perform security assessments on Air Force systems, work in certification and accreditation (DIACAP), deploy web services for internal infrastructure, 8570 compliance. Also, I’m the education director of ISSA, ISACA sister’s organization and occasionally teach classes at UCLA Extension. Previously I worked for CERT, Sandia Labs, and UCLA in various departments. I’d like to set the expectations for this talk a little bit. This is not a technical talk! I am not going to talk about control frameworks I am not going to talk about security tools I am not going to talk about hacking methodologies f I am going to explain to you in clear terms what is information warfare and associated terminology What is happening in this space Take the security Triad CIA If you could chose ONE security property, what would it be? It will likely depend on your industry? Media (availability) Finance (integrity) Health care (confidentiality) Energy (availability) Transportation (availability)

    Close to the end of WWII the Japanese were not prepared to surrender and the US decided more lives would be saved if we used the Nuclear option. So, the next decision is what cities are going to be bombed. The US chose cities that supported armaments/munition factories. Here’s the top three list (two of these cities should be very familiar to you). After the bombing of Hiroshima, the Japanese still did not surrender (mostly because 1) passion/persistence/determination of the Japanese army and 2) due to lack of communication technologies no video footage and true visual description of the damage was not available. Several days later after Japan did not surrender the US airmen in bombers were tasked to attack their next target which was Kukora. start to see the answer from the first part of the question now. US bombers flew to Kukora and had enough fuel to bomb the target and come back, with little reserves. When they arrived to Kukora they ran into trouble with visibility of the target. They were ordered not to make use of RADAR because it was not accurate enough and were told to make use of visual line of sight. After circling for over an hour they decided they could not attack the target and left to the next target Nagasaki. This was a necessary decision because they have a nuclear weapon on board and did not want to have the chance to run out of fuel before dropping the payload. They flew to Nagasaki, there was still overcast, but found enough enough clear visibility to drop the A bomb. If GPS has been operational this mission would be significantly easier. You’ll see how this fits into the overall picture later. Quality information is HIGHLY valuable.

    So the cat’s out of the bag. Dod defines information warfare consists of the following five domains are components PYOPS MILDEC OPSEC CNO EW We will go clockwise through each of these in some details with examples

    Rather than engaging in warfare which is costly (in terms of human life, money, etc.), it is must more of an effective strategy to dissuade the other party from engaging in the battle in the first place.

    Text on the back of the leaflet “ Read this carefully as it may save your life or the life of a relative or friend. In the next few days, some or all of the cities named on the reverse side will be destroyed by American bombs. These cities contain military installations and workshops or factories which produce military goods. We are determined to destroy all of the tools of the military which they are using to prolong this useless war. But, unfortunately, bombs have no eyes. So, in accordance with America's humanitarian policies, the American Air Force, which does not wish to injure innocent people, now gives you warning to evacuate the cities named and save your lives. America is not fighting the Japanese people but is fighting the military clique which has enslaved the Japanese people. The peace which America will bring will free the people from the oppression of the military clique and mean the emergence of a new and better Japan. You can restore peace by demanding new and good leaders who will end the war. We cannot promise that only these cities will be among those attacked but some or all of them will be, so heed this warning and evacuate these cities immediately.“

    Tried to move troops and have communications that would indicate an attack via Norway or lower part of Europe. This strategy had enormous success and diverted troops to one of the most successful invasions in the history of warfare.

    Some of you are probably familiar with this domain already. This related to protection of information that an adversary can use against you. Actually poor operations security was demonstrated by the recent movie Duplicity—travel information was much more easily accessible. For example, in my workplace we are told to let people know that we are away on travel, but not indicate the specific location or reason.

    CND: what do we have to defend out systems and networks CNE: how can we get the information we need from the advesary CAN: how can we cripple or attack the advesary’s systems

    Do any of you have wireless networks? Directional microwave systems for communication? Do any of you remember “Goldeneye,” the James Bond movie? The massive weapon used to disable all electronic systems.

    Notes: Estonia is highly dependent on Internet availability as apposed to less developed neighboring countries

    “ The attack marks a new phase in the history of warfare, being the first case in which a land invasion was coordinated with an orchestrated online cyber-offensive.”* http://georgiaupdate.gov.ge/doc/10006922/CYBERWAR-%20fd_2_.pdf

    Notes: The IP address that resolves to president.gov.ge also hosted other government websites (e.g., Social Assistance and Employment State Agency www.saesa.gov.ge), downtime Incurred on Presidential website also had collateral damage to other sites hosted on the same server.

    Item#220353125105

    Favorites, Groups & Events

    Information Warfare - Presentation Transcript

    1. Mikhael Felker, CISSP-ISSEP OWASP Los Angeles June 24, 2009 Affiliations: The Aerospace Corporation ISSA LA UCLA Extension
      • Where does the term Kokura’s Luck come from?
      • WWII target selection
        • 1) Hiroshima
        • 2) Kukora
        • 3) Nagasaki
      • Why was Kurkora not bombed?
      • Weather conditions poor
      • Radar inaccurate
      • GPS not invented yet!
      • Ordered line of sign of target
      • Information requirement: precise targeting, visibility
      The Manhattan Project http://www.cfo.doe.gov/me70/manhattan/nagasaki.htm
      • Infowar Definition
      • Infowar Elements
      • Historic (WWII 1945)
      • Past (1990-’91)
        • Gulf War
      • Recent Events (2007-2009)
        • Estonia
        • Georgia
        • Kyrgyzstan
        • Iran (last 2 weeks)
      • Future (2010 - ?)
      • Questions
      • Common associated terms: cyber warfare, electronic warfare, network warfare, and Information Operations (IO)
      • Information Operations is currently the DoD preferred term*
      • Definitions:
        • “ Information Warfare consists of those actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage , objective or victory over an adversary” (Winn Schwartau, Information Warfare)
      CRS Report for Congress “Information Operations, Electronic Warfare, and Cyberwar: Capabilities and Related Policy Issues
    5. DoD defined components of Information Warfare Information Operations consists of 5 capabilities: Psychological Operations (PYOPS), Military Deception (MILDEC), Operational Security (OPSEC), Computer Network Operations (CNO), and Electronic Warfare (EW) PYOPS MILDEC OPSEC CNO EW
    6. “ Psychological Operations ( PYOPS ) provides the ability to rapidly disseminate persuasive information to directly influence the decision-making of diverse audiences, and is seen as a means for deterring aggression, and important for undermining the leadership and popular support for terrorist organizations.”* “ Planned operations to convey selected information to targeted foreign audiences to influence their emotions , motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and Individuals”** DOD policy prohibits the use of PYOPS for targeting American audiences. *CRS Report for Congress “Information Operations” **Defense Technical Information Center http://www.dtic.mil/doctrine/jel/doddict/
    7. “ [The] OWI [Office of War Information] was responsible for using information warfare to promote distrust of Japanese military leaders, lower Japanese military and civilian morale, and encourage surrender .”* “ In just the last three months of formal psychological warfare, OWI produced and deployed over 63 million leaflets informing the Japanese people of the true status of the war and providing advance warning to 35 cities targeted for destruction”* Josette H. William. The Information War in the Pacific, 1945 https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/ csi-studies/studies/vol46no3/article07.html
      • “ Deception guides an enemy into making mistakes by presenting false information, images, or statements . MILDEC is defined as actions executed to deliberately mislead adversary military decision makers with regard to friendly military capabilities, thereby causing the adversary to take (or fail to take) specific actions that will contribute to the success of the friendly military operation.”*
      • Operation Bodyguard (WWII)
        • Deceive Germans as to the
        • time and location of main
        • offensive
      • Think Honeynet
        • Looks like a real system, has services running, waste attackers time/resources.
      *CRS Report for Congress “Information Operations”
      • “ OPSEC is defined as a process of identifying information that is critical to friendly operations and which could enable adversaries to attack operational vulnerabilities.”*
      • Removing sensitive information from public sources (e.g., military websites).
        • Example: Operation Iraqi Freedom
      *CRS Report for Congress “Information Operations”
    10. Computer Network Defense (CND): “is defined as defensive measures to protect information, computers, and networks from disruption or destruction. CND includes actions taken to monitor, detect, and respond to unauthorized computer activity .” Computer Network Exploitation (CNE) : “ prepare the IO battlespace through intelligence, surveillance, and reconnaissance, and through extensive planning activities. This involves intelligence collection, that in the case of IO, is usually performed through network tools that penetrate adversary systems. Tools used for CNE are similar to those used for computer attack, but configured for intelligence collection rather than system disruption.” Computer Network Attack (CNA) : “ CNA is defined as effects intended to disrupt or destroy information resident in computers and computer networks. As a distinguishing feature, CNA normally relies on a data stream used as a weapon to execute an attack.” *CRS Report for Congress “Information Operations”
      • CND : Defend our own information systems
        • NIDS/IPS, HIDS, Proxy, Firewall, Monitoring, etc.
      • CNE : Exploit enemy computer networks through intelligence collection, usually done through use of computer code and computer applications
        • Rootkits and other surreptitious software
      • CNA : Attack and disrupt enemy computer networks
        • DDoS, blackhole, physical damage, etc.
    12. Electronic Warfare: “any military action involving the direction or control of electromagnetic spectrum energy to deceive or attack the enemy. High power electromagnetic energy can be used as a tool to overload or disrupt the electrical circuitry of almost any equipment that uses transistors, micro-circuits, or metal wiring”* Navigation Warfare : “involves protecting U.S. and Allied use of GPS while simultaneously preventing hostile forces access to space-based PNT services and preserving peaceful civil GPS use outside of an area of military operations.”** *CRS Report for Congress “Information Operations” **FAQ Space based PNT http://pnt.gov/public/faq.shtml
    13. Image Courtesy of Google Maps
    14. Gulf War - Infowar Image Courtesy of Wikipedia Commons
      • Five Hackers from Netherlands infiltrate US DoD computer systems
        • Exfiltrate files, e-mail
        • Search for information on “nuclear weapons, missiles” operational planning
        • Obtain exact information on US troop locations and weapons used
        • Movement of warships
        • Clear tracks (audit)
        • Obtain such volume of information they hack into other systems for more storage space
        • Try to sell this information to Iraq (Hussein thought it was not legitimate)
      • US identified Hackers, could not convict for computer intrusion
        • Two later arrested for credit card fraud
      References: Information Warfare & Security (Denning)
      • US targets electrical power switching system
        • Using Tomahawk missle with (carbon fibers) to short circuit the power system
      • US strikes Iraqi telephone system, takes out all coaxial cabling that is used for communication between central command and remote sites
      • Physical attacks on important communication systems that support C&C
      What was the impact of key transatlantic fiber lines being cut? Taking Down Telecommunications http://aupress.maxwell.af.mil/saas_Theses/SAASS_Out/Hust/hust.pdf
      • Internet is the primary mode of communication
        • POTS/PSTN is slowly dying: usage falling
      • Physical attacks on the Internet
        • Cut fiber lines?
        • This has happened several times already (non malicious)
          • NY Times Headline “ Cut in Fiber Cable Disrupts Internet Traffic Nationwide
            • Gas company in Ohio accidentally sliced through a fiber cable with a backhoe.
      • 1999 GTE owned fiber “The cut, which occurred around noon Eastern Time about 30 miles east of Cleveland, slowed traffic to the point that data transmissions were taking 20 to 50 times longer between the East and West Coasts than they do on a normal business day. Some companies experienced more severe disruptions and were forced to shut down.”
            • “ While fiber cuts are not uncommon, the size of the cable that was cut yesterday -- a bundle of fibers carrying 40 gigabits , or 40 billion bits, of data a second -- is extremely rare, said Bill Woodcock, network architect for Zocalo, a regional Internet service provider in Northern California.”
      http://query.nytimes.com/gst/fullpage.html?res=9403E0DC153EF933A0575AC0A96F958260
    18. Estonia - Infowar
    19. Bronze statue of solider representing Soviet WWII victory placed in Tallinn Estonians continue to resent Soviets for previous oppression, and statue was a representation of previous history April 27, 2007: Estonian government decision to moves the statue to the outskirts of the city near cemetery The Monument to the Liberators of Tallinn
      • April 28 th , 2007 Russian aggravation, rioting and looting ensued
        • Internet war began (DDoS attacks)
        • Russian websites provide instructions how to attack
        • Estonian networks/sites, advice on targets, etc.
        • Targets of aggressor: government offices, news agencies, and banks
      • May 9 – DDoS attacks reach peak
      • May 18 - last major wave
      • Estonia Internet usage population: 59.7 % (compare to US 73.6 %)*
      • Stakeholder (Internet user) perspective
        • “ You couldn't get information; you couldn't do your job. You couldn't reach the bank; you couldn't check the bus schedule anymore. It was just confusing and frightening, but we didn't realize it was a war because nobody had seen anything like that before.”**
      ** http://www.internetworldstats.com/ Estonia: Attacks Seen As First Case Of 'Cyberwar' http://www.rferl.org/content/Article/1076805.html
      • Modemsupport <modemsupport@twcla.com> Tue, Mar 3, 2009 at 1:52 AM To:
      • Hello Thank you for your inquiry. During the past week, hackers have launched a series of attacks on Time Warner Cable's servers.  Time Warner Cable is working with law enforcement agencies to resolve these crimes. As a result of these attacks, you may have experienced a temporary &quot;outage&quot; when attempting to surf the Web, including an intermittent &quot;page cannot be displayed&quot; error message. The outages did not result in services being 100% unavailable, and were limited to sporadic timeouts which appeared to be random events.  Some users may have experienced a total disconnect, however. These types of attacks are not uncommon, especially for a network as large as ours. We suspect that the attackers are using &quot;zombie computers,&quot; or hijacking unsuspecting subscribers' machines to perpetrate the attack without its owner's knowledge. ……
      • Issues:
        • Attribution. Was it the Russians?
          • DDoS attacks come from multiple sources (e.g., botnet, IP Spoofing, etc.) so tracking down the aggressor is difficult
        • Response. Defense? Counter-attack?
          • Some countries see a cyber attack as equivalent to a physical military invasion counter-attacks might not be politically possible, or technically possible against an attacker with significantly larger number of resources
    24. Georgia - Infowar
      • Dispute over region of South Ossetia and Abkhazia
        • Predominately Russian population
          • Significant amount of people with Russian Passports
        • South Ossetia is run somewhat independently from Georgia
        • NATO/Georgia/US do not consider this the government of South Ossetia sovereign
        • Russian want to “protect their own” that live in the territory from Georgian attacks
        • There is no comparison between the military abilities of Georgia and Russia
      • July ‘08: Precursor to network attack (some unusually high network traffic)
      • July-August: Russia and Georgia have military exercises next to the border
      • August 7 th : small military skirmishes that lead to a Full blown Russian Land, Sea, Air + Cyber Attack
      • August 16 th Ceasefire agreement between Russian and Georgia
      Cyber attack coordinated with physical military offensive http://www.defensetech.org/archives/004363.html
    28. DDoS command & control server flood traffic requests * ShadowServer http:// www.shadowserver.org/wiki/pmwiki.php?n =Calendar.20080720 http:// www.shadowserver.org/wiki/pmwiki.php?n = Shadowserver.Mission
      • Other government websites inadvertently attacked
      • President communication Issues
    29. http://georgiamfa.blogspot.com/ - Blogger (Google) used as the primary web distribution point of information
    30. mfa.gov.ge Mikheil Saakashvili
    31. http://mfa.gov.ge
    32. Kyrgyzstan - Infowar Image Courtesy of Google Maps
      • Timeline: January 18, 2009
      • 2 primary Internet Service Providers (ISP)
        • ISPs www.ns.kg and www.domain.kg
      • “ denial-of-service attacks managed to shut down more than 80 percent of Kyrgyzstan's bandwidth .”*
      • Why:
        • Potential reason: U.S. use of an air base in the country to help with its military operations in Afghanistan
      * Kyrgyzstan Knocked Offline http://online.wsj.com/article/SB123310906904622741.html http://blog.wired.com/defense/2009/01/cyber-militia-t.html
      • Iranian Presidential Election – June 12 th 2009
        • Mahmoud Ahmadinejad vs. Mir-Hossein Mousavi
      • “ Official position” was ~2/3 rd vs. 1/3 rd votes call
      • Calls for re-count, fraud, government abuse
      • Gov’t actions (IW):
        • Blocking Facebook (and other related sites)
        • Block/Disable use of mobile phones in Tehran
        • Foreign satellite TV transmissions
      • Response (IW):
        • Greater number of satellites to send news/information
        • Increased use of TOR (anonymous Internet access)
      • DDoS is
        • Cheap
          • FBI reports of few dollars per hour of large botnet
        • Scalable
          • Botnets greater than 300K nodes
        • Can be outsourced (plausible deniability?)
          • Seen via message boards/IRC channels
        • Significant damage/impact
        • Timely
          • No major military logistics (e.g., carrier tank movements, etc.)
        • Attribution difficult to determine
      • Providing adversary asymmetric advantage
    36. Inforwar – EW
    37. “ Jamming involves the transmission of one signal to interfere with another, the target of the attack. It has been used against a variety of signal frequencies, particularly radar, radio and television ” -Denning, Information Warfare & Security (Navigation Warfare)
      • GPS – dual use
        • Civilian – P code - SPS
        • Military – P(Y) code, M code – PPS
      • GPS Jammers – dual use?
        • Military – nations are continuously improving methods of Jamming signals
        • Civilian - new technologies allow ordinary citizens to track one another via GPS, would potentially cause some to take extraordinary measures to prevent their location from being known
    39. Image courtesy of verizonwireless.com Newsflash: not everyone would like their location to be known
    40. Remember the advertisement about Verizon above, irony will soon come into the picture
    42. Description from ebay.com
    43. Whois: http://www.whois.net/whois_new.cgi?d=cellphone-jammers&tld=com
    44. Increasing demand for infowar products
    45. Cheaper than Auction
      • Drivers/Demand of civilian GPS Jammers
        • “ This is a popular item with sales personnel and delivery drivers, who wish to take lunch or make a personal stop outside of their territory or route.”
      • Recent legal activity
        • “ On May 28 (2008) , the Federal Communications Commission (FCC) issued a citation to David Steele Enterprises of Newport Beach, California, for marketing in the United States unauthorized radio frequency devices in violation of the Communications Act of 1934, specifically a GPS jammer imported from Taiwan. The company admitted selling 67 GPS Jammers between December 5, 2007, and May 16, 2008. The FCC stated that the main purpose of the jammer device — blocking or interfering with radio communications — is clearly prohibited, and threatened fines of up to $11,000 per device sold.”
          • Source: “The System — Jammer Location Gets NGA Attention.” GPS World, July 1st 2008
      • Agility/resilience/response
        • Move information portal to a zero-cost, almost unlimited bandwidth provider Blogger (Google)
      • Limit grouping resources in centralized location
      • Cost of cyberwar
      • Underestimating the adversary
      • Properly evaluating dependencies between systems, technologies, etc.
      • Lack of planning (alternate sites, communication plans, etc.)
      • US: National Security Directive 16 (classified), guidelines regulating the use of cyber weapons in wartime
    48. Wired. “Georgia Under Online Assault” 08/10/2008 http://blog.wired.com/defense/2008/08/georgia-under-o.html http:// intelfusion.net/wordpress/?p =388 Russian Invasion of Georgia http://georgiaupdate.gov.ge/doc/10006922/CYBERWAR-%20fd_2_.pdf “ Estonia: Russia Opposes Law On Soviet War Memorials” http://www.rferl.org/content/article/1074094.html Clay Wilson. CRS Report for Congress “Information Operations, Electronic Warfare, and Cyberwar: Capabilities and Related Policy Issues” Updated March 20, 2007
    49.  
    SlideShare Zeitgeist 2009

    + Mikhael FelkerMikhael Felker Nominate

    custom

    184 views, 0 favs, 0 embeds more stats

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 184
      • 184 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 9
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.