Your SlideShare is downloading. ×

Cyberattacks on a marine context (NATO Congress 2011)

734

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
734
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. A.P.T. Cyberattackson a marine context Gutiérrez A. Corredera L.E.
    • 2. Goal of the talkIdentification of potential security flaws on amarine context using the most recent  asset-oriented hacking techniques.Potential scenarios pirates could pursue targeting a vessel:1- Compromised communications.2- Malfunctioning/Sabotage of PLC systems3- GPS precise fleet position discovering 
    • 3. Key conceptA.P.T. (Advanced Persistant Threat): Refers to a group withboth the capability and the intent to persistently and effectively target aspecific entity.Advanced: Intelligence-gathering techniquesPersistent: Not opportunisticThreat: Capability and Intent
    • 4. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    • 5. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    • 6. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    • 7. Cyberattacks makes them AdvancedIntelligence-gathering: Information Systems IntrusionCommunications interception: Fake base station techniquesSatellite Imaging: Google Maps, Bing...
    • 8. Classic Cyberattacks: IP oriented Every device connected to the Internet has an IP addressBasic steps of a “classical” Hacker (Not Persistent) IP ranges scan for listening services Target Characterization Investigate vulnerabilities and exploits
    • 9. New Cyberattacks: Asset oriented Asset oriented search engine.Basic steps of a “Persistent” Hacker (Addressed to a certain target) Search for a concrete target in Shodan: e.g. Router Model Find exploit in Shodan So much faster and straightforward technique!
    • 10. DEMO: Quick hacking sessionSearch for USAL assets: hostname:usal.esFind vulnerable ones. (But be nice to them :) http://www.shodanhq.com
    • 11. How all this apply to a marine context?
    • 12. How all this apply to a marine context?
    • 13. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    • 14. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    • 15. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    • 16. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    • 17. Potential security flaws
    • 18. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    • 19. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    • 20. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    • 21. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    • 22. Communications interception A5/x No real time. Look up tables Needs saved CUDA/GPUs Very costlyCryptoanalysis transmission. Fake base Micro BTS Close to the target Freq.inhibitor for 3G Less than 10k€ station openBSC, openBTS Cellphone Close to the target Motorola C123,155 baseband No GPRS by now OsMoComBB Less than 13$!!! modification Experimental
    • 23. Potential security flaws
    • 24. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    • 25. Sabotage
    • 26. Sabotage
    • 27. SabotageSCADA
    • 28. Sabotage PLCsSCADA
    • 29. Sabotage PLCsSCADA Water Treatment
    • 30. Sabotage Stuxnet Very sophisticated. 4 Zero-days Deeply targeted at vulnerabilities. Extremely (Infects PLCs PLCs. 2 stolen digital expensivefrom FieldPGs) Spionage certificates. Needs a infection ScadaTrojans pathway to install a Inspired by Stuxnet (Infects PLCs but “Low cost” client side modified Cheaperfrom SCADAs) file. 3 Zero-days.
    • 31. Potential security flaws
    • 32. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    • 33. Intelligence gathering http://newdata.es/sistemas-de-navegacion-maritima/
    • 34. Intelligence gatheringElectronicChartDisplay andInformationSystem http://newdata.es/sistemas-de-navegacion-maritima/
    • 35. Intelligence gathering
    • 36. Intelligence gatheringA Vessel is usually part of the Internet..
    • 37. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    • 38. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    • 39. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    • 40. Intelligence gathering Internet connection. Depends onAsset oriented Computer. manufacturer’s Classic hacking Extremely cheap hacking security tools.
    • 41. DEMO: Quick assets oriented search session Membrane Biological Reactor, Merchant Vessels, Worldwide Control system solution comprises: Siemens S7-300 PLC with MP HMI and S7-200 PLC based control systems and networking for the water treatment systems. Search for Maritime related assets:Zynetix MaritimeGSM, S7-300, advantech http://www.shodanhq.com
    • 42. Conclusions Pirates should be considered an APT. They could virtually use Cyberattacks to hijack vesselsmore easily. Complex Cyberattacks are more and more affordable. A ship may become practically speaking an Internetnode with all its risks (should be managed). Let’s be in the look out!
    • 43. THANK YOU! {alberto,luisenrique}@flagsolutions.net Twitter: @albertoflag , @lencorredera
    • 44. THANK YOU! {alberto,luisenrique}@flagsolutions.net Twitter: @albertoflag , @lencorredera

    ×