Cyberattacks on a marine context (NATO Congress 2011)

992 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
992
On SlideShare
0
From Embeds
0
Number of Embeds
262
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Cyberattacks on a marine context (NATO Congress 2011)

    1. 1. A.P.T. Cyberattackson a marine context Gutiérrez A. Corredera L.E.
    2. 2. Goal of the talkIdentification of potential security flaws on amarine context using the most recent  asset-oriented hacking techniques.Potential scenarios pirates could pursue targeting a vessel:1- Compromised communications.2- Malfunctioning/Sabotage of PLC systems3- GPS precise fleet position discovering 
    3. 3. Key conceptA.P.T. (Advanced Persistant Threat): Refers to a group withboth the capability and the intent to persistently and effectively target aspecific entity.Advanced: Intelligence-gathering techniquesPersistent: Not opportunisticThreat: Capability and Intent
    4. 4. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    5. 5. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    6. 6. Are sea pirates an A.P.T.?Persistent: Hijacking from early 90s.Threat: 53 ships on 2010But...could they becomeAdvanced?
    7. 7. Cyberattacks makes them AdvancedIntelligence-gathering: Information Systems IntrusionCommunications interception: Fake base station techniquesSatellite Imaging: Google Maps, Bing...
    8. 8. Classic Cyberattacks: IP oriented Every device connected to the Internet has an IP addressBasic steps of a “classical” Hacker (Not Persistent) IP ranges scan for listening services Target Characterization Investigate vulnerabilities and exploits
    9. 9. New Cyberattacks: Asset oriented Asset oriented search engine.Basic steps of a “Persistent” Hacker (Addressed to a certain target) Search for a concrete target in Shodan: e.g. Router Model Find exploit in Shodan So much faster and straightforward technique!
    10. 10. DEMO: Quick hacking sessionSearch for USAL assets: hostname:usal.esFind vulnerable ones. (But be nice to them :) http://www.shodanhq.com
    11. 11. How all this apply to a marine context?
    12. 12. How all this apply to a marine context?
    13. 13. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    14. 14. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    15. 15. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    16. 16. How all this apply to a marine context? http://www.zynetix.com/index.php?/solutions/maritime-gsm/
    17. 17. Potential security flaws
    18. 18. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    19. 19. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    20. 20. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    21. 21. Communications interception By Tsaitgaist [see http://commons.wikimedia.org/wiki/File%3AGsm_structures.svg for license], via Wikimedia Commons
    22. 22. Communications interception A5/x No real time. Look up tables Needs saved CUDA/GPUs Very costlyCryptoanalysis transmission. Fake base Micro BTS Close to the target Freq.inhibitor for 3G Less than 10k€ station openBSC, openBTS Cellphone Close to the target Motorola C123,155 baseband No GPRS by now OsMoComBB Less than 13$!!! modification Experimental
    23. 23. Potential security flaws
    24. 24. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    25. 25. Sabotage
    26. 26. Sabotage
    27. 27. SabotageSCADA
    28. 28. Sabotage PLCsSCADA
    29. 29. Sabotage PLCsSCADA Water Treatment
    30. 30. Sabotage Stuxnet Very sophisticated. 4 Zero-days Deeply targeted at vulnerabilities. Extremely (Infects PLCs PLCs. 2 stolen digital expensivefrom FieldPGs) Spionage certificates. Needs a infection ScadaTrojans pathway to install a Inspired by Stuxnet (Infects PLCs but “Low cost” client side modified Cheaperfrom SCADAs) file. 3 Zero-days.
    31. 31. Potential security flaws
    32. 32. Potential security flawsCommunications Intelligence Sabotage Interception gathering
    33. 33. Intelligence gathering http://newdata.es/sistemas-de-navegacion-maritima/
    34. 34. Intelligence gatheringElectronicChartDisplay andInformationSystem http://newdata.es/sistemas-de-navegacion-maritima/
    35. 35. Intelligence gathering
    36. 36. Intelligence gatheringA Vessel is usually part of the Internet..
    37. 37. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    38. 38. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    39. 39. Intelligence gatheringA Vessel is usually part of the Internet.. And can be hacked as regular servers!
    40. 40. Intelligence gathering Internet connection. Depends onAsset oriented Computer. manufacturer’s Classic hacking Extremely cheap hacking security tools.
    41. 41. DEMO: Quick assets oriented search session Membrane Biological Reactor, Merchant Vessels, Worldwide Control system solution comprises: Siemens S7-300 PLC with MP HMI and S7-200 PLC based control systems and networking for the water treatment systems. Search for Maritime related assets:Zynetix MaritimeGSM, S7-300, advantech http://www.shodanhq.com
    42. 42. Conclusions Pirates should be considered an APT. They could virtually use Cyberattacks to hijack vesselsmore easily. Complex Cyberattacks are more and more affordable. A ship may become practically speaking an Internetnode with all its risks (should be managed). Let’s be in the look out!
    43. 43. THANK YOU! {alberto,luisenrique}@flagsolutions.net Twitter: @albertoflag , @lencorredera
    44. 44. THANK YOU! {alberto,luisenrique}@flagsolutions.net Twitter: @albertoflag , @lencorredera

    ×