Сравнение хакеров Ирана, Китая и Северной Кореи


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Сравнение хакеров Ирана, Китая и Северной Кореи

  1. 1. Red-­‐DragonRising.com©   взломать  этот!    
  2. 2. Red-­‐DragonRising.com©   Compara>ve  Study:     Global  Cyber  Doctrine     LTCOL  (RET)  William  Hagestad  II     MSc  Security  Technologies   MSc  Management  of  Technology   www.red-­‐dragonrising.com   hagestadwt@red-­‐dragonrising.com   Cyber  as  a  spectrum  of  cyberspace  opera>ons  including   Defensive  Cyberspace  Opera>ons  (DCO)     Offensive  Cyberspace  Opera>ons  (OCO)  
  3. 3. Red-­‐DragonRising.com©   Protec>ng  The  Cyber  Front  Lines  
  4. 4. Red-­‐DragonRising.com©   2014 Top Internet Attacks…. hYp://mybroadband.co.za/news/security/101440-­‐top-­‐internet-­‐aYacks.html   Китайская  Народная  Республика   Соединенные  Штаты  Америки   Россия  
  5. 5. Red-­‐DragonRising.com©   Port  445  most  targeted  port,  reaching   30%  of  observed  aYacks..   hYp://mybroadband.co.za/news/security/101440-­‐top-­‐internet-­‐aYacks.html   The  volume  of  aYacks   targe>ng  Port  80  remained   steady  at  14%  
  6. 6. Red-­‐DragonRising.com©   “21st  Century  Chinese   Cyber  Warfare”   “二十一世紀中國網絡戰”   ISBN: 9781849283342 取締中華人民共和國
  7. 7. Red-­‐DragonRising.com©   ISBN:  978-­‐1482577105 hYp://www.amazon.com/Opera>on-­‐Middle-­‐Kingdom-­‐Computers-­‐Networks-­‐ ebook/dp/B00GTVFJOQ/   取締中華人民共和國
  8. 8. Red-­‐DragonRising.com©   ISBN:  978-­‐1493771974hYp://www.amazon.com/Chinese-­‐Informa>on-­‐Warfare-­‐Doctrine-­‐ Development-­‐ebook/dp/B00GWO12LO/   取締中華人民共和國
  9. 9. Red-­‐DragonRising.com©   ISBN:  978-­‐1496080875hYp://www.amazon.com/Chinas-­‐Plans-­‐Winning-­‐Informa>on-­‐ Confronta>on/dp/1496080874/   取締中華人民共和國
  10. 10. Red-­‐DragonRising.com©  
  11. 11. Red-­‐DragonRising.com©   Cyber Threat Motive Targets of Opportunity Methodologies Capabilities Nation States ~ Peace Time Economic, Military, National Secrets, Political Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure Military & Intel specific cyber doctrine, hacktivists Asymmetric use of the cyber domain short of kinetic Nation States ~ War Time Economic, Military, Political Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure Military & Intel specific cyber doctrine, hacktivists Asymmetric use of the cyber domain including kinetic Cyber Terrorists & Insurgents Political Infrastructure, Extortion and Political Processes Combination of advanced persistent threats (APT) Developing – will be a concern in 2012 Cyber Criminals – Grey & Black Markets Financial Intellectual Property Theft, Fraud, Theft, Scams, Hijacked Network & Computer Resources, Cyber Crime for Hire Exploits, Malware Botnets, Worms & Trojans Cell-based structure as an APT Criminal Organizations – RBN Financial Use of above with distinct planning Highly professional, dangerous Rogue Organizations – Anonymous, LulzSec Financial Military, National Secrets, Political Intellectual Property Theft, Direct & Indirect pressure on OGA Resources Organic hacking capabilities unsurpassed Organized yet de- centralized Руководство  Цифровые  оппоненты  
  12. 12. Red-­‐DragonRising.com©   “Thanks to the increased attack traffic seen from Indonesia, ports 80 and 443 were the most commonly targeted ports, accounting for 41 percent of observed attacks combined.” Indonesia  Overtakes  China…   h4p://www.techinasia.com/report-­‐indonesia-­‐overtakes-­‐china-­‐worlds-­‐biggest-­‐source-­‐online-­‐a4acks/  
  13. 13. Red-­‐DragonRising.com©  
  14. 14. Red-­‐DragonRising.com©  
  15. 15. Red-­‐DragonRising.com©   Where?...  When?   Who  Started  All  This?   hYp://www.defense.gov/releases/release.aspx?releaseid=13551   US  DoD   Militarizes  Cyber   Space…   “We  Are  Coming   for  You  if  your   country  is  a  threat   in  Binary  World!”  
  16. 16. Red-­‐DragonRising.com©   Preemp>ve  Strikes  Will  Be  A   Part  Of  U.S.  Cyber-­‐Defense   Strategy   That  was  in  2010….  
  17. 17. Red-­‐DragonRising.com©   This  is,  however,  2014….   hYp://news.xinhuanet.com/mil/2014-­‐05/21/c_126526347.htm   美方无中生有 别有用心   China:   U.S.  fabricated   charges  with   ulterior   moEves  
  18. 18. Red-­‐DragonRising.com©   China’s  Defense  Ministry:  “China's  military  has  never   stolen  trade  secrets  through  a  network”   United  States   is  calling  this   "commercial   espionage   network”   saying   nothing,   confused  with   ulterior   mo>ves.  
  19. 19. Red-­‐DragonRising.com©   조선 민주주의 인민 공화국  
  20. 20. Red-­‐DragonRising.com©     (1)  for  informa>on  to  obtain  informa>on  and  intelligence   about  each  other’s  means,  capabili>es,  and  strategies;       (2)  against  informa>on  aimed  at  protec>ng  their   informa>on  systems,  while  disrup>ng  or  destroying  the   other  side’s  informa>on  infrastructure;  and       (3)  through  informa>on  reflected  in  the  misinforma>on   and  decep>on  opera>ons  to  shape  their  broader  internal   and  external  strategic  narra>ves.   Korean  Peninsula  IW….   3  levels  of  informa>on  conflict   simultaneously:  
  21. 21. Red-­‐DragonRising.com©  
  22. 22. Red-­‐DragonRising.com©   Cyber-­‐espionage  :  North  Korea's  primary  overseas  intelligence  gathering  unit,   operaEng  under  the  State  Security  Agency  (SSA),  relies  on  cyber-­‐related   techniques  for  cyber-­‐espionage  to  access  informaEon,  steal  sensiEve  data,  &   monitor  foreign  communicaEons.     Computer  network  aYacks  :  North  Korea  has  a4empted  to  disrupt  South   Korea's  sophisEcated  digital  informaEon  infrastructure  using  cyber  a4acks  to   shut  down  major  websites,  disrupt  online  services  of  major  banks,  and  probe   South  Korea's  readiness  to  miEgate  cyber-­‐a4acks         Korean  Cyber  TTPs….  
  23. 23. Red-­‐DragonRising.com©   North  Korean  Army  General  Staff’s  Reconnaissance   Bureau,  Unit  110,  intercepted  confiden>al  defense   strategy  plans...   OPLAN  5027…  detailing  US–ROK  responses  to   poten>al  North  Korean  provoca>ons   US  Military  officer  with  the  ROK–US  Combined   Forces  Command  used  an  unsecured  USB  memory   s>ck  plugged  into  his  PC  while  switching  from  a   highly  secure  private  intranet  to  the  public  Internet   2009  Korean  Cyber  Conflict   Begins….  
  24. 24. Red-­‐DragonRising.com©   North  Korean  hackers  stole  informa>on  from  the  South   Korean  Chemical  Accidents  Response  Informa>on  System   (CARIS)  a–er  infiltra>ng  the  ROK  Third  Army  headquarters’   computer  network  and  using  a  password  to  access  CARIS’s   Center  for  Chemical  Safety  Management   North  Korea’s  overseas-­‐intelligence  gathering  unit  under  the   State  Security  Agency  (SSA)  is  also  believed  to  increasingly   rely  on  informa>on  warfare  techniques  for  cyber-­‐espionage   to  access  informa>on,  steal  sensi>ve  data,  and  monitor   foreign  communica>ons   2009  More  Korean  Cyber   Conflict….  
  25. 25. Red-­‐DragonRising.com©    "Ten  Days  of  Rain"  DDoS  aYacks  targe>ng  South   Korean  government  websites  and  networks  of  the   US  Forces  Korea  (USFK)  las>ng  for  10  days  in  2011…     North  Korea  has  relied  on  informa>on  warfare  to   alter  the  percep>ons  of  its  strategic  plans  –   December  2012,  and  subsequent  third  nuclear  test   in  February  2013,  North  Korea  manipulated  news   stories  as  part  of  a  deliberate  decep>on  campaign   to  hide  its  real  inten>ons.     2010  –  Present  Day  More  Korean   Cyber  Conflict….  
  26. 26. Red-­‐DragonRising.com©   Mouse  &  Keyboard  Cheaper  Than  a  Tank….  
  27. 27. Red-­‐DragonRising.com©   2013  –   DPRK   military   could  turn   to  cyber-­‐ warfare  for   lower  costs    
  28. 28. Red-­‐DragonRising.com©   South  Korea  will  use  military   cyber  F/X  to  thwart  DPRK’s   nuclear  ambi>ons  
  29. 29. Red-­‐DragonRising.com©   South  Korea  government  is  working  to   the  development  of  a  cyber  weapon  to   hit  North  Korean  nuclear  facili>es.  It’s   Informa>on  warfare.  
  30. 30. Red-­‐DragonRising.com©  
  31. 31. Red-­‐DragonRising.com©   Characteristics US North Korea China Started IW/EW 1860’s Founding Father Andrew Carnegie/ Winfield Scott Used as Combined Arms? Yes - 2011 Use of Hacktivism as a Proxy? Yes Official Military Command 2010 External Motivators Global Threats Internet Controls? Yes Criminal Cyber Capability? Yes Impact on Commerce? Yes
  32. 32. Red-­‐DragonRising.com©   Средний  Восток  
  33. 33. Red-­‐DragonRising.com©  
  34. 34. Red-­‐DragonRising.com©   Islamic  Republic  of   Iran  
  35. 35. Red-­‐DragonRising.com©   Iranian  Cyber  Dilemma  
  36. 36. Red-­‐DragonRising.com©   Where  is  Iran…?  
  37. 37. Red-­‐DragonRising.com©    ‫ن‬‫گوناگو‬ ‫های‬ ‫زبان‬ @  Least  18  or   More…diverse   languages…or   dialects….  
  38. 38. Red-­‐DragonRising.com©   Shi’ah…Sunnah…BOTH!   @  Least  12  or  More… diverse  ethnici>es….   &  Yet  2  Religions….  
  39. 39. Red-­‐DragonRising.com©  
  40. 40. Red-­‐DragonRising.com©  
  41. 41. Red-­‐DragonRising.com©   Iran  Needs  Domes>c  Cyber   Defence  Model     Deputy  Chief  of  Staff  of  the  Iranian  Armed  Forces  for  Basij   and  Defense  Culture…                                 -­‐  Brigadier  General  Massoud  Jazayeri   hYp://iranmilitarynews.org/2012/10/  
  42. 42. Red-­‐DragonRising.com©   SEP  2010  
  43. 43. Red-­‐DragonRising.com©   “Iranian  Cyber-­‐Jihadi  Cells  in   America  plot  Destruc>on  on   the  Net  and  in  Reality”   Iranian  Cyber-­‐Jihadi  Cells  in  America  plot  Destruc>on  on   the  Net  and  in  Reality   "Last  September,  Jihadists  who  call  themselves  “Cyber-­‐ Hezbollah”  organised  their  second  conference  in  Teheran.   Islamist  hackers  and  cyber-­‐jihadists  gathered  there  and   decided  to  fight  the  U.S.  and  Europe.  Hassan  Abbasi,   poli>cal  strategist  and  adviser  of  the  Iranian  Revolu>onary   Guards,  was  present,  and  delivered  an  ardent  and  virulent   speech."   NOV  2011  hYp://www.thecuœngedgenews.com/index.php?ar>cle=53212&pageid=&pagename=  
  44. 44. Red-­‐DragonRising.com©   SEP  2012  
  45. 45. Red-­‐DragonRising.com©   OCT  2012  
  46. 46. Red-­‐DragonRising.com©   Mohammad-­‐Reza  Farajipour,  Deputy  Chief  of   Informa>on  Technology  and  Communica>on   of  the  Passive  Defense  Organiza>on  of  Iran   (PDOI)   “….cyber  defense  will  now  be  taught  at  Iranian   universi>es  including  at  the  Tarbiat  Modares   university  in  Tehran  and  also  at  ins>tu>ons  outside   the  capital…”   OCT  2012   hYp://iranmilitarynews.org/category/basij/page/2/  
  47. 47. Red-­‐DragonRising.com©   MAY  2013  
  48. 48. Red-­‐DragonRising.com©   JUN  2013  
  49. 49. Red-­‐DragonRising.com©   JUL  2013  
  50. 50. Red-­‐DragonRising.com©   OCT  2013  
  51. 51. Red-­‐DragonRising.com©   OCT  2012  
  52. 52. Red-­‐DragonRising.com©   JAN  2013  
  53. 53. Red-­‐DragonRising.com©   Izz  ad-­‐Din  al-­‐Qassam  Cyber  Fighters  
  54. 54. Red-­‐DragonRising.com©   …10  JUL  2013  
  55. 55. Red-­‐DragonRising.com©   −  29  OCT  2013   …20  NOV  2013   hYp://world.>me.com/2013/10/29/if-­‐iran-­‐can-­‐get-­‐this-­‐reactor-­‐online-­‐it-­‐may-­‐be-­‐invulnerable-­‐to-­‐ military-­‐aYack/#!   hYp://www.langner.com/en/wp-­‐content/uploads/2013/11/To-­‐kill-­‐a-­‐centrifuge.pdf   hYp://www.foreignpolicy.com/ar>cles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_aYack? page=full  
  56. 56. Red-­‐DragonRising.com©   hYp://www.presstv.com/detail/2013/12/13/339845/iran-­‐to-­‐unveil-­‐indigenous-­‐ cyber-­‐products/   DEC  2013  
  57. 57. Red-­‐DragonRising.com©   MAY  2014   Iran  ‘Bans’  Whatsapp  a–er  Zuckerberg  buys  it   hYp://cyberparse.co.uk/2014/05/05/iran-­‐bans-­‐whatsapp-­‐over-­‐zionist-­‐zuckerberg/   hYp://america.aljazeera.com/ar>cles/2014/5/3/iran-­‐narenji-­‐bloggers.html   However,  Iran’s  president  Hassan  Rouhani     later  tweeted  Iranian  Government  ….    “fully  opposed  to  filtering  of  WhatsApp”.   TwiYer  and  Facebook  have  been  banned  in  Iran  since  2009,  when  protests  against   former  president  Mahmoud  Ahmadinejad  gained  momentum  thanks  to  social  media.   IRAN'S  TECH  BLOGGERS  CAUGHT  IN  THE  POLITICAL   CROSSFIRE   Apoli>cal  bloggers  caught  in  poli>cal  crossfire  between  a  reform-­‐minded   president,  who  has  scaled  back  Iran’s  nuclear  program  ini>ated  a  thaw  w/West,   &  a  right-­‐wing  con>ngent  led  by  the  country’s  supreme  leader,  the  ultra-­‐ conserva>ve  Ayatollah  Khamanei.  
  58. 58. Red-­‐DragonRising.com©   Brigadier  General  Jalali  –     Iran  to  Develop  Home-­‐Designed   Cyber  Defense  System  fully  capable   of  execu>ng  ‫م‬‫نر‬ ‫جنگ‬ ‫  تعريف‬ hYp://english.farsnews.com/newstext.aspx?nn=13930221001069   hYp://theiranproject.com/blog/2014/05/11/iran-­‐to-­‐give-­‐reciprocal-­‐reac>on-­‐to-­‐possible-­‐cyber-­‐aYacks-­‐ official/   MAY  2014    ‫م‬‫نر‬ ‫جنگ‬ ‫تعريف‬ Iran  to  give   reciprocal   reac>on  to   possible  cyber   aYacks:  ‫ف‬‫تعري‬ ‫نرم‬ ‫ جنگ‬
  59. 59. Red-­‐DragonRising.com©   Current  Iran  Cyber  SA…    ‫د‬‫شو‬ ‫تلقی‬ ‫جرم‬ ‫‌ان‬‫ی‬‫‌پ‬‫ی‬‫و‬ ‫از‬ ‫استفاده‬ :‫فتا‬ ‫پلیس‬ ‫ فرمانده‬ • – (  Gen.  Kamal  Hadyanfr,  Iran's  cyber   police  (feta)  today  called  for   criminalizing  the  produc>on,   purchase,  sale  and  use  of  Vypyan     (.VPN)  in  Iran)   •  Iranian  hackers  becoming  more   aggressive   •  Iran's  Opera>on  Saffron  Rose  Advanced   Cyber  Espionage...not  advanced   plagiarized  threats   hYp://www.bbc.co.uk/persian/iran/2014/05/140512_l45_iran_vpn_criminalize.shtml?   hYp://www.reuters.com/ar>cle/2014/05/13/us-­‐cyber-­‐summit-­‐iran-­‐hackers-­‐ idUSBREA4C03O20140513   hYp://www.fireeye.com/blog/technical/malware-­‐research/2014/05/opera>on-­‐ saffron-­‐rose.html  
  60. 60. Red-­‐DragonRising.com©   Why  Iran…?   −  STUXNET   −  DUQU   −  FLAME   −  WIPER….  
  61. 61. Red-­‐DragonRising.com©   Label   Timeframe   Purpose   Target   Na>on  State   Responsible   Na>on  State   Affected   Stuxnet   2004  -­‐   2007   Cyber  /  Physical   Destruc>on   Iranian   Nuclear   Facility  @   Natanz   US  &  Israel   Islamic   Republic  of   Iran   Duqu   2007  –   2011   Cyber  Counter   Intelligence   Industrial   Control   Systems   US  &  Israel   …Taiwan  –   Republic  of   China   Mul>ple…   Flame   2009  -­‐   2012   Cyber   reconnaissance/   cyber  data   exfiltra>on…   Cyber  espionage   Middle   Eastern   computer   systems   US  &  Israel   Iran,  Lebanon,   Syria,  Sudan,   Occupied   Territories  of   Israel   Gauss   2011  -­‐   2012   Cyber   surveillance  /   Banking  Trojan   Middle   Eastern  Banks   Unknown   Lebanon,   Ci>Bank  &   PayPal   Batch   Wiper   2012   Cyber  Destruc>on   Iranian  Oil   Infrastructure   US  &  Israel   Islamic   Republic  of   Iran   Weaponized  Malware  
  62. 62. Red-­‐DragonRising.com©   hYp://arstechnica.com/security/2012/08/na>on-­‐sponsored-­‐malware-­‐has-­‐ mystery-­‐warhead/   Cyber  Weapons     Geo-­‐Infec>ons  
  63. 63. Red-­‐DragonRising.com©   Middle  East…   Threat  ?/  Resource?  
  64. 64. Red-­‐DragonRising.com©   Iranian  Infrastructure…   hYp://www.classwarfareexists.com/wp-­‐content/uploads/2012/02/caspian-­‐sea.jpg  
  65. 65. Red-­‐DragonRising.com©  
  66. 66. Red-­‐DragonRising.com©   Iranian  Infrastructure…   Cyber  Target   Eight Known Iranian Nuclear Sites
  67. 67. Red-­‐DragonRising.com©   Iranian  Military…   &  Nuke  Facili>es…..   −  11.  Ahwaz  92nd  Division  commando  companies,   which  operate  independently  under  their  own   command  are  beYer  known  as  “independent   companies.”     −  Site  above  is  also  used  by  elements  of  the   division’s  2nd  Armored  Brigade.   −  12.  IRGC  92nd  Armored  Division’s  3rd  Armored   Brigade.   −  13.  The  IRGC’s  Isfahan  Ar>llery  Brigade.   −  15.  The  Zargan  power  sta>on  for  the  military   camps  in  the  region  which  runs  on  gas.   −  18.  A  yacht  and  speedboat  marina,  recently   renovated,  for  the  private  use  of  Revolu>onary   Guards  commanders  based  in  the  region.   −  20.  A  light  aircra–  airport  for  ferrying  farm   produce..   −  21.  A  500-­‐meter-­‐wide  canal,  which  links  the   Karun  River  to  the  Majnoun  islands  in  Iraq.  Huge   barges  stand  by  there  in  case  of  an  emergency   calling  for  troops  to  be  moved  quickly  inside  the   Khuzestan  province.   −  22.  A  missile-­‐an>-­‐aircra–  gun  cluster  for   defending  Ahwaz  and  its  environs.  
  68. 68. Red-­‐DragonRising.com©   Quds  –  Iranian  Intelligence   −  Founded  a–er  1979…Iran’s  Revolu>on…    Sepāh-­‐e  Pāsdārān-­‐e  Enqelāb-­‐e  Eslāmi ‫اسالمی‬ ‫انقالب‬ ‫پاسداران‬ ‫ سپاه‬ −Sepāh-­‐e  Pāsdārān-­‐e  Enqelāb-­‐e  Eslāmi  … −  Army  of  the  Guardians  of  the  Islamic  Revolu>on  (IGRC)   −  Commanded  by  Major  General  Qassem  Suleimani   −  Experience  in  Soviet  Afghanistan,  Bosnia….Iraq…’Stan’s   Redux…   −  Iranian  Military  Support  regionally…Syria…   −  Reports  directly  to    Supreme  Leader  of  Iran  Ayatollah  Ali   Khamenei    ‫س‬‫قد‬ ‫نیروی‬   …  Niru-­‐ye  Qods…    ‫س‬‫قد‬ ‫نیروی‬   …..to  organize,  train,  equip,  and  finance  foreign  Islamic   revolu>onary  movements.  Quds  Force  maintains  and   builds  contacts  with  underground  Islamic  militant   organiza>ons  throughout  the  Islamic  world....  
  69. 69. Red-­‐DragonRising.com©   Anonymous  Targets  Iran  with  DoS  aYack…April  2011  
  70. 70. Red-­‐DragonRising.com©  
  71. 71. Red-­‐DragonRising.com©   Iran’s  Cyber  OrganizaEon(s)    High  Council  of  Cyberspace  (Shoray-­‐e  Aali-­‐e  Fazaye  Majazi).     hYp://www.cyberstrategie.org/?q=grands-­‐dossiers/conflits-­‐r%C3%A9gionaux-­‐et-­‐ cyberterrorisme/structure-­‐of-­‐iran%E2%80%99s-­‐cyber-­‐warfare   −  March  2012  –  Order  established  by  Ayatollah  Khamenei   −  Mission  of  ins>tu>ng  high-­‐level  policies  on  the  cyberspace   −  Comprised  of:   •  President  of  Iran   •  Judicial  Power  Leader   •  Parliamentary  Leader   •  IGRC  CINC’s   •  Police   •  Minister  of  Intelligence   •  Telecommunica>ons,  Culture  &  Science  Ministers   All  other  Iranian  organiza>ons  in  charge  of  cyber  opera>ons   are  commiYed  to  implement  the  policies  ins>tuted  by  this   new  government  body  
  72. 72. Red-­‐DragonRising.com©  
  73. 73. Red-­‐DragonRising.com©   Iranian  Military…Cyber  (OFFICIAL)   The  Cyber  Defense  Command”  (Gharargah-­‐e  Defa-­‐e  Saiberi)   −  November  2010  –  Order  established  by  Ayatollah  Khamenei   −  Mission  of  responding  to  NCI  effects  brought  upon  by  Stuxnet   −  Supervised  by  :   •  Joint  Staff  of  the  Armed  Forces  (Setad-­‐e  Kol-­‐e  Niruhay-­‐e  Mosalah)   •  Opera>onally  via  Passive  Civil  Defense  Organiza>on  (Sazeman-­‐e  Padafand-­‐e   Gheyr-­‐e  Amel)   hYp://www.cyberstrategie.org/?q=grands-­‐dossiers/conflits-­‐r%C3%A9gionaux-­‐et-­‐ cyberterrorisme/structure-­‐of-­‐iran%E2%80%99s-­‐cyber-­‐warfare   Mo>va>on  to  establish…..     Coordina>ng  numerous  government  organiza>ons  and   agencies  to  non-­‐militarily  respond  to  a  military  aYack  on  the   country  with  the  goal  of  minimizing  damage  to  the  country’s   infrastructure  and  facili>es  in  the  event  of  a  probable  war…  
  74. 74. Red-­‐DragonRising.com©    ‫ن‬‫ایرا‬ ‫سایبری‬ ‫ارتش‬ hYp://www.rferl.org/content/Iranian_Cyber_Army_Hacks_Website_Of_Farsi1/2223708.html  
  75. 75. Red-­‐DragonRising.com©   Iran’s  Cyber  Army  (UNOFFICIAL)   hYp://www.cyberstrategie.org/?q=grands-­‐dossiers/conflits-­‐r%C3%A9gionaux-­‐et-­‐ cyberterrorisme/structure-­‐of-­‐iran%E2%80%99s-­‐cyber-­‐warfare   −  Highly  skilled  informa>on  technology  specialists  &   professional  hackers  who  obfuscate  their  iden>>es…   −  No  one  claims  responsibility…              And  yet…   −  Unassailable  evidence  suggests  that  the  group  is  affiliated   with  the  IRGC…  
  76. 76. Red-­‐DragonRising.com©   Basij  Paramilitary  Force  –     Cyber  Mili>as  …   (Rogue…&  Effec>ve)   hYp://iranbriefing.net/?p=2682   hYp://www.foxnews.com/story/0,2933,534116,00.html   Iran’s  paramilitary  mili>a  helping  maintain   internal  security…   Primary  Goal  is:   Defeat  of  “Westoxifica>on,”     Iranian  term  for  the  harming  of  Persian  culture     by  Western  influences  present  in  the  cyber  realm  
  77. 77. Red-­‐DragonRising.com©   Iranian  Cyber  Police….   hYp://www.darkgovernment.com/news/iran-­‐cea>ng-­‐its-­‐own-­‐internet/   hYp://www.ho orsecurity.com/blog/iran-­‐allegedly-­‐detected-­‐massive-­‐western-­‐ cyber-­‐aYack-­‐2479.html   Iran:  website  filtering  policy:       −  Google  Plus  network  blocked;   −  Plan  to  unblock  Facebook  denied  and/ or   −  Iranian  top  cyber  police  official:   Facebook  may  be  unblocked  in  the   future….  
  78. 78. Red-­‐DragonRising.com©   CommiYee  to  Iden>fy   Unauthorized  Sites   hYp://privacy.cytalk.com/2012/01/iran-­‐squeezes-­‐web-­‐surfers-­‐prepares-­‐ censored-­‐na>onal-­‐intranet/   Iran  squeezes  Web  surfers,  prepares  censored   na>onal  intranet   Iranians  have  lost  the  right  to  surf  the  Web   anonymously  at  Internet  cafes  as  the   government  reportedly  moves  closer  to  its   ul>mate  goal  of  replacing  the  global   network  with  a  censored  na>onal  intranet.   Iranian  Government  officials  claim  they  need  to  control   access  to  the  Internet  to  counter  what  they  say  is  a  “so–”   cultural  war  being  waged  by  Western  countries  to  influence   the  morals  of  Iranians.  
  79. 79. Red-­‐DragonRising.com©   IRAN’s  Na>onal  Internet   Project   hYp://www.huffingtonpost.com/huff-­‐wires/20121010/ml-­‐iran-­‐spies-­‐online/   Google,  Gmail  blocked  as  Iran  pushes  'na>onal   Internet'   hYp://www.abna.ir/data.asp?lang=3&Id=351147   Reza  Taghipour,  Iran's  informa>on  and   communica>ons  minister,     first  phase  of  Iran’s  na>onwide  project,  covering   governmental  ins>tu>ons  in  29  provinces   launched  September  21.       Taghipour  said  all  Iranian  universi>es  would   become  part  of  this  network  by  early  2013,   puœng  Iran  a  step  closer  to  disconnec>ng  itself   en>rely  from  the  global  Internet.  
  80. 80. Red-­‐DragonRising.com©   Characteristics Iran Russia China Started IW/EW 2005 1999 Founding Father Major General Yahya Rahim Safavi (‫ﺭرﺡحﯼیﻡم‬‫ﺹصﻑفﻭوﯼی‬) S.P. Rastorguev (Расторгуев C.П.) & Marshall Sergeyev (Маршалл Сергеев) Used as Combined Arms? Yes - 2011 Yes 2007 & 2008 Use of Hacktivism as a Proxy? Yes Yes – w/criminal intentions Official Military Command 2010 2010 External Motivators United States of America, UK & Israel United States of America Internet Controls? Yes Yes Criminal Cyber Capability? Yes Yes Impact on Commerce? No Yes
  81. 81. Red-­‐DragonRising.com©  
  82. 82. Red-­‐DragonRising.com©  
  83. 83. Red-­‐DragonRising.com©   US Govt Charges PLA Officers with “Cyber Espionage”…. 5 Chinese Military Hackers…? hYp://camera.china>mes.com/newsphoto/2014-­‐05-­‐20/clipping/B01A00_T_01_04.JPG  
  84. 84. Red-­‐DragonRising.com©   hYp://money.china>mes.com/news/news-­‐content.aspx?id=20140520000344&cid=1207   中國軍事⿊黑客…?
  85. 85. Red-­‐DragonRising.com©  
  86. 86. Red-­‐DragonRising.com©   中國人民解放軍   1949  Informa>on  Warfare  (IW)     Red-­‐DragonRising.com©   毛泽东 Mao  Tse-­‐Tung  
  87. 87. Red-­‐DragonRising.com©   Chinese  View…   16  AUGUST   2011  
  88. 88. Red-­‐DragonRising.com©   Chinese  Perspec>ve….     –   “A  Sovereign  Country  Must  Have  Strong  Defense”  by  Min  Dahong,   director  of  the  Network  &  Digital  Media  Research  Office  @  China  Academy   of  Social  Sciences;     –  “America’s  ‘Pandora’s  Box’  Cyber  Strategy  Confuses  the  World”  by  Shen  Yi   -­‐  Fudan  University’s  Department  of  Interna>onal  Poli>cs;     –  “Cyber  Power  ‘Shuffles  the  Cards’:  How  China  Can  Overtake  the   Compe>>on”  by  Tang  Lan,  Ins>tute  of  Informa>on  and  Social   Development  Studies  at  the  China  Ins>tute  of  Contemporary  Interna>onal   Rela>ons;  and     –  “How  to  Construct  China’s  Cyber  Defenses”  by  Liu  Zengliang,  from  the  PLA   Na>onal  Defense  University   Red-­‐DragonRising.com©   hYp://www.rmlt.com.cn/qikan/2011-­‐08-­‐16/   16  AUGUST  2011  –  People’s  Tribune  Magazine  -­‐  (⼈人民论坛杂志)     publishes  several  ar>cles…      4  are  very  problema>c  for  the  United  States….  
  89. 89. Red-­‐DragonRising.com©   China's  PLA  Has  Won  the  Cyber  War   Because  They  Hacked  U.S.  Plans  for   Real  War   hYp://www.nextgov.com/cybersecurity/2013/05/china-­‐winning-­‐cyber-­‐war-­‐because-­‐they-­‐hacked-­‐us-­‐ plans-­‐real-­‐war/63740/  
  90. 90. Red-­‐DragonRising.com©   hYp://www.digitalaYackmap.com/#anim=1&color=0&country=ALL&>me=16205&view=map   Digital  AYack…Chinese  Perspec>ve….  
  91. 91. Red-­‐DragonRising.com©   hYp://www.chinasmack.com/2010/more/cannons-­‐english-­‐ teacher-­‐seduc>on-­‐june-­‐9th-­‐jihad.html  
  92. 92. Red-­‐DragonRising.com©   誰是中國?  
  93. 93. Red-­‐DragonRising.com©   第一…中國共產黨 (CPC) 第二…人民解放军 (PLA) 第三… 中國國有企業 (SOE) 第四個…中國黑客 (Dark Guests) 中國黑客….   4 Groups…Official & Unofficial….
  94. 94. Red-­‐DragonRising.com©   Chinese  Informa>on  Control   Ø Chinese  Government  Intent   ü Golden  Shield…Filter  the  Chinese  Internet   o Designed  1998   o Opera>onal  NOV  2003   o CISCO  powered  –  cost  $  800M  USD   o China’s  Ministry  of  Public  Security  (MPS)  operates….   ü Green  Dam….  Chinese  Government  Spyware  effec>ve   1  July  2009…new  PC’s  must  have  ….   Ø Military  Focus   Ø Civilian  Dimension  –  control  freedom  of  search                          –  control  freedom  of  speech   hYp://www.certmag.com/read.php?in=3906   hYp://www.e-­‐ir.info/2010/04/13/chinese-­‐informa>on-­‐and-­‐cyber-­‐warfare/   hYp://www.zdnet.com/blog/government/china-­‐demands-­‐new-­‐pcs-­‐carry-­‐spyware/ 4906  
  95. 95. Red-­‐DragonRising.com©   ►  Codified cyber warfare in 2010… •  In response to US Cyber Command 6 months earlier… ►  Official Edict: “protect national infrastructure from external cyber threats” – President Hu Jin tao ►  President Hu’s successor Xi Jin ping …. Motivations: •  Maintain & Retain Chinese Dream… •  Ensure China’s Sovereignty… •  Control Freedom of Search… •  Ensure stable transition of Communist Regime… 中國共產黨 - CPC  
  96. 96. Red-­‐DragonRising.com©   Purify  the  internet….   Former  Chinese  President  Hu  Jintao  had  declared   Communist  party's  intent  to  strengthen   administra>on  of  the  online  environment  &  maintain   the  ini>a>ve  in  online  opinion…   ü "Maintain  the  ini>a>ve  in  opinion  on  the  Internet;   ü   “Raise  the  level  of  guidance  online”;  and,   ü "We  must  promote  civilized  running  and  use  of  the   Internet  and  purify  the  Internet  environment….”     hYp://www.reuters.com/ar>cle/2007/01/24/us-­‐china-­‐internet-­‐hu-­‐idUSPEK9570520070124   Chinese  Communist  officials  to  intensify  control  even  as  they   seek  to  release  the  Internet's  economic  poten>al.     "Ensure  that  one  hand  grasps  development  while  one  hand   grasps  administra>on…"  
  97. 97. Red-­‐DragonRising.com©   Chinese  Cyber  Police   hYp://www.bj.cyberpolice.cn/index.do    
  98. 98. Red-­‐DragonRising.com©   Should  look  like  this…..  
  99. 99. Red-­‐DragonRising.com©   Remember  #Team  Ghost  Shell  
  100. 100. Red-­‐DragonRising.com©   ►  500 BC Sun-Tzu’s Art of War – basis ►  Sun Ping’s Military Methods ►  1995 - Major General Wang Pufeng – Founding father of Chinese Information Warfare (IW) ►  1999 - War Without Limits – PLAAF Senior Colonel’s Qiao Liang & Wang Xiangsui ►  2002 - PLA's IW strategy spearheaded by Major General Dai Qingmin - 人民解放军-­‐  PLA   Integrated  Network-­‐Electronic  Warfare  (INEW)    
  101. 101. Red-­‐DragonRising.com©   General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’… General Zhang Qinsheng 章沁生 General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天 Vice Admiral Sun Jianguo 孙建国 Major General Hou Shu sen 侯树森 Official  Statement  of  Chinese  IW   20 JUL 2010 – ‘ordered by President Hu Jintao to handle cyber threats as China enters the information age, & strengthen the nation's cyber-infrastructure’ 漢族…Han Chinese Communist… Technologists… PLA Leaders…. & 中國人
  102. 102. Red-­‐DragonRising.com©   •  Major General Hu Xiaofeng, Deputy Director for the National Defense University Department of Information Warfare and Training Command •  Professor Meng Xiangqing, National Defense University Institute for Strategic Studies 目前中國網絡戰的戰術   China’s “Goal is to achieve a strategic objective…over adversaries…” “You have to meet my political conditions or your government will be toppled, or you promise to meet some of my political conditions.” 黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/
  103. 103. Red-­‐DragonRising.com©     “…train  a  new  type  of  high-­‐caliber  military  personnel  in  large  numbers,   intensively  carry  out  military  training  under  computerized  condi>ons,  and   enhance  integrated  combat  capability  based  on  extensive  IT  applica>on…”;     “…implement  the  military  strategy  of  ac>ve  defense  for  the  new  period,  and   enhance  military  strategic  guidance  as  the  >mes  so  require”;     “…strengthen  na>onal  defense  aim  to  safeguard  China's  sovereignty,  security  and   territorial  integrity  and  ensure  its  peaceful  development…“;     “…enhance  the  capability  to  accomplish  a  wide  range  of  military  tasks,  the  most   important  of  which  is  to  win  local  war  in  an  informa>on  age…“;   Chinese  Military  ….  Future  OPS   hYp://news.xinhuanet.com/english/special/18cpcnc/ 2012-­‐11/08/c_131959900.htm   8  NOV  2012:  President  Hu  JinTao:     “China  will  speed  up  full     military  IT  Applica>ons  by  2020”  
  104. 104. Red-­‐DragonRising.com©   國有企業  –     State  Owned  Enterprises   中华人民共和国工业和信息化部 Ø  Commercial theme, profit oriented… Ø  Research base, ties to Chinese Academy of Sciences (CAS)… Ø  International interest & focus…developing countries… Ø  No organic innovation capabilities… Ø  Foreign cyber espionage capability via PLA (GSD) & MSS… Common Themes…
  105. 105. Red-­‐DragonRising.com©   Chinese Military Sabotage India’s State Owned Telco BSNL’s Base Station PLA SOE Huawei implicated 華為   hYp://beyondheadlines.in/2014/01/chinese-­‐military-­‐sabotage-­‐indias-­‐state-­‐owned-­‐telco-­‐bsnls-­‐base-­‐ sta>on/   Earlier  NSC  warned  of  Huawei,  ZTE’s  links  with  Chinese   Military  
  106. 106. Red-­‐DragonRising.com©   •  2001 …. Insider plants data exfiltration trojan •  Corporate executives targeted…. •  Leadership avoids ignores warnings of threat •  Telecommunications Intellectual Property data theft continues unabated…for TEN years •  Market valuation and position lost… •  2011 … Nortel ceases to exist as a Canadian Company…. •  Chinese State Owned Enterprises…Huawei ZTE suddenly take global leadership in telephony…. Nortel  Case  Study…   6  JUNE  2012  “  Secret  Memo  Warns   of  Canadian  Cyber  Threat  A–er   Nortel  AYack….”  
  107. 107. Red-­‐DragonRising.com©  
  108. 108. Red-­‐DragonRising.com©   Ø  Originally supported by CPC & PLA •  Now uncontrollable….Golden Shield Project? •  Comment Group… •  Elderwood Gang… •  Use of known Chinese malware for commercial purposes now… Ø  Reinforce PRC’s nationalism via the web •  Taiwan, the renegade Chinese Province •  Punishing Japan for WWII war crimes, Daiyu Islands •  Confronting Philippines, Oil near Huangyuan •  Codera’s anti-Chinese web rhetoric Ø  Capability to carry out Chinese State Policies without attribution…. 黑客 –  “Dark  Guests”  
  109. 109. Red-­‐DragonRising.com©   Characteristics Iran North Korea China Started IW/EW 2005 1999 1995 Founding Father Major General Yahya Rahim Safavi( ‫ﺭرﺡحﯼیﻡم‬‫ﺹصﻑفﻭوﯼی‬ ) N/A Major General Wang Pu Feng (少將王浦峰) Used as Combined Arms? Yes - 2011 Yes 2010 Yes - 2011 Use of Hacktivism as a Proxy? Yes Yes – w/criminal intentions Yes Official Military Command 2010 Unknown 2010 External Motivators United States of America, UK & Israel South Korea & USA United States of America Internet Controls? Yes Yes Yes Criminal Cyber Capability? Yes Yes Yes Impact on Commerce? No Yes Yes
  110. 110. Red-­‐DragonRising.com©                      @Red-­‐DragonRising     hYp://www.linkedin.com/in/RedDragon1949   Red-­‐DragonRising.com  
  111. 111. Red-­‐DragonRising.com©  
  112. 112. Red-­‐DragonRising.com©   Cyber  War  Misunderstood….   1)  AYacker  has  the  Advantage  over  the  Defender   hYp://smallwarsjournal.com/jrnl/art/why-­‐your-­‐intui>on-­‐about-­‐cyber-­‐warfare-­‐is-­‐probably-­‐wrong  
  113. 113. Red-­‐DragonRising.com©   Conclusions   1)  Cyber-­‐espionage  is  state  sponsored;  yet  direct  aYribu>on  is  an  illusion….   2)  Iran,  Russia  &  中國 plan  cyber-­‐espionage  –  defensively  &  offensively;   3)  Each  Na>on  State  has  separate  &  dis>nct  reasons…   4)  All  Three  Countries  started  their  military  cyber  commands  in  2010;   5)  Cultural,  economic,  historical  &  linguis>c  threads  for  Iranian,  Russian  &   Chinese  cyber-­‐espionage;   6)  Ci>zen  hacking  an  unofficial  proxy  cyber  force  mul>plier;   7)  Commercial  enterprises  &  all  organiza>ons  worldwide  are  permeable  to  cyber   hacking  in  all    form  &  methods;   8)  Foreign  language  malware,  RATs,  Botnets  are  undiscoverable….un>l  now…  
  114. 114. Red-­‐DragonRising.com©   9)  Iranian  (Persian),  Russian  &  Mandarin  languages  are  an   excep>onal  form  of  cryptography…   10) All  Western  InfoSec  Technology  are  ineffec>ve  against   Foreign  cyber  aYacks…un>l  now…   11)   Organiza>ons  cannot  defend  against  various  alleged   Iranian,  Russian  &  Chinese  informa>on  warfare  threats…   12)   Offensive  Cyber  Capabili>es  must  be  developed…..protect   your  IP  &  Network   13) Na>on  State  cyber-­‐espionage  threats  are  very  serious  &  will   only  become  much,  much    worse…..   Conclusions  
  115. 115. Red-­‐DragonRising.com©  
  116. 116. Red-­‐DragonRising.com©   IRANIAN  References…   •  hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238   •  hYp://www.reuters.com/ar>cle/2012/10/03/us-­‐iran-­‐cyber-­‐idUSBRE8920MO20121003   •  hYp://www.eurasiareview.com/03102012-­‐us-­‐israeli-­‐cyber-­‐aYacks-­‐against-­‐iran-­‐con>nue-­‐ with-­‐assault-­‐on-­‐internet-­‐oped/?   •  hYp://www.csoonline.com/ar>cle/718068/iran-­‐s-­‐cyberaYack-­‐claims-­‐difficult-­‐to-­‐judge-­‐ experts-­‐say?source=rss_cso_exclude_net_net   •  hYp://www.cyberstrategie.org/?q=grands-­‐dossiers/conflits-­‐r%C3%A9gionaux-­‐et-­‐ cyberterrorisme/structure-­‐of-­‐iran%E2%80%99s-­‐cyber-­‐warfare   •  hYp://thediplomat.com/2012/06/26/is-­‐u-­‐s-­‐in-­‐iran-­‐cyber-­‐war/   •  hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238   •  hYp://www.reuters.com/ar>cle/2012/10/03/us-­‐iran-­‐cyber-­‐idUSBRE8920MO20121003   •  hYp://www.eurasiareview.com/03102012-­‐us-­‐israeli-­‐cyber-­‐aYacks-­‐against-­‐iran-­‐con>nue-­‐ with-­‐assault-­‐on-­‐internet-­‐oped/?   •  hYp://www.csoonline.com/ar>cle/718068/iran-­‐s-­‐cyberaYack-­‐claims-­‐difficult-­‐to-­‐judge-­‐ experts-­‐say?source=rss_cso_exclude_net_net   •  h4p://www.guardian.co.uk/world/iran-­‐blog/2012/mar/13/qassem-­‐suleimani-­‐issues-­‐warning  
  117. 117. Red-­‐DragonRising.com©   People’s  Republic  of  China  References…   •  h4p://thediplomat.com/2013/04/19/is-­‐cyber-­‐war-­‐the-­‐new-­‐cold-­‐war/?all=true   •  h4p://chinadigitalEmes.net/2013/04/cybersecurity-­‐and-­‐the-­‐new-­‐cold-­‐war/?   •  h4p://thediplomat.com/2011/08/25/did-­‐china-­‐Ep-­‐cyber-­‐war-­‐hand/   •  h4p://thediplomat.com/2009/08/13/on-­‐the-­‐cyber-­‐warpath/   •  h4p://thediplomat.com/2011/11/09/china%E2%80%99s-­‐cyber-­‐moves-­‐hurt-­‐beijing/?all=true   •  William  J.  Lynn  III  W.  Defending  a  New  Domain:  The  Pentagon's  Cyberstrategy.//  Foreign  Affairs.   September/October  2010.   •  h4p://www.foreignaffairs.com/arEcles/66552/william-­‐j-­‐lynn-­‐iii/defending-­‐a-­‐new-­‐ domain(29.08.2010)   •  h4p://www.rawstory.com/rs/2010/0829/pentagon-­‐weighs-­‐applying-­‐preempEve-­‐warfare-­‐ tacEcs-­‐internet/  (30.08.2010)   •  h4p://thediplomat.com/2013/04/19/is-­‐cyber-­‐war-­‐the-­‐new-­‐cold-­‐war/?all=true   •  h4p://www.nccgroup.com/en/our-­‐services/security-­‐tesEng-­‐audit-­‐compliance/technical-­‐ security-­‐assessment-­‐penetraEon-­‐tesEng/the-­‐latest-­‐origin-­‐of-­‐hacks/   Image  References:   hYp://techandscience.com/   hYp://www.website-­‐guardian.com/   hYp://mashable.com/2013/04/23/global-­‐malware-­‐report/  
  118. 118. Red-­‐DragonRising.com©   •  h4p://www.wired.com/2014/01/how-­‐the-­‐us-­‐almost-­‐killed-­‐the-­‐internet/all/  
  119. 119. Red-­‐DragonRising.com©   William T Hagestad II Red Dragon Rising RedDragon1949 hagestadwt@red-dragonrising.com Red-dragonrising.com