Your SlideShare is downloading. ×
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
CyberTerrorism - A case study for Emergency Management
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CyberTerrorism - A case study for Emergency Management

5,442

Published on

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or …

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”
by Kevin G. Coleman

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,442
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
384
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo
  • 2. Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)
  • 3. Cyberterrorism Prepare, Plan and Stay in Business
  • 4. Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute
  • 5. Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)
  • 6. Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY
  • 7. Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia
  • 8. Cyberterrorism Prepare, Plan and Stay in Business  Case Study quot;A botnet is comparable to compulsory military service for windows boxesquot; Stromberg, http://www.honeynet.org/papers/bots/
  • 9. Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft
  • 10. Cyberterrorism Prepare, Plan and Stay in Business
  • 11. Cyberterrorism Prepare, Plan and Stay in Business quot;We have seen offers that will allow a customer to send a million emails for under $100,quot; Henry says. quot;If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.quot;
  • 12. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)
  • 13. Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan
  • 14. Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events
  • 15. Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans
  • 16. Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack
  • 17. Cyberterrorism Prepare, Plan and Stay in Business
  • 18. Cyberterrorism Prepare, Plan and Stay in Business
  • 19. Cyberterrorism Prepare, Plan and Stay in Business
  • 20. Cyberterrorism Prepare, Plan and Stay in Business
  • 21. Cyberterrorism Prepare, Plan and Stay in Business
  • 22. Cyberterrorism Prepare, Plan and Stay in Business
  • 23. Cyberterrorism Prepare, Plan and Stay in Business
  • 24. Cyberterrorism Prepare, Plan and Stay in Business
  • 25. Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack
  • 26. Cyberterrorism Prepare, Plan and Stay in Business
  • 27. Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications
  • 28. Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 29. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 30. Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 31. Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
  • 32. Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control
  • 33. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 34. Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project
  • 35. Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)
  • 36. Cyberterrorism Prepare, Plan and Stay in Business Questions ?
  • 37. Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo

×