CyberTerrorism - A case study for Emergency Management

Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo

Presentation Developed By: Ricardo A. Reis ricardo.areis@unifesp.br ricardo.areis@gmail.com CCO, Federal University of São Paulo For use by: The International Consortium for Organization Resilience (ICOR)

Cyberterrorism Prepare, Plan and Stay in Business

Cyberterrorism Prepare, Plan and Stay in Business Cyber Terrorism is defined as: “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. Coleman of the Technolytics Institute

Cyberterrorism Prepare, Plan and Stay in Business Emergency management is defined as: “Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.” Extension Disaster Education Network (EDEN)

Cyberterrorism Prepare, Plan and Stay in Business EMERGENCY MANAGEMENT LIFE CYCLE 1 - PREVENTION/MITIGATION 2 - PREPAREDNESS 3 - RESPONSE 4 - RECOVERY

Cyberterrorism Prepare, Plan and Stay in Business  Case Study Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software. From Wikipedia, the free encyclopedia

Cyberterrorism Prepare, Plan and Stay in Business  Case Study \"A botnet is comparable to compulsory military service for windows boxes\" Stromberg, http://www.honeynet.org/papers/bots/

Cyberterrorism Prepare, Plan and Stay in Business  Cyberterrorism & Botnet's  Distributed Denial-of-Service Attacks  Spamming  Sniffing Traffic  Keylogging  Spreading new malware  Installing Advertisement Addons  Browser Helper Objects (BHOs)  Google AdSense abuse  Attacking IRC Chat Networks  Mass identity theft

Cyberterrorism Prepare, Plan and Stay in Business \"We have seen offers that will allow a customer to send a million emails for under $100,\" Henry says. \"If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement.\"

Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION  Compliance with Security Standards ISO 27001/27002  Think in Business Continuity and IT Infrastructure Recovery  Make a Computer Security Incident Response Team  Monitor IT Infrastructure  Internet Bandwidth  DNS Services  WEB Services  EMAIL Services  Pre-Contact with external agency  Upstream ISP  Regional Computer Security Incident Response Team (CSIRT)

Cyberterrorism Prepare, Plan and Stay in Business  PREPAREDNESS  Development and practice of multi-agency coordination and incident command  Development and practice Incident Response Plan

Cyberterrorism Prepare, Plan and Stay in Business  RESPONSE  Established Incident Command  Notify CSIRT  Active Incident Response Plan  Never use 100% of your CSIRT Team  Don't stop Triage Process  Communicate Major Events

Cyberterrorism Prepare, Plan and Stay in Business  RECOVERY  If necessary active Business Recovery Plan  Document the Major Event  Communicate the end of Major Events  Update all Plans

Cyberterrorism Prepare, Plan and Stay in Business A SIMULATED ? Distributed Denied of Service Attack

Cyberterrorism Prepare, Plan and Stay in Business !!! REAL LIFE !!! Distributed Denied of Service Attack

Cyberterrorism Prepare, Plan and Stay in Business The main targets have been the websites of: · the Estonian presidency and its parliament · almost all of the country's government ministries · political parties · three of the country's six big news organisations · two of the biggest banks; and firms specializing in communications

Cyberterrorism Prepare, Plan and Stay in Business NUMBER’S Attacks Destination Address or owner 35 “195.80.105.107/32″ pol.ee 7 “195.80.106.72/32″ www.riigikogu.ee 36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee 2 “195.80.124.53/32″ m53.envir.ee 2 “213.184.49.171/32″ www.sm.ee 6 “213.184.49.194/32″ www.agri.ee 4 “213.184.50.6/32″ 35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance) 1 “62.65.192.24/32″ http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 21 2007-05-03 17 2007-05-04 31 2007-05-08 58 2007-05-09 1 2007-05-11 http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Cyberterrorism Prepare, Plan and Stay in Business Attacks Date 17 less than 1 minute 78 1 min - 1 hour 16 1 hour - 5 hours 8 5 hours to 9 hours 7 10 hours or more http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Cyberterrorism Prepare, Plan and Stay in Business Attacks Bandwidth measured 42 Less than 10 Mbps 52 10 Mbps - 30 Mbps 22 30 Mbps - 70 Mbps 12 70 Mbps - 95 Mbps http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Cyberterrorism Prepare, Plan and Stay in Business BOTNET’S Command and Control

Cyberterrorism Prepare, Plan and Stay in Business Shadow SERVER Project

Cyberterrorism Prepare, Plan and Stay in Business  PREVENTION/MITIGATION ( AGAIN !!!!!! )  Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies )  Make a Computer Security Incident Response Team ( Your First Response Team)  Pre-Contact with external agency  Upstream ISP  Regional (CSIRT)

Cyberterrorism Prepare, Plan and Stay in Business Questions ?

Cyberterrorism A case study for Emergency Management Ricardo A. Reis, Security Officer & Hospital São Paulo

CyberTerrorism - A case study for Emergency Management

0 comments

Notes on slide 1

1 Favorite