Cyberwar Update2010


Published on

A lot has happened since the last Cyberwar presentation was posted. This Update2010 includes Iranian cyberwar, South Korea and US Gov attacks, Twitter outage, and the China Google attacks

Published in: Technology
1 Comment
  • Please help me ADD TO>>>> FAVORITES! <<<<<PLEASE!

    Thanks Thank you, thank you very much!
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Cyberwar Update2010

    1. 1. Cyberwar update. 2010 <ul><li>Richard Stiennon </li></ul><ul><li>Chief Research Analyst </li></ul><ul><li>IT-Harvest </li></ul><ul><li>Blog: </li></ul><ul><li> </li></ul>
    2. 2. <ul><li>Blog: </li></ul><ul><li> </li></ul>
    3. 3. Threat hierarchy <ul><li>Information Warfare </li></ul><ul><li>CyberCrime </li></ul><ul><li>Hactivism </li></ul><ul><li>Vandalism </li></ul><ul><li>Experimentation </li></ul>Increasing Threat
    4. 4. Threat hierarchy is a time line! <ul><li>Information Warfare </li></ul><ul><li>CyberCrime </li></ul><ul><li>Hactivism </li></ul><ul><li>Vandalism </li></ul><ul><li>Experimentation </li></ul>1998 1998 1998 1998 1999 2000 2004 2008
    5. 5. Sun Tzu on Spies “ Only a brilliant ruler or a wise general who can use the highly intelligent for espionage is sure of great success.”
    6. 6. Allen Dulles on Sun Tzu “ It is no wonder that Sun Tzu's Book is a favorite of Mao Tse-Tung and is required reading For Chinese Communist tacticians” -A.W. Dulles, The Craft of Intelligence
    7. 7. A Chinese Communist Tactician “ Sun Tzu is a grand strategist without parallel in history” - Chai Yuqui, Nanjing Army Command Academy, Speaking at 6 th annual international conference on Sun Tzu and the Art of War, 2004, Beijing
    8. 8. Chinese Thinking <ul><li>Wang Qingsong, Modern Military-Use High Technology, 1993 </li></ul><ul><li>Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High Tech Conditions1994 </li></ul><ul><li>Li Qingshan, New Military Revolution and High Tech War, 1995 </li></ul><ul><li>Wang Pufeng, InformationWarfare and the Revolution in Military Affairs, Beijing: 1995; </li></ul><ul><li>Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the New Military Revolution,1996; </li></ul><ul><li>Li Qingshan, New Military Revolution and High Tech War, 1995 </li></ul><ul><li>Dai Shenglong and Shen Fuzhen, Information Warfare and Information Security Strategy, 1996 </li></ul><ul><li>Shen Weiguang, On New War 1997 </li></ul>
    9. 9. From Decoding the Virtual Dragon -Timothy Thomas “ Network confrontation technology — intercepting, utilizing, corrupting, and damaging the enemy’s information and using false information, viruses, and other means to sabotage normal information system functions through computer networks.” -General Xu Xiaoyan, the former head of the Communications Department of the Chinese General Staff. 2004
    10. 10. A prediction “ If Xu’s suggestions were accepted, then one might expect to see more active reconnaissance and intelligence activities on the part of the PLA(as seems to be occurring!)” That exclamation point is Thomas’s.
    11. 11. Shawn Carpenter uncovers Titan Rain <ul><li>An IP address that was attacking Lockheed Martin is recognized </li></ul><ul><li>Open back door leads to next hop of investigation </li></ul><ul><li>Critical documents belonging to Army Research, Nasa, and others </li></ul><ul><li>First military CI, then FBI involvment </li></ul><ul><li>Shawn loses his job and all his leads go cold </li></ul>
    12. 12. Ghost Net Report – March 2009 <ul><li>1,200 computers including ministry and NATO machines </li></ul><ul><li>Looking for attribution </li></ul><ul><li>Attacks on the office of the Dalai Lama </li></ul><ul><li>Joint Strike Fighter Breach April 21, 2009 </li></ul>
    13. 13. Joint Strike Fighter
    14. 14. Dec. 17, 2009 - Drone transmissions in the clear Predator Beast of Kandahar
    15. 15. What is DDoS? <ul><li>Distributed Denial of Service attack: Disabling or destroying an online resource through overwhelming it via too many requests. </li></ul><ul><li>Ping floods </li></ul><ul><li>Get Floods </li></ul><ul><li>Syn Floods </li></ul>
    16. 16. Crowd sourcing applied to DDoS The Orange Revolution
    17. 17. Putin reacts Nashi summer camp ‘07
    18. 18. Estonia April 27th, 2009
    19. 19. Cyber Defcon 1 Georgia: August 8, 2008
    20. 20. Three related attacks, April 2008 <ul><li>CNN </li></ul><ul><li>The Sports Network </li></ul><ul><li>SlideShare </li></ul><ul><ul><li>Take down requests </li></ul></ul><ul><ul><li>5-10 password reset requests/day </li></ul></ul><ul><ul><li>Irate call </li></ul></ul><ul><ul><li>DDoS </li></ul></ul>
    21. 21. Twitter as tool of riot creation <ul><li>Post Iranian election Twitter was used to support virtual riots via DDoS </li></ul>
    22. 22. Twitter escalation Phase 1. Hacking instructions sites. Phase 2. Links to Phase 3. Links to a specially crafted site that opens 15 frames on
    23. 23. The good and the bad of social networks as attack vector Good: Hard to sustain Bad: Way too easy
    24. 24. Summer 2009 <ul><li>US Gov sites and S.Korean Sites </li></ul><ul><li>TCP SYN, UDP, ICMP, Get floods </li></ul><ul><li>Malicious dropper </li></ul><ul><li>200K bots </li></ul>
    25. 25. CYXYMU falls afoul of pro-Russian activists. August 2009 <ul><li>FaceBook </li></ul><ul><li>Live Journal </li></ul><ul><li> </li></ul><ul><li>Twitter </li></ul>
    26. 26. Aurora: China vs Google <ul><li>January 12, 2010 Google reveals successful hack against their servers/data </li></ul><ul><li>34 other organizations included in same incident. Adobe, Lockheed Martin, and a law firm suing China. </li></ul><ul><li>Zero day flaw in Internet Explorer is the weapon </li></ul><ul><li>Spear phishing via IM is the delivery vehicle. </li></ul><ul><li>Shades of Haephrati, GhostNet, etc. </li></ul>
    27. 27. Parting thought: <ul><li>History teaches that war begins when governments believe the price of aggression is cheap. </li></ul><ul><li>-Ronald Reagan </li></ul>
    28. 28. Blog: email: [email_address] Twitter: