Beza belayneh information_warfare_brief


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Beza belayneh information_warfare_brief

  1. 1. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate WorldOpeningThank you for the questions and I am pleased to provide you detailed answersbelow. As you may know, issues of information security are changing with deathdefying speed and what was a solution yesterday may not be valid and what wasa threat yesterday now changed today as a full blown attack.I would take cognisance of current information security threats and trends in myresponses, remarks and overall presentation. This would help the audience tosee the very current picture of the issue at hand.Very crucial fact that is often times ignored is that the ultimate objective of anyinformation security measure is to protect human safety. Networks are underrelentless attack, secure systems are breached, Information is stolen, andinformation is bought and sold.Just 5 days ago, researchers at the Internet Storm Center, an early warningsystem for Internet threats that is operated by the SANS Institute revealed thatmedical devices, MRI machines, infected with Conficker worm.This clearly brought the issue of information warfare attack to the level of a direct threatto human life. This is in addition to the recently reported security breach of the USpower grid.The battle for information dominance is raging. Hackers attempt to break securednetworks every 36 seconds. 250 new viruses are created every month. Over a trillionRand lost as a result of various attacks and breaches that amount to be calledinformation warfare. Many skeptics are starting to believe that we are at war. I ampresenting not as a prophet of doom, but clearly providing the high risks presented byinformation warfare attacks. Today the world where the name of the game is deceptionis a world that businesses and managers ignore at their peril.Let me start by asking why should businesses be interested in information warfare? Thereason is simple, because information warfare is interested in business. Thepresentation will show clearly series of current trends, weapons and experiences ofnumerous organisations that lost so much business and money.Simply put. Information warfare consists of those actions intended to protect, exploit,corrupt, deny, or destroy Information or information resources in order to achieve asignificant advantage, objective, or victory over a Competitor.Before the responses, I would list few highly publicized and notable cases whereinformation warfare attacks had taken place and critical systems were compromised forthe past 12 months. To date, the best practices for information security in the privatesector have focused on defence. Tremendous efforts have gone into developing andmarketing defensive network tools – so much so that the market space is cluttered Beza Belayneh 1
  2. 2. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate WorldAn array of “solutions” which become difficult to distinguish. Capabilities for activecountermeasures have, for the most part, been considered outside of the appropriatescope of response for commercial enterprises. For a complete defense, offense must beconsidered. The concept of warfare comes in.Warfare in Business After all numerous business books are cluttered with concepts like flanking strategy, first–strike advantage, price wars, competitors’ intelligence, guerrilla marketing, killerapplication and so on. The similarity between military and business is growing each day.Both involve adversaries with various assets, motives and competing goals.It is for this reason, information warfare has become a serious issue in the corporateworld and is regarded as an emerging threat by numerous authorise in the informationsecurity field including the annual Georgia Tech Information Security Centre. GeorgiaTech declared information warfare (Cyber warfare) as one of the emerging threats for2009 in its annual Emerging Cyber Threats Report for Beza Belayneh 2
  3. 3. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate WorldBackgroundSerious and Notable information warfare related attacks and breaches • Conficker worm hits hospital devices April 30th, 2009 By Elise Ackerman A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat. The worm, known as "Conficker," has not harmed any patients, they say, but it poses a potential threat to hospital operations."A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker," said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute…( • Chinese Hacktivists Waging Peoples Information Warfare Against CNN "We continue to import their junk with the lead paint on them and the poisoned pet food and export, you know, jobs to places where you can pay workers a dollar a month to turn out the stuff that were buying from Wal-Mart." Speaking about the U.S. trade deficit with China on “The Situation Room”, Cafferty did not realize that his statement would provoke what amount to be unprecedented information warfare attack on CNN website by Chinese hackers. • Information warfare attack on Israeli Businesses - When Israeli tanks roll into Gaza, Pro-Palestinian hackers shut down approximately 700 Israeli web domains. A range of different Web sites were targeted by the group, including Web sites of banks, medical centers, car manufacturers and pension funds. Well-known companies and organizations, including Bank Hapoalim, the Rambam Medical Center, Bank Otsar Ha-Hayal, BMW Israel, Subaru Israel and Citroen Israel, real estate company Tarbut-Hadiur and the Jump fashion Web site all found their Web sites shut down and replaced by the message: Hacked by Team-Evil Arab hackers u KILL Palestine people we KILL Israel Beza Belayneh 3
  4. 4. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World • Major corporations’ websites in New Zealand were attacked Turkish hackers broke into the New Zealand based registrar (which belongs to MelbourneIT) and redirected some of their customers high profile web sites to a third party server with a defaced page. Companies which had their New Zealand web sites defaced include Microsoft, HSBC, Coca-Cola, F-secure, Bitdefender, Sony and Xerox. Mirror sites are at • Information warfare attacks on Danish sites Danish artist Kurt Westergaard never anticipated his drawings will cause unprecedented information warfare attack on numerous Danish websites. Internet hackers have attacked a website run by Denmarks Free Press Society selling prints of a controversial cartoon of the Prophet Mohammed, the groups director • Information Warfare Monitor uncovered cyber espionage network Researchers (Univ. of Toronto & SecDev Group) uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries. The researchers says the system — called GhostNet — sent e-mails that introduced malware into host computers, which in turn fed information back to servers located on the Chinese mainland. "The GhostNet system directs infected computers to download a Trojan (horse) known as ghOst RAT that allows attackers to gain complete, real-time control. • Verizon: Organized Crime Caused Spike in Data Breaches Apr 16, 2009 3:18 pm A new study from Verizon Business claims that organized crime is responsible for a large increase in the number of breached corporate electronic records, which totaled roughly 285 million last year. According to the study, which Verizon Business compiled using data from the 90 confirmed corporate network breaches it recorded last year, roughly 93% of all records breached came from the financial sector. The company also says that nine out every 10 of these breaches involved "groups identified by law enforcement as engaged in organized crime." Beza Belayneh 4
  5. 5. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World • Report: Spies hacked into U.S. electricity grid Spies from other countries have hacked into the United States electricity grid, leaving traces of their activity and raising concerns over the security of the U.S. energy infrastructure to cyberattacks. The Wall Street Journal on Wednesday published a report saying that spies sought ways to navigate and control the power grid as well as the water and sewage infrastructure. Its part of a rising number of intrusions, the article said, quoting former and current national security officials. • Greece arrests man suspected of selling Dassault data Fri Jan 25, 2008 10:59am EST ATHENS (Reuters) - Greek police said on Friday they had arrested a man suspected of selling corporate secrets from Frances Dassault Group, including data on weapons systems. This 58-year-old mathematician is responsible for causing damages in excess of $361 million to the company and he has sold this corporate data, including information on weapons systems, to about 250 buyers through the Internet," the official said. Police suspect the man of selling the data to buyers in Germany, Italy, France, South Africa, Brazil, as well as countries in Asia and the Balkans. "He is one of the worlds best hackers, using the nickname ASTRA..," the official said. Dassault Group and its subsidiaries are a major player in civil aviation and the military sector. • Trojan.SilentBanker compromises online banking accounts April 24, 2009 - 5:30pm Trojan captures specific screen images, records keystrokes, steals all your confidential financial information and then sends it to a remote attacker. Recently certain computer security experts began paying attention to a Trojan that targets online bank accounts. This Trojan can cause extreme harm to customers’ finances, computer and their life. This Trojan is called Trojan.SilentBanker. Its computer attacks are executed in a very clever manner. It hides and waits on a hard drive without a user’s knowledge. Trojan.SilentBanker activates itself as soon as a user logs into his/her online banking Beza Belayneh 5
  6. 6. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World It steals usernames and passwords and uses them to change account details, then it takes such steps that makes user’s money be actually transferred to the bank account of the malware mastermind. It is important for all internet banking users to minimize many of the risks involved by working in their online bank accounts from their own computer. It is also extremely important to be aware that any e-mails that customers receive which ask them to update their banking details is probably false, even if it looks like original. All these warnings are not about only Trojan.SilentBanker, which is just one of many Trojans designed to steal your information and money. • Computer Spies Breach Fighter-Jet Project Computer spies have broken into the Pentagons $300 billion Joint Strike Fighter project -- the Defense Departments costliest weapons program ever -- according to current and former government officials familiar with the attacks. Similar incidents have also breached the Air Forces air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies Beza Belayneh 6
  7. 7. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World 1. Beza’s PresentationBased on the above facts the presentation will cover the following issuesClearly explain to the audience that all these things happening around the worldcan happen to any organizations and what they must do to protect themselves. • What information warfare is and is not • Definition of information warfare from commerce point of view • Importance of information warfare awareness • Indications and examples of information warfare’s expansion to the commercial domain from military issue • Means of waging information warfare • Availability of current information warfare and attack tools freely online o Http bombers o Website defacing tools o Malware development kit • Highlight the need for corporate leaders to know about information warfare • The need for information security managers to develop a strategy that is offensive and defensive. Defensive may include how to develop framework for an information attack. • How to develop Information Warfare Risk Analysis Model – a system to be used by business organizations to help them protect against current and future risks.The presentation will highlight in detail why organizations must take information warfarethreats seriously.Information warfare is almost antithesis of security. One is offensive, the otherdefensive. One tends to be proactive, the other reactive. In any organisation, thetwo are entwined but require totally different approaches.Organsiations wish to keep their own information advantage, and to deprive theircompetitors’. The use and abuse of information will be a critical factor in mostorganisations’ performance today and in the coming years. Information is not only atarget but also a weapon. The presentation is all about this Beza Belayneh 7
  8. 8. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World2. Why is it important?In todays electronic age, the threat of cyber attacks is real and enormous. For anyorganisation with information-based assets, the deadliest weapons can come in the formof a keyboard, mouse, or personal computer. With hacking attacks and computer-basedcrimes increasing both in frequency and degree of seriousness, its clear that informationwarfare is real and companies must protect themselves in order to survive. But how doyou not get caught in the crossfire of these attacks and how do you prepare when theelectronic future is uncertain? How would you prepare when you do not know theenemy and where the attack is coming from? How would you prepare when yourorganisations’ IT managers reaffirm that they are well protected?Future corporate information security strategy will be profoundly affected by the ongoing,rapid evolution of cyberspace — the global information infrastructure — and in particularby the growing dependence of the corporate world on potentially vulnerable elements ofthis information infrastructure.Understanding and knowing the trends that reveal the spreading of information warfareinto civilian and commercial arena helps organisations and security practitioners todevelop strategies for effective information security management.This presentation would give vivid evidences of the clear and present danger companiesare exposed to and how best they can protect their information asset.The following key areas that will demonstrate the importance of the presentation will becovered:1. Targets of information warfare or similar cyber conflicts are business establishments a. Many politically motivated attacks made business and commercial sites the prime targets. i. For Gaza attacks, many Israeli businesses were attacked b. Many information warfare attacks are not longer done by hobbyist for not for profit purposes or by advanced hackers but by predefined and freely available attack tools assisted no experienced individuals for profit purposes. 2. As it is revealed in the GhostNet computer breaches, the potential for attackers to disrupt vital networks and systems in critical infrastructure areas such as banking and power is growing daily. This calls for increased awareness of the dangers on business 3. The presentation also is important as it reveals how organisations can use information as weapon in addition to defending it as a target. The traditional defense tactic is no longer valid in today’s world. Organisations must have a strategic offensive plan with effective deployment of information warfare tools. 4. The above examples show that most of the information warfare attacks were committed with tools that are available freely online. These will help organisations to acquire these tools and test their systems if they can stand imminent Beza Belayneh 8
  9. 9. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World 5. The presentation will clearly illustrate acts that constitute information warfare by offering a clear definition 6. The presentation will clearly illustrate how the concept of information warfare is becoming a societal issue that has expanded to non-military areas. Many available literatures are more concerned with the military aspect of warfare than the corporate world. The presentation will highlight key trends that signal the expansion of information warfare (use and abuse of information) into the commercial space. 7. As the metaphor “warfare” gives this subject a military bias, the presentation will illustrate its implication to the corporate world with various business examples. This shift into the commercial world presents a growing threat to information managers who are responsible for protecting organisational information assets.The presentation will also demonstrate that the target of politically motivated computercrime is not limited to government networks: Commercial interests are equally attractivetargets. Moreover, most corporate executives are not aware of the threat posed to theirorganisations by individuals and groups with political agendas.Here are a few questions that executives should consider: Is your organisation a potential target of online protest? How do you determine if youare a target? What would you do if online protesters disrupted your website for aday? For a week? What would you do if protesters attacked your customers or investors? How would you react to negative media reports? What if there was no disruption, but the attackers made pressstatements to the contrary? How should you protect your network? Do you understand the threatsand impacts in order to balance costs and risks? Who would you contact? Law enforcement? Would you contact law enforcement ifyour network is attacked? Beza Belayneh 9
  10. 10. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World3. What are the trends and challenges aroundinformation warfare? Trends of information warfare. • Information warfare is fast moving in terms of technical possibilities. • As seen on the above cases and real life examples, the prime targets of information attacks are becoming civilian targets and the private sector. • Computer related security incidents are widespread • Numerous attacks and breaches are becoming state sponsored or at least state supported. The example of GhostNet in China shows that the government distanced itself from the espionage attack • It is difficult to know where attacks are coming from. Though many researchers suspect China, there is no conclusive evidence that other countries like USA or Russia are not part of the network. • Evidence shows that many countries already built information warfare capabilities and units to defend their commercial interests which are different from the traditional warfare where protection is mainly provided to military targets. Research shows countries with information warfare capabilities have increased from 20 in 2006 to more than 140 in 2008 • Many information warfare attacking tools are becoming freely and easily available. These tools for example. The Mpack and IcePack exploit packages are designed for non-technical users. They group exploits together into one easy install package and using this package, non-technical users can run exploits on the browsers of unsuspecting visitors. Ultimately this grants non-technical attackers the ability to infect visitors to their sites without having to know how exactly it happens. • Information warfare is used by organisations and countries as a strategy against competitor to deny access to data, destroy or disrupt data, steal data and manipulate data. • Information warfare in some sort is used against individuals and small business that are considered as the first level of cyberspace. • "Rogue" states and criminal organisations have stepped up their capabilities to launch crippling online attacks e.g. (Russian Business Network (RBN) thought is offline these days considered as creator of the most effective and popular DOS (Denial of Service) attack tool Beza Belayneh 10
  11. 11. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World Challenges a. A significant challenge associated with information warfare is that its governing legal principles are unclear. Where does it legally fit into the international and domestic environments, internal and external relations, state, corporate and business governance? Analysts and strategists gathered at the Cyber Warfare 2009 conference in London last January were grappling with some thorny problems associated with the cyber-aggression threat. One that proved particularly vexing was the matter of exactly what constitutes cyberwarfare under international law. Theres no global agreement on the definitions of cyberwarfare or information warfare, so how does a nation conform to the rule of law if its compelled to respond to a cyberattack? b. Everybody in the world owns information warfare weapons. The need to establish global norms about what is acceptable behavior in cyberspace is complicated by the fact that the weapons are not just in the hands of nation- states. Theyre essentially in everybodys hands. This makes it very hard and sometimes impossible to know the attacker and the driving motivation. c. .Laws of war does not apply to information warfare. Laws of war would forbid targeting purely civilian infrastructure, but most attackers dont limit themselves by the Geneva Conventions at it shows on the above examples. d..A challenge is paused by information warfare targets due to the fact that its nearly impossible to identify all of the potential targets and sophisticated tools they acquire freely online. e.. Mindset. Many IT and security managers do not think there is a threat of attack from competitors. Many IT organizations will tell you either the threats are too far fetched or that theyre adequately protected. This kind of complacency is a major challenge. In one assignment, we were able to secure a critical password from a system that is regarded exceptionally secured. As it is illustrated in the above example, hackers penetrated a crucial website in New Zealand using a commonly known vulnerability – SQL injection. Pentagon and other highly secured systems were recently compromised. • Organisaitons are stuck with the old culture of securing physical perimeter. For example North American businesses spent more than $17.5 billion in security alarms for their buildings, but only $6.2 billion on information security Beza Belayneh 11
  12. 12. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World d..The balance between developing and producing commercially viable software and secure software. Huge number of software solutions deployed to improve productivity, process and defend critical information assets are infested with vulnerabilities. This presents a challenge to security experts and system administrators. e.. A lack of information sharing among nations means some countries have become a safe haven for cyber criminals. The sophistication of some attacks shows that the attackers had sufficient time and technology. In some cases, efforts to convince some countries (Ukraine, Russia, China) to follow up and close certain servers lead to a “dead-end”. Fsecure, Finland based Antivirus developer, recently pointed finger on Ukraine hackers as the creator of Conficker worm. Research showed that the attacking system made an effort to avoid infecting systems in a Ukrainian domain or using a Ukrainian keyboard layout.. This suggests that the creators of the malware may live in that part of the world and may be exempting their home country to avoid attracting attention from local authorities. f.. unlike the early internet days of show-off hackers and amateur vandals, today’s virus writers are all about making money. Typically, today’s malware attempts to sniff out personal details that could provide its author with access to the victim’s bank account or online auction account – or simply holds and individual or company’s data to ransom. g. More than 250 new viruses released monthly h. Growing insider threat. Once it’s been said “We have been watching the front door while the thieves were coming in the employee entrance.” This is to illustrate the growing insiders’ threat. 37% of employees surveyed at this year’s Infosecurity Europe event said that they are keeping their options open to be insiders if given the right The surveyed employees had access to the following company assets: • 83% had access to customer databases • 72% has access to business plans • 53% had access to accounting systems • 51% had access to HR databases • 31% had access to IT admin Beza Belayneh 12
  13. 13. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World The incentives that they required in order to hand over sensitive data: • 63% required at least 1 million pounds to convert to insiders • 10% would become insiders if their mortgage was paid off • 5% are willing to participate in exchange for a holiday • Another 5% would do it if they are offered a new job • 4% would participate if their credit card debt is covered i. Occasionally, vulnerability is publicised before a patch is available. In some cases vulnerabilities received more publicity than the already available Beza Belayneh 13
  14. 14. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear and Present Danger to the Corporate World And what are the current technologies be used around information warfare? The types of attacks and method of attacks (technologies) will be described 1. The main types of attacks • Vandalism • Financial Fraud DECEPTION • Denial of service applies to all these attacks • Theft of transaction information Methods, Techniques, Technologies (From Attackers’ point of view) Note: some of the tools may have current versions of the attack tools but the older versions are still usable in most instances. The malware and malicious scripts in circulation today are mostly based on techniques and example code from tutorials which were published nearly a decade ago. These get adapted incrementally as Microsoft or other vendors release their system security patches A great many technologies and tools used to attack computers and networks could fall on these categories: • Malicious Codes • Network Scanning Tools • Password Cracking Tools • Denial of Service Tools • Cryptography Tools Note: For further analysis information warfare technologies and weapons matrix is presented belowAttack Methods Technologies DescriptionPassword cracking Cain & Abel 1. delete or change Brute data relating to Passfinder orders, pricing or Crack product description There are companies available who give 2. copy data for use by password cracking service (We used some) competitor for ( fraudulent purposes http://www.passwordportal.netIP Spoofing "Spoofing" is a process by which the IP address of your machine is made to appear different from what it really isSpoofing attacks Forge from address so the Beza Belayneh 14
  15. 15. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear and Present Danger to the Corporate WorldWeb spoofing (phishing) message appears to have originated from trusted sourcehttp bomber http bomber With its very simple user interface, Bomber appears to allow a user to target specific web sites either by its URL or IP address. The attack tool claims to generate numerous HTTP GET and POST requests.Ping attack Sending large amounts of AtTacK PiNG 1.0 pings of large sizes at an IP address.Sql Injectors sqlninjaPeople’s information Massive SQL injection attackswarfareDistributed Denial of Ping O, Death machines can be crashedattack (DDOS) by sending IP packets that exceed the maximum legal length (65535 octets)Malware attack Mpack IcePackSpyware Surveillance : Keylogger Lite Record all activities ofKeyloggers Free Keylogger keyboard without the knowledge of the victimViruses, bomb, Trojan, Virus creation tools & kitmalware generating (scary!!!) (195)Worms e.g. Nugache worm sophisticated botnets, or Conficker, Storm networks of hacked computersHackers’s support sites Numerous websitesEspionage software Netstumbler WLAN monitor program Kismet is a passive Sniffer for seeking out (scanner, Sniffer) for radio net works WindowsAutomated defacementtoolsDenial of service attacks, Tribal Flood Network It can spoof the source IPIP Spoofing for the agents, and can generate multiple types of attack (including UDP flood, TCP SYN flood, ICMP echo request flood, and ICMP directed broadcast). TFN2K is a more sophisticated version Beza Belayneh 15
  16. 16. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear and Present Danger to the Corporate World of the original TFNElectronic Civil Denial-of-service attacks.Disobedience (ECD).Combination of hackingand activismSocial Engineering so many tools 100 Examples- Illustrations on some of the tools. Beza Belayneh 16
  17. 17. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World Information Warfare Technologies (Weapons) MatrixEach threat has specific tools available online in various forms. Some are free and someare for sale. Some are just enter IP address and click, the attack is done by third Beza Belayneh 17
  18. 18. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate Beza Belayneh 18
  19. 19. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate World Source: Beza Belayneh 19
  20. 20. Mr. Beza Belayneh – Centre for Information Security – Information Warfare – Clear andPresent Danger to the Corporate WorldBeza Belayneh – is a well known qualified and experienced informationsecurity and cyber security expert.He had carried out extensive research on cyber warfare and presented hispapers around the world….He is Chief Information Security Officer at the Centre for Information Security andSouth African Centre for Information Security.Visit for customized research and Beza Belayneh 20