Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
NATO Advanced Training Seminar
CYBER TERRORISM PREVENTION &
COUNTERACTION
Kiev, Ukraine September 27-29, 2010
About
Cristian Driga - Attorney at Law, Executive director at
Computer Crime Research Centre (NGO), Romania
Main practice ...
CAPABILITIES OF CYBER-TERRORISTS
IT infrastructure and associated risks
Hypothetical situations and actual incidents
NATO ...
A world depending on computers

Computers & networks span all over the critical
sectors of our lives

State and governme...
New roles for computers everyday

Technical advancement and miniaturization
brings new roles for computers in our lives
...
IT infrastructure & Security
Confidentiality
Integrity
Availability
Authenticity
Our IT Infrastructure – Our Risks

No computer system is 100% secure

Intended usage vs. missuse
Technical risks

Softw...
Our IT Infrastructure – Our Risks
Internal risks

Organizational policies

Insider threat

Complexity of technology and...
Cyber-Terrorism?

Many definitions

politically motivated hacking operations intended to
cause grave harm such as loss o...
Cybercrime?

Also many definitions

But more in the way of an unified legal
definition at international level

includes...
Cybercrime or Cyber-Terrorism?
only difference:
the intent of the attacker!
Their Infrastructure – Our Risks

Cybercrime is continuously evolving:

New and sophisticated tools

Successfull infect...
Their Infrastructure – The Network

The Internet

As an information exchange medium between
cybercriminals and as a trai...
Botnets

armies of civilian and institutional computers

infected with trojan viruses

capable of executing commands se...
How are botnets controlled?

Various methods difficult to trace and disrupt

Listenting to an IRC chat room on the Inter...
Key asset for cybercriminals
AUTOMATION
Automatic infection

Common infection techniques

Malicious code on regular web pages testing the
visitor's browser for ...
After infection...

Hide themselves into the operating system

Download and install other botnet components
and maliciou...
Automation continued...

Delivery of captured information to the
botmaster on special servers for exploitation
(i.e. Cred...
More automation...

Automatic login to E-Mail and Facebook
accounts and sending apparently legitimate
emails to friends a...
Famous botnets and exploit packs

Botnets:
Rustock, Storm, Srizbi botnet, Conficker,
Kraken, Cutwail, Mega-D, Nucrypt, et...
Powerful and successfull tools

Because of the automation of the whole
process

Easy of use

Millions of infected compu...
More reasons...

Lack of consistent minimal public education on
using the computers and the Internet in a safe
way

Lack...
Safe havens for cybercrime

Countries not willing to cooperate in bringing
cybercriminals to justice

Insufficient natio...
Money as the link...

In the recent years a new trend has developed:
botnets for hire or rent

One can find on the Inter...
Back to Cyber-Terrorism...

Botnet developers are in this business for
money. If terrorists would pay, they've got
themse...
Terrorists usage of botnets?

a terrorist group renting a botnet of millions of
computers capable of heavily attacking cr...
Actual incidents?

More evidence of large scale cybercrime
related attacks than of cyber-terrorism incidents

Difficulti...
Reports

One US Congress report mentions Romanian
hackers threatening to shutdown the life
support systems for the Nation...
Estonia 2007

Experts from US and NATO helped in recovery
and attempted to discover the source of DDOS
attacks

Evidence...
Hypothetical situations

The Estonia incident showed that it is possible
to paralyse even web related activities of state...
Economy related targets

Banks and international transactions

Stock exchange

Businesses and online commerce
May resul...
Transportation systems

From disruption of traffic lights systems in big
cities

To interference with flight and train c...
Energy supply systems

Electricity production and distribution

Gas supply

Water supply systems
Directly affecting the...
Other systems as targets

Military command and control

Emergency systems (112 or the US 911)

Healthcare IT infrastruc...
Thank you!
Cristian Driga - Attorney at Law, Executive director at
Computer Crime Research Centre (NGO), Romania
Main prac...
Upcoming SlideShare
Loading in …5
×

Capabilities of Cyber-Trerrorists - IT infrastructure and associated risks, Hypothetical situations and actual incidents - Kiev 2010

376 views

Published on

Introductory presentation from a NATO Advanced Training Seminar in Kiev, Ukraine back in 2010. The seminar was titled CYBER TERRORISM PREVENTION & COUNTERACTION.

  • USA Today Has Proof That Lotto Is NOT Random ■■■ http://t.cn/Airf5UFH
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Capabilities of Cyber-Trerrorists - IT infrastructure and associated risks, Hypothetical situations and actual incidents - Kiev 2010

  1. 1. NATO Advanced Training Seminar CYBER TERRORISM PREVENTION & COUNTERACTION Kiev, Ukraine September 27-29, 2010
  2. 2. About Cristian Driga - Attorney at Law, Executive director at Computer Crime Research Centre (NGO), Romania Main practice areas: Computer Crime & Electronic Evidence Special interests: public policy, raising public & legal professionals awareness in the fields of computer security, computer crime and electronic evidence. http://en.criminalitate.info http://www.driga.ro contact@criminalitate.info
  3. 3. CAPABILITIES OF CYBER-TERRORISTS IT infrastructure and associated risks Hypothetical situations and actual incidents NATO Advanced Training Seminar – Kiev, Ukraine 2010
  4. 4. A world depending on computers  Computers & networks span all over the critical sectors of our lives  State and government, Military, Business & Banking, Health, Transportation, etc.  Communications  Life support systems & Energy systems  The Internet as an invaluable source of information and as a global collaboration tool  Education and Research, Business, etc.
  5. 5. New roles for computers everyday  Technical advancement and miniaturization brings new roles for computers in our lives  Computerized cars  Electronic national ID cards  Medical devices, including pacemakers  Internet becomes more and more the primary information carrier in all areas  Phone conversations are moving to the web  Same with Television & Radio ...all inter-connected and communicating
  6. 6. IT infrastructure & Security Confidentiality Integrity Availability Authenticity
  7. 7. Our IT Infrastructure – Our Risks  No computer system is 100% secure  Intended usage vs. missuse Technical risks  Software related security problems  Hardware related problems External risks  Network connectivity  Service providers
  8. 8. Our IT Infrastructure – Our Risks Internal risks  Organizational policies  Insider threat  Complexity of technology and lack of education in operating IT in a security aware way The Politics  Political and legal issues  Online safe-havens  Lack of uniform legislation and cooperation
  9. 9. Cyber-Terrorism?  Many definitions  politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage  unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives
  10. 10. Cybercrime?  Also many definitions  But more in the way of an unified legal definition at international level  includes attacks against computers and networks to disrupt processing  also includes an "espionage" part of illegally accessing computer systems and data and making unauthorized copies of private or classified data
  11. 11. Cybercrime or Cyber-Terrorism? only difference: the intent of the attacker!
  12. 12. Their Infrastructure – Our Risks  Cybercrime is continuously evolving:  New and sophisticated tools  Successfull infection and control of millions of computers  Proven attack, disruptive and espionage capabilities  Improved methods of avoiding tracing and justice
  13. 13. Their Infrastructure – The Network  The Internet  As an information exchange medium between cybercriminals and as a training environment  As medium for collaboration and procuring tools to commit cybercrimes  As carrier for the attacks and computer virus infections  As an annonimization tool
  14. 14. Botnets  armies of civilian and institutional computers  infected with trojan viruses  capable of executing commands sent by the botmaster  stealing information (i.e. passwords, credit card information, etc.)  providing remote access to the infected computer (and sensitive information)  sending SPAM  attacking other computers and networks
  15. 15. How are botnets controlled?  Various methods difficult to trace and disrupt  Listenting to an IRC chat room on the Internet  Periodically reading certain Internet addresses  Listening to messages sent by the botmaster on social media sites like Twitter, etc. Almost never contacted directly.
  16. 16. Key asset for cybercriminals AUTOMATION
  17. 17. Automatic infection  Common infection techniques  Malicious code on regular web pages testing the visitor's browser for unpatched security holes  If a security problem is found, the trojan virus will install itself silently  Opening an infected file received through email from a friend's email address.  Opening an infected removable storage (USB pen drive, for instance)
  18. 18. After infection...  Hide themselves into the operating system  Download and install other botnet components and malicious software  Record keyboard strokes looking for:  email accounts and Facebook accounts login  e-banking accounts login  credit card numbers and associated data  website access login information (FTP accounts) of people who own a web page ...all automated
  19. 19. Automation continued...  Delivery of captured information to the botmaster on special servers for exploitation (i.e. Credit card fraud)  A recently improved ZEUS trojan version is capable of detecting and hijacking the e- banking session, checking account ballance and placing automatic transfer orders.
  20. 20. More automation...  Automatic login to E-Mail and Facebook accounts and sending apparently legitimate emails to friends and contacts to spread the infection  Infecting the web pages of the computer owner (using FTP account login to install exploit packs on the pages)
  21. 21. Famous botnets and exploit packs  Botnets: Rustock, Storm, Srizbi botnet, Conficker, Kraken, Cutwail, Mega-D, Nucrypt, etc.  Exploit Packs: Crimepack, Phoenix, Eleonore, Fragus, Siberia, Icepack, El Fiesta, Yes Exploit, etc.
  22. 22. Powerful and successfull tools  Because of the automation of the whole process  Easy of use  Millions of infected computers capable of acting as one giant super-computer  Milions of unprotected users visiting infected websites  Hard to trace the origins of an attack initiated by large numbers of computers all over the world
  23. 23. More reasons...  Lack of consistent minimal public education on using the computers and the Internet in a safe way  Lack of strong computer usage policies for employees in companies  Because of the existence of the so-called server safe-havens
  24. 24. Safe havens for cybercrime  Countries not willing to cooperate in bringing cybercriminals to justice  Insufficient national laws not able to criminalize such computer crimes  Botnets would hardly be possible without the servers that collect the data stolen and give commands to the bots To solve this problem means international cooperation and unified legislation. Politics at its best.
  25. 25. Money as the link...  In the recent years a new trend has developed: botnets for hire or rent  One can find on the Internet exploit kits and all the needed software to create his own botnet  When lacking strong technical skills, one can hire or rent a botnet
  26. 26. Back to Cyber-Terrorism...  Botnet developers are in this business for money. If terrorists would pay, they've got themselves a very powerful cyber-weapon.  Organized crime has the money for creating botnets but they might have other needs (safe routes for drugs, weapons, training, etc.) which terrorists are able to provide in exchange for hiring botnets.
  27. 27. Terrorists usage of botnets?  a terrorist group renting a botnet of millions of computers capable of heavily attacking critical infrastructure servers and bringing them down is a real threat  renting a botnet and using it to collect credit card data to commit credit card fraud is a way of financing real life terrorist activities
  28. 28. Actual incidents?  More evidence of large scale cybercrime related attacks than of cyber-terrorism incidents  Difficulties in attributing cyber-attacks to terrorists  However, there is plenty of evidence that terrorist groups are using the Internet to conduct their activities and become proficient in using IT  How long before an actual attack?
  29. 29. Reports  One US Congress report mentions Romanian hackers threatening to shutdown the life support systems for the National Science Foundation's Amundsen Scott South Pole‐ Station – but lacked political motivation  A hack into a Queensland Australia sewerage system, heavily polluting rivers and parks – proof of devastating effect but no political motivation  Estonia 2007 – likely to be a cyber-terrorist attack and surely an example of what could happen
  30. 30. Estonia 2007  Experts from US and NATO helped in recovery and attempted to discover the source of DDOS attacks  Evidence pointed to more than one source (some pointed to Russia and some to other countries)  No conclusive evidence about the original source – common opinion: botnets were used  Hard to trace and almost impossible to retaliate
  31. 31. Hypothetical situations  The Estonia incident showed that it is possible to paralyse even web related activities of states  Many daily life aspects take place in cyberspace and/or depend on IT  Various possible scenarios have been suggested, in which different critical infrastructure networks are disrupted by cyber- attacks
  32. 32. Economy related targets  Banks and international transactions  Stock exchange  Businesses and online commerce May result in loss of confidence in the economic system
  33. 33. Transportation systems  From disruption of traffic lights systems in big cities  To interference with flight and train control systems Would result in accidents, loss of lifes, and would paralyse transportation
  34. 34. Energy supply systems  Electricity production and distribution  Gas supply  Water supply systems Directly affecting the population
  35. 35. Other systems as targets  Military command and control  Emergency systems (112 or the US 911)  Healthcare IT infrastructure  Industrial processes Experts say these scenarios are possible. Cybercrime examples confirm the potential. How do we make them impossible?
  36. 36. Thank you! Cristian Driga - Attorney at Law, Executive director at Computer Crime Research Centre (NGO), Romania Main practice areas: Computer Crime & Electronic Evidence Special interests: public policy, raising public & legal professionals awareness in the fields of computer security, computer crime and electronic evidence. http://en.criminalitate.info http://www.driga.ro contact@criminalitate.info

×