Successfully reported this slideshow.

Google versus china the first cyber war

2

Share

Loading in …3
×
1 of 32
1 of 32

Google versus china the first cyber war

2

Share

Download to read offline

Speech given to the Cyberlog conference July 2010 Collinsville, Il.

Speech given to the Cyberlog conference July 2010 Collinsville, Il.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Google versus china the first cyber war

  1. 1. Google v. China: Our first cyber war David Strom [email_address] (310) 857 6867 (c) David Strom http://strominator.com
  2. 2. (c) David Strom http://strominator.com
  3. 3. 2003: Titan Rain DoD attack <ul><li>10:23 pm Army Fort Huachuca Engineering Cmd. </li></ul><ul><li>1:19 am DISA, Virginia </li></ul><ul><li>3:25 am Naval OSC, San Diego </li></ul><ul><li>4:46 am Army Space Cmd, Huntsville Ala. </li></ul><ul><li>All within a few hours in November 2003! </li></ul>(c) David Strom http://strominator.com
  4. 4. Estonia’s ‘Bronze Night’ <ul><li>4/07: DDOS attack perhaps by Russian government-sponsored hackers on hundreds of targets </li></ul>(c) David Strom http://strominator.com
  5. 5. More recently <ul><li>9/07: Israel scrambled Syrian radar and attacked and leveled a nuclear installation </li></ul>(c) David Strom http://strominator.com
  6. 6. Fourth of July 2009 <ul><li>N. Korean DDOS on US federal government Web sites , stock exchanges, and S. Korean sites by a huge botnet of more than 20k nodes </li></ul><ul><li>Three different attacks over five days </li></ul><ul><li>More like “cyber terrorism” than outright war </li></ul>(c) David Strom http://strominator.com
  7. 7. (c) David Strom http://strominator.com
  8. 8. Hopkins APL 2009 (c) David Strom http://strominator.com
  9. 9. Google and China, 2010 <ul><li>Google’s internal email accounts compromised </li></ul><ul><li>Moved its servers to Hong Kong </li></ul><ul><li>Gave up its business on the mainland </li></ul>(c) David Strom http://strominator.com
  10. 10. (c) David Strom http://strominator.com
  11. 11. Internet users (c) David Strom http://strominator.com
  12. 12. What is cyber warfare? <ul><li>No delay between launch and effects of an attack </li></ul><ul><li>Can quickly become global </li></ul><ul><li>Origin is hard to identify </li></ul><ul><li>Civilians as well as military targets </li></ul><ul><li>It is happening every day somewhere </li></ul>(c) David Strom http://strominator.com
  13. 13. (c) David Strom http://strominator.com
  14. 14. What $26 gets you (c) David Strom http://strominator.com
  15. 15. Today’s irony <ul><li>The less online a country is, the better it can defend its Internet borders! </li></ul><ul><li>The more connected, the more vulnerable! </li></ul>(c) David Strom http://strominator.com
  16. 16. (c) David Strom http://strominator.com
  17. 17. (c) David Strom http://strominator.com
  18. 18. (c) David Strom http://strominator.com
  19. 19. (c) David Strom http://strominator.com
  20. 20. WHAT DO THESE ROOMS HAVE IN COMMON? (c) David Strom http://strominator.com
  21. 21. (c) David Strom http://strominator.com
  22. 22. (c) David Strom http://strominator.com
  23. 23. Cold war spying <ul><li>Needed physical access to assets, people, or plans </li></ul><ul><li>Spies would remove something </li></ul><ul><li>Easy to identify, despite tradecraft </li></ul><ul><li>Containable </li></ul>(c) David Strom http://strominator.com
  24. 24. Our new war tech (c) David Strom http://strominator.com
  25. 25. The other side’s war tech <ul><li>They can be anywhere </li></ul><ul><li>Even sitting at home in their PJs! </li></ul><ul><li>They don’t even have to remove anything – just copy it somewhere else </li></ul>(c) David Strom http://strominator.com
  26. 26. (c) David Strom http://strominator.com
  27. 27. Our biggest threat <ul><li>Or McDonalds or anywhere there is free Wifi! </li></ul>(c) David Strom http://strominator.com
  28. 28. Recommendations <ul><li>VPNs for everyone </li></ul>(c) David Strom http://strominator.com
  29. 29. Lockdown your laptops (c) David Strom http://strominator.com
  30. 30. (c) David Strom http://strominator.com Encryption needs to be rule, not the exception
  31. 31. (c) David Strom http://strominator.com
  32. 32. Thanks and questions? <ul><li>Copies of this presentation and others can be found here: </li></ul><ul><li>http://slideshare.net/davidstrom </li></ul><ul><li>My website: </li></ul><ul><li>http://strominator.com </li></ul>(c) David Strom http://strominator.com

Editor's Notes

  • Lets look at some of the more notable battles in this theater
  • 1982 Russian pipeline control system virus attack that caused a major natural gas explosion Picture = trojan horse inserted into the control system, supervisory control and data acquisition systems of the pipeline
  • Carefully controlled and hit all these military installations across the US
  • Telephone switching computers Financial institutions Media and press Web sites
  • Israeli jets were undetected by Syrian radar and were able to enter and nearly level this installation
  • Highly controlled Highly targeted at 30 particular domains Long-lasting effort over several days shows coordination and purposeful Highly deniable and hard to assign source yet Korean language source was easily discoverable
  • Had a data breach and had to disconnect from the Internet Clean each PC one at a time manully
  • China allows Google to operate and redirect to google.hk Facebook, Twitter and You Tube are still blocked by China Mobile phones use competitive searches that are self-censored
  • China has finally surpassed the US in terms of the sheer number of Internet users in the past few years.
  • High ‘Net dependency Critical infrastructure is all online (power, pipelines, railroads, airlines) Most of these systems are controlled by private industry and unregulated R&amp;D labs are all wide open to attack Most PCs have paper-thin defenses And then there is our forces…
  • US military is more wired but also more dependent now on private contractors for its support, and this can be vulnerable to attackers
  • Lets take a look at some of these vulnerabilities
  • Most of us think that the China firewall to keep Chinese under control, but it also can stop malware and attackers from entry too! N. Korean July 4 th exercise was not to harm us, but to better protect themselves Quick disconnect in case of attack
  • Lieberman has a bill to create an “Internet Kill Switch” in the hopes that we ca quickly disconnect in case of an attack.
  • Level 3 link map – how hard would it be to turn this off? Again, because we have so many connections, hard to just use a single kill switch
  • In China, their power grid is still mostly under manual control, an advantage during a cyber war
  • Modern Ford-class carriers that are being built for the Navy – how many microprocessors are on this vessel, and how many different IP addressable devices?
  • Is there anyone who knew about two years ago when this first surfaced? These are machines that are returned from lease, with hard drives full of confidential documents
  • When the Obama transition team users complained about having locked-down Mac laptops when they tried to access public Wifi networks, Clarke “tried to quietly point out that if you are a senior member of the informal national security transition team, you probably should not be planning the takeover of the White House from a Starbucks.”
  • At least the VPN can encrypt traffic to and from remote users
  • Use whole disk encryption software and endpoint security tools so that if stolen or compromised, they will remain safe and contents not available
  • Why has encrypted email taken so long to implement? Mostly because we are lazy.
  • Passwords not on Post-its!
  • ×