Google versus china the first cyber war

1,367 views

Published on

Speech given to the Cyberlog conference July 2010 Collinsville, Il.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,367
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
28
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Lets look at some of the more notable battles in this theater
  • 1982 Russian pipeline control system virus attack that caused a major natural gas explosion Picture = trojan horse inserted into the control system, supervisory control and data acquisition systems of the pipeline
  • Carefully controlled and hit all these military installations across the US
  • Telephone switching computers Financial institutions Media and press Web sites
  • Israeli jets were undetected by Syrian radar and were able to enter and nearly level this installation
  • Highly controlled Highly targeted at 30 particular domains Long-lasting effort over several days shows coordination and purposeful Highly deniable and hard to assign source yet Korean language source was easily discoverable
  • Had a data breach and had to disconnect from the Internet Clean each PC one at a time manully
  • China allows Google to operate and redirect to google.hk Facebook, Twitter and You Tube are still blocked by China Mobile phones use competitive searches that are self-censored
  • China has finally surpassed the US in terms of the sheer number of Internet users in the past few years.
  • High ‘Net dependency Critical infrastructure is all online (power, pipelines, railroads, airlines) Most of these systems are controlled by private industry and unregulated R&D labs are all wide open to attack Most PCs have paper-thin defenses And then there is our forces…
  • US military is more wired but also more dependent now on private contractors for its support, and this can be vulnerable to attackers
  • Lets take a look at some of these vulnerabilities
  • Most of us think that the China firewall to keep Chinese under control, but it also can stop malware and attackers from entry too! N. Korean July 4 th exercise was not to harm us, but to better protect themselves Quick disconnect in case of attack
  • Lieberman has a bill to create an “Internet Kill Switch” in the hopes that we ca quickly disconnect in case of an attack.
  • Level 3 link map – how hard would it be to turn this off? Again, because we have so many connections, hard to just use a single kill switch
  • In China, their power grid is still mostly under manual control, an advantage during a cyber war
  • Modern Ford-class carriers that are being built for the Navy – how many microprocessors are on this vessel, and how many different IP addressable devices?
  • Is there anyone who knew about two years ago when this first surfaced? These are machines that are returned from lease, with hard drives full of confidential documents
  • When the Obama transition team users complained about having locked-down Mac laptops when they tried to access public Wifi networks, Clarke “tried to quietly point out that if you are a senior member of the informal national security transition team, you probably should not be planning the takeover of the White House from a Starbucks.”
  • At least the VPN can encrypt traffic to and from remote users
  • Use whole disk encryption software and endpoint security tools so that if stolen or compromised, they will remain safe and contents not available
  • Why has encrypted email taken so long to implement? Mostly because we are lazy.
  • Passwords not on Post-its!
  • Google versus china the first cyber war

    1. 1. Google v. China: Our first cyber war David Strom [email_address] (310) 857 6867 (c) David Strom http://strominator.com
    2. 2. (c) David Strom http://strominator.com
    3. 3. 2003: Titan Rain DoD attack <ul><li>10:23 pm Army Fort Huachuca Engineering Cmd. </li></ul><ul><li>1:19 am DISA, Virginia </li></ul><ul><li>3:25 am Naval OSC, San Diego </li></ul><ul><li>4:46 am Army Space Cmd, Huntsville Ala. </li></ul><ul><li>All within a few hours in November 2003! </li></ul>(c) David Strom http://strominator.com
    4. 4. Estonia’s ‘Bronze Night’ <ul><li>4/07: DDOS attack perhaps by Russian government-sponsored hackers on hundreds of targets </li></ul>(c) David Strom http://strominator.com
    5. 5. More recently <ul><li>9/07: Israel scrambled Syrian radar and attacked and leveled a nuclear installation </li></ul>(c) David Strom http://strominator.com
    6. 6. Fourth of July 2009 <ul><li>N. Korean DDOS on US federal government Web sites , stock exchanges, and S. Korean sites by a huge botnet of more than 20k nodes </li></ul><ul><li>Three different attacks over five days </li></ul><ul><li>More like “cyber terrorism” than outright war </li></ul>(c) David Strom http://strominator.com
    7. 7. (c) David Strom http://strominator.com
    8. 8. Hopkins APL 2009 (c) David Strom http://strominator.com
    9. 9. Google and China, 2010 <ul><li>Google’s internal email accounts compromised </li></ul><ul><li>Moved its servers to Hong Kong </li></ul><ul><li>Gave up its business on the mainland </li></ul>(c) David Strom http://strominator.com
    10. 10. (c) David Strom http://strominator.com
    11. 11. Internet users (c) David Strom http://strominator.com
    12. 12. What is cyber warfare? <ul><li>No delay between launch and effects of an attack </li></ul><ul><li>Can quickly become global </li></ul><ul><li>Origin is hard to identify </li></ul><ul><li>Civilians as well as military targets </li></ul><ul><li>It is happening every day somewhere </li></ul>(c) David Strom http://strominator.com
    13. 13. (c) David Strom http://strominator.com
    14. 14. What $26 gets you (c) David Strom http://strominator.com
    15. 15. Today’s irony <ul><li>The less online a country is, the better it can defend its Internet borders! </li></ul><ul><li>The more connected, the more vulnerable! </li></ul>(c) David Strom http://strominator.com
    16. 16. (c) David Strom http://strominator.com
    17. 17. (c) David Strom http://strominator.com
    18. 18. (c) David Strom http://strominator.com
    19. 19. (c) David Strom http://strominator.com
    20. 20. WHAT DO THESE ROOMS HAVE IN COMMON? (c) David Strom http://strominator.com
    21. 21. (c) David Strom http://strominator.com
    22. 22. (c) David Strom http://strominator.com
    23. 23. Cold war spying <ul><li>Needed physical access to assets, people, or plans </li></ul><ul><li>Spies would remove something </li></ul><ul><li>Easy to identify, despite tradecraft </li></ul><ul><li>Containable </li></ul>(c) David Strom http://strominator.com
    24. 24. Our new war tech (c) David Strom http://strominator.com
    25. 25. The other side’s war tech <ul><li>They can be anywhere </li></ul><ul><li>Even sitting at home in their PJs! </li></ul><ul><li>They don’t even have to remove anything – just copy it somewhere else </li></ul>(c) David Strom http://strominator.com
    26. 26. (c) David Strom http://strominator.com
    27. 27. Our biggest threat <ul><li>Or McDonalds or anywhere there is free Wifi! </li></ul>(c) David Strom http://strominator.com
    28. 28. Recommendations <ul><li>VPNs for everyone </li></ul>(c) David Strom http://strominator.com
    29. 29. Lockdown your laptops (c) David Strom http://strominator.com
    30. 30. (c) David Strom http://strominator.com Encryption needs to be rule, not the exception
    31. 31. (c) David Strom http://strominator.com
    32. 32. Thanks and questions? <ul><li>Copies of this presentation and others can be found here: </li></ul><ul><li>http://slideshare.net/davidstrom </li></ul><ul><li>My website: </li></ul><ul><li>http://strominator.com </li></ul>(c) David Strom http://strominator.com

    ×