Google versus china the first cyber war


Published on

Speech given to the Cyberlog conference July 2010 Collinsville, Il.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Lets look at some of the more notable battles in this theater
  • 1982 Russian pipeline control system virus attack that caused a major natural gas explosion Picture = trojan horse inserted into the control system, supervisory control and data acquisition systems of the pipeline
  • Carefully controlled and hit all these military installations across the US
  • Telephone switching computers Financial institutions Media and press Web sites
  • Israeli jets were undetected by Syrian radar and were able to enter and nearly level this installation
  • Highly controlled Highly targeted at 30 particular domains Long-lasting effort over several days shows coordination and purposeful Highly deniable and hard to assign source yet Korean language source was easily discoverable
  • Had a data breach and had to disconnect from the Internet Clean each PC one at a time manully
  • China allows Google to operate and redirect to Facebook, Twitter and You Tube are still blocked by China Mobile phones use competitive searches that are self-censored
  • China has finally surpassed the US in terms of the sheer number of Internet users in the past few years.
  • High ‘Net dependency Critical infrastructure is all online (power, pipelines, railroads, airlines) Most of these systems are controlled by private industry and unregulated R&D labs are all wide open to attack Most PCs have paper-thin defenses And then there is our forces…
  • US military is more wired but also more dependent now on private contractors for its support, and this can be vulnerable to attackers
  • Lets take a look at some of these vulnerabilities
  • Most of us think that the China firewall to keep Chinese under control, but it also can stop malware and attackers from entry too! N. Korean July 4 th exercise was not to harm us, but to better protect themselves Quick disconnect in case of attack
  • Lieberman has a bill to create an “Internet Kill Switch” in the hopes that we ca quickly disconnect in case of an attack.
  • Level 3 link map – how hard would it be to turn this off? Again, because we have so many connections, hard to just use a single kill switch
  • In China, their power grid is still mostly under manual control, an advantage during a cyber war
  • Modern Ford-class carriers that are being built for the Navy – how many microprocessors are on this vessel, and how many different IP addressable devices?
  • Is there anyone who knew about two years ago when this first surfaced? These are machines that are returned from lease, with hard drives full of confidential documents
  • When the Obama transition team users complained about having locked-down Mac laptops when they tried to access public Wifi networks, Clarke “tried to quietly point out that if you are a senior member of the informal national security transition team, you probably should not be planning the takeover of the White House from a Starbucks.”
  • At least the VPN can encrypt traffic to and from remote users
  • Use whole disk encryption software and endpoint security tools so that if stolen or compromised, they will remain safe and contents not available
  • Why has encrypted email taken so long to implement? Mostly because we are lazy.
  • Passwords not on Post-its!
  • Google versus china the first cyber war

    1. 1. Google v. China: Our first cyber war David Strom [email_address] (310) 857 6867 (c) David Strom
    2. 2. (c) David Strom
    3. 3. 2003: Titan Rain DoD attack <ul><li>10:23 pm Army Fort Huachuca Engineering Cmd. </li></ul><ul><li>1:19 am DISA, Virginia </li></ul><ul><li>3:25 am Naval OSC, San Diego </li></ul><ul><li>4:46 am Army Space Cmd, Huntsville Ala. </li></ul><ul><li>All within a few hours in November 2003! </li></ul>(c) David Strom
    4. 4. Estonia’s ‘Bronze Night’ <ul><li>4/07: DDOS attack perhaps by Russian government-sponsored hackers on hundreds of targets </li></ul>(c) David Strom
    5. 5. More recently <ul><li>9/07: Israel scrambled Syrian radar and attacked and leveled a nuclear installation </li></ul>(c) David Strom
    6. 6. Fourth of July 2009 <ul><li>N. Korean DDOS on US federal government Web sites , stock exchanges, and S. Korean sites by a huge botnet of more than 20k nodes </li></ul><ul><li>Three different attacks over five days </li></ul><ul><li>More like “cyber terrorism” than outright war </li></ul>(c) David Strom
    7. 7. (c) David Strom
    8. 8. Hopkins APL 2009 (c) David Strom
    9. 9. Google and China, 2010 <ul><li>Google’s internal email accounts compromised </li></ul><ul><li>Moved its servers to Hong Kong </li></ul><ul><li>Gave up its business on the mainland </li></ul>(c) David Strom
    10. 10. (c) David Strom
    11. 11. Internet users (c) David Strom
    12. 12. What is cyber warfare? <ul><li>No delay between launch and effects of an attack </li></ul><ul><li>Can quickly become global </li></ul><ul><li>Origin is hard to identify </li></ul><ul><li>Civilians as well as military targets </li></ul><ul><li>It is happening every day somewhere </li></ul>(c) David Strom
    13. 13. (c) David Strom
    14. 14. What $26 gets you (c) David Strom
    15. 15. Today’s irony <ul><li>The less online a country is, the better it can defend its Internet borders! </li></ul><ul><li>The more connected, the more vulnerable! </li></ul>(c) David Strom
    16. 16. (c) David Strom
    17. 17. (c) David Strom
    18. 18. (c) David Strom
    19. 19. (c) David Strom
    20. 20. WHAT DO THESE ROOMS HAVE IN COMMON? (c) David Strom
    21. 21. (c) David Strom
    22. 22. (c) David Strom
    23. 23. Cold war spying <ul><li>Needed physical access to assets, people, or plans </li></ul><ul><li>Spies would remove something </li></ul><ul><li>Easy to identify, despite tradecraft </li></ul><ul><li>Containable </li></ul>(c) David Strom
    24. 24. Our new war tech (c) David Strom
    25. 25. The other side’s war tech <ul><li>They can be anywhere </li></ul><ul><li>Even sitting at home in their PJs! </li></ul><ul><li>They don’t even have to remove anything – just copy it somewhere else </li></ul>(c) David Strom
    26. 26. (c) David Strom
    27. 27. Our biggest threat <ul><li>Or McDonalds or anywhere there is free Wifi! </li></ul>(c) David Strom
    28. 28. Recommendations <ul><li>VPNs for everyone </li></ul>(c) David Strom
    29. 29. Lockdown your laptops (c) David Strom
    30. 30. (c) David Strom Encryption needs to be rule, not the exception
    31. 31. (c) David Strom
    32. 32. Thanks and questions? <ul><li>Copies of this presentation and others can be found here: </li></ul><ul><li> </li></ul><ul><li>My website: </li></ul><ul><li> </li></ul>(c) David Strom