Cyber Terrorism


Published on

Published in: Technology, News & Politics
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber Terrorism

  1. 1. CYBER ATTACKS: The Next Frontier<br />
  2. 2. <ul><li>“The nation is vulnerable to new forms of terrorism ranging from cyber attacks to attacks on our commercial and governmental infrastructure abroad to ballistic missile attacks on out cities.
  3. 3. “Wars in the 21st century will increasingly require all elements of national power – not just the military. They will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work together.”</li></ul>Ex-President: Mr. APJ Abdul Kalam<br />
  4. 4. Discussion<br /><ul><li> Critical Infrastructures
  5. 5. Terrorist Internet Exploits
  6. 6. Tactics and Strategy</li></li></ul><li>Critical Infrastructures<br />Where the Jewels Are<br />
  7. 7.
  8. 8. Imagine Planning for These Contingencies<br />ATM Failures<br />Power Outages<br />Parliament Attack<br />Bridges Down<br />Airliner Crash<br />Mumbai City<br />Oil Refinery Fire<br />Telephone Outages<br />Poisoned Water Supply<br />ISPs All Offline<br />Emergency Assistance (100/101) System Down<br />Unrelated Events or Strategic Attack?<br />
  9. 9. Using Our Systems Against Us<br /><ul><li>Aircraft – Pentagon/Twin Towers
  10. 10. Mail distribution network – Anthrax
  11. 11. Computers – next step ?</li></li></ul><li>Real World Example – Australia 2000<br />Maroochy Shire Waste Water Plant – Sunshine Coast<br />Insider <br />46 intrusions over 2 month period<br />Release of sewage into parks, rivers <br />Environmental damage<br />
  12. 12. Real World Example – USA 2001<br />San Francisco FBI Field Office Investigation<br />Internet probes from Saudi Arabia, Indonesia, Pakistan <br />Casings of web sites regarding emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities<br />Exploring digital systems used to manage these systems <br />
  13. 13. Why Cyber Attack on Critical Infrastructures?<br /><ul><li>National Security</li></ul>Reduce our ability to protect its interests<br /><ul><li>Public Psyche</li></ul>Erode confidence in critical services and the government <br /><ul><li>Economic impact</li></ul>Damage economic systems<br /><ul><li>Enhancement of Physical Attacks</li></ul>Physical damage/distraction efforts<br /><ul><li>Asymmetric Warfare</li></ul>Lack of attribution, low cost/high potential impact<br />
  14. 14. How are we vulnerable?<br /><ul><li>Globalization of infrastructures = vulnerability
  15. 15. Anonymous access to infrastructures via the Internet and SCADA
  16. 16. Interdependencies of systems make attack consequences harder to predict and more severe
  17. 17. Malicious software is widely available and does not require a high degree of technical skill to use
  18. 18. More individuals with malicious intent on Internet
  19. 19. New cyber threats outpace defensive measures </li></li></ul><li>Vulnerability Types<br /><ul><li>Computer based</li></ul>Poor passwords<br />Lack of appropriate protection/or improperly configured protection<br /><ul><li>Network based</li></ul>Unprotected or unnecessary open entry points<br /><ul><li>Personnel based</li></ul>Temporary/staff firings<br />Disgruntled personnel<br />Lack of training<br /><ul><li>Facility based</li></ul>Servers in unprotected areas<br />Inadequate security policies<br />
  20. 20. Al-Qaeda<br />Al-Qaeda laptop found in Afghanistan contained:<br /><ul><li>Hits on web sites that contained “Sabotage Handbook”
  21. 21. Handbook – Internet tools, planning a hit, anti-surveillance methods, “cracking” tools
  22. 22. Al-Qaeda actively researched publicly available information concerning critical infrastructures posted on web sites</li></li></ul><li>Terrorist Internet Exploits<br />What are we up against?<br />
  23. 23. Terrorist Groups<br /><ul><li> Al-Qaida
  24. 24. Al-umar- Mujahideen
  25. 25. HizbulMujahideen
  26. 26. Harkat-ul- Mujahideen
  27. 27. Indian Mujahideen
  28. 28. Jaish-e-Mahommad
  29. 29. Jamat-ul- Mujahideen
  30. 30. Laskar-e-Toiba</li></li></ul><li>Terrorists<br />Attention must be paid to studying the terrorists: <br />Ideology <br />History<br />Motivation <br />Capabilities<br />
  31. 31. Terrorists<br /><ul><li>Terrorism is carried out by disrupting activities, undermining confidence, and creating fear
  32. 32. In the future, cyber terrorism may become a viable option to traditional physical acts of violence due to:</li></ul>Perceived anonymity<br />Diverse targets<br />Low risk of detection<br />Low risk of personnel injury<br />Low investment<br />Operate from nearly any location<br />Few resources are needed<br />
  33. 33. Terrorist Use of the Internet<br /><ul><li>Hacktivism
  34. 34. Cyber Facilitated Terrorism
  35. 35. Cyber terrorism</li></li></ul><li>Cyber Arsenal for Terrorists<br />Internet newsgroups, web home pages, and IRC channels include:<br />Automated attack tools (Software Tools)<br />Sniffers (capture information i.e. password/log-on)<br />Rootkits (facilitate/mask intrusion)<br />Network Vulnerability Analyzers (SATAN/Nessus)<br />Spoofing<br />Trojan Horses<br />Worms<br />DoS<br />
  36. 36. Cyber Attack Methodology<br /><ul><li>Resource Denial</li></ul>Virus/malicious code<br />“Legitimate” traffic overwhelms site (unauthorized high-volume links)<br />DoS<br />DDoS<br /><ul><li>WWW Defacement</li></ul>Defacement to embarrass<br />Content modification to convey message<br />Content modification as component of disinformation campaign<br />
  37. 37. Computer System Compromises<br /><ul><li>System Compromise</li></ul>Data destruction<br />Data modification<br />Information gathering<br />Compromised platform :<br />Launch pad for attacks<br />Jump off point for other compromises<br /><ul><li>Target Research and Acquisition</li></ul>Internet makes significant amounts of data instantly and anonymously accessible.<br />
  38. 38. Hacktivism<br />Hacktivism is hacking with a cause and is concerned with influencing opinions on a specific issue.<br />Example:ELF hacks into the web page of a local ski resort and defaces the web page. This is done to reflect the groups objections to environmental issues. <br />
  39. 39. Smithsonian<br />Mental Institution<br />Hacktivism<br />Electronic Disturbance Theater<br />
  40. 40.
  41. 41. Cyber Facilitated Terrorism<br /><ul><li>Terrorists utilize web sites to actively recruit members and publicize propaganda as well as to raise funds
  42. 42. Web sites also contain information necessary to construct weapons, obtain false identification
  43. 43. Use Internet as a communications tool via chat rooms, BBS, email
  44. 44. Hijackers utilized cyber cafés to communicate via Internet and order airline tickets</li></li></ul><li>6. Feroz Abbasi<br />4. Zacarias <br />Moussaoui<br />5. Richard Reid<br />3. Kamel Daoudi<br />7. Nizar Tribelsi<br />8. Abu Hamza<br />2. Djamel Beghal<br />9. Abu Qatada<br />1. Finsbury Park Mosque, <br /> North London<br />
  45. 45. KamelDaoudi – <br />Believed to be Al-Qaeda Cyber Terrorist. Arrested for alleged involvement in plot to bomb American Embassy in Paris<br />
  46. 46. Cyberterrorism<br />Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.<br />
  47. 47. THE CYBERTERRORIST THREAT<br />Assessing the Threat<br />Behavioral Profile<br />Technical Feasibility<br />THREAT<br />Operational Practicality<br />
  48. 48. Availability of Capability<br />Precision Guided<br />Munitions<br />Cruise Missile<br />Invasion<br />Computer<br />Strategic<br />Nuclear<br />Weapons<br />Missiles<br />ICBM & SLBM<br />Cost & Means of Attack<br />Cost of Capability<br />1955<br />1960<br />1970<br />1975<br />1985<br />1945<br />Today<br />
  49. 49. Tactics and Strategy<br />Prevention and cooperation<br />
  50. 50. Home Security -Cyber Transformation<br /><ul><li> Terrorism and Cyber Crime – top priorities
  51. 51. Recruitment of engineers and computer scientists – critical skills
  52. 52. Increasing agents dedicated to cyber crime
  53. 53. Creation of Cyber Task Forces in field offices</li></li></ul><li>Cyber Terrorism Prevention – Old Methods for New Problem<br /><ul><li> Liaison
  54. 54. Critical Infrastructure Companies, i.e. FBI InfraGard
  55. 55. Internet Service Providers
  56. 56. Universities
  57. 57. Internet Cafes
  58. 58. Hacker clubs
  59. 59. IT companies, developers
  60. 60. International, local law enforcement
  61. 61. Look – on the Internet
  62. 62. Coordinate - national security, terrorist personnel</li></li></ul><li>Conclusion<br /><ul><li>Our national security, databases, and economy are extremely dependent upon automation
  63. 63. Therefore, there exists a “target rich environment” for those who would do harm via the Internet
  64. 64. Our critical infrastructures require joint private/public efforts to protect them</li></li></ul><li>THANK YOU<br />Deepak Pareek<br /><br />