Why there will be a Cyber-9/11. Soon (Cyber security, cybercrime, terrorism)

693 views

Published on

In correlation between decreasing software quality standards and increased demand for convenience, resulting in ever increasing deployment of network connected infrastructure, the risk of exploitation increases exponentially.

This paper outlines the coherent intertwinement between aforementioned factors and factors like cybercrime, and cyber terrorism become a much neglected problem.

Cyber security must become an essential part of such things as the upcoming smart grid.

Published in: Government & Nonprofit
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
693
On SlideShare
0
From Embeds
0
Number of Embeds
29
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Why there will be a Cyber-9/11. Soon (Cyber security, cybercrime, terrorism)

  1. 1. CREATING THE LEADERS OF THE DIGITAL ECONOMY Lars Hilse – Digital Strategy Consultants Eichstrasse 10 B | 25767 Bunsoh | Germany +1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559 WWW.LARSHILSE.COM //WHY THERE WILL BE A CYBER-9/11. SOON Published on July 29 th , 2014 // 1//EXECUTIVE SUMMARY To orchestrate and execute a major cyber terrorism attack, you need to circumvent four major obstacles: • Anonymous communication, so that you cannot be interrupted during the planning • Finding the right specialists with a low ethical standard (or short on cash) • Transferring assets to pay these specialists untraceably across borders • Vulnerable infrastructure you can exploit for such attacks. I have privately funded over two years of research worth over USD $125.000, revealing not only financial crimes with damages in excess of USD $2+ trillion p. a. During the research I have come to the conclusion that the aforementioned obstacles can all be circumvented today, and that vulnerabilities in both in civilian and military infrastructure can be exploited. While terrorists of the past had to sacrifice their lives or liberty to create major incidents, today they don’t even have to leave the comfort or their own home. Furthermore, these vulnerabilities don’t have to be exploited for classic, terrorist motives. They can also be used for anonymous extortion of corporations/governments, because attacks can be targeted in an exceptional fashion. 2//WHY A CYBER 9/11 IS IMMINENT On July 29th, 2014 Israel became victim to a cyber attack, in which Chinese hackers exploited their “Iron Dome” missile system, which protects the State of Israel from the rocket attacks originating from territories of their surrounding adversaries. This was the most recent example of exploits in network-connected infrastructure, outlining the massive vulnerabilities even in newer systems being deployed, preceded by the “Stuxnet” virus, which was probably the first publicly known incident in which a piece of software was
  2. 2. CREATING THE LEADERS OF THE DIGITAL ECONOMY Lars Hilse – Digital Strategy Consultants Eichstrasse 10 B | 25767 Bunsoh | Germany +1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559 WWW.LARSHILSE.COM used to destroy/alter a piece of network-connected infrastructure. Two main factors, which create a majority of the aforementioned vulnerabilities, are • The ever increasing demand for network connected infrastructure, and • The decreasing quality in software, or it’s so called End-of-Life When combined with the negligence towards technological advancement of governments attempting to create policy to reduce such risks, the potential devastation becomes incomprehensible. 3//INCREASING USAGE OF NETWORK CONNECTED INFRASTRUCTURE The exponential increase in network-connected infrastructure is due to two main factors: • Convenience and cost reduction in operational systems • Monitoring the operation decentralized/without human assets being on location This exponential increase, while bringing economic benefits along with them, create gaping holes in any organization’s infrastructure because their deployment is - more often than not - run on a tight budget, and/or are not sufficiently supervised during installation. Furthermore, a lot of the operators of such systems are insufficiently trained to understand the background of the system they are handling. This leads to a combination of critical factors, making anything from a traffic light to a power plant very vulnerable.
  3. 3. CREATING THE LEADERS OF THE DIGITAL ECONOMY Lars Hilse – Digital Strategy Consultants Eichstrasse 10 B | 25767 Bunsoh | Germany +1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559 WWW.LARSHILSE.COM 4//DECREASING SOFTWARE-QUALITY & END-OF-LIFE After Microsoft released Windows XP, it became clear that a majority of the focus on security had been sacrificed for the benefit of such things as “Windows XP Media Center Edition” and other gadgets built into operating systems. This diversion was the start to the creation of more consumer-focused operating systems with gaping security vulnerabilities, which can be exploited in any number of ways. Further, Windows XP was the last operating system capable of running a majority of the software, which in turn controlled the connected SCADAs, PLCs, and other network connected infrastructure interfaces of the world. XP’s end-of-life/end-of-support in early 2014 has increased the threat of exploitation of such systems significantly, as a majority of companies operating XP cannot/will not afford the continued maintenance offered through Microsoft at additional costs. The end-of-life-problem also applies for software written to control the interfaces between the operating system and the controller. The controllers are a difficulty by themselves because their average lifespan significantly exceeds that of the software running it, or the operating systems, which support them. In addition to this, the lifecycles of the operating systems have also shortened. Besides many other factors, it’s the lack of imagination and negligence towards such threats that elevates them significantly. 5//VULNERABILITIY PROLIFERATION OF NETWORK CONNECTED INFRASTRUCTURE For over 2 years I have been investigating the “Deep Web” and Bitcoin, exploiting terrorists using these channels to communicate and transfer funds anonymously. While the extent of these communications isn’t that far spread (yet), I recently discovered the standard passwords and other vulnerabilities of SCADAs and other systems controlling network-connected infrastructure.
  4. 4. CREATING THE LEADERS OF THE DIGITAL ECONOMY Lars Hilse – Digital Strategy Consultants Eichstrasse 10 B | 25767 Bunsoh | Germany +1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559 WWW.LARSHILSE.COM Exploiting these vulnerabilities can have significant consequences, because an ever-increasing amount of everyday infrastructure is controlled remotely through the Internet. Most of these systems are protected more of less sufficiently from the “outside world”, but once these protection methods have been circumvented, the systems controlling anything from a traffic light to a power plant, are freely accessible. 6//CONCLUSION For over two years I have been researching the “Deep Web” and Bitcoin, revealing a lot of startling crimes being committed therein and financed through Bitcoin. What makes these two elements of the Internet so attractive to criminals and terrorists is the fact that it provides • Almost absolute anonymity in communication through Email and other services • Untraceable money transfer across borders, even in large sums, with ways to obscure transactions Russia recently put out over USD $110.000 for anyone that can make usage of the Deep Web through TOR traceable. Looking at the criminal complaint filed against Ross Ulbricht makes it evident, that his apprehension in context to allegedly running Silk Road, the Deep Web’s number one site for drug trade (USD $1.2B transactions within 2 years), was only possible because he made mistakes in the founding stages of his endeavor. Resulting thereof, it is safe to assume that had these mistakes been avoided, the Silk Road would still be in operation. When these to major elements are combined with the fact that the world has tens of thousands vulnerabilities for criminal elements to exploit, the next step of assembling a team of specialists is just a matter time.

×