How to build a cyberarmy by Achraf Belaarch a.k.a


Published on

A Very detailed presentation on cyberwarfare done by a blogger and a malware researcher .

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to build a cyberarmy by Achraf Belaarch a.k.a

  1. 1. United Chips of Internet ● How to build a cyber army to attack an enemy . ● Achraf Belaarch ● Malware Analyst and UG Researcher ●
  2. 2. Overview ● About me ● Some background about cyberwarfare ● Cyberware attack weapons ● Cyberwar attacks vectors ● Strategies ● Defense against outsiders attacks ● Army Layout ● Timeline and preparations for a cyberwar and attacks ● Conclusion
  3. 3. Who I Am ● Last year in High School (Physics branch) ● 8 Year Experience in Windows,Computers in general ● MASM32,C,C++ Coder (Learning PHP/HTML and Improving C/C++/MASM32) ● Malware Analyst and Research ● Underweb & Underground Research and analysis of black cybermarket & illegal activites ● Hardcore Gamer
  4. 4. Cyberwarfare Basic
  5. 5. Cyberwarfare background ● US Annual military spendings : 800 Billion $ ● US Annual Cyberwarfare spendings : 4,7 Billion $ ● North Korea annual cyberwar spendings : ~60 Million $ ● Iran CyberWarfare spendings : 76 Million $ ● My Cyberarmy will coast around 1 million $ (real bargain)
  6. 6. Cyberwarfare Aspects ● On Cyberwar only 4 Aspects are primodial to run a successful attack ● Collect Intelligence (Enemy IT infrastructure,Enemy defenses...) ● Control Systems (Military Infrastructure,Energy,Factories...) ● Deny & Disable systems ● Cause harm and Destruct the enemy infrastructure
  7. 7. Some stats ● Personal Computer around the world ~2 billion ● Iphone devices around the world (~250 million) ● Android Devices around the world (~900 Million) ● Malwares Infection Stats : ● BredoLab (30 million infected PC) ● Mariposa (12 million infected PC) ● Conficker (10 million infected PC) ● TDL4 (4,5 million infected PC) ● Zeus (3,6 million infected PC)
  8. 8. Cyberwarfare Weapons ● Weapon #2 : Virus ● Unlike R.A.Ts they are coded to do a job no need for a C&C ● Writting a virus is one of the most respected hobbie in VX ● There is no limit when coding one ● Easy to evade security protection tools using advanced evasion procedures (Polymorphism,Metamorphism,Hooks,Injection ,Certificat e Stealing...)
  9. 9. Cyberwarfare Weapons ● Virus have been used many times ● Most advanced and Cyberwar virus are : ● StuxNet ( Exploiting 4 0-days ,Using 2 Stolen certificate for signed devices ) attacked Iran Natanz Nuclear Facility in order for sabotage of the Nuclear Reactor Turbines ● Duqu (Exploiting 1 0-day and Using a Jmicron stolen certificate )used a particular coding method (Duqu Framework ) and a new Injection method to evade multiple security protection (related to stuxnet)
  10. 10. Cyberwarfare possible weapons ● Weapon #1 : R.A.T ● Remote Administration Tool ● A Potential Malicious software that gives remote access to a Device over a network ● Allows attacker to monitor & grab potential important data or harm the controlled device ● Should be hard to detect & remove (Encryption,Packing,Injection ...)
  11. 11. Cyberwarfare Weapons ● Examples (Dark Comet,NetWire,Da Vinci...) ● Teamviewer,AMMYY are legal R.A.T but can be used for illegal activity ● Encryption is a must in order to evade AV's and other security system protection tools
  12. 12. Duqu & Stuxnet fast analysis ● Duqu is a variety of malicious codes and mini-softwares created for information stealing capabilities and in the background, kernel drivers and injection tools ● Some part of the code written is high level and anonym dubbed "Duqu framework". It is not C++, Python, Ada, Lua and many other checked languages.Latest evidence say that it's possibly coded in OOC and compiled using MSVS 2k8 ● Duqu flaw (0day exploited) is the flaw in Microsoft Windows that is used in malicious files to execute malware components of Duqu. Currently one flaw is known, a TTF related problem in win32k.sys. ● Operation Duqu is the process of only using Duqu for unknown goals. The operation might be related to Operation Stuxnet.
  13. 13. Duqu & Stuxnet Fast Analysis #2 ● Stuxnet was coded in C (10 000 day per coder) ● Experts compared the similarities and found three of interest: ● The installer exploits 4 zero-day Windows kernel vulnerabilities. ● Components are signed with stolen digital keys. ● Duqu and Stuxnet are both highly targeted and related to the nuclear program of Iran.
  14. 14. 0 days:The MDW of CyberWarfare ● 0 days is security vulnerability (flaw) that exists in a software and there is no patch or fix for it . ● Oftentime the existing of such flaw is unknow by the community even the vendor ● Difficult to defend against something you don't know it existence ● 0 days were used in multiple infection vectors & cyberattacks (StuxNet,Flame,Duqu,Cool EK...)
  15. 15. 0 days uses ● During early stages attacks it's primordial to look from a average attacker view ● Ex : ● Using know vulnerabilites/public exploits/public tools ● Harder to say it's cyberwarfare ● Inexpensive if caught ● 0days exploits / tools are hard to detect or notice ● Hard to fix and expensive and time consuming to replace
  16. 16. 0 days detection ● Possible but extremly difficult ● Lead to false positives ● Can be prevented and limited such as memory corruption attack detection (BOF,SOF...)
  17. 17. 0 day (From blackhat view) ● 0 days are sold in multiple forums/websites (private sometimes even public) ● 0 days prices (from my own research in multiple boards / disucussions with contacts) are between 200$~1 million$ ● 0 days are used by GOV's insider backdoors in multiple firms (HP/Dell/Microsoft/Oracle/Adobe) ● Cybercriminal are often paid for access to Companies VPS/Network … ● 0 days are the best infection vector for a good and destruction attack
  18. 18. Strategies:The 4 Steps Attack ● Dominate Cyberspace (The Hack the Planet procedure) ● Infiltrate Key system & Infrastructure in advance (take high priviliegs) ● Rely on research and Intel gathering (Informations,Devices,Infrastructure...) ● Use know exploits to takeover low level systems (personal computer,servers and 0 days if possible to take over key systems (Stock market,TV,Internet,ISP...)
  19. 19. Hack The Planet Procedure ● Dominate Cyberspace (controls as many device as you can)PC's,phones,smartphones,data servers...) ● Controlling many devices gives big power to attack enemy infrastructure (DDOS Attacks,Social Engineering...) ● Makes attribution easier for you and hard for your opponent ● Sometimes you find yourself inside Hard targets by luck ● Many hosts conduct to a successful attack
  20. 20. Attack Planning:Let's take over that shit ● Attacking well secured facilities/network requires research/planing/recon it can't be done overnight ● Many offensive capabilites (communication,scan,vulnerability testing...) are detected if performed quickly not slowly ● If planning was good it can conduct to a one click destroy against key systems of ennemy
  21. 21. Defense against other attackers ● As a General Amiral Master Chief President of the UCI I have many enemyes The Mazafaka Republic of Iranium Kim dong pong jong Il and the list goes on . As a defence you must take the right choice in order to prevent an attack against your infrastructure ● One of the best defence is offense many countries choose to attack and take over other countries in case the suspect a foreign attack ● Advanced Countries control the Information flaw Menwith Hill for exemple in U.K is a Co-Op between US/UK . To spy on phone calls,mails...
  22. 22. Defense against outside attackers ● The prism project was done in order to spy on email and social activity of Users not to mention NSA/FBI analysis co-op to stop any malware attacks and many other things that they do ● One of the main or key defense methods is to prevent primordial vectors many Countries create their own systems and don't use any suspected flawless software unlike others e.g Iran SCADA Software delivred by Siemens,BIS used by banks was exploited by Vladimir Levin and more than 10 million $ was transferd and the list goes on ….
  23. 23. Army Layout ● Cyberarmies deployed around the world are often new genius graduate from master universites like Harvard,MIT,Polytechnic,StITU... ● Recruters focus on many specifications before recruting one of them is strength,concentration,speed,reflex...An army must be ready at any time to defend and strike back ● Many armies use coders that code specific parts of malwares many of them are highly paid and never know what they are doing ● Pentesting,And continued stress testing is the main key to prepare an army not to forget knowledge and hard training,bug research...
  24. 24. Let's prepare an attack Part 1 ● Okay now i'll start talking about my army .Let's say i need to take over the US wich isn't hard at all ● TimeLine ● Lately a researcher discovered an Adobe Reader 11 exploit (0day) I buy it for around 10k (1 million – 10k = 990k thats what i still have from my budget) ● I Will hire 20 coder to code parts of a complete malware that will use the 0 day and take down the Nuclear Infrastructure coders are paid between 500$~2k$ for a job
  25. 25. Part 2 ● 20 coders each will be payed 2000 $ (20x2000=20000$) ● Now i still have 960k what do I need Yes I'll take down firewall and stop them from attacking Let me get a DDOS Botnet I'll buy one for 5k and buy BOTS (I'll focus on Servers and other computers with huge bandwitch) I'll buy 1 million bot 0,1$ each it will coast me 105000$ for this ● Yes I'll need an Insider as a Plan B to put the malware if the PDF Vector doesn't work I'll pay him 100k$ okay now i'm sure i'll get access to the foreign without problems
  26. 26. Part 3:I'm stealth motherfucker ● Let's say i'll buy 40 server around the world in countries that are not in good relation with my target it will coast me 1000$ per server okay now I have 40 VPN to spoof the DDOs attack , 2 Attack vectors . ● How much did I spent ? (10 000+205 000+40000+40000=295 000$ only to take down a nuclear facility the rest I may spending on advanced malware,probably more 0 days,Bank Fraud Software and the list goes on...
  27. 27. Conclusion ● As you can see with 1 million dollar Me with No knowledge on intels,Govs... I can take down a nuclear facility without problems so I let you imagine what a real country can do ...DESTROY FUCKING ENEMIES ● Cyberwarfare is a war with no human victims so it's the key for human survival but You are talking about the internet the real victim of this kind of warfare wich let's us think again how much secure we are in the web . ● All this was for educational purpose I'm not telling you to nuke another countries I'm explaining how cyberwarfare is and how cyber armies are many of informations here are just 10 % of reality who knows what really happens
  28. 28. The End ● I hope this funny,educational for you and I hope you liked it ● If you have any questions,discussion or anything you can email me ● Credits goes to : wikipedia,google,memegenerator,defcon 18,pwn20wn,Charlie Miller thanks for your idea you are a real genius:) ● Thanks to and Specially Lord Noteworthy a Friend a man who showed me a lot of stuff . Thanks dude
  29. 29. See ya (let's end with a sexy girl as always)