SlideShare a Scribd company logo

Post Apocalyptic Cyber Realism

Download as KEY, PDF
Richard Stiennon
Richard Stiennon

This document outlines 10 post-apocalyptic cyber scenarios and provides real world examples for each. The scenarios include: 1) widespread DDoS attacks causing communication outages, 2) social media being used to coordinate DDoS protests, 3) an insider stealing customer data, 4) malicious software updates, 5) hardware backdoors enabling theft and network control, 6) an insider abusing privileges for financial gain, 7) erroneous BGP routes blackholing the internet, 8) state-sponsored cyber espionage, 9) weapons-grade malware used for sabotage like Stuxnet, and 10) cyber attacks supporting military strikes

1 of 31
Post Apocalyptic Cyber Realism Richard Stiennon Chief Research Analyst IT-Harvest www.it-harvest.com twitter.com/cyberwar or twitter.com/stiennon
www.it-harvest.com twitter.com/cyberwar Blog: www.forbes.com/richardstiennon
The futility of proposed scenarios A stab in the dark at a divergent future, while interesting, is doing us a disservice.
Scenario 1. Collateral damage from cyberwar • Wide spread state sponsored DDoS attack • Communication outages • Official web sites taken down
The reality • August 8, 2008 Russia invades Georgia • DDoS against Georgia president.gov.ge rustavi2.com • Tulip Systems Atlanta • 68,000 requests/sec
A little preparation
Scenario 2. Political protesters enlist social media to target attacks Facebook or Twitter used to call protesters to arms DDoS tools distributed along with instructions Websites disabled
Twitter as tool of riot creation Post Iranian election Twitter was used to support virtual riots via DDoS Note that AnonymousOps used LOIC too!
Twitter escalation Phase 1. Hacking instructions sites. Phase 2. Links to pagereload.com Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com
Scenario 3. An insider uses privileged access to steal customer data • Despite strong authentication, encryption, and DLP, a trusted employee steals customer data • Sells it to a third party
 Rene Rebollo Countrywide data loss estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto flash drives.  2 million total identities sold to Wahid Siddiqi, his outside accomplice.
Scenario 4. Malicious Software Updates • A software vendor issues software updates that are malicious in nature • Software is back-doored • Systems compromised.
Athens 2004 A series of software updates turns on Lawful intercept function 104 diplomats and Olympic officials spied on Engineer mysteriously commits suicide
Scenario 5. Hardware backdoors • Hardware vendor builds backdoors into critical equipment • Uses backdoor to steal confidential information • Gains control of network
Hardware backdoors • Test 1 • Esample 3 • Example 3
Scenario 6. Insider abuse Insider uses knowledge of business systems and back office to get around internal controls. Loss of millions
Trading losses 2008, Jerome Kerviel covers up trading losses, Largest trading fraud in history to be carried out by a single person. $7.14 Billion 5 year sentence reduced to 3
Scenario 7. Spurious BGP route announcements used to black hole the Internet The biggest single vulnerability in Internet infrastructure used to 1. Deny access to a service 2. Siphon data 3. Shut off a country
YouTube rerouted by Pakistan February 24, 2008
China drinks from a fire hose “Internet routing, believe it or not, still works on the honor system.” “On April 8th (2010), starting at 15:50 UTC, China Telecom incorrectly asserted ownership of more than 50,000 different blocks of IP addresses. “ -Renysis Blog 15% of the Internet was party to a man in the middle attack for 18 minutes.
Mubarak’s Internet Kill Switch January 27, 2011 At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers.
Scenario 8. State sponsored spying • A nation state infiltrates dozens of computers belonging to key personnel • Reads emails • Steals information • Uses information to impact diplomatic mission
Ghostnet • Office of the Dalai Lama infiltrated through malware installed on computers • Email servers completely owned • Emails modified in transit • Email read and acted on • Over 1,200 infected computers globally
Sound familiar? • Pentagon 2007 • Rio Tinto 2009 • Google Aurora 2010 • Night Dragon • RSA 2011 • Mitsubishi, Kawasaki, 2011
Scenario 9: Weapons grade malware used for sabotage
Stuxnet - most advanced malware
Breaking news October 18: Symantec announces new variants of Stuxnet in the wild. -New version was written by authors with access to original Stuxnet source code -This version targets PLC manufacturers. -Most recent sample was compiled on October 17th.
Scenario 10. Cyber attacks in support of military strikes. Syria invaded by Israeli war planes that destroy a nuclear reactor. Network attacks to shut down command and control Airborn attacks against radar systems to “inject code” and shut down radar systems. Breaking news, October 18, New York Times reports that Obama’s administration considered similar attacks against Libya.
Every sector has already experienced cyber disaster. What are we waiting for?
Blog: www.threatchaos.com email: richard@it-harvest.com Twitter: twitter.com/cyberwar

Recommended

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
arel shane
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Muhammad Hamza
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Hacking
HackingHacking
HackingKaran Poshattiwar
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
technical disaster
technical disastertechnical disaster
technical disaster
kaushik_sutariya_
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 

Recommended

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
arel shane
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Muhammad Hamza
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Hacking
HackingHacking
HackingKaran Poshattiwar
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
technical disaster
technical disastertechnical disaster
technical disaster
kaushik_sutariya_
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
Sanguine_Eva
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
satish kumar
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
Sibghatullah Khattak
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Renu Verma
 
Hacking
HackingHacking
Hacking
Haider Akbar
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
Subhoneel Datta
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
prashsiv
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohit Trimukhe
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTVivekanandan M
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
vishakha bhagwat
 
"Hacking"
"Hacking""Hacking"
"Hacking"
Ameesha Indusarani
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
PRESENTATIONSFORESL
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingDamisetty Bala Naga Rama Sesha Sai
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
Coder Tech
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
windows21
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
ITP - Information Technology Professionals
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 

More Related Content

What's hot

Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
Sanguine_Eva
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
satish kumar
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
Sibghatullah Khattak
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Renu Verma
 
Hacking
HackingHacking
Hacking
Haider Akbar
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
Subhoneel Datta
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
prashsiv
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohit Trimukhe
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTVivekanandan M
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
vishakha bhagwat
 
"Hacking"
"Hacking""Hacking"
"Hacking"
Ameesha Indusarani
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
PRESENTATIONSFORESL
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
Coder Tech
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
windows21
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
Madhusudhan G
 

What's hot (20)

Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPT
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
"Hacking"
"Hacking""Hacking"
"Hacking"
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 

Similar to Post Apocalyptic Cyber Realism

Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
ITP - Information Technology Professionals
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
karthickB24
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
Jaskaran Narula
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
SABBY GILL
 
Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
harshitakhandelwal26
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
schwarz10
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
ArjunKumar684595
 
Week nine- Securing info systems lecture
Week nine- Securing info systems lectureWeek nine- Securing info systems lecture
Week nine- Securing info systems lecture
Aiman Niazi
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
chauhananand17
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
shreyas dani
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
Fabio Ghioni
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
Bill Ross
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
Ahmed Tememe
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
ssuserec53e73
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
Pierluigi Paganini
 
NS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdfNS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdf
Aadil83
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 

Similar to Post Apocalyptic Cyber Realism (20)

Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
Cyber war
Cyber warCyber war
Cyber war
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
Week nine- Securing info systems lecture
Week nine- Securing info systems lectureWeek nine- Securing info systems lecture
Week nine- Securing info systems lecture
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
 
2hacking.ppt
2hacking.ppt2hacking.ppt
2hacking.ppt
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
NS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdfNS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdf
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 

More from Richard Stiennon

Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
Richard Stiennon
 
Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trends
Richard Stiennon
 
The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be Cyberwar
Richard Stiennon
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar
Richard Stiennon
 
How the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsHow the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwars
Richard Stiennon
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
Richard Stiennon
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Richard Stiennon
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security Forever
Richard Stiennon
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process Hacking
Richard Stiennon
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick?
Richard Stiennon
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
Richard Stiennon
 
Titan Rain
Titan RainTitan Rain
Titan Rain
Richard Stiennon
 
Cyberwar Update2010
Cyberwar Update2010Cyberwar Update2010
Cyberwar Update2010
Richard Stiennon
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09
Richard Stiennon
 
Surviving Cyber War
Surviving Cyber WarSurviving Cyber War
Surviving Cyber War
Richard Stiennon
 

More from Richard Stiennon (15)

Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
 
Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trends
 
The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be Cyberwar
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar
 
How the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsHow the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwars
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security Forever
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process Hacking
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick?
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Cyberwar Update2010
Cyberwar Update2010Cyberwar Update2010
Cyberwar Update2010
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09
 
Surviving Cyber War
Surviving Cyber WarSurviving Cyber War
Surviving Cyber War
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 

Post Apocalyptic Cyber Realism

  • 1. Post Apocalyptic Cyber Realism Richard Stiennon Chief Research Analyst IT-Harvest www.it-harvest.com twitter.com/cyberwar or twitter.com/stiennon
  • 3. The futility of proposed scenarios A stab in the dark at a divergent future, while interesting, is doing us a disservice.
  • 4.
  • 5. Scenario 1. Collateral damage from cyberwar • Wide spread state sponsored DDoS attack • Communication outages • Official web sites taken down
  • 6. The reality • August 8, 2008 Russia invades Georgia • DDoS against Georgia president.gov.ge rustavi2.com • Tulip Systems Atlanta • 68,000 requests/sec
  • 8. Scenario 2. Political protesters enlist social media to target attacks Facebook or Twitter used to call protesters to arms DDoS tools distributed along with instructions Websites disabled
  • 9. Twitter as tool of riot creation Post Iranian election Twitter was used to support virtual riots via DDoS Note that AnonymousOps used LOIC too!
  • 10. Twitter escalation Phase 1. Hacking instructions sites. Phase 2. Links to pagereload.com Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com
  • 11. Scenario 3. An insider uses privileged access to steal customer data • Despite strong authentication, encryption, and DLP, a trusted employee steals customer data • Sells it to a third party
  • 12.  Rene Rebollo Countrywide data loss estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto flash drives.  2 million total identities sold to Wahid Siddiqi, his outside accomplice.
  • 13. Scenario 4. Malicious Software Updates • A software vendor issues software updates that are malicious in nature • Software is back-doored • Systems compromised.
  • 14. Athens 2004 A series of software updates turns on Lawful intercept function 104 diplomats and Olympic officials spied on Engineer mysteriously commits suicide
  • 15. Scenario 5. Hardware backdoors • Hardware vendor builds backdoors into critical equipment • Uses backdoor to steal confidential information • Gains control of network
  • 16. Hardware backdoors • Test 1 • Esample 3 • Example 3
  • 17. Scenario 6. Insider abuse Insider uses knowledge of business systems and back office to get around internal controls. Loss of millions
  • 18. Trading losses 2008, Jerome Kerviel covers up trading losses, Largest trading fraud in history to be carried out by a single person. $7.14 Billion 5 year sentence reduced to 3
  • 19. Scenario 7. Spurious BGP route announcements used to black hole the Internet The biggest single vulnerability in Internet infrastructure used to 1. Deny access to a service 2. Siphon data 3. Shut off a country
  • 20. YouTube rerouted by Pakistan February 24, 2008
  • 21. China drinks from a fire hose “Internet routing, believe it or not, still works on the honor system.” “On April 8th (2010), starting at 15:50 UTC, China Telecom incorrectly asserted ownership of more than 50,000 different blocks of IP addresses. “ -Renysis Blog 15% of the Internet was party to a man in the middle attack for 18 minutes.
  • 22. Mubarak’s Internet Kill Switch January 27, 2011 At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers.
  • 23. Scenario 8. State sponsored spying • A nation state infiltrates dozens of computers belonging to key personnel • Reads emails • Steals information • Uses information to impact diplomatic mission
  • 24. Ghostnet • Office of the Dalai Lama infiltrated through malware installed on computers • Email servers completely owned • Emails modified in transit • Email read and acted on • Over 1,200 infected computers globally
  • 25. Sound familiar? • Pentagon 2007 • Rio Tinto 2009 • Google Aurora 2010 • Night Dragon • RSA 2011 • Mitsubishi, Kawasaki, 2011
  • 26. Scenario 9: Weapons grade malware used for sabotage
  • 27. Stuxnet - most advanced malware
  • 28. Breaking news October 18: Symantec announces new variants of Stuxnet in the wild. -New version was written by authors with access to original Stuxnet source code -This version targets PLC manufacturers. -Most recent sample was compiled on October 17th.
  • 29. Scenario 10. Cyber attacks in support of military strikes. Syria invaded by Israeli war planes that destroy a nuclear reactor. Network attacks to shut down command and control Airborn attacks against radar systems to “inject code” and shut down radar systems. Breaking news, October 18, New York Times reports that Obama’s administration considered similar attacks against Libya.
  • 30. Every sector has already experienced cyber disaster. What are we waiting for?

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  9. \n
  10. \n
  11. CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  12. 20 million Ids including SSN stolen by the insider, Rene Rebollo, Wahid Siddiqi, 25,was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The FBI's statement alleges Rebollo was taking the personal information of mortgage customers, including social security numbers, storing them on a USB thumb drive. Rebollo told the law enforcement he profited anywhere from $50,000 to $70,000 from the sale of the Countrywide-owned data. In an FBI affidavit Rebollo estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto the flash drives and then took the spreadsheets and emailed them to buyers from business center stores.\n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n