3. The New Front Line:
Estonia under cyberassault
ā¢ IEEE Security & Privacy July/August 2007 (vol. 5 no. 4)
ā¢ Overviews a Distributed Denial of Service attack on Estonia,
hypothesises perpetrators, mechanisms and even cost
ā¢ Michael Lesk of Rutgers University
Wrote a number of Unix utilities - lex, uucp and the
predecessor to stdio Involved with a number of
information systems Apparently only recent contributions
3 of 19
4. Malice in Wonderland
There are a variety of software threats for machines connected to
a network.
ā¢ Worms
ā¢ Viruses
ā¢ Trojans
ā¢ Rootkits
ā¢ Other malware
But threats may come from software not created with malicious
intent..
4 of 19
5. Cyber Warriors - Who
ā¢ Academics
ā¢ Malicious programmers & āScript Kiddiesā
ā¢ Spammers
ā¢ Disgruntled employees
ā¢ Hacktivists
ā¢ Military groups
5 of 19
6. Cyber Warfare - Why
The why depends on the who..
ā¢ Research
ā¢ Mischief
ā¢ Corporate espionage
ā¢ Money
ā¢ Political statements
ā¢ Terrorism
6 of 19
7. Worms
A computer program that self-replicates over a computer
network.
ā¢ 1988 - The Morris Worm - intended to guage the size of the
Internet
ā¢ 1999 - ILOVEYOU - simple VBS script that used Outlook to
propagate
ā¢ 2003 - SQL Slammer - slowed general Internet traļ¬c,
targetted a buļ¬er overļ¬ow in MS SQL
ā¢ 2010 - Stuxnet - attacks a speciļ¬c industrial PLC system from
Siemens
7 of 19
9. Botnets
ā¢ A collection of infected hosts running autonomous software
that can repond to commands
ā¢ Worms designed to contact and respond to an owner
ā¢ Geographically dispersed
ā¢ Used for Denial of Service attacks, Spamming, Proxying,
Dialing
ā¢ Software is easy to obtain and modify
ā¢ Often āwarā between owners for control of susceptible
machines
ā¢ Up to a quarter of personal computers may be a part of a
botnet (BBC)
9 of 19
10. Botnets
Illustration of a Distributed Denial of Service attack performed with a botnet.
10 of 19
11. Botnets
A graph counting all the known command and control networks by the Shadowserver Foundation
11 of 19
12. Denial of Service
An extremely common form of general attack. Often use botnets.
ā¢ Type
ā¦ Distributed
ā¦ Flood - ICMP, SYN, Smurf
ā¦ Teardrop
ā¦ Peer-to-peer& multicast
ā¦ Application ļ¬ood
ā¦ Phlashing
ā¢ Motive
ā¦ Personal
ā¦ Business
ā¦ Political and Tactical
12 of 19
13. Denial of Service Attacks
Summary of DoS attack methods, from http://atlas.arbor.net/summary/dos
13 of 19
14. The Estonian Cyberassault
ā¢ Stong technological society
ā¢ Followed protests in which one person was killed and several
injured
ā¢ Attack not large, but target was small
ā¢ Estonia closed itself oļ¬ from the wider Internet
ā¢ General consensus is that it was not a military attack, due to
the style
14 of 19
15. Stuxnet
An unusually sophisticated worm.
ā¢ Utilises zero-day exploits in Windows
ā¢ Fradulent authentication certiļ¬cates
ā¢ Seeks out Programmable Logic Controllers (speciļ¬cally
Siemens) - industrial controllers for electromechanical devices
ā¢ Speculation that it was targeted at nuclear assets
ā¢ Majority of infection in Iran (Symantec)
ā¢ Uses ļ¬ngerprinting, apparently to target a speciļ¬c system
ā¢ Designed to cause catastrophic physical failure
ā¢ ā..mischief or ļ¬nancial reward wasnāt its purpose, it was aimed
right at the heart of a critical infrastructure.ā - Lumension IT
Security
15 of 19
16. Defensive Measures
ā¢ Common sense & Awareness
ā¦ Software updates
ā¦ Physical access
ā¦ Data authentication
ā¢ Using open source platforms
ā¢ Antivirus
ā¢ Firewalls & Routers
ā¢ Intrusion Detection Systems (IDS)
16 of 19
17. The Future
ā¢ Attacks can be economically and tactically signiļ¬cant to an
entire nation.. and the world?..
ā¢ Attacks will get more speciļ¬c - there are many kinds of
embedded system and many of them are turning into
fully-ļ¬edged computers
ā¢ Continuingly increasing awareness and security will force novel
methods of attack
17 of 19
18. Conclusions
ā¢ Undeniable military and political motivations
ā¢ Power is in the hand of individuals
ā¢ There is money to be made
ā¢ Thereās as much potential for abuse and misuse as for growth
and advancement
18 of 19
19. Resources
ā¢ Bob Gourley - Open Source Software and Cyber Defense
ā¢ http://asert.arbornetworks.com/2007/05/estonian-ddos-
attacks-a-summary-to-date/
ā¢ http://www.direct.gov.uk/nationalsecuritystrategy
ā¢ http://tools.ietf.org/rfc/rfc4732.txt
ā¢ http://schneier.com/blog/archives/2010/10/stuxnet.html
ā¢ http://www.avast.com/virus-monitor
ā¢ http://atlas.arbor.net/summary/dos
ā¢ http://news.bbc.co.uk/1/hi/business/6298641.stm
ā¢ http://www.bbc.co.uk/news/technology-11388018
ā¢ http://www.governmentsecurity.org/
ā¢ http://www.shadowserver.org/
ā¢ http://news.bbc.co.uk/1/hi/8489265.stm
19 of 19