Post Apocalyptic Cyber Realism    Richard Stiennon    Chief Research Analyst    IT-Harvest    www.it-harvest.com    twitte...
www.it-harvest.comtwitter.com/cyberwarBlog: www.forbes.com/richardstiennon
The futility of proposed scenariosA stab in the dark at a divergent future, while interesting,  is doing us a disservice.
Scenario 1.Collateral damage from cyberwar• Wide spread state sponsored DDoS  attack• Communication outages• Official web ...
The reality• August 8, 2008 Russia invades  Georgia• DDoS against Georgia    president.gov.ge    rustavi2.com• Tulip Syste...
A little preparation
Scenario 2. Political protestersenlist social media to target attacks  Facebook or Twitter used to call protesters  to arm...
Twitter as tool of riot creationPost Iranian election Twitter was used to support  virtual riots via DDoS                 ...
Twitter escalationPhase 1. Hackinginstructions sites.Phase 2. Links topagereload.comPhase 3. Links toa specially craftedsi...
Scenario 3. An insider usesprivileged access to steal customerdata  • Despite strong authentication,    encryption, and DL...
 Rene RebolloCountrywide data loss     estimated he                          downloaded about                          20...
Scenario 4. Malicious SoftwareUpdates•   A software vendor issues software    updates that are malicious in nature•   Soft...
Athens 2004A series of software updates turns onLawful intercept function104 diplomats and Olympic officialsspied onEngine...
Scenario 5. Hardware backdoors• Hardware vendor builds backdoors  into critical equipment• Uses backdoor to steal confiden...
Hardware backdoors•   Test 1•   Esample 3•   Example 3
Scenario 6. Insider abuseInsider uses knowledge of business  systems and back office to get  around internal controls.Loss...
Trading losses2008, Jerome Kerviel covers up trading losses,Largest trading fraud in history to be carried out by a single...
Scenario 7. Spurious BGP routeannouncements used to black holethe InternetThe biggest single vulnerability in Internet inf...
YouTube rerouted by PakistanFebruary 24, 2008
China drinks from a fire hose   “Internet routing, believe it or not, still works on the honor   system.”“On April 8th (20...
Mubarak’s Internet Kill SwitchJanuary 27, 2011At 22:34 UTC (00:34am local time), Renesysobserved the virtually simultaneou...
Scenario 8. State sponsored spying•   A nation state infiltrates dozens of    computers belonging to key    personnel•   R...
Ghostnet•   Office of the Dalai Lama infiltrated    through malware installed on    computers•   Email servers completely ...
Sound familiar?•   Pentagon 2007•   Rio Tinto 2009•   Google Aurora 2010•   Night Dragon•   RSA 2011•   Mitsubishi, Kawasa...
Scenario 9: Weapons grade malwareused for sabotage
Stuxnet - most advanced malware
Breaking newsOctober 18: Symantec announces new variants of Stuxnet in the  wild.-New version was written by authors with ...
Scenario 10. Cyber attacks insupport of military strikes.Syria invaded by Israeli war planes that destroy a nuclear reacto...
Every sector hasalready experiencedcyber disaster.What are we waiting         for?
Blog: www.threatchaos.comemail: richard@it-harvest.comTwitter: twitter.com/cyberwar
Post Apocalyptic Cyber Realism
Upcoming SlideShare
Loading in …5
×

Post Apocalyptic Cyber Realism

1,272 views

Published on

No need to plan for future cyber disasters when what has already occurred justifies changes in defensive postures.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,272
On SlideShare
0
From Embeds
0
Number of Embeds
25
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  • \n
  • \n
  • CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  • 20 million Ids including SSN stolen by the insider, Rene Rebollo, Wahid Siddiqi, 25,was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The FBI's statement alleges Rebollo was taking the personal information of mortgage customers, including social security numbers, storing them on a USB thumb drive. Rebollo told the law enforcement he profited anywhere from $50,000 to $70,000 from the sale of the Countrywide-owned data. In an FBI affidavit Rebollo estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto the flash drives and then took the spreadsheets and emailed them to buyers from business center stores.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Post Apocalyptic Cyber Realism

    1. 1. Post Apocalyptic Cyber Realism Richard Stiennon Chief Research Analyst IT-Harvest www.it-harvest.com twitter.com/cyberwar or twitter.com/stiennon
    2. 2. www.it-harvest.comtwitter.com/cyberwarBlog: www.forbes.com/richardstiennon
    3. 3. The futility of proposed scenariosA stab in the dark at a divergent future, while interesting, is doing us a disservice.
    4. 4. Scenario 1.Collateral damage from cyberwar• Wide spread state sponsored DDoS attack• Communication outages• Official web sites taken down
    5. 5. The reality• August 8, 2008 Russia invades Georgia• DDoS against Georgia president.gov.ge rustavi2.com• Tulip Systems Atlanta• 68,000 requests/sec
    6. 6. A little preparation
    7. 7. Scenario 2. Political protestersenlist social media to target attacks Facebook or Twitter used to call protesters to arms DDoS tools distributed along with instructions Websites disabled
    8. 8. Twitter as tool of riot creationPost Iranian election Twitter was used to support virtual riots via DDoS Note that AnonymousOps used LOIC too!
    9. 9. Twitter escalationPhase 1. Hackinginstructions sites.Phase 2. Links topagereload.comPhase 3. Links toa specially craftedsite that opens 15frames onpagereload.com
    10. 10. Scenario 3. An insider usesprivileged access to steal customerdata • Despite strong authentication, encryption, and DLP, a trusted employee steals customer data • Sells it to a third party
    11. 11.  Rene RebolloCountrywide data loss estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto flash drives.  2 million total identities sold to Wahid Siddiqi, his outside accomplice.
    12. 12. Scenario 4. Malicious SoftwareUpdates• A software vendor issues software updates that are malicious in nature• Software is back-doored• Systems compromised.
    13. 13. Athens 2004A series of software updates turns onLawful intercept function104 diplomats and Olympic officialsspied onEngineer mysteriously commits suicide
    14. 14. Scenario 5. Hardware backdoors• Hardware vendor builds backdoors into critical equipment• Uses backdoor to steal confidential information• Gains control of network
    15. 15. Hardware backdoors• Test 1• Esample 3• Example 3
    16. 16. Scenario 6. Insider abuseInsider uses knowledge of business systems and back office to get around internal controls.Loss of millions
    17. 17. Trading losses2008, Jerome Kerviel covers up trading losses,Largest trading fraud in history to be carried out by a single person.$7.14 Billion5 year sentence reduced to 3
    18. 18. Scenario 7. Spurious BGP routeannouncements used to black holethe InternetThe biggest single vulnerability in Internet infrastructure used to1. Deny access to a service2. Siphon data3. Shut off a country
    19. 19. YouTube rerouted by PakistanFebruary 24, 2008
    20. 20. China drinks from a fire hose “Internet routing, believe it or not, still works on the honor system.”“On April 8th (2010), starting at 15:50 UTC, China Telecomincorrectly asserted ownership of more than 50,000 differentblocks of IP addresses. “ -Renysis Blog 15% of the Internet was party to a man in the middle attack for18 minutes.
    21. 21. Mubarak’s Internet Kill SwitchJanuary 27, 2011At 22:34 UTC (00:34am local time), Renesysobserved the virtually simultaneous withdrawalof all routes to Egyptian networks in theInternets global routing table. Approximately3,500 individual BGP routes were withdrawn,leaving no valid paths by which the rest of theworld could continue to exchange Internettraffic with Egypts service providers.
    22. 22. Scenario 8. State sponsored spying• A nation state infiltrates dozens of computers belonging to key personnel• Reads emails• Steals information• Uses information to impact diplomatic mission
    23. 23. Ghostnet• Office of the Dalai Lama infiltrated through malware installed on computers• Email servers completely owned• Emails modified in transit• Email read and acted on• Over 1,200 infected computers globally
    24. 24. Sound familiar?• Pentagon 2007• Rio Tinto 2009• Google Aurora 2010• Night Dragon• RSA 2011• Mitsubishi, Kawasaki, 2011
    25. 25. Scenario 9: Weapons grade malwareused for sabotage
    26. 26. Stuxnet - most advanced malware
    27. 27. Breaking newsOctober 18: Symantec announces new variants of Stuxnet in the wild.-New version was written by authors with access to original Stuxnet source code-This version targets PLC manufacturers.-Most recent sample was compiled on October 17th.
    28. 28. Scenario 10. Cyber attacks insupport of military strikes.Syria invaded by Israeli war planes that destroy a nuclear reactor.Network attacks to shut down command and controlAirborn attacks against radar systems to “inject code” and shut down radar systems.Breaking news, October 18, New York Times reports that Obama’s administration considered similar attacks against Libya.
    29. 29. Every sector hasalready experiencedcyber disaster.What are we waiting for?
    30. 30. Blog: www.threatchaos.comemail: richard@it-harvest.comTwitter: twitter.com/cyberwar

    ×