Embed Size (px)
Citation preview
Cyber-‐Warfare Prof. Ing. Claudio CILLI [email protected] h7p://dsi.uniroma1.it/~cilli
“Cyber a)acks…is not in any way comparable to weapons of mass destruc9on. What a lot of people call them is “weapons of mass annoyance.” If your power goes out for a couple of hours, if somebody draws a mustache on A)orney Gen. AshcroC’s face on his website, it’s annoying. It’s irrita9ng. But it’s not a weapon of mass destruc9on. The same is true for this”
-‐James Lewis, 2003, Director of the Center for Strategic and Interna9onal Studies
Cyber-‐Space – The Final Frontier • Considered the newest domain of warfare • Civilian vs. Civilian (Cyber-‐Crime) • Civilian vs. State • State vs. Civilian • State vs. State
2
Cyber Attacks • The Prussian philosopher Karl von Clauswitz observed: "Every age has its own kind of war, its own limi9ng condi9ons and its own peculiar preconcep9ons." • We live in an age of TECHNOLOGY focused warfare
3
De;inition • Cyber A7acks: computer-‐to-‐computer a7ack that undermines the confidenXality, integrity, or availability of a computer or informaXon resident on it
4
Potential Cyber Attacks • Unauthorized Intrusions • Defacements • Domain Name Server A7acks
• Distributed Denial of Service A7acks
• Computer Worms • RouXng OperaXons • CriXcal Infrastructures • Compound A7acks
5
Critical Infrastructures
• CriXcal infrastructures include gas, power, water, banking and finance, transportaXon, communicaXons • All dependent to some degree on informaXon systems • Insider threat -‐ specialized skills
6
Is the Vulnerability There? • Almost certainly • SCADA (Supervisory Control And Data AcquisiXon) done over IP/Windows these days
• Developers not used to a hosXle environment • Labor in obscurity
• So just about certain to be plenty of vulnerabiliXes • Machinery trusts its control system to look aber it
7
Internet
Corporate
Scada
Types of cyber warfare • Espionage and na/onal security breaches • Cyber espionage: the act or pracXce of obtaining secrets (sensiXve, proprietary or classified informaXon) from individuals, compeXtors, rivals, groups, governments and enemies also for military, poliXcal, or economic advantage using illegal exploitaXon methods on internet, networks, sobware and or computers
• Sabotage • Computers and satellites that coordinate other acXviXes are vulnerable components of a system and could lead to the disrupXon of equipment
• Denial-‐of-‐service a=ack • A denial-‐of-‐service a7ack (DoS a7ack) or distributed denial-‐of-‐service a7ack (DDoS a7ack) is an a7empt to make a machine or network resource unavailable to its intended users. Perpetrators of DoS a7acks typically target sites or services hosted on high-‐profile web servers such as banks, credit card payment gateways, and even root name servers 8
Stuxnet • Stuxnet, the world's first known “cyber missile”, was designed to sabotage special device almost exclusively in nuclear fuel-‐refining centrifuge systems
• Suspend acXvity on enriching uranium
9
Recent cyber attacks • 15 banks offline for a total of 249 hours (denial of service cyber a7acks). Possibly Iran is behind the a7acks as retaliaXon for an online video mocking the Prophet Muhammad. Intended to interrupt accounts, not to hack informaXon
• Spamhaus listed Cyberbunker as hosXng spam. Cyberbunker retaliated with denial of service a7ack to Spamhaus, causing internet speeds to slow, Neklix being one of the major companies suffering from it.
10
Rules of Cyber Warfare • Tallinn Manual on the InternaXonal Law Applicable to Cyber Warfare analyzes the rules of convenXonal war and applies them to state-‐sponsored cyber a7acks. Created at the request of NATO and is a proposed set of rules for how internaXonal cyber warfare should be conducted
• Wri7en by 20 experts in conjuncXon with the InternaXonal Commi7ee of the Red Cross and the US Cyber Command
• The manual advises that a7acks must avoid targets such as hospitals, dams, and nuclear power staXons in order to minimize civilian casualXes
• It's acceptable to retaliate against cyber a7acks with tradiXonal weapons when a state can prove the a7ack lead to death or severe property damage
• It also says that hackers who perpetrate a7acks are legiXmate targets for a counterstrike (Basically, it’s ok to kill hackers now)
11
“Sample nuclear launch while under Cyber Attack”
12
09/02/2013"
Flame: Last frontier of cyber-‐espionage • “It is a backdoor, a Trojan, and it has worm-‐like features, allowing it to replicate in a local network and on removable media under the control of the Master… Overall, we can say Flame is one of the most complex threats ever discovered.” Aleks Kaspersky Lab Expert
• Probably acXve since 2010 • Steals passwords, screenshots, chats, files, explores and leverages Bluetooth devices in the neighborhood, streaming from webcams and microphones, infects local networks
• Replicate using the Windows • Update Service • It required to find MD5 collision, an enXrely new variant of the previous chosen-‐prefix collision a7ack
• An esXmated effort of 200,000 Sony PS3
13
FLAME • It consists of serng up a duplicate port to tap in to monitor ISP customer’s traffic. Normally it’s a 2U (two-‐unit) PC that ran a mirrored Ethernet port to
• It’s a li7le box in the systems room that captures all the traffic to customers; everything they were sending and receiving
14
PRISM
15
PRISM
16
Relevant Expertises
17
Network security, Network ops,
Cryptography, IDS, Vulnerability Asessment DDOS, worm defense
Military Strategy, Military History
Economics, Management Science,
OrganizaXonal Psychology
No-‐one is an expert in all of these…
“The Perfect Attack” • You may be inclined to laugh when you hear me say this, but spam is, in many ways, the “perfect cyber warfare weapon”
• Heck! I’m pre7y sure that most of you don‘t even believe that spam is a weapon. Spam is a low intensity, diffuse, and persistent “annoyance,” and not a sudden, high intensity, concentrated and dramaXc frontal a7ack. So how could such a “trivial” thing be an “a7ack?” Wouldn’t we know it if we were being a7acked?
• Maybe not. Because we’ve been suffering from spam for thirty years now, and because spammers have only gradually “turned the heat up over Xme,” we’ve all become accustomed to spam, and we’ve all gradually developed an increasing tolerance for more and more and more of it.
• Most of us don't even have a sense of how much spam is actually being sent out there – do you? 18
<== 200 BILLION Spam/day
<== 11.4% Legi/mate Email
19
Impact of a Cyber War
20
2Copyright 2003 – 2007 All Rights Reserved
INTELLIGENCE BRIEFING
Impact of a Cyber War
0 1 2 3 4 5
Physical Impact
Social Impact
Political Impact
Financial Impact
Low Medium High
The political falloutof a cyber attack willbe high, but this willpale in comparisonto the financial andeconomic impact!
The financial and economic impactcould be as highas $30 billion a day!
Cyber Media Warfare
21 One can only imagine the psychological impact on the viewers that witnessed this prank. The TV channel CT2 said that they received franXc phone calls from viewers who thought a nuclear war had started.
h7p://www.youtube.com/watch?v=MzaN2x8qXcM
Think About This • What if the Internet went away: • For a day • A week • A month
• No eMails • No BlackBerrys • No eCommerce
22 Virtual business services of all sorts, accoun/ng, payroll and even sales would come to a halt, as would many companies.
Modern weapons economics
23
$1.5 to $2 billion
$80 to $120 million
What does a stealth bomber cost?
What does a stealth fighter cost?
$1 to $2 million What does an cruise missile cost?
$300 to $50,000 What does a cyber weapon cost?
Find the weapons facility
24
Nuclear weapons facility Cyber weapons facility
Where’s the cyber weapons facility?
Questions?
25
? ? ? ? ? ? ?
? ?
