Upload
bill-hagestad-ii
View
54
Download
11
Embed Size (px)
Citation preview
Red-‐DragonRising.com©
Red-‐DragonRising.com©
S4x15 – Miami, FLA
Red-‐DragonRising.com©
從概念到現實
Why China or Iran Would Target US NaHonal CriHcal
Infrastructure (NCI)…
Red-‐DragonRising.com©
Cyber Extremes…
-‐19F MN
+88F FL
Red-‐DragonRising.com©
LTCOL (RET) William Hagestad II MSc Security Technologies
MSc Management of Technology www.red-‐dragonrising.com
hagestadwt@red-‐dragonrising.com
This session will focus on the diplomaHc, intelligence/informaHon, military and economic reasons for targeHng US NCI by both the People's Republic of China and the Islamic
Republic of Iran. Experience level of compromise capabiliHes, moHvaHons and
indicators of compromise (IOC) differ yet the exigent circumstances remain constant, infrastructure in America is
threatened by cyber acHons of both China and Iran. Learn be\er what each naHon state will target, why and the
duraHon during this session.
UNCLASSIFIED
Red-‐DragonRising.com©
h\p://www.chinadailyasia.com/news/2015-‐01/16/content_15215054.html
Red-‐DragonRising.com©
“21st Century Chinese Cyber Warfare”
“二十一世紀中國網絡戰”
ISBN: 9781849283342
取締中華人民共和國
Red-‐DragonRising.com©
ISBN: 978-‐1482577105 ISBN: 978-‐1493771974 ISBN: 978-‐1496080875
Red-‐DragonRising.com©
This isn’t SCADA Security 101…
China & Iran View: Security Biggest Issue for U.S.
Infrastructure… Cyber & Physical/KineHc VulnerabiliHes…
網絡攻擊美國電網
积极应对信息安全挑战 做好智能电网的主动防御 h\p://www.c114.net/news/16/a874752.html
حمله سایبری ایران به سیستم برق آمریکا
حمله سایبری امریکا شبکه برق
Red-‐DragonRising.com© The New York Times Company
Nor is this about North Korea & a\ribuHon…
Red-‐DragonRising.com©
Red-‐DragonRising.com©
New York 40° 44’ 39’’ N 2010-‐10-‐13 lst 0:04
h\p://op-‐talk.blogs.nyHmes.com/2014/12/15/what-‐our-‐skies-‐would-‐look-‐like-‐without-‐city-‐lights/?
São Paulo 23° 33’ 22’ S 2011-‐06-‐05 lst 11:44
Tokyo 35° 41’ 36’’ N 2011-‐11-‐16 1st 23:16 Los Angeles 34° 06’ 58’’ N 2012-‐06-‐15 lst 14:52
Red-‐DragonRising.com©
Cyber Threat Motive Targets of Opportunity Methodologies Capabilities
Nation States ~ Peace Time
Economic, Military, National Secrets, Political
Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure
Military & Intel specific cyber doctrine, hacktivists
Asymmetric use of the cyber domain short of kinetic
Nation States ~ War Time
Economic, Military, Political
Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure
Military & Intel specific cyber doctrine, hacktivists
Asymmetric use of the cyber domain including kinetic
Cyber Terrorists & Insurgents Political Infrastructure, Extortion and
Political Processes
Combination of advanced persistent threats (APT)
Developing – will be a concern in 2012
Cyber Criminals – Grey & Black
Markets Financial
Intellectual Property Theft, Fraud, Theft, Scams, Hijacked Network & Computer Resources, Cyber Crime for Hire
Exploits, Malware Botnets, Worms & Trojans
Cell-based structure as an APT
Criminal Organizations – RBN Financial Use of above with
distinct planning Highly professional, dangerous
Rogue Organizations – Anonymous,
LulzSec
Financial Military, National Secrets, Political
Intellectual Property Theft, Direct & Indirect pressure on OGA Resources
Organic hacking capabilities unsurpassed
Organized yet de-centralized
Adversary Taxonomy
Red-‐DragonRising.com©
جمهوری اسالمی ایران
Red-‐DragonRising.com©
آشنایی با جنگ سایبری
Red-‐DragonRising.com©
IntroducHon to Cyber ��War
آشنایی با جنگ سایبری
Red-‐DragonRising.com©
Iran Needs DomesHc Cyber Defence Model
h\p://iranmilitarynews.org/2012/10/
Deputy Chief of Staff of the Iranian Armed Forces for Basij and Defense Culture ~
-‐ Brigadier General Massoud Jazayeri
Red-‐DragonRising.com©
Label Timeframe Purpose Target NaHon State Responsible
NaHon State Affected
Stuxnet 2004 -‐ 2007
Cyber / Physical DestrucHon
Iranian Nuclear Facility @ Natanz
US & Israel Islamic
Republic of Iran
Duqu 2007 – 2011
Cyber Counter Intelligence
Industrial Control Systems
US & Israel …Taiwan – Republic of
China
MulHple…
Flame 2009 -‐ 2012
Cyber reconnaissance/
cyber data exfiltraHon…
Cyber espionage
Middle Eastern computer systems
US & Israel
Iran, Lebanon, Syria, Sudan, Occupied
Territories of Israel
Gauss 2011 -‐ 2012
Cyber surveillance / Banking Trojan
Middle Eastern Banks Unknown
Lebanon, CiHBank & PayPal
Batch Wiper
2012 Cyber DestrucHon Iranian Oil Infrastructure US & Israel
Islamic Republic of
Iran
Weaponized Malware
Red-‐DragonRising.com©
America Might Resort to Cyber A\acks Including Physical AcHons
فاوا نیوز : آمریکا: شاید به حمالت سایبری برای مقابله به اقدام فیزیکی متوسل شویم
Red-‐DragonRising.com©
Iran is One of Top Five Cyber Forces in the World
ایران جزو پنج قدرت سایبری جهان است
Red-‐DragonRising.com©
Iran’s Sox War "probability of cyber a\ack impacHng
physical world @ naHonal or global level rapidly increasing.”
h\p://iran-‐Hmes.com/iran-‐ups-‐cyber-‐war-‐stakes/
جنگ ناهمگون طراحی شده است Heterogeneous War
Red-‐DragonRising.com©
نوشته و طراحی میشوند، شیوههای نسبتاً ارزان و برای ضربه زدن به آمریکا هستند
”cyber weapons such as malware and malicious soxware is wri\en and designed by hackers, the
methods are relaHvely inexpensive and easier to hit America with… (sic).”
Red-‐DragonRising.com©
حمله سایبری ایران به سیستم برق آمریکا
“Iran’s ABILITY TO CONDUCT cyber a\ack on America Electric Power Systems”
Red-‐DragonRising.com©
آماده سازی سایبری ایران از میدان جنگ Iranian IPB…Cyber Ba\lefield Prep
بدانید اختالل عملکرد دولت ایاالت متحده سایبر
Know US Government Cyber DysfuncHon:
Commercial sector standards mandated by the state of America in the field of security and inadequate government efforts to dicta:ng the way companies manage to know that the private sector in industries such as parts of the communica:on, financial, or Transit managing…
برق شبکه حمالت سایبری
Cybera\acks on Network ElectrificaHon: AAacks aimed at disrup:ng and nega:ve effects on na:onal security, economic and civic America. 'cyber weapons such as malware and malicious soDware is wriAen and designed by hackers, the methods are rela:vely inexpensive and easier to hit America…
Red-‐DragonRising.com©
ترکیب فیزیکی و الکتریکی حمله Combine Physical & Electric A\acks
قابلیت های هوش امریکا را در مورد سایبری ایران بسیار آسیب پذیر به حمالت سایبری
America's intelligence capabiliHes about Iranian Cyber very vulnerable to cyber a\acks
آماده سازی سایبری ایران از میدان جنگ Iranian IPB…Cyber Ba\lefield Prep
Red-‐DragonRising.com©
ضربت سایبر فرماندهی سایبر در امریکا
America's Cyber ��Task Force & Cyber ��Command
Red-‐DragonRising.com©
بردارهای حمله به سیستم های کنترل جنگ سایبری مهمترین ابزار جنگ نامتقارن ایران خواهد شد
Cyber ��warfare will be the primary means of asymmetric warfare
Red-‐DragonRising.com©
بردارهای حمله به سیستم های کنترل صنعتی
آمریکا
A\ack Vectors into American Industrial Control Systems
Red-‐DragonRising.com©
امنیت فناوری اطالعات - اخبار آموزش اطالع رسانیامنیت فناوری اطالعات |
اخبار آموزش اطالع رسانی
کشف آسیب پذیری هایی در ابزار خط فرمان
“discovery of vulnerabiliHes in the command line”
h\p://www.certcc.ir/index.php?module=cdk&func=loadmodule&system=cdk&sismodule=user/content_view.php&cnt_id=15660&ctp_id=19&id=3659&sisOp=view
Red-‐DragonRising.com©
امنیت در سیستم عامل های یونیکس و لینوکس
h\p://entekhab-‐book.com/-‐-‐3517.html
این کتاب،به عنوان یک مرجع در زمینه امن سازی یونیکس و توزیع های لینوکس مورد استفاده قرار می گیرد.هدف از تالیف این کتاب آشنایی
بیشتر کارشناسان و مدیران فناوری اطالعات با آسیب پذیری های موجود در سیستم های عامل کد باز(یونیکس و لینوکس) است.همچنین راه
کارهای مقابله با این نوع آسیب پذیری ها که موجب بروز حمالت مختلف بر علیه این نوع سیستم های عامل می شوند،در قالب فصل های این کتاب بررسی و ارائه می گردد.راهبر سیستم های یونیکسی و لینوکمی تواند با
کمک این کتاب،اقدام به امن سازی سرورها و سامانه های امنیتی مبتنی بر این نوع سیستم ها مناید تا در مقابل انواع حمالت متداول و غیر متداول ایمن گردد.مباحث ارائه شده در این کتاب،همسو با دوره های عمومی
موجود در زمینه امن سازی سیستم های عامل یونیکس و لینوکس است و مطالب آنها را پوشش می دهد.
“vulnerabiliHes in open source operaHng systems (UNIX and
Linux)”
Red-‐DragonRising.com©
Buffer و SQL Injection حمالت Overflow
h\p://www.ecg-‐pnum.ir/~871295433&i=2088
تکنیک های توسط هکر SQL injection مراحل اجنامStages of SQL injecHon by an Iranian Hacker
Red-‐DragonRising.com©
برچسبها: پایتون, برنامه نویسی,
نرم افزار زبان برنامه -‐ Python v3.3.1 [نرم افزار] دانلود نویسی پایتون
h\p://train.ashiyane.ir/ h\p://p30download.com/tag/python
Red-‐DragonRising.com©
لینوکس و یونیکس FTP آسیب پذیری
Red-‐DragonRising.com©
گوگل یک آسیب پذیری مربوط به ویندوز Project Zero تیم
۸٫۱ را منتشر کرد
Red-‐DragonRising.com©
Iranian Hackers Learn from China’s Success…vs America
ورود هکرهای چینی به آمریکا ممنوع h\p://ashiyanehack.ir/post/348
ورود هکرهای چینی به آمریکا ممنوع
Red-‐DragonRising.com©
Iran Hacking US NCI? Not yet…
Why you might ask? 1. Hacking cadres not ready…yet… 2. Learning from American Open Sources for
h@cking – Google, etc… 3. Watch Chinese Government and disrupHon of US
business…sincerest form of fla\ery…”Disrupt Google”
4. US financial system is priority target…deny, destroy degrade SWIFT system…
5. Hacking cadres under IGRC control confused over Iran’s naHonal intent…
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Red-‐DragonRising.com©
网络空间安全新趋势
Red-‐DragonRising.com©
中國人民解放軍 1949 InformaHon Warfare (IW)
毛泽东 Mao Tse-‐Tung
Red-‐DragonRising.com©
Red-‐DragonRising.com©
1999 -‐ 超限战 “War Without Limits”… “Unrestricted Warfare”…
A\acking Adversary’s Electrical Grid …Create CondiHons Favourable for Military…
Use chaos in targeted country to China’s advantage
Red-‐DragonRising.com©
超限戰 ~ “Chāo xiàn zhàn” “…all-‐out warfare using all forms of warfare, both kineHc
and non-‐kineHc…” Key non-‐kineHc form of warfare advocated by PLA authors :
“network warfare” … … a\acking networks supplying electrical power…
超限戰
Red-‐DragonRising.com©
”Chinese military urgent to enhance capability of winning IT-‐based warfare”
h\p://eng.mod.gov.cn/DefenseNews/2015-‐01/07/content_4562902.htm
中國軍方迫切需要提高打贏能力的IT化戰爭
07 JAN 2014 ~
Major General Zhu Chenghu, professor of the NaHonal Defense University (NDU) of the Chinese People's LiberaHon Army (PLA)…
Red-‐DragonRising.com©
中国有能力瘫痪美部分电网
“China has the ability to paralyze the US electrical grid…”
China’s Military News…
2014-‐11-‐01
h\p://news.qq.com/a/20141121/020147.htm
Red-‐DragonRising.com©
中国法律禁止黑客攻击等破坏互联网安全的行为,中国政府坚决打击相关犯罪活动。
“Chinese law forbids hacking a\acks and other acts of sabotage
relaHve to Internet security…”
“Chinese
government resolutely strives to
combat cyber related criminal
acHviHes”
Red-‐DragonRising.com©
中國黑客 …
Red-‐DragonRising.com©
Red-‐DragonRising.com©
国防部:中国军队从未支持过任何黑客活动
PLA announcement of China Cyber Command taken off
Chinese web….
Red-‐DragonRising.com©
Red-‐DragonRising.com©
信息化條件下作戰的發展
“Combat Development Under CondiHons of InformaHzaHon”
胡晓峰教授 孟祥青教授 Professor Hu Xiaofeng Professor Meng Xiangqing
h\p://blog.sina.com.cn/s/blog_4b46cda30100e5dh.html
Red-‐DragonRising.com©
“Cascade-based attack vulnerability on the US power grid”
2009…Jian-Wei Wang, Li-Li Rong
h\p://www.sciencedirect.com/science/arHcle/pii/S0925753509000174 h\p://www.nyHmes.com/2010/03/21/world/asia/21grid.html?pagewanted=all&_r=0
對美國電網級聯型攻擊漏洞
Red-‐DragonRising.com©
大約50%的 電腦網路安全 問題是由 軟體工程 中產生的安全缺陷引起的,其中,很多問題的根源都來自
於操作系統的安全脆弱性
“50 percent of computer network security problems are caused by soxware engineering safety defects, in which many of the root causes
of the problem comes from the operaHng system security vulnerabiliHes”…US ICS CERT….
h\p://bigmachine.myweb.hinet.net/soluHons.htm
極錦資訊有限公司=Big Machine InformaHon
Red-‐DragonRising.com©
攻擊媒介進入控制系統 A\ack Vectors into Control Systems
惡意代碼(malicious code)
h\p://www.aqniu.com/infosec-‐wiki/827.html
惡意代碼的分類 ClassificaHon of Malicious Code
惡意代碼的特征 CharacterisHcs of Malicious Code
Red-‐DragonRising.com©
病毒(Virus):很小的应用程序或一串代码,能够影响主机应用。两大特点:繁殖(propagaHon)和破坏(destrucHon)。繁殖功能定义了病毒在系统间扩散的方式,其破坏力则体现在病毒负载中。 特洛伊木马(Trojan Horses):可以伪装成他类的程序。看起来像是正常程序,一旦被执行,将进行某些隐蔽的操作。比如一个模拟登录接口的软件,它可以捕获毫无戒心的用户的口令。可使用HIDS检查文件长度的变化 Rootkit(Root工具):是攻击者用来隐藏自己的踪迹和保留root访问权限的工具 逻辑炸弹(Logic Bombs):可以由某类事件触发执行,例如某一时刻(一个时间炸弹),或者是某些运算的结果。软件执行的结果可以千差万别,从发送无害的消息到系统彻底崩溃。 蠕虫(Worm): 像病毒那样可以扩散,但蠕虫可以自我复制,不需要借助其他宿主 僵尸网络(Botnets):是由C&C服务器以及僵尸牧人控制的僵尸网络。 间谍软件(Spyware ):间谍软件就是能偷偷安装在受害者电脑上并收集受害者的敏感信息的软件。 广告软件( Adware):自动生成(呈现)广告的软件。
h\p://www.ccw.com.cn/arHcle/view/77164
各种恶意软件包括:
Chinese hackers code in Chinese and execute advanced a\acks
Red-‐DragonRising.com©
China will gain strategic data from the US power grid, informaHon used to launch cyber a\acks against the infrastructure of the United States in the future.
中国可能获得美国电网的战略数据,它们可能在未来被用于发动针对美国基础设施的网络攻击。
h\p://mil.news.sina.com.cn/2014-‐07-‐11/1118789737.html
《战略评估2013》
Red-‐DragonRising.com©
“破壳”漏洞的披露
Take Advantage of the Broken Shell Vulnerability h\p://security.zdnet.com.cn/security_zone/
2014/1024/3037227.shtml
Red-‐DragonRising.com©
Chinese wouldn’t… ….they could in limited a\acks to cause cascade effect…bring secHons of US CriHcal Infrastructure under extreme stress… …Use Chinese malware to maximize destrucHon – virtually undetectable… …Use ICS-‐CERT self-‐announced vulnerabiliHes as avenues of compromise…we patch everything on Hme, correct?
Why Would China Hack US NCI?
But why would Chinese compromise US CriHcal Infrastructure?
Would they?
Red-‐DragonRising.com©
When they feel the US is weakest the Chinese will indeed a\ack tacHcal weaknesses for maximum strategic
gain…
Red-‐DragonRising.com©
你會說中國普通話... ...嗎?
看看發生了什麼事!
Red-‐DragonRising.com©
Red-‐DragonRising.com©
@RedDragon1949 h\p://www.linkedin.com/in/RedDragon1949
Red-‐DragonRising.com
Red-‐DragonRising.com©
William T Hagestad II Red Dragon Rising RedDragon1949
Red-dragonrising.com