Cyber Warfare Unclassified The Amplified Great Hacker War

October 2011

The views expressed in this presentation are those of the authors (CSFI managers and Paul de Souza, CSFI founder) and do not reflect the official policy or position of any US government agency, department, or service, or any other entity operating under the authorities or statutes of the U.S. government or any other government the U.S. does or does not recognize. This presentation's facts, information, and data contained herein are sourced from the public domain. Logos, slogans, trademarks, service marks, pictures, images, or any other form of intellectual property contained herein is protected from duplication without [proper and legal] consent from the data owner(s) for permission of use.

Every age has its own kind of war.

Carl Philipp Gottlieb von Clausewitz, Military Historian

Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, Melissa education, and Hathaway, perhaps law. Former Senior
Advisor to the Director of National Intelligence (DNI)

Agenda
Introduction to Cyber Security Forum Initiative What is Cyber Warfare? What is the Cyber Battlefield? What are types of Cyber Warfare attacks? Cyber Warfare Organizations Conclusion

What is The Cyber Security Forum Initiative (CSFI) and CSFI-CWD (Cyber Warfare Division)?

Government

Military

Who We Are

Private Sector

To provide guidance and solutions to the private sector in theis to extendof critical civilian networks Our mission protection all over the world with the against cyber warfare related activities, through intent of guarding our cyber freedoms and protecting collaboration with universities, and the information our way of life. security industry.

Our Mission

What is Cyber Warfare?

Simply put, it is warfare waged in cyberspace. FACT: Number of cyber attacks on US government agencies rose to 1.6 billion per month.

The Times.

What is Cyberspace?

Any electronic signal or anything The Holy Grail of the 21st Century that sends, receives or reflects those signals.
(U.S. Air Force definition of cyberspace: Deciphering CyberspaceA New Battlefield)

Growing Dependence on Electromagnetic Spectrum

1975 Frequency Allocation Chart

2007 Frequency Allocation Chart

Why is Cyber Warfare happening?

Warfare is the greatest affair of state, the basis of life and death, the Way to survival or extinction. It must be thoroughly pondered and analyzed.

Sun Tzu, Military Strategist

Why is Cyber Warfare happening?

Information is a key resource (state and non-state actors seek to destroy, corrupt, deny, access, and hide information and information systems) Control of cyberspace (military, economic and political advantage) Severe destructive/disruptive consequences by the use of cheaper non-kinetic cyber weapons Lack of international Cyber ROE (Rules of Engagement) Very little accountability

Cyberspace as a Fighting Domain

Complex, vulnerable and unpredictable Anyone can wage war in cyberspace No geographic boundaries Decentralized and anonymous Immature and rapidly changing Physical impact is hard to be perceived

Peace really does not exist in the Information Age.

Air Force Lt. Gen. Kenneth Minihan, Director, NSA June 4, 1998

International Policy on Cyber Attack

Undeveloped Highly uncertain Ill-formed Lack of oversight

Cyber Threats

National Governments / Foreign intelligence services Terrorists Criminal groups Industrial spies and organized crime Hacktivists Hackers Denial of Service Attacks Bot-network operators or herders Insiders Phishers Spammers Spyware/malware authors

Source: NIST 800-82, "Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control System Security.

Cyberspace is a Natural Conduit for War

Decentralized Privately owned (85% of the internet) No boundaries Globally operated Deregulated Friend and foe traversing the same virtual space Many points of entry Lacks attribution Interdependent Not resilient or secure enough

What is the Cyber Battlefield?

Mapping the Terrain

World Connection Density

World City-to-City Connections

TeleGeograp hy's New Global Internet Map

Fiber-optic Submarine Cable Systems

Satellite Connections

Backbone connectivity lies in the hands of a few major companies.

Internet Users Worldwide June 2008

21.1% of the world population with access to the Internet: 1,407,720,000 individuals online

What are the types of Cyber Warfare attacks?

Cyber attacks on fundamental Internet protocols Kinetic (physical) attacks on high value Internet choke points SCADA attacks Strikes through electromagnetic pulse (EMP) effects

Examples of Cyber Warfare Attacks

The electron is the ultimate guided weapons system.

DrJohn Deutch, Director, CIA June 1996

Examples of Cyber continue Warfare Attacks d

SPAM, 200 BILLION 11.4% asymmetric Spam/day Legitimate economic cyber Email Attacks

Worm viruses created Botnets are used to in 2003 -2006 Worm attacks go back to the attack the compromise U.S. in 1970s ancestor worms which 2008 and which computers2009 via are highly evolved andAttacks Botnet become members of sophisticated today. Attacks). the(DDOS farms. Botnet

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

Cyber Attack Evolution

2005: Titan Rain Hackers in Internet

Mafias like the Russian Business August 13, 2006: China attack computers in Network (RBN) Botnet Herders the U.S. Attacks of this nature areproliferate their reign on still attack Microsoft wormhole. continuing even today. the web.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

Early Attacks 2005-2006

April May 2007: Estonia came September 2007: Storm Botnet under cyber 7, January attack in2007: 1 million computers remotely the wake of controlled network of zombie Multi stagecomputers (or "Botnet") that has Botnet relocation of the Bronze linked by the Storm Worm, been Soldier of a Trojan horse spread through attack one-mail spam. E-bay. Tallinn.

20 0

20 0

20 0
2007

20 0

20 0

History of Cyber Attacks |

November 12, November 7, 2007: FBI 2007: RBN disappears fromFBI Internet. June 13, 2007: the a second has However, their comeback is operation called Bot operation called reported as The FBI goes Roast. 3 times as large and is II Bot Roast a viable Internet Mafia today. after Botnet farms. Crackdown.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

FBI Goes After Botnets 2007

November 30: August 27: NASA confirmed Pentagon computers were that a worm was discoveredhacked by computer hackers the on laptops on suspected of International Space Station. working from Russia.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

2008 U.S.

December 27, 2008: 2008:25, 2008: November 27, Arabic hackers December Mumbai Terror August: Mumbai, India attackIndias largest 24, 2008: Attack, Georgian andand Israeli government the December bank, Azerbaijani Pakistan group result of civiliansites wereas a defaced Several Bank attacked State government-run websites of India was Israel launching the Indian2008 on websites in duringhacker group by hackers India and strikes hacked by thePakistan military Eastern the Hamasfrom defaced. SouthRailway Pakistan. haveOssetiaWebsite. been War. Infrastructure.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

2008 International Attacks

April, 4, 2009:Reports surfaced thatBotnet, May 4, 2009: Researchers hijack and South July 2009: Attacks were against U.S. China Korea governments, attacker hour. 2009 score 56,000 passwords Duringand financial July 14, 2009:hadnews in anhas defaced January 8,15,An infiltrated the U.S. and Russia 2009: media, the The June 2009: Israeli students websitesseries left behind cybergood developedBotnet wasof coordinated embassy in Torpigthe program of Turkey's software electrical grid and hijacked network using a website that allows Israeli Iranian election spy by the attacks March 28, 2009: Ghostneta cyberprotests, foreign by servers supposedlydays earlier controlledbefore mainly ten launched be North Korea; however, citizens computers behindused toattacks note guys evidence hasChina has tapped into classified programsandactivistsbethat pro-China the China that could seeking to disrupt for based in revealed this yearhelp were left to a that by documents from government and private organizations in an its103 opposition engagedworkedand and UK Israeli theout ofissuedvia computers fromtook a the system, countries update through controllersincluding that to DDoSProas Hacker Miami an in current the according targets attacks launched two groupthe computers of Tibetan countries, former exiles,but China diplomatic spat. national Iran'sWebsites. against security officials. Hamas Botnetunknown. thedenies the claim. with attribution government. being back.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

Cyber Attacks 2009

July 14, 2009: DDOS ATTACK Botnet Code had the following characteristics:

This attack used a version of My Doom which first surfaced January 26, 2004. Contained backdoor functionality on the zombified computer. Contained logic bombs. Deleted network analysis tools on the zombified system. It is reported that the code was complied on July 3 and then released. Since there were many sites being attacked, the motive could have been to make a statement rather than for extortion.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

July 4, 2009 DDOS Attack

April 23, 2009: DOD reports the theft of F-35 Data reportedly terabytes of data stolen over the Web.

20 0

20 0

20 0

20 0

20 0

History of Cyber Attacks |

Hack Highlight 2009

Insurgents Compromis e U.S Drones

$26 off-the-Helf software was used by the insurgents to intercept live video feeds Russian software SkyGrabber and others

China Attacks on Google

34 American companies were compromised including Google Intellectual property was stolen China denies being involved in the attacks Zero Day attack on IE 6

Who Defends What?

U.S. Cyber Defense Responsibilities

0.85

0.15

85% of Internet is privately owned.

What is the Impact of Cyber Warfare?

The financial and economic impact could be as high as $30 billion a day!

Cyber Weapons
Low cost to develop Raw materials are not restricted and commonly available Launched from anywhere in the world It can strike at the speed of light

Modern Weapons Economics

What does a stealth bomber cost?

$1.5 to $2 billion

What does a stealth fighter cost?

$80 to $120 million

What does a cruise missile cost?

$1 to $2 million

What does a cyber weapon cost?

$300 to $50,000
Source http://www.technolytics.com/

Find the Weapons Facility

Nuclear Weapons Facility Cyber Weapons Facility

Wheres the Cyber Weapons Facility?

Source http://www.technolytics.com

Cyber Weapons Capabilities Growth

Who Runs the Show?

.MIL .GOV .COM

?
Lieutenant General Keith B. Alexander, USA, Director, National Security Agency/Chief, Central Security Greg Shaffer, USA, DHS Assistant Secretary for Cybersecurity Howard Schmidt, USA, Cyber Czar Cyber Security Coordinator

What can I do to help?

Stay informed. Join CSFI on LinkedIn. Great resources to stay updated on the latest threats and tendencies in cyberspace, without being overwhelmed: F-Secure: http://www.f-secure.com/en_EMEA/security/security-lab/latest-threats/security-threat-summaries/2009-2.html US-CERT:
http://www.us-cert.gov/cas/tips/

CSFI-CWD Recommends

Questions?