Introductory presentation from a NATO Advanced Training Seminar in Kiev, Ukraine back in 2010. The seminar was titled CYBER TERRORISM PREVENTION & COUNTERACTION.
If this Giant Must Walk: A Manifesto for a New Nigeria
Capabilities of Cyber-Trerrorists - IT infrastructure and associated risks, Hypothetical situations and actual incidents - Kiev 2010
1. NATO Advanced Training Seminar
CYBER TERRORISM PREVENTION &
COUNTERACTION
Kiev, Ukraine September 27-29, 2010
2. About
Cristian Driga - Attorney at Law, Executive director at
Computer Crime Research Centre (NGO), Romania
Main practice areas:
Computer Crime & Electronic Evidence
Special interests: public policy, raising public & legal
professionals awareness in the fields of computer security,
computer crime and electronic evidence.
http://en.criminalitate.info http://www.driga.ro
contact@criminalitate.info
3. CAPABILITIES OF CYBER-TERRORISTS
IT infrastructure and associated risks
Hypothetical situations and actual incidents
NATO Advanced Training Seminar – Kiev, Ukraine 2010
4. A world depending on computers
Computers & networks span all over the critical
sectors of our lives
State and government, Military, Business &
Banking, Health, Transportation, etc.
Communications
Life support systems & Energy systems
The Internet as an invaluable source of
information and as a global collaboration tool
Education and Research, Business, etc.
5. New roles for computers everyday
Technical advancement and miniaturization
brings new roles for computers in our lives
Computerized cars
Electronic national ID cards
Medical devices, including pacemakers
Internet becomes more and more the primary
information carrier in all areas
Phone conversations are moving to the web
Same with Television & Radio
...all inter-connected and communicating
6. IT infrastructure & Security
Confidentiality
Integrity
Availability
Authenticity
7. Our IT Infrastructure – Our Risks
No computer system is 100% secure
Intended usage vs. missuse
Technical risks
Software related security problems
Hardware related problems
External risks
Network connectivity
Service providers
8. Our IT Infrastructure – Our Risks
Internal risks
Organizational policies
Insider threat
Complexity of technology and lack of education
in operating IT in a security aware way
The Politics
Political and legal issues
Online safe-havens
Lack of uniform legislation and cooperation
9. Cyber-Terrorism?
Many definitions
politically motivated hacking operations intended to
cause grave harm such as loss of life or severe
economic damage
unlawful attacks and threats of attack against
computers, networks, and the information stored
therein when done to intimidate or coerce a
government or its people in furtherance of political
or social objectives
10. Cybercrime?
Also many definitions
But more in the way of an unified legal
definition at international level
includes attacks against computers and networks to
disrupt processing
also includes an "espionage" part of illegally
accessing computer systems and data and making
unauthorized copies of private or classified data
12. Their Infrastructure – Our Risks
Cybercrime is continuously evolving:
New and sophisticated tools
Successfull infection and control of millions of
computers
Proven attack, disruptive and espionage capabilities
Improved methods of avoiding tracing and justice
13. Their Infrastructure – The Network
The Internet
As an information exchange medium between
cybercriminals and as a training environment
As medium for collaboration and procuring tools to
commit cybercrimes
As carrier for the attacks and computer virus
infections
As an annonimization tool
14. Botnets
armies of civilian and institutional computers
infected with trojan viruses
capable of executing commands sent by the
botmaster
stealing information (i.e. passwords, credit card
information, etc.)
providing remote access to the infected computer
(and sensitive information)
sending SPAM
attacking other computers and networks
15. How are botnets controlled?
Various methods difficult to trace and disrupt
Listenting to an IRC chat room on the Internet
Periodically reading certain Internet addresses
Listening to messages sent by the botmaster on
social media sites like Twitter, etc.
Almost never contacted directly.
17. Automatic infection
Common infection techniques
Malicious code on regular web pages testing the
visitor's browser for unpatched security holes
If a security problem is found, the trojan virus will
install itself silently
Opening an infected file received through email
from a friend's email address.
Opening an infected removable storage (USB pen
drive, for instance)
18. After infection...
Hide themselves into the operating system
Download and install other botnet components
and malicious software
Record keyboard strokes looking for:
email accounts and Facebook accounts login
e-banking accounts login
credit card numbers and associated data
website access login information (FTP accounts) of
people who own a web page
...all automated
19. Automation continued...
Delivery of captured information to the
botmaster on special servers for exploitation
(i.e. Credit card fraud)
A recently improved ZEUS trojan version is
capable of detecting and hijacking the e-
banking session, checking account ballance
and placing automatic transfer orders.
20. More automation...
Automatic login to E-Mail and Facebook
accounts and sending apparently legitimate
emails to friends and contacts to spread the
infection
Infecting the web pages of the computer owner
(using FTP account login to install exploit packs
on the pages)
21. Famous botnets and exploit packs
Botnets:
Rustock, Storm, Srizbi botnet, Conficker,
Kraken, Cutwail, Mega-D, Nucrypt, etc.
Exploit Packs:
Crimepack, Phoenix, Eleonore, Fragus, Siberia,
Icepack, El Fiesta, Yes Exploit, etc.
22. Powerful and successfull tools
Because of the automation of the whole
process
Easy of use
Millions of infected computers capable of acting
as one giant super-computer
Milions of unprotected users visiting infected
websites
Hard to trace the origins of an attack initiated by
large numbers of computers all over the world
23. More reasons...
Lack of consistent minimal public education on
using the computers and the Internet in a safe
way
Lack of strong computer usage policies for
employees in companies
Because of the existence of the so-called
server safe-havens
24. Safe havens for cybercrime
Countries not willing to cooperate in bringing
cybercriminals to justice
Insufficient national laws not able to criminalize
such computer crimes
Botnets would hardly be possible without the
servers that collect the data stolen and give
commands to the bots
To solve this problem means international
cooperation and unified legislation.
Politics at its best.
25. Money as the link...
In the recent years a new trend has developed:
botnets for hire or rent
One can find on the Internet exploit kits and all
the needed software to create his own botnet
When lacking strong technical skills, one can
hire or rent a botnet
26. Back to Cyber-Terrorism...
Botnet developers are in this business for
money. If terrorists would pay, they've got
themselves a very powerful cyber-weapon.
Organized crime has the money for creating
botnets but they might have other needs (safe
routes for drugs, weapons, training, etc.) which
terrorists are able to provide in exchange for
hiring botnets.
27. Terrorists usage of botnets?
a terrorist group renting a botnet of millions of
computers capable of heavily attacking critical
infrastructure servers and bringing them down
is a real threat
renting a botnet and using it to collect credit
card data to commit credit card fraud is a way
of financing real life terrorist activities
28. Actual incidents?
More evidence of large scale cybercrime
related attacks than of cyber-terrorism incidents
Difficulties in attributing cyber-attacks to
terrorists
However, there is plenty of evidence that
terrorist groups are using the Internet to
conduct their activities and become proficient in
using IT
How long before an actual attack?
29. Reports
One US Congress report mentions Romanian
hackers threatening to shutdown the life
support systems for the National Science
Foundation's Amundsen Scott South Pole‐
Station – but lacked political motivation
A hack into a Queensland Australia sewerage
system, heavily polluting rivers and parks –
proof of devastating effect but no political
motivation
Estonia 2007 – likely to be a cyber-terrorist
attack and surely an example of what could
happen
30. Estonia 2007
Experts from US and NATO helped in recovery
and attempted to discover the source of DDOS
attacks
Evidence pointed to more than one source
(some pointed to Russia and some to other
countries)
No conclusive evidence about the original
source – common opinion: botnets were used
Hard to trace and almost impossible to retaliate
31. Hypothetical situations
The Estonia incident showed that it is possible
to paralyse even web related activities of states
Many daily life aspects take place in
cyberspace and/or depend on IT
Various possible scenarios have been
suggested, in which different critical
infrastructure networks are disrupted by cyber-
attacks
32. Economy related targets
Banks and international transactions
Stock exchange
Businesses and online commerce
May result in loss of confidence
in the economic system
33. Transportation systems
From disruption of traffic lights systems in big
cities
To interference with flight and train control
systems
Would result in accidents, loss of lifes,
and would paralyse transportation
35. Other systems as targets
Military command and control
Emergency systems (112 or the US 911)
Healthcare IT infrastructure
Industrial processes
Experts say these scenarios are possible.
Cybercrime examples confirm the potential.
How do we make them impossible?
36. Thank you!
Cristian Driga - Attorney at Law, Executive director at
Computer Crime Research Centre (NGO), Romania
Main practice areas:
Computer Crime & Electronic Evidence
Special interests: public policy, raising public & legal
professionals awareness in the fields of computer security,
computer crime and electronic evidence.
http://en.criminalitate.info http://www.driga.ro
contact@criminalitate.info