There is a global war already taking place today. We simply have yet to acknowledge it. Our banks are under attack, our public utilities are at risk and the internet is being used more and more for political purposes, both bad and good. Cybercriminals blazingly brazenly brag their accomplishments and thumb their noses at authorities around the world. Governments are struggling with controls that are either too permissive or too restrictive.
Join us in an important discussion of the state of the state of Cyber(x) as we explore issues and peer into the future. Find out what the “bad guys” are up to, and what the future holds.
7. The Problem(s)
“there are 250,000 probes or attacks on US
government networks per hour or 6 million a
day from at least 140 foreign spy
organizations”
Lt. Gen. Keith Alexander at the 2010 G2
Summit
8. Cyber Espionage
• Espionage:
– the systematic use of spies to obtain secret
information, especially by governments to
discover military or political secrets
10. “The Chinese “are the world’s most actrive
and persistent perpetrators of economic
espionage,” the report by the Office of the
National Counterintelligence Executive
(NCIX) said, and Russia’s intelligence
services are a second major culprit”
Booze-Hamilton on Cyber Espionage
11. “China’s economic espionage has
reached an intolerable level and I
believe that the United States and our
allies in Europe and Asia have an
obligation to confront Beijing and
demand that they put a stop to this
piracy.”
U.S. Rep. Mike Rogers, October, 2011
12. “It is unprofessional and groundless to
accuse the Chinese military of
launching cyber attacks without any
conclusive evidence.”
Chinese Defense Ministry, January, 2013
15. South Korea on alert after hackers strike
banks, broadcasters
The biggest attack by Pyongyang was a 10-
day denial of service attack in 2011 that
antivirus firm McAfee, part of Intel Corp,
dubbed "Ten Days of Rain" and which it said
was a bid to probe the South's computer
defenses in the event of a real conflict.
17. SCADA Attacks
• Foreign hackers broke into a water plant
control system in Springfield last week and
damaged a water pump in what may be
the first reported case of a malicious cyber
attack on a critical computer system in the
United States, according to an industry
expert.
Nov. 18, 2011 Washington Post
18.
19. What about the Rhetoric
• Inflammatory
• Escalating
• Sabre Rattling
• Military Industrial Complex
• Sensationalism v Journalism
• 24 hour News Cycle
22. Bank Attacks
Evidence collected from a website that was
recently used to flood U.S. banks with junk
traffic suggests that the people behind the
ongoing DDoS attack campaign against U.S.
financial institutions -- thought by some to be
the work of Iran -- are using botnets for hire.
Lucian Constantin in Computerowld, January 9, 2013
23. Bank Attacks
Six leading U.S. banking institutions were hit
by DDoS (distributed-denial-of-service)
attacks on March 12, (2013) the largest
number of institutions to be targeted in a
single day, says security expert Carl
Herberger of Radware.
March 14, 2013 Bankinforsecurity.com
24. Identity Theft
Approximately 15 million United States
residents have their identities used
fraudulently each year with financial losses
totaling upwards of $50 billion. (Identity
theft.info)
28. More on Hactivism
• Anonymous Hacks FBI Cybercrime Conference Call
• Symantec Sees pcAnywhere Extortion Shakedown
• Hackers Target U.S. Banks Over Anti-Muslim Film
• Aaron Swartz Suicide
29. How Are They Getting In?
• Phishing Attacks
• Unpatched Machines
– OS
– Third Party Apps
• Insiders
• IDS/IPS Bypassed
30.
31. What Can We Do?
• Security Gap
• Awareness
• Technological Solutions
32. The Security Gap
• The place between where we are and
where the bad guys are.
• How do we narrow the gap?
• What will it cost?
• Can we do it?
42. AWARENESS
• WAKE UP!
• Get the C-Suite Involved
• Take Responsibility
• Be Part of the Solution, Not the Problem
43. Training the Up and Comers
• CCDC
• STEM
• Professional Associations
• Mentorship
44. Order v Chaos
• Governance
• PP&Ps
• Control Mechanisms
• Risk Management
• Testing, Monitoring and Evaluation
• Review and Renew
45. Summary
• The problems are many and complex
• The solutions are just as much a challenge
• Government only become more involved
• Privacy laws need to be revisited
• Comprehensive legislation must be
passed
There is a global war already taking place today. We simply have yet to acknowledge it. Our banks are under attack, our public utilities are at risk and the internet is being used more and more for political purposes, both bad and good. Cybercriminals blazingly brazenly brag their accomplishments and thumb their noses at authorities around the world. Governments are struggling with controls that are either too permissive or too restrictive. Join us in an important discussion of the state of the state of Cyber(x) as we explore issues and peer into the future. Find out what the “bad guys” are up to, and what the future holds.
The purpose of Espionage is not to inflict damage or shut down systems but to gain inside information from other countries undiscovered and continue to do so into the future. So why would the Chinese want to destroy us any more than the Soviets back in the 80s?
This is not new stuff. We act like we are so surprised when we have been involved in this since the beginning. How does this differ than Cold Ware espionage where we and the Soviets constantly tried to open up the other with stolen secrets?
What is new is the extent and depth of the penetrations. There are virtually no secrets left. Anything and everything is open to compromise. The Chinese aren’t the only ones involved in this. They are just very good at it.
One item to discuss here is one that crosses both cybercrime and cyber terrorism lines and that is the recent DDoS attacks against the banking institutions supposedly by Islamist extremists in response to the video on YouTube defaming Allah. While this is on the surface a cyber terrorist attack, it also acts as a great diversion for cyber criminals while they attack and attempt account take overs (ATOs).
SCADA, Supervisory Control and Data Acquisition. Basically a control system for servo motors that control:
Water Treatment
Communications
Flood Control
Power Grid
Transportation Systems
Rail
Air
Shipping
These are the systems that control millions and millions of small PLCs (programmable logic controllers) used to control everything from pumps to monitoring levels of chemicals.
Columbia Nuclear Power Plant, Washington State
Some of this is politically motivated as in disrupting the financial markets as shown byu recent banking DDoS attacks by supposed
This is a picture of the Carna Botnet from 2012. Instructions on how this botnet was established and it’s purpose was to find unsecured embedded devices on the internet (open to port 23 telnet). Through the use of some special scanning techniques, they were able to scan the entire internet in around an hour.
http://internetcensus2012.github.com/InternetCensus2012/paper.html
Recent events such as the release of the Wiki Leaks documents, penetration of the Feb. 6 hack of the Federal Reserve where 4,000 banker names were published by Anonymous.
Start utilizing encryption! Use it whenever and wherever practical. And remember the lifecycle. If you don’t need it, don’t store it, destroy it (properly).
One issue to note is that of the recent DHS US-CERT announced recommendation that users uninstall Java and stop using it. We need to know the boundaries of what the agencies should and should not be doing. These kinds of announcements or endorsements can have wide ranging and possible devastating impacts on business sectors.
Where do they fit in the picture?
Take a copy of this presentation to your upper management folks and shake them real hard!
I am a child of the 60s. One of our sayings was:
If you aren’t part of the solution, you are part of the problem.
We need to look to the future. By the time we have gotten our heads around these problems, a whole new batch of them will crop up and we need to constantly be grooming our replacements. Let’s make Information Security the next “coolest job”.
There is a good reason why the Federal Government imposes so many compliance regulations on high security operations. We operate some of the largest, most complex, and valued networks in the world. And as a result we must be the best at protecting those assets. The only way to do that is with a solid plan, procedures and processes that have been tested, found to be reliable, and can be replicated over and over.