INFOWAR part 3 -- Case Histories & Scenarios
Download
Report
Transcript INFOWAR part 3 -- Case Histories & Scenarios
INFORMATION
WARFARE
Part 3: Cases & Scenarios
Advanced Course in Engineering
2006 Cyber Security Boot Camp
Air Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSP-ISSMP
Assoc. Prof. Information Assurance
Program Direction, MSIA & BSIA
Division of Business & Management, Norwich University
Northfield, Vermont
mailto:[email protected]
V: 802.479.7937
3-1/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Topics
08:00-08:15 Introductions & Overview
08:15-09:00 Fundamental Concepts
09:05-10:25 INFOWAR Theory
10:35-11:55 Case Histories & Scenarios
3-2/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Examples of INFOSEC
Breaches and Failures
Electronic infrastructure growing in
importance
Must expand conception of warfare in the age
of ubiquitous computing
Cases intended to stimulate your imagination
Spans last decade of developments to
provide wide range of examples
VERY FAST OVERVIEW (66 slides in <90
minutes)
3-3/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud
Psyops
Denial of Service (DoS)
3-4/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Data Losses on BU Tapes
2005.02 Citibank loses mag tape in Japan w/
data on 120,000 customers
2005.05 Iron Mountain loses tapes in 4th
incident in 4 months – 600,000 employee
records
2005.02 Citibank loses box of tapes w/ data
on 4M US customers
2006.05 Wells Fargo loses computer w/
unadmitted # of customer records including
SSNs
3-5/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Laptops Losses Compromise
Customer Data
2006.01-03 Ernst & Young debacle
Jan: laptop lost or stolen w/ data for Sun,
Cisco, HP & BP (38,000) employees
Jan: a different laptop stolen from employee’s
car:
IBM employee data
Admitted loss in March
Feb: 4 laptops left in conference room
Stolen by 2 intruders
No details
All computers “password protected” so OK (!)
3-6/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-7/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Industrial Espionage:
Echelon
EU Parliament attacks Echelon (2000.07)
Formed temporary committee to investigate
spy network
Suspicions that Echelon used to intercept
conversations of European businesses
Information might be given to competitors
from Echelon operators
US, Canada, Australia, New Zealand
In 2001.05, report recommend more use of
encryption to defeat Echelon
3-8/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Industrial Espionage in Israel
Israeli Trojan Horse Keylogger
2005.05 Suspicions raised by keylogger software
on PCs
Author found his MS on ‘Net
Someone tried to steal money from his bank
Created by Michael Haephrati – ex-son-in-law
Many companies found infected by same
program – sent data to server in London
2006.03 Perpetrators sent to jail
Michael Haephrati: 4 years
Ruth Brier-Haephrati: 2 years
3-9/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-10/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Penetration: Mitnick
Sept 96 — AP
Kevin Mitnick indicted in Los Angeles
25 count indictment
stealing software
damaging computers at University of Southern
California
using passwords without authorization
using stolen cellular phone codes
Readings about the Mitnick case
Goodell, J. (1996). The Cyberthief and the Samurai: The True Story of Kevin Mitnick—and
the Man Who Hunted Him Down. Dell (New York). ISBN 0-440-22205-2. xix + 328.
Hafner, K. & J. Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier.
Touchstone Books, Simon & Schuster (New York). ISBN 0-671-77879-X. 368. Index.
Littman, J. (1996). The Fugitive Game: Online with Kevin Mitnick—The Inside Story of the
Great Cyberchase. Little, Brown and Company (Boston). ISBN 0-316-5258-7. x + 383.
Shimomura, T. & J. Markoff (1996). Takedown: The Pursuit and Capture of Kevin Mitnick,
America's Most Wanted Computer Outlaw—by the Man Who Did It. Hyperion (New York).
ISBN 0-7868-6210-6. xii + 324. Index.
3-11/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Penetration: DISA Report
1997.03 — EDUPAGE
InfoWar Division of Defense Information
Systems Agency of US
Retested 15,000 Pentagon computers
had warned system managers of
vulnerabilities in previous audit
90% of systems were still vulnerable
Recommended emphasizing response
(immediate shutdown) instead of focusing
solely on preventing penetrations
3-12/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Penetration: Citibank Hack
1998.02 (events started 1994.07)
Vladimir Levin of St Petersburg hacked
Citibank computers
Conspirator Alexei Lachmanov transferred
U$2.8M to five Tel Aviv banks
Admitted to attempting to withdraw
US$940,000 from those accounts
Three other members of the gang pleaded
guilty
Levin extradited 1997.09
3-13/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Citibank -- Conclusion
1998.02 -- Levin sentenced to 3 years, fined
Vladimir Levin convicted by NYC court
Transferred $12M in assets from Citibank
Crime spotted after first $400K theft
Citibank cooperated with FBI
MORAL: report computer crime & help
prosecute the criminals
3-14/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Penetration: 2005
2005.01: Nicolas Lee Jacobsen, 21, charged
with breaking into T-Mobile computers for
more than 1 year
Access to 16.3M customer files
Obtain voicemail PINs, passwords for Web
access to e-mail
Read e-mail of FBI agent investigating his
own case
2005.01: Hackers break into George Mason
University computers
2005.03: 150 applicants to business schools
break into their own records illegally on
ApplyYourself Web site
3-15/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-16/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Data Diddling: Québec
Tax evasion by computer (1997.12)
Québec, Canada restaurateurs
U.S.-made computer program ("zapper")
Skimmed off up to 30% of the receipts
Evaded Revenue Canada and provincial tax
$M/year
3-17/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Data Diddling: LA Gas
Los Angeles gasoline-pump fraud -- 1998.10
DA charged 4 men with fraud
Allegedly installed new computer chips in
gasoline pumps
cheated consumers
overstated amounts 7%-25%
Complaints about buying more gasoline than
capacity of fuel tank
Difficult to prove initially
programmed chips to spot 5 & 10 gallon
tests by inspectors
delivered exactly right amount for them
3-18/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Data Diddling: BOOM!
Employee tried to sabotage nuclear plant in
UK (1999.06)
Security guard
Tried to alter sensitive information
New measures put into place 18 months later
(2001.09)
3-19/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Data Diddling: GOOGLE
Hacking*
GOOGLE used as political ploy (2004.01)
Pranksters engineer Web sites to alter GOOGLE
links and statistics
Linked George W. Bush to bad words
“unelectable”
“miserable failure”
Supporters retaliated with similar ploys against
Kerry
___________
* Term now used to mean using search engines as
part of hacker tool kit
3-20/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-21/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Sabotage? IE vs Navigator
Internet Explorer 4.0 vs Netscape Navigator
(1997.10)
IE 4.0 included features from Plus! for
Windows 95
anti-aliasing function
smoothes large fonts on screen
Reportedly did not smooth fonts in Netscape
Navigator
Allegedly not found to fail in any other
program tested -- but updated Occam’s Razor
states:
Never attribute to malice
what stupidity can adequately explain.
3-22/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Sabotage? MS-MediaPlayer
vs RealAudio
Several reports of software conflicts — 1998.10
Installation of MS-MediaPlayer causes
problems with other media players
MS product takes over file associations
Prevents usability of RealAudio
De-installation switches file associations to
other MS products
MS denied deliberate attack, accuses other
programs of quality problems
[Attila the Hun no doubt accused Europeans
of quality problems, too.]
3-23/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Web Vandalism Classics
CIA (1996.09)
USAF (1996.12)
NASA (1997.03)
AirTran (1997.09)
UNICEF (1998.01)
US Dept Commerce (1998.02)
New York Times (1998.09)
SETI site (1999)
Fort Monmouth (1999)
Senate of the USA (twice)(1999)
DEFCON 1999 (!)
3-24/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
CIA (1996.09)
3-25/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
USAF (1996.12)
3-26/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
NASA (1997.03)
3-27/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
AirTran (1997.09)
3-28/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
UNICEF (1998.01)
3-29/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
US Dept Commerce
(1998.02)
3-30/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
New
York
Times
(1998.
09)
3-31/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
SETI (1999)
3-32/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Fort Monmouth (1999)
3-33/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Senate of
the USA
(1) (1999)
3-34/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Senate of
the USA
(2)
(1999.06)
3-35/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DEFCON (1999.07)
3-36/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-37/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Trojan: Moldovan Scam
1997.11 — news wires, EDUPAGE, RISKS
Pornography seekers logged into
http://www.sexygirls.com (Nov 96-1997.02)
Special viewer program to decode pictures
Trojan program
secretly disconnected modem connection
turned modem sound off
dialed ISP in Moldavia — long distance
Long-distance charges in $K/victim
Court ordered refund of $M to consumers
3-38/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Trojan: Back Orifice
cDc (Cult of the Dead Cow) — 1998.07
Back Orifice for analyzing and compromising
MS-Windows security
Sir Dystic — hacker with L0PHT
“Main legitimate purposes for BO:”
remote tech support aid
employee monitoring
remote administering [of a Windows
network].
"Wink.”
3-39/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Back Orifice — cont’d
Features
image and data capture from any Windows
system on a compromised network
HTTP server allowing unrestricted I/O to and
from workstation
packet sniffer
keystroke monitor
software for easy manipulations of the
victims' Internet connections
Trojan allows infection of other applications
Stealth techniques
15,000 copies distributed to IRC users in
infected file “nfo.zip”
3-40/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Trojan: Linux Backdoor
Linux kernel attacked (2003.11)
Hacker tried to enter backdoor code into
sys_wait4() function
Would have granted root
Noticed by experienced Linux programmers
3-41/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinfo
Psyops
Denial of Service (DoS)
3-42/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Deception: Holiday Inns vs
Call Management
1997.01 -- AP
Holiday Inns uses 1-800-HOLIDAY for
reservations (note the O)
Call Management uses 1-800-H0LIDAY (note the
ZERO
Holiday Inns sued and lost
Other firms have used phone numbers adjacent
to important commercial numbers in order to
capture calls from misdealing customers
Old porn site whitehouse.com (now a respectable
site) used confusion with whitehouse.gov
to trick kids into visit
3-43/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Disinfo: Belgian ATC Fraud
1997.01 — Reuters
Belgian lunatic broadcasting false
information to pilots
Air-Traffic Control caught the false
information in time to prevent tragedy
Serious problem for air safety
Police unable to locate pirate transmitter
Lunatic thought to be former ATC employee
3-44/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Psyops: Motley Fool
1996.03 -- Iomega high-capacity removable disk
drives slammed by false information
America Online's Motley Fool bulletin board
False information
Flaming and physical threats
Caused volatility of stock prices
People who know which way the stock will
rise or fall can make money on the trades
3-45/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Psyops: Pairgain
1999.04: Gary Dale Hoke arrested by FBI
Employee of Pairgain
Created bogus Web page
Simulated Bloomberg information service
Touted PairGain stock
undervalued – impending takeover
Pointed to fake page using Yahoo message
boards
Investors bid up price of Pairgain stock from
$8.50 to $11.12 (130%)
13.7 M shares traded – 700% normal
volume
3-46/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Pairgain – cont’d
Windfall gains & losses by investors
Hoke did not in fact trade any of the stock
himself
Pleaded guilty to charges of stock
manipulation
Sentenced to home detention, probation,
restitution
3-47/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Psyops: Emulex
2000.98: Emulex lost 60% of total share value
Mark Jakob, 23 years old
Fabricated news release
Sent from community college computer
Circulated by Dow Jones, Bloomberg
Claimed profit warning, SEC investigators,
loss of CEO
Jackob profited by $240,000 in minutes
3-48/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Psyops: 4-1-9 Brides
Prospective Brides Needed Money (2004.11)
Russian Yury Lazarev hired women to write
flowery letters to possible partners
Included sexy photographs
3,000 men responded from around world
Attempts to meet met with requests for
money
Visas
Airline tickets
Net profits: $300,000
One year suspended sentence in Moscow
3-49/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cases
Breaches of confidentiality
Industrial Espionage
Unauthorized Access (Penetration)
Unauthorized Modification
Data Diddling
Sabotage, vandalism
Trojan Horses
Deception
Fraud, disinformation
Psyops
Denial of Service (DoS)
3-50/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
History of DoS
1987-12: Christmas-Tree Worm
IBM internal networks
Grew explosively
Self-mailing graphic
Escaped into BITNET
1988-11: Morris Worm
Probably launched by mistake
Demonstration program
Replicated through Internet
~9,000 systems crashed or were
deliberately taken off-line
3-51/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DoS: Mail-Bombing Via Lists
1996.08/12
1996.08 — “Johnny [x]chaotic”
subscribed dozens of people to hundreds of lists
victims received up to 20,000 e-mail msg/day
published rambling, incoherent manifesto
became known as “UNAMAILER”
1996.12 — UNAMAILER struck again
Root problem
some list managers automatically subscribe people
should verifying authenticity of request
send request for confirmation
3-52/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DoS: Root Servers
DoS cripples 9 of 13 root servers (2002.10)
Most sophisticated and large-scale assault on
root servers to date
Started 16:45 EDT Monday 21 Oct 2002
30-40x normal traffic from South Korea and US
origins
7 servers failed completely; 2 intermittently
Remaining 4 servers continued to service ‘Net
requests – no significant degradation of
service
Verisign upgraded protection on its servers
as a result
3-53/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DoS: Al-Jazeera
Al-Jazeera swamped (2003.03)
Arab satellite TV network Web site
unavailable
Swamped by bogus traffic aimed at US
servers for its site
3-54/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DoS: GOOGLE & .com
Disappear Briefly
GOOGLE disappears from Web (2005.05)
Gone for 15 minutes 7 May 2005
Glitch in DNS
Drew attention to concerns over DNS stability
National Research Council issued report
criticizing state of DNS infrastructure
http://www7.nationalacademies.org/cstb/pub_dns.html
Historical note:
2000.08.23: 4 of 13 root DNS servers failed
All access (http, ftp, smtp) to entire .com
domain blocked for 1 hour worldwide
3-55/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Future INFOWAR Scenarios
Technology for Spies
Cryptography vs Parallel Computing
Archives
Permanence of Human Knowledge
RFID
Down the Road a Bit (or Byte)
Flash Crowds
Smart Appliances?
Direct Neural Interfaces
3-56/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Technology for Spies
Cell phones becoming PDAs
Victimized by viruses
Ideal for spreading malware
Include cameras and microphones
Can be remotely controlled
Flash drives make it easy to steal data
Watch out for sushi on the back of your
computer
3-57/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cryptography vs
Parallel Computing
Some computers being described in Kproc
(kilo-processors)
Brute-force cracking catching up with popular
keylengths
Have seen PGP users change their keys from
512 bits to 1024 to 2048 in a few years
How are companies managing their keys?
3-58/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Archives
Technology changing very fast
1980 8” 128 KB disk unreadable
1990 5¼” 768 KB disk unreadable
2000 100 MB ZIP disk obsolete
2002 2 GB Jaz disk obsolete
20?? 700MB CD-ROM obsolete
2??? 4.4 GB DVD obsolete
Changes in OS and application software make
old versions unreadable too
What will happen to our archival data?
3-59/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Permanence of Human
Knowledge
How do we stabilize URLs?
How safe are TinyURLs?
Who safeguards availability of important
electronic documents?
STILL WORKS AFTER 2 YEARS
… and now there are more:
3-60/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
RFID
Radio-Frequency Identifiers
Not only for products
Can be implanted under skin
Being used to track and identify critters
What about people?
Privacy issues?
http://www.bibleetnombres.online.fr/image8/rfid.jpg
3-61/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Down the Road a Bit
(or Byte)
Computer-controlled cars
Follow guides in roads
Any bets security will be minimal?
Hijack a car moving at 70 mph??
Segways
Extensive computer controls for gyroscopic
stabilization
How long until they are hacked?
3-62/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Flash Crowds
People respond to anonymous instructions
Be at specific place at specific time for no
particular reason
News spreads through e-mail, IM
Crowds of thousands gather on command
and jam available space for fun
Now think about how such obedience can be
used by criminals – or terrorists. . . .
3-63/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Smart
Appliances?
Copyright © 1999 Rich Tenant.
All rights reserved.
3-64/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Direct Neural Interfaces
Direct neural interfaces
Working on reading brain activity patterns
Control computers
Control machinery?
What about hackers?
Being proposed to
control prostheses
RFI interference?
Hacking?
DoS?
http://whatisthematrix.warnerbros.com/img/1-3d.jpg
3-65/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
DISCUSSION
3-66/66
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25