Transcript Slide 1

Militerisation of Cyber Space
&
Weaponisation of Software
By
DR T.H. CHOWDARY
* Director, Center for Telecom Management & Studies
•Chairman, Pragna Bharati (Intellect India), Andhra Pradesh
•Fellow: Tata Consultancy Service Ltd.
* Former Information Technology Adviser, Government of A.P
Chairman & Managing Director
Videsh Sanchar Nigam Ltd., Bombay
T: +91 (40) 6667-1191(O) 2784-3121®
F: +91 (40) 6667-1111 (O)
[email protected]
Talk at IETE, Visakhapatnam : 4 December 2010
Preface
• A specter is haunting a great power like the US and the powers
like India that want to be great and the power Russia that was
once a super power.
• The specter is Information Warfare (IW), in cyber space. Internet is
being militarized just as the outer space was militarized by the
Ronald Reagon, Margaret Thatcher combination. Software is being
weaponised in order to smash the adversaries capability to wage
war. This power point presentation is to sensitize Indian policy makers to the looming peril and urge Indian professionals to
develop the skills that are necessary to make our computer
networks impregnable. No amount of funding will be too much to
secure our networks especially those of the armed forces, finance
and banking, telecom and power, health care and emergency
service sectors.
THC_CTMS
S454_ Dec2010
2
ICTs are affecting our civilization
• Cell phones, computers, Internet,
communications satellites, optical fiber cables,
wireless in the local loop (WILL)
• Global connectivity to every equipped person,
at any time, to anyone, anywhere
THC_CTMS
S454_ Dec2010
3
ICT-based Information Society
• Information storage, transmission and
exchange over millions of computer networks
distributed across the world.
• Diplomatic Missions, e-governance, power
grids, telecoms, civil aviation, railways, police
& related security and law enforcement,
organs, banks, health and relief
services…armed forces networks, supply
chains… are targets.
THC_CTMS
S454_ Dec2010
4
ICTs in and for war
• Electronic warfare
• Militerisation of outer space – Star Wars
(Indrajit of Ramayana &
Ghatotkacha of Mahabharat)
• Ronald Reagon, Margaret Thacher
Vs. The Soviet Union
(Gulf Wars I and II, Afghanistan/ Pakistan )
THC_CTMS
S454_ Dec2010
5
China- The Foremost
Information War (IW) Power
Sources for this presentation:
• 1. Northrop Grumman project; Capability of the Peoples Republic of China
to Conduct Cyber Warfare and Computer Network Exploitation prepared
for the US-China Economic and Security Review Commission.
• Shadows in the Cloud : A report released on 6th April 2010 by the
Information Warfare Monitor Citizen Lab, Munk School of Global Affairs,
University of Toronto and (b) The SecDev Group, Ottawa and the
Shadow Service Foundation .
• Cyber Warfare: An Analysis of the Means and Motivations of Selected
Nation States by the Institute for Security Technology Studies at
Dartmouth College, USA
• Ten Critical Trends for Cyber Security - World war 3.0 - The Futurist, SeptOct 2009
• Scrutiny Cyber Space for the 44th Presidency: A report of the CSIS
Commission on Cyber Security
THC_CTMS
S454_ Dec2010
6
Cyber War
•
•
•
•
•
Silent, bloodless but deadly.
Russia crippled Georgia’s computer network
Russia crippled Lithuania computer network
Others warm us!
US & Canadian sources disclosed April 2010 that China stole 2.2
Terabytes of India's military information
• Munk School of Global Affairs
• University of Toronto
Report: Shadows in the Cloud
Investigating Cyber Espionage
– Docs. of National Security Council
– Mil. Intelligence Directorate
– Tracked several Indian Missions abroad & Dalai Lama’s government in
Dharmasala
THC_CTMS
S454_ Dec2010
7
Canada Alerts us!
• Two actions : hack (deface etc) & Steal
Gulshan Rai: Computer Emergency Response Team (CERT)
• Munk discovered Ghost Net in March 2009 covered 103
countries
• India focused Shadow Net
• Malicious software like Trojans
• Shadow Server Foundation (USA)
- a voluntary group of internet Security
professionals
• Collaboration between Munk &Shadow Server
Foundation
• Register domain names ( cst $ 10 to 100 ea)
THC_CTMS
S454_ Dec2010
8
China: The Cyber Warrior (1)
• China’s cyber force at least 50,000 targeting India
& Dalai Lama
• 10 Indian Embassies compromised Afghan,
Russia, UAE, USA, UK, Nigeria
• National Security Council Sect
–
–
–
–
–
THC_CTMS
2MES Establishments
2Mountain Artillery Brigade
2 Air force stations
Army Institute of Technology Pune
Military College of Electronics & Mechanical
Engineering in Secunderabad
S454_ Dec2010
9
China: The Cyber Warrior (2)
• Munk center & 2 Researchers from the varsity of Illinois &
Cambridge issued reports in march 2009
• It revealed that 1295 computers in 103 countries were
affected
• 30% of computers affected had high value content
• Indian Embassies in US, UK,FRG, Serbia, Cyprus, Belgium,
Italy & Kuwait
• Chengdu capital of China’s Sichwan Province, in league with
officially tolerated hacker organisation - NSFOCUS,
EVILOCTAL linked to PLA
• University of Science &Technology in Chengdu –
hosts hackers
THC_CTMS
S454_ Dec2010
10
China: The Cyber Warrior (3)
• Information Warfare Doctrine in the bookUnrestricted Warfare by Sr. Colonels of the
PLA
• I.W is asymmetric as it affords stealth, speed
and deniability
• Y2007: Hu Jintao Prime Minister of China
stressed cyber capability in the PLA
• China formulated the cyber strategy in the
early 1990s
THC_CTMS
S454_ Dec2010
11
China: The Cyber Warrior (4)
• 1997 Deng said, “What oil is to Middle east, rare earth metals are
to China”
• Japan needs 35,000 tons of r.e.ms /year
termed then as “21st century’s economic weapons”. Chinas has
cornered control over the world’s rare earth metals - restricts
export to 35,000 tp/y
• Hundreds/thousands are trained in I.W in academies run by the
PLA . Eg: Wuhan Varsity
• Raised militia units since Y 2002 drawn from Cos. ( like our TA) and
Academia
• HUAWI & ZTE- specialists in wireless technologies
• Sichuan & XingJian – Uighur are locales for the Militias
(Source: Jayadev Ranade Indian Express 12.04.2010)
THC_CTMS
S454_ Dec2010
12
China- The Foremost
Information War (IW) Power (2)
• China’s Intellectuals resources for I.W
• The Science of Military Strategy
• The Science of Campaigns
• An Introduction to Information Warfare
-written by Maj.Gen. Dai Qingmin. He worked at the
PLA’s Electronic Engineering Academy .
• The Academy of Military Science has a journal, China
Military Science with close links to PLA theoretical,
experimental and practical work in the weaponisation
of software.
THC_CTMS
S454_ Dec2010
13
China- The Foremost
Information War (IW) Power (3)
 China’s Intellectuals resources for I.W
Institutions :
• The National University of Defense Technology, Changsha, Hunan
Province
• The PLA Science & Engineering University
• The PLA Information Engineering University
• The AMS has a Department of Warfare Theory and Strategic
Research.
• The PLA maintains 6 Technical Reconnaissance Bureau (TRB)
located in Lanzhou, Jainan, Chengdu, Guangzhou and Beijing
military regions that are responsible for SIGINT collection of
strategic and tactical targets.
• The first TRB in Chengdu received a series of military
commendations for substantial achievements in informatisation
research.
THC_CTMS
S454_ Dec2010
14
China- The Foremost
Information War (IW) Power (4)
• China’s I.W Doctrine
• PLA’s goal is to establish control of an adversary’s information flow and
maintain dominance
• In the battle space
• The Information War (IW) strategies called Integrated Network Electronic
Warfare.
• It targets the adversaries’ information systems to delay deployments and
impact combat effectiveness of troops already in theater.
• Campaigns will be conducted in all domains simultaneously – ground, air,
sea and electro-magnetic space.
• It seizes control of adversary’s information flow and establishes
information dominance.
• PLA considers that this is a pre-requisite for seizing air and naval
superiority.
THC_CTMS
S454_ Dec2010
15
China- The Foremost
Information War (IW) Power (5)
• China’s Haktivist communities
• The Chinese hacker community. They are thousands of web
based groups. They are developing malware tools. The community
is engaged in large scale politically motivated denial of service
attacks, data destruction and web-defacements of foreign
networks. They are HACTISTS . They trade attacks with their
counter parts in the USA, Japan, Taiwan, Indonesia and South
Korea.
• Hackers are 2 kinds - White hat Hackers: These are bug hunters exploit coders. Their goal is profits. They help improve security
and achievement of recognition with great exploits & Black Hat
operators : They are mercenaries, get paid to penetrate networks;
they write worms and viruses.
THC_CTMS
S454_ Dec2010
16
China- The Foremost
Information War (IW) Power (6)
• Chinese cyber ware hactivists have a nation state
customer, making the activity state- sponsored
by default, regardless of the affiliation of the
actual operators at the keyboard.
• These operators have resources necessary to
develop and exploit previously unknown
vulnerabilities that are often missed by
signature based IDS /IPS and end point
protection software . These groups are heavily
focused and research new Zero Day vulnerability
(that is first ever discovery of vulnerability
THC_CTMS
S454_ Dec2010
17
China- The Foremost
Information War (IW) Power (7)
• Recruitment & Organisaion
• PLA has Information Warfare Militia units
since Y2002.
• The PLA scouts and identifies IT professionals
with specific backgrounds such as advanced
degree holders; who had studied overseas
and computer networking experts to co-opt
them in the cyber Militias.
THC_CTMS
S454_ Dec2010
18
China’s Patriot Hackers
•
•
•
•
China has a global cyber capability rating #2
Has over 10,000 hackers
Organised into official & unofficial Army
Red Hackers Alliance – world’s largest patriotic
hacker defending Chinese honour from a
perceived foreign threat in existence since
1998.
THC_CTMS
S454_ Dec2010
19
Our I.T Minister has little time!
• A server to host the domain name $ 30 /80 p.m
• Munk School communicated their findings to
India on 23 Feb 2010
• Munk men met Sachin Pilot on 31-03-2010 . He
had only 15 mnts as he was “travelling”!
• The hacker group “switches servers”
• Millions of US systems had been attacked
• Chinese systems are strong & encrypted on a
different level -can’t be hacked easily
THC_CTMS
S454_ Dec2010
20
China- The Foremost
Information War (IW) Power (8)
• Targets
• Numbers: 30,000/40,000 Hactivists cleverly
covered links with the PLA
• Forensic analysis suggests that the groups are
comprised of multiple members of varying
skill levels operating with fixed schedules and
standard operating procedures They take
detailed steps to mask their activities on the
targeted computer.
THC_CTMS
S454_ Dec2010
21
China- The Foremost
Information War (IW) Power (9)
• Exfiltration Operations
• These attacks often begin with an e-mail message with a file
attachment containing both exploit code and another small piece
of software which will give the attacker control of the victim’s
computer. Then this file ( usually, an image document or
spreadsheet is opened by the vulnerable program on the victim’s
computers ( eg: Power Point, WordPad, Adobe Acrobat etc. the
back door program executes. E-mail is the most common entry
vector).
• Analysis of forensic data associated with penetrations attributed
to sophisticated state-sponsored operators suggest that in some
operations multiple individuals are possibly involved, responsible
for specific tasks such as gaining and establishing network
accessed, surveying portions of the targeted network to identify
information of value and organizing the data exfiltration.
THC_CTMS
S454_ Dec2010
22
China- The Foremost
Information War (IW) Power (10)
• Staging points are servers where the exfiltrated data are
copied into. They compress, encrypt, segment and replicate
exfiltrated information before distributing it through
encrypted channels to multiple external servers that act
as drop points .
• The US information security staff could eventually detect
and block the exfiltration in mainstream but not before
significant amounts of data left the network.
• Intrusion prevention systems were then turned on to alert
and block further activity and for the next five hours,
these systems continued to detect attempts by the
hacking operators to return to complete the exfiltration.
THC_CTMS
S454_ Dec2010
23
China- The Foremost
Information War (IW) Power (11)
• Main Theater of operations; Chengdu
• Operational Exercises
• A Lanzhou Military Region division conducted
in Feb 2009 an opposed forced information
warfare exercise featuring computer network
attack while countering electronic warfare
attacks
THC_CTMS
S454_ Dec2010
24
Some exploits
• In Jan 2007 the PLA successfully fired a laser to bring down a defunct
Chinese weather satellite. That system has been operationalised since.
This technology is called the Nuclear Generated electro-magnetic pulse
attacks for controlling space-based information assets
• In 2007 China successfully tested direct ascent ASAT weapon that used a
kinetic kill vehicle to destroy an aging Chinese weather satellite.
• China has developed a road mobile ICBM , the DF-31A that can range the
continental United States and a submarine launched variant, the JL-2 that
will be deployed in China’s new nuclear powered submarines.
• In 2006 the Chinese used a laser dazzling weapon that temporarily
blinded a reconnaissance satellite .
• A long term persistent campaign by the Chinese hacker community
successfully exfiltrated at least 10-20 terabits of data from US government
networks as of Y 2007.
THC_CTMS
S454_ Dec2010
25
Other countries on to E.W
•
•
•
•
•
•
USA
Russia
Pakistan
Iran
South Korea
Israel
THC_CTMS
S454_ Dec2010
26
Some key players
• Data Security Council of India is an initiative of NASSOM.DSCI is
developing best practices for Data Security and Data Privacy.
• Computer Emergency Response Team monitors computer security
incidents as and a when they occur. It also maintains a database of
incidents and is supposed to study trends and patterns related to
intruder activity.
• National Technical research Organisation is the nodal agency for
technical intelligence an d surveillance.
• Army Cyber Security establishment is supposed to protect and
secure the army’s information networks.
• Defence Intelligence Agency is to provide timely, objective and
cogent military intelligence to defence planners and defence and
national security policy makers.
(Source: The New Indian Express 11 April 2010)
THC_CTMS
S454_ Dec2010
27
What India should do
• Evolve & adopt an IW doctrine
• Train ad equip defence personnel (like south
Korea ) in EW
• Build intellectual resources
• Universities, Institutes, Journals
• Carry out exercises
• Hold Hacking competitions
• Fund Adequately
THC_CTMS
S454_ Dec2010
28
A surprise
• Kautilya’s Artha Sastra has a chapter on
warfare- China’s PLA’s doctrine of IW appears
to be the electronic version of physical
actions.
• Welcome GOI’s decision (13.05.’10) to set up
a National Defense University near Gurgaon.
THC_CTMS
S454_ Dec2010
29
India-China
THC_CTMS
S454_ Dec2010
30
China-India
Economic asymmetry
Key development indicators
India
China
GDP ( 4 billion)
1,100
4,400
Foreign exchange reserves ( $ trillion)
283
2,200
GDP per capita ($ in PPP terms)
2,762
5,963
Percentage of poor ( income below $ 1/day)
28.3
9.9
Urban population ( as% of total)
29
40
Life expectancy (years)
64
74
Mobile phones ( per 100 persons)
60
80
Road density (road kms/100 sq.km of area)
21
114
(Source: Business India , November 15,2009)
THC_CTMS
S454_ Dec2010
31
China-India
Military asymmetry
Military assets
India
China
Defence budget ( $ billion)
32
87
Military personnel (million)
1.3
2.2
Combat aircrafts
500
2,000
Major warships
34
75
Nuclear Capable Guided Missiles
70
950
(Source: Business India, November 15, 2009)
THC_CTMS
S454_ Dec2010
32
Trade asymmetry
India’s foreign trade with China
($ billion)
31.33
27.1
Imports
17.46
10.82
Exports
9.27
8.29
2006-07
THC_CTMS
2007-08
2008-09
S454_ Dec2010
33
China’s Might (2)
• New Strategy w.r. to SOEs
“Grasping the Big & Let go the Small”
• China concentrated on labour absorbing
growth
China
India
Food grains 418 mln T 210
Steel
163 mln T 29
Cement
650 m
109
THC_CTMS
S454_ Dec2010
34
China’s Might (1)
• China:
FDI 1985-92 1993-2000
P.A $8.9 bln
$37.8 bln
• The stock of FDI to GDP in Y 2004
– 30% in Y 2004
– 24% in Y 2007
• By Y 2007 – China is the world’s 2nd largest
exporter
THC_CTMS
S454_ Dec2010
35
Can India catch up
• For India to come abreast of China by Y 2025
growth should be 11.6%; if in 2050- 8.9%
(Source: Chasing the Dragon by
Mohan Guruswamy Rs. 650/- & Zorwar Daulet
Singh)
THC_CTMS
S454_ Dec2010
36
Pakis Hack Ind Stat. Inst.
• 0930 July 11, Y 2000: ISI hacked Calcutta’s
Indian Statistical Inst. To erase it (aborted)
• All information restored from the Back-up
“Our Organisation’s name is ISI. And no other
Organsiation can exist with this name”
- ISI’s hackers boasted & posted
THC_CTMS
S454_ Dec2010
37
Spy Phones
Forbes, March 19m2010
• Port of Los Angels: has 27 terminals, along 70 km of
coastline, watched by 400 security cameras
• Security police can pull live videos from any of these
cameras on to cell phones or car mounted computers
• Nifty software created by Reality mobile hooks 140
port officers into a network – a real force multiplier
• Will be used in unmanned drones
• Telepresence at the edge• Partial video phones received video frames at a fixed
rate, Reality Mobiles software sends whole frames
(easily processed JPEG files) at a variable ratified to
available bandwidth
THC_CTMS
S454_ Dec2010
38
Dhanyawad:
Thank You
THC_CTMS
S454_ Dec2010
39