The Rapid Evolution of Information Security: A Game of Spy

Download Report

Transcript The Rapid Evolution of Information Security: A Game of Spy

The Rapid Evolution of Information Security: A Game of Spy vs Spy

John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology QuickTime™ and a decompressor are needed to see this picture.

1960's -Computers come into widespread use in government and companies.

Attacks QuickTime™ and a decompressor are needed to see this picture.

The "Logic Bomb" - program installed by computer technician that would wipe out memory after a time period (if not reset).

This may be retaliation for a firing. In one case the culprit called the company and said he heard about their disaster, and said that fortunately he had backup tapes at home that he would sell (he went to prison).

Defenses Better off-site data backup systems.

2

1970's -Computers became accessible from remote terminals.

Attacks (Insiders only, or Burglars) QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

Guess other user's passwords, or write "Trojan Horse" programs for others to use which would write passwords and other information into the hacker's file.

Defense Better passwords (educate users - still an ongoing battle today). Trojan Horse programs are still a problem today. Only install programs from trusted sources. Government "Trusted Computers" check permissions on every read and write.

3

1980's -Computers became accessible from telephone voice lines by using a modem.

"Bulletin Board" servers downloaded files, mostly text files for printout.

Attacks QuickTime™ and a d eco mpres sor are nee ded to s ee this picture.

Demon Dialers - rapidly dialed telephone numbers in sequence to find lines with a modem. Then password guessing, if a password was even needed.

Defenses 1983, Teen hacks into US Air Defense Command computer WOPR, and almost starts World War 3 .

Better passwords and challenge-response authentication. [RSA dongles provide one-time passwords, but their basic code was stolen by hackers in 2010].

4

Thanks to the movies, computer hacking (breaking in) becomes a sport for high school age males. They can find "exploit" programs on the Internet from "hacker" Bulletin Boards, and instructions on how to use them.

Many of these young men claim they are doing good by exposing weak security in corporate and government computers. They do damage, even without meaning too by deleting files and crashing mainframes.

QuickTime™ and a d eco mpres sor are nee ded to s ee this picture.

1982, Computer innards portrayed as a virtual world where protagonists compete.

Who writes the exploit programs? Could it be professional hackers who want the network noise to cover their own tracks?

5

1990's - The World Wide Web is born.

Web servers, which work with Web Browses using the HTTP protocol and HTML formatted pages, download all manner of files: email, images, articles.

QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

Spread of Sapphire virus, after 38 minutes.

Attacks Download executable files, that install root kits and back doors. "Viruses" (computer programs that replicate and spread) have different payloads.

Defenses Anti-virus software. Updates continually coming more often and becoming larger. More frequent OS patches.

6

Early 2000's - The Decade of the Worm.

In Nov. 1988, the Morris "Worm" (a Virus that spreads through network connections) spread through email servers. Not intended to be malicious, it infected servers multiple times, crashing the Internet email service.

QuickTime™ and a dec ompressor are needed to see this picture.

In 2001, the "Anna Kournikova" spreads as an email attachment ("click here"). "Code Red" attacks 360,000 PC's over the Internet. The infected number doubled every 37 minutes. The Sapphire worm later spread 100 times faster, infecting almost every computer that was susceptible worldwide within 10 minutes.

Code Red spread In 2004, the "Witty" worm is targeted at certain network security products: ISS "Black Ice" and "Real Secure." Every available system worldwide was infected within 45 minutes.

7

Late 2000's - The Worm Evolves into the "Bot" (for Robot).

A Botnet is a sparse network of compromised computers. They communicate with only a QuickTime™ and a decompressor are needed to see this picture.

few other members to hide the "Command and Control" points. These could be Web servers whose URL belongs to the Bot Master. The Bot Master can provide services such as Spam mailing, phishing email, flood Denial of Service attacks (for extortion or damage to competitors). Botnets are usually controlled by criminal organizations (e.g., Russian Mafia).

In Nov. 2008, the "Conficker" bot infected over 10 million computers. It could send over 10 billion spam emails a day.

8

2010's - Wireless Networks are Everywhere Cell phones will become the primary access to the Internet (shopping and banking), and a way to access short range networks like point-of-sale payment systems and auto access.

Wireless Networks have a checkered history. Early AMPS cell phones were cloned. WiFi cryptographic methods WEP and WPA were broken very quickly.

Attacks - All previous, and spoofing.

Defense - Using network characteristics to "fingerprint" wireless nodes to detect intruders.

QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

R. A. Beyah -"The Case for Ubiquitous Intrusion Detection Systems" 9

Stuxnet - The first computer worm aimed at destroying specific physical facilities (Iran's uranium purifying centrifuges). The attacker is unknown, though widely believed to be the U.S., Israel, Germany, or a combination.

Stuxnet spread around the world before being detected. It did no harm except to a specific combination of Siemens equipment found only in Iran.

It contained four previously unknown (Day-0) vulnerabilities in Windows worth QuickTime™ and a decompressor are needed to see this picture.

$250,000 each on the hacker market.

Defense against new bots with Day-0 exploits:

none

. 10

Cyber War The commercial Internet in Estonia was disrupted for several days by Russian hackers unhappy because a WW2 monument was moved.

Thousands of computers in South Korea were destroyed in what was thought to be a test by North Korea.

The U.S. government has developed thresholds for a Cyber Attack that would warrant a counter Cyber-War attack, or a conventional military response. Defense: None, not even MAD.

QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

QuickTime™ and a decompressor are needed to s ee this pic ture.

BW, July 25, 2011 11