Transcript FEDERAL BUREAU OF INVESTIGATION Cyber Division FBIHQ Cyber Attacks:

FEDERAL BUREAU OF INVESTIGATION
Cyber Division
FBIHQ
Cyber Attacks:
The Next Frontier
Presented by SSA Robert Flaim


“The nation is vulnerable to new forms of terrorism
ranging from cyber attacks to attacks on military
bases abroad to ballistic missile attacks on U.S. cities.
“Wars in the 21st century will increasingly require all
elements of national power – not just the military. They
will require that economic, diplomatic, financial, law
enforcement and intelligence capabilities work
together.”
Secretary Rumsfeld address to the National Defense University, January 31, 2002.
Discussion
 Critical Infrastructures
 Terrorist Internet Exploits
 Tactics and Strategy
Critical
Infrastructures
Where the Crown
Jewels Are
Imagine Planning for These Contingencies
ATM
Failures
Telephone Outages
Power Outages
World Trade Center
Poisoned Water Supply
Bridges Down
Oklahoma City
Oil Refinery Fire
Airliner Crash
ISPs All Offline
911 System Down
Unrelated Events or Strategic Attack?
Using Our Systems Against Us
 Aircraft – Pentagon/Twin Towers
 Mail distribution network – Anthrax
 Computers – next step ?
Real World Example – Australia
2000
Maroochy Shire Waste Water Plant – Sunshine
Coast
– Insider
– 46 intrusions over 2 month period
– Release of sewage into parks, rivers
– Environmental damage
Real World Example – USA 2001
San Francisco FBI Field Office Investigation
– Internet probes from Saudi Arabia, Indonesia,
Pakistan
– Casings of web sites regarding emergency telephone
systems, electrical generation and transmissions,
water storage and distribution, nuclear power plants
and gas facilities
– Exploring digital systems used to manage these
systems
Why Cyber Attack on Critical
Infrastructures?





National Security
– Reduce the U.S.’s ability to protect its interests
Public Psyche
– Erode confidence in critical services and the government
Economic impact
– Damage economic systems
Enhancement of Physical Attacks
– Physical damage/distraction efforts
Asymmetric Warfare
– Lack of attribution, low cost/high potential impact
How are we vulnerable?

Globalization of infrastructures = vulnerability

Anonymous access to infrastructures via the Internet
and SCADA

Interdependencies of systems make attack
consequences harder to predict and more severe

Malicious software is widely available and does not
require a high degree of technical skill to use

More individuals with malicious intent on Internet

New cyber threats outpace defensive measures
Vulnerability Types




Computer based
– Poor passwords
– Lack of appropriate protection/or improperly configured
protection
Network based
– Unprotected or unnecessary open entry points
Personnel based
– Temporary/staff firings
– Disgruntled personnel
– Lack of training
Facility based
– Servers in unprotected areas
– Inadequate security policies
Al-Qaeda
Al-Qaeda laptop found in Afghanistan contained:
 Hits on web sites that contained “Sabotage
Handbook”
 Handbook – Internet tools, planning a hit, antisurveillance methods, “cracking” tools
 Al-Qaeda actively researched publicly
available information concerning critical
infrastructures posted on web sites
Terrorist Internet
Exploits
What are we up
against?
Terrorist Groups
Terrorists
Attention must be paid to studying the terrorists:
– Ideology
– History
– Motivation
– Capabilities
Terrorists


Terrorism is carried out by disrupting activities,
undermining confidence, and creating fear
In the future, cyber terrorism may become a viable
option to traditional physical acts of violence due to:
– Perceived anonymity
– Diverse targets
– Low risk of detection
– Low risk of personnel injury
– Low investment
– Operate from nearly any location
– Few resources are needed
Terrorist Use of the Internet

Hacktivism
 Cyber Facilitated Terrorism
 Cyber terrorism
Cyber Arsenal for Terrorists
Internet newsgroups, web home pages, and IRC channels include:
– Automated attack tools (Software Tools)
• Sniffers (capture information i.e. password/log-on)
• Rootkits (facilitate/mask intrusion)
• Network Vulnerability Analyzers (SATAN/Nessus)
• Spoofing
• Trojan Horses
• Worms
• DoS
Cyber Attack Methodology


Resource Denial
– Virus/malicious code
– “Legitimate” traffic overwhelms site
(unauthorized high-volume links)
– DoS
– DDoS
WWW Defacement
– Defacement to embarrass
– Content modification to convey message
– Content modification as component of
disinformation campaign
Computer System Compromises


System Compromise
– Data destruction
– Data modification
– Information gathering
– Compromised platform :
• Launch pad for attacks
• Jump off point for other compromises
Target Research and Acquisition
– Internet makes significant amounts of data
instantly and anonymously accessible.
Hacktivism
Hacktivism is hacking with a cause and is
concerned with influencing opinions on a
specific issue.
Example: ELF hacks into the web page of a
local ski resort and defaces the web page.
This is done to reflect the groups objections
to environmental issues.
Hacktivism
Electronic
Disturbance Theater
Smithsonian
Mental Institution
Cyber Facilitated Terrorism
Terrorists utilize web sites to actively recruit
members and publicize propaganda as well as to raise
funds

Web sites also contain information necessary to
construct weapons, obtain false identification

Use Internet as a communications tool via chat rooms,
BBS, email

Hijackers utilized cyber cafés to communicate via
Internet and order airline tickets

6. Feroz Abbasi
4. Zacarias
Moussaoui
5. Richard Reid
3. Kamel Daoudi
7. Nizar Tribelsi
1. Finsbury Park Mosque,
North London
2. Djamel Beghal
9. Abu Qatada
8. Abu Hamza
Kamel Daoudi –
Believed to be Al-Qaeda Cyber
Terrorist. Arrested for alleged
involvement in plot to bomb
American Embassy in Paris
Cyberterrorism
Cyberterrorism is a criminal act perpetrated by the
use of computers and telecommunications
capabilities, resulting in violence, destruction and/or
disruption of services to create fear by causing
confusion and uncertainty within a given population,
with the goal of influencing a government or
population to conform to a particular political, social,
or ideological agenda.
The Cyberterrorist Threat
Assessing the threat
Behavioral Profile
Technical Feasibility
THREAT
Operational Practicality
Cost & Means of Attack
Cost of Capability
Availability of Capability
1945
1955
Invasion
Strategic
Nuclear
Weapons
1960
1970
1975
1985
Today
Cruise Missile Precision
Computer
Missiles
Guided
ICBM & SLBM
Munitions
Tactics and Strategy
Prevention and
cooperation
FBI Cyber Transformation

Terrorism and Cyber Crime – top priorities
 FBI recruitment of engineers and computer
scientists – critical skills
 Increasing agents dedicated to cyber crime
 Creation of Cyber Task Forces in field offices
USA Patriot Act
Felony to hack into computer used in
furtherance of national security or national
defense

 2702 Emergency Requests
 Legal Subpoena expanded
 Sentencing increased
USA Patriot Act
cont’d
 Share with DOJ for criminal prosecution
 Permits “roving”
surveillance
 FISA orders for intelligence allowed if
there is a significant reason for application
rather than the reason
 Authorizes pen register and trap and
trace orders for email as well as telephone
conversations
International Investigations
Cyber Evidence in USA
MLAT Request
Joint FBI-Foreign Police
Investigation
Legal Subpoena
Cyber Terrorism Prevention – Old
Methods for New Problem



Liaison
Critical Infrastructure Companies, i.e. FBI InfraGard
Internet Service Providers
Universities
Internet Cafes
Hacker clubs
IT companies, developers
International, local law enforcement
Look – on the Internet
Coordinate - national security, terrorist personnel
Conclusion

Our national security, databases, and economy
are extremely dependent upon automation

Therefore, there exists a “target rich
environment” for those who would do harm via
the Internet

Our critical infrastructures require joint
private/public efforts to protect them
Robert Flaim
1-571-223-3338
[email protected]