Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Guerilla warfare by means of netwarfare [2001]

Blast from a past. A talk on cyberwar before the term was coined.

  • Sé el primero en comentar

Guerilla warfare by means of netwarfare [2001]

  1. 1. GGuueerriillllaa WWaarrffaarree bbyy mmeeaannss ooff NNeettwwaarrffaarree OOccttoobbeerr 1177tthh,, 22000011 NNaattiioonnaall DDeeffeennccee CCoolllleeggee,, FFiinnllaanndd Mikko H. Hyppönen Manager, Anti-Virus Research, F-Secure Corporation Mikko.Hypponen@F-Secure.com Copyright © 2001 F-Secure Corporation. All Rights Reserved. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.
  2. 2. WWhhaatt iiss nneettwwaarrffaarree?? • Special subset of information warfare • Leaves out electronic warfare and psychological operations • Netwarfare means fighting a war over civilian and military computer systems and networks • Abstract scenario • Physical being and location of the fighters is almost completely irrelevant
  3. 3. DDiiffffeerreenncceess bbeettwweeeenn nneettwwaarrffaarree aanndd ttrraaddiittiioonnaall wwaarrffaarree • There might be no war declared • Attacks might not be targeted against a country but against a group, company or organization • The attackers or defenders might not be soldiers • The attackers might not want a victory in traditional sense • In fact, they might favour that the enemy never realizes it is in war
  4. 4. PPeerrppeettrraattoorrss • The independent hacker • The client hacker • Political or paramilitary movements • Governments and armed forces
  5. 5. The iinnddeeppeennddeenntt hhaacckkeerr • Individuals or groups • Illegally enter and manipulate computer systems • Motives: – Causing annoyance – Thrill • Sometimes hit sensitive targets – Power (Case Cal-ISO, June 2001) – Water – Military • Case NATO • Case Pentagon • Case BND • Case Naval Research Laboratory • Case White Sands Missile Range • Case NASA
  6. 6. KKeevviinn MMiittnniicckk ddaammaaggeess 11999933--11999944 • Sun, USA; Solaris source code: $80M • NEC, Japan; Mobile phone sources: $1.75M • Nokia, Finland; HD760 project: FIM 2.5M • Nokia, UK; "Mobile software": $135M • Novell, USA; Netware sources: $75M • Fujitsu, USA; PCX phone sources: $2.1M • SSeenntteenncceedd oonn AAuugguusstt 99tthh,, 11999999 • TToottaall ddaammaaggee:: $$229966,,000000,,000000 • MMiittnniicckk oorrddeerreedd ttoo ppaayy:: $$44,,112255 • AAnndd ttoo sseerrvvee 4466 mmoonntthhss iinn pprriissoonn Source: http://www.hackernews.com/orig/letters.html
  7. 7. TThhee cclliieenntt hhaacckkeerr • Individual hacker or a group • Working on behalf of a sponsor • Hackers being hired by guerilla, terrorist or paramilitary movements • Motives: – Money – Girls – Thrill of victory • Might also be used as a smoke screen • Very few reported cases – Case Pengo… – Case Microsoft / QAZ
  8. 8. Political oorr ppaarraammiilliittaarryy mmoovveemmeennttss • Guerilla armies • Insurgency groups • Religious fanatics and cults • Activists • Net-based propaganda already commonplace – Hizbollah in Lebanon – Zapatistas in Mexico – Tamil Tigers • Isolated occurrences of hacking have been seen – Aum Shinrikyo doomsday cult in Japan – “Hacking schools” in middle east • Future looks bad
  9. 9. Governments aanndd aarrmmeedd ffoorrcceess • “Official" netwarfare • Typically undisclosed with secret funding • Capabilities related to technical development and finance • Asymmetric attack • Using hackers for espionage or intelligence purposes • Spreading directed attacks with viruses and network worms • Best way to guard against: DON’T USE TECHNOLOGY
  10. 10. NNeettwwaarrffaarree aanneeccddootteess • The Gulf War 1991 – “Viruses planted to printers” – “Remote control of Iraqi air force radar systems” – Iraqis using university e-mail systems to communicate after their own systems were destroyed
  11. 11. NNeettwwaarrffaarree aanneeccddootteess • The Kosovo conflict 1999 – US EC-130H “Compass Call” planes – Air-to-ground communication – Penetrated Serb air defense computer systems – Planted false messages and targets in the air defense system – Case Detailed in Aviation Week & Space Technology magazine, October 2000 • Serb attacks – DDoS attacks against NATO sites from Belgrad – Attacks against western systems • Serbs & possibly Chinese? – Viruses written by Serb kids
  12. 12. MMeetthhooddss ooff NNeettwwaarrffaarree • Direct intrusion • Social Engineering • Denial of Service Attack (DoS) • Trojan Horses • Sniffers • Viruses
  13. 13. DDiirreecctt iinnttrruussiioonn • Gaining direct access on the target systems • Getting root • Wide range of methods – Open remote access points – Known security holes – Network spoofing – Fragment attacks – Dial-up lines – Weak passwords – Social engineering
  14. 14. YYIIHHAATT
  15. 15. RRyyDDeenn
  16. 16. SSoocciiaall EEnnggiinneeeerriinngg • Using the weakest link in security - humans • Psychology tricks • Hacking by phone • "Here's the Sales Director from the Frankfurt department. What the heck is wrong in your systems! I can't access our order database and clients are waiting in the meeting room! Now you go and give me a new password." • Learning what the contact isn’t willing to tell you
  17. 17. Distributed DDeenniiaall ooff SSeerrvviiccee • Overloading a service by misusing its resources • February 2000: Yahoo, Amazon, eBay, CNN… • Attacks done by a teenager “Mafiaboy” • Very effective way to take someone down • Not much we can do about it • Combine this with a virus? Whoa.
  18. 18. CCooddee RReedd • First web worm • First DDoS worm • Jumps from www site to another • Three phases – Spreading – Attack – Sleeping • Infected 340,000 machines in July • Infected 170,000 machines in August • Demo
  19. 19. TTrroojjaann HHoorrsseess • The malicious masquerading as the friendly • FUNNYGAME.EXE which formats your hard drive • Backdoor trojans • Trojan functionality planted in commercial software • NSA operations with commercial vendors – Semi-confirmed: • Crypto AG, Switzerland – Unconfirmed / rumoured / approached? • Microsoft, USA • Lotus / IBM, USA • Grattner AG, Switzerland • Gretag AG, Switzerland • Siemens, Germany • Philips, France • Transvertex Ab, Sweden • Ericsson Ab, Sweden • Nokia Oy, Finland Source: Covert Action Quarterly
  20. 20. VViirruusseess && wwoorrmmss • Virus = program which has been programmed to spread further by infecting other programs • Worm = a standalone virus. Does not infect existing programs, just sends itself further automatically • Very effective in network assisted attacks • The viruses we’ve seen so far have been simple • This might change
  21. 21. NNuummbbeerr ooff vviirruusseess 11998866--22000011 • Binary PC viruses: more than 55,000 – DOS ~45000 – Windows 9x/Me: 500 – Windows NT/2000: 300 • Macro viruses: more than 8,000 – Word: 7000 – Excel: 1400 – Powerpoint: 100 – Script viruses 650 • Other: less than 100 – Macintosh: 50 – Linux: 25 – EPOC: 6 trojans – Palm OS: 1 virus, 1 trojan 0 1 6 90 180 360 1100 2450 3550 5500 7850 18500 45000 55000 33500 10350 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 June 2001
  22. 22. GGlloobbaall VViirruuss ccoossttss YEAR VIRUS COSTS US$ 1999 ExplorerZip 1 020 000 000 1999 Melissa 1 100 000 000 2000 Loveletter 875 000 000 2001 Sircam 1 050 000 000 2001 Code Red 2 620 000 000 2001 Nimda 590 000 000 SSoouurrccee:: CCoommppuutteerr EEccoonnoommiiccss,, IInncc,, SSeepptteemmbbeerr 22000011
  23. 23. VViirruuss ffuunnccttiioonnaalliittyy • On an infected system, the virus can do anything the user can do – Read – Write – Delete • Spying is easy: email documents out / record speech via microphone / receive further instructions from web pages / etc • Modern net-assisted worms can also be crafted to spread very, very fast • In theory you could infect the whole internet in 15 minutes • And the Future is wireless
  24. 24. SSiirrccaamm • Most widespread data stealing virus • Locates e-mail addresses • Locates recently used documents • …and sends them away
  25. 25. NNiimmddaa • Four different viruses in one • Infected 2.2 million machines in a day • Network traffic jams • Shares your drives • Who made it?
  26. 26. Reaction ttiimmeess ooff oouurr aannttii--vviirruuss rreesseeaarrcchh llaabb • Typical reaction time around 2.5 hours • Reaction times history: – Melissa 1999: 3h 15min – Loveletter 2000: 1h 40min – Anna Kornikova 2001: 2h 5min – Sircam 2001: 1h 50min – Nimda 2001: 1h 57min
  27. 27. GGuueerriillllaa ttaaccttiiccss • Netwarfare potentially provides crucial assistance to ’traditional’ guerilla operations • Taking down enemys communication systems • Inserting false data • Corrupting existing data • Shutting down civilian systems to create confusion • Net-assisted spying • Using guerillas to physically access closed systems and network • Guerilla-installed remote access tools
  28. 28. Implementing nneettwwaarrffaarree aattttaacckkss • Indeed • It’s relatively easy to think about possible scenarios and how to protect against them • Starting netwarfare attacks is another thing entirely • And out of scope for this presentation...
  29. 29. FF--SSeeccuurree AAuutthhoorriizzeedd RReeffeerreennccee CCuussttoommeerrss • Government French Army, IRS, NASA Headquarters, Naval Air Warfare Center, U.S. Army Medical, U.S. Department of Defense • Leading universities Harvard University, University of California Berkeley • Research Lawrence Livermore National Lab, Los Alamos National Lab, Oak Ridge National Lab, San Diego Supercomputer Center • Banking Charles Schwab, Credit Agricole, Daiwa Bank, DresdnerBank, E*TRADE, Fuji Bank, Merita-Nordbanken, Sumitomo Bank • Information Technology Andersen Consulting, EDS, First Data Corp, IBM, Unisys • Communications Cisco, Ericsson, Motorola, Nokia • Internet Amazon.com, Digital Island , eBay, Yahoo • Telecommunications AT&T Wireless, British Telecom, Cegetel, Concert, Deutsche Telekom, GTE, NTT, Sonera, Telecom Italia, Telia, US West • Other BMW, Boeing, DaimlerChrysler, Volkswagen

×