Netwarfare refers to fighting wars over civilian and military computer systems and networks. It differs from traditional warfare in that there may be no formal declaration of war, attacks are not targeted at countries but organizations, and the attackers may not want a traditional victory. Perpetrators of netwarfare include independent hackers, client hackers working for groups, political or paramilitary movements, and governments and armed forces conducting secret netwarfare operations. Common methods of netwarfare include direct system intrusion, social engineering, denial of service attacks, trojan horses, sniffers, and viruses.
2. WWhhaatt iiss nneettwwaarrffaarree??
• Special subset of information warfare
• Leaves out electronic warfare and psychological
operations
• Netwarfare means fighting a war over civilian and
military computer systems and networks
• Abstract scenario
• Physical being and location of the fighters is
almost completely irrelevant
3. DDiiffffeerreenncceess bbeettwweeeenn
nneettwwaarrffaarree aanndd
ttrraaddiittiioonnaall wwaarrffaarree
• There might be no war declared
• Attacks might not be targeted against a country
but against a group, company or organization
• The attackers or defenders might not be soldiers
• The attackers might not want a victory in
traditional sense
• In fact, they might favour that the enemy never
realizes it is in war
4. PPeerrppeettrraattoorrss
• The independent hacker
• The client hacker
• Political or paramilitary movements
• Governments and armed forces
5. The iinnddeeppeennddeenntt hhaacckkeerr
• Individuals or groups
• Illegally enter and manipulate
computer systems
• Motives:
– Causing annoyance
– Thrill
• Sometimes hit sensitive targets
– Power (Case Cal-ISO, June 2001)
– Water
– Military
• Case NATO
• Case Pentagon
• Case BND
• Case Naval Research Laboratory
• Case White Sands Missile Range
• Case NASA
7. TThhee cclliieenntt hhaacckkeerr
• Individual hacker or a group
• Working on behalf of a sponsor
• Hackers being hired by guerilla, terrorist or paramilitary
movements
• Motives:
– Money
– Girls
– Thrill of victory
• Might also be used as a smoke screen
• Very few reported cases
– Case Pengo…
– Case Microsoft / QAZ
8. Political oorr ppaarraammiilliittaarryy
mmoovveemmeennttss
• Guerilla armies
• Insurgency groups
• Religious fanatics and cults
• Activists
• Net-based propaganda already commonplace
– Hizbollah in Lebanon
– Zapatistas in Mexico
– Tamil Tigers
• Isolated occurrences of hacking
have been seen
– Aum Shinrikyo doomsday cult
in Japan
– “Hacking schools” in middle
east
• Future looks bad
9. Governments aanndd aarrmmeedd
ffoorrcceess
• “Official" netwarfare
• Typically undisclosed with secret funding
• Capabilities related to technical development and
finance
• Asymmetric attack
• Using hackers for espionage or intelligence purposes
• Spreading directed attacks with viruses and network
worms
• Best way to guard
against:
DON’T
USE
TECHNOLOGY
10. NNeettwwaarrffaarree aanneeccddootteess
• The Gulf War 1991
– “Viruses planted to printers”
– “Remote control of Iraqi air force radar
systems”
– Iraqis using university e-mail systems to
communicate after their own systems were
destroyed
11. NNeettwwaarrffaarree
aanneeccddootteess
• The Kosovo conflict 1999
– US EC-130H “Compass Call” planes
– Air-to-ground communication
– Penetrated Serb air defense computer systems
– Planted false messages and targets in the air defense
system
– Case Detailed in Aviation Week & Space Technology
magazine, October 2000
• Serb attacks
– DDoS attacks against NATO sites from Belgrad
– Attacks against western systems
• Serbs & possibly Chinese?
– Viruses written by Serb kids
13. DDiirreecctt iinnttrruussiioonn
• Gaining direct access on the target systems
• Getting root
• Wide range of methods
– Open remote access points
– Known security holes
– Network spoofing
– Fragment attacks
– Dial-up lines
– Weak passwords
– Social engineering
16. SSoocciiaall EEnnggiinneeeerriinngg
• Using the weakest link in security -
humans
• Psychology tricks
• Hacking by phone
• "Here's the Sales Director from the
Frankfurt department. What the heck is
wrong in your systems! I can't access our
order database and clients are waiting in
the meeting room! Now you go and give
me a new password."
• Learning what the contact isn’t
willing to tell you
17. Distributed DDeenniiaall ooff
SSeerrvviiccee
• Overloading a service by misusing its resources
• February 2000: Yahoo, Amazon, eBay, CNN…
• Attacks done by a teenager “Mafiaboy”
• Very effective way to take someone down
• Not much we can do about it
• Combine this with a virus? Whoa.
18. CCooddee RReedd
• First web worm
• First DDoS worm
• Jumps from www site to another
• Three phases
– Spreading
– Attack
– Sleeping
• Infected 340,000 machines in July
• Infected 170,000 machines in August
• Demo
19. TTrroojjaann HHoorrsseess
• The malicious masquerading as the friendly
• FUNNYGAME.EXE which formats your hard drive
• Backdoor trojans
• Trojan functionality planted in commercial software
• NSA operations with commercial vendors
– Semi-confirmed:
• Crypto AG, Switzerland
– Unconfirmed / rumoured / approached?
• Microsoft, USA
• Lotus / IBM, USA
• Grattner AG, Switzerland
• Gretag AG, Switzerland
• Siemens, Germany
• Philips, France
• Transvertex Ab, Sweden
• Ericsson Ab, Sweden
• Nokia Oy, Finland
Source: Covert Action Quarterly
20. VViirruusseess && wwoorrmmss
• Virus = program which has been programmed to
spread further by infecting other programs
• Worm = a standalone virus. Does not infect
existing programs, just sends itself further
automatically
• Very effective in network assisted attacks
• The viruses we’ve seen so far have been simple
• This might change
21. NNuummbbeerr ooff vviirruusseess
11998866--22000011
• Binary PC viruses: more than 55,000
– DOS ~45000
– Windows 9x/Me: 500
– Windows NT/2000: 300
• Macro viruses: more than 8,000
– Word: 7000
– Excel: 1400
– Powerpoint: 100
– Script viruses 650
• Other: less than 100
– Macintosh: 50
– Linux: 25
– EPOC: 6 trojans
– Palm OS: 1 virus, 1 trojan
0 1 6 90 180 360 1100
2450
3550
5500
7850
18500
45000
55000
33500
10350
1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001
June 2001
23. VViirruuss ffuunnccttiioonnaalliittyy
• On an infected system, the virus
can do anything the user can do
– Read
– Write
– Delete
• Spying is easy: email documents out / record speech via
microphone / receive further instructions from web
pages / etc
• Modern net-assisted worms can also be crafted to
spread very, very fast
• In theory you could infect the whole internet in 15
minutes
• And the Future is wireless
24. SSiirrccaamm
• Most widespread data stealing virus
• Locates e-mail addresses
• Locates recently used documents
• …and sends them away
25. NNiimmddaa
• Four different viruses in one
• Infected 2.2 million machines
in a day
• Network traffic jams
• Shares your drives
• Who made it?
27. GGuueerriillllaa ttaaccttiiccss
• Netwarfare potentially provides crucial assistance
to ’traditional’ guerilla operations
• Taking down enemys communication systems
• Inserting false data
• Corrupting existing data
• Shutting down civilian systems to create confusion
• Net-assisted spying
• Using guerillas to physically access closed
systems and network
• Guerilla-installed remote access tools
28. Implementing nneettwwaarrffaarree
aattttaacckkss
• Indeed
• It’s relatively easy to think about possible
scenarios and how to protect against them
• Starting netwarfare attacks is another thing
entirely
• And out of scope
for this
presentation...
29. FF--SSeeccuurree AAuutthhoorriizzeedd
RReeffeerreennccee CCuussttoommeerrss
• Government
French Army, IRS, NASA Headquarters, Naval Air Warfare Center, U.S. Army
Medical, U.S. Department of Defense
• Leading universities
Harvard University, University of California Berkeley
• Research
Lawrence Livermore National Lab, Los Alamos National Lab,
Oak Ridge National Lab, San Diego Supercomputer Center
• Banking
Charles Schwab, Credit Agricole, Daiwa Bank, DresdnerBank, E*TRADE, Fuji
Bank, Merita-Nordbanken, Sumitomo Bank
• Information Technology
Andersen Consulting, EDS, First Data Corp, IBM, Unisys
• Communications
Cisco, Ericsson, Motorola, Nokia
• Internet
Amazon.com, Digital Island , eBay, Yahoo
• Telecommunications
AT&T Wireless, British Telecom, Cegetel, Concert, Deutsche Telekom, GTE,
NTT, Sonera, Telecom Italia, Telia, US West
• Other
BMW, Boeing, DaimlerChrysler, Volkswagen
Notas del editor
1 new Win32 virus every week
6 months ago it was 1 new Win32 every month
Data Fellows has an impressive blue chip customer base.
We have some of the most recognizable names in government ... university ... and research organizations … such as NASA … Harvard University … and Los Alamos Laboratories.
On the corporate side ... we have leading banking ... IT ... communications ... Internet … telecom … and industry customers as well.
These include Charles Schwab … IBM … Nokia ... Yahoo … NTT … Digital Island … and BMW.