Cyber espionage sabotaging government Long term Strategy

Download Cyber espionage sabotaging government Long term Strategy

Post on 20-Jan-2017



Government & Nonprofit

0 download

Embed Size (px)


PowerPoint Presentation

Cyber Espionage Sabotaging Governments Long Term Strategy

Ajay PorusDirector & Principal Consultant Innovate InfoSecCISA, ITIL, ISO27001, CPISI, RSA certified Analyst, CCNA Security, Qualysguard certified specialistDigital forensics & Cyber crime expert- US DOD Cyber crime center DisclaimerInformation used to create the training has been taken from various sources and books. Credit for the information remains with the original authors and registered brands and trademarks belongs to their legitimate owners and does not violate any of Licenses and intellectual property rightsThis training material either in hard or soft forms contains my personal opinion and has nothing to do with my any current or past employers.

My ProfileI am an Information Security and technology Enthusiast.I do Consulting and training A startup Innovate InfoSec Pvt. Ltd.More Than 15 certification in Information security, cyber Security, Risk & CompliancePublications: Cloud Computing and its Security Benefits Enterprise IT Security MagzineSenior Cyber Leadership - Why a Technically Competent Cyber Workforce is Not Enough Cyber Security Forum Initiative (CSFI) Volunteer work: Honeynet Project IndiaCloud Security Alliance Founder Hyderabad Chapter AgendaWhat is GovernmentPillars or soul of a nationWhat is Cyber EspionageTypes of Cyber EspionageExamples with after effectsAnatomy of Cyber EspionageWhat can be Done GovernmentWhat is governmentBureaucrats, Elected memberStrategist, Think TanksScientists, diplomats

But from where they come

People, Citizens of the Nation Pillars or soul of a nationPoliticsEconomicsSocial CultureDefenseHealthcareTelecommunicationsEducation

Successful Attack on One = Destabilize a nationSuccessful Attack on few = Kill a nation

Cyber Espionage As per Wikipedia: is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spywareCyber spying typically involves the use of such access to secrets and classified information or control of individual computers or whole networks for a strategic advantage and for psychological, political and physical subversion activities and sabotage


Cyber Espionage EnemiesTop enemies Espionage Attacks - CommunicationsChina, Russia, North Korea, USA country sponsored and organized terrorismRecruitmentTrainingCoordination of attacksThrill seekers and for hire threatsPolitical sympathizers for radical causesRecruitmentTrainingMessage marketingIntellectual property Cyber Espionage TargetsNuclear plantsAny automated production including Gas, oiletcSCADA is a hot target Low tech and isolation has been its best protectionMilitaryMonetary systemCitizen communications platformInternetCellEmergency servicesSocial MediaBig data & Cloud Enviornment Goals of Cyber EspionageMoneyPowerControlPublicityRevengeFuture protection/Penetration testing The Original Logic BombMoonlight Maze 1998One of the earliest forms of majorinfiltrationwhere hackers penetrated American computer systems at will; Moonlight Maze was an accidental discovery made by the US officials and was believed to be conceived by the Russians although they denied their involvement. In this cyber attack, hackers targeted military maps and schematics and other US troop configurations from the Pentagon, the Department of Energy, NASA and various universities and research labs in unremitting attacks that was discovered in March , but had been going on for nearly two years. During the cold war in , the CIA found a way to disrupt the operation of a Siberian gas pipeline of Russia without using traditional explosive devices such as missiles or bombs. Instead, they caused the Siberian gas pipeline to explode using a portion of a code in the computer system that controls its operation in what they tagged as logic bomb. The chaos that ensued was so monumental that the resulting fire was even seen from space.


UkraineUkrainian Politicians' Phones Blocked, Damage to Ukrainian Telecom Cables Signals Jammed


Cyber Army Unit PLA Unit 61398APT1 is believed to be the 2nd Bureau of the Peoples Liberation Army (PLA) which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398 (61398). Stolen hundreds of terabytes of data from at least 141 organizationsThousands of EmployeesA well defined requirement and curriculumHuge infrastructure all around the worldOperations since 2006

13 DUQUDuqu was created in order to collect intelligence about its targets, which can include pretty much anything that is available in digital format on the victims PC.




F 35 Secrets in Chinese fighter planethe Chinese probably obtained the F- secrets from Lockheed Martin, its subcontractors, or U.S. allies involved in the development program. Allies that took part in the F- program include the United Kingdom, Israel, Italy, Australia, Canada, Norway, Denmark, the Netherlands, and TurkeyProgram budget 395 Billion dollar, but now stalled because of budget and other unknown issue.

F 35J20


Attack on KasperskyA highly Sophisticated attack on kaspersky LabsNew nation-state attack attributed to members of the infamous Stuxnet and Duqu gangA case of the watchers watching the watchers who are watching them.The attackers appear to be the same group that created Duqu, spyware discovered in 2011 that was used to hack a certificate authority in Hungary, as well as targets in Iran and Sudan, and that shared a number of similarities with Stuxnet, the famed digital weapon that sabotaged Irans nuclear program.Duqu 2.0, as Kaspersky is calling it, is a massive, 19-megabyte toolkit with plugins for various reconnaissance and data theft activitiesThe entire code of this [attack] platform is some of the best we have seen ever,the attackers also struck a series of hotels and conference venues, each of them a location where members of the UN Security Council met in the past year to negotiate Irans nuclear program.Regin was a sophisticated spy tool Kaspersky found in the wild last year that was used to hack the Belgian telecom Belgacom and the European Commission


How its doneGoal Reason for attack end desireIntelligenceLots of dataInformationFive steps in an attackReconnaissanceProbingActual attackMaintaining presenceTo continue original attack desired effectTo allow for future attacks continued surveillanceLight footingCovering attack trackResidual for future or continued access The Vulnerability Matrix

ElectricGovernmentNatural GasFedral institutionscommercial nuclear plantswastewater facilitiesOil Pielinechemical plantsHospitals

E-commerce billion miles of cableAirports maritime portsProduction sites Railways Govt. facilitiesHome UsersBroadband ConnectionsWirelessViruses, Worms


EmergencyServicesChemicalRailNatural GasWaterWaste WaterTransportationOilDamsInsidersConfigurationProblems Miles long transmission lines overlapping grid controllers Underground world of Cyber EspionageRussian Business Network working for corporate espionageSelling secrets from corporate and governments to highest biddersSelling zero day vulnerabilities along with cyber weapons The Anatomy of Cyber EspionageReason for cyber espionage Benefits gained target clicking on a malicious linkzero-day exploits Nations (and criminals) purchase zero-day exploitsPossible ramification: Disruption of supply-chains for defense in warDeployment of malicious hardware and compromise of military defense systems.Attack & control the satellite remotely; impact on military planes &weapons.Manipulation of GPS communication channels to control military dronesExploitation of Industrial Control Systems (ICS), especially supervisory control and data acquisition systems (i.e., SCADA, as in Stuxnet), impacting defense operations Reason of successful espionageSoftware-based VulnerabilitiesBackdoors and Hardcoded PasswordsRemote Code Execution (RCE)Insecure Protocols, Spoofing and HijackingSQL InjectionsInsecure Authentication and File Uploading Flaws Insider Threat VulnerabilitiesUnintentional Insider Threats (UIT)Intentional Insider Threats (IIT)Hardware-based VulnerabilitiesHumans: The weakest & Strongest link in chain Cyber WarfareCurrently between many countries China, USA, Russia, India, Pakistan, Iran, North Korea and many moreCyber warfare leading to human assassinationsHeard of Fire Sale: Watch Die Hard 4, BlackHat Cyber Weapons = Weapon of Mass Destruction What can be doneCyber-attacks cannot be prevented through technical solutions alone. The nation requires well-drafted cyber laws, organizational policies, and cyber strategies in addition to highly advanced defensive solutions. Software and Hardware AssuranceInsider Threat Detection.Cyber


View more >