1

Cybersecurity: Technologies and their Impact on Privacy

Eran TochThe Minerva Center for Human Rights, The Hebrew University, June 2013

2

Eran Toch

Department of Industrial Engineering

Tel Aviv University, Israel

http://toch.tau.ac.il/

erant@post.tau.ac.il

My Work

3

Managing Location Privacy

Temporal Aspects of Privacy

Generating Automatic Defaults

http://toch.tau.ac.il/

Cyber-Security and Privacy

4

Cyber Attacks

Cyber Security

Agenda

1. The Context Of Cyber Attacks

2. The Attack Model

3. The Cyber-security Response

5

1. The Context Of Cyber Attacks

6

Cyber Attacks

7

Actions to penetrate the computers or networks of a nation, organization or a person for the purposes of causing damage, disruption or to violate privacy.

http://www.flickr.com/photos/75468116@N04/8569854011

Three Questions

‣Who are the attackers?

‣What are the targets?

‣ How the attacks are carried out?

8

Who Are the Bad Guys?

9

10

“Off-the-shelf” Hackers

Sophisticated Hackers

Motivations:‣ Cyber Crime‣ Vandalism ‣Hactivism

Motivations:‣ Cyber Crime‣ Cyber Espionage ‣ Cyberwar

Where are the Victims?

11IBM Security Risk Report: http://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf

Threats for Electronic Services‣Disrupting, sabotaging or exploiting electronic

services.

12http://www.nytimes.com/2012/01/17/world/middleeast/cyber-attacks-temporarily-cripple-2-israeli-web-sites.htmlhttp://www.nytimes.com/2013/03/28/technology/attacks-on-spamhaus-used-internet-against-itself.html?pagewanted=all

For Example, The Attack on ATMs

13http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?pagewanted=all

Threats for the Computer Network‣ Disrupting the Internet network itself,

preventing the flow of communication.

14

Disrupting the Infrastructure‣ Electricity, water,

fuel and nuclear energy.

‣ Air control, traffic, building infrastructure.

15

But, Apart from Stuxnet...‣ Not many examples

of successful cyberattacks on infrastructure.

‣ However, physical infrastructure is getting increasingly connected.

16

The Stuxnet Attack, July 2012

Threats for Privacy‣ Accessing private information on servers and

personal devices.

17

1. The attack model

18

Attack Models

19

‣ The Internet Architecture

‣ Attacks

‣ Denial-of-service

‣ Trojan horse

‣ Phishing

‣ Man-in-the-middle

‣ Social Network attacks

‣ Insiders

The Internet Protocol

Client

Routers

Server

20

IP Packet

132.66.237.203

64.233.160.0

209.85.128.0

IP Address

Global IP Network

21

Properties of the Internet Network

‣ Multi channels of communication.‣ Anonymity and trustfulness.

22

First Attack

23http://www.flickr.com/photos/caioschiavo/6309585830

Zombies!

Denial-of-Service Attacks‣ Distributed denial-of-

service attack (DDoS attack)

‣ An attempt to make a machine or network resource unavailable to its intended users.

‣ Attackers hide themselves by employing “zombies”.

24

Example: The Attack on Spamhaus

25http://www.nytimes.com/interactive/2013/03/30/technology/how-the-cyberattack-on-spamhaus-unfolded.html

Second Attack

26http://www.flickr.com/photos/lars_in_japan/6129526077

Trojan Horses!

Trojan Horses Attack‣ A Trojan horse is a

malware that appears to perform a desirable function but instead drops a malicious payload

‣ Often including a backdoor allowing unauthorized access to the target's computer.

27

Example: The Zeus Trojan Malware

28

1. Zeus Trojan sells for $3,000 to $4,000 in the black market

2. Victims download and install the trojan malware

3. When victims surf to a select bank website, it displays a fake site

4. The malware steals account numbers, Social Security number, usernames and passwords

Trojan Horses

29

http://www.androidauthority.com/trojan-horse-apps-found-disguised-as-legit-google-play-store-apps-security-company-reveals-207408/http://iphone.pandaapp.com/news/07052012/220417591.shtml#.UbYMbPaSAUI

Third Attack

30http://www.flickr.com/photos/25689440@N06

Phishing!

Phishing Attacks‣ In Phishing attacks, the victim receives an email, a text message or

another communication. The link or reference will take the victim to a dummy site.

31http://www.gartner.com/newsroom/id/565125

The Cost‣ Gartner estimates that

3.6 million U.S. million adults lost money in phishing attacks in 2007.

‣ $3.2 billion was lost to these attacks.

32

Fourth Attack

33http://www.flickr.com/photos/lars_in_japan/6129526077

Man in the Middle in Mobile

Attacks on Mobile Devices‣ Mobile devices generate

and store very sensitive information:

‣ Our location

‣ Voice and video

‣ Contacts and communications

‣ Applications

‣ Various sensor data34

Man-in-the-middle Attack

35

Malicious Router

Sensitive Website

Man-in-the-Middle + Trojan

36

Malicious Router

Fifth Attack

37http://www.flickr.com/photos/lars_in_japan/6129526077

Social Network Attack

Facebook Botnets‣ How would you

respond to this Facebook friend request?

‣ The cyber attack: to become your friend.

‣ Social engineering can be used to get close to targeted people.

38

Social Network Attacks

39

The Socialbot Network: When Bots Socialize for Fame and Money - Yazan Boshmaf et al, In Proceedings of ACSAC'11, 2011.

Boshmaf et al. engineered a botnet server, and measured the rate in which people will fall for the attack.

Fifth Attack

40http://www.flickr.com/photos/lars_in_japan/6129526077

Insiders

Insiders‣ Cybersecurity is turning its eyes to insiders

such as employees and subcontractors.

41http://www.haaretz.co.il/news/law/1.1831775

The Risk‣ External threats count

for only 47.1% of perceived risks by IT managers.

‣ The majority of risk is from insiders and from management limitations.

42AlgoSec 2012 Report

2. The cyber-security Response

43

Cybersecurity Responses

44

‣ Organizations and governments respond to cyber attacks by:

‣ Developing technologies

‣ Regulating organizations

‣ Educating users and service providers

‣ Applying different levels of monitoring

http://www.flickr.com/photos/6892190693

Israel National Cyber Bureau‣ The Israel National Cyber Bureau

can be seen as a test case for government cybersecurity response.

‣ The Bureau activities include:

‣ Response formulation.

‣ Regulation roadmap.

‣ Research and development.

45

Levels of Response

Technology, Research and Education

CitizenEducation

Small Service ProvidersRegulation

Civil OrganizationsPolicy and Enforcement

Government Internal Procedures

All Front‣ Unlike traditional warfare, there is no clear

front.

‣ The question of how to regulate civic organizations and individuals is still open.

47

Cybersecurity Technologies

48

‣ Network Monitoring

‣ Syntactic monitoring

‣ Semantic monitoring

‣ Identification systems

‣ Monitoring systems

Syntactic Monitoring‣ Tracking the network

communication by:

‣ Firewalls

‣ Proxies

‣ Radius servers

‣ Monitoring is based on IP characteristics, such as destination, origin etc.

49

Syntactic Monitoring and Privacy

‣ Sites users visit.

‣ Applications used by the user:

‣ Bitorrent.

‣ http / https.

‣ VOIP.

‣ Geographical origins and destinations.

50

Semantic Monitoring ‣ Application firewalls

look at the content of network communication.

‣ It operates by monitoring and potentially blocking the input, output, and system service calls.

51

What can it Block?

52

The most comprehensive Web Application threat mitigation • SQL injection• Cross-site scripting• Parameter tampering• Hidden field manipulation• Session manipulation• Cookie poisoning• Stealth commanding• Backdoor and debug options• Geolocation-based blocking• Application buffer overflow attacks• Brute force attacks• Data encoding• Unauthorized navigation• Gateway circumvention• Web server reconnaissance• SOAP and Web services manipulation• Parameters pollution

Imperva

Radware

Citrix

State-Wide Monitoring‣ Direct connection to

the network infrastructure and to service providers.

‣ Big-Data: Reading everything, detecting by Machine Learning.

53

Insiders‣ To battle insiders

from accessing the data, organizations:

‣ Design procedures for data access.

‣ Track end-user devices.

‣ Track communications and traces.

54

Deep Device Monitoring ‣ For example,

Trusteer, an Israeli Startup, provides technology that monitors end-user devices.

‣ Every application is scanned for key-logging etc.

55

Summary

56

Cyber-Security and Privacy

57

Cyber Attacks

Cyber Security

Cyber Attacks‣ Easier to carry out

‣ But not necessarily easier to succeed.

‣ Increasing threat to privacy.

‣ We are all the victims of the Agron 2006 attack.

‣ Increasing use of social engineering, personal devices, human vulnerabilities.

58

Cyber-Security ‣ Deeper and wider monitoring

‣ With a chilling effect on privacy.

‣ The front is increasingly ubiquitous

‣ Government, organizations, companies, services.

59

Where should be the line between security and privacy?

60

Eran TochDepartment of Industrial Engineering Tel Aviv University, Israel

http://toch.tau.ac.il/

erant@post.tau.ac.il