cyberterrorism - a case study for emergency management
DESCRIPTION
“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” by Kevin G. ColemanTRANSCRIPT
![Page 1: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/1.jpg)
CyberterrorismA case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo
![Page 2: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/2.jpg)
Presentation Developed By:
Ricardo A. Reis
[email protected]@gmail.com
CCO, Federal University of São Paulo
For use by:
The International Consortiumfor Organization Resilience
(ICOR)
![Page 3: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/3.jpg)
Prepare, Plan and Stay in Business
Cyberterrorism
![Page 4: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/4.jpg)
Cyber Terrorism is defined as:
“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”
by Kevin G. Coleman of the Technolytics Institute
CyberterrorismPrepare, Plan and Stay in Business
![Page 5: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/5.jpg)
Emergency management is defined as:
“Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.”
Extension Disaster Education Network (EDEN)
CyberterrorismPrepare, Plan and Stay in Business
![Page 6: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/6.jpg)
EMERGENCY MANAGEMENT
LIFE CYCLE
1 - PREVENTION/MITIGATION
2 - PREPAREDNESS
3 - RESPONSE
4 - RECOVERY
CyberterrorismPrepare, Plan and Stay in Business
![Page 7: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/7.jpg)
Case Study
Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software.
From Wikipedia, the free encyclopedia
CyberterrorismPrepare, Plan and Stay in Business
![Page 8: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/8.jpg)
Case Study
"A botnet is comparable to compulsory military service for windows boxes"
Stromberg, http://www.honeynet.org/papers/bots/
CyberterrorismPrepare, Plan and Stay in Business
![Page 9: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/9.jpg)
Cyberterrorism & Botnet's
Distributed Denial-of-Service Attacks Spamming Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Browser Helper Objects (BHOs) Google AdSense abuse Attacking IRC Chat Networks Mass identity theft
CyberterrorismPrepare, Plan and Stay in Business
![Page 10: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/10.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 11: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/11.jpg)
"We have seen offers that will allow a customer to send a million emails for under $100," Henry says. "If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement."
CyberterrorismPrepare, Plan and Stay in Business
![Page 12: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/12.jpg)
PREVENTION/MITIGATION
Compliance with Security Standards ISO 27001/27002 Think in Business Continuity and IT Infrastructure Recovery Make a Computer Security Incident Response Team Monitor IT Infrastructure
Internet Bandwidth DNS Services WEB Services EMAIL Services
Pre-Contact with external agency Upstream ISP Regional Computer Security Incident Response Team
(CSIRT)
CyberterrorismPrepare, Plan and Stay in Business
![Page 13: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/13.jpg)
PREPAREDNESS
Development and practice of multi-agency coordination and incident command
Development and practice Incident Response Plan
CyberterrorismPrepare, Plan and Stay in Business
![Page 14: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/14.jpg)
RESPONSE
Established Incident Command Notify CSIRT Active Incident Response Plan Never use 100% of your CSIRT Team Don't stop Triage Process Communicate Major Events
CyberterrorismPrepare, Plan and Stay in Business
![Page 15: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/15.jpg)
RECOVERY
If necessary active Business Recovery Plan Document the Major Event Communicate the end of Major Events Update all Plans
CyberterrorismPrepare, Plan and Stay in Business
![Page 16: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/16.jpg)
A SIMULATED ?
Distributed Denied of Service Attack
CyberterrorismPrepare, Plan and Stay in Business
![Page 17: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/17.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 18: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/18.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 19: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/19.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 20: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/20.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 21: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/21.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 22: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/22.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 23: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/23.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 24: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/24.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 25: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/25.jpg)
!!! REAL LIFE !!!
Distributed Denied of Service Attack
CyberterrorismPrepare, Plan and Stay in Business
![Page 26: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/26.jpg)
CyberterrorismPrepare, Plan and Stay in Business
![Page 27: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/27.jpg)
CyberterrorismPrepare, Plan and Stay in Business
The main targets have been the websites of:
· the Estonian presidency and its parliament
· almost all of the country's government ministries
· political parties
· three of the country's six big news organisations
· two of the biggest banks; and firms specializing in communications
![Page 28: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/28.jpg)
CyberterrorismPrepare, Plan and Stay in Business
NUMBER’S
Attacks Destination Address or owner
35 “195.80.105.107/32″ pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance)
1 “62.65.192.24/32″
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
![Page 29: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/29.jpg)
CyberterrorismPrepare, Plan and Stay in Business
Attacks Date
21 2007-05-03
17 2007-05-04
31 2007-05-08
58 2007-05-09
1 2007-05-11
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
![Page 30: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/30.jpg)
CyberterrorismPrepare, Plan and Stay in Business
Attacks Date
17 less than 1 minute
78 1 min - 1 hour
16 1 hour - 5 hours
8 5 hours to 9 hours
7 10 hours or more
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
![Page 31: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/31.jpg)
CyberterrorismPrepare, Plan and Stay in Business
Attacks Bandwidth measured
42 Less than 10 Mbps
52 10 Mbps - 30 Mbps
22 30 Mbps - 70 Mbps
12 70 Mbps - 95 Mbps
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
![Page 32: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/32.jpg)
CyberterrorismPrepare, Plan and Stay in Business
BOTNET’S Command and Control
![Page 33: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/33.jpg)
CyberterrorismPrepare, Plan and Stay in Business
Shadow SERVER Project
![Page 34: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/34.jpg)
CyberterrorismPrepare, Plan and Stay in Business
Shadow SERVER Project
![Page 35: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/35.jpg)
PREVENTION/MITIGATION ( AGAIN !!!!!! )
Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies ) Make a Computer Security Incident Response Team ( Your First Response Team)
Pre-Contact with external agency Upstream ISP Regional (CSIRT)
CyberterrorismPrepare, Plan and Stay in Business
![Page 36: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/36.jpg)
Questions ?
CyberterrorismPrepare, Plan and Stay in Business
![Page 37: CyberTerrorism - A case study for Emergency Management](https://reader034.vdocuments.mx/reader034/viewer/2022052618/554bca5bb4c905706a8b4621/html5/thumbnails/37.jpg)
CyberterrorismA case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo