cyberwar update2010
DESCRIPTION
A lot has happened since the last Cyberwar presentation was posted. This Update2010 includes Iranian cyberwar, South Korea and US Gov attacks, Twitter outage, and the China Google attacksTRANSCRIPT
IT-Harvest Confidential
Cyberwar update. 2010
Richard StiennonChief Research AnalystIT-Harvest
Blog: ThreatChaos.com twitter.com/stiennon
IT-Harvest Confidential
Blog: www.ThreatChaos.com twitter.com/cyberwar
IT-Harvest Confidential
Threat hierarchy
• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation Increasing
Threat
IT-Harvest Confidential
Threat hierarchy is a time line!
• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation 1998199819981998
199920002004
2008
IT-Harvest Confidential
Sun Tzu on Spies
“Only a brilliant ruler or a wise general who can use the highly intelligent for espionage is sure of great success.”
IT-Harvest Confidential
Allen Dulles on Sun Tzu
“It is no wonder that Sun Tzu'sBook is a favorite of Mao Tse-Tung and is required reading For Chinese Communist tacticians”-A.W. Dulles, The Craft of Intelligence
IT-Harvest Confidential
A Chinese Communist Tactician
“Sun Tzu is a grand strategistwithout parallel in history”-Chai Yuqui, Nanjing Army Command Academy,Speaking at 6th annual international conference on Sun Tzu and the Art of War, 2004, Beijing
IT-Harvest Confidential
Chinese ThinkingWang Qingsong, Modern Military-Use High
Technology, 1993Zhu Youwen, Feng Yi,and Xu Dechi, Information War
Under High Tech Conditions1994Li Qingshan, New Military Revolution and High Tech
War, 1995Wang Pufeng, InformationWarfare and the
Revolution in Military Affairs, Beijing: 1995;Zhu Xiaoli and Zhao Xiaozhuo, The United States and
Russia in the New Military Revolution,1996;Li Qingshan, New Military Revolution and High Tech
War, 1995Dai Shenglong and Shen Fuzhen, Information
Warfare and Information Security Strategy, 1996
Shen Weiguang, On New War 1997
IT-Harvest Confidential
From Decoding the Virtual Dragon -Timothy Thomas
“Network confrontation technology—intercepting, utilizing, corrupting, and damaging the enemy’s information and using false information, viruses, and other means to sabotage normal information system functions through computer networks.” -General Xu Xiaoyan, the former head of the Communications Department of the Chinese General Staff. 2004
IT-Harvest Confidential
A prediction
“If Xu’s suggestions were accepted, then one might expect to see more active reconnaissance and intelligence activities on the part of the PLA(as seems to be occurring!)” That exclamation point is Thomas’s.
IT-Harvest Confidential
Shawn Carpenter uncovers Titan Rain
•An IP address that was attacking Lockheed Martin is recognized•Open back door leads to next hop of investigation•Critical documents belonging to Army Research, Nasa, and others•First military CI, then FBI involvment•Shawn loses his job and all his leads go cold
IT-Harvest Confidential
Ghost Net Report – March 2009
• 1,200 computers including ministry and NATO machines• Looking for attribution• Attacks on the office of the Dalai Lama• Joint Strike Fighter Breach April 21, 2009
IT-Harvest Confidential
Joint Strike Fighter
IT-Harvest Confidential
Dec. 17, 2009 - Drone transmissions in the clear
Predator
Beast of Kandahar
IT-Harvest Confidential
What is DDoS? Distributed Denial of Service
attack: Disabling or destroying an online resource through overwhelming it via too many requests.
Ping floodsGet FloodsSyn Floods
IT-Harvest Confidential
Crowd sourcing applied to DDoS
The Orange Revolution
IT-Harvest Confidential
Putin reacts
Nashi summer camp ‘07
IT-Harvest Confidential
Estonia April 27th, 2009
IT-Harvest Confidential
Cyber Defcon 1 Georgia: August 8, 2008
IT-Harvest Confidential
Three related attacks, April 2008• CNN• The Sports Network• SlideShare
– Take down requests– 5-10 password reset
requests/day– Irate call– DDoS
IT-Harvest Confidential
Twitter as tool of riot creationPost Iranian election Twitter was used to support
virtual riots via DDoS
IT-Harvest Confidential
Twitter escalation
Phase 1. Hacking instructions sites.
Phase 2. Links to pagereload.com
Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com
IT-Harvest Confidential
The good and the bad of social networks as attack vector
Good: Hard to sustainBad: Way too easy
IT-Harvest Confidential
Summer 2009 • US Gov sites and
S.Korean Sites• TCP SYN, UDP,
ICMP, Get floods• Malicious dropper• 200K bots
banking.nonghyup.comblog.naver.comebank.keb.co.krezbank.shinhan.comfinance.yahoo.commail.daum.netmail.naver.commail.paran.comtravel.state.govwww.ahnlab.comwww.altools.co.krwww.amazon.comwww.assembly.go.krwww.auction.co.krwww.chosun.comwww.defenselink.milwww.dhs.govwww.dot.govwww.egov.go.krwww.faa.govwww.ftc.govwww.hanabank.comwww.hannara.or.kr
www.ibk.co.krwww.kbstar.comwww.marketwatch.comwww.mnd.go.krwww.mofat.go.krwww.nasdaq.comwww.ncsc.go.krwww.nsa.govwww.nyse.comwww.president.go.krwww.site-by-site.comwww.state.govwww.usauctionslive.comwww.usbank.comwww.usfk.milwww.usps.govwww.ustreas.govwww.voa.govwww.voanews.comwww.washingtonpost.comwww.whitehouse.govwww.wooribank.comwww.yahoo.com
IT-Harvest Confidential
CYXYMU falls afoul of pro-Russian activists. August 2009FaceBook
Live Journal
Blogger.com
IT-Harvest Confidential
Aurora: China vs Google• January 12, 2010 Google reveals successful
hack against their servers/data• 34 other organizations included in same
incident. Adobe, Lockheed Martin, and a law firm suing China.
• Zero day flaw in Internet Explorer is the weapon
• Spear phishing via IM is the delivery vehicle. • Shades of Haephrati, GhostNet, etc.
IT-Harvest Confidential
Parting thought:
History teaches that war begins when governments believe the price of aggression is cheap.
-Ronald Reagan
IT-Harvest Confidential
Blog: www.threatchaos.com
email: [email protected]
Twitter: twitter.com/cyberwar