preparing for a cyber attack

Preparingfor a

Cyber Attack

By Kevin G. Coleman

Countdown to eDay!

Introduction

The world has awakened to a new threat. China, Russia and North Korea's test of a cyber weapon, Iran's cyber weapon ambitions, the renewed defense industry’s emphasis on the use of computers as a weapon have all combined to accelerate the rate of development of what I’ve called “the most destructive weapon on the planet.” The proliferation of cyber weapons has exploded and estimates suggest that over 70% of countries will have at least a basic level cyber weapon by the end of 2008.

The China Syndrome

A Bit of History

Back in 1998 when I was Chief Strategist of Netscape, I became aware of an international movement that was designed to create software that could be used for criminal activity as well as disrupt Internet activity. That was when I began to research what we are now calling cyber warfare.

I testified on cyber crime, espionage and security before a joint Congressional Caucus. At one point in my live demo, Chris Dodd asked me, “Does our Defense Department know about you?”

Cyber Warfare & Cyber Terrorism

Cyber Warfare and Terrorism is one of the fifteen modalities of UnRestricted Warfare (URW) also called asymmetric warfare.

– Cyber Warfare & Terrorism

• “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”

Source: U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02

Counterfeit Hardware

• February 2008 - U.S. Customs and Border Protection Assistant Commissioner for the Office of International Trade Dan Baldwin and Director-General Robert Verrue, European Commission Tax and Customs Directorate, today announced the results of Operation Infrastructure, which took place last November and December.

• The Operation resulted in the seizure of more than 360,000 counterfeit integrated circuits and computer network components bearing more than 40 different trademarks.

6

Counterfeit Hardware

February 2008

The Feds have confiscated more than $75 million of counterfeit Cisco networking gear. The announcement is in a progress report on a two-year-old investigation, code named Operation Cisco Raider. In most cases the fake gear was made in China and imported into the United States where unethical resellers passed it off as legit.

Impact of a Cyber War

• Of those who do perform what we consider “daily” activities online, more than half say they go online every day or several times a week to perform those activities.

• There are about 93 billion emails are sent per day that will not go through.

• Millions of VoIP calls per day will not go through.

• Over 200 million Google searches per day will not get done.

• A reported 33% of Internet users say they make eCommerce transactions daily.


• Some 88% of online user say the Internet plays a role in their daily routines.

• Some 40% of Internet users who get the news online say they log on daily.

• Some 25% of the online weather bugs will check weather daily.

• Some 20% of online sports fans check sports scores daily.

A Recent Poll

43%

47%

10%

Not Prepared

Somewhat Prepared

Very Prepared

Source: A collaborative effort between DefenseTech.Org and theTechnolytics Institute with nearly 1,000 respondents to the poll.

How prepared is the U.S. for a cyber attack?


2Copyright 2003 – 2007 All Rights Reserved

INTELLIGENCE BRIEFING


0 1 2 3 4 5

Physical Impact

Social Impact

Political Impact

Financial Impact

Low Medium High

The political falloutof a cyber attack willbe high, but this willpale in comparisonto the financial andeconomic impact!

The financial and economic impactcould be as highas $30 billion a day!


$0

$50

$100

$150

$200

$250

2006 2007 2008 2009 2010

Billion U.S. Retail eCommerce Sales

That’s$425 million a day.

Cyber Media Warfare

One can only imagine the psychological impact on the viewers that witnessed this prank. The TV channel CT2 said that they received frantic phone calls from viewers who thought a nuclear war had started. http://www.youtube.com/watch?v=MzaN2x8qXcM

Think About This

• What if the Internet went away:– For a day– A week– A month

• No eMails• No BlackBerrys• No eCommerce

Virtual business services of all sorts, accounting, payroll and even sales would come to a halt, as would many companies.

The worst thing to do -

There is no doubt today that VoIP is taking over the telecom market, and every month increases penetration into business, government and the consumer sectors.

– Almost two-thirds of large organizations in North America will be using VoIP products and services by year end.

– Small Business VoIP adoption will grow to 3 million by 2010. Revenues are projected to reach $2 billion.

– Consumer VoIP adoption will drive wholesale VoIP revenues to $3.8 billion by 2010.

You are putting allyour eggs in onebasket.

Cyber Weapons Proliferation

The cost to develop this new class of weapon is within reach of any country, any extremist group, any criminal organization and tens-of-millions of individuals The raw materials needed to construct cyber weapons are not restricted and are widely available. We now have a weapon that can strike at the speed of light, it can be launched from anywhere in the world, and it can target anywhere in the world. This briefing will provide an understanding of the current state of cyber weapons, current defenses and a unique look at what the future cyber warfare scenario might encompass.

Your Cyber Attack IQ Test

If I can give you three pieces of intelligence you did not have before, would you agree this briefing provided value?

1. What does EPFC and TEDs stand for?

2. How many of you address CBRNE in you contingency plans?

3. Why should your organizations have supply-chain integrated into the security program?

Modern Weapons Economics

$1.5 to $2 billion

$80 to $120 million

What does a stealth bomber cost?

What does a stealth fighter cost?

$1 to $2 millionWhat does an cruise missile cost?

$300 to $50,000What does a cyber weapon cost?

19

Find the Weapons Facility

Nuclear Weapons Facility Cyber Weapons Facility

Where’s the Cyber Weapons Facility?

Cyber Weapons Proliferation

Cyber Arms Dealers

RBN and their support units provide scripts and executables to make cyber weapons undetectable by antivirus software. Every time a copy of the cyber weapon is generated, it looks different to the anti-virus engines and it often goes undetected. The modularization of delivery platform and malicious instructions is a growing design in cyber weapons. RBN’s cyber weapons are very popular and powerful. In June 2007, one was used by a single person to attack and compromise over 10,000 websites in a single assault.

Did you know RBN leases use/capacity on their 150 million node BotNet?

22

Cyber Weapons Evolution L

ow

H

igh

BasicResearch

AppliedResearch

EarlyAdopters

RapidAdvancement

Significant Threat

1994 1998 2002 2004 2008 2012 2016

Basic Weapons

Advanced Weapons

Interesting Quote

NATO's cyber defense chief has warned that computer-based terrorism poses the same threat to national security as a missile attack. He went on to say that “Cyber war can become a very effective global problem because it is low-risk, low-cost, highly effective and easily globally deployable. It is almost an ideal weapon that nobody can ignore.“

Using this as a framework, we can put into context the evolving architecture for cyber weapons.

Cyber Weapons Design

Cyber Weapon Architecture

A missile is comprised of three basic elements. The first is a delivery vehicle (rocket engine), followed by a navigations system (tells it how to get to the target) and finally the payload (the component that causes harm). As it turns out, the same three elements now appear in the design of cyber weapons.


Cyber Weapon – Delivery Vehicle

There are numerous methods of delivering cyber weapons to their targets. Emails with malicious code embedded or attached is one mechanism of delivery. Another delivery vehicle is web sites that can have malicious links and downloads. Hacking is a manually delivery vehicle that allows a cyber soldier to place the malicious payload on a target computer, system or network. Counterfeit hardware, software and electronic components can also be used as delivery vehicles for cyber weapons.



Just as a navigation system guides a missile, it allows the malicious payload to reach a specific point inside a computer, system or network. System vulnerabilities are the primary navigation systems used in cyber weapons. Vulnerabilities in software and computer system configurations provide entry points for the payload of a cyber weapon. These security exposures in operating systems or other software or applications allow for exploitation and compromise. Exploitation of these vulnerabilities may allow unauthorized remote access and control over the system.



The payload of a missile is sometimes called a warhead and is packed with some type of explosive. In a cyber weapon the payload could be a program that copies information off of the computer and sends it to an external source. It can also be a program that begins to ease or alter information stored on the system. Finally, it can allow remote access so that the computer can be controlled or directed over the internet. A “bot” (a component of a botnet) is a great example of a payload that allows remote use of the computer by an unauthorized individual or organization.


Cyber Weapon – Architecture

This three element architecture demonstrates how advanced and sophisticated cyber weapons are becoming. The architecture creates reusability and reconfiguration of all three components. As one software or system vulnerability is discovered, reported and patched, that component can be removed and replaced while the other two components are still viable. This not only creates flexibility but also significantly increase the productivity of the cyber weapons developers.

Conclusion

Our nation is increasingly vulnerable to cyber attacks that could have catastrophic effects on critical infrastructure as well as severely damage the country’s economy. Whether the attack is focused on stealing our business and technology secrets, disrupting our financial systems or worse, the threat is real. Countries, terrorists and extremists around the world are developing and implementing cyber warfare doctrine, strategies and weapons.

Conclusion

The Cold War may be over, but the cyber arms race has just begun. The threat is eminent. We must rapidly develop offensive and defensive cyber weapons capabilities as well as the military doctrine and regeulations necessary to govern their use. In the cyber arms race we cannot finish anyplace but first.

31

QUESTIONS

?

?

??

???

??

?? ?

???

?

? ?

?

?

?

?

?

??

?

??

?

?

?

?

? ?

?

?

?

?

?

?

Biography

Kevin G. Coleman is a Senior Fellow and Strategic Management Consultant with the Technolytics Institute. He is the former Chief Strategist of Netscape and was a member for the Science and Technology Advisory Panel at the Johns Hopkins University Applied Physics Lab. He has briefed defense contractors and other organization on cyber warfare and is a highly published professional covering cyber security and writes regularly for Eye Spy Magazine and authors the Cyber Warfare Blog for DefenTech.org.

The Technolytics Institute4017 Washington RoadMail Stop #348McMurray, PA 15317P 412-818-7656F 412-291-1193I www.technolytics.comE [email protected]

preparing for a cyber attack

Documents