presented by ssa robert flaim federal bureau of investigation cyber division fbihq cyber attacks:...
TRANSCRIPT
Presented by SSA Robert Flaim
FEDERAL BUREAU OF INVESTIGATIONCyber DivisionFBIHQ
Cyber Attacks: The Next Frontier
“The nation is vulnerable to new forms of terrorism ranging from cyber attacks to attacks on military bases abroad to ballistic missile attacks on U.S. cities.
“Wars in the 21st century will increasingly require all elements of national power – not just the military. They will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work together.”
Secretary Rumsfeld address to the National Defense University, January 31, 2002.
DiscussionDiscussion
Critical Infrastructures
Terrorist Internet Exploits
Tactics and Strategy
Critical Infrastructur
esWhere the
Crown Jewels Are
Imagine Planning for These ContingenciesImagine Planning for These ContingenciesImagine Planning for These ContingenciesImagine Planning for These Contingencies
Unrelated Events or Strategic Attack?
Unrelated Events or Strategic Attack?
Power OutagesWorld Trade CenterWorld Trade Center
Oklahoma CityOklahoma City
ATM Failures
Airliner CrashBridges DownBridges Down
ISPs All OfflineISPs All Offline
Oil Refinery FireOil Refinery Fire 911 System Down911 System Down
Poisoned Water SupplyPoisoned Water Supply
Telephone OutagesTelephone Outages
Using Our Systems Using Our Systems Against UsAgainst Us
Aircraft – Pentagon/Twin Towers
Mail distribution network – Anthrax
Computers – next step ?
Real World Example – Real World Example – Australia 2000Australia 2000Maroochy Shire Waste Water Plant – Sunshine Coast
– Insider
– 46 intrusions over 2 month period
– Release of sewage into parks, rivers
– Environmental damage
Real World Example – Real World Example – USA 2001USA 2001San Francisco FBI Field Office Investigation
– Internet probes from Saudi Arabia, Indonesia, Pakistan
– Casings of web sites regarding emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities
– Exploring digital systems used to manage these systems
Why Cyber Attack on Why Cyber Attack on Critical Critical Infrastructures?Infrastructures? National Security
– Reduce the U.S.’s ability to protect its interests
Public Psyche– Erode confidence in critical services and
the government Economic impact
– Damage economic systems Enhancement of Physical Attacks
– Physical damage/distraction efforts Asymmetric Warfare
– Lack of attribution, low cost/high potential impact
How are we How are we vulnerable?vulnerable? Globalization of infrastructures = vulnerabilityGlobalization of infrastructures = vulnerability
Anonymous access to infrastructures via the Anonymous access to infrastructures via the Internet and SCADAInternet and SCADA
Interdependencies of systems make attack Interdependencies of systems make attack consequences harder to predict and more consequences harder to predict and more severesevere
Malicious software is widely available and Malicious software is widely available and does not require a high degree of technical does not require a high degree of technical skill to useskill to use
More individuals with malicious intent on More individuals with malicious intent on InternetInternet
New cyber threats outpace defensive New cyber threats outpace defensive measures measures
Vulnerability TypesVulnerability Types
Computer basedComputer based– Poor passwordsPoor passwords– Lack of appropriate protection/or Lack of appropriate protection/or
improperly configured protectionimproperly configured protection Network basedNetwork based
– Unprotected or unnecessary open Unprotected or unnecessary open entry pointsentry points
Personnel basedPersonnel based– Temporary/staff firingsTemporary/staff firings– Disgruntled personnelDisgruntled personnel– Lack of trainingLack of training
Facility basedFacility based– Servers in unprotected areasServers in unprotected areas– Inadequate security policiesInadequate security policies
Al-QaedaAl-Qaeda
Al-Qaeda laptop found in Afghanistan contained:
Hits on web sites that contained “Sabotage Handbook”
Handbook – Internet tools, planning a hit, anti-surveillance methods, “cracking” tools
Al-Qaeda actively researched publicly available information concerning critical infrastructures posted on web sites
Terrorist Internet Exploits
What are we up against?
Terrorist GroupsTerrorist Groups
TerroristsTerrorists
Attention must be paid to studying the terrorists:
– Ideology
– History
– Motivation
– Capabilities
TerroristsTerrorists
Terrorism is carried out by disrupting activities, undermining confidence, and creating fear
In the future, cyber terrorism may become a viable option to traditional physical acts of violence due to:– Perceived anonymity– Diverse targets– Low risk of detection– Low risk of personnel injury– Low investment– Operate from nearly any location– Few resources are needed
Terrorist Use of the Terrorist Use of the InternetInternet
Hacktivism
Cyber Facilitated Terrorism
Cyber terrorism
Cyber Arsenal for Cyber Arsenal for TerroristsTerroristsInternet newsgroups, web home pages, and
IRC channels include:– Automated attack tools (Software Tools)
•Sniffers (capture information i.e. password/log-on)
•Rootkits (facilitate/mask intrusion)•Network Vulnerability Analyzers
(SATAN/Nessus)•Spoofing•Trojan Horses•Worms•DoS
Cyber Attack Cyber Attack MethodologyMethodology Resource Denial
– Virus/malicious code– “Legitimate” traffic overwhelms
site (unauthorized high-volume links)
– DoS– DDoS
WWW Defacement– Defacement to embarrass– Content modification to convey
message– Content modification as component
of disinformation campaign
Computer System Computer System CompromisesCompromises System Compromise
– Data destruction– Data modification– Information gathering– Compromised platform :
•Launch pad for attacks•Jump off point for other compromises
Target Research and Acquisition– Internet makes significant
amounts of data instantly and anonymously accessible.
Hacktivism
Hacktivism is hacking with a cause and is concerned with influencing opinions on a specific issue.
Example: ELF hacks into the web page of a local ski resort and defaces the web page. This is done to reflect the groups objections to environmental issues.
Electronic Disturbance Theater
Electronic Disturbance Theater
SmithsonianMental Institution
SmithsonianMental Institution
HacktivismHacktivism
Cyber Facilitated Terrorism Terrorists utilize web sites to actively recruit members and publicize propaganda as well as to raise funds
Web sites also contain information necessary to construct weapons, obtain false identification
Use Internet as a communications tool via chat rooms, BBS, email
Hijackers utilized cyber cafés to communicate via Internet and order airline tickets
1. Finsbury Park Mosque, North London
2. Djamel Beghal8. Abu Hamza
3. Kamel Daoudi
4. Zacarias Moussaoui
5. Richard Reid
6. Feroz Abbasi
7. Nizar Tribelsi
9. Abu Qatada
Kamel Daoudi – Kamel Daoudi –
Believed to be Al-Believed to be Al-Qaeda Cyber Qaeda Cyber Terrorist. Arrested Terrorist. Arrested for alleged for alleged involvement in plot involvement in plot to bomb American to bomb American Embassy in ParisEmbassy in Paris
CyberterrorismCyberterrorism
Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.
The Cyberterrorist The Cyberterrorist ThreatThreat
Operational Practicality
Behavioral Profile
Assessing the threat
Technical Feasibility
THREAT
Cost of Capability
Availability of Capability
1955 1960 1970 1975 1985
Invasion
Precision
Guided
Munitions
ComputerStrategicNuclear
Weapons
Cruise Missile
Cost & Means of Cost & Means of AttackAttack
1945 Today
MissilesICBM & SLBM
Tactics and Strategy
Prevention and
cooperation
FBI Cyber FBI Cyber TransformationTransformation Terrorism and Cyber Crime – top priorities
FBI recruitment of engineers and computer scientists – critical skills
Increasing agents dedicated to cyber crime
Creation of Cyber Task Forces in field offices
USA Patriot Act USA Patriot Act
Felony to hack into computer used in furtherance of national security or national defense
2702 Emergency Requests
Legal Subpoena expanded
Sentencing increased
USA Patriot Act USA Patriot Act cont’dcont’d
Share with DOJ for criminal prosecution Permits “roving” surveillance FISA orders for intelligence allowed if there is a significant reason for application rather than the reason Authorizes pen register and trap and trace orders for email as well as telephone conversations
International Investigations
Cyber Evidence in USA
MLAT Request
Joint FBI-Foreign Police Investigation
Legal Subpoena
Cyber Terrorism Cyber Terrorism Prevention – Old Prevention – Old Methods for New Methods for New ProblemProblem Liaison
Critical Infrastructure Companies, i.e. FBI InfraGard
Internet Service ProvidersUniversitiesInternet CafesHacker clubsIT companies, developersInternational, local law enforcement
Look – on the Internet Coordinate - national security, terrorist
personnel
ConclusionConclusion
Our national security, databases, and economy are extremely dependent upon automation
Therefore, there exists a “target rich environment” for those who would do harm via the Internet
Our critical infrastructures require joint private/public efforts to protect them
Robert [email protected]