Presented by SSA Robert Flaim

FEDERAL BUREAU OF INVESTIGATIONCyber DivisionFBIHQ

Cyber Attacks: The Next Frontier

“The nation is vulnerable to new forms of terrorism ranging from cyber attacks to attacks on military bases abroad to ballistic missile attacks on U.S. cities.

“Wars in the 21st century will increasingly require all elements of national power – not just the military. They will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work together.”

Secretary Rumsfeld address to the National Defense University, January 31, 2002.

DiscussionDiscussion

Critical Infrastructures

Terrorist Internet Exploits

Tactics and Strategy

Critical Infrastructur

esWhere the

Crown Jewels Are

Imagine Planning for These ContingenciesImagine Planning for These ContingenciesImagine Planning for These ContingenciesImagine Planning for These Contingencies

Unrelated Events or Strategic Attack?

Unrelated Events or Strategic Attack?

Power OutagesWorld Trade CenterWorld Trade Center

Oklahoma CityOklahoma City

ATM Failures

Airliner CrashBridges DownBridges Down

ISPs All OfflineISPs All Offline

Oil Refinery FireOil Refinery Fire 911 System Down911 System Down

Poisoned Water SupplyPoisoned Water Supply

Telephone OutagesTelephone Outages

Using Our Systems Using Our Systems Against UsAgainst Us

Aircraft – Pentagon/Twin Towers

Mail distribution network – Anthrax

Computers – next step ?

Real World Example – Real World Example – Australia 2000Australia 2000Maroochy Shire Waste Water Plant – Sunshine Coast

– Insider

– 46 intrusions over 2 month period

– Release of sewage into parks, rivers

– Environmental damage

Real World Example – Real World Example – USA 2001USA 2001San Francisco FBI Field Office Investigation

– Internet probes from Saudi Arabia, Indonesia, Pakistan

– Casings of web sites regarding emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities

– Exploring digital systems used to manage these systems

Why Cyber Attack on Why Cyber Attack on Critical Critical Infrastructures?Infrastructures? National Security

– Reduce the U.S.’s ability to protect its interests

Public Psyche– Erode confidence in critical services and

the government Economic impact

– Damage economic systems Enhancement of Physical Attacks

– Physical damage/distraction efforts Asymmetric Warfare

– Lack of attribution, low cost/high potential impact

How are we How are we vulnerable?vulnerable? Globalization of infrastructures = vulnerabilityGlobalization of infrastructures = vulnerability

Anonymous access to infrastructures via the Anonymous access to infrastructures via the Internet and SCADAInternet and SCADA

Interdependencies of systems make attack Interdependencies of systems make attack consequences harder to predict and more consequences harder to predict and more severesevere

Malicious software is widely available and Malicious software is widely available and does not require a high degree of technical does not require a high degree of technical skill to useskill to use

More individuals with malicious intent on More individuals with malicious intent on InternetInternet

New cyber threats outpace defensive New cyber threats outpace defensive measures measures

Vulnerability TypesVulnerability Types

Computer basedComputer based– Poor passwordsPoor passwords– Lack of appropriate protection/or Lack of appropriate protection/or

improperly configured protectionimproperly configured protection Network basedNetwork based

– Unprotected or unnecessary open Unprotected or unnecessary open entry pointsentry points

Personnel basedPersonnel based– Temporary/staff firingsTemporary/staff firings– Disgruntled personnelDisgruntled personnel– Lack of trainingLack of training

Facility basedFacility based– Servers in unprotected areasServers in unprotected areas– Inadequate security policiesInadequate security policies

Al-QaedaAl-Qaeda

Al-Qaeda laptop found in Afghanistan contained:

Hits on web sites that contained “Sabotage Handbook”

Handbook – Internet tools, planning a hit, anti-surveillance methods, “cracking” tools

Al-Qaeda actively researched publicly available information concerning critical infrastructures posted on web sites

Terrorist Internet Exploits

What are we up against?

Terrorist GroupsTerrorist Groups

TerroristsTerrorists

Attention must be paid to studying the terrorists:

– Ideology

– History

– Motivation

– Capabilities

TerroristsTerrorists

Terrorism is carried out by disrupting activities, undermining confidence, and creating fear

In the future, cyber terrorism may become a viable option to traditional physical acts of violence due to:– Perceived anonymity– Diverse targets– Low risk of detection– Low risk of personnel injury– Low investment– Operate from nearly any location– Few resources are needed

Terrorist Use of the Terrorist Use of the InternetInternet

Hacktivism

Cyber Facilitated Terrorism

Cyber terrorism

Cyber Arsenal for Cyber Arsenal for TerroristsTerroristsInternet newsgroups, web home pages, and

IRC channels include:– Automated attack tools (Software Tools)

•Sniffers (capture information i.e. password/log-on)

•Rootkits (facilitate/mask intrusion)•Network Vulnerability Analyzers

(SATAN/Nessus)•Spoofing•Trojan Horses•Worms•DoS

Cyber Attack Cyber Attack MethodologyMethodology Resource Denial

– Virus/malicious code– “Legitimate” traffic overwhelms

site (unauthorized high-volume links)

– DoS– DDoS

WWW Defacement– Defacement to embarrass– Content modification to convey

message– Content modification as component

of disinformation campaign

Computer System Computer System CompromisesCompromises System Compromise

– Data destruction– Data modification– Information gathering– Compromised platform :

•Launch pad for attacks•Jump off point for other compromises

Target Research and Acquisition– Internet makes significant

amounts of data instantly and anonymously accessible.

Hacktivism

Hacktivism is hacking with a cause and is concerned with influencing opinions on a specific issue.

Example: ELF hacks into the web page of a local ski resort and defaces the web page. This is done to reflect the groups objections to environmental issues.

Electronic Disturbance Theater

Electronic Disturbance Theater

SmithsonianMental Institution

SmithsonianMental Institution

HacktivismHacktivism

Cyber Facilitated Terrorism Terrorists utilize web sites to actively recruit members and publicize propaganda as well as to raise funds

Web sites also contain information necessary to construct weapons, obtain false identification

Use Internet as a communications tool via chat rooms, BBS, email

Hijackers utilized cyber cafés to communicate via Internet and order airline tickets

1. Finsbury Park Mosque, North London

2. Djamel Beghal8. Abu Hamza

3. Kamel Daoudi

4. Zacarias Moussaoui

5. Richard Reid

6. Feroz Abbasi

7. Nizar Tribelsi

9. Abu Qatada

Kamel Daoudi – Kamel Daoudi –

Believed to be Al-Believed to be Al-Qaeda Cyber Qaeda Cyber Terrorist. Arrested Terrorist. Arrested for alleged for alleged involvement in plot involvement in plot to bomb American to bomb American Embassy in ParisEmbassy in Paris

CyberterrorismCyberterrorism

Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.

The Cyberterrorist The Cyberterrorist ThreatThreat

Operational Practicality

Behavioral Profile

Assessing the threat

Technical Feasibility

THREAT

Cost of Capability

Availability of Capability

1955 1960 1970 1975 1985

Invasion

Precision

Guided

Munitions

ComputerStrategicNuclear

Weapons

Cruise Missile

Cost & Means of Cost & Means of AttackAttack

1945 Today

MissilesICBM & SLBM

Tactics and Strategy

Prevention and

cooperation

FBI Cyber FBI Cyber TransformationTransformation Terrorism and Cyber Crime – top priorities

FBI recruitment of engineers and computer scientists – critical skills

Increasing agents dedicated to cyber crime

Creation of Cyber Task Forces in field offices

USA Patriot Act USA Patriot Act

Felony to hack into computer used in furtherance of national security or national defense

2702 Emergency Requests

Legal Subpoena expanded

Sentencing increased

USA Patriot Act USA Patriot Act cont’dcont’d

Share with DOJ for criminal prosecution Permits “roving” surveillance FISA orders for intelligence allowed if there is a significant reason for application rather than the reason Authorizes pen register and trap and trace orders for email as well as telephone conversations

International Investigations

Cyber Evidence in USA

MLAT Request

Joint FBI-Foreign Police Investigation

Legal Subpoena

Cyber Terrorism Cyber Terrorism Prevention – Old Prevention – Old Methods for New Methods for New ProblemProblem Liaison

Critical Infrastructure Companies, i.e. FBI InfraGard

Internet Service ProvidersUniversitiesInternet CafesHacker clubsIT companies, developersInternational, local law enforcement

Look – on the Internet Coordinate - national security, terrorist

personnel

ConclusionConclusion

Our national security, databases, and economy are extremely dependent upon automation

Therefore, there exists a “target rich environment” for those who would do harm via the Internet

Our critical infrastructures require joint private/public efforts to protect them

Robert Flaim1-571-223-3338rflaim@fbi.gov