Notes on The Cyber ThreatThe threat gets worse before it gets better

Ted Gordon1 Smilax DrOld Lyme, CT 06371

tedjgordon@gmail.com

Much cyber activity in 2015: here are some headlines

US And China Seek Arms Deal For Cyberspace

Active Wordpress Malware Compromises Thousands Of Websites

Huge Hack Of US Government Data Affected 21.5 Million

Cyber Attack On U.S. Power Grid Could Cost $1 Trillion

Silk Road Mastermind (Ross Ulbricht) Gets Life Prison Sentence

Homeland Security Moves To Prevent Attack On Power Grid

Zeus Malware Gang Take-down

Hacker: 'Hundreds Of Thousands' Of Vehicles Are At Risk Of Attack

China Acknowledges That It Has Units For War On Computer Networks

Ransomware Porn App Takes Photos Of Users And Holds Phone Hostage

White House Shoots Down Petition To Pardon Edward Snowden

Heartbleed Is Far From Dead. 200,000+ Vulnerable Devices

United (Airlines) Should Thank, Not Ban, Researcher Who Pointed Out A Major

Security Flaw

Big data thefts in the US in 2014-15

Anthem Target Sony Neiman Marcus JPMorgan Chase Experian eBay Home Depot  Department of Defense

SCORE: about 100 million records

There are many actors; from lone wolves to nation states, with a wide range of objectives

0

2

4

6

8

10

12Relative Impact

Vandalism

Show prowess

Theft

Disruption

BlackmailRecruitment

Sabotage/espionage

Terror

WMDSystems control

SurveillanceIntimidation

Money laundering

USChina RussiaN Korea UK Iran Israel OthersActors

Principal Objectives

In a recent foresight study, global experts projected the killing potential of lone wolves, including through the use of cyber weapons

When a SIMAD Might Kill 100,000 or more

Number Killed in a SIMAD Attack

www.lonewolfthreat.com

At the other end of the spectrum of actors, much activity by nation states

Plan and conduct activities to defend specified DoD information networks

Conduct military cyberspace operations to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Assemble cyberspace resources and synchronize war-fighting to defend the information security environment

US Cyber Command

Nation State Actors

US (NSA) China Russia N Korea UK Iran Israel Many others

Well Known Activities Office of Personnel

Mgmt data breech Stuxnet Attack on SONY to

prevent “The Interview” MI 6 “cupcake caper” “Red October” data

theft malware in Word and Excel

DDoS in Estonia, Georgia, and Ukraine

Cyber attacks on large banks

Social media are important to cyber terror activities and communications

Manifestos (many terrorists write them)

Plans and Confessions (for various reasons Lone Wolves tell plans and confess their crimes)

Recruitment, funding (Al Qaeda and ISIS are expert, use horror as a magnet)

Cyber bullying (15% of all high school students last year)

Encryption (now available to all)

DIY Instructions (How to make a bomb in your Mom’s kitchen)

Clandestine market places

Some new hacks: Dyre Wolf and a porn honeypot

Dyre Wolf discovered by IBM Cyber Security Target: people in specific companies using email

attachments The malware activates when the user logs onto a bank

website A fake screen says the bank’s site is temporarily down and

offers instructions to call a phone number. A live “operator” answers with the name of the bank Users typically share their wire transfer details to withdraw

funds The thieves then move the money to another bank to avoid

detection

On request for a download of a fake porno site to a smart phone Ransomware takes unauthorized photo of user Threatens a report to FBI, locks the phone Demands a “fine” of $500

Quoted from: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF

Clandestine market places: the Silk Road was shutdown

Dark web’s Amazon: unregulated bazaar anything bought and sold, narcotics

In three years 1,5 million purchases; called billion dollar marketplace

Ross Ulbricht convicted of seven crimes including narcotics and conspiracy

Sentenced to life

http://www.wired.com/2015/02/silk-road-ross-ulbricht-verdict/

Vandalism is growing: malware is now publically available

Purchasing contraband

Hacking Viruses Trojan horses Denial of service Back doors Impersonation

Of particular concern: Insertion of false information 3.6 million PC’s are said to be infected in the

U.S. alone

New technologies provide new cyber crime targets

Big targets (financial system, agriculture, electricity grid, frauds)

Hacking automated autos, trucks, aircraft control, robots

Consumer products: AI dolls and Internet of Things

Spy devices, tiny cameras

Facial recognition

Use of cyber space for pre detection of terrorist attacks

Sting and honeypot operations

Receiving information from informants

Online surveillance: chat rooms, postings, email

Tracking associates of known terrorists (including photos)

Tracking purchases of poisons and bomb-making chemical

Automated screening and synthesis of big data bases

Third-party reporting of unusual behavior

Psychological screening

Cyber foresight: some cyber attacks will qualify as weapons of mass destruction (WMD)

Consider attacks on: control systems (e.g. Stuxnet) create risks for transport

systems, public services (e.g. water, electricity, pipelines, industry, sanitation, agriculture)

algorithms create risks for financial systems, funds transfer, equities markets, payment systems (e.g. social security)

data bases result in lack of trust, social chaos, anarchy

communications result in loss of command and control, diminished trust in news reporting, and government authority

http://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/#summary

Cyber foresight: the evolving scene

Potential will be recognized for: massive disruptions from non state actors

threat of cyber lone wolves and SIMAD

new cyber crime targets and anti-crime weapons

New measures for dealing with cyber crime will be devised technical, military, and legal solutions

automated screening and synthesis of big data bases to identify terrorists and possible attacks against people, data, or infrastructure.

rewards for capture of cyber criminals (e.g. $3 m by FBI) International bilateral or multilateral agreements about cyber war

The race between cyber offense and defense will intensify

http://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/#summary

http://www.cnn.com/2015/02/24/politics/russian-cyber-criminal-reward/

http://www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html?_r=0

Lone Wolf Terrorism Prospects and Potential Strategies to Address the Threat by Theodore J. Gordon, Co-Founder, The Millennium ProjectYair Sharan, Director TAM-C/FIRST group, Co-Chair Israel MP NodeElizabeth Florescu, Director of Research, The Millennium Project

E-book:www.lonewolfthreat.com

Paperback:www.amazon.com