when keyboards are drawn - urban information warfare ofer shezaf, xiom february 2003
TRANSCRIPT
When Keyboards are drawn - When Keyboards are drawn - Urban Information WarfareUrban Information Warfare
Ofer Shezaf, XiomFebruary 2003
wwwwww.. ..cocomm
2w
ww
ww
w.. .. c
oco
mmDefinitionDefinition
Information Warfare (my definition)“The use of digital technologies to damage the critical infrastructure of a state”
So,Damage – destruction, demolition, devastation.
Critical infrastructure - no more Web sites breaking
State - no more photo sending “analyzers”.
But, yes, still digital technologies – but not too much.
And, yes, politics – but not today.
3w
ww
ww
w.. .. c
oco
mmPresentation HeadlinesPresentation Headlines
How is information warfare different?
Information Warfare Targets
Attacker capabilities
The infrastructure organization model
Network model
Administration networks exposures
Operational networks exposures
Model Case Studies
So, What can we do?
4w
ww
ww
w.. .. c
oco
mmIntroduction to IWIntroduction to IW
How is information warfaredifferent from your every dayAttack?
5w
ww
ww
w.. .. c
oco
mmTargetsTargets
Who?Infrastructure Companies, including power, water and communication.
Financial institutions.
Government & Army.
What?Destruction of equipments
Destruction of control systems
How?Time bombs.
6w
ww
ww
w.. .. c
oco
mmAttacker CapabilitiesAttacker Capabilities
Financial resources
Technical expertise
Intelligence
Legal flexibility
Section: Introduction to IW
7w
ww
ww
w.. .. c
oco
mmFinancial & Technical ResourcesFinancial & Technical Resources
Hundreds, thousands… of man-years per project.
Duplication of any system at target.
Ability to actively seek vulnerabilities, especially in lesser known systems.
Usage of custom attack code per target.
Security by obscurity is no longer an option
8w
ww
ww
w.. .. c
oco
mmIntelligence & legal issuesIntelligence & legal issues
Human intelligence …. SpiesBest of bread “social engineering”: pay, blackmail, steal.
Operate spies to access internal systems.
Signal intelligence … Communication interceptionA global sniffer: clear text password.
Intelligence about systems and topology.
Legal immunity to attacker.
License to crack
9w
ww
ww
w.. .. c
oco
mmPresentation HeadlinesPresentation Headlines
How is information warfare different?
Attacker capabilities
Information Warfare Targets
The infrastructure organization model
Network model
Administration networks exposures
Operational networks exposures
Model Case Studies
So, What can we do?
10w
ww
ww
w.. .. c
oco
mmExposures in Infrastructure NetworksExposures in Infrastructure Networks
The common design of networksin infrastructure organizationcreates similar Vulnerabilities.
11w
ww
ww
w.. .. c
oco
mmBasic Network Topology Basic Network Topology
ExternalNetworks
AdministrativeNetwork
OperationalNetworks
12w
ww
ww
w.. .. c
oco
mmCracking the administrative networkCracking the administrative network
AdministrativeNetwork
Internet
1
Business Partners ?
2
Sockets in public offices
3
Access to a large number of people
4
13w
ww
ww
w.. .. c
oco
mmCracking the Operational networkCracking the Operational network
OperationalNetworks
Admin.Network
Operations Design
1
Remote Signaling
2
Monitoring
3
ApplicationSecurityProblem
4
Direct connections to Operational network
5
No InternalSecurity
6
14w
ww
ww
w.. .. c
oco
mmPresentation HeadlinesPresentation Headlines
Introduction to information warfare
Attacker capabilities
Information Warfare Targets
The infrastructure organization model
Network model
Administration networks exposures
Operational networks exposuresModel Case Studies So, What can we do?
15w
ww
ww
w.. .. c
oco
mmExamplesExamples
Is it all for real?
16w
ww
ww
w.. .. c
oco
mmModel Case StudiesModel Case Studies
Shutting down communication switches, thus preventing phone services.
Destroying power generators.
Derailing trains.
Exploding refineries and other chemical plants.
Crashing air-planes.
17w
ww
ww
w.. .. c
oco
mmSolutionsSolutions
So, What can I do to avoid suchdisasters?
18w
ww
ww
w.. .. c
oco
mmSolutionsSolutions
Use layered security.
Deploy stronger intra-organization security mechanisms.
Strengthen complementary security mechanisms such as physical security and employees assurance.
Allocate independent security resources to operational networks.
Strive for world peace.