introduction to cyber threats current status perspectives
play

Introduction to Cyber Threats: current status, perspectives and - PDF document

Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda New Cybernetic Global Order Cyber threats. The present and future threat scenarios. The scenario in Brazil. Final


  1. Introduction to Cyber Threats: current status, perspectives and reflects in Brazil Adriano Mauro Cansian Agenda • New Cybernetic Global Order • Cyber threats. • The present and future threat scenarios. • The scenario in Brazil. • Final Considerations. 2 1

  2. Intro • This is about: – IT governance. – Strategy. – Preparation • I mean, this is about geopolitics . 3 2010 2009 2012 Contemporaneidade 2013 “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.” “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 4 2

  3. 2010 2009 2012 Contemporaneidade 2013 “Few if any contemporary computer security controls have prevented a [red team] from easily accessing any information sought.” “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 5 Contemporaneidade “Few if any contemporary computer security controls have 1979 prevented a [red team] from easily accessing any information sought.” 1988 “The almost obsessive persistence of serious penetrators is astonishing.” “Espionage over networks can be cost-efficient, offer 1988 nearly immediate results, and target specific locations ... insulated from risks of internationally embarrassing incidents” “The market does not work well enough to raise the security of 1991 computer systems at a rate fast enough to match the apparent growth in threats to systems. “ 6 3

  4. 7 Fotos crédito: “ Rising from the Underground : - By Damien Thorn Originally appeared in Nuts & Volts Magazine, March 1994. 8 4

  5. 1984 Lex Luthor (Vincent Louis Gelormine) – “ Legion of Doom ” ( LoD ) Phiber Optik (Mark Abene) Erik Bloodaxe (Chris Goggans) – “ Masters of Deception ” ( MoD ). 1984 ~ 1991 1990 AT&T Outage 15 jan 1990 • Operation Sundevil • 15 cities USA. – 9 may 1990 . – Strikes LoD & MoD . 5

  6. 1998 29 Dec 1998 Legions of the Underground ( LoU ) declares a cybernetic war against Iraq and China. 1998 12 6

  7. 1998 7 Aug 1998 Dar es Salaam (Tanzania) Nairobi (Kenya) 1999 7 jan 1999 – http://bit.ly/Hqp9Oq LoU’s decive. 7

  8. …. “ The signatories to this statement are asking hackers to reject all actions that seek to damage the information infrastructure of any country. DO NOT support any acts of "Cyberwar ”. Keep the networks of communication alive. They are the nervous system for human progress.” Signed (07-Jan-1999): 2600 http://www.2600.com/ Chaos Computer Club http://www.ccc.de/ Cult of the Dead Cow http://www.cultdeadcow.com/ !Hispahack http://hispahack.ccc.de/ L0pht http://www.l0pht.com/ Phrack http://www.phrack.com/ Pulhas http://p.ulh.as/ Toxyn http://www.toxyn.org/ Several members of the Dutch Hackers Community (contact Rop Gonggrijp, rop@xs4all.nl) Seven Cyber { conflicts; events; facts } 1. Cuckoo’s Egg (1986) 2. Morris Worm (1988) 3. Eligible Receiver and Solar Sunrise (1997, 1998) 4. Moonlight Maze (2000+) 5. Buckshot Yankee (2008) 6. Operation Aurora (2009) 7. Stuxnet (2009) 16 8

  9. Cuckoo’s Egg (1986) 17 Cuckoo’s Egg (1986) • Clifford Stoll – Lawrence Berkeley National Lab (CA) • Tracks and hunts Markus Hess. – West Germany – Hanover • Hess had been engaged for some years in selling the results of his hacking to the KGB. • Only DoJ paid attention • http://en.wikipedia.org/wiki/The_Cuckoo's_Egg 18 9

  10. Morris Worm (1988) • Robert T. Morris Jr. – Cornell University – Hints 6.000 hosts on ARPANET. – 1o. Internet Worm. – http://en.wikipedia.org/wiki/Morris_worm 19 Eligible Receiver (1997) • An U.S. Govmt. NIEX – No-Notice Interoperability Exercise Program • Red Team gains root access to over 36 government networks. – U.S. Pacific Command computer systems as well as power grids and 911 systems in nine major U.S. Cities • http://en.wikipedia.org/wiki/Eligible_Receiver_97 20 10

  11. Solar Sunrise (1988) • February 1998: US DoD networks were attacked using a well-known vulnerability in UNIX-based computer system. • The attackers probed servers to see if the vulnerability existed. – Exploited the vulnerability and entered the system; planted a program to gather data; and then returned later to collec that. – 2 California High School students were arrested and pled guilty. – Their mentor, an 18 year-old Israeli, was also arrested and indicted . – http://en.wikipedia.org/wiki/Ehud_Tenenbaum 21 Moonlight Maze (1998 - … ) • U.S. officials accidentally discovered a pattern of probing of computer systems at The Pentagon , NASA , US Dept. of Energy, private universities, and research labs that. • Had begun in March 1998 and had been going on for nearly two years. • http://en.wikipedia.org/wiki/Moonlight_Maze 22 11

  12. Buckshot Yankee (2008) • USB flash drive infected by a foreign intelligence agency was left in the parking lot of a Department of Defense facility at a base in the Middle East . • Laptop computer that was attached to United States Central Command . • http://en.wikipedia.org/wiki/2008_cyberattack_on_United_State 23 Operation Aurora (2009) • Cyber attack conducted by advanced persistent threats such as the Elderwood Group based in Beijing, China , with ties to the People's Liberation Army. – The attack began in mid-2009 and continued through December 2009. • http://en.wikipedia.org/wiki/Operation_Aurora 24 12

  13. Stuxnet (2009) • Designed to attack Siemens software running on a Windows OS. • Stuxnet almost ruined one-fifth of the Iranian nuclear centrifuge by spinning out of control while simultaneously replaying the recorded system. • We will see this in details, following... 25 New Cybernetic Global Order 26 13

  14. New Cybernetic Global Order • Since early 2008 we had some important events that changed the way we deal with and understand cyber threats: – Conficker (2008/2009) – Stuxnet (2010) – DuQu (2011) – Flame (2012) 27 New Cybernetic Global Order 28 14

  15. The Waters Divided How and when the things started changing 2010 2001 2011 … 2012 … 29 The Waters Divided The first turning point 2010 2001 2011 … 2012 … 30 15

  16. Before 2001 … • Hacking was just accessible to small groups . • Ideology, knowledge and way of life of technical community, geeks, academy … – It was very restrict. – It was little about money and profit . • It was more about activism and curiosity . – But it was changing … 31 Why 2001 ? • 2001 is the first turning point in Brazil. • December 2001: first integrated banking malware system . • Criminals also used an intricate net of both : hacked accounts and people. 32 16

  17. 2001 web bank malware • The malware had little sophistication . – But laundering and crime process was quite complex. • Tracking laundered money was very difficult. • Law enforcement had small resources. – The gang started operating in the city of Parauapebas in Pará State. • It was the first time we saw organized crime operating over the Internet in Brazil. 33 First counter operations in Brazil • After these Paraupebas events, they spread all over the country. • First operations by law enforcement against organized cybercrime in Brazil: – Operation Cash Net (2001), – Operation Cavalo de Tróia I (2003), – Operation Cavalo de Tróia II (2004), – Operation Pegasus e Pegasus II (2005). 34 17

  18. About 10 years without anything really new • This scenario continued by almost 10 years, – Steadily increasing criminal activities . • The Internet security scenario was the same around the world: – the more money comes into the net, more criminal activities. • But, until there , it was only about money … 35 The Waters Divided The 2 nd turning point 2010 2001 2011 … 2012 … 36 18

  19. What changed around 2010 ? The end of “announced death” • Until around 2010, when a serious security problem appears (like a worldwide worm attack) it was always a announced death . – It means: the security community had already warned about the problem, and the vulnerability had been previously and openly disclosed, i.e. a “zero day” was announced. • It’s something like: “ Hei, I warned you! ” 37 So, what did change? A lot of things changed through the 2000- 2010 decade. Simple: There are no more warnings ! • But not only this … – To discuss the new scenario, let’s use Stuxnet malware , as an example to show the waters division and the change point. 38 19

Recommend


More recommend