SlideShare ist ein Scribd-Unternehmen logo
1 von 67
Downloaden Sie, um offline zu lesen
Presented by:
Raoul Chiesa, @ Mediaservice.net
            ,               .

       Design & Concept:
   Jart Armin & Raoul Chiesa

       Club Hack 2010
   Pune, December 5th, 2010
* Disclaimer
                                             *
* The Authors
* Reasons for this talk
* Introduction
    *   Cybercrime
    *   CyberWar & Information Warfare
    *   Shared points
*   What you see is NOT what you get?
    *   Countries at stake
    *    Legends (North Korea)
* New concepts for a new era
           p
    *   Hackers & Cybercrime
    *   Evolution and Size of Cyberattacks
    *   From Cybercrime to CyberWar
    *   The Paradigm Shif
        Th P di       Shift
    *   An example: Stuxnet
    *   Digital Weapons comparison
    *    CyberWar Defense
    *   Opportunity for Hackers
    *   Learning from the history
*   References
*   Q&A
© Jart Armin & Raoul Chiesa, 2010                2
*Disclaimer




© Jart Armin & Raoul Chiesa, 2010   3
*
●   The information contained within this presentation does
    not infringe on any intellectual property nor does it contain
    tools or recipe that could be in breach with known laws.
                                                        laws
●   The statistical data presented belongs to the Hackers
    Profiling Project by UNICRI and ISECOM.
             g    j    y
●   Quoted trademarks belongs to registered owners.
●   The views expressed are those of the author(s) and   ( )
    speaker(s) and do not necessary reflect the views of
    UNICRI or others United Nations agencies and institutes,
    nor the view of ENISA and its PSG (Permanent Stakeholders
    Group).
●   Contents of this presentation may be quoted or
    reproduced, provided th t th source of i f
           d    d      id d that the            f information i
                                                          ti   is
    acknowledged.

     © Jart Armin & Raoul Chiesa, 2010       4
*
    * On the underground scene since 1986
    * Senior Advisor on cybercrime at the United
        Nations (UNICRI)
    *   ENISA PSG Member (2010-2012)
    *    Founder, @ Mediaservice.net – Independent
        Security Advisory Company and @ PSS – a Digital
        Forensics Company
    *    Founder, Board of Directors at: CLUSIT (Italian
        Information Secu ty Association), ISECOM,
           o at o Security ssoc at o ), S COM,
        OWASP Italian Chapter
    * TSTF.net member
    * Member: ICANN, OPSI/AIP, EAST

    © Jart Armin & Raoul Chiesa, 2010     5
*
* Independent Security & Malware researcher
*   Senior Partner at CyberDefcon

*   Specialized in Cyber threats analysis and Cybercrime intelligence
    for Internet industry and government agencies

*   Well-known ‘cause of his exposure and analysis on RBN (Russian
    Business Network) – hostexploit.com, RBNexploit.com

*   Introduced as “one of the world’s top hacker hunters” by RU.TV

*   Heavily mentioned in Thomas Menn’s book, “Fatal System Error”
          y                                ,         y
    (2010) along with Steve Santorelli (Team Cymru) and other nice
    folks!
© Jart Armin & Raoul Chiesa, 2010    6
*
*    Speaking along with a lot friends, it looks like the “.mil” world developed a deep interest
    towards these topics…

       2001/2002: First interest shown back from USA (after 9/11), focused on hacker’s resources in
       2001/2002 Fi t i t        t h      b kf          ( ft 9/11) f          d    h k ’           i
       order to attack and/or infiltrate Al Qaeda;
       2003-2005: observed a huge escalation of USA and Israel Secret Services, asking for 0-days,
       seeking for information resources among elite hackers, asking for Iran & Pakistan hacking;
       2005: China’s attacks to USA go public escalating during 2007-2010 (UK Germany France
               China s                    public,                  2007 2010 (UK, Germany, France,
       Italy);
       2008/2010: USA & Canada leading (since the last 2/3 years), an increasing attention related to
       National Critical Infrastructures, followed by UK, EU, Israel, India, Australia;
       2010: Italian Committee for the National Security of the Republic audited myself (March/May);
                                                         y           p                  y (        y)
       2009/2010: NATO Cyber Coalition running CyberDefense 2010
       (CyberShot 2009) along with C4 Command (Rome);
       2011: Swiss Cyber Storm III.

        TODAY - Intelligence Agencies hiring “leet hackers” in order to:
           Buy/develop 0-days;
           Launch attacks on terrorists and/or suspected ones;
            Protect National Security;
           Informing & Training Local Governments.


*    Thus, hackers becoming kind of “e-ambassadors”, “e-strategy consultants” towards .mil and
    .gov environments or “e mercenaries”, training “e soldiers”…
     gov environments,    e-mercenaries             e-soldiers
      © Jart Armin & Raoul Chiesa, 2010                          7
*
*   Just like you got used to words such as:
    * “Paranoia” (that’s into your DNA, hopefully!)
    * “Information Security (198x)
       Information Security”
    * “Firewall”, “DMZ” (1994/5)
    * “Pentesting” (1996/7)
    * “xIDS” (2001-2003)
        xIDS
    * “Web Application Security” (2006-2009)
    * “SCADA&NCIs” (2008-201x)
    * “PCI DSS” (2009-201x)
       PCI-DSS (2009 201x)
    * Botnets (2008-2010)
    * ……………………….

* In the next (ten?) years, you will hear non-stop about:
    * NGC – Next Generation Cybercrime
    *C b W
      CyberWar
    * Information Warfare
    * NGW – Next Generation Warfare

    © Jart Armin & Raoul Chiesa, 2010       8
*
*SIGINT = Signals Intelligence
*COMINT = Communication Intelligence
*ELINT = Electronic Intelligence
*FISINT = Foreign Instrumentation Signals Intelligence
*OSINT = Open Source Intelligence
*PSYOPS = Psychological Operations
*IMINT = Imagery Intelligence
*MASINT = Measurement Signal Intelligence
*HUMINT = Human Intelligence
*GEOSPATIAL Intelligence = Analysis and Presentation
                   g             y
 security-relevant Activities


  © Jart Armin & Raoul Chiesa, 2010   9
* IO = Information Operations
                             *
* IW = Information Warfare
* IA = Information Assurance
* C2 = Command and Control
* C2IS = Command and Control Information Systems
* C2W = Command and Control Warfare
* C3 = Command, Control, Communication
              ,        ,
* C3I = Command, Control, Communication and Intelligence
* C4 = Command, Control, Communication and Computers
* C4I = Command, Control, Communication, Computers and Intelligence
* C4I2 = Command, Control, Communication, Computers, Intelligence and Interoperability
* C4ISR = Command, Control, Communications, Computers, Intelligence, Surveillance and
 Reconnaissance

* C5I = Command, Control, Communication, Computers, Combat Systems and Intelligence
        C     d C t l C         i ti     C    t     C b tS t         d I t lli
   © Jart Armin & Raoul Chiesa, 2010          10
*
*I = Intelligence
*S&R = Surveillance and Reconnaissance
*RSTA = Reconnaissance, Surveillance and Target Acquisition
*STA = Surveillance and Target Acquisition
*STAR = Surveillance, Target Acquisition and Reconnaissance
*ERSTA = Electro-Optical Reconnaissance, Surveillance and
 Target Acquisition
*STANO = S ill
           Surveillance, T
                         Target A
                              t Acquisition and Ni ht
                                     i iti    d Night
 Observation
*ISR = Intelligence Surveillance and Reconnaissance
       Intelligence,
*ISTAR = Intelligence, Surveillance, Target Acquisition, and
 Reconnaissance
  © Jart Armin & Raoul Chiesa, 2010   11
*
* OPSEC = Operational Security
* INFOSEC = Information Security
* COMSEC = Communications Security
* PHYSSEC = Physical Security (Human, Physical)
* HUMSEC = Human Security
* SPECSEC = Spectrum Security
  and includes:
   * EMSEC = Emissions Security (cables on the air)
   * ELSEC = Electronic Communications
   * SIGSEC = Signals
                g
* C-SIGINT = Counter-Signals Intelligence
* ECM = Electronic Countermeasures
* EMI = Electromagnetic Interference
* IBW = Intelligence-based Warfare
* IEW = Intelligence and Electronic Warfare
        I t lli        d El t i W f
   © Jart Armin & Raoul Chiesa, 2010                  12
* That’s it!

                                    * Questions??




                                         *
© Jart Armin & Raoul Chiesa, 2010                   13
*




© Jart Armin & Raoul Chiesa, 2010   14
*




© Jart Armin & Raoul Chiesa, 2010   15
*
   Running criminal actions, using IT and TLC assets, having the goal to
   illegally acquire information and transform them into money.

   Examples:
   E    l

         Identity Theft (Personal Info)
         Credit Identity Theft (Financial I f e-banking l i
         C dit Id tit Th ft (Fi        i l Info: b ki logins, CC/CVV etc)
                                                                CC/CVV, t )
         Hacking towards e-commerce, e-banking, Credit Processing Centers
         Malware (Virus, Worm, Spyware, Key Loggers, Rogue AV, Botnets,
         Mobile)
         M bil )
         Hacking on-demand
         DDoS attacks (blackmail)
         Spam
         Counterfiting (medicinals, luxury, products & services
         Gambling (not authorized by local Authorities)
                  g(                 y                 )
         Generic Porn (fake sites, etc)
         Minors and children pornography

© Jart Armin & Raoul Chiesa, 2010     16
*




© Jart Armin & Raoul Chiesa, 2010   17
*




© Jart Armin & Raoul Chiesa, 2010   18
*
*   Computer crime - From Wikipedia, the free encyclopedia
    (Redirected from Cybercrime: http://en.wikipedia.org/wiki/Cybercrime)

* Computer crime refers to any crime that involves a computer and a
    network, where the computers may or may not have played an instrumental
    p
    part in the commission of the crime ( (Moore 2000). Netcrime refers, more
                                                      )                    ,
    precisely, to criminal exploitation of the Internet [1]. Issues surrounding this
    type of crime have become high-profile, particularly those surrounding
    hacking, copyright infringement, child porn, and child grooming. There are
    also problems of privacy when confidential information is lost or
    intercepted, lawfully or otherwise.
* On the global level both governments and non state actors continue to grow
                level,                     non-state
    in importance, with the ability to engage in such activities as espionage,
    financial theft, and other cross-border crimes sometimes referred to as
    cyber arfare
    c ber warfare. The international legal system is attempting to hold actors
                                            s stem
    accountable for their actions, with the International Criminal Court among
    the few addressing this threat.[2]

© Jart Armin & Raoul Chiesa, 2010                      19
*
* It looks like we’re speaking
 about different actors, whose
 goals, t
    l targets, and criminal
             t    d i i l
 models are different from the
 cybercrime ones!
  y




© Jart Armin & Raoul Chiesa, 2010       20
*
*From wikipedia:
(http://en.wikipedia.org/wiki/Intelligence agency)

 An intelligence agency is a governmental agency that is devoted to the information gathering (known in the context as
 "intelligence") for purposes of national security and defense. Means of information gathering may include espionage,
 communication i
           i i interception, cryptanalysis, cooperation with other institutions, and evaluation of public sources. The assembly
                            i              l i           i    i h h i i i               d    l  i     f bli           h     bl
 and propagation of this information is known as intelligence analysis.
 Intelligence agencies can provide the following services for their national governments:
      p
      provide analysis in areas relevant to national security;
                  y                                         y;
      give early warning of impending crises;
      serve national and international crisis management by helping to discern the intentions of current or potential opponents;
      inform national defense planning and military operations;
      protect secrets, both of their own sources and activities, and those of other state agencies;
      and may act covertly to influence the outcome of events in favor of national interests.


 Intelligence agencies are also involved in defensive activities such as counter-espionage or counter-terrorism.
 Some agencies are accused of being involved in assassination, arms sales, coups d'état, and the placement of misinformation
 (propaganda) as well as other covert operations, in order to support their own or their governments' interests.



© Jart Armin & Raoul Chiesa, 2010                                21
*




© Jart Armin & Raoul Chiesa, 2010       22
*
* From wikipedia:
(http://en.wikipedia.org/wiki/Inform
  ation_warfare)

Information warfare is the use and
  management of information in
  pursuit     of   a    competitive
  advantage over an opponent
                       opponent.
Information warfare may involve
  Collection        of        tactical
  information, assurance(s) that
  one s
  one's own information is validvalid,
  spreading of propaganda or
  disinformation to demoralize the
  enemy       and     the      public,
  undermining the quality of
  opposing f
        i    force i f
                   information and
                           ti        d
  denial of information-collection
  opportunities to opposing forces.
Information warfare is closely
  linked to psychological warfare
                          warfare.




 © Jart Armin & Raoul Chiesa, 2010       23
*
* Ironically, if we look for “Cyber WarFare” on Wikipedia, they
 got it! While, it’s listed into the “computer crimes” category:
 weird!!!

The U.S. Department of Defense (DoD) notes that cyberspace has
 emerged as a national-level concern through several recent
 events of geo-strategic significance. Among those are included
 the attack on Estonia's infrastructure in 2007 allegedly by
               Estonia s                   2007,
 Russian hackers. "In August 2008, Russia again allegedly
 conducted cyber attacks, this time in a coordinated and
 synchronized kinetic and non kinetic campaign against the
                             non-kinetic
 country of Georgia. Fearing that such attacks may become the
 norm in future warfare among nation-states, the concept of
 cyberspace operations i
   b                ti    impacts and will b adapted b
                                 t    d ill be d t d by
 warfighting military commanders in the future.

© Jart Armin & Raoul Chiesa, 2010   24
*
© Jart Armin & Raoul Chiesa, 2010   25
*
* Very simply, we are speaking about the so-called Warfare,
 applied to the cyberspace.


* Defending information and communication networks, acting
 like a deterrent towards “information attacks”, while not
 allowing the enemy to do the same
                               same.


* So we are speaking about “Offensive Information Operations”
                                                  Operations”,
 built against an adversary, ‘till being able to dominate the
 information during a war contest.



   © Jart Armin & Raoul Chiesa, 2010   26
*
* It is an extremely new and dynamic war scenario, where those
 metrics and views used before it are now really obsolete.
                                                 obsolete


* Typically these operations are decentralized while anonymous
  Typically,                                         anonymous.


* Th “ t f ” cost i extremely l
  The “entry fee” t is t   l low, while it supplies a h
                                   hil         li     huge
 power.


* …and after all, there’s always the possibility of denying what has
 happened..



   © Jart Armin & Raoul Chiesa, 2010   27
*
* Basically, what happened in Estonia?

* In 2007, after a Russian statue has been moved from its
    original location in Tallinn, “hacktivists” joined their efforts,
    launching electronic attacks (DDoS, web defacements)
    towards Estonia’s critical infrastructures such as banks,
    t     d E t i ’       iti l i f t t            h   b k
    Public Administration (PA) web sites, etc.

*    Estonia,
     Estonia being an extremely young country since its
                                          country,
    creation decided to really invest on IT, supplying all of the
    services to the citiziens via on-line resources.

* The result of the attacks has been devastating in a country
 where Internet is used for everything: long lines out of the
 banks and PA offices, panic around the country.
* The same thing happened to Georgia the next year (2008)
* Russian government has always denied any possible role in
 both attacks.


      © Jart Armin & Raoul Chiesa, 2010            28
*




© Jart Armin & Raoul Chiesa, 2010   29
*
*PC Z bi (b t t ) -> th t k advantage of th
    Zombies (botnets) they take d t    f the
 “standard user”, both in a Corporate or home (broadband)
 scenario.
 scenario
*“0-days”: until today, all of them were on MS Windows.
*“0 days”: ‘till now no “unknown vulnerability” exploited
 “0-days”:       now,
 (yet). We’re heavily talking about IE 6.0 (!) bugs and so on…
*(attacker’s perspective) nothing changes that much
                                               much.
 There’s more chances to hack 100 broadbands users instead
 of 1000 PCs from a company’s network.
                    company s
*It’s still the digital weapon he needs to launch attacks
 ( oS, eylogge s,
 (DDoS, Keyloggers, etc).
  © Jart Armin & Raoul Chiesa, 2010   30
*



                                             *Wh you see
                                              What
                                               is NOT what
                                                   you get
                                                       get…
© Jart Armin & Raoul Chiesa, 2010       31
*
●    USA (…everywhere, always!)                                 “Low Risk”
●    UK, Canada, France, Switzerland
●    Brazil
●    Israel & Palestinian National Authority                  “Average Risk”
●    Zimbabwe
●    Middle East: “friendly” countries (UAE, Saudi Arabia…)
●    China
●    India
●    Pakistan
●    North Korea (DPRK)
●    South Korea
●    Iran                                                      “High Risk”
●    Tatarstan
●    Kyrgyzstan
     K        t
●    Ingushetia (ex URSS)
●    Myanmar
●    Russia (E t i G
     R     i (Estonia, Georgia)
                            i )
    © Jart Armin & Raoul Chiesa, 2010     32
*




© Jart Armin & Raoul Chiesa, 2010   33
*
* “North Korea will soon attack many countries
 using IT attacks, since they have the best
     g           ,          y
 hackers of the whole world.”

* Uh?!? WTF???
* That’s weird, when speaking about a country
 which i t t ll i l t d f
  hi h is totally isolated from th I t
                                the Internet,
                                           t
 where its “cellular network” recalls more a
 DECT infrastructure…(no BTSs out of
                        (
 PongYang).

*See Mike Kemp s slides from CONfidence 2010
          Kemp’s
 @ Kracow.

  © Jart Armin & Raoul Chiesa, 2010   34
*
© Jart Armin & Raoul Chiesa, 2010       35
"In the very near future many conflicts will not take place on the
         open field of battle, but rather in spaces on the Internet, fought
                with the aid of information soldiers, that is hackers.
           This means that a small force of hackers is stronger than the
                multi-thousand f
                   lti th     d force of th current armed f
                                       f the        t       d forces.“
                                                                     “

                                    Duma, 2007

© Jart Armin & Raoul Chiesa, 2010
                                         36
*
© Jart Armin & Raoul Chiesa, 2010   37
*
*   “Hackers” are today somehow “deprecated”, meaning that many
    CxOs are missing those “romantic” figures.
       * Driven by: Know-how needing (OS, networks, protocols), having fun, being
         cool, ‘cause it was “trendy”.


*    Nowadays’ attackers often belong to the Organized Crime, being both
    an active or passive actor.
    * Driven by: money
                 money.


*   Results: a weird hack-ecosystem, composed by different actors. i.e.:
       Romania’s crime gangs in Italy passed the ATM skimmers biz to
      Nigerian ppl, getting paid back with cocaine (Italy, February 2009);
       Nigerian guys cash out the money from cybercrime activities (carding
                                                                     (carding,
      skimming, etc..) and buy human organs (kidneys) from Nigeria, then
      sell them in EU (Turin, Italy, September 2010).

© Jart Armin & Raoul Chiesa, 2010        38
*
© Jart Armin & Raoul Chiesa, 2010       39
*C b War
                                          Cyber
© Jart Armin & Raoul Chiesa, 2010   40
*
© Jart Armin & Raoul Chiesa, 2010   41
*
© Jart Armin & Raoul Chiesa, 2010   42
*
                        OUT                                IN ☺

 Single operational pic                                   Situational awareness
 Autonomous ops                                        Self-synchronizing ops
 Broadcast information push                                    Information pull
 Individual                                                       Collaboration
 Stovepipes                                           Communities of Interest
 Task, process, exploit, disseminate                  Task, post, process, use
 Multiple data calls, duplication                Only handle information once
 Private data                                                       Shared data
 Perimeter, one-time security                        Persistent, continuous IA
 Bandwidth limitations                                  Bandwidth on demand
 Circuit-based transport
                      p                                     IP-based transport
                                                                           p
 Single points of failure                                       Diverse routing
 Separate infrastructures                                  Enterprise services
 Customized, platform centric IT
              platform-centric              COTS based, net-centric capabilities
                                                        net centric
                                                 Scouting elite hacker parties?
© Jart Armin & Raoul Chiesa, 2010      43
*

                 * Botnet & drone         * Server hacking
                    armies


                 * DDoS                   * Encryption
                                                yp


                 * Trojans & Worms
                      j                   * Extortion & Ransom

                 * Malware                * Man in the Middle


© Jart Armin & Raoul Chiesa, 2010    44
*




© Jart Armin & Raoul Chiesa, 2010   45
*


          * Cluster Bomb             * Cruise Missile




© Jart Armin & Raoul Chiesa, 2010   46
*


          Multiple targets, loud and    Laser Guided, precision, and
          noisy                         stealth
          * Massive DDoS                * Compromise infrastructure
          * Loss of digital             * Industrial Sabotage
            communication
                                        * Loss of confidence in
          * Cloning of state                systems
            communications
                                        * Create confusion
          * Create confusion



© Jart Armin & Raoul Chiesa, 2010      47
*
© Jart Armin & Raoul Chiesa, 2010   48
*
         Stuxnet is a specialized malware, solely targeting:
             SCADA systems running Siemens SIMATIC WinCC. Such systems
             monitor and control industrial technology and infrastructure
                                                    gy
             SIMATIC Siemens STEP 7 software for process visualization and
             system control
         Uses several vulnerabilities in the underlying MS Windows
         operating system for infection and propagation
         Infection works via USB-drives or open network shares
         Hides the content of the malware on infected systems
         Allows full remote control & P2P capabilities
         Only Siemens SCADA Step 7 & in particular centrifuges
                                                      l     f


© Jart Armin & Raoul Chiesa, 2010          49
*
* I d t i l sabotage
  Industrial b t
* Cyberwar tool kit
* USA, Israel, China…….who else? Maybe the Aliens?? ;)
  USA I     l Chi       h l ? M b th Ali ?? )
* Atomstroyexport (TrojanDownloader.Agent.IJ trojan)
* 19790509 in the Windows registry (US & USSR sign Salt 2 treaty,
 limiting nuclear weapons) – not a US date format
* Experiment gone wrong
* PoC (proof of concept)



 © Jart Armin & Raoul Chiesa, 2010       50
*
* A new class and dimension of malware
* Not only for its complexity and sophistication
  N t l f it           l it     d    hi ti ti
* The attackers have invested a substantial amount of time and
 money to build such a complex attack tool (average: 1 MLN US$)
* Can be considered as the "first strike", i.e. one of the first
 organized, well prepared attacks against major industrial
 resources
* MITM (man in the middle) attacks on PLCs, industrial devices,
 and embedded systems
* Potential associated with Wi-Fi & for radio-frequency
 identification
 id tifi ti (RFID) h kihacking, - “
                                  “smart-meter” hij ki and much
                                       t     t ” hijacking d  h
 more (think about SCADA-related industry: Water Companies,
 Energy Power p
     gy         plants, Highways, etc, etc.)
                      , g      y ,   ,     )
  © Jart Armin & Raoul Chiesa, 2010   51
*
* The first time that mass-media wrote about “Industrial
 Automation & SCADA security”.
                           y

* Stuxnet “helped”, Intelligence Agencies & Military Forces to
              p   ,        g      g                y
 think about “the next [IT] war” - also helping government
 contractors.

* Stuxnet helped also security researchers to “track back the
 attack” to a state sponsored attack tool.
                     p

* Stuxnet may be a basis for future extortion.

* Blueprint for the next generation of malware.
  © Jart Armin & Raoul Chiesa, 2010   52
*




© Jart Armin & Raoul Chiesa, 2010   53
*
© Jart Armin & Raoul Chiesa, 2010   54
*
Control of:
* Cybercrime (learning from it, then applying its
  logic to InfoWar)
* Critical industrial infrastructure & contractors
* Over reliance on single routing of communications
* MITM (man in the middle) – gaps in the systems
* Mobile computing & thumb drives
* Important Internet servers and national
  communications i f
            i i      infrastructure
* Improved Encryption & access



© Jart Armin & Raoul Chiesa, 2010       55
*
* The “job of your life : being paid in order to hack remote
       job         life”:
  systems, while being also legally authorised to do it!!! ☺
* The 0-days market will benefit from this
* Military and Government organizations already began hiring
  hackers for consulting, Red Teams building, etc
* Standards such as the OSSTMM (by ISECOM) may be easily
  applied and used in this scenario, while it’s not a “standard
  pentest” LOL




   © Jart Armin & Raoul Chiesa, 2010   56
*




                                             CCC & KGB 1986-1989
                                                   KGB,
© Jart Armin & Raoul Chiesa, 2010       57
*
           CCC&KGB (‘80 )
                       (‘80s)
           Vodafone Greece attack
           Telecom Italia / Kroll infowar
           T l       It li    K ll i f
           Estonia Cyber-war (2007)
           Russia-Georgia C b
           R i G          i Cyber-war (2008)
           North-Korea Attacks (2009)
           Google-China O
           G    l Chi Operation A
                                ti Aurora (2010)
           Iran / ? – STUXNET (2010)



© Jart Armin & Raoul Chiesa, 2010       58
*
  US/Israel Hacking US (February 1998)
     “Solar Sunrise”
     DoD, Air Force, Navy, Marine Corps
  Russia (ex KGB building) Hacking US (Sept 1999)
     „Moonlight Maze“
     Classified naval codes, missile guidance systems info
  China Hacking US (2003-2005)
     “Titan Rain”
     Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, NASA
  South Korea (Oct 2004)
     Engaged lots of military hackers
  Russia (May 2007)
     Russia attacks Estonia government, DDoS
     Parliament, Ministries, Banks and Media
                ,          ,
  Czech Republic (June 2007)
     Hackers broadcast “nuclear bomb” on morning’s prime time national television (alike
       “The war of the worlds”...)

© Jart Armin & Raoul Chiesa, 2010             59
*
© Jart Armin & Raoul Chiesa, 2010   60
Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa)
Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa)
Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa)
CENSORED

YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010
               IN ORDER TO SEE THIS!!!
CENSORED

YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010
               IN ORDER TO SEE THIS!!!
CENSORED

YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010
               IN ORDER TO SEE THIS!!!
* Jart Armin: jart@cyberdefcon.com
    * Raoul Chiesa: chiesa@UNICRI.it

    CyberDefcon – Cybercrime Clearing House & EU Early warning Coalition

    UNICRI - United Nations Interregional Crime and Justice Research Institute

    ENISA -the European Network and Information Security Agency
                   p                                   y g    y

    The opinions hereby expressed are those of the Authors and do not necessarily
    represent the ideas and opinions of the United Nations, the UN agency
    “UNICRI”, ENISA
    “UNICRI” ENISA, ENISA PSG nor others.
                           PSG,       th



                           *
© Jart Armin & Raoul Chiesa, 2010         67

Weitere ähnliche Inhalte

Was ist angesagt?

cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cyber terrorism power point
Cyber terrorism power pointCyber terrorism power point
Cyber terrorism power pointjessicafay2010
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Jim Geovedi
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorismKirti Temani
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorismbl26ehre
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Abzetdin Adamov
 

Was ist angesagt? (20)

cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism power point
Cyber terrorism power pointCyber terrorism power point
Cyber terrorism power point
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
document on cyber terrorism
document on cyber terrorismdocument on cyber terrorism
document on cyber terrorism
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
1358619756 cyber terrorism
1358619756 cyber terrorism1358619756 cyber terrorism
1358619756 cyber terrorism
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cyberterrorism final
Cyberterrorism finalCyberterrorism final
Cyberterrorism final
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM
 
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
 

Ähnlich wie Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa)

ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues   (Raoul Chiesa, day 1 ) Telecom security issues   (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 ) ClubHack
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyCRS4 Research Center in Sardinia
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ IsecomGoWireless
 
Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...Lilian Edwards
 
SPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustrySPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustryKyna Tsai
 
Fears about Computer Technology
Fears about Computer TechnologyFears about Computer Technology
Fears about Computer Technology100656472mercier
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet ReportAhmed Mater
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetRichardus Indrajit
 
E. Bryan - E-Governance and Personal Privacy
E. Bryan -  E-Governance and Personal PrivacyE. Bryan -  E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyEmerson Bryan
 
Dell jort kollerie
Dell jort kollerieDell jort kollerie
Dell jort kollerieBigDataExpo
 
Communications Surveillance: Justification and Efficacy
Communications Surveillance: Justification and EfficacyCommunications Surveillance: Justification and Efficacy
Communications Surveillance: Justification and Efficacyblogzilla
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 

Ähnlich wie Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa) (20)

ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
Telecom security issues (Raoul Chiesa, day 1 )
Telecom security issues   (Raoul Chiesa, day 1 ) Telecom security issues   (Raoul Chiesa, day 1 )
Telecom security issues (Raoul Chiesa, day 1 )
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - CybersecurityUN/ITU - Organisational Structures and Incident Management - Cybersecurity
UN/ITU - Organisational Structures and Incident Management - Cybersecurity
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Cyber security.pptx
Cyber security.pptxCyber security.pptx
Cyber security.pptx
 
Chiesa_ Isecom
Chiesa_ IsecomChiesa_ Isecom
Chiesa_ Isecom
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
 
Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...Police surveillance of social media - do you have a reasonable expectation of...
Police surveillance of social media - do you have a reasonable expectation of...
 
SPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security IndustrySPEEDA INSIGHTS_Market Prospects for the Security Industry
SPEEDA INSIGHTS_Market Prospects for the Security Industry
 
Fears about Computer Technology
Fears about Computer TechnologyFears about Computer Technology
Fears about Computer Technology
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
 
E. Bryan - E-Governance and Personal Privacy
E. Bryan -  E-Governance and Personal PrivacyE. Bryan -  E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal Privacy
 
Dell jort kollerie
Dell jort kollerieDell jort kollerie
Dell jort kollerie
 
Communications Surveillance: Justification and Efficacy
Communications Surveillance: Justification and EfficacyCommunications Surveillance: Justification and Efficacy
Communications Surveillance: Justification and Efficacy
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Cyber Crime Challanges
Cyber Crime ChallangesCyber Crime Challanges
Cyber Crime Challanges
 

Mehr von ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue  February 2012Clubhack Magazine Issue  February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue  February 2012Clubhack Magazine Issue  February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Kürzlich hochgeladen

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 

Kürzlich hochgeladen (20)

OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 

Cybercrime, cyber war, infowar - what's this all about from an hacker's perspective (raoul chiesa)

  • 1. Presented by: Raoul Chiesa, @ Mediaservice.net , . Design & Concept: Jart Armin & Raoul Chiesa Club Hack 2010 Pune, December 5th, 2010
  • 2. * Disclaimer * * The Authors * Reasons for this talk * Introduction * Cybercrime * CyberWar & Information Warfare * Shared points * What you see is NOT what you get? * Countries at stake * Legends (North Korea) * New concepts for a new era p * Hackers & Cybercrime * Evolution and Size of Cyberattacks * From Cybercrime to CyberWar * The Paradigm Shif Th P di Shift * An example: Stuxnet * Digital Weapons comparison * CyberWar Defense * Opportunity for Hackers * Learning from the history * References * Q&A © Jart Armin & Raoul Chiesa, 2010 2
  • 3. *Disclaimer © Jart Armin & Raoul Chiesa, 2010 3
  • 4. * ● The information contained within this presentation does not infringe on any intellectual property nor does it contain tools or recipe that could be in breach with known laws. laws ● The statistical data presented belongs to the Hackers Profiling Project by UNICRI and ISECOM. g j y ● Quoted trademarks belongs to registered owners. ● The views expressed are those of the author(s) and ( ) speaker(s) and do not necessary reflect the views of UNICRI or others United Nations agencies and institutes, nor the view of ENISA and its PSG (Permanent Stakeholders Group). ● Contents of this presentation may be quoted or reproduced, provided th t th source of i f d d id d that the f information i ti is acknowledged. © Jart Armin & Raoul Chiesa, 2010 4
  • 5. * * On the underground scene since 1986 * Senior Advisor on cybercrime at the United Nations (UNICRI) * ENISA PSG Member (2010-2012) * Founder, @ Mediaservice.net – Independent Security Advisory Company and @ PSS – a Digital Forensics Company * Founder, Board of Directors at: CLUSIT (Italian Information Secu ty Association), ISECOM, o at o Security ssoc at o ), S COM, OWASP Italian Chapter * TSTF.net member * Member: ICANN, OPSI/AIP, EAST © Jart Armin & Raoul Chiesa, 2010 5
  • 6. * * Independent Security & Malware researcher * Senior Partner at CyberDefcon * Specialized in Cyber threats analysis and Cybercrime intelligence for Internet industry and government agencies * Well-known ‘cause of his exposure and analysis on RBN (Russian Business Network) – hostexploit.com, RBNexploit.com * Introduced as “one of the world’s top hacker hunters” by RU.TV * Heavily mentioned in Thomas Menn’s book, “Fatal System Error” y , y (2010) along with Steve Santorelli (Team Cymru) and other nice folks! © Jart Armin & Raoul Chiesa, 2010 6
  • 7. * * Speaking along with a lot friends, it looks like the “.mil” world developed a deep interest towards these topics… 2001/2002: First interest shown back from USA (after 9/11), focused on hacker’s resources in 2001/2002 Fi t i t t h b kf ( ft 9/11) f d h k ’ i order to attack and/or infiltrate Al Qaeda; 2003-2005: observed a huge escalation of USA and Israel Secret Services, asking for 0-days, seeking for information resources among elite hackers, asking for Iran & Pakistan hacking; 2005: China’s attacks to USA go public escalating during 2007-2010 (UK Germany France China s public, 2007 2010 (UK, Germany, France, Italy); 2008/2010: USA & Canada leading (since the last 2/3 years), an increasing attention related to National Critical Infrastructures, followed by UK, EU, Israel, India, Australia; 2010: Italian Committee for the National Security of the Republic audited myself (March/May); y p y ( y) 2009/2010: NATO Cyber Coalition running CyberDefense 2010 (CyberShot 2009) along with C4 Command (Rome); 2011: Swiss Cyber Storm III. TODAY - Intelligence Agencies hiring “leet hackers” in order to: Buy/develop 0-days; Launch attacks on terrorists and/or suspected ones; Protect National Security; Informing & Training Local Governments. * Thus, hackers becoming kind of “e-ambassadors”, “e-strategy consultants” towards .mil and .gov environments or “e mercenaries”, training “e soldiers”… gov environments, e-mercenaries e-soldiers © Jart Armin & Raoul Chiesa, 2010 7
  • 8. * * Just like you got used to words such as: * “Paranoia” (that’s into your DNA, hopefully!) * “Information Security (198x) Information Security” * “Firewall”, “DMZ” (1994/5) * “Pentesting” (1996/7) * “xIDS” (2001-2003) xIDS * “Web Application Security” (2006-2009) * “SCADA&NCIs” (2008-201x) * “PCI DSS” (2009-201x) PCI-DSS (2009 201x) * Botnets (2008-2010) * ………………………. * In the next (ten?) years, you will hear non-stop about: * NGC – Next Generation Cybercrime *C b W CyberWar * Information Warfare * NGW – Next Generation Warfare © Jart Armin & Raoul Chiesa, 2010 8
  • 9. * *SIGINT = Signals Intelligence *COMINT = Communication Intelligence *ELINT = Electronic Intelligence *FISINT = Foreign Instrumentation Signals Intelligence *OSINT = Open Source Intelligence *PSYOPS = Psychological Operations *IMINT = Imagery Intelligence *MASINT = Measurement Signal Intelligence *HUMINT = Human Intelligence *GEOSPATIAL Intelligence = Analysis and Presentation g y security-relevant Activities © Jart Armin & Raoul Chiesa, 2010 9
  • 10. * IO = Information Operations * * IW = Information Warfare * IA = Information Assurance * C2 = Command and Control * C2IS = Command and Control Information Systems * C2W = Command and Control Warfare * C3 = Command, Control, Communication , , * C3I = Command, Control, Communication and Intelligence * C4 = Command, Control, Communication and Computers * C4I = Command, Control, Communication, Computers and Intelligence * C4I2 = Command, Control, Communication, Computers, Intelligence and Interoperability * C4ISR = Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance * C5I = Command, Control, Communication, Computers, Combat Systems and Intelligence C d C t l C i ti C t C b tS t d I t lli © Jart Armin & Raoul Chiesa, 2010 10
  • 11. * *I = Intelligence *S&R = Surveillance and Reconnaissance *RSTA = Reconnaissance, Surveillance and Target Acquisition *STA = Surveillance and Target Acquisition *STAR = Surveillance, Target Acquisition and Reconnaissance *ERSTA = Electro-Optical Reconnaissance, Surveillance and Target Acquisition *STANO = S ill Surveillance, T Target A t Acquisition and Ni ht i iti d Night Observation *ISR = Intelligence Surveillance and Reconnaissance Intelligence, *ISTAR = Intelligence, Surveillance, Target Acquisition, and Reconnaissance © Jart Armin & Raoul Chiesa, 2010 11
  • 12. * * OPSEC = Operational Security * INFOSEC = Information Security * COMSEC = Communications Security * PHYSSEC = Physical Security (Human, Physical) * HUMSEC = Human Security * SPECSEC = Spectrum Security and includes: * EMSEC = Emissions Security (cables on the air) * ELSEC = Electronic Communications * SIGSEC = Signals g * C-SIGINT = Counter-Signals Intelligence * ECM = Electronic Countermeasures * EMI = Electromagnetic Interference * IBW = Intelligence-based Warfare * IEW = Intelligence and Electronic Warfare I t lli d El t i W f © Jart Armin & Raoul Chiesa, 2010 12
  • 13. * That’s it! * Questions?? * © Jart Armin & Raoul Chiesa, 2010 13
  • 14. * © Jart Armin & Raoul Chiesa, 2010 14
  • 15. * © Jart Armin & Raoul Chiesa, 2010 15
  • 16. * Running criminal actions, using IT and TLC assets, having the goal to illegally acquire information and transform them into money. Examples: E l Identity Theft (Personal Info) Credit Identity Theft (Financial I f e-banking l i C dit Id tit Th ft (Fi i l Info: b ki logins, CC/CVV etc) CC/CVV, t ) Hacking towards e-commerce, e-banking, Credit Processing Centers Malware (Virus, Worm, Spyware, Key Loggers, Rogue AV, Botnets, Mobile) M bil ) Hacking on-demand DDoS attacks (blackmail) Spam Counterfiting (medicinals, luxury, products & services Gambling (not authorized by local Authorities) g( y ) Generic Porn (fake sites, etc) Minors and children pornography © Jart Armin & Raoul Chiesa, 2010 16
  • 17. * © Jart Armin & Raoul Chiesa, 2010 17
  • 18. * © Jart Armin & Raoul Chiesa, 2010 18
  • 19. * * Computer crime - From Wikipedia, the free encyclopedia (Redirected from Cybercrime: http://en.wikipedia.org/wiki/Cybercrime) * Computer crime refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental p part in the commission of the crime ( (Moore 2000). Netcrime refers, more ) , precisely, to criminal exploitation of the Internet [1]. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child porn, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. * On the global level both governments and non state actors continue to grow level, non-state in importance, with the ability to engage in such activities as espionage, financial theft, and other cross-border crimes sometimes referred to as cyber arfare c ber warfare. The international legal system is attempting to hold actors s stem accountable for their actions, with the International Criminal Court among the few addressing this threat.[2] © Jart Armin & Raoul Chiesa, 2010 19
  • 20. * * It looks like we’re speaking about different actors, whose goals, t l targets, and criminal t d i i l models are different from the cybercrime ones! y © Jart Armin & Raoul Chiesa, 2010 20
  • 21. * *From wikipedia: (http://en.wikipedia.org/wiki/Intelligence agency) An intelligence agency is a governmental agency that is devoted to the information gathering (known in the context as "intelligence") for purposes of national security and defense. Means of information gathering may include espionage, communication i i i interception, cryptanalysis, cooperation with other institutions, and evaluation of public sources. The assembly i l i i i h h i i i d l i f bli h bl and propagation of this information is known as intelligence analysis. Intelligence agencies can provide the following services for their national governments: p provide analysis in areas relevant to national security; y y; give early warning of impending crises; serve national and international crisis management by helping to discern the intentions of current or potential opponents; inform national defense planning and military operations; protect secrets, both of their own sources and activities, and those of other state agencies; and may act covertly to influence the outcome of events in favor of national interests. Intelligence agencies are also involved in defensive activities such as counter-espionage or counter-terrorism. Some agencies are accused of being involved in assassination, arms sales, coups d'état, and the placement of misinformation (propaganda) as well as other covert operations, in order to support their own or their governments' interests. © Jart Armin & Raoul Chiesa, 2010 21
  • 22. * © Jart Armin & Raoul Chiesa, 2010 22
  • 23. * * From wikipedia: (http://en.wikipedia.org/wiki/Inform ation_warfare) Information warfare is the use and management of information in pursuit of a competitive advantage over an opponent opponent. Information warfare may involve Collection of tactical information, assurance(s) that one s one's own information is validvalid, spreading of propaganda or disinformation to demoralize the enemy and the public, undermining the quality of opposing f i force i f information and ti d denial of information-collection opportunities to opposing forces. Information warfare is closely linked to psychological warfare warfare. © Jart Armin & Raoul Chiesa, 2010 23
  • 24. * * Ironically, if we look for “Cyber WarFare” on Wikipedia, they got it! While, it’s listed into the “computer crimes” category: weird!!! The U.S. Department of Defense (DoD) notes that cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included the attack on Estonia's infrastructure in 2007 allegedly by Estonia s 2007, Russian hackers. "In August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronized kinetic and non kinetic campaign against the non-kinetic country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations i b ti impacts and will b adapted b t d ill be d t d by warfighting military commanders in the future. © Jart Armin & Raoul Chiesa, 2010 24
  • 25. * © Jart Armin & Raoul Chiesa, 2010 25
  • 26. * * Very simply, we are speaking about the so-called Warfare, applied to the cyberspace. * Defending information and communication networks, acting like a deterrent towards “information attacks”, while not allowing the enemy to do the same same. * So we are speaking about “Offensive Information Operations” Operations”, built against an adversary, ‘till being able to dominate the information during a war contest. © Jart Armin & Raoul Chiesa, 2010 26
  • 27. * * It is an extremely new and dynamic war scenario, where those metrics and views used before it are now really obsolete. obsolete * Typically these operations are decentralized while anonymous Typically, anonymous. * Th “ t f ” cost i extremely l The “entry fee” t is t l low, while it supplies a h hil li huge power. * …and after all, there’s always the possibility of denying what has happened.. © Jart Armin & Raoul Chiesa, 2010 27
  • 28. * * Basically, what happened in Estonia? * In 2007, after a Russian statue has been moved from its original location in Tallinn, “hacktivists” joined their efforts, launching electronic attacks (DDoS, web defacements) towards Estonia’s critical infrastructures such as banks, t d E t i ’ iti l i f t t h b k Public Administration (PA) web sites, etc. * Estonia, Estonia being an extremely young country since its country, creation decided to really invest on IT, supplying all of the services to the citiziens via on-line resources. * The result of the attacks has been devastating in a country where Internet is used for everything: long lines out of the banks and PA offices, panic around the country. * The same thing happened to Georgia the next year (2008) * Russian government has always denied any possible role in both attacks. © Jart Armin & Raoul Chiesa, 2010 28
  • 29. * © Jart Armin & Raoul Chiesa, 2010 29
  • 30. * *PC Z bi (b t t ) -> th t k advantage of th Zombies (botnets) they take d t f the “standard user”, both in a Corporate or home (broadband) scenario. scenario *“0-days”: until today, all of them were on MS Windows. *“0 days”: ‘till now no “unknown vulnerability” exploited “0-days”: now, (yet). We’re heavily talking about IE 6.0 (!) bugs and so on… *(attacker’s perspective) nothing changes that much much. There’s more chances to hack 100 broadbands users instead of 1000 PCs from a company’s network. company s *It’s still the digital weapon he needs to launch attacks ( oS, eylogge s, (DDoS, Keyloggers, etc). © Jart Armin & Raoul Chiesa, 2010 30
  • 31. * *Wh you see What is NOT what you get get… © Jart Armin & Raoul Chiesa, 2010 31
  • 32. * ● USA (…everywhere, always!) “Low Risk” ● UK, Canada, France, Switzerland ● Brazil ● Israel & Palestinian National Authority “Average Risk” ● Zimbabwe ● Middle East: “friendly” countries (UAE, Saudi Arabia…) ● China ● India ● Pakistan ● North Korea (DPRK) ● South Korea ● Iran “High Risk” ● Tatarstan ● Kyrgyzstan K t ● Ingushetia (ex URSS) ● Myanmar ● Russia (E t i G R i (Estonia, Georgia) i ) © Jart Armin & Raoul Chiesa, 2010 32
  • 33. * © Jart Armin & Raoul Chiesa, 2010 33
  • 34. * * “North Korea will soon attack many countries using IT attacks, since they have the best g , y hackers of the whole world.” * Uh?!? WTF??? * That’s weird, when speaking about a country which i t t ll i l t d f hi h is totally isolated from th I t the Internet, t where its “cellular network” recalls more a DECT infrastructure…(no BTSs out of ( PongYang). *See Mike Kemp s slides from CONfidence 2010 Kemp’s @ Kracow. © Jart Armin & Raoul Chiesa, 2010 34
  • 35. * © Jart Armin & Raoul Chiesa, 2010 35
  • 36. "In the very near future many conflicts will not take place on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers, that is hackers. This means that a small force of hackers is stronger than the multi-thousand f lti th d force of th current armed f f the t d forces.“ “ Duma, 2007 © Jart Armin & Raoul Chiesa, 2010 36
  • 37. * © Jart Armin & Raoul Chiesa, 2010 37
  • 38. * * “Hackers” are today somehow “deprecated”, meaning that many CxOs are missing those “romantic” figures. * Driven by: Know-how needing (OS, networks, protocols), having fun, being cool, ‘cause it was “trendy”. * Nowadays’ attackers often belong to the Organized Crime, being both an active or passive actor. * Driven by: money money. * Results: a weird hack-ecosystem, composed by different actors. i.e.: Romania’s crime gangs in Italy passed the ATM skimmers biz to Nigerian ppl, getting paid back with cocaine (Italy, February 2009); Nigerian guys cash out the money from cybercrime activities (carding (carding, skimming, etc..) and buy human organs (kidneys) from Nigeria, then sell them in EU (Turin, Italy, September 2010). © Jart Armin & Raoul Chiesa, 2010 38
  • 39. * © Jart Armin & Raoul Chiesa, 2010 39
  • 40. *C b War Cyber © Jart Armin & Raoul Chiesa, 2010 40
  • 41. * © Jart Armin & Raoul Chiesa, 2010 41
  • 42. * © Jart Armin & Raoul Chiesa, 2010 42
  • 43. * OUT IN ☺ Single operational pic Situational awareness Autonomous ops Self-synchronizing ops Broadcast information push Information pull Individual Collaboration Stovepipes Communities of Interest Task, process, exploit, disseminate Task, post, process, use Multiple data calls, duplication Only handle information once Private data Shared data Perimeter, one-time security Persistent, continuous IA Bandwidth limitations Bandwidth on demand Circuit-based transport p IP-based transport p Single points of failure Diverse routing Separate infrastructures Enterprise services Customized, platform centric IT platform-centric COTS based, net-centric capabilities net centric Scouting elite hacker parties? © Jart Armin & Raoul Chiesa, 2010 43
  • 44. * * Botnet & drone * Server hacking armies * DDoS * Encryption yp * Trojans & Worms j * Extortion & Ransom * Malware * Man in the Middle © Jart Armin & Raoul Chiesa, 2010 44
  • 45. * © Jart Armin & Raoul Chiesa, 2010 45
  • 46. * * Cluster Bomb * Cruise Missile © Jart Armin & Raoul Chiesa, 2010 46
  • 47. * Multiple targets, loud and Laser Guided, precision, and noisy stealth * Massive DDoS * Compromise infrastructure * Loss of digital * Industrial Sabotage communication * Loss of confidence in * Cloning of state systems communications * Create confusion * Create confusion © Jart Armin & Raoul Chiesa, 2010 47
  • 48. * © Jart Armin & Raoul Chiesa, 2010 48
  • 49. * Stuxnet is a specialized malware, solely targeting: SCADA systems running Siemens SIMATIC WinCC. Such systems monitor and control industrial technology and infrastructure gy SIMATIC Siemens STEP 7 software for process visualization and system control Uses several vulnerabilities in the underlying MS Windows operating system for infection and propagation Infection works via USB-drives or open network shares Hides the content of the malware on infected systems Allows full remote control & P2P capabilities Only Siemens SCADA Step 7 & in particular centrifuges l f © Jart Armin & Raoul Chiesa, 2010 49
  • 50. * * I d t i l sabotage Industrial b t * Cyberwar tool kit * USA, Israel, China…….who else? Maybe the Aliens?? ;) USA I l Chi h l ? M b th Ali ?? ) * Atomstroyexport (TrojanDownloader.Agent.IJ trojan) * 19790509 in the Windows registry (US & USSR sign Salt 2 treaty, limiting nuclear weapons) – not a US date format * Experiment gone wrong * PoC (proof of concept) © Jart Armin & Raoul Chiesa, 2010 50
  • 51. * * A new class and dimension of malware * Not only for its complexity and sophistication N t l f it l it d hi ti ti * The attackers have invested a substantial amount of time and money to build such a complex attack tool (average: 1 MLN US$) * Can be considered as the "first strike", i.e. one of the first organized, well prepared attacks against major industrial resources * MITM (man in the middle) attacks on PLCs, industrial devices, and embedded systems * Potential associated with Wi-Fi & for radio-frequency identification id tifi ti (RFID) h kihacking, - “ “smart-meter” hij ki and much t t ” hijacking d h more (think about SCADA-related industry: Water Companies, Energy Power p gy plants, Highways, etc, etc.) , g y , , ) © Jart Armin & Raoul Chiesa, 2010 51
  • 52. * * The first time that mass-media wrote about “Industrial Automation & SCADA security”. y * Stuxnet “helped”, Intelligence Agencies & Military Forces to p , g g y think about “the next [IT] war” - also helping government contractors. * Stuxnet helped also security researchers to “track back the attack” to a state sponsored attack tool. p * Stuxnet may be a basis for future extortion. * Blueprint for the next generation of malware. © Jart Armin & Raoul Chiesa, 2010 52
  • 53. * © Jart Armin & Raoul Chiesa, 2010 53
  • 54. * © Jart Armin & Raoul Chiesa, 2010 54
  • 55. * Control of: * Cybercrime (learning from it, then applying its logic to InfoWar) * Critical industrial infrastructure & contractors * Over reliance on single routing of communications * MITM (man in the middle) – gaps in the systems * Mobile computing & thumb drives * Important Internet servers and national communications i f i i infrastructure * Improved Encryption & access © Jart Armin & Raoul Chiesa, 2010 55
  • 56. * * The “job of your life : being paid in order to hack remote job life”: systems, while being also legally authorised to do it!!! ☺ * The 0-days market will benefit from this * Military and Government organizations already began hiring hackers for consulting, Red Teams building, etc * Standards such as the OSSTMM (by ISECOM) may be easily applied and used in this scenario, while it’s not a “standard pentest” LOL © Jart Armin & Raoul Chiesa, 2010 56
  • 57. * CCC & KGB 1986-1989 KGB, © Jart Armin & Raoul Chiesa, 2010 57
  • 58. * CCC&KGB (‘80 ) (‘80s) Vodafone Greece attack Telecom Italia / Kroll infowar T l It li K ll i f Estonia Cyber-war (2007) Russia-Georgia C b R i G i Cyber-war (2008) North-Korea Attacks (2009) Google-China O G l Chi Operation A ti Aurora (2010) Iran / ? – STUXNET (2010) © Jart Armin & Raoul Chiesa, 2010 58
  • 59. * US/Israel Hacking US (February 1998) “Solar Sunrise” DoD, Air Force, Navy, Marine Corps Russia (ex KGB building) Hacking US (Sept 1999) „Moonlight Maze“ Classified naval codes, missile guidance systems info China Hacking US (2003-2005) “Titan Rain” Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, NASA South Korea (Oct 2004) Engaged lots of military hackers Russia (May 2007) Russia attacks Estonia government, DDoS Parliament, Ministries, Banks and Media , , Czech Republic (June 2007) Hackers broadcast “nuclear bomb” on morning’s prime time national television (alike “The war of the worlds”...) © Jart Armin & Raoul Chiesa, 2010 59
  • 60. * © Jart Armin & Raoul Chiesa, 2010 60
  • 64. CENSORED YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010 IN ORDER TO SEE THIS!!!
  • 65. CENSORED YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010 IN ORDER TO SEE THIS!!!
  • 66. CENSORED YOU SHOULD HAVE ATTENDED CLUB HACK CONFERENCE 2010 IN ORDER TO SEE THIS!!!
  • 67. * Jart Armin: jart@cyberdefcon.com * Raoul Chiesa: chiesa@UNICRI.it CyberDefcon – Cybercrime Clearing House & EU Early warning Coalition UNICRI - United Nations Interregional Crime and Justice Research Institute ENISA -the European Network and Information Security Agency p y g y The opinions hereby expressed are those of the Authors and do not necessarily represent the ideas and opinions of the United Nations, the UN agency “UNICRI”, ENISA “UNICRI” ENISA, ENISA PSG nor others. PSG, th * © Jart Armin & Raoul Chiesa, 2010 67