1 information warfare: the warriors casey j. dunlevy cert survivable enterprise management
Post on 22-Dec-2015
213 views
TRANSCRIPT
![Page 1: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/1.jpg)
1
Information Warfare:The Warriors
Casey J. DunlevyCERT Survivable Enterprise Management
![Page 2: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/2.jpg)
2
Overview
Information Warriors Who Are They What Do They Do
Types of Threat PsyOps Civil Affairs Electronic Warfare Hackers/Crackers Cyber Terror Defenders
![Page 3: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/3.jpg)
3
References
http://www.cert.org
InfoWar:
http://www.iwar.org.uk/index.htm
http://infowar.freeservers.com/index.html
http://www.nmrc.org/links/
Culture: http://www.eff.org/pub/Net_culture/
Terrorism: http://www.terrorism.com/terrorism/links.shtml
Books :
Sterling - The Hacker Crackdown
Stoll - The Cuckoo’s Egg
Honeynet Project – Know Your Enemy
Schneier – Beyond Fear
![Page 4: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/4.jpg)
4
Information Warriors
Information Warfare much more than Computer Network Operations (CNO) Psychological Operations Civil Affairs Electronic Warfare Ops Computer Warriors Counter-IW Specialists (Defenders)
![Page 5: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/5.jpg)
5
Threats
National Security Critical National
Infrastructure Cyber-Warfare/Computer
Network Operations
Cyber Crime Organized Crime Identity Theft Extortion Fraud
Non-State Actors Terrorists Political Activists
![Page 6: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/6.jpg)
6
Threats
Nation States Information Warfare is
recognized as a part of military strategy and doctrine around the world
The study and practice of military usage of Information Warfare is taught in military academies and educational facilities
![Page 7: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/7.jpg)
7
Example - Chinese Activities
What We Have Observed:
• A series of activities over 3 years from similar network locations
•A series of attack tools in last 1.5 yearsQAZ, Red Lyon, Code Red
•Political timing What We Surmise:
• Diverse team with resources
• Using hackers/loose ISP for cover
• Keeping attacks below threshold
• Studying reaction/defense
![Page 8: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/8.jpg)
8
Threats
Organized Crime Utilized Information Warfare in
various forms for centuries Extortion is a form of Information
Warfare New technologies breed new
criminals Technology creates trans-
national criminal organizations In certain nations, the lines
between state actions and organized crime can be blurred
![Page 9: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/9.jpg)
9
Transnational Organized Crime
Organizedcrime
Hacktivism
Insidercrime
Hackers/Crackers
Cyber-crime
![Page 10: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/10.jpg)
10
Example -Transnational Organized Crime
Individual crime may be difficult to differentiate from organized crime:
Distribution and Coordination tools Mass exploitation methods
Organized crime exploits Information technologies Enhanced efficiencies – on-line management of
illegal gambling schemes Intelligence tool for risk management – Cali
organization in 1995 had state of the art equipment Force multiplier – GPS for sea drops
New channels and new targets for crime
![Page 11: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/11.jpg)
11
Threats
Non-State Actors Terrorists Hacktivists
Sometimes different sides of the same page
As with organized crime, sometimes the lines between state and non-state actors is blurred
![Page 12: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/12.jpg)
12
Example - Hacker to Terrorism?
Defaced Health-care web site in India "This site has been hacked by ISI
(Kashmir is ours), we want a hospital in Kashmir" and signed by Mujahideen-ul-dawat
Linked to G-Force Pakistan
Global Hactivism linked to Mid-East conflict
Information Warfare successfully utilized in Chiapas conflict with Mexican gov’t
![Page 13: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/13.jpg)
13
Examples - Cyber-Intifada
Prolonged campaign Palestinian hackers/web defacers Targeting Israeli and Israel-supporting
organizations Low innovation level
Counter-campaigns Publicity Counter-hacking: 2xS.co.il
![Page 14: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/14.jpg)
14
The Warriors
Sociology of warriors Morale Vigilance vs. assumed invulnerability Organization
Motivation of warriors Accountability vs. anarchy Delayed vs. immediate gratification Internal vs. external gratification
Preparation of warriors Training Tool selection Intelligence Strategy
![Page 15: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/15.jpg)
15
The Warriors
Psychological Operations Warriors Specialize in using information
warfare to change an enemy’s state of mind Propaganda (Not limited to PsyOps)
Non-threatening Threatening
Computer Network Operations Goal is to eliminate confidence Impacts decision-making and C2
![Page 16: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/16.jpg)
16
The Warriors
Civil Affairs Winning the Hearts and Minds!
Essential to military operations Utilizes Information Warfare
strategies to calm and utilize populations
Specialists must understand subtleties of language and culture Research begins long before the
battle Operations last long after the
battle is won
![Page 17: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/17.jpg)
17
The Warriors
Electronic Warfare Ops Goal is to utilize electronic
information infrastructure against your enemy Information lost or modified Make the enemy blind, deaf,
and dumb
Restrict or control electronic information sources
![Page 18: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/18.jpg)
18
The Warriors
Computer Warriors Computer Network
Operations Offensive attacks against
enemy information/computer networks
Utilization of sophisticated attack tools and malware
Newest form of Information Warfare Principles are the same
![Page 19: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/19.jpg)
19
Attack Sophistication vs.Intruder Technical Knowledge
High
Low password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUIautomated probes/scans
denial of service
www attacks
Tools
Attackers
IntruderKnowledge
AttackSophistication
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributedattack tools
Cross site scripting
Stagedattack
Time
![Page 20: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/20.jpg)
20
Examples – Response Time to CNO
![Page 21: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/21.jpg)
21
Cyber Terrorism
Cyberterror is still emerging No verified example of cyber terror attack to
date Evolving threat Integrating critical missions with general Internet Increasing damage/speed of attacks Continued vulnerability of off-the-shelf software
Much confusion of descriptions and definitions
Technology widely viewed as critical weakness of Western nations
![Page 22: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/22.jpg)
22
Defenders
Highly trained specialists Part detective, intelligence analyst,
technologist, and bad guy Red Teams/Tiger Teams Vulnerability / Risk Analysts Intrusion Response Teams
![Page 23: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/23.jpg)
23
Defense Flow
Analysis & Assessment
Remediation
Indications & Warnings
Mitigation
Response
Reconstitution
Threshold?
No
Yes
![Page 24: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/24.jpg)
24
Intrusion Response teams
Types: Automated Local dedicated or volunteer team Contracted team
Why? Single-point of contact for fast response Provide for consistent response Provide for collateral relationships
Problems: Resources Authorization to act Trust
![Page 25: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/25.jpg)
25
Summary
Information Warriors are the same as warriors have always been Utilize different weapon
Long-bow or Computer? Have to react faster
Aircraft or Data packets? New skills
Hand-to-Hand or Computer Network Operations?
![Page 26: 1 Information Warfare: The Warriors Casey J. Dunlevy CERT Survivable Enterprise Management](https://reader035.vdocuments.us/reader035/viewer/2022081519/56649d805503460f94a63ca0/html5/thumbnails/26.jpg)
26
Summary
Increasingly diverse threat
Ongoing challenge to track, trend, pursue
Who may be as important as what