3-1/66 copyright © 2006 m. e. kabay. all rights reserved. 09:05-10:25 information warfare part 3:...
TRANSCRIPT
3-1/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
INFORMATION WARFARE
Part 3: Cases & ScenariosAdvanced Course in Engineering
2006 Cyber Security Boot CampAir Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSP-ISSMPAssoc. Prof. Information Assurance
Program Direction, MSIA & BSIADivision of Business & Management, Norwich University
Northfield, Vermont mailto:[email protected] V: 802.479.7937
3-2/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Topics
08:00-08:15 Introductions & Overview08:15-09:00 Fundamental Concepts09:05-10:25 INFOWAR Theory 10:35-11:55 Case Histories & Scenarios
3-3/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Examples of INFOSEC Breaches and Failures
Electronic infrastructure growing in importance
Must expand conception of warfare in the age of ubiquitous computing
Cases intended to stimulate your imaginationSpans last decade of developments to
provide wide range of examplesVERY FAST OVERVIEW (66 slides in <90
minutes)
3-4/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraudPsyops
Denial of Service (DoS)
3-5/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Data Losses on BU Tapes
2005.02 Citibank loses mag tape in Japan w/ data on 120,000 customers
2005.05 Iron Mountain loses tapes in 4th incident in 4 months – 600,000 employee records
2005.02 Citibank loses box of tapes w/ data on 4M US customers
2006.05 Wells Fargo loses computer w/ unadmitted # of customer records including SSNs
3-6/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Laptops Losses Compromise Customer Data2006.01-03 Ernst & Young debacle
Jan: laptop lost or stolen w/ data for Sun, Cisco, HP & BP (38,000) employees
Jan: a different laptop stolen from employee’s car:
IBM employee dataAdmitted loss in March
Feb: 4 laptops left in conference roomStolen by 2 intrudersNo details
All computers “password protected” so OK (!)
3-7/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-8/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Industrial Espionage: Echelon
EU Parliament attacks Echelon (2000.07)Formed temporary committee to investigate
spy networkSuspicions that Echelon used to intercept
conversations of European businesses Information might be given to competitors
from Echelon operatorsUS, Canada, Australia, New Zealand
In 2001.05, report recommend more use of encryption to defeat Echelon
3-9/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Industrial Espionage in Israel
Israeli Trojan Horse Keylogger2005.05 Suspicions raised by keylogger software
on PCsAuthor found his MS on ‘NetSomeone tried to steal money from his bankCreated by Michael Haephrati – ex-son-in-lawMany companies found infected by same
program – sent data to server in London2006.03 Perpetrators sent to jail
Michael Haephrati: 4 yearsRuth Brier-Haephrati: 2 years
3-10/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-11/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Penetration: MitnickSept 96 — AP Kevin Mitnick indicted in Los Angeles 25 count indictment
stealing softwaredamaging computers at University of Southern
Californiausing passwords without authorizationusing stolen cellular phone codes
Readings about the Mitnick case Goodell, J. (1996). The Cyberthief and the Samurai: The True Story of Kevin Mitnick—and
the Man Who Hunted Him Down. Dell (New York). ISBN 0-440-22205-2. xix + 328. Hafner, K. & J. Markoff (1991). Cyberpunk: Outlaws and Hackers on the Computer Frontier.
Touchstone Books, Simon & Schuster (New York). ISBN 0-671-77879-X. 368. Index. Littman, J. (1996). The Fugitive Game: Online with Kevin Mitnick—The Inside Story of the
Great Cyberchase. Little, Brown and Company (Boston). ISBN 0-316-5258-7. x + 383. Shimomura, T. & J. Markoff (1996). Takedown: The Pursuit and Capture of Kevin Mitnick,
America's Most Wanted Computer Outlaw—by the Man Who Did It. Hyperion (New York). ISBN 0-7868-6210-6. xii + 324. Index.
3-12/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Penetration: DISA Report
1997.03 — EDUPAGE InfoWar Division of Defense Information
Systems Agency of USRetested 15,000 Pentagon computers
had warned system managers of vulnerabilities in previous audit
90% of systems were still vulnerableRecommended emphasizing response
(immediate shutdown) instead of focusing solely on preventing penetrations
3-13/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Penetration: Citibank Hack
1998.02 (events started 1994.07)Vladimir Levin of St Petersburg hacked
Citibank computersConspirator Alexei Lachmanov transferred
U$2.8M to five Tel Aviv banksAdmitted to attempting to withdraw
US$940,000 from those accountsThree other members of the gang pleaded
guiltyLevin extradited 1997.09
3-14/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Citibank -- Conclusion
1998.02 -- Levin sentenced to 3 years, finedVladimir Levin convicted by NYC courtTransferred $12M in assets from CitibankCrime spotted after first $400K theftCitibank cooperated with FBIMORAL: report computer crime & help
prosecute the criminals
3-15/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Penetration: 2005
2005.01: Nicolas Lee Jacobsen, 21, charged with breaking into T-Mobile computers for more than 1 yearAccess to 16.3M customer filesObtain voicemail PINs, passwords for Web
access to e-mailRead e-mail of FBI agent investigating his
own case2005.01: Hackers break into George Mason
University computers2005.03: 150 applicants to business schools
break into their own records illegally on ApplyYourself Web site
3-16/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-17/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Data Diddling: Québec
Tax evasion by computer (1997.12)Québec, Canada restaurateursU.S.-made computer program ("zapper")Skimmed off up to 30% of the receiptsEvaded Revenue Canada and provincial tax$M/year
3-18/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Data Diddling: LA Gas
Los Angeles gasoline-pump fraud -- 1998.10DA charged 4 men with fraudAllegedly installed new computer chips in
gasoline pumpscheated consumersoverstated amounts 7%-25%
Complaints about buying more gasoline than capacity of fuel tank
Difficult to prove initiallyprogrammed chips to spot 5 & 10 gallon
tests by inspectorsdelivered exactly right amount for them
3-19/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Data Diddling: BOOM!
Employee tried to sabotage nuclear plant in UK (1999.06)Security guardTried to alter sensitive information
New measures put into place 18 months later (2001.09)
3-20/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Data Diddling: GOOGLE Hacking*GOOGLE used as political ploy (2004.01)Pranksters engineer Web sites to alter GOOGLE
links and statisticsLinked George W. Bush to bad words
“unelectable”“miserable failure”
Supporters retaliated with similar ploys against Kerry
___________* Term now used to mean using search engines as
part of hacker tool kit
3-21/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-22/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Sabotage? IE vs NavigatorInternet Explorer 4.0 vs Netscape Navigator
(1997.10) IE 4.0 included features from Plus! for
Windows 95anti-aliasing functionsmoothes large fonts on screen
Reportedly did not smooth fonts in Netscape Navigator
Allegedly not found to fail in any other program tested -- but updated Occam’s Razor states:
Never attribute to malice
what stupidity can adequately explain.
3-23/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Sabotage? MS-MediaPlayer vs RealAudio
Several reports of software conflicts — 1998.10 Installation of MS-MediaPlayer causes
problems with other media playersMS product takes over file associationsPrevents usability of RealAudioDe-installation switches file associations to
other MS productsMS denied deliberate attack, accuses other
programs of quality problems
[Attila the Hun no doubt accused Europeans of quality problems, too.]
3-24/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Web Vandalism ClassicsCIA (1996.09)USAF (1996.12)NASA (1997.03)AirTran (1997.09)UNICEF (1998.01)US Dept Commerce (1998.02)New York Times (1998.09)SETI site (1999)Fort Monmouth (1999)Senate of the USA (twice)(1999)DEFCON 1999 (!)
3-25/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
CIA (1996.09)
3-26/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
USAF (1996.12)
3-27/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
NASA (1997.03)
3-28/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
AirTran (1997.09)
3-29/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
UNICEF (1998.01)
3-30/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
US Dept Commerce (1998.02)
3-31/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
New York Times (1998.09)
3-32/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
SETI (1999)
3-33/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Fort Monmouth (1999)
3-34/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Senate of the USA (1) (1999)
3-35/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Senate of the USA (2) (1999.06)
3-36/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DEFCON (1999.07)
3-37/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-38/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Trojan: Moldovan Scam
1997.11 — news wires, EDUPAGE, RISKSPornography seekers logged into
http://www.sexygirls.com (Nov 96-1997.02)Special viewer program to decode picturesTrojan program
secretly disconnected modem connectionturned modem sound offdialed ISP in Moldavia — long distance
Long-distance charges in $K/victimCourt ordered refund of $M to consumers
3-39/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Trojan: Back Orifice
cDc (Cult of the Dead Cow) — 1998.07Back Orifice for analyzing and compromising
MS-Windows securitySir Dystic — hacker with L0PHT“Main legitimate purposes for BO:”
remote tech support aidemployee monitoringremote administering [of a Windows
network]."Wink.”
3-40/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Back Orifice — cont’dFeatures
image and data capture from any Windows system on a compromised network
HTTP server allowing unrestricted I/O to and from workstation
packet snifferkeystroke monitorsoftware for easy manipulations of the
victims' Internet connectionsTrojan allows infection of other applicationsStealth techniques15,000 copies distributed to IRC users in
infected file “nfo.zip”
3-41/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Trojan: Linux Backdoor
Linux kernel attacked (2003.11)Hacker tried to enter backdoor code into
sys_wait4() functionWould have granted rootNoticed by experienced Linux programmers
3-42/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinfoPsyops
Denial of Service (DoS)
3-43/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Deception: Holiday Inns vs Call Management
1997.01 -- APHoliday Inns uses 1-800-HOLIDAY for
reservations (note the O)Call Management uses 1-800-H0LIDAY (note the
ZEROHoliday Inns sued and lostOther firms have used phone numbers adjacent
to important commercial numbers in order to capture calls from misdealing customers
Old porn site whitehouse.com (now a respectable site) used confusion with whitehouse.gov to trick kids into visit
3-44/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Disinfo: Belgian ATC Fraud
1997.01 — ReutersBelgian lunatic broadcasting false
information to pilotsAir-Traffic Control caught the false
information in time to prevent tragedySerious problem for air safetyPolice unable to locate pirate transmitterLunatic thought to be former ATC employee
3-45/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Psyops: Motley Fool
1996.03 -- Iomega high-capacity removable disk drives slammed by false information
America Online's Motley Fool bulletin boardFalse informationFlaming and physical threats
Caused volatility of stock pricesPeople who know which way the stock will
rise or fall can make money on the trades
3-46/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Psyops: Pairgain1999.04: Gary Dale Hoke arrested by FBI
Employee of PairgainCreated bogus Web page
Simulated Bloomberg information service Touted PairGain stock
undervalued – impending takeoverPointed to fake page using Yahoo message
boardsInvestors bid up price of Pairgain stock from
$8.50 to $11.12 (130%)13.7 M shares traded – 700% normal
volume
3-47/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Pairgain – cont’d
Windfall gains & losses by investorsHoke did not in fact trade any of the stock
himselfPleaded guilty to charges of stock
manipulationSentenced to home detention, probation,
restitution
3-48/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Psyops: Emulex
2000.98: Emulex lost 60% of total share value Mark Jakob, 23 years oldFabricated news releaseSent from community college computerCirculated by Dow Jones, BloombergClaimed profit warning, SEC investigators,
loss of CEOJackob profited by $240,000 in minutes
3-49/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Psyops: 4-1-9 Brides
Prospective Brides Needed Money (2004.11)Russian Yury Lazarev hired women to write
flowery letters to possible partners Included sexy photographs3,000 men responded from around worldAttempts to meet met with requests for
moneyVisasAirline tickets
Net profits: $300,000One year suspended sentence in Moscow
3-50/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cases
Breaches of confidentiality Industrial EspionageUnauthorized Access (Penetration)Unauthorized Modification
Data DiddlingSabotage, vandalismTrojan Horses
DeceptionFraud, disinformationPsyops
Denial of Service (DoS)
3-51/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
History of DoS
1987-12: Christmas-Tree WormIBM internal networksGrew explosivelySelf-mailing graphicEscaped into BITNET
1988-11: Morris WormProbably launched by mistakeDemonstration programReplicated through Internet~9,000 systems crashed or were
deliberately taken off-line
3-52/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DoS: Mail-Bombing Via Lists 1996.08/121996.08 — “Johnny [x]chaotic”
subscribed dozens of people to hundreds of listsvictims received up to 20,000 e-mail msg/daypublished rambling, incoherent manifestobecame known as “UNAMAILER”
1996.12 — UNAMAILER struck againRoot problem
some list managers automatically subscribe people should verifying authenticity of requestsend request for confirmation
3-53/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DoS: Root Servers
DoS cripples 9 of 13 root servers (2002.10)Most sophisticated and large-scale assault on
root servers to dateStarted 16:45 EDT Monday 21 Oct 200230-40x normal traffic from South Korea and US
origins7 servers failed completely; 2 intermittentlyRemaining 4 servers continued to service ‘Net
requests – no significant degradation of service
Verisign upgraded protection on its servers as a result
3-54/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DoS: Al-Jazeera
Al-Jazeera swamped (2003.03)Arab satellite TV network Web site
unavailableSwamped by bogus traffic aimed at US
servers for its site
3-55/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DoS: GOOGLE & .com Disappear Briefly
GOOGLE disappears from Web (2005.05)Gone for 15 minutes 7 May 2005Glitch in DNSDrew attention to concerns over DNS stabilityNational Research Council issued report
criticizing state of DNS infrastructure
http://www7.nationalacademies.org/cstb/pub_dns.html
Historical note:
2000.08.23: 4 of 13 root DNS servers failedAll access (http, ftp, smtp) to entire .com
domain blocked for 1 hour worldwide
3-56/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Future INFOWAR Scenarios
Technology for SpiesCryptography vs Parallel ComputingArchivesPermanence of Human KnowledgeRFIDDown the Road a Bit (or Byte)Flash CrowdsSmart Appliances?Direct Neural Interfaces
3-57/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Technology for Spies
Cell phones becoming PDAsVictimized by virusesIdeal for spreading malwareInclude cameras and microphonesCan be remotely controlled
Flash drives make it easy to steal dataWatch out for sushi on the back of your
computer
3-58/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Cryptography vs Parallel Computing
Some computers being described in Kproc (kilo-processors)
Brute-force cracking catching up with popular keylengths
Have seen PGP users change their keys from 512 bits to 1024 to 2048 in a few years
How are companies managing their keys?
3-59/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Archives
Technology changing very fast1980 8” 128 KB disk unreadable1990 5¼” 768 KB disk unreadable2000 100 MB ZIP disk obsolete2002 2 GB Jaz disk obsolete20?? 700MB CD-ROM obsolete2??? 4.4 GB DVD obsolete
Changes in OS and application software make old versions unreadable too
What will happen to our archival data?
3-60/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Permanence of Human Knowledge
How do we stabilize URLs?How safe are TinyURLs?Who safeguards availability of important
electronic documents?
STILL WORKS AFTER 2 YEARS… and now there are more:
3-61/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
RFID
Radio-Frequency IdentifiersNot only for productsCan be implanted under skinBeing used to track and identify crittersWhat about people?Privacy issues?
http://www.bibleetnombres.online.fr/image8/rfid.jpg
3-62/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Down the Road a Bit (or Byte)Computer-controlled cars
Follow guides in roadsAny bets security will be minimal?Hijack a car moving at 70 mph??
SegwaysExtensive computer controls for gyroscopic
stabilizationHow long until they are hacked?
3-63/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Flash Crowds
People respond to anonymous instructionsBe at specific place at specific time for no
particular reasonNews spreads through e-mail, IM
Crowds of thousands gather on command and jam available space for fun
Now think about how such obedience can be used by criminals – or terrorists. . . .
3-64/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
SmartAppliances?
Copyright © 1999 Rich Tenant.All rights reserved.
3-65/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
Direct Neural Interfaces
Direct neural interfacesWorking on reading brain activity patternsControl computersControl machinery?What about hackers?
Being proposed tocontrol prosthesesRFI interference?Hacking?DoS?
http://whatisthematrix.warnerbros.com/img/1-3d.jpg
3-66/66 Copyright © 2006 M. E. Kabay. All rights reserved. 09:05-10:25
DISCUSSION