attacking internet … hannu h. kari

National Defence University, www.mpkk.fiprofessor Hannu H. Kari /45

Attacking Internet …

Hannu H. Kari

professor, research director

National Defence University


Solution alternatives

Technical solutions

Policies

Legislations


History


Technology enhancements

(www.daimler.co.uk) (decorateyourgarage.com)

(www.macarthurcoal.com.au)

~100+ years



(www.route79.com) (www2.jsonline.com)

(www.openfire.us) (www.eia.doe.gov)

(www.pennways.com)

(en.wikipedia.org)



The same thing has happened in Internet in 10…15 years!


Doomsday’s prophecy


Prediction 28.5.2004:Future does not look very good!

• V. 2003: Increase of garbage– The dramatic increase of viruses and junk mail

• V. 2004: Deterioration of network infrastructure– Attacks on infrastructure has increased

• V. 2005: Manipulation of content– Systematic manipulation of content in Internet

• V. 2006: Internet collapses– People and companies do not tolerate any more the load of garbage– We don’t trust on the content on the net– Malicious attacks on the network infrastructure deteriorate the usability

of Internet Internet will cease to be place to make business We go 10...20 years back before the time of computer networks


Internet collapses?

• What I meant by ”Internet collapses by 2006?”– Not a sudden and total breakdown, but

• more and more problems, e.g.:– viruses, junk mail, DoS attacks, network criminals, forged mails/WWW-

pages, utilization of vulnerabilities of commercial programs/operating systems, phishing attacks

• more and more ”protection money”– firewalls, virusprotection SW updates, operating system updates, junk-

mail filters, backup routes/systems, training• unreliability of the network

– works, doesn’t work, works, ...

If your business depends on Internet, you must be prepared

• Risk for major problems is imminent


Holmlund: Verkkohyökkäys voi uhata rahaliikennettä

{10.11.2008: MPK 187:n avajaiset} • YETTS: yhteiskunnan elintärkeät toiminnot tulee

turvata kaikissa tilanteissa• Myyrmanni, Jokela & Kauhajoki:

* syrjäytyminen sisäisen turvallisuutemme suurin uhka * monia ei-toivottuja kehitystrendejä

• Tarkoituksellisin verkkohyökkäyksin saatetaan heikentää valtion päätöksentekojärjestelmien tai esimerkiksi rahaliikenteen toimivuutta

• Ikävät tapahtumat tulevat eteemme aina jossain määrin yllätyksenä* varautumisesta ja riskianalyyseista huolimatta.

Asymmetrinen maailma, asymmetriset arvot ja motiivit Kaikki uhkat eivät välttämättä tule ulkoa


Scenario ”20xx”


Scenario “3/2011”

• Election in a small EU countrya country famous on ICT usage, including electronic voting

• During the election days, a massive DDoS attack is launched against the election system

Electronic voting system is unavailable for several hours

As a back up alternative, people will use ”traditional paper voting system”

No harm done????


Scenario “3/2011”

• Report for the Council of Europe: Internet voting in the March 2007 Parliamentary Elections in Estonia

– Internet attacks, such as DDoS (Distributed Denial of Service) attacks, could have hampered the ability to run the e-voting application. An extension of the e-voting period could potentially make it more difficult to launch such attacks.

• ... But will anyone really seriously think electronic voting as a viable alternative for paper voting after this???

• NO! We have lost the game permanently


Threats


Main threats of Internet

1. We loose our confidence

2. Internet does not work

3. We loose data/money with Internet


Who and Why?

WHY

Motivations:1.Social behavior2.Vandalism3.Money4. Ideology5.Military strategic

interests

WHO

Amateurs are just tip of the iceberg• Hackers: Fun, can-I-do-it?,

show-up, ... (1, 2)

The real problem: Professionals• Mafia, organized crime (3)• Industrial espionage,

competitors (3)• Cyber terrorists (2, 4)• Terrorist-countries (4, 5)• Military (5)


Internet problems


Security problems in Internet, samplesOctober 2002, Scientific American

”9 out of 13 root DNS –servers were

crippled by DDoS attack”

November 2004, Damages caused by

worms/viruses, Mikko Hyppönen/F-Secure

Slammer: Intranet of nuclear power plant in Ohio downBank of America ATM network down

Blaster:

Electric power network down in NY, USA

Several SCADA systems down

Sasser:

All train traffic halted in Australia

Two hospitals in Sweden infected

January 2005, FBI/Tsunami

”Net criminals used fake web pages of American

Red Cross to get credit card data”

September 2006, Scientific American

”Attack on DNS (Domain Name System)

allows cybercriminal to hijack ordinary

netbanking sessions”

January 2007, www.idg.se

”Almost 1 Million € stolen from a

Scandinavian bank by a Russian hacker

with a trojan distributed with spam mail”

”The biggest so far..”

January 2005, BBC News”Internet gambling hit hard by the attacks.Extortionists are targeting net-based bettingfirms and threatening to cripple their websiteswith deluges of data unless a ransom is paid.”

May 2007, IT-Viikko

”Attacks on Estonian governmental and commercial net sites”


Security problems in Internet, samplesDDoS attacks

Design flawsDoS, DDoS attacksCriminal intentions

Viruses, worms, mallwareCriminal intentions

DNS attacks

Design flaws

DoS, DDoS attacks

Design flaws

Phishing

Users’ stupidity

Scams

Users’ stupidity


Why Internet is so buggy?


Internet design criterion• Primary goals

– Multiplexing of channel– Various network archtectures– Administrative boundaries– Packet switching– Gateways (routers) between networks

• Secondary goals– Robustness (loss of routers and links)– Multiple services (reliable or realtime data)– Usage of various networks– Distributed management– Cost efficient implementation– Simple attachement to network– Resource usage monitoring

Based on David D. Clark:”The Design Philosophy of the DARPA Internet Protocols”


Implicit Internet design criterion

• Silent assumptions– Benevolence– Openness– Low level of dynamicity– No mobility– Limited computation capacity– High cost of crypto algorithms

– Limited bandwidth

AS

SU

MP

TIO

NS

NO

T

VA

LID

AN

Y M

OR

E !

!!

STILL VALID, IN SOME CASES !!!


Modern problems

• Today we have– Internal problems– Eavesdropping– Packet manipulation– Privacy problems– Viruses– Network criminals– ...


Internet design flaws

• Original design principles: The enemy is out there!– ”Everybody can send anything to anybody”– Security measures are introduced afterwards

• The new design principles: The enemy is among us!– We must be prepared to pay for security/reliability

• in form of computation power, bandwidth, energy, etc.

– Strong security as the fundamental building block– Legal sanctions against malevolent entities

Every packet must have an owner!


Solution alternatives


Four security domains

2. End-to-end secured communication(Data integrity and confidentiality)

3. Content integrity/authenticity/timelyness(information sharing)

1. Reliable operation of the critical network infrastructure

PGP, S/MIME

Restricted caller groups

IPsec, TLS

PLA, MPLS, Physical protection

4. Virtual communities(Knowledge sharing)


Four security domains

2. End-to-end secured communication(Data integrity and confidentiality)

3. Content integrity/authenticity/timelyness(information sharing)

1. Reliable operation of the critical network infrastructure

PGP, S/MIME

Restricted caller groups

IPsec, TLS

Partial solutions: MPLS, Physical protection

4. Virtual communities(Knowledge sharing)

GOOD

“BRAND”

MANAGEMENT

IS M

OST IMPORTANT


Weakest point: Infrastructure

• Info-bulimia– Flooding, DoS/DDos, Smurf, Sync, ...

• Info-anemia– Link breakage, data corruption, rerouting

packet, router attacks, DNS-attacks, ...We don’t get vital information in time

We can’t make decisions or we do decisions with incomplete information

Reliably operating network is a MUST


Society and warfighting


(R)evolution of War

Evolution of societies and their relations with war

?

AGRARIANSOCIETY

INDUSTRIALIZED SOCIETY

INFORMATIONSOCIETY

The war is fought for/with/against the most valuable assets of the society

VALUESOCIETY ?


The dilemma is that the military have to cope with all the different types of conflict at the same time some of which they are not suited to do.

Definition of War and Enemy?

Rhizomethic War

“WAR” and “ENEMY” in the future?


unmanned weapon ?

Managing Military Transformation and Future Soldier


4 Warfighting strata


4 Strata: Physical

PHYSICAL

GROUND

AIR

SEA

SPACE


4 Strata: Cyber-space

PHYSICAL

GROUND

AIR

SEA

SPACE

CYBER-SPACE

”INTERNET”


4 Strata: Mental

PHYSICAL

GROUND

AIR

SEA

SPACE

CYBER-SPACE

”INTERNET”

MENTAL

VALUES

ATTITUDES

BRAND

TRUST

BELIEVES

OPINIONS


4 Strata: Time

PHYSICAL

GROUND

AIR

SEA

SPACE

CYBER-SPACE

”INTERNET”

MENTAL

VALUES

ATTITUDES

BRAND

BELIEVES

OPINIONS

TIME

YESTERDAY

NOW

TOMORROW

2030


OODA-loop


Decision making based on OODA-loop

OODA-loop by Colonel John Boyd – Model for human

decision making

Right information delivered to right place at right time


OODA-loop

WE Others

To disturb and slow downTo protect and speed up


Internal decision making

Externalworld

Wrong info

Old info

Missing info

Info bulimia

Compromized source of info

Tender points

Attacking decision making process


War of values

CulturalTraditions

ORIENT-phase

GeneticHeritage

Newinformation

Previousexperience

Analysis & Synthesis

OBSERVE-phase

DECIDE-phase

VALUES


Systems of Systems


CAP


Management of Information

Availability(saatavuus)

Consistency(eheys/ajankohtaisuus)

Privacy(yksityisyys)

C&A-P

C&P-A

A&P-C

Pick two out of three(C,A,P)

=> 3rd is unmanageable


NATIONAL DEFENCE UNIVERSITY

”Do the work that has a meaning” Thank you for your Questions? attention!

attacking internet … hannu h. kari

Documents