Post on 20-Jan-2017
transcript
innovateinfosec.com
Cyber Espionage Sabotaging Governments Long Term
StrategyAjay Porus
Director & Principal Consultant Innovate InfoSecCISA, ITIL, ISO27001, CPISI, RSA certified Analyst, CCNA
Security, Qualysguard certified specialistDigital forensics & Cyber crime expert- US DOD Cyber crime
center
innovateinfosec.com Disclaimer
• Information used to create the training has been taken from various sources and books. Credit for the information remains with the original authors and registered brands and trademarks belongs to their legitimate owners and does not violate any of Licenses and intellectual property rights
• This training material either in hard or soft forms contains my personal opinion and has nothing to do with my any current or past employers.
innovateinfosec.com My Profile• I am an Information Security and
technology Enthusiast.• I do Consulting and training – A startup –
Innovate InfoSec Pvt. Ltd.• More Than 15 certification in Information
security, cyber Security, Risk & Compliance• Publications: Cloud Computing and its
Security Benefits – Enterprise IT Security Magzine
Senior Cyber Leadership - Why a Technically Competent Cyber Workforce is Not Enough – Cyber Security Forum Initiative (CSFI) • Volunteer work: Honeynet Project India• Cloud Security Alliance – Founder
Hyderabad Chapter
innovateinfosec.com Agenda
• What is Government• Pillars or soul of a nation• What is Cyber Espionage• Types of Cyber Espionage• Examples with after effects• Anatomy of Cyber Espionage• What can be Done
Blackhat - Official Trailer (Universal Pictures) HD.mp4
innovateinfosec.com Government
• What is government• Bureaucrats, Elected member• Strategist, Think Tanks• Scientists, diplomats
But from where they come
People, Citizens of the Nation
innovateinfosec.com Pillars or soul of a nation
• Politics• Economics• Social Culture• Defense• Healthcare• Telecommunications• Education
Successful Attack on One = Destabilize a nationSuccessful Attack on few = Kill a nation
innovateinfosec.com Cyber Espionage
innovateinfosec.com Cyber Espionage– Enemies• Top enemies – Espionage – Attacks - Communications• China, Russia, North Korea, USA• country sponsored and organized terrorism
– Recruitment– Training– Coordination of attacks– Thrill seekers and for hire threats
• Political sympathizers for radical causes– Recruitment– Training– Message marketing– Intellectual property
innovateinfosec.com Cyber Espionage– Targets
• Nuclear plants• Any automated production
including Gas, oil…etc• SCADA is a hot target – Low tech
and isolation has been its best protection
• Military• Monetary system• Citizen communications platform• Internet• Cell• Emergency services• Social Media• Big data & Cloud Enviornment
innovateinfosec.com Goals of Cyber Espionage
• Money• Power• Control• Publicity• Revenge• Future protection/Penetration
testing
innovateinfosec.com The Original Logic Bomb
Moonlight Maze 1998One of the earliest forms of major infiltration where hackers penetrated American computer systems at will; Moonlight Maze was an accidental discovery made by the US officials and was believed to be conceived by the Russians although they denied their involvement. In this cyber attack, hackers targeted military maps and schematics and other US troop configurations from the Pentagon, the Department of Energy, NASA and various universities and research labs in unremitting attacks that was discovered in March , but had been going on for nearly two years.
innovateinfosec.com UkraineUkrainian Politicians' Phones Blocked, Damage to Ukrainian Telecom Cables Signals Jammed
innovateinfosec.com Cyber Army Unit PLA Unit 61398
• APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398 (61398部队 ).
• Stolen hundreds of terabytes of data from at least 141 organizations
• Thousands of Employees• A well defined requirement
and curriculum• Huge infrastructure all
around the world• Operations since 2006Cyber Espionage- The Chinese Threat- Stealing the Secrets of Corporate America.mp4
innovateinfosec.com
STUXNET- The Virus that Almost Started WW3.mp4
innovateinfosec.com DUQU• Duqu was created in order to collect intelligence about its targets, which can
include pretty much anything that is available in digital format on the victim’s PC.
innovateinfosec.com Flame
innovateinfosec.com F 35 Secrets in Chinese fighter plane• the Chinese probably obtained the F- secrets from Lockheed Martin, its subcontractors,
or U.S. allies involved in the development program. Allies that took part in the F- program include the United Kingdom, Israel, Italy, Australia, Canada, Norway, Denmark, the Netherlands, and Turkey
• Program budget 395 Billion dollar, but now stalled because of budget and other unknown issue.
F 35 J20
innovateinfosec.com Attack on Kaspersky
• A highly Sophisticated attack on kaspersky Labs• New nation-state attack attributed to members of the infamous Stuxnet and Duqu
gang• A case of the watchers watching the watchers who are watching them.• The attackers appear to be the same group that created Duqu, spyware discovered in
2011 that was used to hack a certificate authority in Hungary, as well as targets in Iran and Sudan, and that shared a number of similarities with Stuxnet, the famed digital weapon that sabotaged Iran’s nuclear program.
• Duqu 2.0, as Kaspersky is calling it, is a massive, 19-megabyte toolkit with plugins for various reconnaissance and data theft activities
• The entire code of this [attack] platform is some of the best we have seen ever,”• the attackers also struck a series of hotels and conference venues, each of them a
location where members of the UN Security Council met in the past year to negotiate Iran’s nuclear program.
• Regin was a sophisticated spy tool Kaspersky found in the wild last year that was used to hack the Belgian telecom Belgacom and the European Commission
'Cloud Atlas'- Russia Targeted by Another Large Scale Cyber Espionage Campaign!.mp4
innovateinfosec.com How its done
• Goal – Reason for attack – end desire– Intelligence– Lots of data– Information
• Five steps in an attack– Reconnaissance– Probing– Actual attack– Maintaining presence– To continue original attack desired effect
• To allow for future attacks – continued surveillance– Light footing– Covering attack track
• Residual for future or continued access
innovateinfosec.com The Vulnerability Matrix
Electric
Government
Natural Gas
Fedral institutions
commercial
nuclear plants
wastewater facilities
Oil Pieline
chemical plants
Hospitals
E-commerce
billion miles of cable
Airports
maritime ports
Production sites
Railways
Govt. facilities
Home Users
Broadband Connections
Wireless
Viruses, Worms
Banking
Telecom
EmergencyServices
Chemical
Rail
Natural GasWater
Waste Water
Transportation
Oil
Dams
Insiders
Configuration
Problems
Miles long transmission lines
overlapping grid controllers
innovateinfosec.com Underground world of Cyber Espionage
• Russian Business Network working for corporate espionage• Selling secrets from corporate and governments to highest bidders• Selling zero day vulnerabilities along with cyber weapons
innovateinfosec.com The Anatomy of Cyber Espionage
• Reason for cyber espionage • Benefits gained • target clicking on a malicious link• zero-day exploits • Nations (and criminals) purchase zero-day exploits• Possible ramification: Disruption of supply-chains for defense in war• Deployment of malicious hardware and compromise of military defense systems.• Attack & control the satellite remotely; impact on military planes &weapons.• Manipulation of GPS communication channels to control military drones• Exploitation of Industrial Control Systems (ICS), especially supervisory control and
data acquisition systems (i.e., SCADA, as in Stuxnet), impacting defense operations
innovateinfosec.com Reason of successful espionage
• Software-based Vulnerabilities• Backdoors and Hardcoded Passwords• Remote Code Execution (RCE)• Insecure Protocols, Spoofing and Hijacking• SQL Injections• Insecure Authentication and File Uploading Flaws• Insider Threat Vulnerabilities• Unintentional Insider Threats (UIT)• Intentional Insider Threats (IIT)• Hardware-based Vulnerabilities
• Humans: The weakest & Strongest link in chain
innovateinfosec.com Cyber Warfare
• Currently between many countries • China, USA, Russia, India, Pakistan, Iran, North Korea and many more• Cyber warfare leading to human assassinations• Heard of Fire Sale: Watch Die Hard 4, BlackHat
innovateinfosec.com
Cyber Weapons = Weapon of Mass Destruction
innovateinfosec.com What can be done
• Cyber-attacks cannot be prevented through technical solutions alone. The nation requires well-drafted cyber laws, organizational policies, and cyber strategies in addition to highly advanced defensive solutions.
• Software and Hardware Assurance• Insider Threat Detection.• Cybersecurity Training• Dedicated Cybersecurity Government Bodies
innovateinfosec.com
• Art of Espionage is all about • Art of Deception • Art of Intrusion • Art of ManipulationBut There’s more Humans work on technology not Technology on Humans, Secure Yourself, Secure Nation, don’t fall for cheap, booby tricks and propaganda's.
innovateinfosec.com
innovateinfosec.com IIS Service Portfolio
• Information Security Architecture Assessment and Assurance Service
• Application Security Services• Data Security Services• Identity & Access Management Services• Network Security• Cloud Security• Security Reviews Services• Sustenance Services for Security Compliance• Physical Security
innovateinfosec.com IIS Service Portfolio
• Cyber Hygiene Services• Due Diligence Services• Digital Forensics & Investigation Services• Offensive Services: For Law Enforcement Only• Training Services• Web App & Mobile App development• Managed Security Services