CyberTerrorism - A case study for Emergency Management

transcript

CyberterrorismA case study for Emergency Management

Ricardo A. Reis, Security Officer

Hospital São Paulo

Presentation Developed By:

Ricardo A. Reis

ricardo.areis@unifesp.brricardo.areis@gmail.com

CCO, Federal University of São Paulo

For use by:

The International Consortiumfor Organization Resilience

(ICOR)

Prepare, Plan and Stay in Business

Cyberterrorism

Cyber Terrorism is defined as:

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”

by Kevin G. Coleman of the Technolytics Institute

CyberterrorismPrepare, Plan and Stay in Business

Emergency management is defined as:

“Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.”

Extension Disaster Education Network (EDEN)

EMERGENCY MANAGEMENT

LIFE CYCLE

1 - PREVENTION/MITIGATION

2 - PREPAREDNESS

3 - RESPONSE

4 - RECOVERY

Case Study

Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software.

From Wikipedia, the free encyclopedia

Case Study

"A botnet is comparable to compulsory military service for windows boxes"

Stromberg, http://www.honeynet.org/papers/bots/

Cyberterrorism & Botnet's

Distributed Denial-of-Service Attacks Spamming Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Browser Helper Objects (BHOs) Google AdSense abuse Attacking IRC Chat Networks Mass identity theft

"We have seen offers that will allow a customer to send a million emails for under $100," Henry says. "If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement."

PREVENTION/MITIGATION

Compliance with Security Standards ISO 27001/27002 Think in Business Continuity and IT Infrastructure Recovery Make a Computer Security Incident Response Team Monitor IT Infrastructure

Internet Bandwidth DNS Services WEB Services EMAIL Services

Pre-Contact with external agency Upstream ISP Regional Computer Security Incident Response Team

(CSIRT)

PREPAREDNESS

Development and practice of multi-agency coordination and incident command

Development and practice Incident Response Plan

RESPONSE

Established Incident Command Notify CSIRT Active Incident Response Plan Never use 100% of your CSIRT Team Don't stop Triage Process Communicate Major Events

RECOVERY

If necessary active Business Recovery Plan Document the Major Event Communicate the end of Major Events Update all Plans

A SIMULATED ?

Distributed Denied of Service Attack

!!! REAL LIFE !!!

Distributed Denied of Service Attack

The main targets have been the websites of:

· the Estonian presidency and its parliament

· almost all of the country's government ministries

· political parties

· three of the country's six big news organisations

· two of the biggest banks; and firms specializing in communications

NUMBER’S

Attacks Destination Address or owner

35 “195.80.105.107/32″ pol.ee

7 “195.80.106.72/32″ www.riigikogu.ee

36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee

2 “195.80.124.53/32″ m53.envir.ee

2 “213.184.49.171/32″ www.sm.ee

6 “213.184.49.194/32″ www.agri.ee

4 “213.184.50.6/32″

35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance)

1 “62.65.192.24/32″

http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/

Attacks Date

21 2007-05-03

17 2007-05-04

31 2007-05-08

58 2007-05-09

1 2007-05-11

Attacks Date

17 less than 1 minute

78 1 min - 1 hour

16 1 hour - 5 hours

8 5 hours to 9 hours

7 10 hours or more

Attacks Bandwidth measured

42 Less than 10 Mbps

52 10 Mbps - 30 Mbps

BOTNET’S Command and Control

Shadow SERVER Project

PREVENTION/MITIGATION ( AGAIN !!!!!! )

Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies ) Make a Computer Security Incident Response Team ( Your First Response Team)

Pre-Contact with external agency Upstream ISP Regional (CSIRT)

Questions ?

CyberterrorismA case study for Emergency Management

Ricardo A. Reis, Security Officer

Hospital São Paulo

CyberTerrorism - A case study for Emergency Management

Technology