Cyberwarfare: A Global Phenomenon
Cyberwarfare: A Global Phenomenon
• 1) Warfare • 2) Current nature of threats• 3)Cyberwarfare• Work in Progress• Thank you and ISSA• Nothing I say is endorsed by ISSA, Kaplan
or any other employerWhy I am doing this…My email: [email protected] Chair Jay [email protected]
Types of EnemiesTypes of Enemies• Defense Sec Ash Carter• Russia• China• North Korea• Iran • ISIS• Cold Conflicts vs Hot Conflicts• America’s hunger for peace vs. enemies
desire for war
China Compiles Facebook Of Government Employees
China Compiles Facebook Of Government Employees
• Takes “Know thy Enemy” Seriously• Sept 2015 Washington Times Article• Data from OPM• Anthem• BlueCross, Blue Shield• Plus Social Media (FB, LI, Twitter, G+, ect)• Why did China do this?
History of WarfareHistory of Warfare
• Tsun Tze 500 BC: The Art of War• “Know thy enemy”• How many have heard this in regards to
cyber?• Like Weather?• What does the current Terrorist threat
compare to?• Definitely Global, Invasion of Poland,
Attack on Belgium?
How does “Know Thy Enemy” Apply to Terrorists?
How does “Know Thy Enemy” Apply to Terrorists?
• Another Terrorist Attack Occurred in 793 Lindisfarne
• 1000 Arce Island off North Eastern England
• Site of a Monastery
• Slaughtered Unarmed Civilians, Plundered, Burned
• 9-11 Had more in common with this than German Invasion of Poland (WWII) or the arms race (Cold War)
Strategy of European Tribal Conquerors Bernard Cornwell“The Saxton Stories”The Last KingdomHistorical AnalysisVikings' tactics in warfare gave them an enormous advantage in successfully conquering Europe despite their small population in comparison to that of their enemies.
Viking tatics studied extensively in US Military See for example:Abels, Richard. "Alfred the Great and Æthelred II 'the Unready": United States Naval Academy. United States Naval Academy Press
Comparison of Tribal Foes Comparison of Tribal Foes • Was 9-11 more like Lindisfarne than the invasion
of Poland? First MAJOR ATTACK • Are we at war? Not a war the West wanted• Civilization vs. anarchy• Humiliation to not die in battle• Most Danish society were • peaceful farmers• Both used decapitated heads• Women were fierce • Fighters Shieldmaidens• Europeans Tried Paying off• 845 Siege of Paris• Charles vs Ragnar 5000 lbs
Other lessons of Viking InvasionOther lessons of Viking Invasion• Know thy enemy (Uthred of Bebbanberg)• Elderman of Northumbria• Considered a Pagan Advisor to Alfred• Tribal combatants• Both used terror as there primary weapon• Peaceful staging area helpful (Vikings)• Revered on how cruel they were (Eagle blood)• Concept of afterlife• 9th Century Assault on Europe• Motivation does it matter?• Where you’ll hear this analysis• BUT, hopefully you’ll take the GOOD ideas or
ones you agree with and run with them
Main Man Caused Threats Today What makes it different
Main Man Caused Threats Today What makes it different
• 9 and 10 Century ‘England’ vs. Today• Motivation: Co-exist vs. Convert or Kill• EMP
– Congressional Study 2006– http://www.empcommission.org/
• Dirty Bomb– Goianan Brazil– 1987 3.3 Oz 110,000 exposed
• Electrical Grid– Aurora Generator Test
• Embedded Terrorists– Lack of Intelligence (France attack Molenbeck, Belgium)– ISIS vs Iran (Tribal vs Nation State with Tribal leadership)– https://www.washingtonpost.com/news/wonk/wp/2015/11/18/how-isis-
makes-its-money/– 1-3 Million Daily according to WaPo
• Nukes
Other ProblemsOther Problems• Lack of Preparedness
– Plan for the worse hope for the best– Preparedness during cold war vs now– Ted Koppel’s “Lights Out”– Lesson Learned from OPM Hack– 2 Different Issues: Uncrackable encryption
and Bulk Data Collection– Apple Example: Data wipe firmware– Passcode vs Biometric
The Real QuestionThe Real Question
• Active investigations• FBI Manpower• Lessons from Boston Bombers• Why not more attacks?
Cyberwar ScenarioCyberwar Scenario
• 3 Different People• Terrorist• Terror Communications• Cybersecurity Consultant
Terror IT SpecialistTerror IT Specialist• Terror Command and Control• Terror Messaging and Communications• Terror Inventory and Procurement
TerroristTerrorist
• Your Job: Find the How, the What, and The Where?
Cybersecurity ConsultantCybersecurity Consultant
• Network Access• Look for operations data• YEAH, our hero!!
Cyberwarefare Exercises/DemoCyberwarefare Exercises/Demo
• Capture attack info from terrorists
Randy Stauber PhDc, MSIS, CISSPRandy Stauber PhDc, MSIS, CISSP
• BSC at Kaplan Online– Tons of hands on– Certification Training– Extensive Work Experience Credit– Credit for Military Training
• 6 hour Risk Assessment Workshop based on NIST 800-30 R1 and learning exercises
• Birthday Parties and Kid Programs• [email protected]• [email protected]
Points to make During DemoPoints to make During Demo• Kali Boot
– Windows vs Linux Architecture– VMWare vs. Virtual Box– Linux Service CommandsArmitage Boot
Mixed Networks, Why most networks areHistory of OS X John Skully and NeXT computersHow iPhones iPads, and Smartphone appear
Network ScanPhases of hacking vs Phases of Bank Robbery
History of CyberwarefareHistory of Cyberwarefare• November 1988 • Morris Worm• 1997 June, July Eligible Receiver NSA vs. Pacific Cmd• 2006 Cybercommand Created by AF• 2007 March, Aurora Generator Test Idaho Nat Labs• 2007 April, Russians Take Down Estonia Sites Grave Marker• July 2008 Georgia Attacked• In the weeks before the war between Russia and Georgia, Georgia is hit
by distributed-denial-of-service-attacks and many of the government's computer networks are disabled, including that of President MikheilSaakashvili. Media and transportation companies are also affected. Georgian officials accused Russia of launching the attack.
• 2010 US Cybercommand• 2012 June Stuxnet Discovered by commercial security researchers• 2013 China Hacks US Newspapers• 2014 November N Korea hacks Sony because of “The Interview”• 2015 OPM Hack 21 M + government backgrounds hacked/Facebook
StuxnetStuxnet
• Worm Discovered in June 2012• Realtek and Jmicron certificates• Targets PLC Originates from USB drives• Windows Print Spooler, shares, WinCC db• Used 4 zero days/rootkit• Origin determined by mapping infections• Operation Olympic Games • US Response/Plausible Deniability• Any issues?