Date post: | 31-Mar-2015 |
Category: |
Documents |
Upload: | marcella-trulock |
View: | 224 times |
Download: | 0 times |
Joel HardingDirector, IO Institute
Association of Old Crows
…and then Man created Cyber
Agenda
• …and then Man created Cyber• New Social Media• Cyberw… no, I can’t say it• What to do?– Cooperation/Treaties in Cyberspace
3
…and then Man created Cyber
A new way of looking at our developing world
4
In the beginning there was…
S
5
Earth
S
6
The Heavens
S
7
…and the Sea
S
8
…and then Man got busy
S
9
Man found Information
S
10
He gathered Intelligence
S
11
He learned to fly in the Air
S
12
Radio used the Electromagnetic Spectrum which begat Electronic Warfare
S
13
…and then Man created Cyber
S
14
A full spectrum… Waiting for us to put it all together
Cyber
Cyber
Information
Information
EMS
EMS
Intel
Intel
Air
Air
Space
Space
Land
Land
Sea
Sea
S
15
…and Man struggled to put it all together
<insert various awkward attempts showing Land, Air,
Sea, Space, EW, IO, Cyber and how they all work together>
16
Look at all those pretty colors…
Frequency units – Hertz1 Hz = 1 c1
17
…in the meantime
Cyber
Cyber
Information
Information
EMS
EMS
Intel
Intel
Air
Air
Space
Space
Land
Land
Sea
Sea
…and somehow it all worked.
Together.
18
Let’s talk about Cyberw.. No, I can’t say it.
19
“Sample Nuclear Launch While Under Cyber Attack”
[yes, this is a doctored photo, used here just to lighten a serious moment]Source: http://www.armscontrolwonk.com/1955/missile-palooza
20
Original Photo and Doctored
21
New Social Media
TweetDeck
S
22
“Cyber War” In Estonia, 2007Remember this one? It sure got a lot of press coverage!
23
Another Recent “Cyberwar” Example: Georgia
24
Google vs. China Round 1
12 Jan 2010- Google announces detected a sophisticated cyber attack on its computers, aimed at email accounts of Chinese human rights activists19 Feb 2010 - Probable source of the attacks on Google:• Shanghai Jiaotong University • Lanxiang Vocational School
25
New Players• Botnets for hire• Hackers for hire• Patriotic hackers• Cyber jihadists• Other hacktivists
• AKA Proxies
Attacks by Proxy
Iranian Cyber Army
Russian Business Network(RBN)
Turkish Hacker Group
Pro-Serbian Hacker Group
Shkupi Hacker Group
Kosava Hacker Group
27
Kneber Botnet/ZeuS
• Feb 18th, 2010– Netwitness, of Herndon, VA– 75,000+ Computers infected w/Zeus/Zbot Toolkit– 2,500 Corporations, 200 Countries– Uses ZeuS Trojan – old exploit, Targets MS Windows– Kneber was able to grab 68,000 login credentials
over a 4-week period
28
Flash/Thumb Drives
• Nov 2008 - Thumb Drives banned• Feb 2010 - Ban lifted• Agent.btz virus - ‘phone home’
• …and don’t forget Stuxnet
29
Corporate vs. Government Microsoft, Researchers Team Up And Tear Down Major Spamming Botnet
Feb 2010
Operation b49 vs. Waledac botnet • Is this vigilantism?• Is the Gov’t unwilling or unable?• Is this tacit approval?
30
Botnets
• Bots use cell phones, too. • A botnet on a mobile phone may look
different from one on a PC• Renting out a network of "owned" phones
may be viable in the near future.
31
Stuxnet
• USB install plus worm• 4 zero-day exploits• Payload upsets sensitive centrifuges?• Future?– Beyond proof of concept– Patches close vulnerability
32
Anonymous
• Anti-anti Wikileaks• HBGary Federal• Westboro Baptist Church• Bank of America
US AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY
Extradition and International Cooperation
US National Policy Response
US Criminal Prosecution and US NationalPolicy Response
US Criminal Prosecution
Cyber-Attack from Inside US
Cyber-Attack from Outside US
Law Enforcement Response
Law Enforcement Response with DOD
DOD with Law Enforcement
Response
Law Enforcement Response
Cyber-crime Hacktivism Cyber-Espionage Cyber-Terrorism Cyberwar
33
Generalized Spectrum of Cyber Conflict
What to do?
34
• We should avoid new increase in race of cyber arms and limit usage of these technologies for hostile matters.
• Usage of cyber warfare for political matters and by state actors against other countries is the primary topic of the current agenda. Cyber crimes and cyber terrorism are already well discussed within various international forums. But currently information warfare used more and more in struggles between state actors on tactical and strategic levels.
• The ability of cyber warfare to make impact will significantly increase.• The first progress on the field of cyber warfare regulation was made by
Shanghai Cooperation Organization.• According to international norms of humanitarian law, you can’t injure and kill
disgracefully. We have to behave according to spirit of knights, including information warfare. You can not embed malicious technologies in hardware that you create.
General V. Sherstyuk, PhD
29 October 2009 speech at Moscow State University
36
Follow on efforts
• US – Submission to Group of Governmental Experts – Information and Communication Technologies (ICT)
• State and Non-State Actors– Incl: criminals, terrorists, proxies– Target citizens, commerce, critical infrastructure & governments– Compromise, steal, change or destroy info
• Calls for cooperative efforts
• NATO– Considering environmental law
• India MoD– Considering modeling space treaties
37
My question to you
• Is a treaty in cyberspace possible or practical?• Is it necessary?