Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | roxanne-jefferson |
View: | 217 times |
Download: | 1 times |
Notes on The Cyber ThreatThe threat gets worse before it gets better
Ted Gordon1 Smilax DrOld Lyme, CT 06371
Much cyber activity in 2015: here are some headlines
US And China Seek Arms Deal For Cyberspace
Active Wordpress Malware Compromises Thousands Of Websites
Huge Hack Of US Government Data Affected 21.5 Million
Cyber Attack On U.S. Power Grid Could Cost $1 Trillion
Silk Road Mastermind (Ross Ulbricht) Gets Life Prison Sentence
Homeland Security Moves To Prevent Attack On Power Grid
Zeus Malware Gang Take-down
Hacker: 'Hundreds Of Thousands' Of Vehicles Are At Risk Of Attack
China Acknowledges That It Has Units For War On Computer Networks
Ransomware Porn App Takes Photos Of Users And Holds Phone Hostage
White House Shoots Down Petition To Pardon Edward Snowden
Heartbleed Is Far From Dead. 200,000+ Vulnerable Devices
United (Airlines) Should Thank, Not Ban, Researcher Who Pointed Out A Major
Security Flaw
Big data thefts in the US in 2014-15
Anthem Target Sony Neiman Marcus JPMorgan Chase Experian eBay Home Depot Department of Defense
SCORE: about 100 million records
There are many actors; from lone wolves to nation states, with a wide range of objectives
0
2
4
6
8
10
12Relative Impact
Vandalism
Show prowess
Theft
Disruption
BlackmailRecruitment
Sabotage/espionage
Terror
WMDSystems control
SurveillanceIntimidation
Money laundering
USChina RussiaN Korea UK Iran Israel OthersActors
Principal Objectives
In a recent foresight study, global experts projected the killing potential of lone wolves, including through the use of cyber weapons
When a SIMAD Might Kill 100,000 or more
Number Killed in a SIMAD Attack
www.lonewolfthreat.com
At the other end of the spectrum of actors, much activity by nation states
Plan and conduct activities to defend specified DoD information networks
Conduct military cyberspace operations to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
Assemble cyberspace resources and synchronize war-fighting to defend the information security environment
US Cyber Command
Nation State Actors
US (NSA) China Russia N Korea UK Iran Israel Many others
Well Known Activities Office of Personnel
Mgmt data breech Stuxnet Attack on SONY to
prevent “The Interview” MI 6 “cupcake caper” “Red October” data
theft malware in Word and Excel
DDoS in Estonia, Georgia, and Ukraine
Cyber attacks on large banks
Social media are important to cyber terror activities and communications
Manifestos (many terrorists write them)
Plans and Confessions (for various reasons Lone Wolves tell plans and confess their crimes)
Recruitment, funding (Al Qaeda and ISIS are expert, use horror as a magnet)
Cyber bullying (15% of all high school students last year)
Encryption (now available to all)
DIY Instructions (How to make a bomb in your Mom’s kitchen)
Clandestine market places
Some new hacks: Dyre Wolf and a porn honeypot
Dyre Wolf discovered by IBM Cyber Security Target: people in specific companies using email
attachments The malware activates when the user logs onto a bank
website A fake screen says the bank’s site is temporarily down and
offers instructions to call a phone number. A live “operator” answers with the name of the bank Users typically share their wire transfer details to withdraw
funds The thieves then move the money to another bank to avoid
detection
On request for a download of a fake porno site to a smart phone Ransomware takes unauthorized photo of user Threatens a report to FBI, locks the phone Demands a “fine” of $500
Quoted from: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF
Clandestine market places: the Silk Road was shutdown
Dark web’s Amazon: unregulated bazaar anything bought and sold, narcotics
In three years 1,5 million purchases; called billion dollar marketplace
Ross Ulbricht convicted of seven crimes including narcotics and conspiracy
Sentenced to life
http://www.wired.com/2015/02/silk-road-ross-ulbricht-verdict/
Vandalism is growing: malware is now publically available
Purchasing contraband
Hacking Viruses Trojan horses Denial of service Back doors Impersonation
Of particular concern: Insertion of false information 3.6 million PC’s are said to be infected in the
U.S. alone
New technologies provide new cyber crime targets
Big targets (financial system, agriculture, electricity grid, frauds)
Hacking automated autos, trucks, aircraft control, robots
Consumer products: AI dolls and Internet of Things
Spy devices, tiny cameras
Facial recognition
Use of cyber space for pre detection of terrorist attacks
Sting and honeypot operations
Receiving information from informants
Online surveillance: chat rooms, postings, email
Tracking associates of known terrorists (including photos)
Tracking purchases of poisons and bomb-making chemical
Automated screening and synthesis of big data bases
Third-party reporting of unusual behavior
Psychological screening
Cyber foresight: some cyber attacks will qualify as weapons of mass destruction (WMD)
Consider attacks on: control systems (e.g. Stuxnet) create risks for transport
systems, public services (e.g. water, electricity, pipelines, industry, sanitation, agriculture)
algorithms create risks for financial systems, funds transfer, equities markets, payment systems (e.g. social security)
data bases result in lack of trust, social chaos, anarchy
communications result in loss of command and control, diminished trust in news reporting, and government authority
http://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/#summary
Cyber foresight: the evolving scene
Potential will be recognized for: massive disruptions from non state actors
threat of cyber lone wolves and SIMAD
new cyber crime targets and anti-crime weapons
New measures for dealing with cyber crime will be devised technical, military, and legal solutions
automated screening and synthesis of big data bases to identify terrorists and possible attacks against people, data, or infrastructure.
rewards for capture of cyber criminals (e.g. $3 m by FBI) International bilateral or multilateral agreements about cyber war
The race between cyber offense and defense will intensify
http://www.cse.wustl.edu/~jain/cse571-14/ftp/cyber_espionage/#summary
http://www.cnn.com/2015/02/24/politics/russian-cyber-criminal-reward/
http://www.nytimes.com/2015/09/20/world/asia/us-and-china-seek-arms-deal-for-cyberspace.html?_r=0
Lone Wolf Terrorism Prospects and Potential Strategies to Address the Threat by Theodore J. Gordon, Co-Founder, The Millennium ProjectYair Sharan, Director TAM-C/FIRST group, Co-Chair Israel MP NodeElizabeth Florescu, Director of Research, The Millennium Project
E-book:www.lonewolfthreat.com
Paperback:www.amazon.com