Malicious Code as WeaponMalicious Code as Weapon
CSCE 522 - Farkas 2
ReadingReadingRequired:
– Government-built malware and cyber weapons will run out of control, http://securityaffairs.co/wordpress/22677/malware/government-built-malware-cyber-weapons-will-run-control.html
Recommended: – Ukrainian computer systems attacked by sophisticated malware with
"Russian roots,” Homeland Security News Wire, March 10, 2014, http://www.homelandsecuritynewswire.com/dr20140310-ukrainian-computer-systems-attacked-by-sophisticated-malware-with-russian-roots
– NSA planted sleeper malware in 50,000 computer networks, Homeland Security News Wire, Dec. 11, 2013, http://www.homelandsecuritynewswire.com/dr20131211-nsa-planted-sleeper-malware-in-50-000-computer-networks
Information Warfare OffenseInformation Warfare Offense
Which of these offensive IW operations are impacted by malware?
– Open sources– Psyops and perception management– Seizing the signals– Computer break-ins and hacking– Masquerade
CSCE 522 - Farkas 3
Aim of MalwareAim of Malware
Multiple possibilities:– Unauthorized access– Unauthorized modification– Unavailability of resource for authorized users– False authorization– Fake non-repudiation
CSCE 522 - Farkas 4
State-level ActivitiesState-level Activities
Disruption of the opponent’s services– All aspects of malware aims
Information gathering– Unauthorized disclosure and false authentication
Perception management– Data leakage, false information, psychological
effects
…CSCE 522 - Farkas 5
Cyber WarfareCyber Warfare
“Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption”
R.A. Clarke, Cyber War
CSCE 522 - Farkas 6
High-Valued TargetsHigh-Valued Targets
National Defense componentsSupporting industryCritical infrastructure
Exploitation: individual system vulnerability + connectivity
CSCE 522 - Farkas 7
Societal ImpactSocietal Impact
Safety of citizens Stability of government
COL Thomas Goss, chief of the command’s Strategic Initiatives Group:“While technology plays an important role in the cyberspace domain, it is not technology that will win on the 21st century’s cyber battlefields […] Time after time, in operations and in exercises, it is the people that will make the difference.”
CSCE 522 - Farkas 8
USA Cyber CapabilitiesUSA Cyber Capabilities
2009: President Obama– Declared America’s digital infrastructure to be a
“strategic national asset”
2010: establishment of U.S. Cyber Command (USCYBERCOM)– defending American military networks – conduct full spectrum military cyberspace
operations
CSCE 522 - Farkas 9
Major PlayersMajor Players
At least 140 countries are developing cyber weapons– USA– Russian Federation– People’s Republic of China– Others: Germany, India, Iran, South Korea,
UK, etc.
CSCE 522 - Farkas 10
What is a Cyber Weapon?What is a Cyber Weapon?
There is no formal and legal definition DoD The Dictionary of Military and Associated Terms: no
definition for cyber weapon Nonlethal weapon: “A weapon that is explicitly designed and
primarily employed so as to incapacitate personnel or materiel, while minimizing fatalities, permanent injury to personnel, and undesired damage to property and the environment.” Also called NLW.Source: JP 3-28
CSCE 52”2 - Farkas 11
Cyber WeaponCyber Weapon Stefano Mele, Italian Lawyer:
“A cyber weapon is [an] appliance, device or any set of computer instructions designed to unlawfully damage a computer or telecommunications system having the nature of critical infrastructure, its information, data or programs contained therein or pertaining there to, or to facilitate the interruption, total or partial, or alteration of its operation.”
Other definition: “An appliance, device or any set of computer instructions designed to offend the person through cyberspace.”
CSCE 522 - Farkas 12
Impact of No DefinitionImpact of No Definition
Impossible to distinguish a cyber weapon and its proper use
Impossible to evaluate the legal and political responsibility of the aggressor and the real level of threat
CSCE 522 - Farkas 13
Development of Cyber Development of Cyber WeaponWeapon
Cost effectiveOrigin of the attack not obviousEasy to hide the developmentComplements traditional military strikes:
– Destroy enemy defense infrastructures– Probe the technological capabilities of the
enemy
CSCE 522 - Farkas 14
IW Attacks against USAIW Attacks against USA1. Titan Rain (2003-on): form China
– Target: US military intel– Sensitive military networks (Lockheed Martin and
Sandia) infiltrated by hackers
2. Moonlight Maze (1998-2000): from Russia– Target: Military maps and schematics, U.S. troop
configurations– Hacked computers at Pentagon, NASA, the
Department of Energy and even from universities and research labs
CSCE 522 - Farkas 15
IW Attacks against USAIW Attacks against USA
3. China's "750,000 American zombies“ (2007)– Target: U.S. computer networks, all levels
4. "The Most Serious Breach“ (2007) from ?– Target: U.S. military computer network– A corrupt flash drive. Inserted into a military
laptop
CSCE 522 - Farkas 16
IW Attacks against RussiaIW Attacks against Russia
1. The Original Logic Bomb (1982): From USA– Target: Siberian gas pipeline in Soviet Russia– CIA’s "logic bomb" caused a Soviet gas pipeline
in Siberia to explode
CSCE 522 - Farkas 17
IW Attacks against EstoniaIW Attacks against Estonia
1. The Estonian Cyberwar (2007), The Nashi, a pro-Kremlin youth group in Transnistria– Target: Estonia– Took down key government websites, news
sites and generally flooded the Estonian network to a point that it was useless
2. Other targets of Russia: Georgia, Azerbaijani
CSCE 522 - Farkas 18
IW Attack against IranIW Attack against Iran
Stuxnet (2010): suspected from USA, Israel– Target: nuclear facility in Natan– Destroyed nuclear centrifuges and threw back
the Iranian atomic program by 2 years
CSCE 522 - Farkas 19
Warfare or EspionageWarfare or Espionage
Motivation for “warfare”– National attention– Additional defense funding– Justify government control of cyber space
CSCE 522 - Farkas 20
New Use of MalwareNew Use of Malware
Espionage – old story DOS attacks using spyware
– Application-level vulnerability combined with malware exploitation
– E.g., SQL Injection (gain control) malware (run functions to exhaust resources)
CSCE 522 - Farkas 21
Malware DOS AttacksMalware DOS Attacks Buffer overflows Raise unexpected exceptions Create race conditions SQL Injection recursive CPU-intensive queries Overly-complex regular expressions within search
queries Excessively large files uploaded to the server Etc.
CSCE 522 - Farkas 22
How about Twitter? How about Twitter? Is it only a “tool of the self-absorbed”?Real time reporting service
– 2008: Mumbai terrorist attack– 2009: Iranian protest against President
Ahmadinejad’s reelection
Distribute attack information– Link to attack tools– Link to target identity
CSCE 522 - Farkas 23
Twitter as Perception Twitter as Perception ManagementManagement
2009: Israeli military attack on the Gaza– Large number of civilian casualties– International criticism of Israel
Israeli Air Force counteractions on YouTube and Twitter:– Showed Hamas using civilians as cover– Downloaded sensor imagery onto YouTube – Tweets warned of rocket attacks – 'help-us-win.com' blog was used to gain public support
http://www.independent.co.uk/news/media/online/twitter-is-a-weapon-in-cyber-warfare-1900535.html
CSCE 522 - Farkas 24
Twitter Tunisian RevolutionTwitter Tunisian Revolution
2010-2011: Tunisian revolution (Jasmine Revolution)– Intensive campaign of civil resistance– Ousting of longtime President Zine El Abidine Ben Ali
in January 2011
What are the positive and negative aspects of social media wrt. Social movements?
CSCE 522 - Farkas 25
Next ClassNext Class
Computer Break-ins
CSCE 522 - Farkas 26