cyber_war

Document Sample
cyber_war Powered By Docstoc
					Cyber warfare
        By

 Najwa M. AlGhamdi
    427220110
                                       Table of Content
Introduction ............................................................................. 3
What is cyber warfare? ................................................................ 3
Why cyber-warfare ? ................................................................... 3
Cyber war targets ...................................................................... 4
Cyber war Attack methods ........................................................... 4
  Web vandalism.......................................................................................... 4
  Propaganda .............................................................................................. 5
  Gathering data .......................................................................................... 5
  Distributed Denial-of-Service Attacks ........................................................... 5
  Equipment disruption ................................................................................. 6
  Attacking critical infrastructure .................................................................... 6
  Compromised Counterfeit Hardware ............................................................. 6
Cyber warfare vulnerabilities ...................................................... 6
  Physical Infiltration .................................................................................... 6
  Signal Infiltration ....................................................................................... 6
  DEFENSE AGAINST CYBER WARFARE .......................................................... 7
  ACTIVE OFFENSIVE METHODS ................................................................... 7
Cyber-war Strategy and Tactics ..................................................... 7
  Cyber Playbook ......................................................................................... 7
  Understanding the available moves .............................................................. 7
  Cyber assets ............................................................................................ 9
  Cyber war simulation ................................................................................ 9
Case studies of cyber –warfare .................................................... 10
Conclusion .............................................................................. 12
References ............................................................................. 13
Introduction
Every country has its right to defend itself by maintaining a well equipped army.
Physical equipment is not the only requirements to achieve that goal; information
and telecommunication network are also essential.
On the past decades, most governments realize the importance of maintaining
accurate and well secured information form outsiders' manipulation for their armies,
as a consequence for many accidents around the world, which raises the issue of
bloodless war, or the cyber war, and how much they can be destructive more than a
regular one. It was proved that weaknesses in logical security leads to fatal
consequences like exposing sensitive weapon such as mass destruction weapons [1],
or compromising major infrastructures such as power, water, fuel, and
transportation, causing the entire country to be on hold .
In this paper, I'll discuss the cyber-warfare as major information security issues, by
exploring their reasons, sources and targets, strategies and weapons, beside some
case studies that present most famous cyber-warfare in the history.

What is cyber warfare?

Cyber ware was described in many contexts with various terms such as bloodless
war, cold war, cybernetic war and cyber war [2].

The term, cyber, describes systems that use mechanical or electronic systems to
replace human control [3].
Based on the definition of the term, cyber, we define cyber warfare as conducting
warfare in cyberspace using computers and the Internet [2]
It is a war being waged in cyberspace, where cyberspace "is the total
interconnectedness of human beings through computers and telecommunication
without regard to physical geography" [4]

This term creates an image about fatal programs that cause computer systems to
freeze, weapon systems to fail, thwarting vaunted technological prowess for a
bloodless conquest.[5]


As a conclusion, cyber warfare is an unconventional and revolutionary method for
perusing a war, where soldiers, troops and weapons are replaced with computers
and technology that tends to compromise the enemy by attacking the software in
their system, without violence mentioned.

Why cyber-warfare ?
We live the age of information and technology based war-fare, and as the Prussian
philosopher Karl von Clauswitz observed: "Every age has its own kind of war, its own
limiting conditions and its own peculiar preconceptions." [6]

Many war parties are motivated to approach this new type of weaponry, due to
following:
    1. It has multiple effects on the target.
    2. It doesn't have any limitations.
    3. It achieves most of the goals.[1].
    4. Cost of computer-entry obstacles are less than tanks[7].
   5. The dependency of countries infrastructures on computers and networks,
      cause to a full paralysis for those countries if they were under attack.

Other motives behind this war could be examined from other perspective that is the
ethics of war, which aims to achieve the true pinnacle of excellence through winning
the war without fighting.
The following pie chart shows some statistics among the physiological reasons
behind cyber-war [11].

          •Revenge (3.3%)

          •As a challenge (10.8%)

          •Patriotism (10.9%)

          •Political Reasons
          (11.8%)
          •No reason Specified
          (14.7%)
          •Want to be best
          defacer (17.2%)
          •For Fun (31.4%)


                     Figure 1 physicological resons for cyber war

Cyber war targets [11]
The following represent the basic targets or victims in any cyber war
  1. Military Networks.
  2. Government Systems and Websites.
  3. Ecommerce and Financial Institutes.
  4. Telecommunication Companies.
  5. Others.

Cyber war Attack methods

       Web vandalism

        It is an attacks that targets to defect a web pages, or denial-of-service
        attacks [2]. It's unauthorized and undesired modification of WebPages
        [21]. Web vandalism is on the rise nowadays [22], which concerns most of
        IT specialist around the world. According to statistics presented by Zone-
        H.org[23] about 500 attacks occurs on daily basis, rising to 1500 in a
        weekend. Although the damage isn't looking serious, attackers might gain
        access to the entire network if the accessed the web server of their
        targets[22]. Most of Saudi hackers approach this method.
           Propaganda

           The proliferation of Political messages can be spread through the internet [2].
           It a "High level use for disseminating ideology and building nationalistic
           vision"[6]. AlQaeda organization approached this method in thier cyber war
           against America, by publishing their news , achievement , sorties, "Fatwas"
           that encourage the Jihad against America ,etc [6].

           Gathering data

           Spying on and modifying confidential information that is not handled securely
           [2]. Famous examples: Titan Rain and Moonlight Maze 1.

           Distributed Denial-of-Service Attacks

             DoS Attack made by large numbers of computers in one country against
             systems in another country[2].

                    DoS Method of attacks invloves: [24]

                           i. ICMP floods

                                Generating a lot of computer network traffic to a victim host
                                by allowing packets to be sent to all computer hosts on
                                particular network via the broadcast address of the network,
                                rather than a specific machine

                           ii. Teardrop attack

                                "Sending invalid IP fragments with overlapping, over-sized,
                                payloads to the target machine". The following operating
                                systems were easy targets for such an attack: Windows 3.1x,
                                Windows 95 and Windows NT operating systems.

                          iii. Peer-to-peer attacks

                               This attack relay on exploiting bugs in peer-to-peer servers, in
                               order to initiate DDoS attacks. The attacker acts as a 'puppet
                               master,' forcing clients of large peer-to-peer file sharing hubs
                               to disconnect from their network and to connect to the victim’s
                               website to cause DDoS.

                          iv. Permanent Denial-of-Service attacks

                               An attack that targeted the system's hardware, leaving a severe
                               damage that could not be recovered.



1
    See case studies section
                       v. Application level floods

                          This attack impact reaches buffer overflow the leads to filling
                          the disk space or consumes all available memory or CPU time.

                 Equipment disruption

                 It targets military activities that relay on computers for coordination
                 and communication, putting soldiers at risk.

                 Attacking critical infrastructure

                 It attacks the power, water, fuel, communications, commercial and
                 transportation. A perfect example is when Russia lunched an attack
                 against Estonia.

                 Compromised Counterfeit Hardware

                 "Common hardware used in computers and networks that have
                 malicious software hidden inside the software, firmware or even the
                 microprocessors".


Cyber warfare vulnerabilities [3]
 In general, any system accessed for input is potentially compromised either
physically or through signals input.

        Physical Infiltration2
        Physical infiltration is done using the system hardware. For example, the
        on/off switch, keyboard, mouse and flight controls. Thus, building a line of
        defense for a software based system should start with protecting the physical
        inputs and outputs of the system

        Signal Infiltration
        Signal infiltration comes through existing indirect or direct connections to a
        system via LANs, infrared (IR) devices, RF connections (radios), and modems
        (phone lines).


Physical infiltration may be protected by physical security: walls, fences, restricted
areas, identification, guards, etc. Signal infiltration has similar, but in term of
software or hardware: passwords, coded signals, firewalls, terminal identification,
isolation, and system monitors.




2
 Penetration of the defenses of a software-controlled system such that the system can be manipulated,
assaulted, or raided.
DEFENSE AGAINST CYBER WARFARE                         [3]
       1. Isolate all critical systems. Provide no system inputs outside of a
          physically secure area.
       2. Put critical operations under manual control
       3. Reduce integration because it increase cyber warfare risk
       4. Passwords and authentications.
       5. Anthropomorphic measures, like finger prints
       6. Multiple authentications or log-ons.
       7. Multiple connection log-ons.
       8. Multiple log-on addresses.
       9. Monitoring software that records the user’s activities on the system.

ACTIVE OFFENSIVE METHODS                     [3]

       1.  Password-cracking programs.
       2.  Identification, location, sniffer, spoofing, and watcher programs..
       3.  Attack programs
       4.  Tagging programs that insert data on a computer for later identification
           and cyber infiltration like cookies.
       5. Viruses.
       6. Trojan horses.
       7. System overflows.
       8. Direct manipulation.
       9. Distributed attack[1]
       10. Root-kits [1]
       11. Stealth tools [1]



Cyber-war Strategy and Tactics[19]
Strategy and Tactics are important because without them, "we have no clear idea
about what configurations are effective against the variety of attacks that exist, and
more importantly, against those that are continuing to evolve".

       Cyber Playbook[19]
              Basically, it’s a guide book that exhibit the way of handling cyber war
              situation by demonstrating cyber tactics and procedure needed to
              satisfy strategic goals.
              It uses concepts such as deception, confusion, stimulation, and
              blockading, and independent on any network infrastructure, providing
              a dynamic not static defense plan. It describes all possible enemy
              moves and their countermoves that should be effective against those
              moves.

       Understanding the available moves[19]
              Understanding the situations in which the stratagems (moves) should
              be applied and how, is required. stratagems could

                             Fortify  Dodge
                             Deceive   Block
                             Stimulate Skirt
                Condition Monitor
   Stratagems could have sub-stratagems , for example

                  Deceive.Chaff                   Block.Barricade
                  Deceive.Fakeout                 Block.Cutoff
                  Deceive.Conceal                 Monitor.Eavesdrop
                  Deceive.Feint                   Monitor.Watch
                  Deceive.Misinform               Monitor.Follow
 in order to create a playbook , we should define for each stratagems it
 building block by setting up the following information
   1. Requirements
   2. Goals
   3. Caveats (warnings)
   4. Example uses
   5. Possible countermeasures.
The following table [19] shows how to set up dodge stratagems.
Stratagems               Dodge
Description              "Make sudden movement in new direction; move
                         to and fro usually in irregular and unpredictable
                         pattern"

Example                 "Change IP address of target host so attack
Tactical                packets do not reach host; de-list in DNS and use
Implementation          local host file for resolution."

Infrastructure          "Only small number of hosts / users need access
Properties              to target host."
Where Useful

Technological           "Mechanism to securely push or update hosts file
Requirement             across the net."

Goals Which             "Maintain reliable service of critical host."
May be Satisfied

Example Attack          "Network based attacks from outside
/ Adversary             the LAN or where adversary has no
Properties              means to access the updated hosts files."
Where Helpful

Effects on              "Adversary packets no longer reach host. Disrupts
Adversary               attack until adversary discovers new address."

Limitations and         "Must detect IP of target and take specific action.
Assumptions             May only work for short period of time."

implications            "Users of services will be cut off from service if
                        host files not distributed or internal DNS not
                        updated"

Example Red             "Change IP of host that is target of IA control
Use                     from command center".
             Example Blue               "Tripwire firewalls and switches carefully; be able
             Countermeasure             to quickly change firewalls and switches; have
                                        IDSs look for unexpected IP translation."

                                Table 1 set up dodge stratagems [19]



Cyber assets [19]
         Cyber assets describe the basis on which cyber actions take place. They are 4
         categories listed in the table bellow
         Intelligence Gathering Assets          Collection of systems that collect
                                                information regarding the enemy. In
                                                other word, it's tracking your enemy
                                                to know if he is willing to do a sudden
                                                move.

         Effect On Resources                           The effect of the intelligence
                                                       gathering assts on my resource.
                                                        "For example, one might expect
                                                       network mapping and probe rates to
                                                       increase before an attack happens."

         Cyber Assets Defense Posture                  Checking the enemy defense line.
                                                       That is his
                                                        INFOCON3 level
                                                        How powerful is the firewall.
                                                        Authentication policies, etc.

         Cyber Asset Status                            Re-ordering the lines and positioning
                                                       of functions. For example,
                                                       "commercial sites
                                                       might suddenly go offline and be used
                                                       for intelligence purposes".

                                        Table 2 Cyber assets



Cyber war simulation [19]
         in this section , we'll apply the stratagems we learned to simulate a simple
         cyber war between two teams : red and blue.

           Planning analysis

               a. Red moves.
                           1. Red uses- Monitor. Watch - stratagems that do
                              intelligence gathering assets to understand how Blue's
                              troops are organized.



3
    Describe the threat level and has 5 levels : NORMAL , ALPHA , BRAVO, CHARLIE & DELTA[20]
                                   2. Red collect focused intelligence on enemy's military
                                      operation by using –Deceive- stratagem that tends to
                                      trick Blue - Monitor. Watch- activities
                                   3. As a preparation to Blue's attack, Red applies Fortify
                                      to it intelligence gathering assets and other non-
                                      intelligence.

                b. Blue response.
                               1. Blue’s -Monitor. Watch- detects the Red’s -Monitor.
                                   Watch- and –Fortify- activities and uses - Fish
                                   Bowl- to get Red's strategy.
                               2. The blue set is Fortification level from low to high to
                                   prepare for the potential attack.
                               3. the blue deploy fake system to get any clue about the
                                   real Red's target by applying Deceive .HoneyPot.
              Execution phase
                  After setting the plan for both Red and Blue team, each of them should
                  implement programs and tool to execute their analysis planning. For
                  example, Red implements their own weapons (programs) for integrity
                  and DoS attacks on Blue’s systems




Case studies of cyber –warfare

In this section, we will illustrate several examples for most famous cyber battles that
help to illustrate the complexity of such battles, and took place in the America,
Russia and UK, and in the middle-east.

Air Force Rome Lab (1994)[4][9]

In March 1994, system administrators at Rome Lab 4in New York found their network
under attack. The Air Force conducts investigation where two aliases were identified,
Kuji and Datastream Cowboy. Informants involved in the investigation had located
one of the hackers in the UK, who claimed that he had broken into various U.S.
military systems. With contribution of Scotland Yard, a 16 year-old British student,
who's alias was Datastream , was identified and arrested and pled guilty when he
attack South Korean Atomic Research Institution, while his "mentor" Kuji ,22 year-
old Israeli technician, is still free because due to e-crimes' short of laws in Israel .
The couple intended to attack sensitive sites like NATO headquarters, Goddard Space
Flight Center, and Wright-Patterson Air Force Base.

Eligible Receiver (1997) [4]
Eligible Receiver was the first Information Warfare (IW) exercise in America.
Thirty-five people participated on the Red Team 5over 90 days using off-the-shelf
technology and software that are freely available on the Internet at that time. The
scenario was a rogue state rejecting direct military confrontation with the United
States, while seeking to attack vulnerable U.S. information systems. Some of the
goals of the rogue state were to hide the identity of the attackers and to delay or

4
    Research and development lab run by the US Air Force located at Griffiss AFB in Rome, NY[8]
5
    Aims to "reveal weaknesses in current military readiness"[10]
deny any U.S. ability to respond militarily. They targeted in their attack power and
communications in some states.
 Eligible Receiver was an important and revealing exercise to deal with potential
attacks in the future.


Solar Sunrise (1998)[4]

The American Department of Defense networks were attacked using a famous -
UNIX-based- computer system. The attackers took advantage of vulnerability in the
Solaris operating system to plant a program for collecting sensitive data.
The attacks were located from many places around starting from America, Europe to
the Middle East, ending with Far East. Over 500 computer systems were
compromised in many levels.
Finally, the identity of the attacker revealed; two California High School students
were arrested and pled guilty. And again, their "mentor", an 18 year-old Israeli, was
also arrested and indicted too.

Moonlight Maze (1999) [2][12]
A series of organized attack, traced to Russia, was employed toward the American
computer system. No indications proved that the Russian military was involved, or
that the attack was originated from there.

Titan Rain (2003)[2][13]

In 2003, the American computer system was compromised by series of attacks that
differ in their nature and identity. The attack source was located in China, but the US
government didn't discover the identity of parties who involved in attack, assuming
that the attack originated form compromised by computers there.

However, in 2005, the identity of the attacker was revealed, and was associated with
China military hackers with intention to collect information regarding US systems.

Estonia Cyberwar (2007)[2][14]

On April 27, 2007 ,Estonia was under attack by Russia. The attack impact reached
                6
the "Riigikogu ", banks, ministries, newspapers and broadcasters. This attack was
a countermeasure by Russia due the Estonia attitude against some political issues.
DDoS 7 techniques were approached in this war ranging from to ping floods 8 to
botnets9 used for spam distribution.
However, due to the absence of the international agreements that forbids such ware,
Russia was not accused!

Kyrgyz Central Election Commission under attack (2007) [2]

Happened in December 14, during the election by the Estonian organization.



6
  Estonian Parliament.
7
  Distrusted Denial of Service.
8
  "The victim is overwhelmed with ping packets."[15]
9
  "collection of software robots, that run autonomously and automatically"[16]
Scientology10 web servers under attack (2008) [2]
A DoS was employed against the web server, originated from group of
anonymous.

Cyber Battleground of Palestine and Israel [11]

The murder of Palestinian child, Mohammed Addurrah , had triggered this war
between Arabs and Israeli hackers. In response, at 28th September 2000, Israeli
teenage hackers attacked Hezbollah and Hamas websites in Lebanon. A call for E-
Jihad was maid by the Palestinian. They attacked Israeli official Websites, Media,
technology, financial and telecommunication corporations. Hackers of all Arab
countries combine which cause Israel to loose the war.



Conclusion
"Our life has become totally bounded, dependent on cyberspace. Therefore, the
importance of that domain is not only for how we fight, but also for our way of life." -
Dr. Lani Kass. Cyber war is a very rich topic, and my future work will discuss the
awareness of how critical is this subject in Saudi Arabia, with a closer look to the
defense system in use.




10
     applied religious philosophy [17]
References
[1] www.security-gurus.de/papers/cyberwarfare.pdf - no information about the
author was available .
[2] http://en.wikipedia.org/wiki/Cyber-warfare
[3]Lt Col Lionel D. Alford, Jr., USAF (spring 2000),CYBER
WARFARE:PROTECTINGMILITARY SYSTEMS,
www.dau.mil/pubs/arq/2000arq/alford.pdf
[4] Hildreth, Steven A.(June 2001), cyber-warfare
[5] Shimeall, Timothy- Williams, Phil- Dunlevy, Casey (Winter 2002), countering
cyber war.
[6] www.cosc.iup.edu/iagroup/presentations/Cyber_Attacks.ppt
[7]Mcgregor,Pat (October 2001),Cyberterrorism: The Bloodless War?
[8] http://en.wikipedia.org/wiki/Rome_Air_Development_Center
[9] http://en.wikipedia.org/wiki/Eligible_Receiver_97
[10] http://en.wikipedia.org/wiki/Red_Team
[11] Khan, Zubair , CYBER SKIRMISHES
[12] http://en.wikipedia.org/wiki/Moonlight_Maze
[13] http://en.wikipedia.org/wiki/Titan_Rain
[14] http://en.wikipedia.org/wiki/Estonian_Cyberwar
[15] http://en.wikipedia.org/wiki/Ping_flood
[16] http://en.wikipedia.org/wiki/Botnet
[17] http://en.wikipedia.org/wiki/Scientology
[18] http://forum.sh3bwah.maktoob.com/t116175.html
[19] Laura S. Tinnel, O. Sami Saydjari, and Dave Farrell ( June 2002), cyber war
strategies and tactics, an analysis in cyber war techniques , strategies and tactics.
[20] http://members.impulse.net/~sate/infocon.html
[21] http://nostalgia.wikipedia.org/wiki/Vandalism
[22] http://www.isp-planet.com/news/2002/vandals_021022.html
[23] http://www.zone-h.org
[24] http://en.wikipedia.org/wiki/Denial-of-service_attack

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:12/29/2011
language:English
pages:14