Cyber Warfare

Document Sample
Cyber Warfare Powered By Docstoc
					CHANGING PERCEPTIONS OF
    CYBER WARFARE
         Presentation
   Higher Command Course
   Army College of Warfare
       18 October 2003
Genesis of the Internet
   Rand thesis
   Internet a product of the cold war
   Paradigm shift – hierarchical to
    networking
   Advent of WWW
   Gift of TCP/IP to public domain


                                         2
CYBER ABUSES

CYBER TERROR       SPYING
CYBER FRAUD        SPOOFING
CYBER LAUNDERING   SNIFFING
CYBER INFRACTION   SPAMING
CYBER HACKING      SPINNING
CYBER PHREAKING    STALKING
CYBER HACTIVISM    SEEDING (Viruses,
                     Worms & Trojans)
                                        3
Maxim

 The Internet is the high ground and a
 first termer in NDA will know that the
 first lesson that one learns is to occupy
 high ground and hold it under all costs.




                                        4
5
Cyber Terrorism Threat
   The most potent threat vector.
   We are victims of polemics and politics of
    definitions. What is terrorism? Is cyber
    terrorism a hype or for real?




                                            6
    CYBER TERRORISM
   According to National Information Protection Centre
    (NIPC), ”Cyber terrorism is an act through computers
    that results in violence death and/or destruction and
    creates terror for the purpose of coercing a government
    to change its policies.”
   “Cyber terrorism is the premeditated, politically
    motivated attack against information, computer systems,
    computer programmes, and data which result in violence
    against non combatant targets by sub-national groups or
    clandestine agents”                                       7
Cyber      Psywar zoom
   Cyber anarchy is a vested interest.
   Anthrax, SARS and Melissa are more
    psychological than physical.
   We are in permanent and perpetual state of
    threat.
   The Motto: “We need to give them back,
    something to live for, instead something to
    die for.”
   Cyber security is now a big business

                                              8
Cyber enabled
Terror InfoInfra
   Terror threats.
   Propaganda and psyops.
   Communications; crypto, stegano, PGP
   Money laundering, hawala.
   WMD Int, tech snooping, contact with hackers and
    criminals.
   Proxy operations.
   Transacting, shopping and scheduling in
    contrabands, drugs and weapons
   Clandestine meetings and RVs, ICQ, IRC

                                                       9
Cyber Terrorism Threat
(Contd)
   Asymmetric warfare anchors on
    unpredictable “the unknown unknown.”
   Both the perpetrator and the victim deny
    the impact if not the criminal/terror act.
    A virtual attack may coincide with real
    one, e.g. imagine mayhem if Code Red
    and 9/11 were mounted simultaneously



                                             10
                                                                                <whitehouse.gov>
                   -----------




                        2. The worm
                        propagates to other
1. Unknown
                        vulnerable servers,
hacker sends
                        turning them into
Code red worm
                        dummies that infect   3.   …Code red ceases to proliferate, and
out onto the
                        other servers. And    the numerous dummy servers turn to
Internet to find
                        this process          attack the White House website,
a vulnnerable
                        continues             attempting to overwhelm its server with
host server
                        exponentially         junk communications                     11
Surveillance & Security
Industry
 The digital surveillance and security
 industry is spurting sharply.


 It is expected to cross $50 billion
 mark worldwide by 2008.



                                         12
Threats to Infrastructure
   The physical infrastructure threat.
   Ranges from compromising critical
    systems to severely affecting them.
   Critical physical infrastructure, e.g.
    power grids, water, railways, dams,
    hospitals, oil pipelines, TV and AIR
    stations, telecommunications, air traffic,
    or any other networked system.

                                           13
Scepticism
 “To us cyber terrorism is a lower-level
 threat”
             Marcus Kempe,
             Director Operations,
             Masachusetts Water Source Authority




                                             14
Vitek Borden Exploit
 A hacker Vitek Borden succeeded in
 releasing a million litter of sewage into
 the water supply in Australia after 44
 attempts




                                         15
India’s SCADA Systems
   SCADA stands for Supervisor Control and
    Acquisition of Data – these are systems that
    are cybernated or computer controlled/
   30 percent of such networks are accessible by
    modems connected to public switched
    telephone networks.
   Employees are lax about manual backup.



                                              16
Threat to Data
   Compromising critical computer systems
    to steal or irreversibly damage vital
    data. More pronounced against military,
    R&D, defence production and other
    sensitive data.
   More critical the data, greater the
    vulnerability.

                                        17
THREATS TO INDIAN
CYBERSPACE
   Muslim Hacker Club
   Al Qaeda network
   ISI covert Internet-enabled spy
    network. ICT exploitation tactics.
   Pak “G” Force, mOs, WFD, PHC and
    Silver Lords
   LTTE cyber hactivism.
    Mercenary hackers.
                                         18
19
Cyber Crime – Wide Canvas
   Rampant misuse and abuse of e-banking and
    e-businesses.
   Unauthorized access to data.
   Forgery of digital signatures.
   Infringement of intellectual property rights
    covering patents and trademarks.
   Fraudulent subversion of electronic payment
    systems.
   Spamming.

                                             20
Cyber Crime (contd)
   Wars over domain names, browsers and
    portals.
   Monopoly practices.
   Commercial spying.
   Porno
   Growing menace of intruders,
    masqueraders, and saboteurs in the
    cyberspace.

                                     21
                                 Security Breaches (1997-2001)

                     100
(% of Respondents)




                      80
                                                                                                     1997
                      60                                                                             1998
                                                                                                     1999
                      40                                                                             2000
                      20                                                                             2001

                       0
                           DoS   Laptop Unauth   Virus    Sabotage   IPR    System Telecom Fin
                                        Access                       theft penetration fraud fraud

                                                         Respondents          1997 98 99 2000 01
CSI/ FBI 2001 Survey                                                          484 583 460 428 503


                                                                                                     22
     Threat Perception by US Defence Science Board in 1996

             High
                            State
                          Sponsored
                                                                  2004

                          Terrorist
Potential
damage
                                                          2000
                           Espionage



                                        1996

                                               Criminal
                                                                 Individual
                                                                   hacker


            Low


                    Low                                                       High
                            Probability of Occurrence


                                      Source : Jane’s Intelligence Review, Dec
                                                                          2000

                                                                                     23
24
CYBER SURVEILLANCE
 Systematic observation of cyberspace by
 surfing, sniffing, snooping or other means.
 primarily for the purpose of locating,
 identifying,    determining,    profiling   and
 analyzing by all available and predictable
 means the transmission of e-mail, movement
 of packets, file transfer, e-money transactions
 and subversive activities of criminals, cyber
 terrorists,    hostile       regimes      and
 intelligence agencies.
                                            25
CYBER SURVEILLANCE
  It equally applies to watch over
 friendly elements to anticipate and
 prevent cyber crime and social abuse,
 carry out counter surveillance and find
 holes in own procedures and systems of
 cyber security



                                     26
CYBER INTELLIGENCE

   Cyber Intelligence is open-source information
    minus noise, gathered over the Internet
   The product resulting from the collection,
    processing, integration, analysis, evaluation
    and interpretation of available information
    concerning hackers, criminals, terrorists,
    hostile countries and cyber operations.



                                              27
                CYBERINT
                       INT ON
                SECURITY PRODUCTS
 HACKERINT                                   TERRORINT


COMMERCIAL                          CYBERCRIME INT
& TRADE-
INT                   CYBERINT



 E-MAIL                                      SPYING
 INTERCEPTION                                SNOOPING
                OPEN INTELLIGENCE            SNIFFING
                COUNTRIES OF INTEREST
     WEBINT                             BB
                       IRC   ICQ                  28
29
            Sun Tse Precepts
             in Cyber Arena
   PLA’s capabilities to spy in cyberspace is next
    only to Echelon and that of waging cyber war
    and protecting cyber assets next only to
    NATO.
   The scope of Chinese Information warfare
    spreads over a wide canvas, military, social,
    economic and political.
   Encompasses electronic warfare, attacks on
    “human cognitive systems,” cyber, signal and
    signal deception, strategic deterrence,
                                               30
Cyber Warfare is all Deception
      and Ess Abuses
 propaganda warfare, psychological warfare,
 network warfare, structural sabotage and
 trade warfare.
#The    Chinese     have   no     compunctions
 whatsoever for employing dubious tactics,
 machinations and subterfuge, e.g invasion of
 adversaries’ financial systems, use of
 computer      viruses,   human      sabotage,
 disrupting enemies’ economies, or spreading
 rumours over the Internet and thus
 psychologically impacting society.
                                           31
Doctrine and Training
    “PLA has successfully integrated the latest
     C4ISRT (Command, Control, Communications
     and Computers Intelligence, Surveillance,
     Reconnaissance     and    Targeting)    and
     information warfare techniques into its war
     doctrine.”

   The Chinese have been conducting training in
    cyber warfare.


                                             32
Sino-Taiwanese Cyber War
         1997-99
@Eversince 1997 the Taiwanese and Chinese
 armed forces have been preparing openly for
 a long drawn hacker war.
@“The wolf has already come. Pick up your
 hunting rifle!”
@The most serious attack has been that of the
 Chernobyl virus, written by a Taiwanese
 computer engineering student, Chen Ing-hao.
@The virus reportedly impaired 3,60,000
 computers in China and caused $120 million
 in damage.
                                          33
Cyber War -1
@Whereas China accused Taiwanese
 complicity, the Taiwanese authorities
 maintained that it was an individual act
 of crime.
@The Guaangzhou Military Region, which
 includes the South China Sea Fleet and
 the Second Artillery units, was hit and
 was paralyzed.
                                      34
Cyber War-1
@A state of emergency was declared
 placing the Nanjing Military Region and
 the East China Sea Fleet on second-
 degree combat readiness. This was the
 first time China’s military entered a
 second degree combat readiness since
 the death of Deng Xioping in February
 1997.

                                     35
Cyber war-1
@ After the incident, the State Council and the
 Central Committee Military Commission
 promptly ordered the formation of a task
 force composed of General staff Intelligence
 Department, General staff Technology and
 Communications Department, Ministry of
 Defence        Technological      Intelligence
 Department, Institute of Military Sciences’
 Special Technologies Department (also known
 as Department 553), and Ministry of
 Security’s Security Bureau.
                                            36
   China is reportedly considering developing a
    fourth branch of its People's Liberation Army
    devoted solely to cyberwarfare.
    "China’s military planners recognize that...
    over-dependence on information systems is a
    potential weakness... Combining information
    warfare - such as computer hacking - with
    irregular special and guerilla operations,
    would allow China to mount destructive
    attacks within the enemy’s own operations
    systems, while avoiding a major head-on
    confrontation." (For more on prospective 37
China’s Cyberwar Strategies
 For more on prospective Chinese
 cyberwar strategies, read Unrestricted
 Warfare, a book of military proposals
 written by two young Chinese military
 officers in February 1999.




                                      38
Sino-US CYBER WAR 2001
   This war started as a sequel to the collision
    between American military surveillance plane
    and the Chinese fighter jet on April 1, 2001.
   China launched massive attacks agains US
    Websites including those of
   It's (Cyber) War: China v. U.S.
     Crackers Expand Private War
     FBI Warns of Chinese Hack Threat

                                               39
Cyber War-2
 The Xinhua News Agency reported that
 U.S hackers have defaced the websites
 of the provincial governments of
 Yichun, Xiajun and Beijing, the Deng
 Xiaoping police force,the Tsinghua and
 Xinjiang Universities, and Samsung's
 and Daewoo Telecoms' Korean sites.


                                     40
Cyber War-2
 FBI-led National Infrastructure
 Protection Center (NIPC) confirmed that
 Chinese hackers had been active in
 launching Web defacing and
 distributed-denial-of-service attacks on
 the Department of the Interior's
 National Business Center, the U.S.
 Geological Survey's site and Pacific Bell
 Internet Services
                                       41
       National Security
    Presidential Directive 16
   President Bush signed a directive in July
    2002, ordering the government to
    develop a cyber-warfare guidance plan.
    The strategic doctrine would detail
    when the U.S. would use cyber attacks,
    who would authorize it, what
    constitutes legitimate targets, and what
    kinds of attacks -- Denial of Service,
    hacking, worms -- could be used.

                                          42
The Fifth Dimension
   The U.S. government and military have been
    studying the possibility of cyberwarfare for
    years, although it has only recently become a
    realistic threat. The U.S. military is convinced
    that "operations within the information domain
    will become as important as those conducted
    in the domains of sea, land, air, and space."
    (Source: Joint Vision 2020).


                                                 43
   The full extent of the US cyber arsenal is
    among the most tightly held national security
    secrets. But reports point to a broad range of
    weapons under development, including use
    of computer viruses or "logic bombs" to
    disrupt enemy networks, the feeding of false
    information to sow confusion and the
    morphing of video images onto foreign
    television stations to deceive.

                                                44
Maxim
   An extraordinary amount of detailed
    intelligence is needed about a target's
    hardware and software systems for
    mounting a large scale cyber attack.
    Commanders must know not just where
    to strike but be able to anticipate all the
    repercussions of an attack.


                                            45
Indo-Pak Cyber War
* It’s desi hackers vs rediff.comPak G
  Force. N Vidyasagar The Times of India
   www.ofbjp.org
 * War in Cyberspace, Priya Ganapati,
  www.rediff.com




                                      46
Al Qaeda – ISI Gathbandan
   Al Qaeda uses simple hacking tools, e.g.
    LOphtCrack that can break 8 letter/figure
    password in two minutes. The tool is freely
    downloadable.
   Al Qaeda doing recce of critical infrastructure
    in particular that of US, Russia and India.
   Technical expertise: Khaled Sheikh
    Mohammad studied engineering in a
    university in North Carolina
                                                 47
Gathbandhan (contd)
   Some experts had training in computer
    security. ISI ran classes at Qandhar and
    in Malaysia under Muslim Hacker Club.
    Reports suggest revival.
   All money movement is done by e-mail
    and hawala. None dare burst it
   Al Jazeera still gets tapes. Tapes Trail
    remains uncompromised

                                         48
Al Qaeda connection
   A hacker in US opines, “Al Qaeda as a
    network has known connections to ISI. ISI
    has contacts with hacker groups operating
    agaist other targets, The belief is that if you
    accept that there is connection between Al
    Qaeda and ISI and ISI is operating against
    for example India, then Al Qaeda (even in its
    present state) would be able to gain access
    to computer hacks and plan operations”

                                                 49
It may well happen in India
   Someday Al Qaeda, if it is still alive and
    operating will use cybespace as a
    vehicle for attacking infrastructure, not
    with bombs but with bytes. It would
    inflict biggest possible damage with
    least possible investment.
                      Richard Clarke
                  Presidential Adviser
                for Cyberspace Security
                         (2001-2003)
                                            50
Hato Ashwathama
          Let us not be naïve.
  There are no ethics in cybersociety
   War will continue to be between
             belief systems
   Flesh and silicate pitched against
           flesh and silicate


                                        51
52
Technologies and Tools
   Black bag jobs
   Packet Sniffers
   Carnivore
   Red and Blue Pill
   Trap and Trace
   Omnivore
   Genoa
                         53
Technologies and Tools
(contd)
   Protocol Analyser
   Blackice Defender
   Dsniff
   Ethereal
   Spyware, e.g. spyBuddy
   AntiSpy software


                             54
Blackbag Jobs
   A black-bag operation is a secret break-in by
 a law-enforcement or intelligence
 organization. It involves secret search of
 suspected locations, copying files or other
 materials. Besides scrounging trash, elect-
 ronic and physical surveillance, pen-tests
 are part of the game. The search sometimes
 leads to what the hackers call “Rat Racing.”


                                             55
PACKET SNIFFER
 A packet sniffer is a wiretap device that plugs
 into a computer network and eavesdrops on
 the network traffic. Like a telephone wiretap
 that allows an intelligence agency to listen in
 on the conversations, sniffer programme lets
 someone listen in computer conversation.

 Carnivore is one such packet sniffer or packet
 filter.
                                             56
CARNIVORE: A PACKET
SNIFFER
  Carnivore acts like a “packet sniffer”
 down into bundles called "packets".
 Carnivore eavesdrops on packets that
 all Internet traffic is broken into and
 watches them go by, then saves a copy
 of the packets it is interested in.



                                     57
Carnivore
   News of Carnivore broke in July 2000.
   Public furor. How voracious Carnivore could
    get? Can it vacuum up Internet comns from
    innocent users? How frequently is it used?
    What is the legal basis? Is it permanently
    hooked up?
   FBI came clean or did they? “Designed to
    conduct efficient wiretaps of e-mail and
    online communications involving suspected
    hackers, terrorists and other criminals.”
                                              58
CARNIVORE
  Carnivore is packed in a slim laptop and
 is described as “a tool within a tool”
 that enables the FBI, in cooperation
 with an Internet Service Providers
 (ISPs) to collect counter-intelligence by
 tapping e-mails or other electronic
 communications of targeted user. This
 is done on the court orders. Carnivore
 is used in two ways, viz. as a
 "content-wiretap" and a “trap-and-
 trace, pen-register.”
                                       59
    CARNIVORE
    BOX

  Hardware
Authentication
   Device
                  Windows NT or Windows 2000
                 Box with 128 megabytes of RAM
                 A Ppentium 111, 4-18 gigabit of
                  disk space and 2 G Jaz Drive     Network
                                                   Isolation
                                                    Device



                                                               60
Carnivore Box
   A COTS (Commercial Off The Shelf) Windows
    NT (or Windows 2000) box with 128-
    megabytes of RAM, a Pentium III, 4-18
    gigabytes of disk space, and a 2G Jaz drive
    where evidence is written to
   The software is written in C++

   The box has no TCP/IP stack, and therefore it
    is hack-proof.

                                              61
Carnivore Box
   A hardware authentication device to control
    access to the box, preventing personnel from
    accessing the device without leaving telltale
    signs. It is a "network isolation device", which
    is probably a Shomiti or NetOptics tap.
   Some units are rumored to have dial-in
    modem ports, but it seems that the standard
    procedure is to have an FBI agent come in
    daily to exchange the Jaz disk for a fresh one.

                                                62
RED AND BLUE PILL
   Carnivore comes in two pills, the “Red” one
    and the “Blue” one The former is
    administered when the ISP claims that it
    cannot or will not comply with the court
    order. The Blue Pill is a sophisticated
    Carnivore programme that scans only e-mails
    where     the   ISP    cooperates    for   an
    investigation. The FBI explains the origin of
    the codename: "Carnivore chews all the data
    on the network, but it only actually eats the
    information authorized by a court order.
                                              63
   TRAP AND TRACE

 A less invasive wiretap that courts in the US allow without
probable-cause. A pen-register records just the telephone
numbers of inbound calls to a suspect.




                                                               64
IP Sniffing OMNIVORE
 Earlier, the FBI was using Carnivore in a
 mode they call "Omnivore": capturing
 all the traffic to and from the specified
 IP address. There are numerous
 products that can fulfill these types of
 requirements. The easiest is the
 freeware program known as TCPDUMP,
 which is available for both Windows and
 UNIX.
                                       65
DARPA’s GENOA

   CARNIVORE is now known as DCS 1000
   Effectiveness under doubt
   Genoa provides a cutting edge search
    engine, sophisticated information
    harvesting programme and P2P
    computing methods.
   Still in experimental stage.

                                      66
PROTOCOL ANALYSIS
 Network wiretap comes with a feature called
 “protocol analysis,” which allows them to decode the
 computer traffic and make sense of it. Network
 sniffing has a distinct advantage over telephone
 wiretaps as many networks use shared media
 dispensing the need to break into a wiring closet to
 install the wiretap. This can be done from any
 network connection and is called promiscuous mode
 sniffer. However this shared technology is fast
 changing to switched technology, which implies that
 sniffer would have to actively tap the wire.


                                                  67
         BLACKICE DEFENDER
 BlackICE Defender" has a feature called "Packet Logging". It monitors
all traffic to and from the machine and saves it directly to disk just like
Carnivore. This feature could be used when there is apprehension of
being subjected to an attack. The popular freeware utility known as
"Ethereal" can then be used to display the contents of this data. IP
fing may also be done in a pen-register mode. Many packet sniffers
could be used for this capability.

 ICE stands for Intrusion      Countermeasures Electronics.

                                                                     68
Ethereal
   Described as sniffing the glue that holds the
    Internet
   It is a freeware, network protocol analyzer for
    Unix or Windows.
   It allows examination of data from a live
    network
   Interactively browse the data.
   View summary and detailed description of
    each packet

                                                69
 dsniff
Dsniff is a collection of tools for network
auditing and penetration testing.dsniff,
filesmart, mailsnarf, msgsnarf, urlsnarf, and
webspy passively monitor a network for
interesting data, e.g password, e-mails, files
etc. Its avowed purpose is to create security
awareness. However significantly, it provides
useful sniffing/wiretap utilities to hackers that
are claimed to be more advanced than
Carnivore.
See http://www.monkey.org/~dugsong/dsniff/

                                                    70
dsniff Websites
   www.monkey.org
   www.datanerds.net
   www.ethereal.zing.org
   www.sysadmin.oreilly.com
   www.freshmeat.net
   www.groar.org
   www.packages.debian.org
                               71
dsniff Websites (contd)
   www.science.uva.nl
   www.cvsweb.netbsd.org
   www.rpmfind.net
   www.linuxsecurity.com
   www.packetstormsecurity.nl
   www.itworld.com
   www.online.securityfocus.com


                                   72
Spyware
    - Capture & record every IRC.
    - Capture & record banking information
    - Capture & record passwords
    - Capture & record everything typed or
      clicked on computer
   Some of these software products have the
    ability to send the above information covertly
    via email !
   If you bank online or access password
    protected material, your passwords or private
    banking information can be exposed!
                                               73
SPY SOFTWARE
   Downloadable, worth 40 dollars or so
   Monitor home PC from workplace or
    vice versa
   Features:
   Real-time remote keystroke viewing
   Remote desktop viewing
   Remote application and task management
   Remote open windows management


                                             74
Spy Software
SpyBuddy
   Internet Conversation Logging.         Ability to
    log AOL/ICQ/MSN/AIM chat conversations.
   Disk Activity Logging.        Record all changes
    made to the hard drive, e.g. directories and files,
    created, deleted or renamed.
   Window Activity Logging
   Clipboard Activity Logging
   Website Activity Monitoring

                                                          75
SpyBuddy
   Printed Document Logging
   Keystroke Monitoring
   Screen Shot Capturing
   Webwatch Keyword Alerting




                                76
Remote Capture
   Remote system information viewing.
   Remote file system navigation
   Remote locking control
   Remote Internet connection monitoring
   Document history viewing
   Mouse freeze control
   Remote Website launching.
   Remote application launching
   Remote shut down

                                            77
Anti-spy software
   SpyCop
   X-Cleaner
   Anti-keylogger
   Nitrous Anti-spy
   Evidence Eraser software, e.g.
    Window washer
    Evidence Eliminator Pro
    Evidence Terminator

                                     78
Anti-Spy Software
SpyCop
   Find computer monitoring programmes used
    for spying.
   Allows you to rename any suspect files
   Minimizes software while scanning so you can
    do other things!
   You can right click on files in explorer and
    scan them for spyware!
   Single file scan function built in complete with
    browse capability
   Save results to a text file for future reference
                                                 79
SpyCop
   Print the results directly from the software
   SpyCop icon deters spyware installation
   Finds when a spy programme was installed.
   Checks if a spy programme is detectable with
    database search
   "LiveUpdate" feature to instantly update
    database without re-downloading!
   Unrecognizable to most spy programmes.
   A screensaver which scans the system when
    the user is absent.
                                             80
   Virus scanners don't detect spyware &
    Firewalls don't stop it!
   Many think someone needs access to your
    computer to install spy software. This just
    isn't true.
   Now there are hybrid versions that can be
    sent to you just like a virus in email.
   Why aren't more people upset about
    spyware?

                                                  81
82
Hacker (and terrorist) profiles are
 created not by identifying real
    evidence, but by probing
  scenarios, resemblances and
          similarities.

                     Vranasvich




                                      83
PROFILING & TRACKING
TERRORISTS
   Est virtual identity before real identity.
   Exploit inter group rivalries
   Catalogue ustad-shagird relationship.
   Model “terror family” tree.
   Bio-print
   Psy-print.
   Form chain of custody of exploits.
   Become a chameleon
   Play KOOTNITI
                                                 84
                                                145.640              EWCC
                                                145.650
                                                                 LTTE NETWORK
JAFFNA           MULLAITTIVU                      9    11       12
                                            6
1.AMMA           1. AC                5                              15                                                                                                TRINCOMALEE
2. ARASU         2. AIERISH   3                                                                                                                                        1. BONAT
3. BANU          3. ALFA                                                   16                                                                                          2. CHITRA
4. BURMAN        4. ALLEN   1                                                                                                                                          3. DAYA
                 5. BALRAJ                                                                                      11       7
5. CALIFORNIA                                                                                                                  6                                       4. DEEPAN
6. CHICAGO       6. CHANDRU                                                                                                         3                                  5. GURUJI
                                                                                                                                           2
7. ESHWARAN      7. CHARLIE                                                 2       8        10                                                                        6.JENA
                                                                                                                                                1
8. KENNEDY       8.CHINANNA                                                                                                                                            7. MAINDAN
9. LOSANGELES    9. DHANAM                                                                        13                                           143.390                 8. MICHAEL
10. MADI         10. DIVAKAR                                7                                                                                  144.390                 9. MOHAN
11. MOSCOW       11. FORK                                                                                                           1          145.390
                                                                JAFFNA
                                                                                                       14                                                              10. NATHAN
12. NAKULAN      12. IAN                                                        4                                                                            144.440   11. HIMAN
                                                                                    145.620
13. RAHIM        13. KAMAL                                                                                                                               1             12. RADUMAN
14.SENTHIL       14. KUMAR                                                MULLAITTIVU                                                                                  13. RAMESH
15. VINCENT      15. MAHENDI                                                            15    5    9    10 13        4    17                                           14.SHARAD
16. WILSON       16. MURALI                               KILINOCHCHI                                                                                                  15. SURENDRAN
                                                                                                                                                                  1
                 17.PASILAM                                                                                              146.310/144.310            1
                                                                                        143.310
MANNAR           18.PULLIANDI                                                                   16
                                    MANNAR                                              144.310           146.310/144.440
1. KALI
                                                                                        145.310
2. NE         BATTICALOA
3. N7         1. AGATIAR                                                                                     5   6    7    8
                                  1   3                                           TRINCOMALEE           4                     9
4. TIMBU      2. DILIP        2                                                                    2                              11
                                                                      144.850                                                        12
              3. KANDAN                                                                       1                                         14
                                                                      144.750
VAVUNIA       4. KARIHALAN                                                                 13                                              15
1. BAHIR      5. KUMAR                      144.820 7 6 5144.850   1
                                                                       3                                                                     3
2. DAYABARAN 6. NATHAR                              8     2    6    8      2
3. JESSIE     7. NEWTON             4                 1                  10
4. KANNAN     8. RAJAN                            7                          12           BATTICALOA
5. MAIN       9. REAGAN         145.450                          4
                                               5                                                                          144.550/145.550
                                                                                9 145.350                           10
6. MAHENDRAN 10. SABASAN                   144.820
7. N 37       11. SIVAN                    143.660           4
                                                                                  145.630
8. SENDAN     12. SURAN                      VAVUNIYA                     3 145.630
                                                      144.820
9. SHANKAR                                                                                      1
                                                                                                                          11        3 147.430
10. SUSI
11. VIBULAN           JAFFNA                                       11                             146.910
12. VILLAI                                                                                      8                                                                        145.650
                                                                                                                         2
                      KILINICHCHI
                                                                                                    145.590
KILINOCHCHI
                      MANNAR                                                                               9       7         145.810
1. ALEX                                                                                            6                      10
                                                                                                                                  12
2. GRACY                                                                                                            146.850
3.. KEEDAN            MULLAITTIVU
                                                                                                                    146.910
4. PARMALINGAM
5. RADHAN             TRINCOMALEE
6. RANJIT
                      BATTICALOA                                                                                 4
                                                                                                                       144.440                                                     85
7.ROBIN
Udhayan,,         Sivarasan @ Raghuvaran,
Easan             the 'one eyed Jack',
Kumar .
Captain David .
Kiruban,          Ravi @ Ravichandran
Thavoor,          Suchindran @ Mahesh
Das,              KP @ T.S.Kumaran
Romeo,            A.S.Shanthakumar @
Menon,            Rajan,
Kesavan,          Easan @ Easwaran ...
Pathi             Sigirthakumar,
Raththi
Dixon                                       86
E IDENTITY TO REAL
IDENTITY
   Udhayan, Responsible for fabrication of Arul
    - 89 RPG shells,
   Easan. Incharge of hawala transactions.
   KP. Highest functionary in SE Asia.
   Kumar. Assistant of 'KP' in South East Asia.
   Captain David. Commander LTTE fleet of
    three vessels including Elusia and Sea Bird.
   Dixon. Communication expert
   Pottu Amman, Intelligence Chief

                                              87
ISI: Cyber Surveillance
Profiling
   ISI has set up a special wing called
    National Response Centre for Cyber
    Crimes (Associated Press, March 13,
    2003). “Earlier it had to rely on US
    investigators to trace e-mails sent by
    the kidnappers of Danial Pearl”




                                             88
GLOBAL INFORMATION BASE
   USAF Project
   Applied System Intelligence Inc. (ASI)
   KARNAC (Knowledge-Aided Retrieval iN
    Activity Context.
   Anchored on bunch of technologies and
    Database Management Systems
   Detect, identify and corroborate impending
    t5errorist operations interalia missions of the
    like kind

                                                 89
SOFTWARE JUNGLEE
   Produced by Bangalore-based company
    Stratify
   It sifts through myriad of unstructured
    information pieces that stream into CIA.
   It goes through e-mailsw, letters and even
    rumours sent in by the CIA operatives to lend
    aq logical pattern and coherence.
   Software understands different languages
    including Persian, Arabic and German.
   Funded by In-Q-Tel
                                              90
CYBER COPS
   In 20001, National Science Foundation
    announced a scholarship programme for
    training cyber cops.
   200     students     bachelor's degrees   in
    information technology and computer security
    at six U.S. universities.
   Graduates must work for the government for
    one year for every year of scholarship
    support they receive.


                                             91
Universities involved
in the Project
   Designated "Centers of Excellence" by the
    National Security Agency. They are
   Iowa State,
   Purdue University.
   The University of Idaho.
   The University of Tulsa.
   The Naval Postgraduate School.
   Carnegie Mellon University, which is also home to the
    government's CERT Coordination Center, formerly
    known as the Computer Emergency Response Team.

                                                     92
93
Electronic
Communications Privacy
Act (ECPA)
   Pronounced (ek-pah). This law was designed
  to clarify how existing wiretap laws apply to
  cyber space, but at the same time sets
  boundaries on how much the government
  could intrude into on-line privacy. Commonly
  called "Internet wiretap law" The law was
  originally promoted by privacy and civil rights
  organizations. However, subtle changes that
  made it into the final version ended up being
  what privacy advocates called "a wish list for
  the law enforcement community"
                                              94
FISA-1978
   Stands for Foreign Intelligence Surveillance
    Act. It establishes va legal regime for foreign
    int separate from ordinary lawenforcement.
   Deter-neutralize-exploit
   Special courts
   FII Foreign Intelligence Information is
    defined.
   FISA allowsb surveillance without court order

                                                 95
CALEA-94
Communications Assistance for Law
Enforcement Act (CALEA) commonly
called     Digital telephony law was passed by
the US Congress in 1994 to allow law
enforcement to tap digital lines with the same
ease in which they were tapping analogue
lines. It required phone companies (common
carriers) to make sure their systems would
support wiretapping. This required existing
systems to be retrofitted (estimated cost:
$500 million) as well as to support new
technological developments in wiretapping.96
Patriot Act - 2001
   Broadly expands law enforcement
    agencies’ surveillance and investigative
    powers.
   Aim is to intercept and obstruct
    terrorism
   Contradictory views expressed on the
    threats to security viz threats to privacy

                                            97
How is it different?
   Makes it easier for the investigative agencies
    to use FISA to circumvent Title 111.
   FISA courts can allow roving surveillance
   The standard under which FISA pen/trap
    orders can be obtained is much lower
   Pen/trap orders apply to both wire and
    electronic comns.
   When obtained all pen/trap orders are valid
    throughout the US

                                                98
Regulatory Investigative
Powers (RIP) of UK.
 RIP mandates black-boxes to be permanently
 located at all ISPs, unlike Carnivore, where
 boxes have to be brought on site for each
 investigation and removed when the
 investigation is done. Like Carnivore, a court
 order is needed. The technology provides an
 effective    mechanism      to    bypass    a
 constitutionally required process of court
 authorization for wiretapping of electronic
 communications.

                                            99
SORM OF RUSSIA
  SORM is a Russian acronym for System of
 Ensuring Investigative Activity. The regulation
 requires all ISPs to install a “black box”
 rerouting device and to build a high-speed
 communication line, which would hot-wire the
 provider, and of necessity all Internet users
 to FSB headquarters. FSB is the successor
 agency to KGB. The agency needs a warrant
 but that is more of a formality that can be
 easily dispensed with because of the
 provision to reroute transmissions in real time
 to FSB offices.                              100
Indian Scene
 Section 167 (2) (a) of the Code of Criminal
 Procedure has been amended in Andhra
 Pradesh to make the production of the
 accused for the purpose of remand through
 video linkage as valid. But for such law, the
 physical production of the accused for the
 purpose of remand would have been
 mandatory. Similarly, recording of evidence
 through video-conference has been permitted
 by the Calcutta High Court.

                                          101
102
Let us therefore
   Fix the enemy in time and space (Cyber and
    geographical.
   Develop indigenous software that facilitates
    humans and machines to think and act
    together. Software that is:-
    - Collaborative
    - Coordinative
    - Cognitive
    - Comprehensive (Total Information
                        Awareness)
    Destroy, disrupt, deface, deny enemy’s ICT
    and cyber assets/access
                                               103
Let us therefore
   Raise cyberCops.
   Revamp our intelligence agencies with intake
    from technical graduates, preferably trained
    in IT, biometrics, communications,
    bioinformatics and cryptography.
   In the army, convert Intelligence Corps into
    a technical arm.
   Create expertise within the Services and the
    DRDO.
   Promote R&D in our training institutions
                                             104
Recommendations (contd)
   * Creation of a "cyber court" to preside over
    computer crime.


   * Increased participation and data sharing
    between the services and between the
    services and the Defence Ministry,
    particularly from the top down.


   * Creation of a National Infrastructure
    Protection Center.
                                              105
And lastly
     Shed anti-technology mindset
                 and
           stop glorifying
        technology illiteracy
                 and
               humint


                                    106
Concluding Remarks
   India not only needs cyber warriors
                 but also
           cyber commanders
      whose cerebrums are ticking
             and net-worked,
        and not clogged by trivia.

       Tasmaad uttishth Kauntay
         udhay krit nishchaya
                                         107
108

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:4/14/2013
language:Unknown
pages:108