Cyberterrorism.ppt by lovemacromastia

VIEWS: 20 PAGES: 39

									FEDERAL BUREAU OF INVESTIGATION
Cyber Division
FBIHQ

Cyber Attacks:
The Next Frontier
Presented by SSA Robert Flaim
                         “The nation is vulnerable to new forms of terrorism
                          ranging from cyber attacks to attacks on military
                          bases abroad to ballistic missile attacks on U.S. cities.

                          “Wars in the 21st century will increasingly require all
                          elements of national power – not just the military. They
                          will require that economic, diplomatic, financial, law
                          enforcement and intelligence capabilities work
                          together.”




Secretary Rumsfeld address to the National Defense University, January 31, 2002.
                Discussion

 Critical Infrastructures

 Terrorist Internet Exploits

 Tactics and Strategy
      Critical
  Infrastructures
Where the Crown
  Jewels Are
Imagine Planning for These Contingencies

                 ATM
                Failures
                                     Telephone Outages
Power Outages
                                                                  World Trade Center

        Poisoned Water Supply

                                        Bridges Down                            Airliner Crash




                                Oklahoma City                ISPs All Offline




                                         Oil Refinery Fire              911 System Down



                Unrelated Events or Strategic Attack?
Using Our Systems Against Us
   Aircraft – Pentagon/Twin Towers


   Mail distribution network – Anthrax


   Computers – next step ?
Real World Example – Australia
2000
Maroochy Shire Waste Water Plant – Sunshine
Coast
   – Insider
   – 46 intrusions over 2 month period
   – Release of sewage into parks, rivers
   – Environmental damage
Real World Example – USA 2001
San Francisco FBI Field Office Investigation
   – Internet probes from Saudi Arabia, Indonesia,
     Pakistan
   – Casings of web sites regarding emergency telephone
     systems, electrical generation and transmissions,
     water storage and distribution, nuclear power plants
     and gas facilities
   – Exploring digital systems used to manage these
     systems
Why Cyber Attack on Critical
Infrastructures?
    National Security
    – Reduce the U.S.’s ability to protect its interests
    Public Psyche
    – Erode confidence in critical services and the government
    Economic impact
    – Damage economic systems
    Enhancement of Physical Attacks
    – Physical damage/distraction efforts
    Asymmetric Warfare
    – Lack of attribution, low cost/high potential impact
How are we vulnerable?
   Globalization of infrastructures = vulnerability
   Anonymous access to infrastructures via the Internet
    and SCADA
   Interdependencies of systems make attack
    consequences harder to predict and more severe
   Malicious software is widely available and does not
    require a high degree of technical skill to use
   More individuals with malicious intent on Internet
   New cyber threats outpace defensive measures
Vulnerability Types
   Computer based
     – Poor passwords
     – Lack of appropriate protection/or improperly configured
        protection
   Network based
     – Unprotected or unnecessary open entry points
   Personnel based
     – Temporary/staff firings
     – Disgruntled personnel
     – Lack of training
   Facility based
     – Servers in unprotected areas
     – Inadequate security policies
Al-Qaeda

Al-Qaeda laptop found in Afghanistan contained:
 Hits on web sites that contained “Sabotage
   Handbook”
 Handbook – Internet tools, planning a hit, anti-
   surveillance methods, “cracking” tools
 Al-Qaeda actively researched publicly
   available information concerning critical
   infrastructures posted on web sites
 Terrorist Internet
      Exploits
What are we up
  against?
Terrorist Groups
Terrorists
Attention must be paid to studying the terrorists:

   – Ideology

   – History

   – Motivation

   – Capabilities
Terrorists
   Terrorism is carried out by disrupting activities,
    undermining confidence, and creating fear
   In the future, cyber terrorism may become a viable
    option to traditional physical acts of violence due to:
     – Perceived anonymity
     – Diverse targets
     – Low risk of detection
     – Low risk of personnel injury
     – Low investment
     – Operate from nearly any location
     – Few resources are needed
Terrorist Use of the Internet

     Hacktivism

   Cyber Facilitated Terrorism


   Cyber terrorism
Cyber Arsenal for Terrorists
Internet newsgroups, web home pages, and IRC channels include:
     – Automated attack tools (Software Tools)
        • Sniffers (capture information i.e. password/log-on)
        • Rootkits (facilitate/mask intrusion)
        • Network Vulnerability Analyzers (SATAN/Nessus)
        • Spoofing
        • Trojan Horses
        • Worms
        • DoS
Cyber Attack Methodology
   Resource Denial
     – Virus/malicious code
     – “Legitimate” traffic overwhelms site
       (unauthorized high-volume links)
     – DoS
     – DDoS
   WWW Defacement
     – Defacement to embarrass
     – Content modification to convey message
     – Content modification as component of
       disinformation campaign
Computer System Compromises
   System Compromise
     – Data destruction
     – Data modification
     – Information gathering
     – Compromised platform :
        • Launch pad for attacks
        • Jump off point for other compromises
   Target Research and Acquisition
     – Internet makes significant amounts of data
       instantly and anonymously accessible.
Hacktivism

 Hacktivism is hacking with a cause and is
 concerned with influencing opinions on a
 specific issue.

 Example: ELF hacks into the web page of a
 local ski resort and defaces the web page.
 This is done to reflect the groups objections
 to environmental issues.
Hacktivism
                         Smithsonian
                       Mental Institution
 Electronic
 Disturbance Theater
Cyber Facilitated Terrorism
  Terrorists utilize web sites to actively recruit
members and publicize propaganda as well as to raise
funds

 Web sites also contain information necessary to
construct weapons, obtain false identification

 Use Internet as a communications tool via chat rooms,
BBS, email

  Hijackers utilized cyber cafés to communicate via
Internet and order airline tickets
                                                       6. Feroz Abbasi
                    4. Zacarias      5. Richard Reid
                    Moussaoui




3. Kamel Daoudi
                                                                    7. Nizar Tribelsi
                        1. Finsbury Park Mosque,
                           North London




                                                                   8. Abu Hamza
 2. Djamel Beghal                 9. Abu Qatada
Kamel Daoudi –
Believed to be Al-Qaeda Cyber
Terrorist. Arrested for alleged
involvement in plot to bomb
American Embassy in Paris
Cyberterrorism

Cyberterrorism is a criminal act perpetrated by the
  use of computers and telecommunications
  capabilities, resulting in violence, destruction and/or
  disruption of services to create fear by causing
  confusion and uncertainty within a given population,
  with the goal of influencing a government or
  population to conform to a particular political, social,
  or ideological agenda.
The Cyberterrorist Threat

Assessing the threat


Behavioral Profile            Technical Feasibility
                     THREAT



              Operational Practicality
Cost & Means of Attack
  Cost of Capability




        Availability of Capability


1945     1955            1960    1970   1975    1985        Today




                                      Cruise Missile Precision
                                                               Computer
 Invasion    Strategic       Missiles                 Guided
              Nuclear
             Weapons
                           ICBM & SLBM               Munitions
Tactics and Strategy

Prevention and
 cooperation
    FBI Cyber Transformation
   Terrorism and Cyber Crime – top priorities
 FBI recruitment of engineers and computer
scientists – critical skills
 Increasing agents dedicated to cyber crime

 Creation of Cyber Task Forces in field offices
              USA Patriot Act


 Felony to hack into computer used in
furtherance of national security or national
defense
 2702 Emergency Requests

 Legal Subpoena expanded

 Sentencing increased
               USA Patriot Act
                   cont’d
 Share with DOJ for criminal prosecution
 Permits “roving”    surveillance
 FISA orders for intelligence allowed if
there is a significant reason for application
rather than the reason
 Authorizes pen register and trap and
trace orders for email as well as telephone
conversations
International Investigations

Cyber Evidence in USA
MLAT Request

Joint FBI-Foreign Police
 Investigation
Legal Subpoena
Cyber Terrorism Prevention – Old
Methods for New Problem
   Liaison
    Critical Infrastructure Companies, i.e. FBI InfraGard
    Internet Service Providers
    Universities
    Internet Cafes
    Hacker clubs
    IT companies, developers
    International, local law enforcement
   Look – on the Internet
   Coordinate - national security, terrorist personnel
Conclusion

   Our national security, databases, and economy
    are extremely dependent upon automation
   Therefore, there exists a “target rich
    environment” for those who would do harm via
    the Internet
   Our critical infrastructures require joint
    private/public efforts to protect them
Robert Flaim
1-571-223-3338
rflaim@fbi.gov

								
To top