Cyberterrorism.ppt by lovemacromastia


Cyber Division

Cyber Attacks:
The Next Frontier
Presented by SSA Robert Flaim
                         “The nation is vulnerable to new forms of terrorism
                          ranging from cyber attacks to attacks on military
                          bases abroad to ballistic missile attacks on U.S. cities.

                          “Wars in the 21st century will increasingly require all
                          elements of national power – not just the military. They
                          will require that economic, diplomatic, financial, law
                          enforcement and intelligence capabilities work

Secretary Rumsfeld address to the National Defense University, January 31, 2002.

 Critical Infrastructures

 Terrorist Internet Exploits

 Tactics and Strategy
Where the Crown
  Jewels Are
Imagine Planning for These Contingencies

                                     Telephone Outages
Power Outages
                                                                  World Trade Center

        Poisoned Water Supply

                                        Bridges Down                            Airliner Crash

                                Oklahoma City                ISPs All Offline

                                         Oil Refinery Fire              911 System Down

                Unrelated Events or Strategic Attack?
Using Our Systems Against Us
   Aircraft – Pentagon/Twin Towers

   Mail distribution network – Anthrax

   Computers – next step ?
Real World Example – Australia
Maroochy Shire Waste Water Plant – Sunshine
   – Insider
   – 46 intrusions over 2 month period
   – Release of sewage into parks, rivers
   – Environmental damage
Real World Example – USA 2001
San Francisco FBI Field Office Investigation
   – Internet probes from Saudi Arabia, Indonesia,
   – Casings of web sites regarding emergency telephone
     systems, electrical generation and transmissions,
     water storage and distribution, nuclear power plants
     and gas facilities
   – Exploring digital systems used to manage these
Why Cyber Attack on Critical
    National Security
    – Reduce the U.S.’s ability to protect its interests
    Public Psyche
    – Erode confidence in critical services and the government
    Economic impact
    – Damage economic systems
    Enhancement of Physical Attacks
    – Physical damage/distraction efforts
    Asymmetric Warfare
    – Lack of attribution, low cost/high potential impact
How are we vulnerable?
   Globalization of infrastructures = vulnerability
   Anonymous access to infrastructures via the Internet
    and SCADA
   Interdependencies of systems make attack
    consequences harder to predict and more severe
   Malicious software is widely available and does not
    require a high degree of technical skill to use
   More individuals with malicious intent on Internet
   New cyber threats outpace defensive measures
Vulnerability Types
   Computer based
     – Poor passwords
     – Lack of appropriate protection/or improperly configured
   Network based
     – Unprotected or unnecessary open entry points
   Personnel based
     – Temporary/staff firings
     – Disgruntled personnel
     – Lack of training
   Facility based
     – Servers in unprotected areas
     – Inadequate security policies

Al-Qaeda laptop found in Afghanistan contained:
 Hits on web sites that contained “Sabotage
 Handbook – Internet tools, planning a hit, anti-
   surveillance methods, “cracking” tools
 Al-Qaeda actively researched publicly
   available information concerning critical
   infrastructures posted on web sites
 Terrorist Internet
What are we up
Terrorist Groups
Attention must be paid to studying the terrorists:

   – Ideology

   – History

   – Motivation

   – Capabilities
   Terrorism is carried out by disrupting activities,
    undermining confidence, and creating fear
   In the future, cyber terrorism may become a viable
    option to traditional physical acts of violence due to:
     – Perceived anonymity
     – Diverse targets
     – Low risk of detection
     – Low risk of personnel injury
     – Low investment
     – Operate from nearly any location
     – Few resources are needed
Terrorist Use of the Internet

     Hacktivism

   Cyber Facilitated Terrorism

   Cyber terrorism
Cyber Arsenal for Terrorists
Internet newsgroups, web home pages, and IRC channels include:
     – Automated attack tools (Software Tools)
        • Sniffers (capture information i.e. password/log-on)
        • Rootkits (facilitate/mask intrusion)
        • Network Vulnerability Analyzers (SATAN/Nessus)
        • Spoofing
        • Trojan Horses
        • Worms
        • DoS
Cyber Attack Methodology
   Resource Denial
     – Virus/malicious code
     – “Legitimate” traffic overwhelms site
       (unauthorized high-volume links)
     – DoS
     – DDoS
   WWW Defacement
     – Defacement to embarrass
     – Content modification to convey message
     – Content modification as component of
       disinformation campaign
Computer System Compromises
   System Compromise
     – Data destruction
     – Data modification
     – Information gathering
     – Compromised platform :
        • Launch pad for attacks
        • Jump off point for other compromises
   Target Research and Acquisition
     – Internet makes significant amounts of data
       instantly and anonymously accessible.

 Hacktivism is hacking with a cause and is
 concerned with influencing opinions on a
 specific issue.

 Example: ELF hacks into the web page of a
 local ski resort and defaces the web page.
 This is done to reflect the groups objections
 to environmental issues.
                       Mental Institution
 Disturbance Theater
Cyber Facilitated Terrorism
  Terrorists utilize web sites to actively recruit
members and publicize propaganda as well as to raise

 Web sites also contain information necessary to
construct weapons, obtain false identification

 Use Internet as a communications tool via chat rooms,
BBS, email

  Hijackers utilized cyber cafés to communicate via
Internet and order airline tickets
                                                       6. Feroz Abbasi
                    4. Zacarias      5. Richard Reid

3. Kamel Daoudi
                                                                    7. Nizar Tribelsi
                        1. Finsbury Park Mosque,
                           North London

                                                                   8. Abu Hamza
 2. Djamel Beghal                 9. Abu Qatada
Kamel Daoudi –
Believed to be Al-Qaeda Cyber
Terrorist. Arrested for alleged
involvement in plot to bomb
American Embassy in Paris

Cyberterrorism is a criminal act perpetrated by the
  use of computers and telecommunications
  capabilities, resulting in violence, destruction and/or
  disruption of services to create fear by causing
  confusion and uncertainty within a given population,
  with the goal of influencing a government or
  population to conform to a particular political, social,
  or ideological agenda.
The Cyberterrorist Threat

Assessing the threat

Behavioral Profile            Technical Feasibility

              Operational Practicality
Cost & Means of Attack
  Cost of Capability

        Availability of Capability

1945     1955            1960    1970   1975    1985        Today

                                      Cruise Missile Precision
 Invasion    Strategic       Missiles                 Guided
                           ICBM & SLBM               Munitions
Tactics and Strategy

Prevention and
    FBI Cyber Transformation
   Terrorism and Cyber Crime – top priorities
 FBI recruitment of engineers and computer
scientists – critical skills
 Increasing agents dedicated to cyber crime

 Creation of Cyber Task Forces in field offices
              USA Patriot Act

 Felony to hack into computer used in
furtherance of national security or national
 2702 Emergency Requests

 Legal Subpoena expanded

 Sentencing increased
               USA Patriot Act
 Share with DOJ for criminal prosecution
 Permits “roving”    surveillance
 FISA orders for intelligence allowed if
there is a significant reason for application
rather than the reason
 Authorizes pen register and trap and
trace orders for email as well as telephone
International Investigations

Cyber Evidence in USA
MLAT Request

Joint FBI-Foreign Police
Legal Subpoena
Cyber Terrorism Prevention – Old
Methods for New Problem
   Liaison
    Critical Infrastructure Companies, i.e. FBI InfraGard
    Internet Service Providers
    Internet Cafes
    Hacker clubs
    IT companies, developers
    International, local law enforcement
   Look – on the Internet
   Coordinate - national security, terrorist personnel

   Our national security, databases, and economy
    are extremely dependent upon automation
   Therefore, there exists a “target rich
    environment” for those who would do harm via
    the Internet
   Our critical infrastructures require joint
    private/public efforts to protect them
Robert Flaim

To top