The Rapid Evolution of Information Security: A Game of Spy vs Spy

1. The Rapid Evolution of Information Security: A Game of Spy vs Spy John A. Copeland Weitnaur Chair Professor, Georgia Institute of Technology

2. 1960's -Computers come into widespread use in government and companies. Attacks The "Logic Bomb" - program installed by computer technician that would wipe out memory after a time period (if not reset). This may be retaliation for a firing. In one case the culprit called the company and said he heard about their disaster, and said that fortunately he had backup tapes at home that he would sell (he went to prison). Defenses Better off-site data backup systems. 2

3. 1970's -Computers became accessible from remote terminals. Attacks (Insiders only, or Burglars) Guess other user's passwords, or write "Trojan Horse" programs for others to use which would write passwords and other information into the hacker's file. Defense Better passwords (educate users - still an ongoing battle today). Trojan Horse programs are still a problem today. Only install programs from trusted sources. Government "Trusted Computers" check permissions on every read and write. 3

4. 1980's -Computers became accessible from telephone voice lines by using a modem. "Bulletin Board" servers downloaded files, mostly text files for printout. Attacks Demon Dialers - rapidly dialed telephone numbers in sequence to find lines with a modem. Then password guessing, if a password was even needed. Defenses Better passwords and challenge-response 1983, Teen hacks into US Air Defense Command computer WOPR, and almost starts World War 3 . authentication. [RSA dongles provide one-time passwords, but their basic code was stolen by hackers in 2010]. 4

5. Thanks to the movies, computer hacking (breaking in) becomes a sport for high-school age males. They can find "exploit" programs on the Internet from "hacker" Bulletin Boards, and instructions on how to use them. Many of these young men claim they are doing good by exposing weak security in corporate and government computers. They do damage, even without meaning too by deleting files and crashing mainframes. 1982, Computer innards portrayed as a virtual world where protagonists compete. Who writes the exploit programs? Could it be professional hackers who want the network noise to cover their own tracks? 5

6. 1990's - The World Wide Web is born. Web servers, which work with Web Browses using the HTTP protocol and HTML formatted pages, download all manner of files: email, images, articles. Spread of Sapphire virus, after 38 minutes. Attacks Download executable files, that install root kits and back doors. "Viruses" (computer programs that replicate and spread) have different payloads. Defenses Anti-virus software. Updates continually coming more often and becoming larger. More frequent OS patches. 6

7. Early 2000's - The Decade of the Worm. In Nov. 1988, the Morris "Worm" (a Virus that spreads through network connections) spread through email servers. Not intended to be malicious, it infected servers multiple times, crashing the Internet email service. In 2001, the "Anna Kournikova" spreads as an email attachment ("click here"). "Code Red" attacks 360,000 PC's over the Internet. The infected number doubled every 37 minutes. The Sapphire worm later spread 100 times faster, Code Red spread infecting almost every computer that was susceptible worldwide within 10 minutes. In 2004, the "Witty" worm is targeted at certain network security products: ISS "Black Ice" and "Real Secure." Every available system worldwide was infected within 45 minutes. 7

8. Late 2000's - The Worm Evolves into the "Bot" (for Robot). A Botnet is a sparse network of compromised computers. They communicate with only a few other members to hide the "Command and Control" points. These could be Web servers whose URL belongs to the Bot Master. The Bot Master can provide services such as Spam mailing, phishing email, flood Denial of Service attacks (for extortion or damage to competitors). Botnets are usually controlled by criminal organizations (e.g., Russian Mafia). In Nov. 2008, the "Conficker" bot infected over 10 million computers. It could send over 10 billion spam emails a day. 8

9. 2010's - Wireless Networks are Everywhere Cell phones will become the primary access to the Internet (shopping and banking), and a way to access short-range networks like point-of-sale payment systems and auto access. Wireless Networks have a checkered history. Early AMPS cell phones were cloned. WiFi cryptographic methods WEP and WPA were broken very quickly. Attacks - All previous, and spoofing. Defense - Using network characteristics to "fingerprint" wireless nodes to detect intruders. R. A. Beyah -"The Case for Ubiquitous Intrusion Detection Systems" 9

10. Stuxnet - The first computer worm aimed at destroying specific physical facilities (Iran's uranium purifying centrifuges). The attacker is unknown, though widely believed to be the U.S., Israel, Germany, or a combination. Stuxnet spread around the world before being detected. It did no harm except to a specific combination of Siemens equipment found only in Iran. It contained four previously unknown (Day-0) vulnerabilities in Windows worth $250,000 each on the hacker market. Defense against new bots with Day-0 exploits: none. 10

11. Cyber War The commercial Internet in Estonia was disrupted for several days by Russian hackers unhappy because a WW2 monument was moved. Thousands of computers in South Korea were destroyed in what was thought to be a test by North Korea. The U.S. government has developed thresholds for a Cyber Attack that would warrant a counter Cyber-War attack, or a conventional military response. Defense: None, not even MAD. BW, July 25, 2011 11