Malicious code as weapon
1 / 26

Malicious Code as Weapon - PowerPoint PPT Presentation

  • Uploaded on

Malicious Code as Weapon. Reading. Required: Government-built malware and cyber weapons will run out of control, Recommended:

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Malicious Code as Weapon' - bree

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript


  • Required:

    • Government-built malware and cyber weapons will run out of control,

  • Recommended:

    • Ukrainian computer systems attacked by sophisticated malware with "Russian roots,” Homeland Security News Wire, March 10, 2014,

    • NSA planted sleeper malware in 50,000 computer networks, Homeland Security News Wire, Dec. 11, 2013,

CSCE 522 - Farkas

Information warfare offense
Information Warfare Offense

Which of these offensive IW operations are impacted by malware?

  • Open sources

  • Psyops and perception management

  • Seizing the signals

  • Computer break-ins and hacking

  • Masquerade

CSCE 522 - Farkas

Aim of malware
Aim of Malware

  • Multiple possibilities:

    • Unauthorized access

    • Unauthorized modification

    • Unavailability of resource for authorized users

    • False authorization

    • Fake non-repudiation

CSCE 522 - Farkas

State level activities
State-level Activities

  • Disruption of the opponent’s services

    • All aspects of malware aims

  • Information gathering

    • Unauthorized disclosure and false authentication

  • Perception management

    • Data leakage, false information, psychological effects

CSCE 522 - Farkas

Cyber warfare
Cyber Warfare

“Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption”

R.A. Clarke, Cyber War

CSCE 522 - Farkas

High valued targets
High-Valued Targets

National Defense components

Supporting industry

Critical infrastructure

Exploitation: individual system vulnerability + connectivity

CSCE 522 - Farkas

Societal impact
Societal Impact

Safety of citizens

Stability of government

COL Thomas Goss, chief of the command’s Strategic Initiatives Group:“While technology plays an important role in the cyberspace domain, it is not technology that will win on the 21st century’s cyber battlefields […] Time after time, in operations and in exercises, it is the people that will make the difference.”

CSCE 522 - Farkas

Usa cyber capabilities
USA Cyber Capabilities

  • 2009: President Obama

    • Declared America’s digital infrastructure to be a “strategic national asset”

  • 2010:  establishment of U.S. Cyber Command (USCYBERCOM)

    • defending American military networks

    • conduct full spectrum military cyberspace operations

CSCE 522 - Farkas

Major players
Major Players

  • At least 140 countries are developing cyber weapons

    • USA

    • Russian Federation

    • People’s Republic of China

    • Others: Germany, India, Iran, South Korea, UK, etc.

CSCE 522 - Farkas

What is a cyber weapon
What is a Cyber Weapon?

There is no formal and legal definition

DoD The Dictionary of Military and Associated Terms: no definition for cyber weapon

Nonlethal weapon: “A weapon that is explicitly designed and primarily employed so as to incapacitate personnel or materiel, while minimizing fatalities, permanent injury to personnel, and undesired damage to property and the environment.” Also called NLW.Source: JP 3-28

CSCE 52”2 - Farkas

Cyber weapon
Cyber Weapon

  • Stefano Mele, Italian Lawyer:

    “A cyber weapon is [an] appliance, device or any set of computer instructions designed to unlawfully damage a computer or telecommunications system having the nature of critical infrastructure, its information, data or programs contained therein or pertaining there to, or to facilitate the interruption, total or partial, or alteration of its operation.”

  • Other definition: “An appliance, device or any set of computer instructions designed to offend the person through cyberspace.”

CSCE 522 - Farkas

Impact of no definition
Impact of No Definition

Impossible to distinguish a cyber weapon and its proper use

Impossible to evaluate the legal and political responsibility of the aggressor and the real level of threat

CSCE 522 - Farkas

Development of cyber weapon
Development of Cyber Weapon

  • Cost effective

  • Origin of the attack not obvious

  • Easy to hide the development

  • Complements traditional military strikes:

    • Destroy enemy defense infrastructures

    • Probe the technological capabilities of the enemy

CSCE 522 - Farkas

Iw attacks against usa
IW Attacks against USA

  • Titan Rain (2003-on): form China

    • Target: US military intel

    • Sensitive military networks (Lockheed Martin and Sandia) infiltrated by hackers

  • Moonlight Maze (1998-2000): from Russia

    • Target: Military maps and schematics, U.S. troop configurations

    • Hacked computers at Pentagon, NASA, the Department of Energy and even from universities and research labs

CSCE 522 - Farkas

Iw attacks against usa1
IW Attacks against USA

  • China's "750,000 American zombies“ (2007)

    • Target: U.S. computer networks, all levels

  • "The Most Serious Breach“ (2007) from ?

    • Target: U.S. military computer network

    • A corrupt flash drive. Inserted into a military laptop

CSCE 522 - Farkas

Iw attacks against russia
IW Attacks against Russia

  • The Original Logic Bomb (1982): From USA

    • Target: Siberian gas pipeline in Soviet Russia

    • CIA’s "logic bomb" caused a Soviet gas pipeline in Siberia to explode

CSCE 522 - Farkas

Iw attacks against estonia
IW Attacks against Estonia

  • The Estonian Cyberwar (2007), The Nashi, a pro-Kremlin youth group in Transnistria

    • Target: Estonia

    • Took down key government websites, news sites and generally flooded the Estonian network to a point that it was useless

  • Other targets of Russia: Georgia, Azerbaijani

CSCE 522 - Farkas

Iw attack against iran
IW Attack against Iran

  • Stuxnet (2010): suspected from USA, Israel

    • Target: nuclear facility in Natan

    • Destroyed nuclear centrifuges and threw back the Iranian atomic program by 2 years

CSCE 522 - Farkas

Warfare or espionage
Warfare or Espionage

  • Motivation for “warfare”

    • National attention

    • Additional defense funding

    • Justify government control of cyber space

CSCE 522 - Farkas

New use of malware
New Use of Malware

  • Espionage – old story

  • DOS attacks using spyware

    • Application-level vulnerability combined with malware exploitation

    • E.g., SQL Injection (gain control)  malware (run functions to exhaust resources)

CSCE 522 - Farkas

Malware dos attacks
Malware DOS Attacks

Buffer overflows

Raise unexpected exceptions

Create race conditions

SQL Injection  recursive CPU-intensive queries

Overly-complex regular expressions within search queries

Excessively large files uploaded to the server


CSCE 522 - Farkas

How about twitter
How about Twitter?

  • Is it only a “tool of the self-absorbed”?

  • Real time reporting service

    • 2008: Mumbai terrorist attack

    • 2009: Iranian protest against President Ahmadinejad’s reelection

  • Distribute attack information

    • Link to attack tools

    • Link to target identity

CSCE 522 - Farkas

Twitter as perception management
Twitter as Perception Management

  • 2009: Israeli military attack on the Gaza

    • Large number of civilian casualties

    • International criticism of Israel

  • Israeli Air Force counteractions on YouTube and Twitter:

    • Showed Hamas using civilians as cover

    • Downloaded sensor imagery onto YouTube

    • Tweets warned of rocket attacks

    • '' blog was used to gain public support


CSCE 522 - Farkas

Twitter tunisian revolution
Twitter Tunisian Revolution

  • 2010-2011: Tunisian revolution (Jasmine Revolution)

    • Intensive campaign of civil resistance

    • Ousting of longtime President Zine El Abidine Ben Ali in January 2011

      What are the positive and negative aspects of social media wrt. Social movements?

CSCE 522 - Farkas

Next class
Next Class

Computer Break-ins

CSCE 522 - Farkas