1 / 0

Cyber Terrorism & Hacktivism

Keren Elazari, TAU, 17 May 2012. Cyber Terrorism & Hacktivism. Agenda . Introduction Cyber Threat Landscape Basic Terminology, Why distinguish threats Cyber Terrorism & Hacktvism Comparative Analysis Framework Norms & Thresholds - The future?. About Keren.

heller
Download Presentation

Cyber Terrorism & Hacktivism

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keren Elazari, TAU, 17 May 2012

    Cyber Terrorism & Hacktivism

  2. Agenda Introduction Cyber Threat Landscape Basic Terminology, Why distinguish threats Cyber Terrorism & Hacktvism Comparative Analysis Framework Norms & Thresholds - The future?
  3. About Keren 10+ years in cyber security, CISSP June 2012 : Teaching Fellow – Security at Singularity University Speaker at security conferences, including: Y2Hack, Y2Hack04 & ILHack09 in Tel Aviv Keynote - ITBN 2007 Security Day, Budapest Co-Chair IDC Herzelya Cyber Terrorism Workshop Keynote NATO International Conference on Cyber Conflict, June 2011 Technical workshop at NATO CyCon , June 2012
  4. Cyber “Personae Dramatis” Cyber Crime Cyber Terrorism Cyber Warfare Cyber Espionage ? Cyber Conflict ? Cyber Terrorism Cyber Warfare 1998, Center for Strategic and International Studies (Washington, D.C.)
  5. Common view of cyber threats Cyber Warfare Cyber Crime Cyber Terrorism
  6. State Sponsored Cyber Terrorism using Cyber crime tools Criminal activity in cyber space Hacktivism Espionage
  7. Web War one? Estonia in 2007 April 27th, 2007 - preparations to remove Bronze Soldier in Talinn, World War 2 monument to Russian soldiers. Russian forums publishing tools to carry out DDoS and defacement attacks on gov sites : Estonian President, Prime Minister, Parliament April 30th, coordinated attack including DDoS - attacks used Botnets from all around the world, and shifted on random intervals to make it difficult to defend against. May 3rd, the botnets began attacking private sites and servers. Banks in Estonia were shut down, as well as major news sites . May 9th - Climax of the attacks happens on, Russian anniversary of the end of World War 2
  8. Too Much Confusion 1998, Center for Strategic and International Studies (Washington, D.C.)
  9. Basic Terminology What is Cyber ?General electronic or computer-related prefix What is Terror? “violence deliberately used against civilians in order to achieve political goals”. What is Cyber Terrorism? “government agencies responsible for responding to cyber attacks have each created their own definitions.”
  10. Contended definitions & critics " One man's terrorist in another's freedom fighter“ D.Denning's "Activism, Hacktivism, and Cyberterrorism" International treaties and conventions "cyber terrorism“ = blowing things up remotely? ?? “Hacktivsm”= virtual graffiti/ vandalism? ???
  11. Denning’s Defintion “cyberterrorism, refers to the convergence of cyberspace and terrorism. It covers politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage. An example would be penetrating an air traffic control system and causing two planes to collide.
  12. Denning’s Defintion “Cyber terrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
  13. Denning – Cont. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear.”
  14. Wikipedia to the Rescue? Cyber terrorism : the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.
  15. Cyber Terrorism Vs Hacktivsm
  16. Common Asymmetric Advantages Little, or no expense Little, or no risk to perpetrator Few participants = big media impact Potential for damage to a nation’s resilience, stability and safety Non lethal attacks = less back lash
  17. Common Targets Network connected critical infrastructures (Brazil?) Disruption of ISP/CSP operational networks Civilian/commercial information systems – ELAL, Tel Aviv Stock Exchance Defacement of government/national web sites Publishing data from sensitive databases to cause embarrassment, confusion and panic “Saudi hacker 0xOmar”
  18. Cyber Terrorism & Global Hacktivism - examples
  19. Website Defacements
  20. Website Defacements Motivation
  21. Cyber Jihad In Numbers
  22. Cyber Jihad – Examples
  23. Turkish-Greek Hacktivsm
  24. Turkish-Greek Hacktivsm
  25. The Hacker Manifesto (1986) “I am a hacker, enter my world...” “rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out….” “This is our world now... the world of the electron and the switch, the beauty of the baud” Information wants to be free! Hack the planet! My crime is that of curiosity…
  26. Hackers - Defined?
  27. Infamous Hackers of the world Most-wanted computer criminal in the United States.Kevin Mitnik, arrested 1995 Solar Sunrise 1998 - the Analyzer hacks US DOD Y2Hack : Captain Crunch & Phreaks ( John Draper)
  28. Hacktivism - Anonymous! International groups of Hacktivists Started on 4chan & evolved to global scale Represents a new & chaotic internet force Targets: Epileptics, Scientologists, Pedophiles, PayPal, US GOV, IL GOV, HBGary, the Pope?
  29. Hacktivism - Anonymous! International groups of Hacktivists Started on 4chan & evolved to global scale Represents a new & chaotic internet force Targets: Epileptics, Scientologists, Pedophiles, PayPal, US GOV, IL GOV, HBGary, the Pope?
  30. WikiLeaks WikiLeaks founded 2006 by Julian Assange published secret and classified media from anonymous sources, leaks, whistleblowers 2010 : “Cable Gate”, Anonymous – “Operation PayBack”
  31. Anonymous
  32. #OpAntiSec
  33. Recent Anonymous operation …
  34. Anonymous Austria@MariaHilfer
  35. Anonymous Austria@MariaHilfer
  36. Anonymous in Museums & Bars?
  37. Tools of the Trade - DDoS Ping Flood, Ping of Death, EvilPing Winsmurf, QuickFire, Defend HTTP bomber 1.001b Mail Bomber Anonymous favorite – Low Orbit Ion Canon(LOIC) is an open source network stress testing and denial-of-service attack application, written in C#See Also :  JS LOIC, Low Orbit Web Cannon
  38. Cyber Threat Analysis Framework
  39. So what do we do? Know your Enemy - not just technically Attributionof Attack remains a key problem Intelligence , Investigation tools and models
  40. Why Distinguish Cyber Threats Mitigation – just block the IP range? Investigation Prosecution – Estonia & NATO for exmaple Attribution & Retribution - who do we target Deterrence?
  41. Attack Attribution - Who is behind the attacks? STUXNET DDoS via Botnet
  42. Parameters for Analysis Impact Ideology Technical threshold Participation threshold Operational threshold Visibility
  43. Parameters for Analysis Impact on civilians & collateral damage Ideological / Political motivation e.g.:Jihad, Green Hacktivism, White Supremacist , “LolzSec” etc Technical threshold : R&D, Complexity Participation threshold : entry price Operational threshold: Recon, Persistency, Evasion Public Aspect : Is Responsibility claimed?
  44. Parameters for Analysis Impact on civilians & collateral damage Terror according to ICT = ? Almost all Cyber Attacks harm “innocents” Unnecessary attack on civilian targets could be considered as war crime, when done by state
  45. Parameters - Continued Ideological / Political motivation: Jihad Green Hacktivism Neo Nazi/White Supremacist Hactivism Anonymous
  46. Parameters - Continued Participation threshold : entry price Easy as ping 1.2.3.4 –t –w = DDoS participation Can be done from anywhere in the world, anytime Compare with launching an APT or attack of CI: Hard : infiltrate & exploit ISP, Military or Civilian Critical Infrastructure may need inside access, Use unique targeting tools (e.g. for SCADA)
  47. Parameters - Continued Technical threshold : R&D, Complexity Use of Zero Day Exploits requires strong R&D base, funding For complex attacks (APT) in depth technical knowledge of the target is required
  48. Parameters - Continued Operational threshold: Reconnaissance phases Persistency Evasion techniques Post mortem and lesson learning
  49. Parameters - Continued Public Aspect : Is Responsibility claimed?
  50. More Comparison Parameters Perpetrated by Intended Target / Victim Goal of attack Consequence scope “Visibility” R&D Threshold : Required budget, tools and know how Goal of attack Participation in the attack
  51. Non Trivial Problems National security & Cyber Jihad Cyber Terrorism - Strategic or Tactical? Cyber crime and cyber terrorism together State sponsored cyber terrorism
  52. Future - Norms and thresholds Retribution threshold – what makes an attack revenge worthy? Who decides? Is Deterrence in cyberspace even possible? Cyber threats from Non-state actors – rules of engagement? Is a global Treaty, or Norm even possible?
  53. Legal/ Regulatory remedies? On the national scale: Criminal prosecution of attackers - according to various Computer Fraud and Abuse Act LEA need authority, know how , and tools to collect digital evidence and conduct investigation across country border Nation-wide regulation to protect Cis and CSPs Attacked organizations : sector specific regulation, e.g. Energy Sector, Finanical sector , mandated reporting to CERT/ISAC End users / Victims : increase “Cyber Hygene”
  54. Legal/ Regulatory remedies? International Treaties & Norms European Convention on Cyber Crime Legal framework for criminal law standards Cooperation framework for computer crime investigation Procedural framework for cross-country cease & investigate digital evidence (The future) conventions on cyber warfare?
  55. Cyber Terrorism – Bombs are next ? “At least for now, hijacked vehicles, truck bombs, and biological weapons seem to pose a greater threat than cyber terrorism. However, just as the events of September 11 caught us by surprise, so could a major cyber assault. We cannot afford to shrug off the threat.” Prof. Dorothy Denning, November 1, 2001
  56. Summary and conclusions The definition of Terror itself is contended The line between Cyber Terrorism and Hacktivism is blurry, grey and crossed often Analysis of each attack and incident ? A new breed of “Cyber analysts” is born
  57. Questions?
  58. Bibliography & Key sources Proceedings of the IDC Herzelya Cyber Terrorism Workshop , November 2010 Dorothy E. Denning,"Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, Georgetown University June 8, 2001 Trachtman, Joel P., 2004. ‘Global Cyberterrorism, Jurisdiction, and International Organization’, http://ssrn.com/abstract=566361.
More Related