BA 572 - J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.
CyberTerrorism - A case study for Emergency Management
-
Upload
ricardo-reis -
Category
Technology
-
view
5.419 -
download
1
description
Transcript of CyberTerrorism - A case study for Emergency Management
CyberterrorismA case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo
Presentation Developed By:
Ricardo A. Reis
[email protected]@gmail.com
CCO, Federal University of São Paulo
For use by:
The International Consortiumfor Organization Resilience
(ICOR)
Prepare, Plan and Stay in Business
Cyberterrorism
Cyber Terrorism is defined as:
“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”
by Kevin G. Coleman of the Technolytics Institute
CyberterrorismPrepare, Plan and Stay in Business
Emergency management is defined as:
“Comprehensive system of policies, practices, and procedures designed to protect people and property from the effects of emergencies or disasters.”
Extension Disaster Education Network (EDEN)
CyberterrorismPrepare, Plan and Stay in Business
EMERGENCY MANAGEMENT
LIFE CYCLE
1 - PREVENTION/MITIGATION
2 - PREPAREDNESS
3 - RESPONSE
4 - RECOVERY
CyberterrorismPrepare, Plan and Stay in Business
Case Study
Botnet’s is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. They run on groups of zombie computers controlled remotely. This term can also refer to the network of computers using distributed computing software.
From Wikipedia, the free encyclopedia
CyberterrorismPrepare, Plan and Stay in Business
Case Study
"A botnet is comparable to compulsory military service for windows boxes"
Stromberg, http://www.honeynet.org/papers/bots/
CyberterrorismPrepare, Plan and Stay in Business
Cyberterrorism & Botnet's
Distributed Denial-of-Service Attacks Spamming Sniffing Traffic Keylogging Spreading new malware Installing Advertisement Addons Browser Helper Objects (BHOs) Google AdSense abuse Attacking IRC Chat Networks Mass identity theft
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
"We have seen offers that will allow a customer to send a million emails for under $100," Henry says. "If you send more than 10 million, the price drops to under $80 per million. There's a price war going on, and Nugache is becoming the bargain basement."
CyberterrorismPrepare, Plan and Stay in Business
PREVENTION/MITIGATION
Compliance with Security Standards ISO 27001/27002 Think in Business Continuity and IT Infrastructure Recovery Make a Computer Security Incident Response Team Monitor IT Infrastructure
Internet Bandwidth DNS Services WEB Services EMAIL Services
Pre-Contact with external agency Upstream ISP Regional Computer Security Incident Response Team
(CSIRT)
CyberterrorismPrepare, Plan and Stay in Business
PREPAREDNESS
Development and practice of multi-agency coordination and incident command
Development and practice Incident Response Plan
CyberterrorismPrepare, Plan and Stay in Business
RESPONSE
Established Incident Command Notify CSIRT Active Incident Response Plan Never use 100% of your CSIRT Team Don't stop Triage Process Communicate Major Events
CyberterrorismPrepare, Plan and Stay in Business
RECOVERY
If necessary active Business Recovery Plan Document the Major Event Communicate the end of Major Events Update all Plans
CyberterrorismPrepare, Plan and Stay in Business
A SIMULATED ?
Distributed Denied of Service Attack
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
!!! REAL LIFE !!!
Distributed Denied of Service Attack
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismPrepare, Plan and Stay in Business
The main targets have been the websites of:
· the Estonian presidency and its parliament
· almost all of the country's government ministries
· political parties
· three of the country's six big news organisations
· two of the biggest banks; and firms specializing in communications
CyberterrorismPrepare, Plan and Stay in Business
NUMBER’S
Attacks Destination Address or owner
35 “195.80.105.107/32″ pol.ee
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/32″ www.riik.ee, www.peaminister.ee, www.valitsus.ee
2 “195.80.124.53/32″ m53.envir.ee
2 “213.184.49.171/32″ www.sm.ee
6 “213.184.49.194/32″ www.agri.ee
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee (Ministry of Finance)
1 “62.65.192.24/32″
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
CyberterrorismPrepare, Plan and Stay in Business
Attacks Date
21 2007-05-03
17 2007-05-04
31 2007-05-08
58 2007-05-09
1 2007-05-11
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
CyberterrorismPrepare, Plan and Stay in Business
Attacks Date
17 less than 1 minute
78 1 min - 1 hour
16 1 hour - 5 hours
8 5 hours to 9 hours
7 10 hours or more
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
CyberterrorismPrepare, Plan and Stay in Business
Attacks Bandwidth measured
42 Less than 10 Mbps
52 10 Mbps - 30 Mbps
22 30 Mbps - 70 Mbps
12 70 Mbps - 95 Mbps
http://asert.arbornetworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/
CyberterrorismPrepare, Plan and Stay in Business
BOTNET’S Command and Control
CyberterrorismPrepare, Plan and Stay in Business
Shadow SERVER Project
CyberterrorismPrepare, Plan and Stay in Business
Shadow SERVER Project
PREVENTION/MITIGATION ( AGAIN !!!!!! )
Compliance with Security Standards ISO 27001/27002 ( Protect your infrastructure and other Companies ) Make a Computer Security Incident Response Team ( Your First Response Team)
Pre-Contact with external agency Upstream ISP Regional (CSIRT)
CyberterrorismPrepare, Plan and Stay in Business
Questions ?
CyberterrorismPrepare, Plan and Stay in Business
CyberterrorismA case study for Emergency Management
Ricardo A. Reis, Security Officer
&
Hospital São Paulo