Cyberwar Update2010

IT-Harvest Confidential

Cyberwar update. 2010

Richard StiennonChief Research AnalystIT-Harvest

Blog: ThreatChaos.com twitter.com/stiennon


Blog: www.ThreatChaos.com twitter.com/cyberwar


Threat hierarchy

• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation Increasing

Threat


Threat hierarchy is a time line!

• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation 1998199819981998

199920002004

2008


Sun Tzu on Spies

“Only a brilliant ruler or a wise general who can use the highly intelligent for espionage is sure of great success.”


Allen Dulles on Sun Tzu

“It is no wonder that Sun Tzu'sBook is a favorite of Mao Tse-Tung and is required reading For Chinese Communist tacticians”-A.W. Dulles, The Craft of Intelligence


A Chinese Communist Tactician

“Sun Tzu is a grand strategistwithout parallel in history”-Chai Yuqui, Nanjing Army Command Academy,Speaking at 6th annual international conference on Sun Tzu and the Art of War, 2004, Beijing


Chinese ThinkingWang Qingsong, Modern Military-Use High

Technology, 1993Zhu Youwen, Feng Yi,and Xu Dechi, Information War

Under High Tech Conditions1994Li Qingshan, New Military Revolution and High Tech

War, 1995Wang Pufeng, InformationWarfare and the

Revolution in Military Affairs, Beijing: 1995;Zhu Xiaoli and Zhao Xiaozhuo, The United States and

Russia in the New Military Revolution,1996;Li Qingshan, New Military Revolution and High Tech

War, 1995Dai Shenglong and Shen Fuzhen, Information

Warfare and Information Security Strategy, 1996

Shen Weiguang, On New War 1997


From Decoding the Virtual Dragon -Timothy Thomas

“Network confrontation technology—intercepting, utilizing, corrupting, and damaging the enemy’s information and using false information, viruses, and other means to sabotage normal information system functions through computer networks.” -General Xu Xiaoyan, the former head of the Communications Department of the Chinese General Staff. 2004


A prediction

“If Xu’s suggestions were accepted, then one might expect to see more active reconnaissance and intelligence activities on the part of the PLA(as seems to be occurring!)” That exclamation point is Thomas’s.


Shawn Carpenter uncovers Titan Rain

•An IP address that was attacking Lockheed Martin is recognized•Open back door leads to next hop of investigation•Critical documents belonging to Army Research, Nasa, and others•First military CI, then FBI involvment•Shawn loses his job and all his leads go cold


Ghost Net Report – March 2009

• 1,200 computers including ministry and NATO machines• Looking for attribution• Attacks on the office of the Dalai Lama• Joint Strike Fighter Breach April 21, 2009


Joint Strike Fighter


Dec. 17, 2009 - Drone transmissions in the clear

Predator

Beast of Kandahar


What is DDoS? Distributed Denial of Service

attack: Disabling or destroying an online resource through overwhelming it via too many requests.

Ping floodsGet FloodsSyn Floods


Crowd sourcing applied to DDoS

The Orange Revolution


Putin reacts

Nashi summer camp ‘07


Estonia April 27th, 2009


Cyber Defcon 1 Georgia: August 8, 2008


Three related attacks, April 2008• CNN• The Sports Network• SlideShare

– Take down requests– 5-10 password reset

requests/day– Irate call– DDoS


Twitter as tool of riot creationPost Iranian election Twitter was used to support

virtual riots via DDoS


Twitter escalation

Phase 1. Hacking instructions sites.

Phase 2. Links to pagereload.com

Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com


The good and the bad of social networks as attack vector

Good: Hard to sustainBad: Way too easy


Summer 2009 • US Gov sites and

S.Korean Sites• TCP SYN, UDP,

ICMP, Get floods• Malicious dropper• 200K bots

banking.nonghyup.comblog.naver.comebank.keb.co.krezbank.shinhan.comfinance.yahoo.commail.daum.netmail.naver.commail.paran.comtravel.state.govwww.ahnlab.comwww.altools.co.krwww.amazon.comwww.assembly.go.krwww.auction.co.krwww.chosun.comwww.defenselink.milwww.dhs.govwww.dot.govwww.egov.go.krwww.faa.govwww.ftc.govwww.hanabank.comwww.hannara.or.kr

www.ibk.co.krwww.kbstar.comwww.marketwatch.comwww.mnd.go.krwww.mofat.go.krwww.nasdaq.comwww.ncsc.go.krwww.nsa.govwww.nyse.comwww.president.go.krwww.site-by-site.comwww.state.govwww.usauctionslive.comwww.usbank.comwww.usfk.milwww.usps.govwww.ustreas.govwww.voa.govwww.voanews.comwww.washingtonpost.comwww.whitehouse.govwww.wooribank.comwww.yahoo.com


CYXYMU falls afoul of pro-Russian activists. August 2009FaceBook

Live Journal

Blogger.com

Twitter


Aurora: China vs Google• January 12, 2010 Google reveals successful

hack against their servers/data• 34 other organizations included in same

incident. Adobe, Lockheed Martin, and a law firm suing China.

• Zero day flaw in Internet Explorer is the weapon

• Spear phishing via IM is the delivery vehicle. • Shades of Haephrati, GhostNet, etc.


Parting thought:

History teaches that war begins when governments believe the price of aggression is cheap.

-Ronald Reagan


Blog: www.threatchaos.com

email: [email protected]

Twitter: twitter.com/cyberwar

http://www.threatchaos.com/

mailto:[email protected]

Cyberwar Update2010

Technology

Transcript of Cyberwar Update2010