SlideShare ist ein Scribd-Unternehmen logo

Asymmetric warfare and interception revealed through digital attacks

Fabio Ghioni
Fabio Ghioni

This document discusses asymmetric warfare and interception techniques revealed on the internet. It includes presentations by Fabio Ghioni and Roberto Preatoni on topics like parametric and injected interception, trojans, and their potential uses in investigative procedures and sensored networks. Cyber attacks related to geopolitical issues are also abstracted based on Zone-H's experience monitoring the internet.

Technologie
1 von 42
Downloaden Sie, um offline zu lesen
Asymmetric warfare and interception revealed www.zone-h.org the Internet thermometer
THE LECTURERS Fabio Ghioni Roberto Preatoni www.zone-h.org the Internet thermometer
Why Zone-H ? SQL Database HTTP Firewall request YOU! (cleartext or SSL) Web Web app Serv Web DB Web er app Web Client app DB Web •Apache app •IIS HTTP reply •Netscape (HTML, Javascript, Plugins: Database •Perl connection: VBscript, Mail •C/C++ •ADO, etc) Serv •JSP, etc •ODBC, etc. er www.zone-h.org the Internet thermometer
D i g i t a l a t t a c k s a m o u n t s i n c e 2 0 0 2 30000 25273 25000 20000 16393 16724 16924 17329 15638 14575 15000 12739 9884 10000 5279 5000 3652 3907 3468 4175 1 6 0 0 1811 2341 D i g i t a l a t t a c k s a m o u n t 0 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2003- 2003- 2003- 2003- 2003- 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 D a t e In 2004 35.000+ / months www.zone-h.org the Internet thermometer
Internet today INTERNET TODAY 40 millions of servers MOBILE CELLPHONES TODAY APPROAX 1 BILLION www.zone-.org the Internet thermometer
Internet today MOBILE CELLPHONES + INTERNET TODAY CONVERTED INTO 3G / 4G = EXTREME PAIN www.zone-.org the Internet thermometer
3g exploitable points - Protocol - Telco network component - OS - User application level - SIM / USIM toolkit application level www.zone-.org the Internet thermometer
About terrorism TERRORISM ? www.zone-.org the Internet thermometer
Asymmetric warfare WHAT IS IT? “threats outside the range of conventional warfare and difficult to respond to in kind “ U.S. Dictionary of Military Terms WHEN IS IT USED? “If the enemy is superior in strenght, evade him. If his forces are united, separate them. Attack him where he is unprepared; appear where you are not expected.” Sun Tzu www.zone-h.org the Internet thermometer
Asymmetric warfare and infowar Asymmetric Warfare (AW) “Battlefield” where small groups of individuals can produce massive damage with minimum effort and risk from virtually anywhere in the world. Information Operations (IO) Hit the adversary’s information and IT systems and simultaneously defend one’s own information and IT systems. Information Warfare (IW) Information Operations conducted in moments of crisis or conflict, aimed at reaching or promoting given objectives towards given adversaries. www.zone-h.org the Internet thermometer
ICT WARFARE “It’s the best strategy for an asymmetric conflict” •Distributed attacks, high anonimity •Possibility to use the same enemy’s infrastructures •Low cost of technology implementation and R&D •Wide range of critical infrastructures to be attacked •Possibility to carry out unconventional activities •Direct contact with the enemy’s command and www.zone-h.org control center at the highest ranks the Internet thermometer
Future conflicts dimensions Dirty war Systemic war The heritage: mechanical war PeaceWar ICT War www.zone-.org the Internet thermometer
Future conflicts dimensions low Technology high Forte Dirty war Systemic war Power Mechanical war War and ICT War Peace www.zone-.org Debole the Internet thermometer
About terrorism Usage of different conflict unconventional tipologies to defy an enemy with a superior warfare capability -“Traditional terrorism” - Use of chemical/nuclear/biological weapons - Attack to the ICT infrastructures critical to the economy and national security ICT war targets against e-nations -Economy -Public service infrastructures -Military and civil defense Multiplier of the above www.zone-.org the Internet thermometer
Sensored networks and critical infrastructure protection - National security - Asymmetric warfare and infowar - Defence and uses in state of war www.zone-h.org the Internet thermometer
National security Protection of public & private critical ICT infrastructures Reporting e support for analysts Support Defense Intelligence Offensive & employee infiltration capabilities State of alert & automatic activation of defense systems conceived for the protection of strategic national & economic infrastructures Enemy analysis, counterattack, elaboration & implementation of offensive strategies Counterespionage www.zone-h.org the Internet thermometer
National Security & Critical Infrastructure Protection COMPUTER National Critical Infrastructure TELECOMMUNICATIONS Public Health and Safety ELECTRIC POWER Emergency Services Water Supply and Sewage Transports Other Government Operations Military Command and Control Systems Mass media Energy, Oil and Gas Control Banking and Financing Activities Industrial Production www.zone-h.org the Internet thermometer
The beginning of data interception used to solve terrorism cases www.zone-h.org the Internet thermometer
Parametric interception Probe radius Listening #1 Pop ISP #1 Radius Listening #2 Probe #1 Backbone ISP Listening #3 Pop ISP #2 Listening #4 Probe #2 Mediation server Parametric www.zone-h.org (storage and forwarding) rules the Internet thermometer configurator
Parametric interception - Uses and abuses - Technology involved - Reliability - Usability in investigative procedure - Legal uses in court cases and judicial use - Basic architecture in asymmetric and symmetric deployment (same nation state standpoint) - Real cases www.zone-h.org the Internet thermometer
Digimetric interception Digimetric vs. Parametric - What it is - Uses and abuses - Distributed use on asymmetric and symmetric sensored networks Return-path: <fabio@xxxxxxxxx.com> Received: from mail.boot.it (unverified [127.0.0.1]) by boot.it (Rockliffe SMTPRA 6.1.16) with ESMTP id <B0002856784@localhost> for <roberto@boot.it>; Fri, 17 Sep 2004 10:43:28 +0200 Date: Fri, 17 Sep 2004 10:42:58 +0200 From: Fabio xxxxxxxxx <fabio@xxxxxxxx.com> MIME-Version: 1.0 To: roberto preatoni <roberto@boot.it> Subject: [Fwd: R: R: report] Mailer: Mozilla 4.75 [en] (Win95; U) Content-Type: multipart/mixed; www.zone-h.org the Internet thermometer
The process of updating investigative procedure based on interception from voice to data: technological aspects and examples of judicial aspects www.zone-h.org the Internet thermometer
Injected interception -Parametric & direct interception are passive instruments that have limits & don’t allow for the analysis of encrypted communications.  Instruments that guarantee privacy protection and/or anonimity are widely available & easy to use eg. Instant Messaging on SSL; VoIP solutions protected by AeS (eg. SKYPE); there are also systems that allow anonymous file exchange (MUTE) o messaging (Freenet or Entropy).  - Basic technology - When to use it - Usability in investigative procedure - Can it be detected? - Real cases www.zone-h.org the Internet thermometer
Injected interception revealed Intervene on the source What are the advantages?  The possibility of having direct access to all the data that the target computer accesses, independent of the means of data transport (physical of telematic).  The possibility of tracing the target’s IP address directly or by reverse connection techniques. What type of data can be accessed?  Complete access to all protected data sent on network channels  All data that DON’T normally transit on the network (USB keys, CDRoms, etc.).  Access to crypto instruments and keys that allow to decipher the relevant data  Direct access to encrypted physical disks or logical volumes  Audio/Video interception, if a microphone and/or webcam are present on the pc  Ie. SUB7 trojan www.zone-h.org the Internet thermometer
When to Use Injected Interception  When the subject is able to protect its communications  When a constant & punctual monitoring of a subject’s activity is necessary  When it isn’t physically possible to do environmental interception with traditional methods  When the subject has an elevated mobility (e.g. notebook)  When it’s not physically possible to access the target’s resources www.zone-h.org the Internet thermometer
Usability in Investigative Procedures Forensics know that guaranteeing that all confiscated media & data remain unmodified at the time of analysis, is of paramount importance. Controversy: - inserting an external injected agent, modifies the media both physically & logically with its Install function - who inputs the surveillance SW has the same privileges as the monitored subject www.zone-h.org the Internet thermometer
Privacy vs. Security Formal procedures for requesting the interception; Univocal agents, guaranteed by digital signatures & encrypted time stamping; Non repudiable auditing of the operations that are managed manually or automatically by the agent; Possibility of recreating the agent’s assembly process from the source code to the generation of the univocal executable. www.zone-h.org the Internet thermometer
Can the Agent be Uncovered? It depends on the motivation & the know-how used in the attack and the defence. In general, an agent can be discovered if the network to which the target pc connected is correctly monitored Therefore, the greatest effort must be funneled into reaching an extremely high technical complexity in the functions of:  Hiding  Camouflage  Autodestruct  Non-reverse trace back www.zone-h.org the Internet thermometer
Virus Technology at the Service of Justice: an Overview How do you inject an agent into the interested party’s computer? The means are many but the ways to be considered are principally: Technology Social Engineering Separately or in tandem www.zone-h.org the Internet thermometer
Trojans - Usability in investigative procedures - Potentiality in sensored networks - Trojan planning and development - Real cases - Usability of Trojans in Investigative Procedures www.zone-h.org the Internet thermometer
Potentiality in Sensored Networks • Integration with parametric interception infrastructure • Anonymity of Agent Communication through destination IP spoofing (e.g. Mailing of a letter to a nonexistent address. If we control the central post office exchange, we will be able to intercept and retrieve the letter and any other mail sent to the fictitious address.) www.zone-h.org the Internet thermometer
Trojan planning and development • A lot of trojans are available on the net • Many trojan coders privately sell releases of their trojans that are not detectable by antivirus programs for less than 100-200 USD • Trojans available on the Internet are not a good choice because: • They are undetectable by antivirus programs but are detectable by humans • Made by script kiddies (no design, bad source code) • Not so paranoid • No encrypted communication • No polymorphic self-encryption • No self-destruction capabilities • Not written for usage in formal investigative procedures • Trojans used for intelligence must be written, tested and approved with a formal development approach. • Real cases www.zone-h.org the Internet thermometer
Cyber attacks : an abstract built on Zone-H's experience www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
CYBER-ATTACKS ARE CONVENIENT BECAUSE: • Lack of IT laws • Lack of L.E. international cooperation • ISPs are non-transparent (privacy law) CYBER-ATTACKS ARE CONVENIENT BECAUSE: • General lack of security • No need to protest on streets • No direct confrontation with L.E. CYBER-ATTACKS WILL NEVER STOP BECAUSE: • Inherent slowness of the Institutions • The Internet is getting more complicated • Software producers are facing a market challenge www.zone-h.org the Internet thermometer
THE NEW EXPRESSIONS OF THE ASYMMETRIC CYBERWAR COMMAND & CONTROL INFORMATION GATHERING ON ENEMY’S TARGETS MEDIA MANAGEMENT PROPAGANDA DIFFUSION “TAX FREE” MONEY RAISING & LAUNDERING www.zone-h.org the Internet thermometer
www.zone-h.org the Internet thermometer

Empfohlen

4. martin lewerth, niclas ekdahl anytime, anywhere
4. martin lewerth, niclas ekdahl anytime, anywhere4. martin lewerth, niclas ekdahl anytime, anywhere
4. martin lewerth, niclas ekdahl anytime, anywhereModern Times Group MTG AB
 
Asymmetric warfare
Asymmetric warfareAsymmetric warfare
Asymmetric warfareTeeranan
 
Defining asymmetric warfare
Defining asymmetric warfareDefining asymmetric warfare
Defining asymmetric warfareLex Pit
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
 
Effects Based Operations A Guide For Practitioners
Effects Based Operations A Guide For PractitionersEffects Based Operations A Guide For Practitioners
Effects Based Operations A Guide For PractitionersDouglas Webster
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...IBMGovernmentCA
 
Clausewitz and terrorism
Clausewitz and terrorismClausewitz and terrorism
Clausewitz and terrorismJon Nakapalau, CHSO, CPO
 
Effect based operation
Effect based operationEffect based operation
Effect based operationWahid haque
 

Empfohlen

4. martin lewerth, niclas ekdahl anytime, anywhere
4. martin lewerth, niclas ekdahl anytime, anywhere4. martin lewerth, niclas ekdahl anytime, anywhere
4. martin lewerth, niclas ekdahl anytime, anywhereModern Times Group MTG AB
 
Asymmetric warfare
Asymmetric warfareAsymmetric warfare
Asymmetric warfareTeeranan
 
Defining asymmetric warfare
Defining asymmetric warfareDefining asymmetric warfare
Defining asymmetric warfareLex Pit
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
 
Effects Based Operations A Guide For Practitioners
Effects Based Operations A Guide For PractitionersEffects Based Operations A Guide For Practitioners
Effects Based Operations A Guide For PractitionersDouglas Webster
 
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...
Social Networks the Next Emerging Spectrum in Asymmetric Warfare and Counter ...IBMGovernmentCA
 
Clausewitz and terrorism
Clausewitz and terrorismClausewitz and terrorism
Clausewitz and terrorismJon Nakapalau, CHSO, CPO
 
Effect based operation
Effect based operationEffect based operation
Effect based operationWahid haque
 
4GW
4GW4GW
4GWJanos Tomolya
 
Social media for the Military
Social media for the MilitarySocial media for the Military
Social media for the MilitaryUlrich Janßen
 
Warfare
WarfareWarfare
WarfareUsman Arshad
 
Government and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use StudyGovernment and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use StudyNativa
 
Transnational crime
Transnational crimeTransnational crime
Transnational crimeJon Nakapalau, CHSO, CPO
 
Military Operations and Social Media
Military Operations and Social MediaMilitary Operations and Social Media
Military Operations and Social MediaInfo Ops HQ
 
Indian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity ConflictsIndian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity ConflictsNilendra Kumar
 
Transnational Organized Crime
Transnational Organized CrimeTransnational Organized Crime
Transnational Organized CrimeWorldFuture2015
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
 
Causes of war
Causes of warCauses of war
Causes of warandeedalal
 
Army Social Media Presentation
Army Social Media PresentationArmy Social Media Presentation
Army Social Media PresentationDepartment of Defense
 
Organized Crime
Organized CrimeOrganized Crime
Organized Crimeguest278081
 
National Security College 29 August 2013
National Security College 29 August 2013National Security College 29 August 2013
National Security College 29 August 2013Bob Crawshaw
 
Dr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_securityDr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_securitypromediakw
 
Breaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile AdvertisingBreaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile AdvertisingNarseo Rodriguez
 
CDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard TruthCDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard TruthCDNetworks
 
GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012Moullet
 
CloudCon2012 Ruo Ando
CloudCon2012 Ruo AndoCloudCon2012 Ruo Ando
CloudCon2012 Ruo AndoRuo Ando
 
Multi-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, AkamaiMulti-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, AkamaiVerimatrix
 
Juniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press ConferenceJuniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press ConferenceJuniper Networks
 
The Next Five Years
The Next Five YearsThe Next Five Years
The Next Five YearsCisco Canada
 
Bridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal PartnersBridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal PartnersSafe Software
 

Weitere ähnliche Inhalte

Andere mochten auch

Social media for the Military
Social media for the MilitarySocial media for the Military
Social media for the MilitaryUlrich Janßen
 
Government and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use StudyGovernment and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use StudyNativa
 
Military Operations and Social Media
Military Operations and Social MediaMilitary Operations and Social Media
Military Operations and Social MediaInfo Ops HQ
 
Indian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity ConflictsIndian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity ConflictsNilendra Kumar
 
Transnational Organized Crime
Transnational Organized CrimeTransnational Organized Crime
Transnational Organized CrimeWorldFuture2015
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
 
National Security College 29 August 2013
National Security College 29 August 2013National Security College 29 August 2013
National Security College 29 August 2013Bob Crawshaw
 
Dr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_securityDr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_securitypromediakw
 

Andere mochten auch (14)

4GW
4GW4GW
4GW
 
Social media for the Military
Social media for the MilitarySocial media for the Military
Social media for the Military
 
Warfare
WarfareWarfare
Warfare
 
Government and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use StudyGovernment and Social Media Military Facebook Use Study
Government and Social Media Military Facebook Use Study
 
Transnational crime
Transnational crimeTransnational crime
Transnational crime
 
Military Operations and Social Media
Military Operations and Social MediaMilitary Operations and Social Media
Military Operations and Social Media
 
Indian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity ConflictsIndian Armed Forces Perspective in the Background of Low Intensity Conflicts
Indian Armed Forces Perspective in the Background of Low Intensity Conflicts
 
Transnational Organized Crime
Transnational Organized CrimeTransnational Organized Crime
Transnational Organized Crime
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
 
Causes of war
Causes of warCauses of war
Causes of war
 
Army Social Media Presentation
Army Social Media PresentationArmy Social Media Presentation
Army Social Media Presentation
 
Organized Crime
Organized CrimeOrganized Crime
Organized Crime
 
National Security College 29 August 2013
National Security College 29 August 2013National Security College 29 August 2013
National Security College 29 August 2013
 
Dr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_securityDr. Saleh Al - Najem - Social Media Ananlytics for national_security
Dr. Saleh Al - Najem - Social Media Ananlytics for national_security
 

Ähnlich wie Asymmetric warfare and interception revealed through digital attacks

Breaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile AdvertisingBreaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile AdvertisingNarseo Rodriguez
 
CDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard TruthCDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard TruthCDNetworks
 
GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012Moullet
 
CloudCon2012 Ruo Ando
CloudCon2012 Ruo AndoCloudCon2012 Ruo Ando
CloudCon2012 Ruo AndoRuo Ando
 
Multi-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, AkamaiMulti-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, AkamaiVerimatrix
 
Juniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press ConferenceJuniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press ConferenceJuniper Networks
 
The Next Five Years
The Next Five YearsThe Next Five Years
The Next Five YearsCisco Canada
 
Bridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal PartnersBridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal PartnersSafe Software
 
High Performance Distribution for Harvard Video, Mobile and the Gazette
High Performance Distribution for Harvard Video, Mobile and the GazetteHigh Performance Distribution for Harvard Video, Mobile and the Gazette
High Performance Distribution for Harvard Video, Mobile and the GazetteChris Traganos
 
Fast Track - Windows 8 Apps
Fast Track - Windows 8 AppsFast Track - Windows 8 Apps
Fast Track - Windows 8 AppsAnkit Kashyap
 
Html5 web sockets - Brad Drysdale - London Web 2011-10-20
Html5 web sockets - Brad Drysdale - London Web 2011-10-20Html5 web sockets - Brad Drysdale - London Web 2011-10-20
Html5 web sockets - Brad Drysdale - London Web 2011-10-20Nathan O'Hanlon
 
RedisConf18 - Application of Redis in IOT Edge Devices
RedisConf18 - Application of Redis in IOT Edge DevicesRedisConf18 - Application of Redis in IOT Edge Devices
RedisConf18 - Application of Redis in IOT Edge DevicesRedis Labs
 
Introduction to Android by Demian Neidetcher
Introduction to Android by Demian NeidetcherIntroduction to Android by Demian Neidetcher
Introduction to Android by Demian NeidetcherMatthew McCullough
 
Visualizing IoT: Rapid Business Data Discovery for the Internet of Things
Visualizing IoT: Rapid Business Data Discovery for the Internet of ThingsVisualizing IoT: Rapid Business Data Discovery for the Internet of Things
Visualizing IoT: Rapid Business Data Discovery for the Internet of ThingsMia Yuan Cao
 
Quelle stratégie pour EMC en 2015 ? Repensons l'IT
Quelle stratégie pour EMC en 2015 ? Repensons l'ITQuelle stratégie pour EMC en 2015 ? Repensons l'IT
Quelle stratégie pour EMC en 2015 ? Repensons l'ITRSD
 
Connected devices microsoft
Connected devices microsoftConnected devices microsoft
Connected devices microsoftArif Shafique
 
Freedom of Movement for redisconf19
Freedom of Movement for redisconf19Freedom of Movement for redisconf19
Freedom of Movement for redisconf19Richard Leddy
 
C# Client to Cloud
C# Client to CloudC# Client to Cloud
C# Client to CloudStuart Lodge
 
Viatun presentation2.2.3
Viatun presentation2.2.3Viatun presentation2.2.3
Viatun presentation2.2.3Ernest Shakarov
 
The Megasite: Infrastructure for Internet Scale
The Megasite: Infrastructure for Internet ScaleThe Megasite: Infrastructure for Internet Scale
The Megasite: Infrastructure for Internet Scalegoodfriday
 

Ähnlich wie Asymmetric warfare and interception revealed through digital attacks (20)

Breaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile AdvertisingBreaking for commercials: Characterizing Mobile Advertising
Breaking for commercials: Characterizing Mobile Advertising
 
CDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard TruthCDNetworks Reaching China with Your Website and Brand - The Hard Truth
CDNetworks Reaching China with Your Website and Brand - The Hard Truth
 
GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012GeoAdmin API & Open*, 2012
GeoAdmin API & Open*, 2012
 
CloudCon2012 Ruo Ando
CloudCon2012 Ruo AndoCloudCon2012 Ruo Ando
CloudCon2012 Ruo Ando
 
Multi-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, AkamaiMulti-network Solutions in the Real World: NAB 2012, Will Law, Akamai
Multi-network Solutions in the Real World: NAB 2012, Will Law, Akamai
 
Juniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press ConferenceJuniper "New Network" Launch Press Conference
Juniper "New Network" Launch Press Conference
 
The Next Five Years
The Next Five YearsThe Next Five Years
The Next Five Years
 
Bridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal PartnersBridging the Gap Between Unequal Partners
Bridging the Gap Between Unequal Partners
 
High Performance Distribution for Harvard Video, Mobile and the Gazette
High Performance Distribution for Harvard Video, Mobile and the GazetteHigh Performance Distribution for Harvard Video, Mobile and the Gazette
High Performance Distribution for Harvard Video, Mobile and the Gazette
 
Fast Track - Windows 8 Apps
Fast Track - Windows 8 AppsFast Track - Windows 8 Apps
Fast Track - Windows 8 Apps
 
Html5 web sockets - Brad Drysdale - London Web 2011-10-20
Html5 web sockets - Brad Drysdale - London Web 2011-10-20Html5 web sockets - Brad Drysdale - London Web 2011-10-20
Html5 web sockets - Brad Drysdale - London Web 2011-10-20
 
RedisConf18 - Application of Redis in IOT Edge Devices
RedisConf18 - Application of Redis in IOT Edge DevicesRedisConf18 - Application of Redis in IOT Edge Devices
RedisConf18 - Application of Redis in IOT Edge Devices
 
Introduction to Android by Demian Neidetcher
Introduction to Android by Demian NeidetcherIntroduction to Android by Demian Neidetcher
Introduction to Android by Demian Neidetcher
 
Visualizing IoT: Rapid Business Data Discovery for the Internet of Things
Visualizing IoT: Rapid Business Data Discovery for the Internet of ThingsVisualizing IoT: Rapid Business Data Discovery for the Internet of Things
Visualizing IoT: Rapid Business Data Discovery for the Internet of Things
 
Quelle stratégie pour EMC en 2015 ? Repensons l'IT
Quelle stratégie pour EMC en 2015 ? Repensons l'ITQuelle stratégie pour EMC en 2015 ? Repensons l'IT
Quelle stratégie pour EMC en 2015 ? Repensons l'IT
 
Connected devices microsoft
Connected devices microsoftConnected devices microsoft
Connected devices microsoft
 
Freedom of Movement for redisconf19
Freedom of Movement for redisconf19Freedom of Movement for redisconf19
Freedom of Movement for redisconf19
 
C# Client to Cloud
C# Client to CloudC# Client to Cloud
C# Client to Cloud
 
Viatun presentation2.2.3
Viatun presentation2.2.3Viatun presentation2.2.3
Viatun presentation2.2.3
 
The Megasite: Infrastructure for Internet Scale
The Megasite: Infrastructure for Internet ScaleThe Megasite: Infrastructure for Internet Scale
The Megasite: Infrastructure for Internet Scale
 

Mehr von Fabio Ghioni

Fabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni
 
Fabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni
 
Fabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni
 
Fabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni
 
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni
 
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Fabio Ghioni
 
Fabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni
 

Mehr von Fabio Ghioni (8)

Fabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private Investigation
 
Fabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista Andromeda
 
Fabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private Investigations
 
Fabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona Emanazione
 
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
 
Fabio Ghioni
Fabio GhioniFabio Ghioni
Fabio Ghioni
 
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
 
Fabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest Brother
 

Kürzlich hochgeladen

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

Asymmetric warfare and interception revealed through digital attacks

  • 1. Asymmetric warfare and interception revealed www.zone-h.org the Internet thermometer
  • 2. THE LECTURERS Fabio Ghioni Roberto Preatoni www.zone-h.org the Internet thermometer
  • 3. Why Zone-H ? SQL Database HTTP Firewall request YOU! (cleartext or SSL) Web Web app Serv Web DB Web er app Web Client app DB Web •Apache app •IIS HTTP reply •Netscape (HTML, Javascript, Plugins: Database •Perl connection: VBscript, Mail •C/C++ •ADO, etc) Serv •JSP, etc •ODBC, etc. er www.zone-h.org the Internet thermometer
  • 4. D i g i t a l a t t a c k s a m o u n t s i n c e 2 0 0 2 30000 25273 25000 20000 16393 16724 16924 17329 15638 14575 15000 12739 9884 10000 5279 5000 3652 3907 3468 4175 1 6 0 0 1811 2341 D i g i t a l a t t a c k s a m o u n t 0 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2002- 2003- 2003- 2003- 2003- 2003- 01 02 03 04 05 06 07 08 09 10 11 12 01 02 03 04 05 D a t e In 2004 35.000+ / months www.zone-h.org the Internet thermometer
  • 5. Internet today INTERNET TODAY 40 millions of servers MOBILE CELLPHONES TODAY APPROAX 1 BILLION www.zone-.org the Internet thermometer
  • 6. Internet today MOBILE CELLPHONES + INTERNET TODAY CONVERTED INTO 3G / 4G = EXTREME PAIN www.zone-.org the Internet thermometer
  • 7. 3g exploitable points - Protocol - Telco network component - OS - User application level - SIM / USIM toolkit application level www.zone-.org the Internet thermometer
  • 8. About terrorism TERRORISM ? www.zone-.org the Internet thermometer
  • 9. Asymmetric warfare WHAT IS IT? “threats outside the range of conventional warfare and difficult to respond to in kind “ U.S. Dictionary of Military Terms WHEN IS IT USED? “If the enemy is superior in strenght, evade him. If his forces are united, separate them. Attack him where he is unprepared; appear where you are not expected.” Sun Tzu www.zone-h.org the Internet thermometer
  • 10. Asymmetric warfare and infowar Asymmetric Warfare (AW) “Battlefield” where small groups of individuals can produce massive damage with minimum effort and risk from virtually anywhere in the world. Information Operations (IO) Hit the adversary’s information and IT systems and simultaneously defend one’s own information and IT systems. Information Warfare (IW) Information Operations conducted in moments of crisis or conflict, aimed at reaching or promoting given objectives towards given adversaries. www.zone-h.org the Internet thermometer
  • 11. ICT WARFARE “It’s the best strategy for an asymmetric conflict” •Distributed attacks, high anonimity •Possibility to use the same enemy’s infrastructures •Low cost of technology implementation and R&D •Wide range of critical infrastructures to be attacked •Possibility to carry out unconventional activities •Direct contact with the enemy’s command and www.zone-h.org control center at the highest ranks the Internet thermometer
  • 12. Future conflicts dimensions Dirty war Systemic war The heritage: mechanical war PeaceWar ICT War www.zone-.org the Internet thermometer
  • 13. Future conflicts dimensions low Technology high Forte Dirty war Systemic war Power Mechanical war War and ICT War Peace www.zone-.org Debole the Internet thermometer
  • 14. About terrorism Usage of different conflict unconventional tipologies to defy an enemy with a superior warfare capability -“Traditional terrorism” - Use of chemical/nuclear/biological weapons - Attack to the ICT infrastructures critical to the economy and national security ICT war targets against e-nations -Economy -Public service infrastructures -Military and civil defense Multiplier of the above www.zone-.org the Internet thermometer
  • 15. Sensored networks and critical infrastructure protection - National security - Asymmetric warfare and infowar - Defence and uses in state of war www.zone-h.org the Internet thermometer
  • 16. National security Protection of public & private critical ICT infrastructures Reporting e support for analysts Support Defense Intelligence Offensive & employee infiltration capabilities State of alert & automatic activation of defense systems conceived for the protection of strategic national & economic infrastructures Enemy analysis, counterattack, elaboration & implementation of offensive strategies Counterespionage www.zone-h.org the Internet thermometer
  • 17. National Security & Critical Infrastructure Protection COMPUTER National Critical Infrastructure TELECOMMUNICATIONS Public Health and Safety ELECTRIC POWER Emergency Services Water Supply and Sewage Transports Other Government Operations Military Command and Control Systems Mass media Energy, Oil and Gas Control Banking and Financing Activities Industrial Production www.zone-h.org the Internet thermometer
  • 18. The beginning of data interception used to solve terrorism cases www.zone-h.org the Internet thermometer
  • 19. Parametric interception Probe radius Listening #1 Pop ISP #1 Radius Listening #2 Probe #1 Backbone ISP Listening #3 Pop ISP #2 Listening #4 Probe #2 Mediation server Parametric www.zone-h.org (storage and forwarding) rules the Internet thermometer configurator
  • 20. Parametric interception - Uses and abuses - Technology involved - Reliability - Usability in investigative procedure - Legal uses in court cases and judicial use - Basic architecture in asymmetric and symmetric deployment (same nation state standpoint) - Real cases www.zone-h.org the Internet thermometer
  • 21. Digimetric interception Digimetric vs. Parametric - What it is - Uses and abuses - Distributed use on asymmetric and symmetric sensored networks Return-path: <fabio@xxxxxxxxx.com> Received: from mail.boot.it (unverified [127.0.0.1]) by boot.it (Rockliffe SMTPRA 6.1.16) with ESMTP id <B0002856784@localhost> for <roberto@boot.it>; Fri, 17 Sep 2004 10:43:28 +0200 Date: Fri, 17 Sep 2004 10:42:58 +0200 From: Fabio xxxxxxxxx <fabio@xxxxxxxx.com> MIME-Version: 1.0 To: roberto preatoni <roberto@boot.it> Subject: [Fwd: R: R: report] Mailer: Mozilla 4.75 [en] (Win95; U) Content-Type: multipart/mixed; www.zone-h.org the Internet thermometer
  • 22. The process of updating investigative procedure based on interception from voice to data: technological aspects and examples of judicial aspects www.zone-h.org the Internet thermometer
  • 23. Injected interception -Parametric & direct interception are passive instruments that have limits & don’t allow for the analysis of encrypted communications.  Instruments that guarantee privacy protection and/or anonimity are widely available & easy to use eg. Instant Messaging on SSL; VoIP solutions protected by AeS (eg. SKYPE); there are also systems that allow anonymous file exchange (MUTE) o messaging (Freenet or Entropy).  - Basic technology - When to use it - Usability in investigative procedure - Can it be detected? - Real cases www.zone-h.org the Internet thermometer
  • 24. Injected interception revealed Intervene on the source What are the advantages?  The possibility of having direct access to all the data that the target computer accesses, independent of the means of data transport (physical of telematic).  The possibility of tracing the target’s IP address directly or by reverse connection techniques. What type of data can be accessed?  Complete access to all protected data sent on network channels  All data that DON’T normally transit on the network (USB keys, CDRoms, etc.).  Access to crypto instruments and keys that allow to decipher the relevant data  Direct access to encrypted physical disks or logical volumes  Audio/Video interception, if a microphone and/or webcam are present on the pc  Ie. SUB7 trojan www.zone-h.org the Internet thermometer
  • 25. When to Use Injected Interception  When the subject is able to protect its communications  When a constant & punctual monitoring of a subject’s activity is necessary  When it isn’t physically possible to do environmental interception with traditional methods  When the subject has an elevated mobility (e.g. notebook)  When it’s not physically possible to access the target’s resources www.zone-h.org the Internet thermometer
  • 26. Usability in Investigative Procedures Forensics know that guaranteeing that all confiscated media & data remain unmodified at the time of analysis, is of paramount importance. Controversy: - inserting an external injected agent, modifies the media both physically & logically with its Install function - who inputs the surveillance SW has the same privileges as the monitored subject www.zone-h.org the Internet thermometer
  • 27. Privacy vs. Security Formal procedures for requesting the interception; Univocal agents, guaranteed by digital signatures & encrypted time stamping; Non repudiable auditing of the operations that are managed manually or automatically by the agent; Possibility of recreating the agent’s assembly process from the source code to the generation of the univocal executable. www.zone-h.org the Internet thermometer
  • 28. Can the Agent be Uncovered? It depends on the motivation & the know-how used in the attack and the defence. In general, an agent can be discovered if the network to which the target pc connected is correctly monitored Therefore, the greatest effort must be funneled into reaching an extremely high technical complexity in the functions of:  Hiding  Camouflage  Autodestruct  Non-reverse trace back www.zone-h.org the Internet thermometer
  • 29. Virus Technology at the Service of Justice: an Overview How do you inject an agent into the interested party’s computer? The means are many but the ways to be considered are principally: Technology Social Engineering Separately or in tandem www.zone-h.org the Internet thermometer
  • 30. Trojans - Usability in investigative procedures - Potentiality in sensored networks - Trojan planning and development - Real cases - Usability of Trojans in Investigative Procedures www.zone-h.org the Internet thermometer
  • 31. Potentiality in Sensored Networks • Integration with parametric interception infrastructure • Anonymity of Agent Communication through destination IP spoofing (e.g. Mailing of a letter to a nonexistent address. If we control the central post office exchange, we will be able to intercept and retrieve the letter and any other mail sent to the fictitious address.) www.zone-h.org the Internet thermometer
  • 32. Trojan planning and development • A lot of trojans are available on the net • Many trojan coders privately sell releases of their trojans that are not detectable by antivirus programs for less than 100-200 USD • Trojans available on the Internet are not a good choice because: • They are undetectable by antivirus programs but are detectable by humans • Made by script kiddies (no design, bad source code) • Not so paranoid • No encrypted communication • No polymorphic self-encryption • No self-destruction capabilities • Not written for usage in formal investigative procedures • Trojans used for intelligence must be written, tested and approved with a formal development approach. • Real cases www.zone-h.org the Internet thermometer
  • 33. Cyber attacks : an abstract built on Zone-H's experience www.zone-h.org the Internet thermometer
  • 34. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 35. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 36. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 37. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 38. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 39. CYBERFIGHTS Kashmir related Iraq war related Code red release related Palestine-Israel related No-Global related www.zone-h.org the Internet thermometer
  • 40. CYBER-ATTACKS ARE CONVENIENT BECAUSE: • Lack of IT laws • Lack of L.E. international cooperation • ISPs are non-transparent (privacy law) CYBER-ATTACKS ARE CONVENIENT BECAUSE: • General lack of security • No need to protest on streets • No direct confrontation with L.E. CYBER-ATTACKS WILL NEVER STOP BECAUSE: • Inherent slowness of the Institutions • The Internet is getting more complicated • Software producers are facing a market challenge www.zone-h.org the Internet thermometer
  • 41. THE NEW EXPRESSIONS OF THE ASYMMETRIC CYBERWAR COMMAND & CONTROL INFORMATION GATHERING ON ENEMY’S TARGETS MEDIA MANAGEMENT PROPAGANDA DIFFUSION “TAX FREE” MONEY RAISING & LAUNDERING www.zone-h.org the Internet thermometer
  • 42. www.zone-h.org the Internet thermometer