There has been a rash of audacious cyber-attacks against large consumer websites and critical infrastructure assets of various countries. In this talk we will look at the technical weaknesses that made these possible and what really happened in these cases.
When we understand the realities behind the hype of main stream media we can truly begin to understand the challenges in securing computing infrastructure whether it is for large consumer websites (Sony) or a defence contractor (Lockheed Martin) or an actual nuclear processing plant in Iran.
Those who attend will learn what really happened in the some of the most audacious cyber-attacks and what does it mean for anyone who is tasked with protecting computing assets.
2. Why discuss the recent attacks? It is always good to discuss because To get an idea who is vulnerable and how they are getting attacked and why. Because you might not realize this but there are people out to Steal your confidential information. Maybe for sharing with Wikileaks Teach you a lesson for some absurd reason Use you as a pivot to reach some other network.
3. List of Attacks Lets look at recent and devastating attacks Sownage The online hacking of user data on Sony websites Stuxnet A high-tech computer worm written for MS Windows and specific Siemens software RSA SecureID Most popular 2-factor authentication mechanism
4. Attack number 1 - Sownage Sony Playstation Network and others SQL Injection By Lulzsec Data Theft, Loss of Face, Network went down for over a month
5. Attack number 2 - Stuxnet Against Iran's nuclear enrichment plant - Natanz Computer worm with 6 0days in Windows for a specific hardware PLC Unknown, Some experts believe this kind of sophisticated attack can only be executed by State actors like Israel and the US Actual physical hardware damaged. Allegedly program stalled for over 8 months
6. Attack number 3 – RSA SecureID Against Lockheed Martin / RSA APT, an email sent to finance team with infected excel file. Unknown Hackers Source Code Theft, Loss of face and confidence, Paying customer at risk because RSA kept denying this
7. Why Pick These Three? Three different types of targets Sony PSN is a consumer giant with about 100 million user accounts. Iran’s nuclear enrichment plants are critical infrastructure of a sovereign nation. RSA Secure ID is the market leader for security authentication products.
8. What was the motive ? Attackers were after different things in all attacks Case 1 - Embarrass the company, make fun of its lack of security. Steal user info for profit. Case 2 -Take out the nuclear enrichment plant for delay and strategic damage without an actual physical attack Case 3 - Steal the code, algorithm and then go after customers who are vulnerable
9. How did they do it? SQL Injection is the most common flaw in web applications. The worm was programmed to copy using USB sticks taking care of Airgaps!Difficult part is to make sure infected USB is used in the network. Infected file sent to accounts department. From there locate server with source code.
10. Were these preventable? Sownage SQL Injection is the 1st flaw mentioned in OWASP TOP 10 critical flaws. Stuxnet Allowing USB flash drives in such a critical network place is an indicator of bad physical security. RSA Secure ID A Host Based Intrusion Prevention Software on the version control server, maybe!
11. So what happens next? Cyber warfare is just another word for taking over computing infrastructure, accessing confidential data and using it when it makes sense strategically. Sometimes in the fog of (cyber) war, the enemy might seem like a bunch of 15 year olds learning to hack against your servers but it is possible that they are being controlled by someone else
12. Why talk about warfare with you? You all know that space is where the next race for fuels is going to happen. Some countries realize that dominating the cyber space of another country now will help them gain competitive advantage later These recent cyber attacks allow us to realize Lot of our infrastructure is vulnerable While attribution is difficult, understanding that we might already be under attack is important.
13. Questions? Any questions Akash Mahajan ( google me) Web Security Consultant, null Founderand BLR Chapter Lead (http://null.co.in) Twitter - @makash Website - http://akashm.com Presentations - http://www.slideshare.net/akashm @makash | akashm.com - That Web Application Security Guy