Mapping connections between CyberCrime and CyberTerrorism groups.
Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.
Exploring the Future Potential of AI-Enabled Smartphone Processors
Cyber Terror ICT Conference
1. Iftach Ian Amit | November 2010
www.security-art.comAll rights reserved to Security Art ltd. 2002-2010
Cyber[Crime|Terror]
Links between crime and terror on the
cyber front: analysis and mitigation
strategies
Iftach Ian Amit
VP Business Development, Security Art
Board Member - CSA Israel
IL-CERT Dreamer
2. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
So, I heard that crime has
something to do with state?
You heard right...
3. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 3
4. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 4
5. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 5
Hungry yet?
That was just the appetizer...
6. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
6
CyberWar
“Cyberwarfare, is the use of
computers and the Internet in
conducting warfare in cyberspace.”
Wikipedia
7. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
7
It did not happen yet
Being an exceptionEstoniaGeorgiaTitan RainIndiaGoogleAdobe
8. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 8
Many faces of how CyberWar is
perceived...
From McAfee’s “Virtual Criminology Report 2009”
Image caption:
“countries developing advanced offensive cyber capabilities”
9. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 9
CyberWar - Attack
Highly selective targeting
of military (and critical)
resources
In conjunction with a
kinetic attack
OR
Massive DDOS in order to
“black-out” a region,
disrupt services, and/or
push political agenda
(propaganda)
10. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
10
CyberWar - Defense
• Never just military
• Targets will be civilian
• Physical and logical protections =
last survival act
• Availability and Integrity of
services
• Can manifest in the cost of
making services unavailable for
most civilians
11. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 11
CyberCrime
11
12. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 12
You want
money, you
gotta play like
the big boys
do...
13. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 13
CyberCrime -
Ammunition
=≈ APT
14. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 14
15. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
15
CyberCrime -
Defense• Anti [ Virus | Malware | Spyware | Rootkit |
Trojan ]
• Seriously?
• Firewalls / IDS / IPS
• Seriously?
• Brought to you by the numbers 80, 443,
53...
• SSL...
16. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 16
How do these
connect?
Claim: CyberCrime is being used to
conduct CyberWar/Terror
Proof: Let’s start with some history...
17. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 17
History - Revisited...
Israel
September 6th, 2007
Source:
http://en.wikipedia.org/wiki/Operation_
Orchard
Source: Der Spiegel
Operation Orchard
18. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 18
All attacks on targets
are Attributed to
Hacktivists
Israeli
Arabic
18
Cast-Led, 2nd Lebanon
war
19. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 19
Mid-east crime-war
links
ARHack
Hacker/Political forum by day
Cybercrime operations by night
20. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 20
Political post
Buying/Selling cards for 1/2 their balance
Selling 1600
visa cards
21. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 21
History - Revisited...
Iran
2009 Twitter DNS hack attributed to Iranian
activity.
Political connections are too obvious to ignore
(elections)
UN Council
Decisions
Protests by
leadership
opposition in Tehran
Timing was right on:
22. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 22
23. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
23
Iran-Twitter connecting dots
• Twitter taken down December 18th 2009
• Attack attributed eventually to a group
named “Iranian Cyber Army”
• Until December 2009 there was no
group known as “Iranian Cyber Army”...
• BUT - “Ashiyane” (Shiite group) is from
the same place as the “Iranian Cyber
Army”
24. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 24
25. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
25
Iran-Twitter -
Ashiyane
• Ashiyane was using the same pro-
Hezbolla messages that were used on
the Twitter attack with their own attacks
for some time...
• AND the “Iranian Cyber Army” is an
active group on the Ashiyane forums
www.ashiyane.com/forum
Let’s take a look at how Ashiyane operates...
26. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 26
On [Crime|Terror] training
Ashiyane forums
WarGames
26
27. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
2727
Wargames targets
includes:
28. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 28
Back to [Crime|Terror] Links:
What else happened on the 18th?
Additional targets - Baidu taken down
with the same MO (credentials)
29. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 29
Mapping Iran’s [Crime|Terror]
More recently:
Iranian Cyber Army expanding
into the “Crime” business
Along with the cybercrime
“honeypot” tactics…
30. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 30
Ashiyane
Iranian
Cyber Army
DDoS
Botnet
Herding
Site
Defacemen
t
Credit Card
Theft
Strategic
Attacks
Mapping Iran’s [Crime|Terror]
Iran
Iraq
US
$$ UK
US CN
Crime
War
31. Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 31
The Future (Ilustrated)
CLOUDS
32. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
32
Deterrence
Think: Article 5 for the Cyber Commons!
An attack agains one or more states, shall be
considered an attack against all member states,
who agree, to exercise their right to assist the
attacked party, including the right to use armed
forces.
NATO Article 5 - abridged
33. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
33
Attribution?
• Technical - not feasible
• Political - should be obvious
• Defending state?
• Should have the responsibility to
“clean up” its portion of the Cyber
Commons in order to enable a
sustainable economic and civil
environment.
34. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
34
Summary
Good Bad
Formal training on
cybersecurity by
nations
Commercial
development of
malware still reigns
Ugly
Good meet Bad: money changes hands,
less tracks to cover, criminal ops already
creating the weapons and are linked to
terrorist organizations...
35. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
35
Summary
The Future
Lack of legislation and cooperation on multi-national level
is creating de-facto “safe haven” for cybercrime. <- FIx
this! (see article 5 suggestions)
Treaties and anti-crime activities may prove to be
beneficial. <- nukes? (i.e. treaties...)
36. All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
36
Thanks!
www.security-art.com
iamit@security-art.com
twitter.com/iiamit
blog.security-art.com
Hinweis der Redaktion
Completely financially motivated
Read: no political affiliation, unless $$$
Highly connected
Transactions can be traced across organizations
Hierarchical in nature
Need to know basis, highly professional business units, many small profit centers
Highly connected and hierarchical
Highly sophisticated botnets
Usually rented by the hour/day for spamming or DDOS
Harvesting specific information (credit cards, financial data, personal information, emails, documents, applications, credentials, etc...)
Engulfed in fog... information & dis-information all over the place.
Events:
Cast Led and 2nd Lebanon war
kinetic and cyber links hard to find
Palestinian TV station hacked for propaganda
Maybe? - Syrian nuclear facility bombing in 2007 (no proof - no radar accountability of ANY aircraft in the area...)
An example of an organization that wears two hats:
Running “hacker” forum by day
Mostly tools, techniques, targets in the US, Israel and some Nordic states
Actively running cybercrime organization:
Carding, password theft and trade (major provider of hacked swiss/dutch/danish FTP sites to cybercrime groups)
At the Ashiyane forums, there’s an ongoing contest called “WarGames”:
Sites are being targeted, participants are called to attack them - SQL injections, data theft, defacement, anything goes...
Landscape highly unclear!
Where does that put “developing” nations
Africa? OLPC + zero enforcement of licensing = largest infected PC population in the world!
Arms race is on. Government/military commissioned attacks more likely, but mainly surgical strikes
No Cybergeddon for you so far (sorry CNN...)
Massive connectivity is still the WMD of CyberWar (and is a commodity)
No problem getting it from questionable “arms dealers” (bot herders) - just like we do now with conventional weapons....