SlideShare ist ein Scribd-Unternehmen logo

2015_ICMSS_Institutional_Cybersecurity_s02

G
Government
1 von 6
Downloaden Sie, um offline zu lesen
2  Abstract— Enlargement of cyber space has increased the level and amount of cyber risk. Commensurate with the growing risk in Information Communication Technology (ICT), many countries have prepared their national cyber security strategies. The complexity in cyber attacks, cyber espionage activities have demonstrated that not only the national critical infrastructures are on the target, but also the institutions are. Having a national level cybersecurity strategy document could not prevent cyber attacks targeting institutions. Therefore, institutions should also have a robust cyber security strategy, roadmap and action plan in order to stand firmly against emerging cyber risks. It has become a real fact that protecting critical infrastructures and assets will be key issues that leaders should permanently take into account whether they are being a CEO of an organization or a general commanding a troop. From this point of view, we tried to shed light on some possible cyber risks that how cyber criminals can exploit. Via open source intelligence and social networks, employees, managers and even system administrators can be exposed to hacking and cyber intelligence activities. In this study, we have made a case study by using open source intelligence and social networks in order to emphasize and show how institutions are vulnerable to possible cyber attacks and cyber intelligence activities. Index Terms— Institutional Cybersecurity, Social Networks, Open Source Information Gathering Techniques, Metadata. I. INTRODUCTION he use of information communication technologies (ICT), ranging from merely a smart phone to national assets like critical infrastructures, have been increasing day by day around the world. Along with the widespread use of ICT, cyber risks have been rising in accordance. Reaching the 1 billion points in 2012, the global smart phone users are expected to reach 1.75 million in the current year. It is also Cpt. Muhammer Karaman, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398-0100/3504, İstanbul-Turkey, email: muammerkaraman29@gmail.com) Cpt. Hayrettin Çatalkaya, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398- 0100/3504, İstanbul-Turkey, email: hcatalkaya@gmail.com) expected that more than 2.23 billion people around the world or approximately half of the mobile phone users will connect internet via mobile devices in following years [1]. In this complex and enlarging cyber environment, how institutions will manage to protect themselves against cyber related activities (ranging from commercial use of personal information, open source information gathering, to cyber espionage efforts? In this study we tried to define how information gathering techniques via open source can give valuable information about employees to cyber criminals and then we recommended several counter measures against these activities. The organization of this study is handled in four sections. In Section 2, we tried to define institutional cybersecurity, its components, dilemmas and importance for a nation. In Section 3, we gave some information about open source intelligence (OSINT) gathering techniques through internet and social networks and executed a case study. In that case study, we used some freeware tools and gathered information and analyzed the results and put light on possible major cyber incidents. Finally in Section 4, we have pointed out that some essential cybersecurity measures and processes should be handled both technically and administratively. II. METHODS Expansion of cyberspace and the increasing use of smart devices have made us to reevaluate the cybersecurity not only from governmental level but also from institutional perspective. Thus, the institutional cyber security can be defined as the capability that consist of information security components and procedures, provides cooperation with partners and government authorities and handles top down cyber security situational awareness [2]. Generally the first step against global cyber threats is seen as forming a national level cybersecurity strategy. In government level strategies, the risks are put forward, critical infrastructures are emphasized, action plans and measures are discussed and specified. When we move down from government level to institutional level, it is hardly possible to see a cybersecurity strategy document or a roadmap that is projected and adapted institutionally. The question is: “Can a Institutional Cybersecurity: A Case Study of Open Source Intelligence and Social Networks M. Karaman, H. Çatalkaya T
3 government level cybersecurity strategy document be enough for an institution itself and can an institution get away with not having its own cybersecurity strategy or roadmap?” The answer is: “Of course not”. The main point in this issue is that the institutional level cybersecurity is generally ignored [2]. In order to ensure a strong national cybersecurity, it is a must for institutions to have their own institutional cybersecurity strategy and roadmap. In fig.1, the institutional level cybersecurity plays an important role between government level and individual level. Whether being public or private, the institutions have the critical infrastructures, providing industries, communication, transportation, finance etc. However, military organizations are left out of institutional cybersecurity in fig.1, it is also possible to include them in institutional level. Fig. 1. Cybersecurity Organizational Structure [2]. The main part of cybersecurity organization showed in fig.1, is always in close connection with up and down, government and individuals, because it has the public and private critical infrastructures within. Therefore institutional level cybersecurity, that is also valid for military organizations, must be handled systematically and thoroughly. In this respect, we put forward some main components of institutional cybersecurity, which is generic and can be applicable to other institutions as well [2]. TABLE I THE MAIN COMPONENTS OF INSTITUTIONAL CYBERSECURITY [2]. The Main Components of Institutional Cybersecurity 1. Cyber Strategy, Policies and Roadmap 2. Defining Cyber Environment and, Operational Design 3. Cybersecurity Situational Awareness and Education 4. Risk Assessment, Standardization, Cyber Resiliency 5. Secure System Architecture 6. Vulnerability Assessment 7. Central Incident Management 8. Log Management and Correlation 9. Continuous Monitoring and Auditing 10. Business Continuity With the coming of new cyber threats and more complex malwares, some leading countries and international organizations have sought for ways to deal with these challenging issues [2],[3]. In this respect, the nations that are trying to ensure strong and sustainable cybersecurity, also face some dilemmas [4]. The National Cybersecurity Dilemmas in Table 2 are specified by NATO Cooperative Cyber Defense Centre of Excellence (NATO CCDCOE) in its Framework Manual [4]. As nations deal with these dilemmas, the institutions are also subject to cybersecurity dilemmas shown below. TABLE II THE NATIONAL CYBERSECURITY DILEMMAS [4] The National Cybersecurity Dilemmas 1. Stimulate The Economy 2. Infrastructure Modernisation 3. Private Sectors vs. Public Sector 4. Data Protection vs. Information Sharing 5. Freedom of Speech By OSINT techniques, showed in the case study, cyber criminals can pave the way for a large scale data breach, obtain valuable information about the employees and can exploit the vulnerabilities of both human like honey traps [5], spear phishing attacks [6] and alike. The details of the case study as follows. III. A CASE STUDY OF OF OPEN SOURCE INTELLIGENCE AND SOCIAL NETWORKS According to the National Defense Authorization Act (2006), OSINT is attained from publicly available piece of information for a mission’s intelligence requirement. OSINT, from the army intelligence process perspective, is related with information derived from the systematic gathering, processing, and analysis of publicly available information in reaction to intelligence necessities [7]. White and black hat hackers utilize OSINT which is one of the easiest ways of information gathering techniques. In addition to intelligence and security personnel the police departments are also using information through open source [8]. The main drives of gathering OSINT about a person or system can be counted as reaching the data fast, easily and cheaply. Although these simplicity that data being available and generally accessible to anyone may cause people to think that the OSINT is useless. By analyzing the data collected piece by piece from different type of sources, we can reach to very effective results. As it is known, OSINT can be obtained from media, journals, radio and television and in our time mostly from internet. A. Individual Centric OSINT Efforts The internet stores a vast and valuable data in addition to a great deal of personal information. People using the internet, send information to each other with the help of social media and other type of communication tools like blogging and so on [8]. To reach a plenty of information about the target person is almost impossible if the one has not an internet connection. An
4 attacker can get information via internet search engines, social media and blogs and so on. By glancing at a social network profile, it is easy to get lots of information about someone (That is the one chosen by a cyber criminal as a victim)’s relations; friends, professions, area of interests, location, information about the family and the list goes on. After analyzing this information a cyber criminal can easily specify an attacking route to the victim. The direction and methodology that a cyber criminal could pursue depends firstly on his creative thinking and secondly on the victim’s attitudes, behaviors and the portion of sharing on social media networks [9]. According to a recent report released by iSIGHT Partners on 28 May 2014, a country’s cyber threat actors are using more than a dozen of fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated, long-term cyber espionage campaign. At least 2,000 people/targets are, or have been, caught in the snare and are connected to the false persons [10]. Attackers using social media exploit vulnerabilities of users’ security and privacy settings, shared contents, metadata, social media friends (Semantic Relations Among Users), user’s policy and consequently they gather information about their targets. Reaching the friends of a target, the attacker can extract connection diagrams with various tools (i2 Analyst Notebook, Maltego, CaseFile etc.) like in fig. 2. Target’s friends, the data that maybe helpful in some time, can also be gathered from different social networks and web sites mirroring social networks. Fig. 2. Common followers of two different account. Account 1 (Left) having 1949 followers, Account 2 (Right) having 535 followers and common followers (Up). By using social networks, it is possible to reach a one’s area of interest, systems that are being used, connections, photos, videos, phone numbers, mail addresses etc. (Fig. 2.) Fig. 3. An official social media account of a ministery. It shows the usage density on daily basis and the systems that totaly 3195 messages have been sent on during two year period. In a study by IBM Research Team on 1.524.544 tweets of 9551 users, they have managed to detect users’ locations correctly by checking the last 200 tweets of users [11]. In another research, an algorithm is developed that finds the location of users just by their tweets without even needing location information [12], [13]. The main drive on this issue is to collect as much information as possible about the target which may be valuable at any time. Even though some social networks erase the metadata of uploaded contents, there are some that don’t. By collecting the demanded information from social networks, some programs present the gathered data and information on graphical interface. Either on official or personal social media accounts, published photos of presidents, high-ranking commanders, diplomats, bureaucrats, being a high value target for an adversary, poses a great risk in terms of OSINT. In case of a seizure of coordinate/location information about a high level statesman, can end up in irreversible conclusions. It is possible to reach coordinate information of photos by the exchangeable image file format (EXIF) being available on photos. After reaching the coordinate information, it is the baby’s job to put that information on map. There are some programs that analyze the photos and show the location information on a map. An example is shown in fig.3. TABLE III THE DISTRIBUTION OF GATHERED INFORMATION Gathered Information Number User Names 132 E-mail Addresses 185 Operating System Information 5 Folder Location 26 Printer Information 29 Software 25
5 Fig. 4. A show of gathered information on the map from published photos of a country’s top level leaders by using the EXIF coordinate data. By Filtering the demanded information from selected web sites, RSS (Real Simple Syndicate or Rich Site Summary) is being used widely by plenty of online news agencies, web sites and blogs [14]. Search engines are deemed one of the most useful information gathering sources. Collecting automatic information on internet, many programs can do result-oriented filtering by inputting various parameters. These parameters can be typed manually by the attacker. In our time it is possible to make a search on web, multiple search engines and different social networks just by typing some information about a target, like personal information, email address, photos and etc. B. System Centric OSINT Efforts In these cases, the attacker will struggle to find every piece of data by using OSINT in order to infiltrate the system. The system administrators, types of software being used on the system and the location of the system are the ones that the attacker would aspire to reach. By putting web sites into whois queries, the attacker would acquire administrator’s information since whois can give contact information that is connected with that domain name [15]. Even though the data retrieved from a whois query can be masked by administrators, it is possible to reach the previous years’ whois records. The systems enabling to reach the previous years’ whois records since the first date of a web site will provide an attacker to gather information about the system administrators. An attacker can reach the web sites’ previous images in order to gather web sites’ administrators’ information by some systems that archive web sites faces. Afterwards this kind of data may be used by cyber criminals with the help of OSINT. It is possible to get user names, ip addresses, client/computer names, server computer names, email addresses, folder names, software, operating system name and version and so on by analyzing the metadata of uploaded contents of a web site. This can be done easily by a several free software on files (doc, docx, xls, ppt, pps, rtf etc.) that feature metadata on. In the table below, 300 files (63 item doc, 57 item docx, 58 item pdf, 15 item ppt, 21 item pptx, 43 item xls, 43 item xls) containing metadata were downloaded from a ministry web sites and analyzed. The numbered of gathered information are as follows. Fig. 5. Some of the 132 users that are obtained by the analysis of metadata belonging 300 downloaded item. By using and analyzing the metadata, institutions’ personnel information can be obtained with free software by cyber criminals and terrorists. (Fig. 4) After gathering users and system information on these documents, seen as harmless, not being confidential or sensible and thus released to internet by the administrators, attackers can utilize these information to form an organizational structure of an institution, to track the personnel on social media with masked accounts for future complicated, phishing, cyber espionage attacks after earning the trust of the target. Similar efforts were recently discovered in the large scale cyber espionage attack of a country that has been ongoing undetected since 2011. The mentioned cyber espionage campaign targeted key US military and diplomatic personnel by covert and fake accounts pretending to be government contractors or journalists. After cementing the trustworthiness by giving the target the information about activities, news updates etc., cyber criminals trap the target with “spear-phishing”, directing them to false web pages, and obtain the credentials of the target [5]. C. Possible Counter Measures Against Cyber Intelligence and Espionage Activities In our time the civil and governmental firms, institutions are on the race of reaching and informing their followers fast and reliably. Commensurate with that struggle a great deal of cyber risks may come forth unless the institutional data, whether conveyed or existed on internet environment, are brought under control. Although some social networks delete the EXIF data for the privacy of its users, some still don’t. And there is a no guarantee that they do not keep the metadata and similar data on its own servers. The institutions sharing photos or documents on social networks on their web sites should
6 erase or change the metadata with third-party software, in order to prevent OSINT efforts that may lead to a more complicated cyber espionage attack. A document apparently having no confidential or sensitive information may in fact hold crucial metadata on it. Therefore the significance of metadata and similar cyber risks should be told to workers ranging from least significant to manager of the institution by Information Communication Technologies (ICT) guys. Procedural processes should be examined to consist of the usage of social networks among personnel. In order to prevent OSINT and web vulnerabilities exposing such as the users’ credentials, system’s information and so on should be checked by upper senior ICT guys. Information that reveals the institutions organizational structure like operation, logistic department etc. and users’ credentials like citizenship number, email address or names should not be used as computer, server or printer name. Instead simple names and numbers should be preferred in naming the institution’s asset like computer001, networkprinter002 etc. As a general principle, the ICT personnel should not depart the rule of separation of duties and should not prefer simplicity against safer network design. For a sustainable institutional cybersecurity, vulnerability tests and security auditing should be executed periodically. Risk assessment documents, including novel and emerging cyber threats must be updated according to international standards and virtualization technologies should be used in networks [17]. IV. CONCLUSION Cyber activities cannot be thought apart from intelligence efforts. According to the leaked documents by Edward Snowden, released by a news agency, offensive cyber activities are being executed before and concurrently with cyber intelligence activities [5]. While the target, key diplomatic and military personas remain similar on this mentioned document, the scope of intelligence efforts exceeds the limits and ensnares the target into sex and honey traps [5] by arranging the location, time and place that may be obtained with various ways by OSINT on social networks or with other cyber means. Institutions and firms create official accounts on social networks to bridge a healthy communication with their customers and followers and they share some information and documents on them. In a series of analysis perpetuated, it is evident that the institutions haven’t taken necessary measures against metadata and other cyber risks [18]. If similar analysis are done by vicious people or terrorist organizations, information and documents holding metadata can advantage and help improve their level of intelligence about the institution, can income to cyber criminals by covertly getting the commercial secrets and they may also carry out ransomware attacks that gradually reached the top level in 2013 [16]. Cyber Incidents Response Teams (CIRT) that all institutions established in itself by the official order (Dated 13 October 2013) of The Ministry of Transportation, Maritime Affairs and Communications, should take into account the cyber risks of metadata of uploaded contents whether on official web sites or social media accounts of their institution and also be aware of the threat that social networks are exposing in terms of cyber espionage and intelligence activities. Measures against OSINT and social networks, should be administrative and technical considering confidentiality, integrity, availability of information and for sure the privacy of the employees too. However these kinds of cyber risks are seemingly relevant to institutions, these cyber risks in general concern national cyber security. While the weakest chain in ensuring the information and cyber security is the human, in terms of national security, the weakest chain could be a critical/key institution of a country. REFERENCES [1] Smartphone Users Worldwide Will Total 1.75 Billion in 2014. [Online]. Available: http://www.emarketer.com/Article/Smartphon-Users-Worldwide- Will-Total-175-Billion-2014/1010536 [2] I. Sisaneci, O. Akin, M. Karaman, and M. Saglam. “A Novel Concept For Cybersecurity: Institutional Cybersecurity”, 6th International Conference on Information Security and Cryptology, Turkey, Ankara, Sep. 20-21, 2013, pp. 89. [3] NATOWeb Site. [Online]. Available: http://www.nato.int, June, 2013 [4] A. Klimburg, Ed., National Cyber Security Framework Manual. NATO CCD COE Publications, 2012. [5] M.Cole. Exclusive: Snowden Docs Show British Spies Used Sex and 'DirtyTricks.(2014,February,07).[Online].Available:http://www.nbcnews.com/ feature/edward-snowden-interview/exclusive-snowden-docs-show-british- spies-used-sex-dirty-tricks-n23091 [6] Jim FinkleIranian hackers use fake Facebook accounts to spy on U.S., others.(2014,May,29).[Online]:http://www.reuters.com/article/2014/05/29/us- iran-hackers-idUSKBN0E90A220140529. [7] Open Source Intelligence, FMI 2-22.9, 2006. [8] Q.Eijkman and D.Weggemans, “Open source intelligence and privacy dilemmas: Is it time to reassess state accountability? Security and Human Rights,” 2012 no. 4, pp. 285-286. [9] Brandon Valeriano, Ryan Maness. “A Theory of Cyber Espionage for the intelligence Community”, EMC Chair Conference Paper. [10] S. Ward. An Iranian Threat Inside Social Media. (2014,May,28). [Online]. Available: http://www.isightpartners.com/2014/05/newscaster- iranian-threat-inside-social-media/ [11] M. Jalal, J. Nichols, and C. Drews., "Where Is This Tweet From? Inferring Home Locations of Twitter Users." ICWSM. 2012. [12] Hecht, B., Hong, L., Suh, B., & Chi, E. H. (2011,May). “Tweets from Justin Bieber's heart: the dynamics of the location field in user profiles.” In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 237-246). ACM. [13] Bo Han, Paul Cook and Timothy Baldwin. “A Stacking-based Approach to Twitter User Geolocation Prediction”, [14] Vilma Vuori, Jaani Väisänen. “The Use of Social Media in Gathering and Sharing Competitive Intelligence”, The 9th International Conference on Electronic Business, Macau, November 30 - December 4, 2009. [15] Whois Access Policy (2012,February,02) [Online]. Available: http://www.nic.uno/policy/Whois-Access-Policy.pdf. [16] McAfee Threats Report Second Quarter (2013). [17] M. Çalişkan, I. Şen, E. Kuğu and M.A. Aydin, “Sanallaştirma Teknolojilerinin Saldiri Tespit ve Önleme Sistemleri Üzerine Etkisi”, 1st International Symposium on Digital Forensics and Security (ISDFS’13), pp. 244-249, 2013.
7 [18] K. Goztepe, (2012). Designing Fuzzy Rule Based Expert System for Cyber Security. International Journal of Information Security Science, 1(1), 13-19. Muhammer Karaman received his BS degree in Turkish Army Academy in 2005. He has completed Information System Management Course in School of Information Technologies in US Army Signal School in Georgia, USA, in 2012. He currently continues his study at the Turkish Army War College. His research interests are cyber operations, cyber law, operational design and international relations. Hayrettin Çatalkaya received his BS degree in Turkish Army Academy in 2005. He currently continues his study at the Turkish Army War College. His research interests are information security and privacy, computer forensics and digital investigation.

Empfohlen

Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014vikawotar
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossierYury Chemerkin
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Debaratiitactcyberterrorimchapter
DebaratiitactcyberterrorimchapterDebaratiitactcyberterrorimchapter
DebaratiitactcyberterrorimchapterOperation Noah's Ark Organization
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
 

Empfohlen

Institutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveInstitutional Cybersecurity from Military Perspective
Institutional Cybersecurity from Military PerspectiveGovernment
 
Final national cyber security strategy november 2014
Final national cyber security strategy november 2014Final national cyber security strategy november 2014
Final national cyber security strategy november 2014vikawotar
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossierYury Chemerkin
 
2015 Cyber Security Strategy
2015 Cyber Security Strategy 2015 Cyber Security Strategy
2015 Cyber Security Strategy Mohit Kumar
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Debaratiitactcyberterrorimchapter
DebaratiitactcyberterrorimchapterDebaratiitactcyberterrorimchapter
DebaratiitactcyberterrorimchapterOperation Noah's Ark Organization
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
 
Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
 
A Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and CrimeA Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and CrimeQUESTJOURNAL
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...Alexander Decker
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET Journal
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...IJNSA Journal
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismanjalika sinha
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltarKhaltar Togtuun
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismYanis Mendez
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber Security Cooperation
Cyber Security CooperationCyber Security Cooperation
Cyber Security Cooperationসানজিদা ইয়াসমিন
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperMicrosoft
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsChuck Brooks
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...IJECEIAES
 
A Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and CrimeA Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and CrimeQUESTJOURNAL
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...Alexander Decker
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET Journal
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...IJNSA Journal
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 

Was ist angesagt? (20)

Network Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in NigeriaNetwork Security and Privacy in Medium Scale Businesses in Nigeria
Network Security and Privacy in Medium Scale Businesses in Nigeria
 
Gsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awardsGsn 2014 digital yearbook of homeland security awards
Gsn 2014 digital yearbook of homeland security awards
 
Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...Security techniques for intelligent spam sensing and anomaly detection in onl...
Security techniques for intelligent spam sensing and anomaly detection in onl...
 
A Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and CrimeA Biggest Threat to India – Cyber Terrorism and Crime
A Biggest Threat to India – Cyber Terrorism and Crime
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...Deepening the knowledge on information security management in developing coun...
Deepening the knowledge on information security management in developing coun...
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in Cyberspace
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
A STUDY ON LEA AND SEED ALGORITHMS FOR DATA PROTECTION OF SMARTPHONE BASED DI...
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Mon cirt khaltar
Mon cirt khaltarMon cirt khaltar
Mon cirt khaltar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Cyber Security Cooperation
Cyber Security CooperationCyber Security Cooperation
Cyber Security Cooperation
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 

Ähnlich wie 2015_ICMSS_Institutional_Cybersecurity_s02

Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperMicrosoft
 
Cyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network securityCyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network securityIJICTJOURNAL
 
State Management Mechanisms for the Exchange of Information Regarding Cyberat...
State Management Mechanisms for the Exchange of Information Regarding Cyberat...State Management Mechanisms for the Exchange of Information Regarding Cyberat...
State Management Mechanisms for the Exchange of Information Regarding Cyberat...Igor Britchenko
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Securityijtsrd
 
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...ssuser793b4e
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Kevin Fream
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & careerAmit Kumar
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxbartholomeocoombs
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information SecuritySimoun Ung
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safelyAlexander Decker
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabesegughana
 
1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docxfelicidaddinwoodie
 
A Review of Information Security Issues and Techniques.pdf
A Review of Information Security Issues and Techniques.pdfA Review of Information Security Issues and Techniques.pdf
A Review of Information Security Issues and Techniques.pdfArlene Smith
 

Ähnlich wie 2015_ICMSS_Institutional_Cybersecurity_s02 (20)

Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paper
 
Cyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network securityCyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network security
 
State Management Mechanisms for the Exchange of Information Regarding Cyberat...
State Management Mechanisms for the Exchange of Information Regarding Cyberat...State Management Mechanisms for the Exchange of Information Regarding Cyberat...
State Management Mechanisms for the Exchange of Information Regarding Cyberat...
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
A Study of Cyber Security Threats, Challenges in Different Fields and its Pro...
 
ICOCI2013: Keynotes 1
ICOCI2013: Keynotes 1ICOCI2013: Keynotes 1
ICOCI2013: Keynotes 1
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
 
Cyberfort syllabus & career
Cyberfort syllabus & careerCyberfort syllabus & career
Cyberfort syllabus & career
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docx
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safely
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx
 
A Review of Information Security Issues and Techniques.pdf
A Review of Information Security Issues and Techniques.pdfA Review of Information Security Issues and Techniques.pdf
A Review of Information Security Issues and Techniques.pdf
 

2015_ICMSS_Institutional_Cybersecurity_s02

  • 1. 2  Abstract— Enlargement of cyber space has increased the level and amount of cyber risk. Commensurate with the growing risk in Information Communication Technology (ICT), many countries have prepared their national cyber security strategies. The complexity in cyber attacks, cyber espionage activities have demonstrated that not only the national critical infrastructures are on the target, but also the institutions are. Having a national level cybersecurity strategy document could not prevent cyber attacks targeting institutions. Therefore, institutions should also have a robust cyber security strategy, roadmap and action plan in order to stand firmly against emerging cyber risks. It has become a real fact that protecting critical infrastructures and assets will be key issues that leaders should permanently take into account whether they are being a CEO of an organization or a general commanding a troop. From this point of view, we tried to shed light on some possible cyber risks that how cyber criminals can exploit. Via open source intelligence and social networks, employees, managers and even system administrators can be exposed to hacking and cyber intelligence activities. In this study, we have made a case study by using open source intelligence and social networks in order to emphasize and show how institutions are vulnerable to possible cyber attacks and cyber intelligence activities. Index Terms— Institutional Cybersecurity, Social Networks, Open Source Information Gathering Techniques, Metadata. I. INTRODUCTION he use of information communication technologies (ICT), ranging from merely a smart phone to national assets like critical infrastructures, have been increasing day by day around the world. Along with the widespread use of ICT, cyber risks have been rising in accordance. Reaching the 1 billion points in 2012, the global smart phone users are expected to reach 1.75 million in the current year. It is also Cpt. Muhammer Karaman, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398-0100/3504, İstanbul-Turkey, email: muammerkaraman29@gmail.com) Cpt. Hayrettin Çatalkaya, War Colleges Command, Army War College, Student Officer, Yenilevent, İSTANBUL 34330 TURKEY (Pbx: +90 212 398- 0100/3504, İstanbul-Turkey, email: hcatalkaya@gmail.com) expected that more than 2.23 billion people around the world or approximately half of the mobile phone users will connect internet via mobile devices in following years [1]. In this complex and enlarging cyber environment, how institutions will manage to protect themselves against cyber related activities (ranging from commercial use of personal information, open source information gathering, to cyber espionage efforts? In this study we tried to define how information gathering techniques via open source can give valuable information about employees to cyber criminals and then we recommended several counter measures against these activities. The organization of this study is handled in four sections. In Section 2, we tried to define institutional cybersecurity, its components, dilemmas and importance for a nation. In Section 3, we gave some information about open source intelligence (OSINT) gathering techniques through internet and social networks and executed a case study. In that case study, we used some freeware tools and gathered information and analyzed the results and put light on possible major cyber incidents. Finally in Section 4, we have pointed out that some essential cybersecurity measures and processes should be handled both technically and administratively. II. METHODS Expansion of cyberspace and the increasing use of smart devices have made us to reevaluate the cybersecurity not only from governmental level but also from institutional perspective. Thus, the institutional cyber security can be defined as the capability that consist of information security components and procedures, provides cooperation with partners and government authorities and handles top down cyber security situational awareness [2]. Generally the first step against global cyber threats is seen as forming a national level cybersecurity strategy. In government level strategies, the risks are put forward, critical infrastructures are emphasized, action plans and measures are discussed and specified. When we move down from government level to institutional level, it is hardly possible to see a cybersecurity strategy document or a roadmap that is projected and adapted institutionally. The question is: “Can a Institutional Cybersecurity: A Case Study of Open Source Intelligence and Social Networks M. Karaman, H. Çatalkaya T
  • 2. 3 government level cybersecurity strategy document be enough for an institution itself and can an institution get away with not having its own cybersecurity strategy or roadmap?” The answer is: “Of course not”. The main point in this issue is that the institutional level cybersecurity is generally ignored [2]. In order to ensure a strong national cybersecurity, it is a must for institutions to have their own institutional cybersecurity strategy and roadmap. In fig.1, the institutional level cybersecurity plays an important role between government level and individual level. Whether being public or private, the institutions have the critical infrastructures, providing industries, communication, transportation, finance etc. However, military organizations are left out of institutional cybersecurity in fig.1, it is also possible to include them in institutional level. Fig. 1. Cybersecurity Organizational Structure [2]. The main part of cybersecurity organization showed in fig.1, is always in close connection with up and down, government and individuals, because it has the public and private critical infrastructures within. Therefore institutional level cybersecurity, that is also valid for military organizations, must be handled systematically and thoroughly. In this respect, we put forward some main components of institutional cybersecurity, which is generic and can be applicable to other institutions as well [2]. TABLE I THE MAIN COMPONENTS OF INSTITUTIONAL CYBERSECURITY [2]. The Main Components of Institutional Cybersecurity 1. Cyber Strategy, Policies and Roadmap 2. Defining Cyber Environment and, Operational Design 3. Cybersecurity Situational Awareness and Education 4. Risk Assessment, Standardization, Cyber Resiliency 5. Secure System Architecture 6. Vulnerability Assessment 7. Central Incident Management 8. Log Management and Correlation 9. Continuous Monitoring and Auditing 10. Business Continuity With the coming of new cyber threats and more complex malwares, some leading countries and international organizations have sought for ways to deal with these challenging issues [2],[3]. In this respect, the nations that are trying to ensure strong and sustainable cybersecurity, also face some dilemmas [4]. The National Cybersecurity Dilemmas in Table 2 are specified by NATO Cooperative Cyber Defense Centre of Excellence (NATO CCDCOE) in its Framework Manual [4]. As nations deal with these dilemmas, the institutions are also subject to cybersecurity dilemmas shown below. TABLE II THE NATIONAL CYBERSECURITY DILEMMAS [4] The National Cybersecurity Dilemmas 1. Stimulate The Economy 2. Infrastructure Modernisation 3. Private Sectors vs. Public Sector 4. Data Protection vs. Information Sharing 5. Freedom of Speech By OSINT techniques, showed in the case study, cyber criminals can pave the way for a large scale data breach, obtain valuable information about the employees and can exploit the vulnerabilities of both human like honey traps [5], spear phishing attacks [6] and alike. The details of the case study as follows. III. A CASE STUDY OF OF OPEN SOURCE INTELLIGENCE AND SOCIAL NETWORKS According to the National Defense Authorization Act (2006), OSINT is attained from publicly available piece of information for a mission’s intelligence requirement. OSINT, from the army intelligence process perspective, is related with information derived from the systematic gathering, processing, and analysis of publicly available information in reaction to intelligence necessities [7]. White and black hat hackers utilize OSINT which is one of the easiest ways of information gathering techniques. In addition to intelligence and security personnel the police departments are also using information through open source [8]. The main drives of gathering OSINT about a person or system can be counted as reaching the data fast, easily and cheaply. Although these simplicity that data being available and generally accessible to anyone may cause people to think that the OSINT is useless. By analyzing the data collected piece by piece from different type of sources, we can reach to very effective results. As it is known, OSINT can be obtained from media, journals, radio and television and in our time mostly from internet. A. Individual Centric OSINT Efforts The internet stores a vast and valuable data in addition to a great deal of personal information. People using the internet, send information to each other with the help of social media and other type of communication tools like blogging and so on [8]. To reach a plenty of information about the target person is almost impossible if the one has not an internet connection. An
  • 3. 4 attacker can get information via internet search engines, social media and blogs and so on. By glancing at a social network profile, it is easy to get lots of information about someone (That is the one chosen by a cyber criminal as a victim)’s relations; friends, professions, area of interests, location, information about the family and the list goes on. After analyzing this information a cyber criminal can easily specify an attacking route to the victim. The direction and methodology that a cyber criminal could pursue depends firstly on his creative thinking and secondly on the victim’s attitudes, behaviors and the portion of sharing on social media networks [9]. According to a recent report released by iSIGHT Partners on 28 May 2014, a country’s cyber threat actors are using more than a dozen of fake personas on social networking sites (Facebook, Twitter, LinkedIn, Google+, YouTube, Blogger) in a coordinated, long-term cyber espionage campaign. At least 2,000 people/targets are, or have been, caught in the snare and are connected to the false persons [10]. Attackers using social media exploit vulnerabilities of users’ security and privacy settings, shared contents, metadata, social media friends (Semantic Relations Among Users), user’s policy and consequently they gather information about their targets. Reaching the friends of a target, the attacker can extract connection diagrams with various tools (i2 Analyst Notebook, Maltego, CaseFile etc.) like in fig. 2. Target’s friends, the data that maybe helpful in some time, can also be gathered from different social networks and web sites mirroring social networks. Fig. 2. Common followers of two different account. Account 1 (Left) having 1949 followers, Account 2 (Right) having 535 followers and common followers (Up). By using social networks, it is possible to reach a one’s area of interest, systems that are being used, connections, photos, videos, phone numbers, mail addresses etc. (Fig. 2.) Fig. 3. An official social media account of a ministery. It shows the usage density on daily basis and the systems that totaly 3195 messages have been sent on during two year period. In a study by IBM Research Team on 1.524.544 tweets of 9551 users, they have managed to detect users’ locations correctly by checking the last 200 tweets of users [11]. In another research, an algorithm is developed that finds the location of users just by their tweets without even needing location information [12], [13]. The main drive on this issue is to collect as much information as possible about the target which may be valuable at any time. Even though some social networks erase the metadata of uploaded contents, there are some that don’t. By collecting the demanded information from social networks, some programs present the gathered data and information on graphical interface. Either on official or personal social media accounts, published photos of presidents, high-ranking commanders, diplomats, bureaucrats, being a high value target for an adversary, poses a great risk in terms of OSINT. In case of a seizure of coordinate/location information about a high level statesman, can end up in irreversible conclusions. It is possible to reach coordinate information of photos by the exchangeable image file format (EXIF) being available on photos. After reaching the coordinate information, it is the baby’s job to put that information on map. There are some programs that analyze the photos and show the location information on a map. An example is shown in fig.3. TABLE III THE DISTRIBUTION OF GATHERED INFORMATION Gathered Information Number User Names 132 E-mail Addresses 185 Operating System Information 5 Folder Location 26 Printer Information 29 Software 25
  • 4. 5 Fig. 4. A show of gathered information on the map from published photos of a country’s top level leaders by using the EXIF coordinate data. By Filtering the demanded information from selected web sites, RSS (Real Simple Syndicate or Rich Site Summary) is being used widely by plenty of online news agencies, web sites and blogs [14]. Search engines are deemed one of the most useful information gathering sources. Collecting automatic information on internet, many programs can do result-oriented filtering by inputting various parameters. These parameters can be typed manually by the attacker. In our time it is possible to make a search on web, multiple search engines and different social networks just by typing some information about a target, like personal information, email address, photos and etc. B. System Centric OSINT Efforts In these cases, the attacker will struggle to find every piece of data by using OSINT in order to infiltrate the system. The system administrators, types of software being used on the system and the location of the system are the ones that the attacker would aspire to reach. By putting web sites into whois queries, the attacker would acquire administrator’s information since whois can give contact information that is connected with that domain name [15]. Even though the data retrieved from a whois query can be masked by administrators, it is possible to reach the previous years’ whois records. The systems enabling to reach the previous years’ whois records since the first date of a web site will provide an attacker to gather information about the system administrators. An attacker can reach the web sites’ previous images in order to gather web sites’ administrators’ information by some systems that archive web sites faces. Afterwards this kind of data may be used by cyber criminals with the help of OSINT. It is possible to get user names, ip addresses, client/computer names, server computer names, email addresses, folder names, software, operating system name and version and so on by analyzing the metadata of uploaded contents of a web site. This can be done easily by a several free software on files (doc, docx, xls, ppt, pps, rtf etc.) that feature metadata on. In the table below, 300 files (63 item doc, 57 item docx, 58 item pdf, 15 item ppt, 21 item pptx, 43 item xls, 43 item xls) containing metadata were downloaded from a ministry web sites and analyzed. The numbered of gathered information are as follows. Fig. 5. Some of the 132 users that are obtained by the analysis of metadata belonging 300 downloaded item. By using and analyzing the metadata, institutions’ personnel information can be obtained with free software by cyber criminals and terrorists. (Fig. 4) After gathering users and system information on these documents, seen as harmless, not being confidential or sensible and thus released to internet by the administrators, attackers can utilize these information to form an organizational structure of an institution, to track the personnel on social media with masked accounts for future complicated, phishing, cyber espionage attacks after earning the trust of the target. Similar efforts were recently discovered in the large scale cyber espionage attack of a country that has been ongoing undetected since 2011. The mentioned cyber espionage campaign targeted key US military and diplomatic personnel by covert and fake accounts pretending to be government contractors or journalists. After cementing the trustworthiness by giving the target the information about activities, news updates etc., cyber criminals trap the target with “spear-phishing”, directing them to false web pages, and obtain the credentials of the target [5]. C. Possible Counter Measures Against Cyber Intelligence and Espionage Activities In our time the civil and governmental firms, institutions are on the race of reaching and informing their followers fast and reliably. Commensurate with that struggle a great deal of cyber risks may come forth unless the institutional data, whether conveyed or existed on internet environment, are brought under control. Although some social networks delete the EXIF data for the privacy of its users, some still don’t. And there is a no guarantee that they do not keep the metadata and similar data on its own servers. The institutions sharing photos or documents on social networks on their web sites should
  • 5. 6 erase or change the metadata with third-party software, in order to prevent OSINT efforts that may lead to a more complicated cyber espionage attack. A document apparently having no confidential or sensitive information may in fact hold crucial metadata on it. Therefore the significance of metadata and similar cyber risks should be told to workers ranging from least significant to manager of the institution by Information Communication Technologies (ICT) guys. Procedural processes should be examined to consist of the usage of social networks among personnel. In order to prevent OSINT and web vulnerabilities exposing such as the users’ credentials, system’s information and so on should be checked by upper senior ICT guys. Information that reveals the institutions organizational structure like operation, logistic department etc. and users’ credentials like citizenship number, email address or names should not be used as computer, server or printer name. Instead simple names and numbers should be preferred in naming the institution’s asset like computer001, networkprinter002 etc. As a general principle, the ICT personnel should not depart the rule of separation of duties and should not prefer simplicity against safer network design. For a sustainable institutional cybersecurity, vulnerability tests and security auditing should be executed periodically. Risk assessment documents, including novel and emerging cyber threats must be updated according to international standards and virtualization technologies should be used in networks [17]. IV. CONCLUSION Cyber activities cannot be thought apart from intelligence efforts. According to the leaked documents by Edward Snowden, released by a news agency, offensive cyber activities are being executed before and concurrently with cyber intelligence activities [5]. While the target, key diplomatic and military personas remain similar on this mentioned document, the scope of intelligence efforts exceeds the limits and ensnares the target into sex and honey traps [5] by arranging the location, time and place that may be obtained with various ways by OSINT on social networks or with other cyber means. Institutions and firms create official accounts on social networks to bridge a healthy communication with their customers and followers and they share some information and documents on them. In a series of analysis perpetuated, it is evident that the institutions haven’t taken necessary measures against metadata and other cyber risks [18]. If similar analysis are done by vicious people or terrorist organizations, information and documents holding metadata can advantage and help improve their level of intelligence about the institution, can income to cyber criminals by covertly getting the commercial secrets and they may also carry out ransomware attacks that gradually reached the top level in 2013 [16]. Cyber Incidents Response Teams (CIRT) that all institutions established in itself by the official order (Dated 13 October 2013) of The Ministry of Transportation, Maritime Affairs and Communications, should take into account the cyber risks of metadata of uploaded contents whether on official web sites or social media accounts of their institution and also be aware of the threat that social networks are exposing in terms of cyber espionage and intelligence activities. Measures against OSINT and social networks, should be administrative and technical considering confidentiality, integrity, availability of information and for sure the privacy of the employees too. However these kinds of cyber risks are seemingly relevant to institutions, these cyber risks in general concern national cyber security. While the weakest chain in ensuring the information and cyber security is the human, in terms of national security, the weakest chain could be a critical/key institution of a country. REFERENCES [1] Smartphone Users Worldwide Will Total 1.75 Billion in 2014. [Online]. Available: http://www.emarketer.com/Article/Smartphon-Users-Worldwide- Will-Total-175-Billion-2014/1010536 [2] I. Sisaneci, O. Akin, M. Karaman, and M. Saglam. “A Novel Concept For Cybersecurity: Institutional Cybersecurity”, 6th International Conference on Information Security and Cryptology, Turkey, Ankara, Sep. 20-21, 2013, pp. 89. [3] NATOWeb Site. [Online]. Available: http://www.nato.int, June, 2013 [4] A. Klimburg, Ed., National Cyber Security Framework Manual. NATO CCD COE Publications, 2012. [5] M.Cole. Exclusive: Snowden Docs Show British Spies Used Sex and 'DirtyTricks.(2014,February,07).[Online].Available:http://www.nbcnews.com/ feature/edward-snowden-interview/exclusive-snowden-docs-show-british- spies-used-sex-dirty-tricks-n23091 [6] Jim FinkleIranian hackers use fake Facebook accounts to spy on U.S., others.(2014,May,29).[Online]:http://www.reuters.com/article/2014/05/29/us- iran-hackers-idUSKBN0E90A220140529. [7] Open Source Intelligence, FMI 2-22.9, 2006. [8] Q.Eijkman and D.Weggemans, “Open source intelligence and privacy dilemmas: Is it time to reassess state accountability? Security and Human Rights,” 2012 no. 4, pp. 285-286. [9] Brandon Valeriano, Ryan Maness. “A Theory of Cyber Espionage for the intelligence Community”, EMC Chair Conference Paper. [10] S. Ward. An Iranian Threat Inside Social Media. (2014,May,28). [Online]. Available: http://www.isightpartners.com/2014/05/newscaster- iranian-threat-inside-social-media/ [11] M. Jalal, J. Nichols, and C. Drews., "Where Is This Tweet From? Inferring Home Locations of Twitter Users." ICWSM. 2012. [12] Hecht, B., Hong, L., Suh, B., & Chi, E. H. (2011,May). “Tweets from Justin Bieber's heart: the dynamics of the location field in user profiles.” In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 237-246). ACM. [13] Bo Han, Paul Cook and Timothy Baldwin. “A Stacking-based Approach to Twitter User Geolocation Prediction”, [14] Vilma Vuori, Jaani Väisänen. “The Use of Social Media in Gathering and Sharing Competitive Intelligence”, The 9th International Conference on Electronic Business, Macau, November 30 - December 4, 2009. [15] Whois Access Policy (2012,February,02) [Online]. Available: http://www.nic.uno/policy/Whois-Access-Policy.pdf. [16] McAfee Threats Report Second Quarter (2013). [17] M. Çalişkan, I. Şen, E. Kuğu and M.A. Aydin, “Sanallaştirma Teknolojilerinin Saldiri Tespit ve Önleme Sistemleri Üzerine Etkisi”, 1st International Symposium on Digital Forensics and Security (ISDFS’13), pp. 244-249, 2013.
  • 6. 7 [18] K. Goztepe, (2012). Designing Fuzzy Rule Based Expert System for Cyber Security. International Journal of Information Security Science, 1(1), 13-19. Muhammer Karaman received his BS degree in Turkish Army Academy in 2005. He has completed Information System Management Course in School of Information Technologies in US Army Signal School in Georgia, USA, in 2012. He currently continues his study at the Turkish Army War College. His research interests are cyber operations, cyber law, operational design and international relations. Hayrettin Çatalkaya received his BS degree in Turkish Army Academy in 2005. He currently continues his study at the Turkish Army War College. His research interests are information security and privacy, computer forensics and digital investigation.