This document outlines 10 post-apocalyptic cyber scenarios and provides real world examples for each. The scenarios include: 1) widespread DDoS attacks causing communication outages, 2) social media being used to coordinate DDoS protests, 3) an insider stealing customer data, 4) malicious software updates, 5) hardware backdoors enabling theft and network control, 6) an insider abusing privileges for financial gain, 7) erroneous BGP routes blackholing the internet, 8) state-sponsored cyber espionage, 9) weapons-grade malware used for sabotage like Stuxnet, and 10) cyber attacks supporting military strikes
3. The futility of proposed scenarios
A stab in the dark at a divergent future, while interesting,
is doing us a disservice.
4.
5. Scenario 1.
Collateral damage from cyberwar
• Wide spread state sponsored DDoS
attack
• Communication outages
• Official web sites taken down
6. The reality
• August 8, 2008 Russia invades
Georgia
• DDoS against Georgia
president.gov.ge
rustavi2.com
• Tulip Systems Atlanta
• 68,000 requests/sec
8. Scenario 2. Political protesters
enlist social media to target attacks
Facebook or Twitter used to call protesters
to arms
DDoS tools distributed along with instructions
Websites disabled
9. Twitter as tool of riot creation
Post Iranian election Twitter was used to support
virtual riots via DDoS
Note that AnonymousOps
used LOIC too!
10. Twitter escalation
Phase 1. Hacking
instructions sites.
Phase 2. Links to
pagereload.com
Phase 3. Links to
a specially crafted
site that opens 15
frames on
pagereload.com
11. Scenario 3. An insider uses
privileged access to steal customer
data
• Despite strong authentication,
encryption, and DLP, a trusted
employee steals customer data
• Sells it to a third party
12. Rene Rebollo
Countrywide data loss estimated he
downloaded about
20,000 customer
profiles a week in excel
spreadsheets onto
flash drives.
2 million total
identities sold to Wahid
Siddiqi, his outside
accomplice.
13. Scenario 4. Malicious Software
Updates
• A software vendor issues software
updates that are malicious in nature
• Software is back-doored
• Systems compromised.
14. Athens 2004
A series of software updates turns on
Lawful intercept function
104 diplomats and Olympic officials
spied on
Engineer mysteriously commits suicide
15. Scenario 5. Hardware backdoors
• Hardware vendor builds backdoors
into critical equipment
• Uses backdoor to steal confidential
information
• Gains control of network
17. Scenario 6. Insider abuse
Insider uses knowledge of business
systems and back office to get
around internal controls.
Loss of millions
18. Trading losses
2008, Jerome Kerviel covers up trading losses,
Largest trading fraud in history to be carried out by a single person.
$7.14 Billion
5 year sentence reduced to 3
19. Scenario 7. Spurious BGP route
announcements used to black hole
the Internet
The biggest single vulnerability in Internet infrastructure
used to
1. Deny access to a service
2. Siphon data
3. Shut off a country
21. China drinks from a fire hose
“Internet routing, believe it or not, still works on the honor
system.”
“On April 8th (2010), starting at 15:50 UTC, China Telecom
incorrectly asserted ownership of more than 50,000 different
blocks of IP addresses. “ -Renysis Blog
15% of the Internet was party to a man in the middle attack for
18 minutes.
22. Mubarak’s Internet Kill Switch
January 27, 2011
At 22:34 UTC (00:34am local time), Renesys
observed the virtually simultaneous withdrawal
of all routes to Egyptian networks in the
Internet's global routing table. Approximately
3,500 individual BGP routes were withdrawn,
leaving no valid paths by which the rest of the
world could continue to exchange Internet
traffic with Egypt's service providers.
23. Scenario 8. State sponsored spying
• A nation state infiltrates dozens of
computers belonging to key
personnel
• Reads emails
• Steals information
• Uses information to impact
diplomatic mission
24. Ghostnet
• Office of the Dalai Lama infiltrated
through malware installed on
computers
• Email servers completely owned
• Emails modified in transit
• Email read and acted on
• Over 1,200 infected computers
globally
25. Sound familiar?
• Pentagon 2007
• Rio Tinto 2009
• Google Aurora 2010
• Night Dragon
• RSA 2011
• Mitsubishi, Kawasaki, 2011
28. Breaking news
October 18: Symantec announces new variants of Stuxnet in the
wild.
-New version was written by authors with access to original
Stuxnet source code
-This version targets PLC manufacturers.
-Most recent sample was compiled on October 17th.
29. Scenario 10. Cyber attacks in
support of military strikes.
Syria invaded by Israeli war planes that destroy a nuclear reactor.
Network attacks to shut down command and control
Airborn attacks against radar systems to “inject code” and shut
down radar systems.
Breaking news, October 18, New York Times reports that
Obama’s administration considered similar attacks against
Libya.
CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
\n
\n
CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
20 million Ids including SSN stolen by the insider, Rene Rebollo, Wahid Siddiqi, 25,was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The FBI's statement alleges Rebollo was taking the personal information of mortgage customers, including social security numbers, storing them on a USB thumb drive. Rebollo told the law enforcement he profited anywhere from $50,000 to $70,000 from the sale of the Countrywide-owned data. In an FBI affidavit Rebollo estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto the flash drives and then took the spreadsheets and emailed them to buyers from business center stores.\n