SlideShare ist ein Scribd-Unternehmen logo

Post Apocalyptic Cyber Realism

Als KEY, PDF herunterladen
Richard Stiennon
Richard Stiennon

This document outlines 10 post-apocalyptic cyber scenarios and provides real world examples for each. The scenarios include: 1) widespread DDoS attacks causing communication outages, 2) social media being used to coordinate DDoS protests, 3) an insider stealing customer data, 4) malicious software updates, 5) hardware backdoors enabling theft and network control, 6) an insider abusing privileges for financial gain, 7) erroneous BGP routes blackholing the internet, 8) state-sponsored cyber espionage, 9) weapons-grade malware used for sabotage like Stuxnet, and 10) cyber attacks supporting military strikes

TechnologieNews & Politik
1 von 31
Post Apocalyptic Cyber Realism Richard Stiennon Chief Research Analyst IT-Harvest www.it-harvest.com twitter.com/cyberwar or twitter.com/stiennon
www.it-harvest.com twitter.com/cyberwar Blog: www.forbes.com/richardstiennon
The futility of proposed scenarios A stab in the dark at a divergent future, while interesting, is doing us a disservice.
Scenario 1. Collateral damage from cyberwar • Wide spread state sponsored DDoS attack • Communication outages • Official web sites taken down
The reality • August 8, 2008 Russia invades Georgia • DDoS against Georgia president.gov.ge rustavi2.com • Tulip Systems Atlanta • 68,000 requests/sec
A little preparation
Scenario 2. Political protesters enlist social media to target attacks Facebook or Twitter used to call protesters to arms DDoS tools distributed along with instructions Websites disabled
Twitter as tool of riot creation Post Iranian election Twitter was used to support virtual riots via DDoS Note that AnonymousOps used LOIC too!
Twitter escalation Phase 1. Hacking instructions sites. Phase 2. Links to pagereload.com Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com
Scenario 3. An insider uses privileged access to steal customer data • Despite strong authentication, encryption, and DLP, a trusted employee steals customer data • Sells it to a third party
 Rene Rebollo Countrywide data loss estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto flash drives.  2 million total identities sold to Wahid Siddiqi, his outside accomplice.
Scenario 4. Malicious Software Updates • A software vendor issues software updates that are malicious in nature • Software is back-doored • Systems compromised.
Athens 2004 A series of software updates turns on Lawful intercept function 104 diplomats and Olympic officials spied on Engineer mysteriously commits suicide
Scenario 5. Hardware backdoors • Hardware vendor builds backdoors into critical equipment • Uses backdoor to steal confidential information • Gains control of network
Hardware backdoors • Test 1 • Esample 3 • Example 3
Scenario 6. Insider abuse Insider uses knowledge of business systems and back office to get around internal controls. Loss of millions
Trading losses 2008, Jerome Kerviel covers up trading losses, Largest trading fraud in history to be carried out by a single person. $7.14 Billion 5 year sentence reduced to 3
Scenario 7. Spurious BGP route announcements used to black hole the Internet The biggest single vulnerability in Internet infrastructure used to 1. Deny access to a service 2. Siphon data 3. Shut off a country
YouTube rerouted by Pakistan February 24, 2008
China drinks from a fire hose “Internet routing, believe it or not, still works on the honor system.” “On April 8th (2010), starting at 15:50 UTC, China Telecom incorrectly asserted ownership of more than 50,000 different blocks of IP addresses. “ -Renysis Blog 15% of the Internet was party to a man in the middle attack for 18 minutes.
Mubarak’s Internet Kill Switch January 27, 2011 At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers.
Scenario 8. State sponsored spying • A nation state infiltrates dozens of computers belonging to key personnel • Reads emails • Steals information • Uses information to impact diplomatic mission
Ghostnet • Office of the Dalai Lama infiltrated through malware installed on computers • Email servers completely owned • Emails modified in transit • Email read and acted on • Over 1,200 infected computers globally
Sound familiar? • Pentagon 2007 • Rio Tinto 2009 • Google Aurora 2010 • Night Dragon • RSA 2011 • Mitsubishi, Kawasaki, 2011
Scenario 9: Weapons grade malware used for sabotage
Stuxnet - most advanced malware
Breaking news October 18: Symantec announces new variants of Stuxnet in the wild. -New version was written by authors with access to original Stuxnet source code -This version targets PLC manufacturers. -Most recent sample was compiled on October 17th.
Scenario 10. Cyber attacks in support of military strikes. Syria invaded by Israeli war planes that destroy a nuclear reactor. Network attacks to shut down command and control Airborn attacks against radar systems to “inject code” and shut down radar systems. Breaking news, October 18, New York Times reports that Obama’s administration considered similar attacks against Libya.
Every sector has already experienced cyber disaster. What are we waiting for?
Blog: www.threatchaos.com email: richard@it-harvest.com Twitter: twitter.com/cyberwar

Empfohlen

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityarel shane
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Hacking
HackingHacking
HackingKaran Poshattiwar
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Mikko Hypponen
 
technical disaster
technical disastertechnical disaster
technical disasterkaushik_sutariya_
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 

Empfohlen

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityarel shane
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityMuhammad Hamza
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko HypponenMikko Hypponen
 
Hacking
HackingHacking
HackingKaran Poshattiwar
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Mikko Hypponen
 
technical disaster
technical disastertechnical disaster
technical disasterkaushik_sutariya_
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information SecurityAjay Dhamija
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hackingsatish kumar
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hackingSibghatullah Khattak
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRenu Verma
 
Hacking
HackingHacking
HackingHaider Akbar
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingRohit Trimukhe
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTVivekanandan M
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingRishabha Garg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingvishakha bhagwat
 
"Hacking"
"Hacking""Hacking"
"Hacking"Ameesha Indusarani
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all timePRESENTATIONSFORESL
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingDamisetty Bala Naga Rama Sesha Sai
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Cyber crime
Cyber crimeCyber crime
Cyber crimewindows21
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkITP - Information Technology Professionals
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hackingsatish kumar
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking OverviewSubhoneel Datta
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTVivekanandan M
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all timePRESENTATIONSFORESL
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.Coder Tech
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 

Was ist angesagt? (20)

Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking Overview
Ethical Hacking OverviewEthical Hacking Overview
Ethical Hacking Overview
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Computer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPTComputer hacking – Is it Ethical PPT
Computer hacking – Is it Ethical PPT
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
"Hacking"
"Hacking""Hacking"
"Hacking"
 
Top 10 most famous hackers of all time
Top 10 most famous hackers of all timeTop 10 most famous hackers of all time
Top 10 most famous hackers of all time
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Hacking and Types of Hacker.
Hacking and Types of Hacker.Hacking and Types of Hacker.
Hacking and Types of Hacker.
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 

Ähnlich wie Post Apocalyptic Cyber Realism

News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal Jaskaran Narula
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five yearsSABBY GILL
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software developmentBill Ross
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifelAhmed Tememe
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
NS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdfNS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdfAadil83
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 

Ähnlich wie Post Apocalyptic Cyber Realism (20)

Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
Cyber war
Cyber warCyber war
Cyber war
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Cyber espionage
Cyber espionageCyber espionage
Cyber espionage
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs Corp
 
Secure by design and secure software development
Secure by design and secure software developmentSecure by design and secure software development
Secure by design and secure software development
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
 
2hacking.ppt
2hacking.ppt2hacking.ppt
2hacking.ppt
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
NS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdfNS UNIT 3 COMBINED.pdf
NS UNIT 3 COMBINED.pdf
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Hacking
HackingHacking
Hacking
 

Mehr von Richard Stiennon

Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trendsRichard Stiennon
 
The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarRichard Stiennon
 
How the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsHow the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsRichard Stiennon
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoRichard Stiennon
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverRichard Stiennon
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process HackingRichard Stiennon
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick? Richard Stiennon
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09Richard Stiennon
 

Mehr von Richard Stiennon (15)

Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
 
Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trends
 
The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be Cyberwar
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar
 
How the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsHow the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwars
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security Forever
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process Hacking
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick?
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Cyberwar Update2010
Cyberwar Update2010Cyberwar Update2010
Cyberwar Update2010
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09
 
Surviving Cyber War
Surviving Cyber WarSurviving Cyber War
Surviving Cyber War
 

Kürzlich hochgeladen

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Post Apocalyptic Cyber Realism

  • 1. Post Apocalyptic Cyber Realism Richard Stiennon Chief Research Analyst IT-Harvest www.it-harvest.com twitter.com/cyberwar or twitter.com/stiennon
  • 3. The futility of proposed scenarios A stab in the dark at a divergent future, while interesting, is doing us a disservice.
  • 4.
  • 5. Scenario 1. Collateral damage from cyberwar • Wide spread state sponsored DDoS attack • Communication outages • Official web sites taken down
  • 6. The reality • August 8, 2008 Russia invades Georgia • DDoS against Georgia president.gov.ge rustavi2.com • Tulip Systems Atlanta • 68,000 requests/sec
  • 8. Scenario 2. Political protesters enlist social media to target attacks Facebook or Twitter used to call protesters to arms DDoS tools distributed along with instructions Websites disabled
  • 9. Twitter as tool of riot creation Post Iranian election Twitter was used to support virtual riots via DDoS Note that AnonymousOps used LOIC too!
  • 10. Twitter escalation Phase 1. Hacking instructions sites. Phase 2. Links to pagereload.com Phase 3. Links to a specially crafted site that opens 15 frames on pagereload.com
  • 11. Scenario 3. An insider uses privileged access to steal customer data • Despite strong authentication, encryption, and DLP, a trusted employee steals customer data • Sells it to a third party
  • 12.  Rene Rebollo Countrywide data loss estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto flash drives.  2 million total identities sold to Wahid Siddiqi, his outside accomplice.
  • 13. Scenario 4. Malicious Software Updates • A software vendor issues software updates that are malicious in nature • Software is back-doored • Systems compromised.
  • 14. Athens 2004 A series of software updates turns on Lawful intercept function 104 diplomats and Olympic officials spied on Engineer mysteriously commits suicide
  • 15. Scenario 5. Hardware backdoors • Hardware vendor builds backdoors into critical equipment • Uses backdoor to steal confidential information • Gains control of network
  • 16. Hardware backdoors • Test 1 • Esample 3 • Example 3
  • 17. Scenario 6. Insider abuse Insider uses knowledge of business systems and back office to get around internal controls. Loss of millions
  • 18. Trading losses 2008, Jerome Kerviel covers up trading losses, Largest trading fraud in history to be carried out by a single person. $7.14 Billion 5 year sentence reduced to 3
  • 19. Scenario 7. Spurious BGP route announcements used to black hole the Internet The biggest single vulnerability in Internet infrastructure used to 1. Deny access to a service 2. Siphon data 3. Shut off a country
  • 20. YouTube rerouted by Pakistan February 24, 2008
  • 21. China drinks from a fire hose “Internet routing, believe it or not, still works on the honor system.” “On April 8th (2010), starting at 15:50 UTC, China Telecom incorrectly asserted ownership of more than 50,000 different blocks of IP addresses. “ -Renysis Blog 15% of the Internet was party to a man in the middle attack for 18 minutes.
  • 22. Mubarak’s Internet Kill Switch January 27, 2011 At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers.
  • 23. Scenario 8. State sponsored spying • A nation state infiltrates dozens of computers belonging to key personnel • Reads emails • Steals information • Uses information to impact diplomatic mission
  • 24. Ghostnet • Office of the Dalai Lama infiltrated through malware installed on computers • Email servers completely owned • Emails modified in transit • Email read and acted on • Over 1,200 infected computers globally
  • 25. Sound familiar? • Pentagon 2007 • Rio Tinto 2009 • Google Aurora 2010 • Night Dragon • RSA 2011 • Mitsubishi, Kawasaki, 2011
  • 26. Scenario 9: Weapons grade malware used for sabotage
  • 27. Stuxnet - most advanced malware
  • 28. Breaking news October 18: Symantec announces new variants of Stuxnet in the wild. -New version was written by authors with access to original Stuxnet source code -This version targets PLC manufacturers. -Most recent sample was compiled on October 17th.
  • 29. Scenario 10. Cyber attacks in support of military strikes. Syria invaded by Israeli war planes that destroy a nuclear reactor. Network attacks to shut down command and control Airborn attacks against radar systems to “inject code” and shut down radar systems. Breaking news, October 18, New York Times reports that Obama’s administration considered similar attacks against Libya.
  • 30. Every sector has already experienced cyber disaster. What are we waiting for?

Hinweis der Redaktion

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  9. \n
  10. \n
  11. CNN) -- A U.S. Navy reconnaissance plane made an emergency landing in China after colliding with a Chinese fighter jet sent to intercept it, U.S. officials said Sunday. \nThe EP-3 Aries, an electronic surveillance aircraft with a crew of 24, landed on the Chinese island of Hainan after the collision, said Lt. Col. Dewey Ford, a spokesman for the U.S. Pacific Command in Hawaii. None of the crew was injured, he said. \nChinese officials had no immediate comment on the incident. \nThat history dates back to the 1996 presidential election on Taiwan, when Chinese hackers took aim at Taiwan sites. They repeated their attacks during the 2000 elections, but Taiwan threatened to unleash 7,000 viruses on Chinese government sites if the attacks continued. They ended. \n
  12. 20 million Ids including SSN stolen by the insider, Rene Rebollo, Wahid Siddiqi, 25,was a senior financial analyst at Full Spectrum Lending, Countrywide's subprime lending division. The FBI's statement alleges Rebollo was taking the personal information of mortgage customers, including social security numbers, storing them on a USB thumb drive. Rebollo told the law enforcement he profited anywhere from $50,000 to $70,000 from the sale of the Countrywide-owned data. In an FBI affidavit Rebollo estimated he downloaded about 20,000 customer profiles a week in excel spreadsheets onto the flash drives and then took the spreadsheets and emailed them to buyers from business center stores.\n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n