Cyberterrorism

1
FEDERAL BUREAU OF INVESTIGATION Cyber
Division FBIHQ Cyber Attacks The Next Frontier
Presented by SSA Robert Flaim
2

• The nation is vulnerable to new forms of
  terrorism ranging from cyber attacks to attacks
  on military bases abroad to ballistic missile
  attacks on U.S. cities.
• Wars in the 21st century will increasingly
  require all elements of national power not just
  the military. They will require that economic,
  diplomatic, financial, law enforcement and
  intelligence capabilities work together.

Secretary Rumsfeld address to the National
Defense University, January 31, 2002.
3
Discussion

• Critical Infrastructures
• Terrorist Internet Exploits
• Tactics and Strategy

4
Critical Infrastructures

• Where the Crown Jewels Are

5
(No Transcript)
6
Imagine Planning for These Contingencies
Telephone Outages
Poisoned Water Supply
ISPs All Offline
911 System Down
Unrelated Events or Strategic Attack?
7
Using Our Systems Against Us

• Aircraft Pentagon/Twin Towers
• Mail distribution network Anthrax
• Computers next step ?

8
Real World Example Australia 2000

• Maroochy Shire Waste Water Plant Sunshine Coast
• Insider
• 46 intrusions over 2 month period
• Release of sewage into parks, rivers
• Environmental damage

9
Real World Example USA 2001

• San Francisco FBI Field Office Investigation
• Internet probes from Saudi Arabia, Indonesia,
  Pakistan
• Casings of web sites regarding emergency
  telephone systems, electrical generation and
  transmissions, water storage and distribution,
  nuclear power plants and gas facilities
• Exploring digital systems used to manage these
  systems

10
Why Cyber Attack on Critical Infrastructures?

• National Security
• Reduce the U.S.s ability to protect its
  interests
• Public Psyche
• Erode confidence in critical services and the
  government
• Economic impact
• Damage economic systems
• Enhancement of Physical Attacks
• Physical damage/distraction efforts
• Asymmetric Warfare
• Lack of attribution, low cost/high potential
  impact

11
How are we vulnerable?

• Globalization of infrastructures vulnerability
• Anonymous access to infrastructures via the
  Internet and SCADA
• Interdependencies of systems make attack
  consequences harder to predict and more severe
• Malicious software is widely available and does
  not require a high degree of technical skill to
  use
• More individuals with malicious intent on
  Internet
• New cyber threats outpace defensive measures

12
Vulnerability Types

• Computer based
• Poor passwords
• Lack of appropriate protection/or improperly
  configured protection
• Network based
• Unprotected or unnecessary open entry points
• Personnel based
• Temporary/staff firings
• Disgruntled personnel
• Lack of training
• Facility based
• Servers in unprotected areas
• Inadequate security policies

13
Al-Qaeda

• Al-Qaeda laptop found in Afghanistan contained
• Hits on web sites that contained Sabotage
  Handbook
• Handbook Internet tools, planning a hit,
  anti-surveillance methods, cracking tools
• Al-Qaeda actively researched publicly
  available information
  concerning critical infrastructures posted on
  web sites

14
Terrorist Internet Exploits

• What are we up against?

15
Terrorist Groups
16
Terrorists

• Attention must be paid to studying the
  terrorists
• Ideology
• History
• Motivation
• Capabilities

17
Terrorists

• Terrorism is carried out by disrupting
  activities, undermining confidence, and creating
  fear
• In the future, cyber terrorism may become a
  viable option to traditional physical acts of
  violence due to
• Perceived anonymity
• Diverse targets
• Low risk of detection
• Low risk of personnel injury
• Low investment
• Operate from nearly any location
• Few resources are needed

18
Terrorist Use of the Internet

• Hacktivism
• Cyber Facilitated Terrorism
• Cyber terrorism

19
Cyber Arsenal for Terrorists

• Internet newsgroups, web home pages, and IRC
  channels include
• Automated attack tools (Software Tools)
• Sniffers (capture information i.e.
  password/log-on)
• Rootkits (facilitate/mask intrusion)
• Network Vulnerability Analyzers (SATAN/Nessus)
• Spoofing
• Trojan Horses
• Worms
• DoS

20
Cyber Attack Methodology

• Resource Denial
• Virus/malicious code
• Legitimate traffic overwhelms site
  (unauthorized high-volume links)
• DoS
• DDoS
• WWW Defacement
• Defacement to embarrass
• Content modification to convey message
• Content modification as component of
  disinformation campaign

21
Computer System Compromises

• System Compromise
• Data destruction
• Data modification
• Information gathering
• Compromised platform
• Launch pad for attacks
• Jump off point for other compromises
• Target Research and Acquisition
• Internet makes significant amounts of data
  instantly and anonymously accessible.

22
Hacktivism

• Hacktivism is hacking with a cause and is
  concerned with influencing opinions on a specific
  issue.
• Example ELF hacks into the web page of a local
  ski resort and defaces the web page. This is
  done to reflect the groups objections to
  environmental issues.

23
Hacktivism
Electronic Disturbance Theater
24
(No Transcript)
25
Cyber Facilitated Terrorism

• Terrorists utilize web sites to actively
  recruit members and
  publicize propaganda as well as to raise funds
• Web sites also contain information necessary to
  construct weapons, obtain false identification
• Use Internet as a communications tool via chat
  rooms, BBS, email
• Hijackers utilized cyber cafés to communicate
  via Internet and order airline tickets

26
1. Finsbury Park Mosque, North London
27
Kamel Daoudi Believed to be Al-Qaeda Cyber
Terrorist. Arrested for alleged involvement in
plot to bomb American Embassy in Paris
28
Cyberterrorism

• Cyberterrorism is a criminal act perpetrated by
  the use of computers and telecommunications
  capabilities, resulting in violence, destruction
  and/or disruption of services to create fear by
  causing confusion and uncertainty within a given
  population, with the goal of influencing a
  government or population to conform to a
  particular political, social, or ideological
  agenda.

29
The Cyberterrorist Threat

• Assessing the threat

Behavioral Profile
Technical Feasibility
THREAT
Operational Practicality
30
Cost Means of Attack
Cost of Capability
1955
1960
1970
1975
1985
1945
Today
31
Tactics and Strategy

• Prevention and cooperation

32
FBI Cyber Transformation

• Terrorism and Cyber Crime top priorities
• FBI recruitment of engineers and computer
  scientists critical skills
• Increasing agents dedicated to cyber crime
• Creation of Cyber Task Forces in field offices

33
USA Patriot Act

• Felony to hack into computer used in
  furtherance of national security or national
  defense
• 2702 Emergency Requests
• Legal Subpoena expanded
• Sentencing increased

34
(No Transcript)
35
USA Patriot Act contd

• Share with DOJ for criminal prosecution
• Permits roving surveillance
• FISA orders for intelligence allowed if there is
  a significant reason for application rather than
  the reason
• Authorizes pen register and trap and trace
  orders for email as well as telephone
  conversations

36
International Investigations

• Cyber Evidence in USA
• MLAT Request
• Joint FBI-Foreign Police Investigation
• Legal Subpoena

37
Cyber Terrorism Prevention Old Methods for New
Problem

• Liaison
• Critical Infrastructure Companies, i.e. FBI
  InfraGard
• Internet Service Providers
• Universities
• Internet Cafes
• Hacker clubs
• IT companies, developers
• International, local law enforcement
• Look on the Internet
• Coordinate - national security, terrorist
  personnel

38
Conclusion

• Our national security, databases, and economy are
  extremely dependent upon automation
• Therefore, there exists a target rich
  environment for those who would do harm via the
  Internet
• Our critical infrastructures require joint
  private/public efforts to protect them

39
Robert Flaim 1-571-223-3338 rflaim_at_fbi.gov