Cyberterrorism - PowerPoint PPT Presentation

1 / 45
About This Presentation
Title:

Cyberterrorism

Description:

Cuckoo. From 'The Cuckoo's Egg' by Cliff Stoll. Lays Eggs in Other Bird's Nests ... Survival of Cuckoo Depends on Ignorance of Others ... – PowerPoint PPT presentation

Number of Views:302
Avg rating:3.0/5.0
Slides: 46
Provided by: mikebu154
Category:

less

Transcript and Presenter's Notes

Title: Cyberterrorism


1
FEDERAL BUREAU OF INVESTIGATION Cyber
Division Cyber Criminals The Next Threat
Presented by SSA Terence B. Fisher Atlanta
FBI Squad C9
2
(No Transcript)
3
Presidential Decision Directive 62
  • Identifies the FBI as the Lead Federal
    Agency in investigating terrorism in the United
    States and acts of terrorism against U.S.
    citizens and interests around the world
    (including intelligence and CT operations).

4
(No Transcript)
5
Terrorist Groups
6
Cost Means of Attack
1955
1960
1970
1975
1985
1945
Today
7
(No Transcript)
8
Outage probe looks to single power line in Ohio
9
Cyber Attack Could Cripple Power
10
Cert Coordination Center
  • In 2002 82,094 Incidents were reported
  • In 2003 137,529 Incidents were reported
  • Total Incidents reported (1988-2003)
    319,992

11
Atlanta Cyber Squad
  • How does the FBI address computer crime and cyber
    terrorism matters?
  • Field offices and resident agencies
  • Legal attaché offices
  • Regional computer crime and infrastructure
    protection squads
  • Primary Mission of Cyber Squad
  • Identify and warn of threats to critical computer
    systems
  • - Threats from terrorists
  • - Threats from criminals
  • Conduct criminal investigations

12
Other FBI Investigative Areas Related to
Computers
  • Computers Used as Tools in Traditional
    Crimes
  • Internet Fraud
  • Identity Theft
  • Child Exploitation (Innocent Images)
  • Threats communicated via the Internet
  • Computer-based extortion schemes
  • Focus Today
  • Insider Threats in Cyber Crime

13
Terrorism Threats-Trends-Targets
  • Terrorists are using our own systems against
    us
  • Aircraft Pentagon/Twin Towers
  • Mail Distribution Network Anthrax
  • Computers E-Mail Next Step ?

14
Trends in Cyber Crime
  • Intrusions by insiders
  • Economic espionage
  • Juveniles involved in network
  • intrusions
  • Sophistication and complexity
  • of crimes
  • Activity by organized crime
  • groups

15
New Vulnerabilties
  • Computer attackers are opportunistic.
  • They take the easiest and most convenient
    route and exploit the best-known flaws with the
    most effective and widely available attack tools.
  • They count on organizations not fixing the
    problems, and they often attack indiscriminately,
    scanning the Internet for any vulnerable systems.
  • The vast majority of worms and other
    successful cyber attacks are made possible by
    vulnerabilities in a small number of common
    operating system services.

16
(No Transcript)
17
(No Transcript)
18
Computer Based Vulnerabilities
  • Computer based
  • Poor passwords
  • Lack of appropriate protection/or improperly
    configured protection
  • Lack of comprehensive network securities policies
  • Network based
  • Unprotected or unnecessarily open entry points
  • Email Based
  • Lack of attachment filtering
  • Poor policy enforcement
  • Lack of adequate protection on WebMail
    applications for mobile employees

19
(No Transcript)
20
W32.Vote.B_at_mm
21
Wireless Networks
  • Vulnerable to interception.
  • 80 of corporate networks surveyed are
    accessible from
    outside their buildings
  • Among those broadcasting confidential
    and sensitive information
  • 66 of banks
  • 60 of financial services institutions
  • 100 of education institutions
  • 79 of IT companies

Red-M Survey, June 2004
22
Data Breaches Hit 8.3 Million Records in First
Quarter
  • The Identity Theft Resource Center in San Diego
    said it tracked public reports of 167 data
    breaches in the first three months of this year.

23
How They Attack
  • Threats today have become more complicated.
    They tend to use multiple vectors to spread, thus
    increasing their chances of infection. Once on
    the system, these threats tend to show little to
    no symptoms so they can survive undetected.

24
Shift in Virus Strategy
  • Virus strategy shifting to stealthy
    commandeering of PC for money
  • Last year 33 viruses that caused massive
    amounts of damage, this year 3
  • Increase in Trojans, more in first half of
    2005, than in 2004
  • Its really about being stealthy and
    silent, and stealing data, spamming, hosting
    malicious Web sites and phishing.

25
Banking in Silence
  • Targeting over 400 banks and having the
    ability to circumvent two-factor authentication
    are just two of the features that push
    Trojan.Silentbanker into the limelight. The scale
    and sophistication of this emerging banking
    Trojan is worrying, even for someone who sees
    banking Trojans on a daily basis.

26
Here is the login form viewed on a clean machine
27
Below the form presented to an infected user is
shown, the input box added by the Trojan has been
marked in red
28
Other Features of the Trojan
  • If a transaction can occur at the
    targeted bank using just a username and password
    then the Trojan will take that information, if a
    certificate is also required the Trojan can steal
    that too, if cookies are required the Trojan will
    steal those. In fact, even if the attacker is
    missing a piece of information to conduct a
    transaction, extra HTML can be added to the page
    to ask the user for that extra information.

29
Silent Banker Cont.
  • When instructed, the Trojan can also
    redirect users to an attacker-controlled server
    instead of the real bank in order to perform a
    classic man-in-the-middle attack. Currently there
    is only one bank targeted in this way however,
    recent updates to the Trojan change the user's
    DNS settings to point to an attacker-controlled
    server. Using this technique the Trojan can start
    redirecting any site to an attacker site at any
    time. This feature could also mean that if the
    Trojan is removed but the DNS settings are left
    unchanged then the user may still be at risk.

30
(No Transcript)
31
All veterans at risk of ID theft after data heist
A long-time analyst at the massive federal agency
was blamed for the theft of 26.5 million Social
Security numbers after he took home sensitive
data and his home was burglarized
32
Who is Responsible?
  • Businesses - 36 Percent of the Breaches
  • Schools Universities 25 Percent
  • Government Military - 18 Percent
  • Medical Health - 14 Percent
  • Financial Institutions - 7 Percent

33
RIM Blackberry Vulnerabilities
  • The vulnerabilities could allow an attacker
    to execute arbitrary code on or cause a denial of
    service to the BlackBerry Attachment Service. An
    attacker could also cause a denial of service to
    the BlackBerry Router or the web browser on
    BlackBerry Handheld devices

34
First 4 Internet XCP (Sony DRM) Vulnerabilities
  • The XCP copy protection software uses
    "rootkit" technology to hide certain files from
    the user.

35
13 Percent of Data Breaches Were The Result of
Hacker Break-Ins
  • Most of the data Breaches this year appear to
    have resulted from lost of stolen laptops, hard
    drives, or thumb drives.

36
EXE2HTML HTA Exploit Generator
37
Warning SignsOver the last two months, I have
noticed irregular scanning patterns and activity
coming from the Peoples Republic of China. 24/7.
  • Time,                 Event,                
    Intruder     Count Origin
  • 8/11/2003 95420 PM, TCP_Probe_MSRPC,
    218.1.220.194,     1   China
  • 8/11/2003 94940 PM, UDP_Probe_Other,  
    218.87.86.104,     4   China
  • 8/11/2003 94823 PM, UDP_Probe_MSRPC,
    218.87.86.104,     1  China
  • 8/11/2003 94640 PM, TCP_Probe_MSRPC,
    FRONTEND2BDC, 2
  • 8/11/2003 75413 PM, UDP_Probe_MSRPC,
    218.15.192.64,      1   China
  • 8/11/2003 71609 PM, Application Terminated,
    0.0.0.0, 1
  • 8/11/2003 71540 PM, Application Terminated,
    0.0.0.0, 1
  • 8/11/2003 65451 PM, TCP_Probe_MSRPC,
    JASON-AJO1YLXZG, 1
  • 8/11/2003 64620 PM, TCP_Probe_MSRPC,
    WSPINOTBLANC, 1
  • 8/11/2003 64419 PM, TCP_Probe_MSRPC, SCANNER, 1
  • 8/11/2003 61912 PM, UDP_Probe_Other,   
    218.87.86.104,     5  China
  • 8/11/2003 61753 PM, UDP_Probe_MSRPC, 
    218.87.86.104,     1  China
  • 8/11/2003 61456 PM, UDP_Probe_Other,   
    218.15.192.64,      1  China

38
What can be done to prevent an electronic
terrorist attack?
  • Public/Private interaction
  • Effective use of intelligence gathered from all
    sources
  • Continued enhancement of resources
  • Computer security and awareness training
  • Continuing education regarding terrorist trends
    and methodologies
  • Perpetual readiness to defend against attacks

39
Planning for Computer Intrusions
  • Develop a Cyber Crisis Management Team
  • Ensure preventive technologies are in place
  • Ensure policies are in place for tracing and
    document intrusions
  • In-depth understanding of how to leverage Federal
    Legislation, such as the USA Patriot Act
    CAN-SPAM Act 2003

40
Responding to a Computer Intrusion
  • Completed Crime?
  • - Trace Intruders actions
  • - Preserve Evidence
  • Continuing Crime?
  • - Disconnect/Stay Connected
  • - Trace intruders actions
  • - Confront / Ignore intruder
  • - Preserve Evidence

41
Conclusion
  • Our national security, databases, and economy
    are extremely dependent upon automation.
  • Therefore, there exists a target rich
    environment for those who would do harm via the
    Internet.
  • Our critical infrastructures require joint
    private/public efforts to protect them.

42
What is InfraGard
  • Network of individuals
  • interested in Cyber and
  • physical security issues
  • Government / Law Enforcement alliance with the
    private sector
  • System of formal and informal channels
  • for the exchange of information about
    Infrastructure threats and cyber vulnerabilities

43
InfraGard Membership
  • Representatives from private industry,
    government agencies, academic Institutions, state
    local law enforcement
  • Membership requirements
  • - Confidentiality pledge
  • - Commitment to actively participate
  • - Membership agreement
  • No membership fee charged by the FBI

44
CuckooFrom The Cuckoos Egg by Cliff Stoll
  • Lays Eggs in Other Bird's Nests
  • Other Birds Raise Her Young
  • Survival of Cuckoo Depends on Ignorance of
    Others
  • Survival of the Hacker Depends on Our
    Ignorance

45
QUESTIONS?
  • TERENCE B. FISHER SUPERVISORY SPECIAL AGENT -
    FBIATLANTA, GEORGIA
  • (404) 679-9000
  • Tfisher_at_fbi.gov
Write a Comment
User Comments (0)
About PowerShow.com