Computer Security Fundamentals by Chuck Easttom Chapter 12 Cyber Terrorism and Information Warfare

Chapter 12 Objectives Explain cyber terrorism Understand information warfare Understand plausible cyber terrorism scenarios Appreciate the dangers posed by cyber terrorism Explain what cyber terrorism is and how it has been used in some actual cases. Understand the basics of information warfare. Have a working knowledge of some plausible cyber terrorism scenarios. Have an appreciation for the dangers posed by cyber terrorism. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Introduction Cyber Terrorism Simply, the use of computers to launch a terrorist attack. Like other forms of terrorism, only the milieu of the attack has changed. Cyber Terrorism, according to the definition of the FBI: Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents. Typically, loss of life in a cyber attack would be less than in a bombing attack. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Introduction (cont.) Cyber Terrorism Significant economic damage Disruptions to communications Disruptions in supply lines General degradation of the national infrastructure All possible via the Internet All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Introduction (cont.) Cyber Terrorism MyDoom virus may have been an example. Our nation can expect to be the target of serious cyber terrorism. How serious is this threat? Cyber Terrorism Some experts believe that the MyDoom virus (Chapter 4) was an example of domestic economic terrorism; just a tip of the iceberg. Sometime in the near future, our nation can expect to be the target of a serious cyber terrorism attack. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks Cyber attacks cause economic damage: Lost files and records Destroyed data Stolen credit cards Money stolen from accounts Time the IT staff spends cleaning up These cyber attacks are not necessarily terrorist attacks. We have gone over them in past chapters on fraud. The focus of this chapter is the concerted and deliberate attack against a particular target for the exclusive purpose of causing direct damage. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks (cont.) Any organization wanting to do harm could set up a group with Computer security experts Programming experts Networking experts © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks (cont.) Team 1 sets up fake e-commerce sites for a few days: Harvest credit card numbers, bank account numbers, and so forth All numbers posted to the Web anonymously on a predetermined date For maximum damage, Team 1 could poison the DNS server to redirect to the bogus sites. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks (cont.) Team 2 creates a Trojan Showing business tips or slogans, popular download with business people Deletes key system files on a certain date © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks (cont.) Team 3 creates a virus. A DDoS on key financial Web sites, all to take place on the same predetermined date. Teams 4 and 5 footprint major bank systems. Team 6 prepares to flood the Internet with false stock tips. What if all these attacks happened on the same predetermined day? This could cause more damage to our nation than most traditional (bombing) attacks have ever done. Imagine not one group with six teams, but five groups with six teams, with each group having a trigger date 2 weeks later than the last. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Economic Attacks (cont.) The biological weapons expert community has been solicited by terrorists. How long will it be before terrorists seek out the security/hacking community? These groups may already have been formed. We just don’t know it. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Military Operations Attacks Attempts to hack into the ultra-secure DoD, CIA, or NSA systems would be met with immediate arrest. A successful attack on less secure systems could also put our country at risk. Lower-level security systems that protect the logistics programs These agencies are well protected. But how about lower levels, which can be used by hackers in reconnaissance to glean info for social engineering? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Military Operations Attacks (cont.) One hack finds that C-141s are routed to a certain base. Another hack reveals food for 5,000 is delivered to that base. The final hack shows two brigades have had leaves canceled. Social engineering puts information together to reveal size and time of a deployment. C-141s are troop transport planes. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Military Operations Attacks (cont.) Variations on a theme Hacker changes the date and destination of the food and weapons delivery. Brigades are now at risk. Without food and ammunition © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Military Operations Attacks (cont.) Illustrates the need for high security on all military systems. There are clearly no “low-priority” security systems. Cliff Stoll’s hackers got into U.S. government subcontractors’ systems and used information stored there to gain higher and higher access. They eventually got military secrets that led to the loss of many American lives. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

General Attacks Unfocused attacks with no specific target Sheer volume of these attacks causes significant economic damage. IT personnel drop normal projects to combat general attacks. E-commerce is virtually unusable. A continued series of attacks could cause enough fear in individuals and companies that they would resort to antiquated means to communicate other than the Internet. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Information Warfare Any attempt to manipulate information in pursuit of a military or political goal: Use computers to gather information. Use computers to disseminate propaganda. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Information Warfare (cont.) Propaganda: Any group could use what appears to be an Internet news Web site. Many people believe and repeat what they see on the Internet. Propaganda is defined as “Information, ideas, opinions, or images, often only giving one part of an argument, which are broadcast, published, or in some other way spread with the intention of influencing people's opinions.” *Cambridge Dictionaries Online http://dictionary.cambridge.org/ © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Information Warfare (cont.) Information Control Since World War ll, part of political and military conflicts Tokyo Rose Radio Free Europe Language manipulation Innocent civilians killed = collateral damage Starting a war = preemptive action Propaganda Since World War ll, part of political and military conflicts Tokyo Rose in the Orient by the Japanese Radio Free Europe (RFE) in the cold war by the Allies Language manipulation Innocent civilians killed in a bombing = collateral damage Starting a war = preemptive action During World War II, a young Japanese-American woman gained notoriety as “Tokyo Rose” for her broadcasts of Japanese propaganda beamed over Radio Tokyo to American troops in the South Pacific. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Information Warfare (cont.) Information Control The Internet is an inexpensive vehicle for swaying public opinion Web sites Postings to discussion groups and bulletin boards Public opinion quickly gains momentum Closely related to propaganda © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Information Warfare (cont.) Disinformation Locate false information behind relatively secure systems, but not secure enough to keep out enemy. The work the enemy has to do to acquire the disinformation will convince them of its value. *http://dictionary.cambridge.org/ © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Actual Cases Many influential people do not believe in cyber warfare. These events appear to contradict them: The People’s Liberation Army [China] has formulated an official cyber warfare doctrine. The actual events that are mentioned here are not in the text. They are taken from a report on Cyber Warfare by the Institute for Security Technology Studies, 2004, written in response to a grant from the Department of Homeland Security. You may use them as you see fit. http://www.ists.dartmouth.edu/directors-office/cyberwarfare.pdf “Within the framework of an integrated national plan, the People’s Liberation Army (PLA) [China] has formulated an official cyber warfare doctrine, implemented appropriate training for its officers, and conducted cyber warfare simulations and military exercises.” © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Actual Cases (cont.) In Tehran [Iran], the armed forces and technical universities joined to create independent cyber R & D centers and train personnel in IT skills. Tehran seeks to buy IT technical assistance and training from Russia and India. In Tehran [Iran], “(T)he armed forces and technical universities have joined in an effort to create independent cyber R & D centers and train personnel in IT skills; and second, Tehran actively seeks to buy IT and military related technical assistance and training from both Russia and India. … Iran is leveraging its resources in the non-conventional weapons and IT sector as a ‘force multiplier’.”* © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Actual Cases (cont.) Russia’s armed forces have developed a robust cyber warfare doctrine. Moscow also has a track record of offensive hacking into Chechen Web sites. Available evidence is inadequate to predict whether Russia’s intelligence services or armed forces would attack U.S. networks. “Russia’s armed forces, collaborating with experts in the IT sector and academic community, have developed a robust cyber warfare doctrine… “Information weaponry,” i.e., weapons based on programming code, receives paramount attention in official cyber warfare doctrine. Moscow also has a track record of offensive hacking into Chechen Web sites.” “Although we assess it likely that Moscow will continue to scout U.S. military and private sector networks and Web sites, available evidence is inadequate to predict whether Russia’s intelligence services or armed forces would attack U.S. networks.”* © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Future Trends Positive Trends Cyberterrorism Preparedness Act of 2002 $350,000,000 over 5 years for improving network security Cybersecurity Research and Education Act of 2002 $50,000,000 over 4years for training IT specialists in IT security Do you think that’s enough money? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Future Trends (cont.) Negative Trends Rand report on cyber terrorism Possible attacks on chemical plants, water supplies, or power supplies resulting in massive casualties, rather than simply economic damage. Rand report on cyber terrorism © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Defense Against Cyber Terrorism Recommendations for preparing for and protecting against cyber terrorism include A Manhattan Project-level program Research and academic programs dedicated to security Computer crime treated more seriously © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Defense Against Cyber Terrorism (cont.) Every police department must have access to computer crime specialists. Security professionals must have a forum to report and discuss emergencies. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

TOR How it works Illegal Markets Do you think that’s enough money? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare

Summary There are various forms of cyber terrorist attacks across all industries. Many experts believe it is a credible threat. How could your computer systems be used against you and your company? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare