Cracking down on international cyberterrorism

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

© 2012 Delmar, Cengage Learning Section V Getting the Job Done… Through Others Chapter 13 Deploying Law Enforcement Resources and Improving Productivity.
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
David A. Brown Chief Information Security Officer State of Ohio
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
A Cyber Security Company June 16, 2009 Cyber Security: Current Events and White House Cyberspace Policy Review.
1 Telstra in Confidence Managing Security for our Mobile Technology.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Chapter 1 Introduction to Security
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
Lecture 11 Reliability and Security in IT infrastructure.
CYBER CRIME AND SECURITY TRENDS
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices
1 European Network of Law Enforcement Technology Services H2020 & Enlets P.Padding, Core group leader
Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
CITIZEN CORPS & CERT ORGANIZATIONS. What is Citizen Corps? Following the tragic events that occurred on September 11, 2001, state and local government.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Created by Curt Harrell & Jesse Kuzy for THE DEPARTMENT OF HOMELAND SECURITY.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Critical Infrastructures CJ416 Unit 7 Seminar Eric Salvador.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
OVERVIEW OF CYBER TERRORISM IN INDONESIA PRESENTED BY: SUPT. DRS. BOY RAFLI AMAR SPECIAL DETACHMENT 88 AT – INP ARF SEMINAR ON.
Cyber Security Nevada Businesses Overview June, 2014.
Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
PREPARED BY: SHOUA VANG ABHINAV JUWA CHASE PAUL EASy Security Project Anonymous vs HBGary Inc.
Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Understanding the Threats of and Defenses Against Cyber Warfare.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.
High-Tech Crime Countermeasures Ko IKAI High-Tech Crime Technology Division National Police Agency, JAPAN.
Created by: Ashley Spivey For Department of Homeland Security All information from:
Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.
Foresight Planning & Strategy Dr. Sameh Aboul Enein.
Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Information Security and Privacy in HRIS
Securing Information Systems
Cyber Security and Georgia. New Challenges
Cybersecurity - What’s Next? June 2017
2016 Cybersecurity Law If any one of these describes your company
Teri Takai EXECUTIVE DIRECTOR, CENTER FOR DIGITAL GOVERNMENT.
MIS 5121: Real World Control Failure - TJX
Canada and the World The horrors of the Second World War made ​​the world say “never again”! Canada wanted to play a greater role in international affairs.
PGE Chris Nolke, Director of Cybersecurity
How to Mitigate the Consequences What are the Countermeasures?
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Deborah Housen-Couriel, ADV.
Cybersecurity Simplified: Phishing
Presentation transcript:

Cracking down on international cyberterrorism presentation BY SUNNY PATEL, DARIA POTAPOVA, RYAN RICHARDS

WHY CYBERTERRORISM IS IMPORTANT? Cyber terrorism – the use of computing resources to imitate or coerce others. Hacking is the leading cause of data breaches; Hacking groups are typically loosely affiliated and rapidly expanding (which makes them very dangerous). They may include members from around the world and the number of members can range from tens to thousands; Hacked data is irrelevant, biased and unreliable for auditors and accountants, which can potentially cost thousands to the companies. The FBI defines terrorism as the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Cyber-terrorism could thus be defined as the use of computing resources to intimidate or coerce others. An example of cyber-terrorism could be hacking into a hospital computer system and changing someone's medicine prescription to a lethal dosage as an act of revenge. It sounds far fetched, but these things can and do happen. Hacking groups are typically loosely affiliated, rapidly expanding (which makes them very dangerous), include members from around the world and the number of members range from tens to thousands; Hacked data is irrelevant, biased and unreliable for auditors and accountants, which can potentially cost thousands to the companies.

Why government’s role in cracking down cyber terrorism is important Number of attacks by hackers is increasing – companies need to have effective systems of internal controls in place to prevent, detect and correct the attacks. Companies need help in fighting those attacks. Governments need to take responsibility and crack down on these cyber terrors. Our group decided to explore this topic because we think that government’s role in cracking down cyber terrorism is very important. Since the number of attacks by hackers is increasing, it is very important that each organization that is publicly funded has an effective internal control system that includes countermeasures to prevent, detect and correct breaches. We are facing a cyberwar from both domestic and international terrorists and that makes it difficult to create a one size fits all countermeasure. Nevertheless, governments need to take responsibility and crack down on these cyber terrors.

Anonymous Emerged in 2003 on the imageboard 4chan online chat Has no leaders, no hierarchical structure, and no geographical epicenter

anonymous Many members are motivated by freedom of information; Famous for coordinating a range of disconnected actions from trolling to political protests; Technically, the group is open to all and has no boundaries to participation; Many members of Anonymous are motivated by freedom of information. Technically, the group is open to all and has no boundaries to participation. Authority and order within the group come in form of policies, ethical sensibilities and norms, which develop over time and ‘often continuously formed and reformed in reaction to historical events’. Recently they hacked into the networks of Stratfor, a security news site. Hackers associated with Anonymous have apparently stolen subscriber information, including names and credit cards from the security news site of Stratfor.

Lulzsec Small in size, but performed significant damages; Main reason for attacks is for lulz Helped raise the public awareness about hackers Lulzsec did not participate in selling hacked information Lulzsec is a smaller hacking group compared to Anonymous but they have also been able to perform as significant damages as Anonymous. They are famous for attacks against AT&T, Sony, Disney, Viacom, Nato, AOL and many other private and public organizations. Big score for Lulzsec was when they successfully attacked and compromised the Central Intelligence Agency website. Some security professionals claim that LulzSec helped raise the public awareness about the inefficiency of current protection against hackers and lack of security controls in many high-profile organizations. Picture: the way PBS website looked after Lulzsec hacked it in retaliation against the network for a “Frontline” documentary about wikileaks. Unlike other cybercriminals and affiliated groups, LulzSec did not participiate in selling hacked information. Instead LulzSec was involved in posting it to public forums because they believed it should be free and available to everyone. The group’s agenda can be summarized by the following question which they asked after one of their attacks: ‘Why do you put such faith in a company that allows itself to become open to these simple attacks?’

Red hacker alliance Largest hacking group in the world; ‘an independent confederation of patriotic youth dedicated to defending China against perceived threats to national dignity’ Was formed in response to the 1998 ethnic riots in Indonesia; Many consider affiliation of Chinese government to RHA; Since it’s origination RHA has been involved in at least five major cyber conflicts; In terms of membership, Red Hacker Alliance is believed to the largest hacking group in the world with approximately 80,000 hackers worldwide. Red Hacker Alliance was formed in response to the 1998 ethnic riots in Indonesia. The Indonesian nationals were unfairly blaming the Chinese community for their country’s bad economic conditions. Indonesian citizens turned to violence, killing many Chinese nationals, destroying their homes and businesses along the way. In retaliation, several Chinese individual hackers formed the “Chinese Hacker Emergency Conference Center” in which they began conducting denial-of-service attacks against Indonesian domestic businesses and hacking Indonesian government websites. Many consider affiliation of Chinese government to RHA; Since it’s origination RHA has been involved in at least five major cyber conflicts;

Red hacker alliance Attacks: CNN Against the US Geological survey NASA Cornell University More than 100 other US government and business sites One of Red Hackers Alliance most recent attacks was in 2008 when they successful breached the CNN system. The attack happened because the group, at the time, believed that westerns news network, including CNN, were purposefully distorting news stories concerning China, its peoples and its interests. The intentions of this group are a real threat to IT security in the Western nations and information security personnel should familiarize themselves with them. Red Hacker Alliance has recently increased their numbers when the hacking group Hanker Union amalgamated with them. In 2001 it announced and encouraged its members via the homepage message on it website to attack the networks of government and business organizations in the United States. At one point it even played a game of one-upmanship, where one hacker executes an attack and another hacker follows with an even bigger attack (Harris, 2001). Since declaring war on the United States and it business organizations, The group has claimed responsibility for attacks against the US Geological Survey, NASA, Cornell University and more than 100 other US government and business sites since 30 April of that year .

Government responses to hackers Properly train government personnel Investment in research and development Promote international cooperation among governments; crucial to fighting cyber terrorism worldwide. Raise the security levels on critical accounting infrastructures, where the detection and response of an intrusion is immediate.

Governments Response to hackers (cont’d) United States In 2008, then-President Bush created the Comprehensive National Cybersecurity Initiative (CNCI) Establishing a front line defense by creating shared situational awareness to improve the government’s ability to prevent intrusions Europe Europol, a European law enforcement agency February 28, 2012, Europol arrested four individuals in a coordinated operation against hacktivists claiming to be part of the Anonymous collective

Governments Response to hackers (cont’d) Canada Created Canada’s Cyber Security Strategy in 2010 Purpose is to “invest in securing the Government of Canada systems, as well as partnering with other governments and with industry to ensure systems vital to Canadian security are protected.” China Enacted new laws to fight cyber-terrorism despite controversies of China’s involvement New law enacted prosecutes the “acquisition of computer system data or control of computer systems and prohibit supplying programs or tools for the purpose of intrusion into computer systems “

Conclusion: Few simple things to protect yourself from cyber-terrorism: All company accounts should have passwords and the passwords should be difficult to unfold; Network configurations should be changed when defects become known; Check with venders for upgrades and patches; Audit systems and check logs to help in detecting and tracing an intruder.