Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

Published byBertram Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©"— Presentation transcript:

1 CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University Intelligence - page 1 Cyber Intelligence Analysis

2 © 2000 by Carnegie Mellon University Intelligence - page 2 A Different Internet Armies may cease to march Stock may lose a hundred points Businesses may be bankrupted Individuals may lose their social identity Threats not from novice teenagers, but purposeful military, political, and criminal organizations

3 © 2000 by Carnegie Mellon University Intelligence - page 3 Purpose of Intelligence 1. Identify the need for action 2. Provide the insight and context for deciding among courses of action 3. Provide information on the effectiveness of pursuing the selected course of action

4 © 2000 by Carnegie Mellon University Intelligence - page 4 Change of View

5 © 2000 by Carnegie Mellon University Intelligence - page 5 Content / Context of Intelligence

6 © 2000 by Carnegie Mellon University Intelligence - page 6 What is Cyber Intelligence? Internet Behavior Intrusions/Responses Threats/Counters Vulnerabilities/Fixes Operators/GroupsVictims Stimuli/Motives Opportunities

7 © 2000 by Carnegie Mellon University Intelligence - page 7 Strategic Intelligence Analysis Provides “Big Picture” assessment Trend Analysis Sector Threat assessments Potential Damage assessments Categorization of Attacks and Attackers Identification of Anomalies

8 © 2000 by Carnegie Mellon University Intelligence - page 8 Tactical Intelligence Analysis Linking element between macro- and micro-level analysis Cluster and pattern analysis Temporal patterns Profiling Analysis of intrusion methods Commonality of targets Reinforces and compliments Strategic Analytic efforts

9 © 2000 by Carnegie Mellon University Intelligence - page 9 Using CERT/CC Data Year 2000 - 21,756 Incidents 16,129 Probes/Scans 2,912 Information Requests 261 Hoaxes, false alarms, vul reports, unknown 2454 Incidents with substantive impact on target Profiled 639 incidents, all active during July-Sept 2000 (profiling work is ongoing) Many different dimensions for analysis and trend generation (analysis work is ongoing)

10 © 2000 by Carnegie Mellon University Intelligence - page 10 Immediate Data Observations Increasing trend of incidents per month (some incidents carry over between months) Increasing diversity of ports used in incidents Shifts in services used in incidents Shifts in operating systems involved in incidents Generic attack tools adapted to specific targets

11 © 2000 by Carnegie Mellon University Intelligence - page 11 Service Shifts

12 © 2000 by Carnegie Mellon University Intelligence - page 12 70 60 50 40 30 20 10 0 6/2 4 /00 7/1/00 7/8/00 7/15/007/22/00 7/29/00 8/5/00 8/12/00 8/19/00 8/26/00 9/2/00 9/9/00 9/16/00 Weekly Incidents

13 © 2000 by Carnegie Mellon University Intelligence - page 13 Weekly Incidents by Target

14 © 2000 by Carnegie Mellon University Intelligence - page 14 Monthly Incidents by Target

15 © 2000 by Carnegie Mellon University Intelligence - page 15 Weekly Incidents by OS

16 © 2000 by Carnegie Mellon University Intelligence - page 16 Monthly Incidents by Operating System

17 © 2000 by Carnegie Mellon University Intelligence - page 17 Weekly Incidents by Impact

18 © 2000 by Carnegie Mellon University Intelligence - page 18 Monthly Incidents by Impact

19 © 2000 by Carnegie Mellon University Intelligence - page 19 Drivers for Weekly Incidents 70 60 50 40 30 20 10 0 6/2 4 /00 7/1/00 7/8/00 7/15/007/22/00 7/29/00 8/5/00 8/12/00 8/19/00 8/26/00 9/2/00 9/9/00 9/16/00 Independence Day Labor Day Advisory/ Alert New Toolkits DefCon

20 © 2000 by Carnegie Mellon University Intelligence - page 20 Operational Intelligence Analysis Overlaps with Tactical Analysis Technical assessments of intrusion methods Specific investigation of intruders Identification of vulnerabilities to support mitigation Attribution

21 © 2000 by Carnegie Mellon University Intelligence - page 21 Example: Signed Defacement Defaced Health-care web site in India "This site has been hacked by ISI ( Kashmir is ours), we want a hospital in Kashmir" and signed by Mujahideen-ul-dawat. Post-dates activity by Pakistani Hackers Club Level of activity is not significant Claim of identity may be significant

22 © 2000 by Carnegie Mellon University Intelligence - page 22 Example: Coordinated Automated Attack Probe Victim 2 Identity Victim Compromise & Coopt Probe Remote, fast-acting Adapts existing tools Limited deployment Sophisticated reporters

23 © 2000 by Carnegie Mellon University Intelligence - page 23 A Problem Too Big Cannot remain technical specialty Cannot remain localized activity Cannot remain responsive to incidents Cannot remain centrally controlled or performed Distributed, ongoing, multifaceted problem demands distributed, ongoing, multifaceted strategy

24 © 2000 by Carnegie Mellon University Intelligence - page 24 Cyber Intelligence Products Fused analysis reports Demographics and situational awareness In-depth studies Technology of intelligence

25 © 2000 by Carnegie Mellon University Intelligence - page 25 For Further Contact 24-hour hotline:+1 412 268 7090 FAX:+1 412 268 6989 Email: Tim Shimeall - tjs@cert.org CERT - cert@cert.org Direct voice:+1 412 268 7611 US mail:CERT Analysis Center Software Engineering Institute Carnegie Melon University 4500 Fifth Avenue Pittsburgh, PA 15213-3890 USA

Download ppt "CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©"

Similar presentations

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Intelligence Analysis Anne Lavery Principal Analyst ACPOS NIM/MoPI Team.

Intelligence Analysis Anne Lavery Principal Analyst ACPOS NIM/MoPI Team.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.

1`1 Hacking and Information Warfare. 2 Overview Information Warriors  Who Are They  What Do They Do Types of Threat PsyOps Civil Affairs Electronic.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.

Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
(c) 2006 Carnegie Mellon University95752:1-1 95-752 Introduction to Information Security Management Tim Shimeall, Ph.D. 412-268-7611 Office.

(c) 2006 Carnegie Mellon University95752: Introduction to Information Security Management Tim Shimeall, Ph.D Office.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

Similar presentations

Ads by Google