SlideShare a Scribd company logo

Guerilla warfare by means of netwarfare [2001]

Mikko Hypponen
Mikko Hypponen

Netwarfare refers to fighting wars over civilian and military computer systems and networks. It differs from traditional warfare in that there may be no formal declaration of war, attacks are not targeted at countries but organizations, and the attackers may not want a traditional victory. Perpetrators of netwarfare include independent hackers, client hackers working for groups, political or paramilitary movements, and governments and armed forces conducting secret netwarfare operations. Common methods of netwarfare include direct system intrusion, social engineering, denial of service attacks, trojan horses, sniffers, and viruses.

Government & Nonprofit
1 of 29
GGuueerriillllaa WWaarrffaarree bbyy mmeeaannss ooff NNeettwwaarrffaarree OOccttoobbeerr 1177tthh,, 22000011 NNaattiioonnaall DDeeffeennccee CCoolllleeggee,, FFiinnllaanndd Mikko H. Hyppönen Manager, Anti-Virus Research, F-Secure Corporation Mikko.Hypponen@F-Secure.com Copyright © 2001 F-Secure Corporation. All Rights Reserved. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.
WWhhaatt iiss nneettwwaarrffaarree?? • Special subset of information warfare • Leaves out electronic warfare and psychological operations • Netwarfare means fighting a war over civilian and military computer systems and networks • Abstract scenario • Physical being and location of the fighters is almost completely irrelevant
DDiiffffeerreenncceess bbeettwweeeenn nneettwwaarrffaarree aanndd ttrraaddiittiioonnaall wwaarrffaarree • There might be no war declared • Attacks might not be targeted against a country but against a group, company or organization • The attackers or defenders might not be soldiers • The attackers might not want a victory in traditional sense • In fact, they might favour that the enemy never realizes it is in war
PPeerrppeettrraattoorrss • The independent hacker • The client hacker • Political or paramilitary movements • Governments and armed forces
The iinnddeeppeennddeenntt hhaacckkeerr • Individuals or groups • Illegally enter and manipulate computer systems • Motives: – Causing annoyance – Thrill • Sometimes hit sensitive targets – Power (Case Cal-ISO, June 2001) – Water – Military • Case NATO • Case Pentagon • Case BND • Case Naval Research Laboratory • Case White Sands Missile Range • Case NASA
KKeevviinn MMiittnniicckk ddaammaaggeess 11999933--11999944 • Sun, USA; Solaris source code: $80M • NEC, Japan; Mobile phone sources: $1.75M • Nokia, Finland; HD760 project: FIM 2.5M • Nokia, UK; "Mobile software": $135M • Novell, USA; Netware sources: $75M • Fujitsu, USA; PCX phone sources: $2.1M • SSeenntteenncceedd oonn AAuugguusstt 99tthh,, 11999999 • TToottaall ddaammaaggee:: $$229966,,000000,,000000 • MMiittnniicckk oorrddeerreedd ttoo ppaayy:: $$44,,112255 • AAnndd ttoo sseerrvvee 4466 mmoonntthhss iinn pprriissoonn Source: http://www.hackernews.com/orig/letters.html
TThhee cclliieenntt hhaacckkeerr • Individual hacker or a group • Working on behalf of a sponsor • Hackers being hired by guerilla, terrorist or paramilitary movements • Motives: – Money – Girls – Thrill of victory • Might also be used as a smoke screen • Very few reported cases – Case Pengo… – Case Microsoft / QAZ
Political oorr ppaarraammiilliittaarryy mmoovveemmeennttss • Guerilla armies • Insurgency groups • Religious fanatics and cults • Activists • Net-based propaganda already commonplace – Hizbollah in Lebanon – Zapatistas in Mexico – Tamil Tigers • Isolated occurrences of hacking have been seen – Aum Shinrikyo doomsday cult in Japan – “Hacking schools” in middle east • Future looks bad
Governments aanndd aarrmmeedd ffoorrcceess • “Official" netwarfare • Typically undisclosed with secret funding • Capabilities related to technical development and finance • Asymmetric attack • Using hackers for espionage or intelligence purposes • Spreading directed attacks with viruses and network worms • Best way to guard against: DON’T USE TECHNOLOGY
NNeettwwaarrffaarree aanneeccddootteess • The Gulf War 1991 – “Viruses planted to printers” – “Remote control of Iraqi air force radar systems” – Iraqis using university e-mail systems to communicate after their own systems were destroyed
NNeettwwaarrffaarree aanneeccddootteess • The Kosovo conflict 1999 – US EC-130H “Compass Call” planes – Air-to-ground communication – Penetrated Serb air defense computer systems – Planted false messages and targets in the air defense system – Case Detailed in Aviation Week & Space Technology magazine, October 2000 • Serb attacks – DDoS attacks against NATO sites from Belgrad – Attacks against western systems • Serbs & possibly Chinese? – Viruses written by Serb kids
MMeetthhooddss ooff NNeettwwaarrffaarree • Direct intrusion • Social Engineering • Denial of Service Attack (DoS) • Trojan Horses • Sniffers • Viruses
DDiirreecctt iinnttrruussiioonn • Gaining direct access on the target systems • Getting root • Wide range of methods – Open remote access points – Known security holes – Network spoofing – Fragment attacks – Dial-up lines – Weak passwords – Social engineering
YYIIHHAATT
RRyyDDeenn
SSoocciiaall EEnnggiinneeeerriinngg • Using the weakest link in security - humans • Psychology tricks • Hacking by phone • "Here's the Sales Director from the Frankfurt department. What the heck is wrong in your systems! I can't access our order database and clients are waiting in the meeting room! Now you go and give me a new password." • Learning what the contact isn’t willing to tell you
Distributed DDeenniiaall ooff SSeerrvviiccee • Overloading a service by misusing its resources • February 2000: Yahoo, Amazon, eBay, CNN… • Attacks done by a teenager “Mafiaboy” • Very effective way to take someone down • Not much we can do about it • Combine this with a virus? Whoa.
CCooddee RReedd • First web worm • First DDoS worm • Jumps from www site to another • Three phases – Spreading – Attack – Sleeping • Infected 340,000 machines in July • Infected 170,000 machines in August • Demo
TTrroojjaann HHoorrsseess • The malicious masquerading as the friendly • FUNNYGAME.EXE which formats your hard drive • Backdoor trojans • Trojan functionality planted in commercial software • NSA operations with commercial vendors – Semi-confirmed: • Crypto AG, Switzerland – Unconfirmed / rumoured / approached? • Microsoft, USA • Lotus / IBM, USA • Grattner AG, Switzerland • Gretag AG, Switzerland • Siemens, Germany • Philips, France • Transvertex Ab, Sweden • Ericsson Ab, Sweden • Nokia Oy, Finland Source: Covert Action Quarterly
VViirruusseess && wwoorrmmss • Virus = program which has been programmed to spread further by infecting other programs • Worm = a standalone virus. Does not infect existing programs, just sends itself further automatically • Very effective in network assisted attacks • The viruses we’ve seen so far have been simple • This might change
NNuummbbeerr ooff vviirruusseess 11998866--22000011 • Binary PC viruses: more than 55,000 – DOS ~45000 – Windows 9x/Me: 500 – Windows NT/2000: 300 • Macro viruses: more than 8,000 – Word: 7000 – Excel: 1400 – Powerpoint: 100 – Script viruses 650 • Other: less than 100 – Macintosh: 50 – Linux: 25 – EPOC: 6 trojans – Palm OS: 1 virus, 1 trojan 0 1 6 90 180 360 1100 2450 3550 5500 7850 18500 45000 55000 33500 10350 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 June 2001
GGlloobbaall VViirruuss ccoossttss YEAR VIRUS COSTS US$ 1999 ExplorerZip 1 020 000 000 1999 Melissa 1 100 000 000 2000 Loveletter 875 000 000 2001 Sircam 1 050 000 000 2001 Code Red 2 620 000 000 2001 Nimda 590 000 000 SSoouurrccee:: CCoommppuutteerr EEccoonnoommiiccss,, IInncc,, SSeepptteemmbbeerr 22000011
VViirruuss ffuunnccttiioonnaalliittyy • On an infected system, the virus can do anything the user can do – Read – Write – Delete • Spying is easy: email documents out / record speech via microphone / receive further instructions from web pages / etc • Modern net-assisted worms can also be crafted to spread very, very fast • In theory you could infect the whole internet in 15 minutes • And the Future is wireless
SSiirrccaamm • Most widespread data stealing virus • Locates e-mail addresses • Locates recently used documents • …and sends them away
NNiimmddaa • Four different viruses in one • Infected 2.2 million machines in a day • Network traffic jams • Shares your drives • Who made it?
Reaction ttiimmeess ooff oouurr aannttii--vviirruuss rreesseeaarrcchh llaabb • Typical reaction time around 2.5 hours • Reaction times history: – Melissa 1999: 3h 15min – Loveletter 2000: 1h 40min – Anna Kornikova 2001: 2h 5min – Sircam 2001: 1h 50min – Nimda 2001: 1h 57min
GGuueerriillllaa ttaaccttiiccss • Netwarfare potentially provides crucial assistance to ’traditional’ guerilla operations • Taking down enemys communication systems • Inserting false data • Corrupting existing data • Shutting down civilian systems to create confusion • Net-assisted spying • Using guerillas to physically access closed systems and network • Guerilla-installed remote access tools
Implementing nneettwwaarrffaarree aattttaacckkss • Indeed • It’s relatively easy to think about possible scenarios and how to protect against them • Starting netwarfare attacks is another thing entirely • And out of scope for this presentation...
FF--SSeeccuurree AAuutthhoorriizzeedd RReeffeerreennccee CCuussttoommeerrss • Government French Army, IRS, NASA Headquarters, Naval Air Warfare Center, U.S. Army Medical, U.S. Department of Defense • Leading universities Harvard University, University of California Berkeley • Research Lawrence Livermore National Lab, Los Alamos National Lab, Oak Ridge National Lab, San Diego Supercomputer Center • Banking Charles Schwab, Credit Agricole, Daiwa Bank, DresdnerBank, E*TRADE, Fuji Bank, Merita-Nordbanken, Sumitomo Bank • Information Technology Andersen Consulting, EDS, First Data Corp, IBM, Unisys • Communications Cisco, Ericsson, Motorola, Nokia • Internet Amazon.com, Digital Island , eBay, Yahoo • Telecommunications AT&T Wireless, British Telecom, Cegetel, Concert, Deutsche Telekom, GTE, NTT, Sonera, Telecom Italia, Telia, US West • Other BMW, Boeing, DaimlerChrysler, Volkswagen

Recommended

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-statesSecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
Richard Stiennon
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
"Hacking"
"Hacking""Hacking"
"Hacking"
Ameesha Indusarani
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - Slides
ezSec
 

Recommended

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-statesSecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
Richard Stiennon
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
"Hacking"
"Hacking""Hacking"
"Hacking"
Ameesha Indusarani
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - Slides
ezSec
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
danish3
 
Security Bytes - July 2013
Security Bytes - July 2013Security Bytes - July 2013
Security Bytes - July 2013
n|u - The Open Security Community
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Hacking
HackingHacking
Hacking
Karan Poshattiwar
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Sourabh Goyal
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
n|u - The Open Security Community
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
Lumension
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
Daniel Miessler
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
COIICV
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
Antonio Sanz Alcober
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
Justin Giles
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
shaympariyar
 
Hacking
HackingHacking
Hacking
NarendraGadde2
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
Simon Wilson
 
Stuxnet
StuxnetStuxnet
Stuxnet
atif zaidi
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
KirtiGoyal25
 
Top 5 notorous Hackers
Top 5 notorous HackersTop 5 notorous Hackers
Top 5 notorous Hackers
Vinuammu
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
Mikko Hypponen
 
Guerrilla Warfare David Salk
Guerrilla Warfare David SalkGuerrilla Warfare David Salk
Guerrilla Warfare David Salk
dcohen
 

More Related Content

What's hot

Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
Justin Giles
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
KirtiGoyal25
 

What's hot (20)

Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Security Bytes - July 2013
Security Bytes - July 2013Security Bytes - July 2013
Security Bytes - July 2013
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
E is for Endpoint II: How to Implement the Vital Layers to Protect Your Endpo...
 
IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015IoT Attack Surfaces -- DEFCON 2015
IoT Attack Surfaces -- DEFCON 2015
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
 
infosec_for_journalists_2016
infosec_for_journalists_2016infosec_for_journalists_2016
infosec_for_journalists_2016
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Hacking
HackingHacking
Hacking
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
 
Stuxnet
StuxnetStuxnet
Stuxnet
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Top 5 notorous Hackers
Top 5 notorous HackersTop 5 notorous Hackers
Top 5 notorous Hackers
 

Viewers also liked

Guerrilla Warfare David Salk
Guerrilla Warfare David SalkGuerrilla Warfare David Salk
Guerrilla Warfare David Salk
dcohen
 
Guerrilla Marketing
Guerrilla MarketingGuerrilla Marketing
Guerrilla Marketing
Dave Earley
 

Viewers also liked (10)

The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Guerrilla Warfare David Salk
Guerrilla Warfare David SalkGuerrilla Warfare David Salk
Guerrilla Warfare David Salk
 
Counter Guerrilla Warfare
Counter Guerrilla WarfareCounter Guerrilla Warfare
Counter Guerrilla Warfare
 
115 batshit stupid things you can put on the internet in as fast as I can go ...
115 batshit stupid things you can put on the internet in as fast as I can go ...115 batshit stupid things you can put on the internet in as fast as I can go ...
115 batshit stupid things you can put on the internet in as fast as I can go ...
 
Guerrilla warfare ravi
Guerrilla warfare raviGuerrilla warfare ravi
Guerrilla warfare ravi
 
Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013
 
Guerrilla Marketing
Guerrilla MarketingGuerrilla Marketing
Guerrilla Marketing
 
Vietnam War PPT
Vietnam War PPTVietnam War PPT
Vietnam War PPT
 
Presentation OnTerrorism
Presentation OnTerrorismPresentation OnTerrorism
Presentation OnTerrorism
 
Terrorism-Causes and Types
Terrorism-Causes and TypesTerrorism-Causes and Types
Terrorism-Causes and Types
 

Similar to Guerilla warfare by means of netwarfare [2001]

Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
Ajeet Choudhary
 
Echo p.410 422 ch 10, irina
Echo p.410 422 ch 10, irinaEcho p.410 422 ch 10, irina
Echo p.410 422 ch 10, irina
misecho
 
Chapter 10, part 2
Chapter 10, part 2Chapter 10, part 2
Chapter 10, part 2
misecho
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
Souman Guha
 

Similar to Guerilla warfare by means of netwarfare [2001] (20)

Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8Cyber crimeppt1-1209117277348428-8
Cyber crimeppt1-1209117277348428-8
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Echo p.410 422 ch 10, irina
Echo p.410 422 ch 10, irinaEcho p.410 422 ch 10, irina
Echo p.410 422 ch 10, irina
 
Chapter 10, part 2
Chapter 10, part 2Chapter 10, part 2
Chapter 10, part 2
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
 
hacking
hackinghacking
hacking
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
Get Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and OrganizationGet Smart about Ransomware: Protect Yourself and Organization
Get Smart about Ransomware: Protect Yourself and Organization
 
Network security
Network securityNetwork security
Network security
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Brooks18
Brooks18Brooks18
Brooks18
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
APT in the Financial Sector
APT in the Financial SectorAPT in the Financial Sector
APT in the Financial Sector
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Recently uploaded

Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
kumargunjan9515
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Menggugurkan Kandungan 087776558899
 
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Sareena Khatun
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
kumargunjan9515
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
SERUDS INDIA
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
kumargunjan9515
 

Recently uploaded (20)

Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Morena [ 7014168258 ] Call Me For Genuine Models We...
 
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
Call Girl Service in Korba 9332606886 High Profile Call Girls You Can Get ...
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
 
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
Cara Gugurkan Pembuahan Secara Alami Dan Cepat ABORSI KANDUNGAN 087776558899
 
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
 
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie WhitehouseTime, Stress & Work Life Balance for Clerks with Beckie Whitehouse
Time, Stress & Work Life Balance for Clerks with Beckie Whitehouse
 
Financing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCCFinancing strategies for adaptation. Presentation for CANCC
Financing strategies for adaptation. Presentation for CANCC
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
Honasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdfHonasa Consumer Limited Impact Report 2024.pdf
Honasa Consumer Limited Impact Report 2024.pdf
 
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
Call Girls AS Rao Nagar - 8250092165 Our call girls are sure to provide you w...
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
 
NGO working for orphan children’s education
NGO working for orphan children’s educationNGO working for orphan children’s education
NGO working for orphan children’s education
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
 
The NAP process & South-South peer learning
The NAP process & South-South peer learningThe NAP process & South-South peer learning
The NAP process & South-South peer learning
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Lorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final PresentationLorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final Presentation
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
2024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 312024: The FAR, Federal Acquisition Regulations, Part 31
2024: The FAR, Federal Acquisition Regulations, Part 31
 

Guerilla warfare by means of netwarfare [2001]

  • 1. GGuueerriillllaa WWaarrffaarree bbyy mmeeaannss ooff NNeettwwaarrffaarree OOccttoobbeerr 1177tthh,, 22000011 NNaattiioonnaall DDeeffeennccee CCoolllleeggee,, FFiinnllaanndd Mikko H. Hyppönen Manager, Anti-Virus Research, F-Secure Corporation Mikko.Hypponen@F-Secure.com Copyright © 2001 F-Secure Corporation. All Rights Reserved. All product names referenced herein are trademarks or registered trademarks of their respective companies. F-Secure Corporation disclaims proprietary interest in the marks and names of others. Although F-Secure Corporation makes every effort to ensure that this information is accurate, F-Secure Corporation will not be liable for any errors or omission of facts contained herein. F-Secure Corporation reserves the right to modify specifications cited in this document without prior notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of F-Secure Corporation.
  • 2. WWhhaatt iiss nneettwwaarrffaarree?? • Special subset of information warfare • Leaves out electronic warfare and psychological operations • Netwarfare means fighting a war over civilian and military computer systems and networks • Abstract scenario • Physical being and location of the fighters is almost completely irrelevant
  • 3. DDiiffffeerreenncceess bbeettwweeeenn nneettwwaarrffaarree aanndd ttrraaddiittiioonnaall wwaarrffaarree • There might be no war declared • Attacks might not be targeted against a country but against a group, company or organization • The attackers or defenders might not be soldiers • The attackers might not want a victory in traditional sense • In fact, they might favour that the enemy never realizes it is in war
  • 4. PPeerrppeettrraattoorrss • The independent hacker • The client hacker • Political or paramilitary movements • Governments and armed forces
  • 5. The iinnddeeppeennddeenntt hhaacckkeerr • Individuals or groups • Illegally enter and manipulate computer systems • Motives: – Causing annoyance – Thrill • Sometimes hit sensitive targets – Power (Case Cal-ISO, June 2001) – Water – Military • Case NATO • Case Pentagon • Case BND • Case Naval Research Laboratory • Case White Sands Missile Range • Case NASA
  • 6. KKeevviinn MMiittnniicckk ddaammaaggeess 11999933--11999944 • Sun, USA; Solaris source code: $80M • NEC, Japan; Mobile phone sources: $1.75M • Nokia, Finland; HD760 project: FIM 2.5M • Nokia, UK; "Mobile software": $135M • Novell, USA; Netware sources: $75M • Fujitsu, USA; PCX phone sources: $2.1M • SSeenntteenncceedd oonn AAuugguusstt 99tthh,, 11999999 • TToottaall ddaammaaggee:: $$229966,,000000,,000000 • MMiittnniicckk oorrddeerreedd ttoo ppaayy:: $$44,,112255 • AAnndd ttoo sseerrvvee 4466 mmoonntthhss iinn pprriissoonn Source: http://www.hackernews.com/orig/letters.html
  • 7. TThhee cclliieenntt hhaacckkeerr • Individual hacker or a group • Working on behalf of a sponsor • Hackers being hired by guerilla, terrorist or paramilitary movements • Motives: – Money – Girls – Thrill of victory • Might also be used as a smoke screen • Very few reported cases – Case Pengo… – Case Microsoft / QAZ
  • 8. Political oorr ppaarraammiilliittaarryy mmoovveemmeennttss • Guerilla armies • Insurgency groups • Religious fanatics and cults • Activists • Net-based propaganda already commonplace – Hizbollah in Lebanon – Zapatistas in Mexico – Tamil Tigers • Isolated occurrences of hacking have been seen – Aum Shinrikyo doomsday cult in Japan – “Hacking schools” in middle east • Future looks bad
  • 9. Governments aanndd aarrmmeedd ffoorrcceess • “Official" netwarfare • Typically undisclosed with secret funding • Capabilities related to technical development and finance • Asymmetric attack • Using hackers for espionage or intelligence purposes • Spreading directed attacks with viruses and network worms • Best way to guard against: DON’T USE TECHNOLOGY
  • 10. NNeettwwaarrffaarree aanneeccddootteess • The Gulf War 1991 – “Viruses planted to printers” – “Remote control of Iraqi air force radar systems” – Iraqis using university e-mail systems to communicate after their own systems were destroyed
  • 11. NNeettwwaarrffaarree aanneeccddootteess • The Kosovo conflict 1999 – US EC-130H “Compass Call” planes – Air-to-ground communication – Penetrated Serb air defense computer systems – Planted false messages and targets in the air defense system – Case Detailed in Aviation Week & Space Technology magazine, October 2000 • Serb attacks – DDoS attacks against NATO sites from Belgrad – Attacks against western systems • Serbs & possibly Chinese? – Viruses written by Serb kids
  • 12. MMeetthhooddss ooff NNeettwwaarrffaarree • Direct intrusion • Social Engineering • Denial of Service Attack (DoS) • Trojan Horses • Sniffers • Viruses
  • 13. DDiirreecctt iinnttrruussiioonn • Gaining direct access on the target systems • Getting root • Wide range of methods – Open remote access points – Known security holes – Network spoofing – Fragment attacks – Dial-up lines – Weak passwords – Social engineering
  • 16. SSoocciiaall EEnnggiinneeeerriinngg • Using the weakest link in security - humans • Psychology tricks • Hacking by phone • "Here's the Sales Director from the Frankfurt department. What the heck is wrong in your systems! I can't access our order database and clients are waiting in the meeting room! Now you go and give me a new password." • Learning what the contact isn’t willing to tell you
  • 17. Distributed DDeenniiaall ooff SSeerrvviiccee • Overloading a service by misusing its resources • February 2000: Yahoo, Amazon, eBay, CNN… • Attacks done by a teenager “Mafiaboy” • Very effective way to take someone down • Not much we can do about it • Combine this with a virus? Whoa.
  • 18. CCooddee RReedd • First web worm • First DDoS worm • Jumps from www site to another • Three phases – Spreading – Attack – Sleeping • Infected 340,000 machines in July • Infected 170,000 machines in August • Demo
  • 19. TTrroojjaann HHoorrsseess • The malicious masquerading as the friendly • FUNNYGAME.EXE which formats your hard drive • Backdoor trojans • Trojan functionality planted in commercial software • NSA operations with commercial vendors – Semi-confirmed: • Crypto AG, Switzerland – Unconfirmed / rumoured / approached? • Microsoft, USA • Lotus / IBM, USA • Grattner AG, Switzerland • Gretag AG, Switzerland • Siemens, Germany • Philips, France • Transvertex Ab, Sweden • Ericsson Ab, Sweden • Nokia Oy, Finland Source: Covert Action Quarterly
  • 20. VViirruusseess && wwoorrmmss • Virus = program which has been programmed to spread further by infecting other programs • Worm = a standalone virus. Does not infect existing programs, just sends itself further automatically • Very effective in network assisted attacks • The viruses we’ve seen so far have been simple • This might change
  • 21. NNuummbbeerr ooff vviirruusseess 11998866--22000011 • Binary PC viruses: more than 55,000 – DOS ~45000 – Windows 9x/Me: 500 – Windows NT/2000: 300 • Macro viruses: more than 8,000 – Word: 7000 – Excel: 1400 – Powerpoint: 100 – Script viruses 650 • Other: less than 100 – Macintosh: 50 – Linux: 25 – EPOC: 6 trojans – Palm OS: 1 virus, 1 trojan 0 1 6 90 180 360 1100 2450 3550 5500 7850 18500 45000 55000 33500 10350 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 June 2001
  • 22. GGlloobbaall VViirruuss ccoossttss YEAR VIRUS COSTS US$ 1999 ExplorerZip 1 020 000 000 1999 Melissa 1 100 000 000 2000 Loveletter 875 000 000 2001 Sircam 1 050 000 000 2001 Code Red 2 620 000 000 2001 Nimda 590 000 000 SSoouurrccee:: CCoommppuutteerr EEccoonnoommiiccss,, IInncc,, SSeepptteemmbbeerr 22000011
  • 23. VViirruuss ffuunnccttiioonnaalliittyy • On an infected system, the virus can do anything the user can do – Read – Write – Delete • Spying is easy: email documents out / record speech via microphone / receive further instructions from web pages / etc • Modern net-assisted worms can also be crafted to spread very, very fast • In theory you could infect the whole internet in 15 minutes • And the Future is wireless
  • 24. SSiirrccaamm • Most widespread data stealing virus • Locates e-mail addresses • Locates recently used documents • …and sends them away
  • 25. NNiimmddaa • Four different viruses in one • Infected 2.2 million machines in a day • Network traffic jams • Shares your drives • Who made it?
  • 26. Reaction ttiimmeess ooff oouurr aannttii--vviirruuss rreesseeaarrcchh llaabb • Typical reaction time around 2.5 hours • Reaction times history: – Melissa 1999: 3h 15min – Loveletter 2000: 1h 40min – Anna Kornikova 2001: 2h 5min – Sircam 2001: 1h 50min – Nimda 2001: 1h 57min
  • 27. GGuueerriillllaa ttaaccttiiccss • Netwarfare potentially provides crucial assistance to ’traditional’ guerilla operations • Taking down enemys communication systems • Inserting false data • Corrupting existing data • Shutting down civilian systems to create confusion • Net-assisted spying • Using guerillas to physically access closed systems and network • Guerilla-installed remote access tools
  • 28. Implementing nneettwwaarrffaarree aattttaacckkss • Indeed • It’s relatively easy to think about possible scenarios and how to protect against them • Starting netwarfare attacks is another thing entirely • And out of scope for this presentation...
  • 29. FF--SSeeccuurree AAuutthhoorriizzeedd RReeffeerreennccee CCuussttoommeerrss • Government French Army, IRS, NASA Headquarters, Naval Air Warfare Center, U.S. Army Medical, U.S. Department of Defense • Leading universities Harvard University, University of California Berkeley • Research Lawrence Livermore National Lab, Los Alamos National Lab, Oak Ridge National Lab, San Diego Supercomputer Center • Banking Charles Schwab, Credit Agricole, Daiwa Bank, DresdnerBank, E*TRADE, Fuji Bank, Merita-Nordbanken, Sumitomo Bank • Information Technology Andersen Consulting, EDS, First Data Corp, IBM, Unisys • Communications Cisco, Ericsson, Motorola, Nokia • Internet Amazon.com, Digital Island , eBay, Yahoo • Telecommunications AT&T Wireless, British Telecom, Cegetel, Concert, Deutsche Telekom, GTE, NTT, Sonera, Telecom Italia, Telia, US West • Other BMW, Boeing, DaimlerChrysler, Volkswagen

Editor's Notes

  1. 1 new Win32 virus every week 6 months ago it was 1 new Win32 every month
  2. Data Fellows has an impressive blue chip customer base. We have some of the most recognizable names in government ... university ... and research organizations … such as NASA … Harvard University … and Los Alamos Laboratories. On the corporate side ... we have leading banking ... IT ... communications ... Internet … telecom … and industry customers as well. These include Charles Schwab … IBM … Nokia ... Yahoo … NTT … Digital Island … and BMW.