Preparing for a Cyber Attack Countdown to eDay! By Kevin G. Coleman Introduction The world has awakened to a new threat. China, Russia and North Korea's test of a cyber weapon, Iran's cyber weapon ambitions, the renewed defense industry’s emphasis on the use of computers as a weapon have all combined to accelerate the rate of development of what I’ve called “the most destructive weapon on the planet.” The proliferation of cyber weapons has exploded and estimates suggest that over 70% of countries will have at least a basic level cyber weapon by the end of 2008. The China Syndrome A Bit of History Back in 1998 when I was Chief Strategist of Netscape, I became aware of an international movement that was designed to create software that could be used for criminal activity as well as disrupt Internet activity. That was when I began to research what we are now calling cyber warfare. I testified on cyber crime, espionage and security before a joint Congressional Caucus. At one point in my live demo, Chris Dodd asked me, “Does our Defense Department know about you?” Cyber Warfare & Cyber Terrorism Cyber Warfare and Terrorism is one of the fifteen modalities of UnRestricted Warfare (URW) also called asymmetric warfare. – Cyber Warfare & Terrorism • “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” Source: U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02 Counterfeit Hardware • February 2008 - U.S. Customs and Border Protection Assistant Commissioner for the Office of International Trade Dan Baldwin and DirectorGeneral Robert Verrue, European Commission Tax and Customs Directorate, today announced the results of Operation Infrastructure, which took place last November and December. • The Operation resulted in the seizure of more than 360,000 counterfeit integrated circuits and computer network components bearing more than 40 different trademarks. 6 Counterfeit Hardware February 2008 The Feds have confiscated more than $75 million of counterfeit Cisco networking gear. The announcement is in a progress report on a two-yearold investigation, code named Operation Cisco Raider. In most cases the fake gear was made in China and imported into the United States where unethical resellers passed it off as legit. Impact of a Cyber War • Of those who do perform what we consider “daily” activities online, more than half say they go online every day or several times a week to perform those activities. • There are about 93 billion emails are sent per day that will not go through. • Millions of VoIP calls per day will not go through. • Over 200 million Google searches per day will not get done. • A reported 33% of Internet users say they make eCommerce transactions daily. Impact of a Cyber War • Some 88% of online user say the Internet plays a role in their daily routines. • Some 40% of Internet users who get the news online say they log on daily. • Some 25% of the online weather bugs will check weather daily. • Some 20% of online sports fans check sports scores daily. A Recent Poll How prepared is the U.S. for a cyber attack? 43% Not Prepared Somewhat Prepared Very Prepared 47% 10% Source: A collaborative effort between DefenseTech.Org and the Technolytics Institute with nearly 1,000 respondents to the poll. Impact of a Cyber War INTELLIGENCE BRIEFING Impact of a Cyber War The political fallout of a cyber attack will be high, but this will Physical Impact pale in comparison to the financial and Social Impact economic impact! Political Impact The financial and economic impact could be as high as $30 billion a day! Financial Impact 0 1 Low Copyright 2003 – 2007 All Rights Reserved 2 3 Medium 4 5 High 2 Impact of a Cyber War Billion U.S. Retail eCommerce Sales $250 That’s $425 million a day. $200 $150 $100 $50 $0 2006 2007 2008 2009 2010 Cyber Media Warfare One can only imagine the psychological impact on the viewers that witnessed this prank. The TV channel CT2 said that they received frantic phone calls from viewers who thought a nuclear war had started. http://www.youtube.com/watch?v=MzaN2x8qXcM Think About This • What if the Internet went away: – For a day – A week – A month • No eMails • No BlackBerrys • No eCommerce Virtual business services of all sorts, accounting, payroll and even sales would come to a halt, as would many companies. The worst thing to do There is no doubt today that VoIP is taking over the telecom market, and every month increases penetration into business, government and the consumer sectors. – Almost two-thirds of large organizations in North America will be using VoIP products and services by year end. – Small Business VoIP adoption will grow to 3 million by 2010. Revenues are projected to reach $2 billion. – Consumer VoIP adoption will drive wholesale VoIP revenues to $3.8 billion by 2010. You are putting all your eggs in one basket. Cyber Weapons Proliferation The cost to develop this new class of weapon is within reach of any country, any extremist group, any criminal organization and tens-of-millions of individuals The raw materials needed to construct cyber weapons are not restricted and are widely available. We now have a weapon that can strike at the speed of light, it can be launched from anywhere in the world, and it can target anywhere in the world. This briefing will provide an understanding of the current state of cyber weapons, current defenses and a unique look at what the future cyber warfare scenario might encompass. Your Cyber Attack IQ Test If I can give you three pieces of intelligence you did not have before, would you agree this briefing provided value? 1. What does EPFC and TEDs stand for? 2. How many of you address CBRNE in you contingency plans? 3. Why should your organizations have supply-chain integrated into the security program? Modern Weapons Economics What does a stealth bomber cost? $1.5 to $2 billion What does a stealth fighter cost? $80 to $120 million What does an cruise missile cost? $1 to $2 million What does a cyber weapon cost? $300 to $50,000 Find the Weapons Facility Nuclear Weapons Facility Cyber Weapons Facility Where’s the Cyber Weapons Facility? 19 Cyber Weapons Proliferation Cyber Arms Dealers RBN and their support units provide scripts and executables to make cyber weapons undetectable by antivirus software. Every time a copy of the cyber weapon is generated, it looks different to the anti-virus engines and it often goes undetected. The modularization of delivery platform and malicious instructions is a growing design in cyber weapons. RBN’s cyber weapons are very popular and powerful. In June 2007, one was used by a single person to attack and compromise over 10,000 websites in a single assault. Did you know RBN leases use/capacity on their 150 million node BotNet? High Cyber Weapons Evolution Basic Research Applied Research Early Adopters Rapid Advancement Significant Threat Low Advanced Weapons Basic Weapons 1994 22 1998 2002 2004 2008 2012 2016 Interesting Quote NATO's cyber defense chief has warned that computerbased terrorism poses the same threat to national security as a missile attack. He went on to say that “Cyber war can become a very effective global problem because it is low-risk, low-cost, highly effective and easily globally deployable. It is almost an ideal weapon that nobody can ignore.“ Using this as a framework, we can put into context the evolving architecture for cyber weapons. Cyber Weapons Design Cyber Weapon Architecture A missile is comprised of three basic elements. The first is a delivery vehicle (rocket engine), followed by a navigations system (tells it how to get to the target) and finally the payload (the component that causes harm). As it turns out, the same three elements now appear in the design of cyber weapons. Cyber Weapons Design Cyber Weapon – Delivery Vehicle There are numerous methods of delivering cyber weapons to their targets. Emails with malicious code embedded or attached is one mechanism of delivery. Another delivery vehicle is web sites that can have malicious links and downloads. Hacking is a manually delivery vehicle that allows a cyber soldier to place the malicious payload on a target computer, system or network. Counterfeit hardware, software and electronic components can also be used as delivery vehicles for cyber weapons. Cyber Weapons Design Cyber Weapon – Delivery Vehicle Just as a navigation system guides a missile, it allows the malicious payload to reach a specific point inside a computer, system or network. System vulnerabilities are the primary navigation systems used in cyber weapons. Vulnerabilities in software and computer system configurations provide entry points for the payload of a cyber weapon. These security exposures in operating systems or other software or applications allow for exploitation and compromise. Exploitation of these vulnerabilities may allow unauthorized remote access and control over the system. Cyber Weapons Design Cyber Weapon – Delivery Vehicle The payload of a missile is sometimes called a warhead and is packed with some type of explosive. In a cyber weapon the payload could be a program that copies information off of the computer and sends it to an external source. It can also be a program that begins to ease or alter information stored on the system. Finally, it can allow remote access so that the computer can be controlled or directed over the internet. A “bot” (a component of a botnet) is a great example of a payload that allows remote use of the computer by an unauthorized individual or organization. Cyber Weapons Design Cyber Weapon – Architecture This three element architecture demonstrates how advanced and sophisticated cyber weapons are becoming. The architecture creates reusability and reconfiguration of all three components. As one software or system vulnerability is discovered, reported and patched, that component can be removed and replaced while the other two components are still viable. This not only creates flexibility but also significantly increase the productivity of the cyber weapons developers. Conclusion Our nation is increasingly vulnerable to cyber attacks that could have catastrophic effects on critical infrastructure as well as severely damage the country’s economy. Whether the attack is focused on stealing our business and technology secrets, disrupting our financial systems or worse, the threat is real. Countries, terrorists and extremists around the world are developing and implementing cyber warfare doctrine, strategies and weapons. Conclusion The Cold War may be over, but the cyber arms race has just begun. The threat is eminent. We must rapidly develop offensive and defensive cyber weapons capabilities as well as the military doctrine and regeulations necessary to govern their use. In the cyber arms race we cannot finish anyplace but first. QUESTIONS ? ? ? ? ? ? ? ? ? ? ? ? ? ? 31 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? Biography Kevin G. Coleman is a Senior Fellow and Strategic Management Consultant with the Technolytics Institute. He is the former Chief Strategist of Netscape and was a member for the Science and Technology Advisory Panel at the Johns Hopkins University Applied Physics Lab. He has briefed defense contractors and other organization on cyber warfare and is a highly published professional covering cyber security and writes regularly for Eye Spy Magazine and authors the Cyber Warfare Blog for DefenTech.org. The Technolytics Institute 4017 Washington Road Mail Stop #348 McMurray, PA 15317 P 412-818-7656 F 412-291-1193 I www.technolytics.com E kgcolman@technolytics.com