3-introduction

advertisement
Cyber Security:
Are we Ready?
Spring 2005
Sanjay Goel
University at Albany, School of Business / NY State Center for
Information Forensics and Assurance
University at Albany, School of Business
Center for Information Forensics and Assurance
1
Introduction
University at Albany, School of Business
Center for Information Forensics and Assurance
2
Computer Security
Hacking
•
•
•
Every 18 seconds an incident is reported
Every third day a new virus is released
Reported incidents
2001 - 52,000
2002 - 82,094
2003 - 137,529
•
Average Number of
E-crimes or Intrusions: 136
Identity Theft
2002 - 8.75 billion
2003 - 24 billion
2003 Estimated Number of Electronic Crimes or
Network, System or Data Intrusions Experienced by Organizations
Sources: CSI/FBI Report, 03; ISCA Report, 12/03; CERT Report, 2003; Aberdeen Report, 2003
University at Albany, School of Business
Center for Information Forensics and Assurance
3
Computer Security
Hacking
•
•
Number of reported incidents far lower than actual incidents
Unreported Incidents
2001 - 4.1 million, 2002 - 7.9 million, 2003 - 15.9 million
University at Albany, School of Business
Center for Information Forensics and Assurance
Average Number of
E-crimes or Intrusions: 136
4
Computer Security
Security Incidents
April 8, 2004 CNET News.com
NetSky attacks target file−sharing networks. The main
website of file-sharing network eDonkey was knocked offline
this week following an attack from NetSky.
Earlier this week, the Kazaa and eDonkey sites, as well as three
other file-sharing sites, were bracing for a distributed
denial−of−service (DDoS) attack expected to be launched by
variants of the NetSky worm.
NetSky.Q, which first appeared March 29, is designed to attack
certain websites that distribute file−sharing clients, as well as
sites that distribute hacking and cracking tools. The attack is
scheduled to last at least six days.
Source: http://news.com.com/2100−1009_3−5187211.html?tag=nefd.top
University at Albany, School of Business
Center for Information Forensics and Assurance
5
Computer Security
Security Incidents
May 3, 2004, CNET News.com
Sasser variants pose greater danger. After a slow start, new version of
the Sasser worm spread to more than 500,000 computers. The original
version of the Sasser worm spread slowly, but Saturday, SasserB infected
computer much faster. When two new variants appeared on Monday, the
worm spread to hundreds of thousands of systems.
The University of Massachusetts at Amherst experienced an
outbreak of 1,100 computers compromised with Sasser.
Delta Air Lines also encountered problems in Atlanta with its computers
for more than six hours, resulting in delays.
University at Albany, School of Business
Center for Information Forensics and Assurance
6
Computer Security
Security Incidents
March 2004, Washington Times
Computer viruses, worms set costly Internet record.
According to security experts mi2g, virus activity caused as
much as $83 billion in economic damage in February.
Numerous variants of MyDoom/Doomjuice and NetSky
caused havoc over the wires.
Source: Washington Times, March 1, 2004
University at Albany, School of Business
Center for Information Forensics and Assurance
7
Computer Security
Security Incidents
April 09, Mobile Pipeline
Second Cisco WLAN security threat exposed.
Cisco faced its second serious WLAN security threat last week
when a network and security analyst released a tool that attacks
the company's proprietary Lightweight Extensible
Authentication Protocol (LEAP) wireless authentication
system.
Wright strongly urged LEAP users to take alternative measures.
"Customers using LEAP should be aware that the usernames
and password of their user account are exposed, and should
plan for the deployment of alternate authentication
mechanisms such as PEAP or TTLS,"
http://www.mobilepipeline.com/news/18900815;jsessionid=3
TNL4
University at Albany, School of Business
Center for Information Forensics and Assurance
8
Computer Security
Security Incidents
September 22, 2004 Times Union
Worm burrows way into state computers Education Department’s
network crippled by powerful software virus. The state Education
Department’s vast computer network was hit with what programmers
described as a powerful cyber virus on Monday afternoon, temporarily
shutting down hundreds of computers, idling scores of workers and
putting a scare into the rest of state government.
Thanks to the virus, the Education Department’s network “slowed to a
crawl,” and a number of computers were completely shut down, says Platt,
“People were just unable to get into their computers”
Source: http://www.timesunion.com
University at Albany, School of Business
Center for Information Forensics and Assurance
9
Computer Security
Security Incidents
Tuesday July 27, 2004, Associated Press
Reports of hacking from South Korea into computers in other
countries increased from 6,531 in 2002 to 14,063 in 2003,
and then to 10,634 in the first half of 2004, the Korea
Information Security Agency said in a report. Those statistics
were mainly based on reports from other countries.
Reports of hacking from other countries into South Korean
computers grew from 468 in 2002 to 2,301 in 2003 and then
showed a huge increase to 17,055 in the first half of this
year, the agency said.
Source: LexisNexis
University at Albany, School of Business
Center for Information Forensics and Assurance
10
Computer Security
Security Incidents
July 16, 2004, Friday The Korea Herald
In its initial investigation, the National Intelligence Service said that an
anonymous hacking group based in China broke into 211 computers at 10
government organizations, including the National Assembly, the
Maritime Police Agency, the Agency for Defense Development and
the Korea Atomic Energy Research Institute. Also hit were 67
computers at private companies, universities and media firms.
In this regard, the Ministry of Information and Communications, among
other authorities, can learn a lesson from other countries which have moved
far ahead in gearing up for cyber war. Following 9/11, for instance, U.S.
President George W. Bush ordered a $1.5 billion increase in spending on
computer network security and training an army of workers to thwart any
cyber attack that terrorists might launch.
Source: LexisNexis
University at Albany, School of Business
Center for Information Forensics and Assurance
11
Computer Security
Security Incidents
October 5, 2004, Tuesday International Herald Tribune
North Korea's military has trained more than 500 cyberwarriors,
whose mission is to hack into South Korean, Japanese and U.S.
networks to gather intelligence or to attack computer systems, the
South Korean Ministry of National Defense said Monday.
The intelligence came in a report presented to the National Assembly's
Defense Committee. The military hackers are apparently recruited from
among those who have received specialized computer training at
universities. The ministry said it believed that the North's capability was on
a level with that of technologically advanced countries.
Source: LexisNexis
University at Albany, School of Business
Center for Information Forensics and Assurance
12
Computer Security
Security Incidents
August 31, 2004, Tuesday Asia Pulse
The number of South Korean Web sites reported to have been attacked in August by overseasbased hackers rose for the third straight month, sounding alarm bells for the country's cyber
security, the government said Tuesday.
In August, overseas hackers attacked 287 Web sites in South Korea, up from 262 in July
and 172 in June, the Ministry of Information and Communication said in a statement.
On Aug. 11, about 70 domestic Web sites were attacked by a group of Brazilian
hackers. The same group also attacked 120 computers on Aug. 15 and 40 others on Aug.
16, the ministry said.
Seven computer servers were crippled by an Indonesian hacker group called "neotector," it
added.
South Korea boasts one of the world's highest broadband Internet penetration rates
with more than 11 million people connected to the always-on, high-speed Internet.
Although South Korea has the most advanced Internet network, the country has lagged behind
the United States and other industrial nations in cyber security, analysts said
Source: LexisNexis
University at Albany, School of Business
Center for Information Forensics and Assurance
13
Computer Security
Security Incidents
March 2004, Washington Times
Computer viruses, worms set costly Internet record.
According to security experts mi2g, virus activity caused as
much as $83 billion in economic damage in February.
Numerous variants of MyDoom/Doomjuice and NetSky
caused havoc over the wires.
Source: Washington Times, March 1, 2004
University at Albany, School of Business
Center for Information Forensics and Assurance
14
Computer Security
Code Red
•
July 19, 2001 – July 20, 2001
–
340,000+ devices infected in less than 14 hours
University at Albany, School of Business
Center for Information Forensics and Assurance
15
Computer Security
SQL Slammer
•
Rate of Spread of viruses continues to grow
–
–
January 25, 2003
90%+ of vulnerable hosts were infected within 10 minutes
University at Albany, School of Business
Center for Information Forensics and Assurance
16
Computer Security
Mean Time to Exploit Decreasing
180 Days
120 Days
42 Days
21 Days
7 Days
Slammer Nimda
Chart Courtesy: P. Elias
University at Albany, School of Business
Center for Information Forensics and Assurance
Slapper
Blaster
(RPC)
2 Days
MS03-039 MS03-0??
(RPCSS)
17
Computer Security
Economy Connected to Internet
Worldwide B2B e-Commerce Projections 1999-2005
B2B e-Commerce Projections
(in billions)
10000
8000
6000
4000
Disruption to
electronic trade will
have a crippling effect
on the global economy
2000
0
1999
2000
2001
2002
Year
University at Albany, School of Business
Center for Information Forensics and Assurance
2003
2004
North America
Asia
World Total
2005
Europe
Rest of World
18
Computer Security
Financial Losses
• In 2003, there was $141,496,560 in losses
– #1 Viruses losses: $55,053,900
– #2 Denial of Service losses: $26,064,050
University at Albany, School of Business
Center for Information Forensics and Assurance
19
Computer Security
Critical Infrastructure
•
•
•
Technology has made many of our essential services (utilities,
banking, transportation, etc.) enormously more productive and
reliable.
Virtually every critical service (such as electrical power grids,
phone systems, air traffic control, water and sewer service, and
medical services) is dependent on computers.
U.S. analysts believe that by disabling or taking command of
the floodgates in a dam, or for example, of substations
handling 300,000 volts of electric power, an intruder could use
virtual tools to destroy real-world lives & property.
Source: Washington Post, June 27, 2002
University at Albany, School of Business
Center for Information Forensics and Assurance
20
Computer Security
Security Incidents (Infrastructure)
April 12, 2004 Associated Press
LAX Airport hit by brief blackout. A brief power line failure knocked
out electricity to the Los Angeles International Airport (LAX) control
tower and disrupted air traffic Monday morning, April 12. Eighty to 100
flights had to hold in the air, circle or stay on the ground at other
airports, Federal Aviation Administration spokesperson Donn Walker
said.
All radar, radios and telephones −− essentially everything that
controllers use to communicate with aircraft and other control
facilities −− were hit by the outage, Walker said.
Source: http://www.usatoday.com/travel/news/2004−04−12−lax−blackout_ x.htm
May 5, 2004 Independent.co.uk News
Worm crashes Coastguard computers. The Sasser worm, disrupted
work at the Marine and Coastguard Agency, forcing staff to use pencil and
paper to find ships and locate distress calls on maps.
University at Albany, School of Business
Center for Information Forensics and Assurance
21
Computer Security
Security Incidents (Infrastructure)
June 16, 2001 Insight on the News - Investigative Report
Hackers attack Sandia computers. Hackers recently penetrated nationalsecurity computer systems at Sandia National Nuclear Laboratory in
Albuquerque gaining access to classified information relating to nuclearweapons design.
February 4, 2003 ComputerWeekly.com
Briton pleads guilty to US nuclear lab hacking attack. London hacker
Joseph James McElroy, 18, hacked into 17 computer systems at the Fermi
National Accelerator Laboratory near Chicago over a two-week period in
June 2002 to store and exchange hundreds of gigabytes worth of computer
files with his friends.
September 24, 2003 IDG News Service
U.S. Immigration system hit by virus. The U.S. Department of State
struggled Tuesday to quell an outbreak of the W32.Welchia Internet worm
on the department's computer systems.
Source: http://www.infoworld.com/article/03/09/24/HNimmigration_1.html
University at Albany, School of Business
Center for Information Forensics and Assurance
22
Computer Security
Life styles depend on Computers
•
•
•
An employees sends about 22.9 messages each day, receives 81 messages per
day and gets 19.5 spam messages per day.
The number of instant messaging users will grow to 180 million in 2004
(Gartner Report)
The world has become globally connected
–
Today each country has connectivity to the Internet
1991
University at Albany, School of Business
Center for Information Forensics and Assurance
1997
23
Computer Security
Who out of these is a hacker?
University at Albany, School of Business
Center for Information Forensics and Assurance
24
Computer Security
Changing profile of the hacker
•
•
In past hackers were geniuses with a deep interest in technology.
Today hackers can operate with little knowledge network or computers
–
–
•
•
Download code from
the Internet
Follow recipes
Number of potential
hackers grows from a
few to several million
Hackers of tomorrow
will be terrorists with
deep evil intent.
1
Carnegie Mellon University
University at Albany, School of Business
Center for Information Forensics and Assurance
25
Computer Security
Conclusions
•
•
•
•
Security issues are escalating out of control
Severe financial consequences to these threats
Infrastructure vulnerable to cyber threats
The social behavior that has adapted to the Internet is
under threat
University at Albany, School of Business
Center for Information Forensics and Assurance
26
Download