Cyber-TerrorismCyber-TerrorismUse of MassUse of Mass

Media in Today’s Info warMedia in Today’s Info war

UNCLASSIFIEDUNCLASSIFIED

Administrative DataAdministrative Data

Safety ConsiderationsSafety Considerations: None: NoneRisk Assessment LevelRisk Assessment Level: Low: LowEnvironmental ConsiderationsEnvironmental Considerations: None: NoneEvaluationEvaluation: In class student checks and : In class student checks and

discussions.discussions.

Objective

• Action: Identify specific threats and weaknesses in regards to Cyber-Terrorism

• Conditions: Given student handouts• Standards: Identified specific threats

and weaknesses in regards to Cyber-Terrorism

AgendaAgenda

• DefinitionsDefinitions• HistoryHistory• Types of Cyber-terrorismTypes of Cyber-terrorism• VulnerabilitiesVulnerabilities• Counter-measuresCounter-measures• SummarySummary

Cyber-TerrorismCyber-Terrorism

• Definition:Definition: The premeditated, The premeditated, politically motivated attack against politically motivated attack against information, computer systems, information, computer systems, computer programs, and data which computer programs, and data which result in violence against result in violence against noncombatant targets by sub national noncombatant targets by sub national groups or clandestine agents. (FBI)groups or clandestine agents. (FBI)

Cyber-TerroristCyber-Terrorist

• Definition:Definition: Can be domestic or Can be domestic or international terrorists. Cyber terrorists international terrorists. Cyber terrorists may be classified as such whether they may be classified as such whether they solely rely on cyber terrorism to further solely rely on cyber terrorism to further their cause, or whether they use cyber their cause, or whether they use cyber terrorism in addition to other more terrorism in addition to other more conventional forms of terrorism. (FBI)conventional forms of terrorism. (FBI)

More DefinitionsMore Definitions

• Cyber-utilizationCyber-utilization: The use of on-line : The use of on-line networks or data by terrorist networks or data by terrorist organizations for supportive purposes.organizations for supportive purposes.

• Cyber-crimeCyber-crime: The deliberate misuse of : The deliberate misuse of digital data or information flows.digital data or information flows.

Hackers (MGM/UA, 1995)Hackers (MGM/UA, 1995)War Games War Games

(MGM/UA, 1983)(MGM/UA, 1983)

The Net (Columbia Pictures, 1995)The Net (Columbia Pictures, 1995)

SneakersSneakers (Universal Pictures, 1992)(Universal Pictures, 1992)

““My Crime is Curiosity”My Crime is Curiosity”• ““Yes, I am a criminal. My crime is that of Yes, I am a criminal. My crime is that of

curiosity. My crime is that of judging people curiosity. My crime is that of judging people by what they say and think, not what they by what they say and think, not what they look like. My crime is that of outsmarting look like. My crime is that of outsmarting you, something that you will never forgive you, something that you will never forgive me for. I am a hacker, and this is my me for. I am a hacker, and this is my manifesto. You may stop this individual, manifesto. You may stop this individual, but but you can't stop us all...you can't stop us all...”” The Hacker’s The Hacker’s Manifesto, 1986. Manifesto, 1986.

History of Hacking & Cyber-History of Hacking & Cyber-TerrorismTerrorism

Sophistication ofSophistication ofCyber-CrimeCyber-Crime

• Simple Unstructured: Individuals or Simple Unstructured: Individuals or groups working with little structure, groups working with little structure, forethought or preparationforethought or preparation

• Advanced Structured: Groups working Advanced Structured: Groups working with some structure, but little with some structure, but little forethought or preparationforethought or preparation

• Complex Coordinated: Groups working Complex Coordinated: Groups working with advance preparation with specific with advance preparation with specific targets and objectives.targets and objectives.

IntrudersIntruders

Attack Sophistication vs.Attack Sophistication vs.Intruder Technical KnowledgeIntruder Technical Knowledge

HighHigh

LowLow19801980 19851985 19901990 19951995 20002000

IntruderIntruderKnowledgeKnowledge

AttackAttackSophisticationSophistication

Cross site scriptingCross site scripting

password guessingpassword guessingself-replicating codeself-replicating code

password crackingpassword cracking

exploiting known vulnerabilitiesexploiting known vulnerabilities

disabling auditsdisabling auditsback doorsback doors

hijacking hijacking sessionssessions

sweeperssweepers

snifferssniffers

packet spoofingpacket spoofing

GUIGUIautomated probes/scansautomated probes/scans

denial of servicedenial of service

www attackswww attacks

ToolsTools“stealth” / advanced stealth” / advanced scanning techniquesscanning techniques

burglariesburglaries

network mgmt. diagnosticsnetwork mgmt. diagnostics

distributeddistributedattack toolsattack tools

StagedStaged

Auto Auto CoordinatedCoordinated

Electronic Numerical Integrator and Computer (ENIAC)Electronic Numerical Integrator and Computer (ENIAC)

The First Computer?The First Computer?

What did it take to get from this…What did it take to get from this…

……to this?to this?AltairAltair 88008800

Bill Gates, 1978Bill Gates, 1978

Student CheckStudent Check

Q: What does ENIAC stand for? Q: What does ENIAC stand for?

A: Electronic Numerical Integrator and Computer A: Electronic Numerical Integrator and Computer

Q: What was the name of the worlds Q: What was the name of the worlds first “micro computer”?first “micro computer”?

A: The Altair 8800A: The Altair 8800

The 414 Gang, 1982The 414 Gang, 1982

Los Alamos National LaboratoryLos Alamos National Laboratory

The Morris WormThe Morris Worm

Cornell University student Robert T. MorrisCornell University student Robert T. Morris

Other Acts of Other Acts of Cyber-TerrorismCyber-Terrorism

• 1997: Hacker disabled the traffic 1997: Hacker disabled the traffic control tower at a Mass. Airport. No control tower at a Mass. Airport. No accidents were caused, but service was accidents were caused, but service was affectedaffected

• 1998: Defense Department attacked, 1998: Defense Department attacked, hackers accessed personnel and hackers accessed personnel and payroll informationpayroll information

ContinuedContinued

• 1998: NASA, Navy, and university 1998: NASA, Navy, and university systems attacked. Network connections systems attacked. Network connections severed, many computers crashedsevered, many computers crashed

• 2001: Treasury Dept. bank systems 2001: Treasury Dept. bank systems cracked, personal I.D. numbers accessedcracked, personal I.D. numbers accessed

Types of Cyber-TerrorismTypes of Cyber-Terrorism

VirusesViruses• Same concept as a biological virusSame concept as a biological virus

– Self-replicatingSelf-replicating– Damages host (computer program)Damages host (computer program)– Host then infects other applicationsHost then infects other applications

• Not all are destructiveNot all are destructive• Many have delayed payloadMany have delayed payload• Some (Some (veryvery rare) actually improve rare) actually improve

programsprograms

WormsWorms• Similar to a VirusSimilar to a Virus

– Self-replicatingSelf-replicating– Self-containedSelf-contained

• DOES NOTDOES NOT need to be part of another program need to be part of another program

• Deletes files from hostDeletes files from host• Sends secure info (credit card #’s) from Sends secure info (credit card #’s) from

host to outside partyhost to outside party• Can severely slow down networksCan severely slow down networks

Trojan HorsesTrojan Horses• Different from viruses and wormsDifferent from viruses and worms

– Does not attach to other files or programsDoes not attach to other files or programs– Does not self-replicateDoes not self-replicate– Does not transmit on its ownDoes not transmit on its own

• Must be transferred & run by user deliberatelyMust be transferred & run by user deliberately

• Appears to be harmlessAppears to be harmless• Deletes filesDeletes files• Reconfigures settingsReconfigures settings

SpywareSpyware• A form of Trojan HorseA form of Trojan Horse

– Does not attach to existing filesDoes not attach to existing files– Does not self-replicateDoes not self-replicate– Sends user info to outside sourceSends user info to outside source– Can reconfigure computer settingsCan reconfigure computer settings

• Stealth dialersStealth dialers

• Does not damage computer, in generalDoes not damage computer, in general• User usually never knows it is thereUser usually never knows it is there

SpamSpam

• Generally harmless to computer itselfGenerally harmless to computer itself• Several side effectsSeveral side effects

– Overcrowded In-boxesOvercrowded In-boxes– Pop-up windowsPop-up windows– Lost timeLost time

Student CheckStudent Check

Q: How are viruses and worms similar?Q: How are viruses and worms similar?

A: They are both self-replicating.A: They are both self-replicating.

Q: How are they different?Q: How are they different?A: Worms don’t need to be a part of another A: Worms don’t need to be a part of another

program, viruses do.program, viruses do.

What Are Our Vulnerabilities?What Are Our Vulnerabilities?

Banking IndustryBanking Industry

• Financial ruin for individualFinancial ruin for individual• Hard to reverseHard to reverse• 80% of incidents go unreported80% of incidents go unreported

– Bad for bank’s reputationBad for bank’s reputation– Loss of customer trustLoss of customer trust– Loss of businessLoss of business

Travel IndustryTravel Industry

• Well trained, well motivatedWell trained, well motivated– Under right circumstances this person can Under right circumstances this person can

do do HEAVYHEAVY damage damage• Does not just apply to air travelDoes not just apply to air travel

– Trains as wellTrains as well

Financial MarketsFinancial Markets

• "United Loan Gunmen take control of "United Loan Gunmen take control of NASDAQ stock market."NASDAQ stock market." – False story posted on NASDAQ Website by False story posted on NASDAQ Website by

hacker grouphacker group• Can play on the public’s sense of fear Can play on the public’s sense of fear

of a crashing marketof a crashing market

Computer NetworksComputer Networks

• Consists of hundreds of computersConsists of hundreds of computers– Big businesses and the Federal Big businesses and the Federal

Government use networksGovernment use networks• One infected system can bring down a One infected system can bring down a

network.network.• Mot all viruses get caught by Anti-virus Mot all viruses get caught by Anti-virus

softwaresoftware

Student CheckStudent CheckQ: What percentage of computer crimes Q: What percentage of computer crimes in the banking industry go unreported?in the banking industry go unreported?

A: 80%A: 80%

A: FalseA: False

True or False: The “United Loan True or False: The “United Loan Gunmen” took control of NASDAQ Gunmen” took control of NASDAQ

stock market.stock market.

How Do We Stop Him?How Do We Stop Him?

Online Banking &Online Banking &ShoppingShopping

• Make sure bank/merchant takes Make sure bank/merchant takes adequate security precautionsadequate security precautions– Secure Sockets LayerSecure Sockets Layer– Other encryption methodsOther encryption methods

• Do research to ensure your protection Do research to ensure your protection

Anti-Virus SoftwareAnti-Virus Software

• Several very reliable Several very reliable packages availablepackages available

• Different packages Different packages for different usesfor different uses

• Free and easy Free and easy updates available.updates available.

PersistencePersistence

• Destroy important documentsDestroy important documents– Shred or burn account numbers, credit card Shred or burn account numbers, credit card

bills, bank statements, etc.bills, bank statements, etc.• Update anti-virus software regularlyUpdate anti-virus software regularly• Don’t open strange e-mails, even from Don’t open strange e-mails, even from

“friends”“friends”

SummarySummary

• DefinitionsDefinitions• HistoryHistory• Types of Cyber-terrorismTypes of Cyber-terrorism• VulnerabilitiesVulnerabilities• Counter-measuresCounter-measures• SummarySummary

Bottom LineBottom Line

Questions???Questions???