Cyber espionage sabotaging government Long term Strategy

30
innovateinfosec.c om Cyber Espionage Sabotaging Governments Long Term Strategy Ajay Porus Director & Principal Consultant Innovate InfoSec CISA, ITIL, ISO27001, CPISI, RSA certified Analyst, CCNA Security, Qualysguard certified specialist Digital forensics & Cyber crime expert- US DOD Cyber crime center

Transcript of Cyber espionage sabotaging government Long term Strategy

Page 1: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com

Cyber Espionage Sabotaging Governments Long Term

StrategyAjay Porus

Director & Principal Consultant Innovate InfoSecCISA, ITIL, ISO27001, CPISI, RSA certified Analyst, CCNA

Security, Qualysguard certified specialistDigital forensics & Cyber crime expert- US DOD Cyber crime

center

Page 2: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Disclaimer

• Information used to create the training has been taken from various sources and books. Credit for the information remains with the original authors and registered brands and trademarks belongs to their legitimate owners and does not violate any of Licenses and intellectual property rights

• This training material either in hard or soft forms contains my personal opinion and has nothing to do with my any current or past employers.

Page 3: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com My Profile• I am an Information Security and

technology Enthusiast.• I do Consulting and training – A startup –

Innovate InfoSec Pvt. Ltd.• More Than 15 certification in Information

security, cyber Security, Risk & Compliance• Publications: Cloud Computing and its

Security Benefits – Enterprise IT Security Magzine

Senior Cyber Leadership - Why a Technically Competent Cyber Workforce is Not Enough – Cyber Security Forum Initiative (CSFI) • Volunteer work: Honeynet Project India• Cloud Security Alliance – Founder

Hyderabad Chapter

Page 4: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Agenda

• What is Government• Pillars or soul of a nation• What is Cyber Espionage• Types of Cyber Espionage• Examples with after effects• Anatomy of Cyber Espionage• What can be Done

Blackhat - Official Trailer (Universal Pictures) HD.mp4

Page 5: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Government

• What is government• Bureaucrats, Elected member• Strategist, Think Tanks• Scientists, diplomats

But from where they come

People, Citizens of the Nation

Page 6: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Pillars or soul of a nation

• Politics• Economics• Social Culture• Defense• Healthcare• Telecommunications• Education

Successful Attack on One = Destabilize a nationSuccessful Attack on few = Kill a nation

Page 7: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Cyber Espionage

Page 8: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Cyber Espionage– Enemies• Top enemies – Espionage – Attacks - Communications• China, Russia, North Korea, USA• country sponsored and organized terrorism

– Recruitment– Training– Coordination of attacks– Thrill seekers and for hire threats

• Political sympathizers for radical causes– Recruitment– Training– Message marketing– Intellectual property

Page 9: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Cyber Espionage– Targets

• Nuclear plants• Any automated production

including Gas, oil…etc• SCADA is a hot target – Low tech

and isolation has been its best protection

• Military• Monetary system• Citizen communications platform• Internet• Cell• Emergency services• Social Media• Big data & Cloud Enviornment

Page 10: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Goals of Cyber Espionage

• Money• Power• Control• Publicity• Revenge• Future protection/Penetration

testing

Page 11: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com The Original Logic Bomb

Moonlight Maze 1998One of the earliest forms of major infiltration where hackers penetrated American computer systems at will; Moonlight Maze was an accidental discovery made by the US officials and was believed to be conceived by the Russians although they denied their involvement. In this cyber attack, hackers targeted military maps and schematics and other US troop configurations from the Pentagon, the Department of Energy, NASA and various universities and research labs in unremitting attacks that was discovered in March , but had been going on for nearly two years.

Page 12: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com UkraineUkrainian Politicians' Phones Blocked, Damage to Ukrainian Telecom Cables Signals Jammed

Page 13: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Cyber Army Unit PLA Unit 61398

• APT1 is believed to be the 2nd Bureau of the People’s Liberation Army (PLA) which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398 (61398部队 ).

• Stolen hundreds of terabytes of data from at least 141 organizations

• Thousands of Employees• A well defined requirement

and curriculum• Huge infrastructure all

around the world• Operations since 2006Cyber Espionage- The Chinese Threat- Stealing the Secrets of Corporate America.mp4

Page 14: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com

STUXNET- The Virus that Almost Started WW3.mp4

Page 15: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com DUQU• Duqu was created in order to collect intelligence about its targets, which can

include pretty much anything that is available in digital format on the victim’s PC.

Page 16: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Flame

Page 17: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com F 35 Secrets in Chinese fighter plane• the Chinese probably obtained the F- secrets from Lockheed Martin, its subcontractors,

or U.S. allies involved in the development program. Allies that took part in the F- program include the United Kingdom, Israel, Italy, Australia, Canada, Norway, Denmark, the Netherlands, and Turkey

• Program budget 395 Billion dollar, but now stalled because of budget and other unknown issue.

F 35 J20

Page 18: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Attack on Kaspersky

• A highly Sophisticated attack on kaspersky Labs• New nation-state attack attributed to members of the infamous Stuxnet and Duqu

gang• A case of the watchers watching the watchers who are watching them.• The attackers appear to be the same group that created Duqu, spyware discovered in

2011 that was used to hack a certificate authority in Hungary, as well as targets in Iran and Sudan, and that shared a number of similarities with Stuxnet, the famed digital weapon that sabotaged Iran’s nuclear program.

• Duqu 2.0, as Kaspersky is calling it, is a massive, 19-megabyte toolkit with plugins for various reconnaissance and data theft activities

• The entire code of this [attack] platform is some of the best we have seen ever,”• the attackers also struck a series of hotels and conference venues, each of them a

location where members of the UN Security Council met in the past year to negotiate Iran’s nuclear program.

• Regin was a sophisticated spy tool Kaspersky found in the wild last year that was used to hack the Belgian telecom Belgacom and the European Commission

'Cloud Atlas'- Russia Targeted by Another Large Scale Cyber Espionage Campaign!.mp4

Page 19: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com How its done

• Goal – Reason for attack – end desire– Intelligence– Lots of data– Information

• Five steps in an attack– Reconnaissance– Probing– Actual attack– Maintaining presence– To continue original attack desired effect

• To allow for future attacks – continued surveillance– Light footing– Covering attack track

• Residual for future or continued access

Page 20: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com The Vulnerability Matrix

Electric

Government

Natural Gas

Fedral institutions

commercial

nuclear plants

wastewater facilities

Oil Pieline

chemical plants

Hospitals

E-commerce

billion miles of cable

Airports

maritime ports

Production sites

Railways

Govt. facilities

Home Users

Broadband Connections

Wireless

Viruses, Worms

Banking

Telecom

EmergencyServices

Chemical

Rail

Natural GasWater

Waste Water

Transportation

Oil

Dams

Insiders

Configuration

Problems

Miles long transmission lines

overlapping grid controllers

Page 21: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Underground world of Cyber Espionage

• Russian Business Network working for corporate espionage• Selling secrets from corporate and governments to highest bidders• Selling zero day vulnerabilities along with cyber weapons

Page 22: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com The Anatomy of Cyber Espionage

• Reason for cyber espionage • Benefits gained • target clicking on a malicious link• zero-day exploits • Nations (and criminals) purchase zero-day exploits• Possible ramification: Disruption of supply-chains for defense in war• Deployment of malicious hardware and compromise of military defense systems.• Attack & control the satellite remotely; impact on military planes &weapons.• Manipulation of GPS communication channels to control military drones• Exploitation of Industrial Control Systems (ICS), especially supervisory control and

data acquisition systems (i.e., SCADA, as in Stuxnet), impacting defense operations

Page 23: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Reason of successful espionage

• Software-based Vulnerabilities• Backdoors and Hardcoded Passwords• Remote Code Execution (RCE)• Insecure Protocols, Spoofing and Hijacking• SQL Injections• Insecure Authentication and File Uploading Flaws• Insider Threat Vulnerabilities• Unintentional Insider Threats (UIT)• Intentional Insider Threats (IIT)• Hardware-based Vulnerabilities

• Humans: The weakest & Strongest link in chain

Page 24: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com Cyber Warfare

• Currently between many countries • China, USA, Russia, India, Pakistan, Iran, North Korea and many more• Cyber warfare leading to human assassinations• Heard of Fire Sale: Watch Die Hard 4, BlackHat

Page 25: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com

Cyber Weapons = Weapon of Mass Destruction

Page 26: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com What can be done

• Cyber-attacks cannot be prevented through technical solutions alone. The nation requires well-drafted cyber laws, organizational policies, and cyber strategies in addition to highly advanced defensive solutions.

• Software and Hardware Assurance• Insider Threat Detection.• Cybersecurity Training• Dedicated Cybersecurity Government Bodies

Page 27: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com

• Art of Espionage is all about • Art of Deception • Art of Intrusion • Art of ManipulationBut There’s more Humans work on technology not Technology on Humans, Secure Yourself, Secure Nation, don’t fall for cheap, booby tricks and propaganda's.

Page 28: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com

Page 29: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com IIS Service Portfolio

• Information Security Architecture Assessment and Assurance Service

• Application Security Services• Data Security Services• Identity & Access Management Services• Network Security• Cloud Security• Security Reviews Services• Sustenance Services for Security Compliance• Physical Security

Page 30: Cyber espionage sabotaging government Long term Strategy

innovateinfosec.com IIS Service Portfolio

• Cyber Hygiene Services• Due Diligence Services• Digital Forensics & Investigation Services• Offensive Services: For Law Enforcement Only• Training Services• Web App & Mobile App development• Managed Security Services