Fabio Ghioni Asymmetric Warfare
-
Upload
ramius20002000 -
Category
Documents
-
view
223 -
download
0
Transcript of Fabio Ghioni Asymmetric Warfare
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
1/42
www.zone-h.orgthe Internet thermometer
Asymmetric warfare
andinterception revealed
Asymmetric warfare
andinterception revealed
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
2/42
THE LECTURERS
Fabio Ghioni
Roberto Preatoni
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
3/42
MailServ
er
WebServ
erDB
DB
Webapp
WebClientWebapp
Webapp
Webapp
HTTP
request
(cleartext
or SSL)
HTTP reply
(HTML,
Javascript,
VBscript,etc)
Plugins:
PerlC/C++
JSP, etc
Database
connection:ADO,
ODBC, etc.
SQL
Database
Apache
IIS
Netscape
Firewall
Why Zone-H ?
YOU!
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
4/42
D i g i t a l a t t a c k s a m o u n t s i n c e 2 0 0 2
1 6 0 0 1811 23413652 3907 3468
41755279
9884
14575
12739
16393 1672415638
1692417329
25273
0
5000
10000
15000
20000
25000
30000
2002-
01
2002-
02
2002-
03
2002-
04
2002-
05
2002-
06
2002-
07
2002-
08
2002-
09
2002-
10
2002-
11
2002-
12
2003-
01
2003-
02
2003-
03
2003-
04
2003-
05
D a t e
www.zone-h.orgthe Internet thermometer
In 2004 35.000+ / months
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
5/42
Internet today
www.zone-.orgthe Internet thermometer
INTERNETTODAY
40 millions of servers
MOBILE
CELLPHONES
TODAY
APPROAX 1
BILLION
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
6/42
Internet today
www.zone-.orgthe Internet thermometer
INTERNET
TODAY
MOBILE
CELLPHONES
CONVERTED INTO
3G / 4G
+
= EXTREME PAIN
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
7/42
- Protocol
- Telco network component
- OS- User application level
- SIM / USIM toolkit application level
www.zone-.orgthe Internet thermometer
3g exploitable points
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
8/42
TERRORISM ?
www.zone-.orgthe Internet thermometer
About terrorism
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
9/42
WHAT IS IT?
threats outside the range of conventional warfare
and difficult to respond to in kind U.S.Dictionary of MilitaryTerms
Asymmetric warfare
WHEN IS IT USED?
If the enemy is superior in strenght, evade him. If
his forces are united, separate them. Attack him
where he is unprepared; appear where you are not
expected. Sun Tzu
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
10/42
Asymmetric warfare and infowar
www.zone-h.orgthe Internet thermometer
Asymmetric Warfare (AW)
Battlefield where small groups of individuals can producemassive damage with minimum effort and risk from virtuallyanywhere in the world.
Information Operations (IO)
Hit the adversarys information and IT systems andsimultaneously defend ones own information and IT systems.
Information Warfare (IW)
Information Operations conducted in moments of crisis orconflict, aimed at reaching or promoting given objectivestowards given adversaries.
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
11/42
ICT WARFARE
Its the best strategy foran asymmetric conflict
www.zone-h.orgthe Internet thermometer
Distributed attacks, high anonimity
Possibility to use the same enemys infrastructures
Low cost of technology implementation and R&D
Wide range of critical infrastructures to be attacked
Possibility to carry out unconventional activities
Direct contact with the enemys command and
control center at the highest ranks
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
12/42
The heritage:
mechanical war
Dirty war Systemic war
PeaceWar ICT War
Future conflicts dimensions
www.zone-.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
13/42
Technology highlow
Power
Forte
Debole
Mechanicalwar
War andPeace
Systemic warDirty war
ICT War
Future conflicts dimensions
www.zone-.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
14/42
Usage of different conflict unconventional
tipologies to defy an enemy with a superior
warfare capability
-Traditional terrorism
- Use of chemical/nuclear/biological weapons
- Attack to the ICT infrastructures critical to theeconomy and national security
ICT war targets against e-nations
-Economy
-Public service infrastructures-Military and civil defense
Multiplier of the above
About terrorism
www.zone-.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
15/42
Sensored networks and critical
infrastructure protection
- National security
- Asymmetric warfare and infowar- Defence and uses in state of war
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
16/42
www.zone-h.orgthe Internet thermometer
Protection of public & private critical ICT infrastructuresReporting e support for analysts
Support Defense
Intelligence
Offensive & employee infiltration capabilities
State of alert & automatic activation of defense systems
conceived for the protection of strategic national &
economic infrastructures
Enemy analysis, counterattack, elaboration &
implementation of offensive strategies
Counterespionage
National security
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
17/42
National Security & Critical
Infrastructure Protection
www.zone-h.orgthe Internet thermometer
National Critical Infrastructure
COMPUTER
TELECOMMUNICATION
S
EL
ECTRICPOWER
Public Health and Safety
Emergency Services
Water Supply and Sewage
Transports
Other Government Operations
Military Command and Control Systems
Mass media
Energy, Oil and Gas Control
Banking and Financing Activities
Industrial Production
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
18/42
The beginning of data interception used
to solve terrorism cases
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
19/42
Parametric interception
www.zone-h.orgthe Internet thermometer
Listening #1
Listening #2
Pop ISP #1
Listening #3
Listening #4
Pop ISP #2
Backbone ISPProbe #1
Probe #2
Radius
Probe radius
Mediation server
(storage and forwarding)Parametric
rules
configurator
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
20/42
- Uses and abuses
- Technology involved
- Reliability
- Usability in investigative procedure
- Legal uses in court cases and judicial use- Basic architecture in asymmetric and symmetric
deployment (same nation state standpoint)
- Real cases
www.zone-h.orgthe Internet thermometer
Parametric interception
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
21/42
Digimetric vs. Parametric
- What it is- Uses and abuses- Distributed use on asymmetric and symmetric sensored networks
www.zone-h.orgthe Internet thermometer
Return-path: Received: from mail.boot.it (unverified [127.0.0.1]) by boot.it(Rockliffe SMTPRA 6.1.16) with ESMTP id for
;
Fri, 17 Sep 2004 10:43:28 +0200Date: Fri, 17 Sep 2004 10:42:58 +0200From: Fabio xxxxxxxxx MIME-Version: 1.0To: roberto preatoni Subject: [Fwd: R: R: report]
Mailer: Mozilla 4.75 [en] (Win95; U)
Content-Type: multipart/mixed;
Digimetric interception
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
22/42
The process of updating investigative
procedure based on interception from voice to
data: technological aspects and examples of
judicial aspects
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
23/42
-Parametric & direct interception are passive instrumentsthat have limits & dont allow for the analysis ofencrypted communications.
Instruments that guarantee privacy protection and/oranonimity are widely available & easy to use eg. InstantMessaging on SSL; VoIP solutions protected by AeS (eg.SKYPE); there are also systems that allow anonymousfile exchange (MUTE) o messaging (Freenet or Entropy).
- Basic technology- When to use it
- Usability in investigative procedure- Can it be detected?- Real cases
www.zone-h.orgthe Internet thermometer
Injected interception
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
24/42
Intervene on the source
What are the advantages?
The possibility of having direct access to all the data that the target computeraccesses, independent of the means of data transport (physical of telematic).
The possibility of tracing the targets IP address directly or by reverse connectiontechniques.
What type of data can be accessed?
Complete access to all protected data sent on network channels
All data that DONT normally transit on the network (USB keys, CDRoms, etc.).
Access to crypto instruments and keys that allow to decipher the relevant data
Direct access to encrypted physical disks or logical volumes
Audio/Video interception, if a microphone and/or webcam are present on the pc Ie. SUB7 trojan
www.zone-h.orgthe Internet thermometer
Injected interception revealed
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
25/42
When to Use Injected Interception
When the subject is able to protect itscommunications
When a constant & punctual monitoring of a subjects activityis necessary
When it isnt physically possible to do environmentalinterception with traditional methods
When the subject has an elevated mobility (e.g. notebook)
When its not physically possible to access the targets
resources
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
26/42
Usability in Investigative Procedures
Forensics know that guaranteeing that all confiscatedmedia & data remain unmodified at the time of analysis,is of paramount importance.
Controversy:Controversy:- inserting an external injected agent, modifies the media
both physically & logically with its Installfunction
- who inputs the surveillance SW has the same privilegesas the monitored subject
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
27/42
Formal procedures for requesting the interception;
Univocal agents, guaranteed by digital signatures &
encrypted time stamping;
Non repudiable auditing of the operations that aremanaged manually or automatically by the agent;
Possibility of recreating the agents assembly process
from the source code to the generation of the univocal
executable.
www.zone-h.orgthe Internet thermometer
Privacy vs. Security
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
28/42
Can the Agent be Uncovered?
It depends on the motivation & theknow-how used in theattack and the defence.
In general, an agent can be discovered if the network to which
the target pc connected is correctly monitored
Therefore, the greatest effort must be funneled into reaching anextremely high technical complexity in the functionsof:
Hiding
Camouflage
Autodestruct
Non-reverse trace back
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
29/42
Virus Technology at the Service of
Justice: an Overview
How do you inject an agent into the
interested partys computer?
The means are many but the ways to be
considered are principally:Technology
Social Engineering
Separately or in tandem
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
30/42
- Usability in investigative procedures
- Potentiality in sensored networks
- Trojan planning and development
- Real cases- Usability of Trojans in Investigative
Procedures
www.zone-h.orgthe Internet thermometer
Trojans
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
31/42
Potentiality in Sensored Networks
Integration with parametric interception infrastructure
Anonymity of Agent Communication through destination
IP spoofing(e.g. Mailing of a letter to a nonexistent
address. If we control the central post office exchange,
we will be able to intercept and retrieve the letter and
any other mail sent to the fictitious address.)
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
32/42
Trojan planning and development
A lot of trojans are available on the net Many trojan coders privately sell releases of their trojans that are
not detectable by antivirus programs for less than 100-200 USD
Trojans available on the Internet are not a good choice because: They are undetectable by antivirus programs but are detectable
by humans Made by script kiddies (no design, bad source code) Not so paranoid
No encrypted communication No polymorphic self-encryption No self-destruction capabilities
Not written for usage in formal investigative procedures
Trojans used for intelligence must be written, tested and approvedwith a formal development approach.
Real cases
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
33/42
Cyber attacks : an abstract built on
Zone-H's experience
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
34/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
35/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
36/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
37/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
38/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
39/42
CYBERFIGHTS
Kashmir related
Iraq war related
Code red release related
Palestine-Israel related
No-Global related
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
40/42
CYBER-ATTACKS ARE CONVENIENT BECAUSE: Lack of IT laws
Lack of L.E. international cooperation
ISPs are non-transparent (privacy law)
CYBER-ATTACKS ARE CONVENIENT BECAUSE:
General lack of security
No need to protest on streets No direct confrontation with L.E.
CYBER-ATTACKS WILL NEVER STOP BECAUSE:
Inherent slowness of the Institutions
The Internet is getting more complicated
Software producers are facing a market challenge
www.zone-h.orgthe Internet thermometer
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
41/42
THE NEW EXPRESSIONS OF THE
ASYMMETRIC CYBERWAR
www.zone-h.orgthe Internet thermometer
COMMAND & CONTROL
INFORMATION GATHERING
ON ENEMYS TARGETS
PROPAGANDA DIFFUSION
MEDIA MANAGEMENT
TAX FREE MONEY
RAISING & LAUNDERING
-
8/2/2019 Fabio Ghioni Asymmetric Warfare
42/42
www.zone-h.orgthe Internet thermometer