Professional Documents
Culture Documents
Dr Paul Twomey
Three layers
4. Technology Integration
3. Transactional systems
2. Storing Information
1.Messaging
Spectrum of Risk
10
Global Internet
11
Motivation
Target
Method
Information
Warfare
Military or political
dominance
Critical
infrastructure,
political and
military assets
Attack, corrupt,
exploit, deny,
conjoint with
physical attack
Cyber Espionage
Gain of intellectual
Property and
Secrets
Governments,
companies,
individuals
Advanced
Persistent Threats
Cyber Crime
Economic gain
Individuals,
companies,
governments
Fraud, ID theft,
extortion, Attack,
Exploit
Cracking
Ego, personal
enmity
Individuals,
companies,
governments
Attack, Exploit
Hactivism
Political change
Governments,
Companeis
Attack, defacing
Cyber Terror
Political change
Innocent victims,
recruiting
Marketing,
command and
control, computer
based voilence 12
Property
of Argo
Pacific Pty
Source:
analysis,
DrLtd
Irv
Lachov
Source: Report of the CSIS Commission on Cybersecurity for the 44th Presidency
Property of Argo Pacific Pty Ltd
13
14
15
Direct Cost: e.g. engaging forensic experts, outsourced hotline support, free credit
monitoring subscriptions, and discounts for future products and services.
Indirect Costs: e.g. in-house investigations and communication, and the value of
customer loss resulting from churn or diminished acquisition rates.
Property of Argo Pacific Pty Ltd
16
Over the past four years lost business costs, created by abnormal churn or turnover of
customers, grew by more than $64 on a per victim basis, or a 38% overall percentage
increase.
Organizations in highly trusted industries such as banking, pharmaceuticals and
healthcare are more likely to experience high abnormal churn rates following a data
breach compared to retailers and companies with less direct consumer contact.
17
18
Now
Loss of intellectual
property/data
Now
Emerging
Now
Future
Terrorism
Emerging
19
Increase in worms
Sophisticated command
and control
2008
Anti-forensic techniques
Hijacking sessions
Increase in wide-scale
Trojan horse distribution
Widespread
denial-of-service
attacks
1990
Automated probes/scans
Techniques to analyze
code for vulnerabilities
without source code
Windows-based
remote controllable
Trojans (Back Orifice)
Attack sophistication
Packet spoofing
DDoS attacks
Internet social
engineering attacks
Source: SE/CERT CC
Property of Argo Pacific Pty Ltd
20
21
22
23
Mass-scale hacking
24
It's very personal. The attacking party carefully selects targets based on political,
commercial and security interests. Social engineering is often employed.
It's persistent. If the target shows resistance, the attacker will not leave, but rather
change strategy and deploy a new type of attack against the same target.
Control focused. APTs are focused on gaining control of crucial infrastructure, such as
power grids and communication systems. APTs also target data comprised of intellectual
property and sensitive national security information.
It's automated, but on a small scale. Automation is used to enhance the power of an
attack against a single target, not to launch broader multi-target attacks.
It's one layer. One party owns and controls all hacking roles and responsibilities.
25
Started on April 27, 2007 and this attacks last about 3 weeks.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and
9 generic traffic floods).
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Impact
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Closing down the sites under attacked to foreign internet addresses and
keep the sites only accessible to domestic users.
Implemented an online "diversion" strategy that made attackers hack sites that
had already been destroyed.
Implemented advanced filters to the traffic, then Cisco Guard was installed
to lower malicious traffic.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
CERT persuaded ISPs around the world to blacklist attacking computers which
overwhelm Estonias bandwidth.
Germany, Slovakia, Latvia, Lithuania, Italy and Spain supported and funded CERT
the hub in the Estonian capital Tallinn to protect the security.
The president gave up his own website and let them continue to attack it so that they
would not be able to destroying more critical things.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
International impact
The Estonian CERT analyze server logs and data to find out who is
behind the attacks.
NATO assisted Estonia in combating the cyber attacks and has voted to
work with member governments to improve cyber security.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009
Russian Federation
Kyrgyzstan
Ukraine
Estonia
Georgia
Ingushetia
Peoples Republic of
China
Taiwan
Israel
Iran
Palestinian National
Authority (Hamas)
Myanmar (Burma)
U.S.
Turkey
Pakistan
Germany
Zimbabwe
Australia
State-Sponsored Actors
Non-State Actors
War by proxy?
Kremlin Kids: We Launched the Estonian Cyber War
By Noah Shachtman
March 11, 2009 |
Wired.com
Like the online strikes against Georgia, the origins of the 2007 cyber attacks on Estonia remain hazy.
Everybody suspects the Russian government was somehow behind the assaults; no one has been able to
prove it. At least so far. A pro-Kremlin youth group has taken responsibility for the network attacks. And that
group has a track record of conducting operations on Moscows behalf.
Nashi ("Ours") is the "largest of a handful of youth movements created by Mr. Putins Kremlin to fight for the
hearts and minds of Russias young people in schools, on the airwaves and, if necessary, on the streets,"
according to the New York Times.
Yesterday, one of the groups "commissars," Konstantin Goloskokov (pictured), told the Financial Times that
he and some associates had launched the strikes. "I wouldnt have called it a cyber attack; it was cyber
defense," he said. "We taught the Estonian regime the lesson that if they act illegally, we will respond in an
adequate way." He made similar claims, in 2007.
If true, it would be only one in a long string of propaganda drives the group has waged in support of the
Kremlin. Not only has Nashi waged intimidation campaigns against the British and Estonian ambassadors to
Moscow, and staged big pro-Putin protests. Not only has been it been accused of launching denial-of-service
attacks against unfriendly newspapers. Last month, Nashi activist Anna Bukovskaya acknowledged that the
group was paid by Moscow to spy on other youth movements. The project, for which she was paid about
$1100 per month, included obtaining "videos and photos to compromise the opposition, data from their
computers; and, as a separate track, the dispatch of provocateurs," she told a Russian television channel.
36
37
Strategic implications
38
39
CERT Australia
work with the private sector in
identifying critical infrastructure
and systems that are important to
Australias national interest,
based on an assessment of risk,
and to provide these
organisations with information
and assistance to help them
protect their information and
communication technology
infrastructure from cyber threats
and vulnerabilities.
Sector Progams:
banking and finance,
control systems
telecommunications
40
Government ran government networks. The government ran military networks. The
government owned Telecom Australia and OTC.
To expect DSD and/or ASIO to play the primary protection role was quite valid.
41
But today
Every business is connected to the Internet. Every businesss network is part of the internet.
The capacity to interact with each other is a key part of their risk environment. Telcos, businesses,
universities, and households are all connected in different ways.
If there were negligence causing damage, who would be liable? In the 1970s, 80s and even the
early 1990s you could make a case that somehow or other the government would end up being the
defendant. Today it would be the companies.
The big change for boards in Australia is that if somebody wants to bring a negligence action for
something that went bad on the network they are more likely to to be liable.
42
Operations
Reputation
Financial performance
43
THANK YOU
44