Presentation on theme: "Director, IO Institute Association of Old Crows"— Presentation transcript:
1 Director, IO Institute Association of Old Crows …and then Man created CyberJoel HardingDirector, IO InstituteAssociation of Old CrowsGood afternoon. My name is Joel Harding. I’m the Director of the IO Institute, a Special Interest Group of the AOC.The presentation today looks at topics that most of us are familiar with but from a different perspective. The purpose of this briefing is to make you think about these issues in a new way.A word of warning in advance. This briefing steps on the toes of many of our most sacred cows, it is sacrilegious and might even be considered too violent by some.Admin notes:[Length of presentation is 37 minutes rushed, 42 minutes paced, up to 58 minutes with Q&A, keeping control of the briefing.Most of the slides are self-building, they are animated and self-progressing. Most slides self-transition at less than 30 seconds.]
2 Agenda …and then Man created Cyber New Social Media Cyberw… no, I can’t say itWhat to do?Cooperation/Treaties in CyberspaceHere is what I will be talking about today.
3 …and then Man created Cyber A new way of looking at our developing worldI would like to introduce you to a totally different and purposefully simplistic way of looking at everything around us.I don’t plan to say much about these slides, just keep in mind this is about another part of the spectrum – that of visible light.Now, imagine a prism working in reverse.
14 A full spectrum… Waiting for us to put it all together SpaceSeaEMSAirInformationIntelLandCyberS
15 …and Man struggled to put it all together <insert various awkward attempts showing Land, Air,Sea, Space, EW, IO, Cyber and how they all work together>This is how all the different efforts to write IO doctrine and policy seem to work together. Perhaps you’ll see a familiar process up there, chances are you don’t.
16 Look at all those pretty colors… Now think back to what I said about visible light and a reverse prism.Frequency units – Hertz1 Hz = 1 c1
17 …and somehow it all worked. …in the meantimeSpaceSeaEMS…and somehow it all worked.Together.AirInformationRemember that prism I mentioned? Just think of all the colors going into it – what comes out?In the world of IO that is how doctrine and policy work – or rather – don’t work. Joint IO doctrine is markedly different from Army IO doctrine which is worlds apart from Navy IO which is different from USAF.But when it comes to ‘doing’ IO, it works and it works well. Very well, as a matter of fact.IntelLandCyber
19 “Sample Nuclear Launch While Under Cyber Attack” Let’s first talk about a war on your senses. We are inundated with messages we receive through our computers and our smart phones. We watch videos, we look at pictures, we read Tweets, s, and even occasionally talk on our smart phones. Every news report we watch has a built in bias, however. It all depends on the reporter and the media to police up their own and create a feeling of objectivity.This is a perfect example. Does anyone remember when this photograph was first released? The Iranians had doctored the original to show four missiles firing where only three had actually fired. Now this..Think about this for a second. Can you ever really ever again trust a photograph?[yes, this is a doctored photo, used here just to lighten a serious moment]Source:
21 New Social Media Twitter TweetDeck S What you are seeing here is a rapidly developing new way to communicate with a global audience, tools used to analyze this new social media and ways to get a message into denied areas like China and IranS
22 Remember this one? It sure got a lot of press coverage! “Cyber War” In Estonia, 2007Remember this one? It sure got a lot of press coverage!Here was the first case of a full-scale all-out cyberwar against a country, which was moderately successful. It took about three days but Estonia, who is incredibly technologically advanced, managed to move most of their critical websites to servers in the United States. After this war, which they blamed on Russia, they established a Center of Excellence for Cyber Defense, which played a strong role in the next case.
23 Another Recent “Cyberwar” Example: Georgia In August 2008 there was the first verified case of a Cyberwar accompanying a conventional war, Georgia vs. Russia.There was an organized effort to prep the battlespace, synchronize the attacks, provide useful tools and provide target lists to patriotic hackers.This five day war, both on the ground and in cyberspace, was not a huge war, but again, Russia was involved. Not officially, of course.
24 Google vs. ChinaRound 112 Jan Google announces detected a sophisticated cyber attack on its computers, aimed at accounts of Chinese human rights activists19 Feb Probable source of the attacks on Google:Shanghai Jiaotong University Lanxiang Vocational SchoolIn January of 2010, Google disclosed that certain Gmail accounts had been hacked, someone had physically penetrated their system and they put the blame squarely on the Chinese government by threatening to withdraw from China.Coincidentally, the Iranian Cyber Army began attacking Chinese Government web sites.The tools used by supposed Chinese hackers used an exploit named Aurora, which had been previously identified but never patched.After Google became public about their penetrations, 30 other corporations, including Adobe and Lockheed Martin confessed they were also hacked in China.
25 New Players Botnets for hire Hackers for hire Patriotic hackers Cyber jihadistsOther hacktivistsAKA ProxiesAs you have seen, there have been no country on country, or State on State, Cyberwars. Up here you see the guilty parties. Botnets, on hundreds of thousand compromised computers, can be rented for a modest price, ala Estonia. Skilled hackers are available for money. In the Georgia vs. Russia war, patriotic hackers did the lion’s share of the work. We are also seeing Cyber Jihadists and other hacktivists as well as the curious and others, drawn like a moth to fire.We have not seen any country publicly state that they have waged cyberwar. In conversations with senior DoD officials it has been stated that this will probably never happen. The US leads the world in publicly disclosing its ability to fight wars in Cyberspace, with the formation of the US Cyber Command and multiple Service Cyber Commands. Just last month South Korea stood up its own Cyber Command and Israel is actively seeking skilled attackers and defenders. Estimates range from five to 180 active state-sponsored cyber programs at the unclassified level. Chances are, however, none will ever officially admit to attacking anyone in cyberspace.
26 Attacks by Proxy Iranian Cyber Army Turkish Hacker Group These are a few of the representatives of patriotic hacker groups. At least one of these groups is widely cited for being behind the attacks on Estonia in I’d like to point out the screen shot on the top right, that is a screenshot taken after they hacked my website for InfowarCon.com.Russian Business Network(RBN)Shkupi Hacker GroupKosava Hacker GroupPro-Serbian Hacker Group
27 Kneber Botnet/ZeuS Feb 18th, 2010 Netwitness, of Herndon, VA 75,000+ Computers infected w/Zeus/Zbot Toolkit2,500 Corporations, 200 CountriesUses ZeuS Trojan – old exploit, Targets MS WindowsKneber was able to grab 68,000 login credentials over a 4-week periodAccording to Netwitness, the attacks were successful in stealing credentials from social networking websites - Facebook, Yahoo and hi5 were all hit, as well as other networks like MetroFlog and Sonico.Kneber is targeting login credentials for online social networks, accounts, and online financial services. The top sites with stolen login credentials, according to Netwitness' report are Facebook, Yahoo, hi5, metroflog, sonico and netlog.How Effective is it?Netwitness reports that Kneber was able to grab 68,000 login credentials over a 4-week period.
28 Flash/Thumb Drives Nov 2008 - Thumb Drives banned Feb Ban liftedAgent.btz virus - ‘phone home’…and don’t forget StuxnetAgent.btz spreads by copying itself from thumb drive to computer and back again. Once on a PC, “it automatically downloads code from another location. And that code could be pretty much anything,” iDefense computer security expert Ryan Olson said at the time. Read More
29 Corporate vs. Government Microsoft, Researchers Team Up And Tear Down Major Spamming BotnetFeb 2010Operation b49 vs. Waledac botnetIs this vigilantism?Is the Gov’t unwilling or unable?Is this tacit approval?
30 Botnets Bots use cell phones, too. A botnet on a mobile phone may look different from one on a PCRenting out a network of "owned" phones may be viable in the near future.Trend Micro reported that the Sexy View SMS malware on the Symbian mobile OS can contact a CnC server to retrieve new SMS spam templates.Regardless of the form bots might take, we probably won't be able to eradicate the threat; we can only learn to better manage bot infestations. But in the meantime, let's clean up as many PCs as we can.
31 Stuxnet USB install plus worm 4 zero-day exploits Payload upsets sensitive centrifuges?Future?Beyond proof of conceptPatches close vulnerability
32 Anonymous Anti-anti Wikileaks HBGary Federal Westboro Baptist Church Bank of America
33 What to do? Generalized Spectrum of Cyber Conflict Extradition and International CooperationUS National Policy ResponseUS Criminal Prosecution and US National Policy ResponseUS Criminal ProsecutionGeneralized Spectrum of Cyber ConflictCyber-Attack from Inside USCyber-Attack from Outside USLaw Enforcement ResponseLaw Enforcement Response with DODDOD with Law Enforcement ResponseCyber-crime Hacktivism Cyber-Espionage Cyber-Terrorism CyberwarHere we have the various stages building from Cybercrime all the way up to Cyberwar.Next we must acknowledge that some cyber attacks on the US come from within the country.This build shows who has the lead in that situation.This shows the most logical response. In the top right all the elements of national power may be used.My thanks to the US Air Command and Staff College Air University for this slide.US AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY33
34 Let’s talk about Cyberspace for a moment. Do we need a treaty to inspect their weapons like we do nukes?The answer, some believe, is yes. The Russians will not sign the treaty as long as we insist on virtual inspections of weapons.Recall, please, that the Russians, for the last ten years have publicly stated that they might use nuclear weapons to respond to a cyber attack.
35 General V. Sherstyuk, PhD 29 October 2009 speech at Moscow State UniversityWe should avoid new increase in race of cyber arms and limit usage of these technologies for hostile matters.Usage of cyber warfare for political matters and by state actors against other countries is the primary topic of the current agenda. Cyber crimes and cyber terrorism are already well discussed within various international forums. But currently information warfare used more and more in struggles between state actors on tactical and strategic levels.The ability of cyber warfare to make impact will significantly increase.The first progress on the field of cyber warfare regulation was made by Shanghai Cooperation Organization.According to international norms of humanitarian law, you can’t injure and kill disgracefully. We have to behave according to spirit of knights, including information warfare. You can not embed malicious technologies in hardware that you create.This picture was taken in 2009 when the Russians invited me to speak at their conference about Cyberwarfare.General Sherstyuk spoke at length about information security, as if the Russians only defend against others.I do, however, agree with what he says on this slide, and the negotiations are ongoing as we speak.
36 Follow on efforts US NATO India MoD Submission to Group of Governmental ExpertsInformation and Communication Technologies (ICT)State and Non-State ActorsIncl: criminals, terrorists, proxiesTarget citizens, commerce, critical infrastructure & governmentsCompromise, steal, change or destroy infoCalls for cooperative effortsNATOConsidering environmental lawIndia MoDConsidering modeling space treaties
37 My question to you Is a treaty in cyberspace possible or practical? Is it necessary?
38 Questions? Joel Harding (翻译此页 ) Director, IO Institute