Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacktivists and Security

Similar presentations


Presentation on theme: "Hacktivists and Security"— Presentation transcript:

1 Hacktivists and Security
Jeffrey S Bardin International Conference on Cyber Conflict June 7-June , Tallinn Estonia

2 Agenda Hacktivism with ease Systems disruption Open source warfare
The Bazaar Open source warfare characteristics Low intensity conflicts – virtual small arms proliferation Cyber crowdsourcing Emergent intelligence What security should look like

3 Hacktivists like Anonymous and LulzSec know no boundaries.
Anonymous claims to follow the principle Freedom of Speech a s their guiding light but in fact, as their public leadership Barrett Brown demonstrates, they actually use the ideas around Freedom of speech as a rallying cry to censor others. LulzSec has become the militant arm of Anonymous. An organization that has no morals and follows no principles. In the world of online gaming, they have achieved God status and currently are running on an ego high. Their recent attacks on Sony, PBS, Infragard Atlanta associated with the FBI and Unveillance demonstrate no rhyme or reason to their focus, only one of false bravado and juvenile pranks. Regardless, they are a skill bunch who tip the scales of justice and have done so within their very organization where tension currently exists. If you will not fight for right when you can easily win without bloodshed; if you will not fight when your victory is sure and not too costly; you may come to the moment when you will have to fight with all the odds against you and only a precarious chance of survival. There may even be a worse case. You may have to fight when there is no hope of victory, because it is better to perish than to live as slaves. – Sir Winston Churchill

4 Decentralization of cyber warfare tools
Hacktivism with ease Decentralization of cyber warfare tools Unlimited shelf space Low barriers to entry The inherent decentralization of cyberwarfare tools means that the costs of conducting cyber warfare is rapidly declining – A simple attack that costs next to nothing can create damage this costs hundreds of millions in Euros Unlimited shelf life means that it is easy for anyone to network with others and their own particular obsession – They can raise both a small Army or find a dozen similarly minded people. The use of the Low Orbit Ion Cannon with increased payload and used as a bot and distributed denial of service tool in peer to peer CPU sharing mode is such an example. Potential cyber warriors do not need to agree with the leadership, they don’t need to get support from them or even know them. An IRC persona is all that it takes.

5 Systems Disruption Fight nation-states and corporations without the use of WMD Systempunkt (variation on German term from blitzkrieg warfare) Systems disruption is the use of cyber sabotage on critical systems to inflict economic pain. While systempunkt is Point in a system or an online market/marketplace that will collapse the target if it is destroyed or disrupted For 9/11 the cost to execute was $500k While the damage , both direct and indirect was$80B Assault on infrastructure systempunkt every few days replicate s9/11 costs once a month. Lulzsec and the attack on Sony alone is over $200M in losses for Sony and climbing.

6 Open Source Warfare Hacktivists
Stigmergy is a term used in biology to describe environmental mechanisms for coordinating the work of independent actors Their differences are based upon some principles but even those are temporary We are fighting a common enemy – is their rallying cry and that is anything and everything that is establishment. Stigmergy is a term used in biology to describe environmental mechanisms for coordinating the work of independent actors ants use pheromones to create trails and people use weblog links to establish information paths, for others to follow Stigmergy is used as a mechanism to understand underlying patterns in swarming activity much like the swarming attacks by diverse bands of hacktivists as exhibited by Anonymous

7 The Realm of Cyber Warfare
This is the pyramid of cyber warfare or the realm of cyber warfare. It is self explanatory for the most part of view from the bottom up. I’ll give you a few moments to review this and discuss it with Paul and the rest of the team. Hit enter when you are ready to proceed.

8 Open Source Warfare Engage, co-opt, and protect cybercriminals and members of the community around the globe Helps deter attacks from within the community and encourage an external focus Seed the movement Get out of the way Don't interfere Hacktivism with a cause takes over  DDoS that is human driven “The Bazaar” Seed the movement--Once the decision to launch a cyberattacks is made, start it off right. Purchase or steal botnets covertly from criminal networks to launch attacks, feed 'patriotic' blogs to incite attacks and list targets, etc. Recently they tried to take over the highly enhanced DNS sinkhold capabilities of Unveillance. If they had: further mining organizational networks for sensitive information monetizing this information for personal / professional gain using this new found wealth to build greater virtual and physical capabilities potentially redirect botnet activities as a distributed denial of service enhancing the existing code and protocols with new navigational functions, advanced payloads and more stealthy and powerful delivery mechanisms deceive organizations or nation-states into thinking another is attacking their critical infrastructures The Open Source Warfare concept takes the developmental model for free/libre open source software (FLOSS) and applies it to how guerilla movements learn and expand. The decentralized, and seemingly chaotic guerrilla war in Iraq demonstrates a pattern that will likely serve as a model for next generation cyber terrorists and nation-states. This pattern shows a level of learning, activity, and success similar to what we see in the open source software community. This patter is called the bazaar. The bazaar solves the problem: how do small, potentially antagonistic networks combine to conduct war? Here are the factors that apply (from the perspective of the guerrillas): Release early and often. Try new forms of attacks against different types of targets early and often. Don’t wait for a perfect plan. Given a large enough pool of co-developers, any difficult problem will be seen as obvious by someone, and solved. Eventually some participant of the bazaar will find a way to disrupt a particularly difficult target. All you need to do is copy the process they used. Your co-developers (beta-testers) are your most valuable resource. The other guerrilla networks in the bazaar are your most valuable allies. They will innovate on your plans, swarm on weaknesses you identify, and protect you by creating system noise. Recognize good ideas from your co-developers. Simple attacks that have immediate and far-reaching impact should be adopted. Perfection is achieved when there is nothing left to take away (simplicity). The easier the attack is, the more easily it will be adopted. Complexity prevents swarming that both amplifies and protects. Tools are often used in unexpected ways. An attack method can often find reuse in unexpected ways.

9 The Bazaar Expanded Linux is subversive - Who would have thought even 5 years ago [1991] that a world-class operating system could coalesce as if by magic out of part-time hacking by several thousand developers scattered all over the planet, connected only by the tenuous strands of the Internet?” He likened the rise of Linux to the public marketplace of the bazaar. (The Cathedral and the Bazaar – 1997 – Eric S. Raymond) Cyber warfare can and has taken on these same characteristics and is part of doctrine in asymmetric warfare. Mimicking open-source developers, insurgent groups ”hack at the source code of warfare,” By that, he means they aren't bound by the traditional rules of military engagement; they use whatever works, with their tactics, techniques, and procedures all open to scrutiny and improvement by the community. Although such groups are weak by conventional military ­benchmarks--they'd clearly be outgunned and outmanned on an open battlefield--they can still threaten strong national militaries. That's because they don't aim to invade, hold, or govern territory, but rather to exert political influence by exhausting an adversary's capacity to fight back. Their preferred method of attack is to disrupt infrastructure, whether physical, financial, or political.”System disruption is going to be the main thrust of warfare for quite a long time,” and hacktivists and others will rely on these methods to help keep their enemies at bay.

10 Open Source Warfare Characteristics
Many body Fluidity Redundancy Redistribute Snowball Tall poppy Independent coordination Emergent structure Evolution High dimensional Non-linear Independent clones Sony PBS FBI Many body: There are many more autonomous cyber insurgent groups operating within conflicts than we had previously thought. From a hacktivist perspective,  nothing brings people out for action like good old fashion, idealistic issues. Fluidity: The cyber insurgents are loosely grouped together to form fluid networks with short half-lives. They go home at night to be with their families and chill. Redundancy: If we remove the strongest cyber group from the system another group will rise to replace the previous strongest cyber group  Splinter: When a cyber group is broken it does not generally split in half but instead shatters into multiple pieces, and with it goes the virtual small arms Redistribute: When a group is broken the components are redistributed amongst the other cyber groups in the system. The redistribution is biased towards the most successful remaining cyber groups.  Snowball: The strongest cyber groups grow fastest  Tall poppy: The strongest cyber groups are the predominant targets for opposition forces Internal competition: There is direct competition amongst cyber insurgent/hacktivist groups for both resources and media exposure. They are competing with each other in addition to fighting the stronger cyber counterinsurgent forces.  Independent co-ordination: Autonomous cyber groups act in a coordinated fashion as a result of the competition that exists between them.  Anonymity is required. Emergent structure: Cyber attacks become 'less random' and more coordinated over time  Evolution: The strategies employed by the cyber groups evolve over time where successful groups/strategies survive and unsuccessful strategies/groups are replaced.  High dimensional: Connection occurs over high dimensions (i.e. Internet, cell phone etc) and is not dominated by geographic connections.  Old fashion technologies such as internet relay chat serve as new member recruiting stations. Non-linear: It is approximately 316* times harder to kill 100 people in an attack than it is to kill 10 people. (*Results for a conflict with alpha=2.5).  Focus your crowdsourced cyber attacks on specific targets. Independent clones: the fundamental structure and dynamics of cyber insurgent groups is largely independent of religious, political, ideological or geographic differences.

11 Low Intensity Conflicts Virtual Small Arms Proliferation
Low Orbit Ion Cannon Hive Mind Stuxnet vSALT • Let’s not overlook the “shifting wind” or “boomerang” problem: computer malware, like traditional chemical or biological warfare agents, can potentially “get away from you,” drifting off course or “boomeranging back,” accidentally hitting one’s own forces or allies or hitting uninvolved third parties, rather than the enemy. • However, if malware can learn to reliably distinguish “friends” from “foes,” unintended potential side effects may be able to be contained, and inhibitions (which might otherwise deter potential use) may be lowered or eliminated. • For example, hypothetically imagine: -- a localization-aware worm that wouldn’t attack systems if those systems are using a particular language or character set -- infrastructure-targeting malware which only attacks hardware from vendor C (commonly used in a targeted country) while hypothetically ignoring hardware from vendor H (commonly used primarily by the attacking country and its allies) – STUXNET The current activities of Anonymous demonstrate the same type of small arms proliferation albeit in a virtual plane. Driven largely by ideological activities, Anonymous distributes a revamped version of the Low Orbit Ion Cannon (LOIC) tool used in mass Distributed Denial of Service (DDoS) attacks. LOIC was the primary weapon used by Anonymous in its ongoing "Operation Payback" DDoS campaign against film and recording industry associations, as well as other organizations involved in anti-piracy efforts. The application was originally created by a user named Praetox and was used in several mass attacks over the years, including Anonymous' campaigns against the Church of Scientology or the Australian government or the Iranian election protests last year. In January 2009 the code of the Windows program was released on SourceForge as an open source project and a cross-platform Java version was later created. This release allows for the proliferation of code that can be enhanced, improved, and utilized in low intensity conflicts with the potential for significant media coverage. Last year another developer branched off the code and added a new feature called "Hive Mind" to the tool. This feature allows users to relinquish control over the application after installation and makes it act as a botnet client, which can be controlled from an IRC channel. This method of virtual small arms proliferation allows like-minded individuals to participate in DDoS activities based upon their ideology while giving up control to centralized resources. Will we someday get to vSALT – virtual strategic arms limitations treaties?

12 Cyber Crowdsourcing Modern military forces do not have the ability to control public clamor Cannot deal with an opponent who does things in an unconventional manner Cyber warfare operates in the same manner at this stage of the evolutionary process With cyber crowdsourcing come opportunities for infiltration and cyber counterintelligence. For example, attributes of their communication platforms are: Transparency: Their platforms like internet relay chat or video chats are both static and dynamic but they must be viewable by external parties Two way: all the participants connected by the platform have the ability to interact (log, record, extract content) Openness: The platform is open to all comers in that any and all parties that want to provide innovations should be able to access the system to do so.

13 Combine Virtual Weapons with Emergent Intelligence (EI)
Group intelligence without a central command function Emergence Intelligence (EI) What makes EI work? A critical mass of participation is required to move from microaction to macroaction EI ensures that Local actions have a global impact Random interactions within the network is necessary for learning – impacts macroaction and drives the payload Pattern matching (read the writing on the wall for stigmergy) anticipation and Openness to interaction - be promiscuous and take chances which helps drive group intelligence

14 What should security look like?
Knee jerk solution – centralize security with the government This hurts us more than helps us Giving credence and a cause to hacktivists Knee jerk solution – centralize security with the government Bring us to a ‘see, detect and arrest’ mentality – police Government develops deeper sources – increasingly intrusive This hurts us more than helps us It does not generate the desired information It reduces domestic and international moral cohesion It often runs afoul of public opinion

15 Decentralize your infosec
Provides a diversity of methods Allows for individual initiative Delivers overlapping responsibilities Reducing single points of failure Offensively and defensively We tend to circle the wagons and go back to the castle and moat mentality when threatened and feeling vulnerable. This is a detriment to asymmetrical cyber warfare. It is at this time that we need to decentralize and leverage our own crowdsoucing capabilities generating innovative and organic cyber security defenses that include offensive cyber operations based upon cyber intelligence and counterintelligence. Our cyber security strategy must be one of resilience. It is my belief that we need to leverage the minds of the young for cyberwar fighting. One thought is to analyze cyber warfare actions in online gaming – what do they do in any given situation and how can we apply that to real cyber warfare strategies?

16 Summary Hacktivism with ease Systems disruption Open source warfare
The Bazaar Open source warfare characteristics Low intensity conflicts – virtual small arms proliferation Cyber crowdsourcing Emergent intelligence What security should look like I thank you all for sitting through this presentation. I again apologize for not being here and by the time the day ends, should be at the conference. To review, this is what we covered. I open it up to questions with the CSFI team and hope to meet you all soon.

17 Questions jbardin@treadstone71.com
Attribution: John Robb, Technolytics, Treadstone 71


Download ppt "Hacktivists and Security"

Similar presentations


Ads by Google