Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Computer Security Fundamentals by Chuck Easttom Chapter 12 Cyber Terrorism and Information Warfare Chapter 12 Objectives Explain cyber terrorism Understand information warfare Understand plausible cyber terrorism scenarios Appreciate the dangers posed by cyber terrorism © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 2 Introduction Cyber Terrorism Simply, the use of computers to launch a terrorist attack. Like other forms of terrorism, only the milieu of the attack has changed. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 3 Introduction (cont.) Cyber Terrorism Significant economic damage Disruptions to communications Disruptions in supply lines General degradation of the national infrastructure All possible via the Internet © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 4 Introduction (cont.) Cyber Terrorism MyDoom virus may have been an example. Our nation can expect to be the target of serious cyber terrorism. How serious is this threat? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 5 Economic Attacks Cyber attacks cause economic damage: Lost files and records Destroyed data Stolen credit cards Money stolen from accounts Time the IT staff spends cleaning up © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 6 Economic Attacks (cont.) Any organization wanting to do harm could set up a group with Computer security experts Programming experts Networking experts © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 7 Economic Attacks (cont.) Team 1 sets up fake e-commerce sites for a few days: Harvest credit card numbers, bank account numbers, and so forth All numbers posted to the Web anonymously on a predetermined date © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 8 Economic Attacks (cont.) Team 2 creates a Trojan Showing business tips or slogans, popular download with business people Deletes key system files on a certain date © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 9 Economic Attacks (cont.) Team 3 creates a virus. A DDoS on key financial Web sites, all to take place on the same predetermined date. Teams 4 and 5 footprint major bank systems. Team 6 prepares to flood the Internet with false stock tips. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 10 Economic Attacks (cont.) The biological weapons expert community has been solicited by terrorists. How long will it be before terrorists seek out the security/hacking community? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 11 Military Operations Attacks Attempts to hack into the ultra-secure DoD, CIA, or NSA systems would be met with immediate arrest. A successful attack on less secure systems could also put our country at risk. Lower-level security systems that protect the logistics programs © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 12 Military Operations Attacks (cont.) One hack finds that C-141s are routed to a certain base. Another hack reveals food for 5,000 is delivered to that base. The final hack shows two brigades have had leaves canceled. Social engineering puts information together to reveal size and time of a deployment. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 13 Military Operations Attacks (cont.) Variations on a theme Hacker changes the date and destination of the food and weapons delivery. Brigades are now at risk. Without food and ammunition © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 14 Military Operations Attacks (cont.) Illustrates the need for high security on all military systems. There are clearly no “low-priority” security systems. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 15 General Attacks Unfocused attacks with no specific target Sheer volume of these attacks causes significant economic damage. IT personnel drop normal projects to combat general attacks. E-commerce is virtually unusable. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 16 Information Warfare Any attempt to manipulate information in pursuit of a military or political goal: Use computers to gather information. Use computers to disseminate propaganda. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 17 Information Warfare (cont.) Propaganda: Any group could use what appears to be an Internet news Web site. Many people believe and repeat what they see on the Internet. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 18 Information Warfare (cont.) Information Control Since World War ll, part of political and military conflicts Tokyo Rose Radio Free Europe Language manipulation Innocent civilians killed = collateral damage Starting a war = preemptive action © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 19 Information Warfare (cont.) Information Control The Internet is an inexpensive vehicle for swaying public opinion Web sites Postings to discussion groups and bulletin boards Public opinion quickly gains momentum Closely related to propaganda © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 20 Information Warfare (cont.) Disinformation Locate false information behind relatively secure systems, but not secure enough to keep out enemy. The work the enemy has to do to acquire the disinformation will convince them of its value. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 21 Actual Cases Many influential people do not believe in cyber warfare. These events appear to contradict them: The People’s Liberation Army [China] has formulated an official cyber warfare doctrine. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 22 Actual Cases (cont.) In Tehran [Iran], the armed forces and technical universities joined to create independent cyber R & D centers and train personnel in IT skills. Tehran seeks to buy IT technical assistance and training from Russia and India. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 23 Actual Cases (cont.) Russia’s armed forces have developed a robust cyber warfare doctrine. Moscow also has a track record of offensive hacking into Chechen Web sites. Available evidence is inadequate to predict whether Russia’s intelligence services or armed forces would attack U.S. networks. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 24 Future Trends Positive Trends Cyberterrorism Preparedness Act of 2002 $350,000,000 over 5 years for improving network security Cybersecurity Research and Education Act of 2002 $50,000,000 over 4years for training IT specialists in IT security © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 25 Future Trends (cont.) Negative Trends Rand report on cyber terrorism © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 26 Defense Against Cyber Terrorism Recommendations for preparing for and protecting against cyber terrorism include A Manhattan Project-level program Research and academic programs dedicated to security Computer crime treated more seriously © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 27 Defense Against Cyber Terrorism (cont.) Every police department must have access to computer crime specialists. Security professionals must have a forum to report and discuss emergencies. © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 28 Summary There are various forms of cyber terrorist attacks across all industries. Many experts believe it is a credible threat. How could your computer systems be used against you and your company? © 2012 Pearson, Inc. Chapter 12 Cyber Terrorism and Information Warfare 29