Cybersecurity Jakub Drmola Part 1 – overview and state activities Cybersecurity is hard Characteristics to note when attack occurs •actors involved •who did it? who is the target? states/companies/teenagers in basement? •methods used •how did they do it? what type of attack? what was really lost or damaged? •motivation •why did they do it? what was their goal? what did they really accomplish? • • •which are easy/hard to know and why? Actor types individual state ideology profit hacktivism militias cyberterrorism identity theft financial crime espionage sabotage Examples individual state ideology profit Anonymous SEA ??? Russian Bussiness Network, vDOS PLA 61398 Equation Group Attacks individual state ideology profit #OP Payback Estonia 2007 ??? DDoS for hire scams ransomware Flame Stuxnet C-I-A triad of what is actually being attacked -Confidentiality -Integrity -Availability - -examples? Key distinctions -attack for profit or politics? -executed/planned as covert or overt? -what is target losing/what is the attacker gaining? - - Main problems -attribution of attacks -and therefore deterrence -non-territoriality -and therefore law enforcement -asymmetry -of actors -of defence/offense - - Related image Image result for security wrench comic http://www.smbc-comics.com/comics/20120220.gif Image result for phishing PIN Freq #1 1234 10.713% #2 1111 6.016% #3 0000 1.881% #4 1212 1.197% #5 7777 0.745% #6 1004 0.616% #7 2000 0.613% #8 4444 0.526% #9 2222 0.516% #10 6969 0.512% #11 9999 0.451% #12 3333 0.419% #13 5555 0.395% #14 6666 0.391% #15 1122 0.366% #16 1313 0.304% #17 8888 0.303% #18 4321 0.293% #19 2001 0.290% #20 1010 0.285% Cybersecurity State activities Espionage -attack on confidentiality -Flame, Red October - -Purpose: -Economic espionage -Strategic espionage -Tactical espionage - -https://apt.securelist.com/#secondPage - Domestic surveillance -also attack on confidentiality (but targeted inward) -Prism - -law enforcement, population control - -efforts to limit cryptography - CryptoWar - Censorship -attack on availability -Great Firewall of China -content control (porn? drugs? IP piracy? dissent?) -quite common, often via blacklists http://i.huffpost.com/gen/242407/EGYPT-INTERNET-BLACKOUT.jpg Sabotage -attack against data integrity -destruction of something, usually data -Stuxnet, Shamoon - -still quite rare -“kinetic barrier” Image result for stuxnet Operational support -various forms, not a single specific type -used to enhance or enable military operations - -Orchard 2007 (integrity) -air defence system sabotage -Georgia 2008 (availability) -DDoS on communication channels -ISIS (confidentiality) -intel collection for targeting - http://www.bibliotecapleyades.net/imagenes_sociopol/middleeast12_04.jpg https://upload.wikimedia.org/wikipedia/commons/a/a9/Destroyed_Reactor.jpg Other activities -Information warfare and propaganda -not necessarily cyberattack in narrow sense, but often uses their products or tools -influencing populations, their opinions and actions to advance ones goal -e.g. Russian election meddling -Show of force and will -harming another state through cyberattacks to send a message -Estonia 2007, Ukraine right now (most often DDoS) http://images.kurir.rs/slika-724x489/sms-erdogan-foto-tviter-belzifer-i-rojters-1468667889-951273.j pg https://support.cloudflare.com/hc/en-us/article_attachments/201814387/error522.png confidentiality integrity availability internal surveillance - censorship external espionage sabotage suppression