Cybersecurity Jakub Drmola Part 1 – overview and state activities Cybersecurity is hard Characteristics to note when attack occurs •actors involved •who did it? who is the target? states/companies/teenagers in basement? •methods used •how did they do it? what type of attack? what was really lost or damaged? •motivation •why did they do it? what was their goal? what did they really accomplish? • • •which are easy/hard to know and why? Actor types individual state ideology profit hacktivism militias cyberterrorism identity theft financial crime espionage sabotage Examples individual state ideology profit Anonymous SEA ??? Russian Bussiness Network, vDOS PLA 61398 Equation Group Attacks individual state ideology profit #OP Payback Estonia 2007 ??? DDoS for hire scams ransomware Flame Stuxnet C-I-A triad of what is actually being attacked -Confidentiality -Integrity -Availability - -examples? Key distinctions -attack for profit or politics? -executed/planned as covert or overt? -what is target losing/what is the attacker gaining? - - Main problems -attribution of attacks -and therefore deterrence -non-territoriality -and therefore law enforcement -asymmetry -of actors -of defence/offense - - Related image Image result for security wrench comic http://www.smbc-comics.com/comics/20120220.gif Image result for phishing PIN Freq #1 1234 10.713% #2 1111 6.016% #3 0000 1.881% #4 1212 1.197% #5 7777 0.745% #6 1004 0.616% #7 2000 0.613% #8 4444 0.526% #9 2222 0.516% #10 6969 0.512% #11 9999 0.451% #12 3333 0.419% #13 5555 0.395% #14 6666 0.391% #15 1122 0.366% #16 1313 0.304% #17 8888 0.303% #18 4321 0.293% #19 2001 0.290% #20 1010 0.285% http://misbiometrics.wikidot.com/local--files/start/Biometrics_traits_classification%5b1%5d.png 937*643=602491 521*911=474631 Cybersecurity State activities and APTs Espionage -attack on confidentiality -Flame, Red October - -Purpose: -Economic espionage -Strategic espionage -Tactical espionage - -https://apt.securelist.com/#secondPage - Domestic surveillance -also attack on confidentiality (but targeted inward) -Prism - -law enforcement, population control - -efforts to limit cryptography - CryptoWar - Censorship -attack on availability -Great Firewall of China -content control (porn? drugs? IP piracy? dissent?) -quite common, often via blacklists Sabotage -attack against data integrity -destruction of something, usually data -Stuxnet, Shamoon - -still quite rare -“kinetic barrier” The Stuxnet Attack On Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought | Business Insider India https://support.cloudflare.com/hc/en-us/article_attachments/201814387/error522.png confidentiality integrity availability internal surveillance - censorship external espionage sabotage suppression Cyber War – HarperCollins Cyber War Will Not Take Place Cyberwar? -Controversial concept A watered-down concept? A question of real impacts and severity "The use of computers and the Internet to wage war in cyberspace. A set of large-scale, often politically or strategically motivated, related and mutually provoked organised cyberattacks and counterattacks.” (Jirásek, Novák and Požár 2013) What is War? e.g: At least 2 armed forces (at least one regular) Organization in battle, organization of defense, strategically planned attacks A certain level of continuity of armed operations War from 1,000 casualties/calendar year should cyberwar be a subset of this? Violence? -Clausewitz's concept of war? Is instrumental violence with a political aim present? "A war in which no one risked his life would be a tournament, a game..." (Huyghe 2011) Cyber attacks as a manifestation of secondary violence (RID 2013) The attribution problem -Cyberattacks are currently problematic to attribute to actors Attribution to State actors Rid: "History knows no unattributed wars" Gartzke: “Politically motivated conflict will be attributed” Continuity -War is not an isolated phenomenon! The requirement for a long-term organized strategy - Is long-term cyber warfare possible? -Is it possible to win a war through cyber means? Cyber weapons? -Not bullets and shrapnel, but ones and zeros Weapons of Mass Disruption (In)ability to cause permanent damage, to subjugate, to conquer? Limited capabilities by target type Gartzke's "perishable nature of CW" Forms of cyber operations (E. Gartzke) as a Substitute - takes place instead of a conventional one as a Complement - in support and in conjunction of a conventional one as an Independent tool - to achieve completely separate results Types of cyberattack (by T. Rid) - Sabotage - Espionage - Subversion is any of that war? Cyberwar? -So what is cyber warfare? Is it possible to win a war through cyber means? Are espionage and sabotage acts of war?